Fix several regressions since 1.5.x
- Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6
This commit is contained in:
parent
7fa00add1e
commit
359d341a35
@ -1,7 +1,8 @@
|
|||||||
From 05c49dd916dcbea2ce8f6a6b14fd54a5c67fd6db Mon Sep 17 00:00:00 2001
|
From 05c49dd916dcbea2ce8f6a6b14fd54a5c67fd6db Mon Sep 17 00:00:00 2001
|
||||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
Date: Wed, 22 Feb 2012 07:53:56 -0500
|
Date: Wed, 22 Feb 2012 07:53:56 -0500
|
||||||
Subject: [PATCH] FEDORA: Change Kerberos credential cache default location
|
Subject: [PATCH 01/19] FEDORA: Change Kerberos credential cache default
|
||||||
|
location
|
||||||
|
|
||||||
On Fedora, we need to default to using /run/user/%u for credential
|
On Fedora, we need to default to using /run/user/%u for credential
|
||||||
caches for improved security and to simplify rpc.gssd locating the
|
caches for improved security and to simplify rpc.gssd locating the
|
25
0002-Potential-NULL-dereference-in-proxy-provider.patch
Normal file
25
0002-Potential-NULL-dereference-in-proxy-provider.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From 0b6df55aee996a4b1e8824d1c58c5494b0c5fb0b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ariel Barria <arielb@fedoraproject.org>
|
||||||
|
Date: Sat, 12 May 2012 11:00:51 -0500
|
||||||
|
Subject: [PATCH 02/19] Potential NULL dereference in proxy provider
|
||||||
|
|
||||||
|
---
|
||||||
|
src/providers/proxy/proxy_id.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
|
||||||
|
index 8a8c7ca80d1b24e53c3d55d06564e719a069642a..e7d9206e5081153ef389dd25db7a32816cc44839 100644
|
||||||
|
--- a/src/providers/proxy/proxy_id.c
|
||||||
|
+++ b/src/providers/proxy/proxy_id.c
|
||||||
|
@@ -215,7 +215,7 @@ static int save_user(struct sysdb_ctx *sysdb, bool lowercase,
|
||||||
|
shell = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!lowercase || alias) {
|
||||||
|
+ if (lowercase || alias) {
|
||||||
|
attrs = sysdb_new_attrs(NULL);
|
||||||
|
if (!attrs) {
|
||||||
|
DEBUG(SSSDBG_CRIT_FAILURE, ("Allocation error ?!\n"));
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
62
0003-Fix-typos-in-message-and-man-pages.patch
Normal file
62
0003-Fix-typos-in-message-and-man-pages.patch
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
From 47669c95501ee6adbb0700f4d4a62ae09daa21f7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yuri Chornoivan <yurchor@ukr.net>
|
||||||
|
Date: Fri, 11 May 2012 23:12:19 +0300
|
||||||
|
Subject: [PATCH 03/19] Fix typos in message and man pages.
|
||||||
|
|
||||||
|
---
|
||||||
|
src/config/SSSDConfig.py | 2 +-
|
||||||
|
src/man/include/ldap_id_mapping.xml | 2 +-
|
||||||
|
src/man/sssd.conf.5.xml | 4 ++--
|
||||||
|
3 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
|
||||||
|
index a44e138f6461681709d78bbece86f6f8720ae31c..11da7cf2ba42076f3088cbbff81b69b39a0dc449 100644
|
||||||
|
--- a/src/config/SSSDConfig.py
|
||||||
|
+++ b/src/config/SSSDConfig.py
|
||||||
|
@@ -85,7 +85,7 @@ option_strings = {
|
||||||
|
'autofs_negative_timeout' : _('Negative cache timeout length (seconds)'),
|
||||||
|
|
||||||
|
# [ssh]
|
||||||
|
- 'ssh_hash_known_hosts': _('Whether to hash host names and adresses in the known_hosts file'),
|
||||||
|
+ 'ssh_hash_known_hosts': _('Whether to hash host names and addresses in the known_hosts file'),
|
||||||
|
|
||||||
|
# [provider]
|
||||||
|
'id_provider' : _('Identity provider'),
|
||||||
|
diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml
|
||||||
|
index 62e5598eb0d31fdc1185db13ae0c433b233b9ba2..75335f5032c36c01aa0bcc14d05b60ace0c22734 100644
|
||||||
|
--- a/src/man/include/ldap_id_mapping.xml
|
||||||
|
+++ b/src/man/include/ldap_id_mapping.xml
|
||||||
|
