From 0c20fbd33b07b52759bbf1fd21b8fc8c32c0f4d2 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Wed, 29 Jan 2025 15:12:15 +0100
Subject: [PATCH] Resolves: RHEL-62725 - Rebase SSSD for RHEL 10.0

---
 .gitignore                                    |  1 +
 ...wer-missing-passkey-data-debug-level.patch | 26 ---------
 ...-level-if-sss_krb5_touch_config-fail.patch | 34 ------------
 ...EC-conf-files-are-owned-by-root-sssd.patch | 45 ---------------
 ...SERVICE-use-no-dereference-for-chown.patch | 55 -------------------
 sources                                       |  2 +-
 sssd.spec                                     | 18 +++---
 7 files changed, 11 insertions(+), 170 deletions(-)
 delete mode 100644 0001-DEBUG-lower-missing-passkey-data-debug-level.patch
 delete mode 100644 0002-UTILS-reduce-log-level-if-sss_krb5_touch_config-fail.patch
 delete mode 100644 0003-SPEC-conf-files-are-owned-by-root-sssd.patch
 delete mode 100644 0004-SYSTEMD-SERVICE-use-no-dereference-for-chown.patch

diff --git a/.gitignore b/.gitignore
index 41eb90d..c4cb4d7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -115,3 +115,4 @@ sssd-1.2.91.tar.gz
 /sssd-2.10.0-beta2.tar.gz
 /sssd-2.10.0.tar.gz
 /sssd-2.10.1.tar.gz
+/sssd-2.10.2.tar.gz
diff --git a/0001-DEBUG-lower-missing-passkey-data-debug-level.patch b/0001-DEBUG-lower-missing-passkey-data-debug-level.patch
deleted file mode 100644
index 206d46f..0000000
--- a/0001-DEBUG-lower-missing-passkey-data-debug-level.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From bd7f41895493899126579449c13a4ddf8bc34166 Mon Sep 17 00:00:00 2001
-From: Justin Stephenson <jstephen@redhat.com>
-Date: Tue, 10 Dec 2024 14:46:19 -0500
-Subject: [PATCH] DEBUG: lower missing passkey data debug level
-
-(cherry picked from commit bf99c163c1b76e8713454e74333858ead52a1823)
----
- src/responder/pam/pamsrv_passkey.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c
-index 4a6bf0d03..83f36793f 100644
---- a/src/responder/pam/pamsrv_passkey.c
-+++ b/src/responder/pam/pamsrv_passkey.c
-@@ -665,7 +665,7 @@ void pam_passkey_get_user_done(struct tevent_req *req)
-     DEBUG(SSSDBG_TRACE_ALL, "Processing passkey data\n");
-     ret = process_passkey_data(pk_data, result->msgs[0], domain_name, pk_data);
-     if (ret != EOK) {
--        DEBUG(SSSDBG_OP_FAILURE,
-+        DEBUG(SSSDBG_TRACE_FUNC,
-               "process_passkey_data failed: [%d]: %s\n",
-               ret, sss_strerror(ret));
-         goto done;
--- 
-2.47.0
-
diff --git a/0002-UTILS-reduce-log-level-if-sss_krb5_touch_config-fail.patch b/0002-UTILS-reduce-log-level-if-sss_krb5_touch_config-fail.patch
deleted file mode 100644
index 1ced059..0000000
--- a/0002-UTILS-reduce-log-level-if-sss_krb5_touch_config-fail.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 00aadc78e8c003790b7b07baf074beacd19e1df5 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Wed, 11 Dec 2024 16:10:23 +0100
-Subject: [PATCH] UTILS: reduce log level if `sss_krb5_touch_config()` fails
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This is a fix of fc5c1a1af5d868a34a687550af1e31a17576ad25 -
-when `times` argument is 'NULL' return code in case of failing
-DAC checks is 'EACCESS', not 'EPERM'
-
-Reviewed-by: Alejandro López <allopez@redhat.com>
-(cherry picked from commit 5094a3d9900fa09642b7370b9f6dffeb4db95962)
----
- src/util/domain_info_utils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
-index caf563f86..79400e901 100644
---- a/src/util/domain_info_utils.c
-+++ b/src/util/domain_info_utils.c
-@@ -283,7 +283,7 @@ sss_krb5_touch_config(void)
-     ret = utime(config, NULL);
-     if (ret == -1) {
-         ret = errno;
--        DEBUG(ret == EPERM ? SSSDBG_MINOR_FAILURE : SSSDBG_CRIT_FAILURE,
-+        DEBUG(ret == EACCES ? SSSDBG_MINOR_FAILURE : SSSDBG_CRIT_FAILURE,
-               "Unable to change mtime of \"%s\" [%d]: %s\n",
-               config, ret, strerror(ret));
-     }
--- 
-2.47.0
-
diff --git a/0003-SPEC-conf-files-are-owned-by-root-sssd.patch b/0003-SPEC-conf-files-are-owned-by-root-sssd.patch
deleted file mode 100644
index 5f748d2..0000000
--- a/0003-SPEC-conf-files-are-owned-by-root-sssd.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From be612e6a46b6bb53e93556b33043b3263bd3c04c Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 17 Dec 2024 13:34:28 +0100
-Subject: [PATCH] SPEC: conf files are owned by 'root:sssd'
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-518db322fdd5a4de41813fbe5bc35fc20392ce67 updated service files
-but missed spec-file.
-This results in
-```
-$ rpm --verify sssd-common-0:2.10.1-1.el10.x86_64
