Auto sync2gitlab import of sssd-2.8.2-2.el8.src.rpm
This commit is contained in:
parent
c14f47932c
commit
32c5607162
@ -0,0 +1,58 @@
|
|||||||
|
From f3333b9dbeda33a9344b458accaa4ff372adb660 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Date: Fri, 3 Feb 2023 11:35:42 +0100
|
||||||
|
Subject: [PATCH 2/4] SSS_CLIENT: fix error codes returned by common
|
||||||
|
read/write/check helpers.
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
It's kind of expected that in case `(POLLERR | POLLHUP | POLLNVAL)`
|
||||||
|
error condition is detected, regular `POLLIN/POLLOUT` won't be set.
|
||||||
|
Error code set by error condition should have a priority. This enables
|
||||||
|
users of this helper to retry attempt (as designed).
|
||||||
|
|
||||||
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
(cherry picked from commit 0b8638d8de435384562f17d041655887b73523cd)
|
||||||
|
---
|
||||||
|
src/sss_client/common.c | 9 +++------
|
||||||
|
1 file changed, 3 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
|
||||||
|
index 2c888faa9..27e09f6f3 100644
|
||||||
|
--- a/src/sss_client/common.c
|
||||||
|
+++ b/src/sss_client/common.c
|
||||||
|
@@ -161,8 +161,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd,
|
||||||
|
case 1:
|
||||||
|
if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
|
||||||
|
*errnop = EPIPE;
|
||||||
|
- }
|
||||||
|
- if (!(pfd.revents & POLLOUT)) {
|
||||||
|
+ } else if (!(pfd.revents & POLLOUT)) {
|
||||||
|
*errnop = EBUSY;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
@@ -273,8 +272,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd,
|
||||||
|
}
|
||||||
|
if (pfd.revents & (POLLERR | POLLNVAL)) {
|
||||||
|
*errnop = EPIPE;
|
||||||
|
- }
|
||||||
|
- if (!(pfd.revents & POLLIN)) {
|
||||||
|
+ } else if (!(pfd.revents & POLLIN)) {
|
||||||
|
*errnop = EBUSY;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
@@ -725,8 +723,7 @@ static enum sss_status sss_cli_check_socket(int *errnop,
|
||||||
|
case 1:
|
||||||
|
if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
|
||||||
|
*errnop = EPIPE;
|
||||||
|
- }
|
||||||
|
- if (!(pfd.revents & (POLLIN | POLLOUT))) {
|
||||||
|
+ } else if (!(pfd.revents & (POLLIN | POLLOUT))) {
|
||||||
|
*errnop = EBUSY;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -0,0 +1,63 @@
|
|||||||
|
From a40b25a3af29706c058ce5a02dd0ba294dbb6874 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Date: Wed, 8 Feb 2023 17:48:52 +0100
|
||||||
|
Subject: [PATCH 3/4] SSS_CLIENT: if poll() returns POLLNVAL then socket is
|
||||||
|
alredy closed (or wasn't open) so it shouldn't be closed again. Otherwise
|
||||||
|
there is a risk to close "foreign" socket opened in another thread.
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
(cherry picked from commit ef93284b5a1f196425d9a61e8e24de8972240eb3)
|
||||||
|
---
|
||||||
|
src/sss_client/common.c | 18 +++++++++++++++---
|
||||||
|
1 file changed, 15 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
|
||||||
|
index 27e09f6f3..c8ade645b 100644
|
||||||
|
--- a/src/sss_client/common.c
|
||||||
|
+++ b/src/sss_client/common.c
|
||||||
|
@@ -159,7 +159,11 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd,
|
||||||
|
*errnop = ETIME;
|
||||||
|
break;
|
||||||
|
case 1:
|
||||||
|
- if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
|
||||||
|
+ if (pfd.revents & (POLLERR | POLLHUP)) {
|
||||||
|
+ *errnop = EPIPE;
|
||||||
|
+ } else if (pfd.revents & POLLNVAL) {
|
||||||
|
+ /* Invalid request: fd is not opened */
|
||||||
|
+ sss_cli_sd = -1;
|
||||||
|
*errnop = EPIPE;
|
||||||
|
} else if (!(pfd.revents & POLLOUT)) {
|
||||||
|
*errnop = EBUSY;
|
||||||
|
@@ -270,7 +274,11 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd,
|
||||||
|
if (pfd.revents & (POLLHUP)) {
|
||||||
|
pollhup = true;
|
||||||
|
}
|
||||||
|
- if (pfd.revents & (POLLERR | POLLNVAL)) {
|
||||||
|
+ if (pfd.revents & POLLERR) {
|
||||||
|
+ *errnop = EPIPE;
|
||||||
|
+ } else if (pfd.revents & POLLNVAL) {
|
||||||
|
+ /* Invalid request: fd is not opened */
|
||||||
|
+ sss_cli_sd = -1;
|
||||||
|