@@ -83,7 +83,7 @@ ldap_schema = ad
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
NOTE: This option is different from
|
||||||
|
- <quote>id_mn</quote> in that <quote>id_min</quote>
|
||||||
|
+ <quote>id_min</quote> in that <quote>id_min</quote>
|
||||||
|
acts to filter the output of requests to this domain,
|
||||||
|
whereas this option controls the range of ID
|
||||||
|
assignment. This is a subtle distinction, but the
|
||||||
|
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
|
||||||
|
index e283480e3a5725a1acee93c95b20d5b504393e4f..8eaeb13ce0e2af97b19b0855d8cc7f5985659214 100644
|
||||||
|
--- a/src/man/sssd.conf.5.xml
|
||||||
|
+++ b/src/man/sssd.conf.5.xml
|
||||||
|
@@ -521,7 +521,7 @@
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The default shell to use if the provider does not
|
||||||
|
- return one during lookup. This option supercedes
|
||||||
|
+ return one during lookup. This option supersedes
|
||||||
|
any other shell options if it takes effect.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
@@ -786,7 +786,7 @@
|
||||||
|
<term>ssh_hash_known_hosts (bool)</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
- Whether or not to hash host names and adresses in
|
||||||
|
+ Whether or not to hash host names and addresses in
|
||||||
|
the managed known_hosts file.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
43
0004-Fixed-two-minor-memory-leaks.patch
Normal file
43
0004-Fixed-two-minor-memory-leaks.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From ac102092fe08183f916e6115fb6fef0f0a792126 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Zeleny <jzeleny@redhat.com>
|
||||||
|
Date: Mon, 14 May 2012 04:11:32 -0400
|
||||||
|
Subject: [PATCH 04/19] Fixed two minor memory leaks
|
||||||
|
|
||||||
|
---
|
||||||
|
src/providers/ldap/sdap.c | 5 ++++-
|
||||||
|
src/providers/ldap/sdap_range.c | 3 ++-
|
||||||
|
2 files changed, 6 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
|
||||||
|
index 1bb513ae639c37c64cd0064066f7c69552404671..01ba418a6e50808552845f6e91db448c57adbb83 100644
|
||||||
|
--- a/src/providers/ldap/sdap.c
|
||||||
|
+++ b/src/providers/ldap/sdap.c
|
||||||
|
@@ -123,7 +123,10 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
attrs = sysdb_new_attrs(tmp_ctx);
|
||||||
|
- if (!attrs) return ENOMEM;
|
||||||
|
+ if (!attrs) {
|
||||||
|
+ ret = ENOMEM;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
str = ldap_get_dn(sh->ldap, sm->msg);
|
||||||
|
if (!str) {
|
||||||
|
diff --git a/src/providers/ldap/sdap_range.c b/src/providers/ldap/sdap_range.c
|
||||||
|
index 295b6605d15a83b7994bb440e3942f5f620cbeaf..a26443c8244bc58e609b2d9c6b4a2ded71193725 100644
|
||||||
|
--- a/src/providers/ldap/sdap_range.c
|
||||||
|
+++ b/src/providers/ldap/sdap_range.c
|
||||||
|
@@ -104,7 +104,8 @@ errno_t sdap_parse_range(TALLOC_CTX *mem_ctx,
|
||||||
|
DEBUG(SSSDBG_TRACE_LIBS,
|
||||||
|
("[%s] contained the last set of values for this attribute\n",
|
||||||
|
attr_desc));
|
||||||
|
- return EOK;
|
||||||
|
+ ret = EOK;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
*range_offset = strtouint32(end_range, &endptr, 10);
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
296
0005-Rename-struct-dom_sid-to-struct-sss_dom_sid.patch
Normal file
296
0005-Rename-struct-dom_sid-to-struct-sss_dom_sid.patch
Normal file
@ -0,0 +1,296 @@
|
|||||||
|
From 4e59e4c8f344e93a64d2bb53578c977475d76546 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Mon, 14 May 2012 13:14:14 +0200
|
||||||
|
Subject: [PATCH 05/19] Rename struct dom_sid to struct sss_dom_sid
|
||||||
|
|
||||||
|
To avoid conflicts with struct dom_sid used by samba the sss_ prefix is
|
||||||
|
added to the struct used by libsss_idmap.