-.....U...    /etc/sssd
-.....U...    /etc/sssd/conf.d
-.....U...    /etc/sssd/pki
-```
-
-Reviewed-by: Jakub Vávra <jvavra@redhat.com>
-Reviewed-by: Sumit Bose <sbose@redhat.com>
-(cherry picked from commit af65c00b9ca518a7769c05a41d5fc8208a2d133c)
----
- contrib/sssd.spec.in | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
-index b42dc743d..89b41adef 100644
---- a/contrib/sssd.spec.in
-+++ b/contrib/sssd.spec.in
-@@ -854,9 +854,9 @@ install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
- %attr(775,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}
- %attr(770,%{sssd_user},%{sssd_user}) %dir %{gpocachepath}
- %attr(770,%{sssd_user},%{sssd_user}) %dir %{_var}/log/%{name}
--%attr(750,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd
--%attr(750,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
--%attr(750,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/pki
-+%attr(750,root,%{sssd_user}) %dir %{_sysconfdir}/sssd
-+%attr(750,root,%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
-+%attr(750,root,%{sssd_user}) %dir %{_sysconfdir}/sssd/pki
- %ghost %attr(0600,%{sssd_user},%{sssd_user}) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
- %dir %{_sysconfdir}/logrotate.d
- %config(noreplace) %{_sysconfdir}/logrotate.d/sssd
--- 
-2.47.0
-
diff --git a/0004-SYSTEMD-SERVICE-use-no-dereference-for-chown.patch b/0004-SYSTEMD-SERVICE-use-no-dereference-for-chown.patch
deleted file mode 100644
index a7a3b1b..0000000
--- a/0004-SYSTEMD-SERVICE-use-no-dereference-for-chown.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 97629f36becb8acf7ed9de82f4d2649aa45098f9 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Fri, 6 Dec 2024 20:03:16 +0100
-Subject: [PATCH] SYSTEMD SERVICE: use "--no-dereference" for 'chown'
-
-to avoid following accidential symbolic links in those dirs.
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
-(cherry picked from commit a20fa0ffd6cb61bc164f52403f396cce6de8b2ea)
----
- src/sysv/systemd/sssd-kcm.service.in | 6 +++---
- src/sysv/systemd/sssd.service.in     | 8 ++++----
- 2 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in
-index 3e48945aa..088611254 100644
---- a/src/sysv/systemd/sssd-kcm.service.in
-+++ b/src/sysv/systemd/sssd-kcm.service.in
-@@ -9,10 +9,10 @@ Also=sssd-kcm.socket
- 
- [Service]
- Environment=DEBUG_LOGGER=--logger=files
--ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
-+ExecStartPre=+-/bin/chown -f -R -h root:@SSSD_USER@ @sssdconfdir@
- ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
--ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb"
--ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log
-+ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb"
-+ExecStartPre=+-/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log
- ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER}
- CapabilityBoundingSet= CAP_DAC_READ_SEARCH CAP_SETGID CAP_SETUID
- SecureBits=noroot noroot-locked
-diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
-index 4f3cd24ff..441e35f6f 100644
---- a/src/sysv/systemd/sssd.service.in
-+++ b/src/sysv/systemd/sssd.service.in
-@@ -10,11 +10,11 @@ StartLimitBurst=5
- [Service]
- Environment=DEBUG_LOGGER=--logger=files
- EnvironmentFile=-@environment_file@
--ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
-+ExecStartPre=+-/bin/chown -f -R -h root:@SSSD_USER@ @sssdconfdir@
- ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
--ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @dbpath@/*.ldb"
--ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @gpocachepath@
--ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @logpath@/*.log"
-+ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @dbpath@/*.ldb"
-+ExecStartPre=+-/bin/chown -f -R -h @SSSD_USER@:@SSSD_USER@ @gpocachepath@
-+ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/*.log"
- ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER}
- Type=notify
- NotifyAccess=main
--- 
-2.47.0
-
diff --git a/sources b/sources
index 5af48d6..5dd7b85 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (sssd-2.10.1.tar.gz) = 001ff9cd60aa510ead11e418a1b96714136cc270b29551027cb12c340744890b358da5900a10863d4df649ad073f14f6f26c28e3f973b1cd5c2ab61f2a2a045b
+SHA512 (sssd-2.10.2.tar.gz) = 14ad222802e5426b0959ee32602e04ce24b3eb8d3bdd5e188cf29e3c7d32e0631b41c386fdbd129acf281317538460015d35410a688ea48dd546f9ae28522eac
diff --git a/sssd.spec b/sssd.spec
index f4b2818..48f0b1f 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -56,19 +56,16 @@
 %global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
 