*errnop = EPIPE;
|
||||||
|
} else if (!(pfd.revents & POLLIN)) {
|
||||||
|
*errnop = EBUSY;
|
||||||
|
@@ -721,7 +729,11 @@ static enum sss_status sss_cli_check_socket(int *errnop,
|
||||||
|
*errnop = ETIME;
|
||||||
|
break;
|
||||||
|
case 1:
|
||||||
|
- if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
|
||||||
|
+ if (pfd.revents & (POLLERR | POLLHUP)) {
|
||||||
|
+ *errnop = EPIPE;
|
||||||
|
+ } else if (pfd.revents & POLLNVAL) {
|
||||||
|
+ /* Invalid request: fd is not opened */
|
||||||
|
+ sss_cli_sd = -1;
|
||||||
|
*errnop = EPIPE;
|
||||||
|
} else if (!(pfd.revents & (POLLIN | POLLOUT))) {
|
||||||
|
*errnop = EBUSY;
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -0,0 +1,53 @@
|
|||||||
|
From 1fd7a5ecb46a02a29ebf42039575b5344307bfbb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Date: Wed, 8 Feb 2023 18:58:37 +0100
|
||||||
|
Subject: [PATCH 4/4] PAM_SSS: close(sss_cli_sd) should also be protected with
|
||||||
|
mutex. Otherwise a thread calling pam_end() can close socket mid pam
|
||||||
|
transaction in another thread.
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Bug only manifested on platforms where "lockfree client"
|
||||||
|
feature wasn't built.
|
||||||
|
|
||||||
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
(cherry picked from commit bf3f73ea0ee123fe4e7c4bdd2287ac5a5e6d9082)
|
||||||
|
---
|
||||||
|
src/sss_client/pam_sss.c | 3 +++
|
||||||
|
src/sss_client/pam_sss_gss.c | 2 ++
|
||||||
|
2 files changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
|
||||||
|
index afbdef59a..39ad17188 100644
|
||||||
|
--- a/src/sss_client/pam_sss.c
|
||||||
|
+++ b/src/sss_client/pam_sss.c
|
||||||
|
@@ -117,7 +117,10 @@ static void close_fd(pam_handle_t *pamh, void *ptr, int err)
|
||||||
|
#endif /* PAM_DATA_REPLACE */
|
||||||
|
|
||||||
|
D(("Closing the fd"));
|
||||||
|
+
|
||||||
|
+ sss_pam_lock();
|
||||||
|
sss_cli_close_socket();
|
||||||
|
+ sss_pam_unlock();
|
||||||
|
}
|
||||||
|
|
||||||
|
struct cert_auth_info {
|
||||||
|
diff --git a/src/sss_client/pam_sss_gss.c b/src/sss_client/pam_sss_gss.c
|
||||||
|
index 1109ec570..dd578ae5d 100644
|
||||||
|
--- a/src/sss_client/pam_sss_gss.c
|
||||||
|
+++ b/src/sss_client/pam_sss_gss.c
|
||||||
|
@@ -581,7 +581,9 @@ int pam_sm_authenticate(pam_handle_t *pamh,
|
||||||
|
}
|
||||||
|
|
||||||
|
done:
|
||||||
|
+ sss_pam_lock();
|
||||||
|
sss_cli_close_socket();
|
||||||
|
+ sss_pam_unlock();
|
||||||
|
free(username);
|
||||||
|
free(domain);
|
||||||
|
free(target);
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -19,7 +19,7 @@
|
|||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.8.2
|
Version: 2.8.2
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -28,6 +28,9 @@ Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{versio
|
|||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
Patch0001: 0001-ldap-update-shadow-last-change-in-sysdb-as-well.patch
|
Patch0001: 0001-ldap-update-shadow-last-change-in-sysdb-as-well.patch
|
||||||
|
Patch0002: 0002-SSS_CLIENT-fix-error-codes-returned-by-common-read-w.patch
|
||||||
|
Patch0003: 0003-SSS_CLIENT-if-poll-returns-POLLNVAL-then-socket-is-a.patch
|
||||||
|
Patch0004: 0004-PAM_SSS-close-sss_cli_sd-should-also-be-protected-wi.patch
|
||||||
|
|
||||||
### Downstream Patches ###
|
### Downstream Patches ###
|
||||||
|
|
||||||
@ -1210,6 +1213,9 @@ fi
|
|||||||
%systemd_postun_with_restart sssd.service
|
%systemd_postun_with_restart sssd.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 13 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-2
|
||||||
|
- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"
|
||||||
|
|
||||||
* Mon Dec 19 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-1
|
* Mon Dec 19 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-1
|
||||||
- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8
|
- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8
|
||||||
- Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
|
- Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
|
||||||
|
Loading…
Reference in New Issue
Block a user