|
||||||
|
---
|
||||||
|
Makefile.am | 2 +-
|
||||||
|
src/lib/idmap/sss_idmap.c | 6 +++---
|
||||||
|
src/lib/idmap/sss_idmap.h | 14 +++++++-------
|
||||||
|
src/lib/idmap/sss_idmap_conv.c | 26 +++++++++++++-------------
|
||||||
|
src/tests/sss_idmap-tests.c | 16 ++++++++--------
|
||||||
|
5 files changed, 32 insertions(+), 32 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 5089b8e5c9cd6bddd0ad038423101a0d29e8b18e..2e13a9777a074e628b48bbd23626d019c2e5c617 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -500,7 +500,7 @@ libsss_idmap_la_SOURCES = \
|
||||||
|
src/lib/idmap/sss_idmap.c \
|
||||||
|
src/lib/idmap/sss_idmap_conv.c
|
||||||
|
libsss_idmap_la_LDFLAGS = \
|
||||||
|
- -version 1:0:1
|
||||||
|
+ -version-info 0:1:0
|
||||||
|
|
||||||
|
|
||||||
|
include_HEADERS = \
|
||||||
|
diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
|
||||||
|
index c970293bccd2385886453afdc2573e2bbbc9c7ad..c589bd458a01ecd9ba298e879e21f746a2ef50e6 100644
|
||||||
|
--- a/src/lib/idmap/sss_idmap.c
|
||||||
|
+++ b/src/lib/idmap/sss_idmap.c
|
||||||
|
@@ -361,7 +361,7 @@ enum idmap_error_code sss_idmap_unix_to_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
enum idmap_error_code sss_idmap_dom_sid_to_unix(struct sss_idmap_ctx *ctx,
|
||||||
|
- struct dom_sid *dom_sid,
|
||||||
|
+ struct sss_dom_sid *dom_sid,
|
||||||
|
uint32_t *id)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
@@ -407,11 +407,11 @@ done:
|
||||||
|
|
||||||
|
enum idmap_error_code sss_idmap_unix_to_dom_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
uint32_t id,
|
||||||
|
- struct dom_sid **_dom_sid)
|
||||||
|
+ struct sss_dom_sid **_dom_sid)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
char *sid = NULL;
|
||||||
|
- struct dom_sid *dom_sid = NULL;
|
||||||
|
+ struct sss_dom_sid *dom_sid = NULL;
|
||||||
|
|
||||||
|
CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
|
||||||
|
|
||||||
|
diff --git a/src/lib/idmap/sss_idmap.h b/src/lib/idmap/sss_idmap.h
|
||||||
|
index 78e786afe680fa276e75148798a590115aec2c1b..a3ec919c8041bb151747cdb8b577dc25f64ad124 100644
|
||||||
|
--- a/src/lib/idmap/sss_idmap.h
|
||||||
|
+++ b/src/lib/idmap/sss_idmap.h
|
||||||
|
@@ -90,7 +90,7 @@ struct sss_idmap_range {
|
||||||
|
/**
|
||||||
|
* Opaque type for SIDs
|
||||||
|
*/
|
||||||
|
-struct dom_sid;
|
||||||
|
+struct sss_dom_sid;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Opaque type for the idmap context
|
||||||
|
@@ -167,7 +167,7 @@ enum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx,
|
||||||
|
* idmap context
|
||||||
|
*/
|
||||||
|
enum idmap_error_code sss_idmap_dom_sid_to_unix(struct sss_idmap_ctx *ctx,
|
||||||
|
- struct dom_sid *dom_sid,
|
||||||
|
+ struct sss_dom_sid *dom_sid,
|
||||||
|
uint32_t *id);
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -220,7 +220,7 @@ enum idmap_error_code sss_idmap_unix_to_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
*/
|
||||||
|
enum idmap_error_code sss_idmap_unix_to_dom_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
uint32_t id,
|
||||||
|
- struct dom_sid **dom_sid);
|
||||||
|
+ struct sss_dom_sid **dom_sid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Translate unix UID or GID to a binary SID