 Name: sssd
-Version: 2.10.1
-Release: 3%{?dist}
+Version: 2.10.2
+Release: 1%{?dist}
 Summary: System Security Services Daemon
 License: GPL-3.0-or-later
 URL: https://github.com/SSSD/sssd/
-Source0: https://github.com/SSSD/sssd/releases/download/2.10.1/sssd-2.10.1.tar.gz
+Source0: https://github.com/SSSD/sssd/releases/download/2.10.2/sssd-2.10.2.tar.gz
 Source1: sssd.sysusers
 
 ### Patches ###
-Patch0001: 0001-DEBUG-lower-missing-passkey-data-debug-level.patch
-Patch0002: 0002-UTILS-reduce-log-level-if-sss_krb5_touch_config-fail.patch
-Patch0003: 0003-SPEC-conf-files-are-owned-by-root-sssd.patch
-Patch0004: 0004-SYSTEMD-SERVICE-use-no-dereference-for-chown.patch
+# Patch0001:
 
 ### Dependencies ###
 
@@ -533,7 +530,7 @@ enable authentication with passkey token.
 %endif
 
 %prep
-%autosetup -n sssd-2.10.1 -p1
+%autosetup -n sssd-2.10.2 -p1
 
 %build
 
@@ -795,7 +792,7 @@ install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
 %attr(750,root,%{sssd_user}) %dir %{_sysconfdir}/sssd
 %attr(750,root,%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
 %attr(750,root,%{sssd_user}) %dir %{_sysconfdir}/sssd/pki
-%ghost %attr(0600,%{sssd_user},%{sssd_user}) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
+%ghost %attr(0640,root,%{sssd_user}) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
 %dir %{_sysconfdir}/logrotate.d
 %config(noreplace) %{_sysconfdir}/logrotate.d/sssd
 %dir %{_sysconfdir}/rwtab.d
@@ -1119,6 +1116,9 @@ fi
 %systemd_postun_with_restart sssd.service
 
 %changelog
+* Wed Jan 29 2025 Alexey Tikhonov <atikhono@redhat.com> - 2.10.2-1
+- Resolves: RHEL-62725 - Rebase SSSD for RHEL 10.0
+
 * Wed Dec 18 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.10.1-3
 - Resolves: RHEL-62725 - Rebase SSSD for RHEL 10.0