|
||||||
|
@@ -288,7 +288,7 @@ bool is_domain_sid(const char *str);
|
||||||
|
enum idmap_error_code sss_idmap_bin_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
const uint8_t *bin_sid,
|
||||||
|
size_t length,
|
||||||
|
- struct dom_sid **dom_sid);
|
||||||
|
+ struct sss_dom_sid **dom_sid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Convert binary SID to SID string
|
||||||
|
@@ -322,7 +322,7 @@ enum idmap_error_code sss_idmap_bin_sid_to_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
|
||||||
|
*/
|
||||||
|
enum idmap_error_code sss_idmap_dom_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
- struct dom_sid *dom_sid,
|
||||||
|
+ struct sss_dom_sid *dom_sid,
|
||||||
|
uint8_t **bin_sid,
|
||||||
|
size_t *length);
|
||||||
|
|
||||||
|
@@ -357,7 +357,7 @@ enum idmap_error_code sss_idmap_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
|
||||||
|
*/
|
||||||
|
enum idmap_error_code sss_idmap_dom_sid_to_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
- struct dom_sid *dom_sid,
|
||||||
|
+ struct sss_dom_sid *dom_sid,
|
||||||
|
char **sid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -374,7 +374,7 @@ enum idmap_error_code sss_idmap_dom_sid_to_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
*/
|
||||||
|
enum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
const char *sid,
|
||||||
|
- struct dom_sid **dom_sid);
|
||||||
|
+ struct sss_dom_sid **dom_sid);
|
||||||
|
/**
|
||||||
|
* @}
|
||||||
|
*/
|
||||||
|
diff --git a/src/lib/idmap/sss_idmap_conv.c b/src/lib/idmap/sss_idmap_conv.c
|
||||||
|
index e2064f6dabf0c599ff415b9e5655c1d2d3f60dc5..df96fcc327679bedbe19fc2c8d7cc54f692a8161 100644
|
||||||
|
--- a/src/lib/idmap/sss_idmap_conv.c
|
||||||
|
+++ b/src/lib/idmap/sss_idmap_conv.c
|
||||||
|
@@ -33,7 +33,7 @@
|
||||||
|
|
||||||
|
#define SID_ID_AUTHS 6
|
||||||
|
#define SID_SUB_AUTHS 15
|
||||||
|
-struct dom_sid {
|
||||||
|
+struct sss_dom_sid {
|
||||||
|
uint8_t sid_rev_num;
|
||||||
|
int8_t num_auths; /* [range(0,15)] */
|
||||||
|
uint8_t id_auth[SID_ID_AUTHS]; /* highest order byte has index 0 */
|
||||||
|
@@ -43,19 +43,19 @@ struct dom_sid {
|
||||||
|
enum idmap_error_code sss_idmap_bin_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
const uint8_t *bin_sid,
|
||||||
|
size_t length,
|
||||||
|
- struct dom_sid **_dom_sid)
|
||||||
|
+ struct sss_dom_sid **_dom_sid)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
- struct dom_sid *dom_sid;
|
||||||
|
+ struct sss_dom_sid *dom_sid;
|
||||||
|
size_t i = 0;
|
||||||
|
size_t p = 0;
|
||||||
|
uint32_t val;
|
||||||
|
|
||||||
|
CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
|
||||||
|
|
||||||
|
- if (length > sizeof(struct dom_sid)) return IDMAP_SID_INVALID;
|
||||||
|
+ if (length > sizeof(struct sss_dom_sid)) return IDMAP_SID_INVALID;
|
||||||
|
|
||||||
|
- dom_sid = ctx->alloc_func(sizeof(struct dom_sid), ctx->alloc_pvt);
|
||||||
|
+ dom_sid = ctx->alloc_func(sizeof(struct sss_dom_sid), ctx->alloc_pvt);
|
||||||
|
if (dom_sid == NULL) {
|
||||||
|
return IDMAP_OUT_OF_MEMORY;
|
||||||
|
}
|
||||||
|
@@ -101,7 +101,7 @@ done:
|
||||||
|
}
|
||||||
|
|
||||||
|
enum idmap_error_code sss_idmap_dom_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
- struct dom_sid *dom_sid,
|
||||||
|
+ struct sss_dom_sid *dom_sid,
|
||||||
|
uint8_t **_bin_sid,
|
||||||
|
size_t *_length)
|
||||||
|
{
|
||||||
|
@@ -157,7 +157,7 @@ done:
|
||||||
|
}
|
||||||
|
|
||||||
|
enum idmap_error_code sss_idmap_dom_sid_to_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
- struct dom_sid *dom_sid,
|
||||||
|
+ struct sss_dom_sid *dom_sid,
|
||||||
|
char **_sid)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
@@ -222,13 +222,13 @@ done:
|
||||||
|
|
||||||
|
enum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
const char *sid,
|
||||||
|
- struct dom_sid **_dom_sid)
|
||||||
|
+ struct sss_dom_sid **_dom_sid)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
unsigned long ul;
|
||||||
|
char *r;
|
||||||
|
char *end;
|
||||||
|
- struct dom_sid *dom_sid;
|
||||||
|
+ struct sss_dom_sid *dom_sid;
|
||||||
|
|
||||||
|
CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
|
||||||
|
|
||||||
|
@@ -236,11 +236,11 @@ enum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
return IDMAP_SID_INVALID;
|
||||||
|
}
|
||||||
|
|
||||||
|
- dom_sid = ctx->alloc_func(sizeof(struct dom_sid), ctx->alloc_pvt);
|
||||||
|
+ dom_sid = ctx->alloc_func(sizeof(struct sss_dom_sid), ctx->alloc_pvt);
|
||||||
|
if (dom_sid == NULL) {
|
||||||
|
return IDMAP_OUT_OF_MEMORY;
|
||||||
|
}
|
||||||
|
- memset(dom_sid, 0, sizeof(struct dom_sid));
|
||||||
|
+ memset(dom_sid, 0, sizeof(struct sss_dom_sid));
|
||||||
|
|
||||||
|
|
||||||
|
if (!isdigit(sid[2])) {
|
||||||
|
@@ -330,7 +330,7 @@ enum idmap_error_code sss_idmap_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
size_t *_length)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
- struct dom_sid *dom_sid = NULL;
|
||||||
|
+ struct sss_dom_sid *dom_sid = NULL;
|
||||||
|
size_t length;
|
||||||
|
uint8_t *bin_sid = NULL;
|
||||||
|
|
||||||
|
@@ -363,7 +363,7 @@ enum idmap_error_code sss_idmap_bin_sid_to_sid(struct sss_idmap_ctx *ctx,
|
||||||
|
char **_sid)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
- struct dom_sid *dom_sid = NULL;
|
||||||
|
+ struct sss_dom_sid *dom_sid = NULL;
|
||||||
|
char *sid = NULL;
|
||||||
|
|
||||||
|
err = sss_idmap_bin_sid_to_dom_sid(ctx, bin_sid, length, &dom_sid);
|
||||||
|
diff --git a/src/tests/sss_idmap-tests.c b/src/tests/sss_idmap-tests.c
|
||||||
|
index d81922f1195413674a7a2b5f8429cfe0c2c037c5..b821dfc98b806f71e4d2a11b1fb609711d3e91b7 100644
|
||||||
|
--- a/src/tests/sss_idmap-tests.c
|
||||||
|
+++ b/src/tests/sss_idmap-tests.c
|
||||||
|
@@ -182,7 +182,7 @@ START_TEST(idmap_test_dom_sid2uid)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
uint32_t id;
|
||||||
|
- struct dom_sid *dom_sid = NULL;
|
||||||
|
+ struct sss_dom_sid *dom_sid = NULL;
|
||||||
|
|
||||||
|
err = sss_idmap_sid_to_dom_sid(idmap_ctx, "S-1-5-21-1-2-3-1000", &dom_sid);
|
||||||
|
fail_unless(err == IDMAP_SUCCESS, "Failed to convert SID to SID structure");
|
||||||
|
@@ -219,7 +219,7 @@ END_TEST
|
||||||
|
START_TEST(idmap_test_uid2dom_sid)
|
||||||
|
{
|
||||||
|
enum idmap_error_code err;
|
||||||
|
- struct dom_sid *dom_sid = NULL;
|
||||||
|
+ struct sss_dom_sid *dom_sid = NULL;
|
||||||
|
char *sid = NULL;
|
||||||
|
|
||||||
|
err = sss_idmap_unix_to_dom_sid(idmap_ctx, 10000, &dom_sid);
|
||||||
|
@@ -269,7 +269,7 @@ END_TEST
|
||||||
|
|
||||||
|
START_TEST(idmap_test_sid_bin2dom_sid)
|
||||||
|
{
|
||||||
|
- struct dom_sid *dom_sid = NULL;
|
||||||
|
+ struct sss_dom_sid *dom_sid = NULL;
|
||||||
|
enum idmap_error_code err;
|
||||||
|
uint8_t *new_bin_sid = NULL;
|
||||||
|
size_t new_bin_sid_length;
|
||||||
|
@@ -278,12 +278,12 @@ START_TEST(idmap_test_sid_bin2dom_sid)
|
||||||
|
test_bin_sid_length, &dom_sid);
|
||||||
|
|
||||||
|
fail_unless(err == IDMAP_SUCCESS,
|
||||||
|
- "Failed to convert binary SID to struct dom_sid.");
|
||||||
|
+ "Failed to convert binary SID to struct sss_dom_sid.");
|
||||||
|
|
||||||
|
err = sss_idmap_dom_sid_to_bin_sid(idmap_ctx, dom_sid, &new_bin_sid,
|
||||||
|
&new_bin_sid_length);
|
||||||
|
fail_unless(err == IDMAP_SUCCESS,
|
||||||
|
- "Failed to convert struct dom_sid to binary SID.");
|
||||||
|
+ "Failed to convert struct sss_dom_sid to binary SID.");
|
||||||
|
|
||||||
|
fail_unless(new_bin_sid_length == test_bin_sid_length,
|
||||||
|
"Length of binary SIDs do not match.");
|
||||||
|
@@ -297,18 +297,18 @@ END_TEST
|
||||||
|
|
||||||
|
START_TEST(idmap_test_sid2dom_sid)
|
||||||
|
{
|
||||||
|
- struct dom_sid *dom_sid = NULL;
|
||||||
|
+ struct sss_dom_sid *dom_sid = NULL;
|
||||||
|
enum idmap_error_code err;
|
||||||
|
char *new_sid = NULL;
|
||||||
|
|
||||||
|
err = sss_idmap_sid_to_dom_sid(idmap_ctx, "S-1-5-21-1-2-3-1000", &dom_sid);
|
||||||
|
|
||||||
|
fail_unless(err == IDMAP_SUCCESS,
|
||||||
|
- "Failed to convert SID string to struct dom_sid.");
|
||||||
|
+ "Failed to convert SID string to struct sss_dom_sid.");
|
||||||
|
|
||||||
|
err = sss_idmap_dom_sid_to_sid(idmap_ctx, dom_sid, &new_sid);
|
||||||
|
fail_unless(err == IDMAP_SUCCESS,
|
||||||
|
- "Failed to convert struct dom_sid to SID string.");
|
||||||
|
+ "Failed to convert struct sss_dom_sid to SID string.");
|
||||||
|
|
||||||
|
fail_unless(new_sid != NULL, "SID string not set");
|
||||||
|
fail_unless(strlen("S-1-5-21-1-2-3-1000") == strlen(new_sid),
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
25
0006-Fix-libsss_hbac-library-version.patch
Normal file
25
0006-Fix-libsss_hbac-library-version.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From a231d0b597a79b1a9a2617f543b1fef084532c9e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Mon, 14 May 2012 15:04:38 +0200
|
||||||
|
Subject: [PATCH 06/19] Fix libsss_hbac library version
|
||||||
|
|
||||||
|
---
|
||||||
|
Makefile.am | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 2e13a9777a074e628b48bbd23626d019c2e5c617..e238b3538494a254c474518a1c4ea3fae7f975c8 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -492,7 +492,7 @@ libipa_hbac_la_SOURCES = \
|
||||||
|
src/providers/ipa/hbac_evaluator.c \
|
||||||
|
src/util/sss_utf8.c
|
||||||
|
libipa_hbac_la_LDFLAGS = \
|
||||||
|
- -version 1:0:1 \
|
||||||
|
+ -version-info 0:1:0 \
|
||||||
|
$(UNICODE_LIBS)
|
||||||
|
|
||||||
|
dist_pkgconfig_DATA += src/lib/idmap/sss_idmap.pc
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
From 33c35e25ba25100dcd77562055eea2a0cb1197a9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||||
|
Date: Mon, 14 May 2012 15:53:18 +0200
|
||||||
|
Subject: [PATCH 07/19] NSS: keep a pointer to body after body is reallocated
|
||||||
|
|
||||||
|
---
|
||||||
|
src/responder/nss/nsssrv_cmd.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
|
||||||
|
index f36a9a322ab92144c93b8cb9041d7a28515cc85d..43e82ae3ad1d98d440c076513ffb78ed46feb949 100644
|
||||||
|
--- a/src/responder/nss/nsssrv_cmd.c
|
||||||
|
+++ b/src/responder/nss/nsssrv_cmd.c
|
||||||
|
@@ -1919,6 +1919,9 @@ static int fill_grent(struct sss_packet *packet,
|
||||||
|
num++;
|
||||||
|
|
||||||
|
if (gr_mmap_cache) {
|
||||||
|
+ /* body was reallocated, so fullname might be pointing to
|
||||||
|
+ * where body used to be, not where it is */
|
||||||
|
+ to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]);
|
||||||
|
ret = sss_mmap_cache_gr_store(nctx->grp_mc_ctx,
|
||||||
|
&fullname, &pwfield, gid, memnum,
|
||||||
|
(char *)&body[rzero] + STRS_ROFFSET +
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
34
0008-Use-sized_string-correctly-in-FQDN-domains.patch
Normal file
34
0008-Use-sized_string-correctly-in-FQDN-domains.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From f12d3379b89bb16ec8e85f496f9dbd9fba95d874 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||||
|
Date: Mon, 14 May 2012 15:58:37 +0200
|
||||||
|
Subject: [PATCH 08/19] Use sized_string correctly in FQDN domains
|
||||||
|
|
||||||
|
---
|
||||||
|
src/responder/nss/nsssrv_cmd.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
|
||||||
|
index 43e82ae3ad1d98d440c076513ffb78ed46feb949..aa3ef3cbc0b98d3fe44e14dce212ecf1279f14f3 100644
|
||||||
|
--- a/src/responder/nss/nsssrv_cmd.c
|
||||||
|
+++ b/src/responder/nss/nsssrv_cmd.c
|
||||||
|
@@ -1863,7 +1863,7 @@ static int fill_grent(struct sss_packet *packet,
|
||||||
|
if (add_domain) {
|
||||||
|
ret = snprintf((char *)&body[rzero + rsize],
|
||||||
|
name.len + delim + dom_len,
|
||||||
|
- namefmt, name, domain);
|
||||||
|
+ namefmt, name.str, domain);
|
||||||
|
if (ret >= (name.len + delim + dom_len)) {
|
||||||
|
/* need more space,
|
||||||
|
* got creative with the print format ? */
|
||||||
|
@@ -1879,7 +1879,7 @@ static int fill_grent(struct sss_packet *packet,
|
||||||
|
/* retry */
|
||||||
|
ret = snprintf((char *)&body[rzero + rsize],
|
||||||
|
name.len + delim + dom_len,
|
||||||
|
- namefmt, name, domain);
|
||||||
|
+ namefmt, name.str, domain);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ret != name.len + delim + dom_len - 1) {
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
63
0009-RPM-Allow-running-make-rpms-on-RHEL-5-machines.patch
Normal file
63
0009-RPM-Allow-running-make-rpms-on-RHEL-5-machines.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From 6bfc4b41bfa7291eeb54a94c4eac85c7b9357565 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Tue, 15 May 2012 11:38:15 -0400
|
||||||
|
Subject: [PATCH 09/19] RPM: Allow running 'make rpms' on RHEL 5 machines
|
||||||
|
|
||||||
|
Our previous detection for this was flawed, because the %{rhel}
|
||||||
|
macro did not exist on the version of RPM shipped with RHEL 5, but
|
||||||
|
it worked when building for RHEL 5 through mock. This new patch
|
||||||
|
relies on grepping /etc/redhat-release for the version
|
||||||
|
information.
|
||||||
|
|
||||||
|
https://fedorahosted.org/sssd/ticket/1206
|
||||||
|
---
|
||||||
|
contrib/sssd.spec.in | 12 +++++++-----
|
||||||
|
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
|
||||||
|
index e5a4ed523ef71fe5efbe5e533f0ebb52f0d7f0f9..9972ebbd752d0abbcff35639819f03a97b19327c 100644
|
||||||
|
--- a/contrib/sssd.spec.in
|
||||||
|
+++ b/contrib/sssd.spec.in
|
||||||
|
@@ -3,8 +3,10 @@
|
||||||
|
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
-%if (0%{?rhel} == 5)
|
||||||
|
-%{!?is_rhel57: %global is_rhel57 %(%{__grep} -c "5\.[^0-6]" /etc/redhat-release)}
|
||||||
|
+%global is_rhel5 %(%{__grep} -c "release 5" /etc/redhat-release)
|
||||||
|
+%global rhel5_minor %(%{__grep} -o "5.[0-9]*" /etc/redhat-release |%{__sed} -s 's/5.//')
|
||||||
|
+
|
||||||
|
+%if 0%{?is_rhel5} > 0
|
||||||
|
%global with_unicode_lib --with-unicode-lib=glib2
|
||||||
|
# we don't want to provide private python extension libs
|
||||||
|
%{?filter_setup:
|
||||||
|
@@ -65,7 +67,7 @@ BuildRequires: automake
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: m4
|
||||||
|
%{?fedora:BuildRequires: popt-devel}
|
||||||
|
-%if 0%{?rhel} <= 5
|
||||||
|
+%if 0%{?is_rhel5} > 0
|
||||||
|
BuildRequires: popt
|
||||||
|
%endif
|
||||||
|
%if 0%{?rhel} >= 6
|
||||||
|
@@ -80,7 +82,7 @@ BuildRequires: libcollection-devel
|
||||||
|
BuildRequires: libini_config-devel
|
||||||
|
BuildRequires: dbus-devel
|
||||||
|
BuildRequires: dbus-libs
|
||||||
|
-%if 0%{?is_rhel57} > 0
|
||||||
|
+%if 0%{?rhel5_minor} >= 7
|
||||||
|
BuildRequires: openldap24-libs-devel
|
||||||
|
%else
|
||||||
|
BuildRequires: openldap-devel
|
||||||
|
@@ -106,7 +108,7 @@ BuildRequires: gettext-devel
|
||||||
|
BuildRequires: pkgconfig
|
||||||
|
BuildRequires: findutils
|
||||||
|
|
||||||
|
-%if 0%{?rhel} == 5
|
||||||
|
+%if 0%{?is_rhel5} > 0
|
||||||
|
BuildRequires: glib2-devel
|
||||||
|
%else
|
||||||
|
BuildRequires: libunistring-devel
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
@ -0,0 +1,39 @@
|
|||||||
|
From 43818e4ba2a9c6fb11344da0b68138f0501f6bfc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||||
|
Date: Wed, 16 May 2012 17:03:41 +0200
|
||||||
|
Subject: [PATCH 10/19] Use the sysdb attribute name, not LDAP attribute name
|
||||||
|
|
||||||
|
---
|
||||||
|
src/providers/ldap/sdap_async_autofs.c | 2 +-
|
||||||
|
src/providers/ldap/sdap_async_groups.c | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/providers/ldap/sdap_async_autofs.c b/src/providers/ldap/sdap_async_autofs.c
|
||||||
|
index 3140596efb07e8433f6e044dc2e2c8bba8735886..d8a2d0eec75c3e42cd3dc39930d20a0a51e2c541 100644
|
||||||
|
--- a/src/providers/ldap/sdap_async_autofs.c
|
||||||
|
+++ b/src/providers/ldap/sdap_async_autofs.c
|
||||||
|
@@ -770,7 +770,7 @@ sdap_autofs_setautomntent_save(struct tevent_req *req)
|
||||||
|
ret = sysdb_attrs_to_list(
|
||||||
|
tmp_ctx, state->entries,
|
||||||
|
state->entries_count,
|
||||||
|
- state->opts->autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_KEY].name,
|
||||||
|
+ state->opts->autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_KEY].sys_name,
|
||||||
|
&ldap_entrylist);
|
||||||
|
if (ret != EOK) {
|
||||||
|
DEBUG(SSSDBG_OP_FAILURE,
|
||||||
|
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
|
||||||
|
index 361525037eb270462251fe03d0c5e1df63de73f4..b48fe72eca1ab1dfe2dcb7a97a856ecef86d6f33 100644
|
||||||
|
--- a/src/providers/ldap/sdap_async_groups.c
|
||||||
|
+++ b/src/providers/ldap/sdap_async_groups.c
|
||||||
|
@@ -3044,7 +3044,7 @@ sdap_nested_group_process_deref_result(struct tevent_req *req)
|
||||||
|
} else if (dctx->deref_result[dctx->result_index]->map == \
|
||||||
|
state->opts->group_map) {
|
||||||
|
ret = sysdb_attrs_get_string(dctx->deref_result[dctx->result_index]->attrs,
|
||||||
|
- state->opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||||
|
+ state->opts->group_map[SDAP_AT_GROUP_NAME].sys_name,
|
||||||
|
&tmp_name);
|
||||||
|
if (ret == ENOENT) {
|
||||||
|
DEBUG(7, ("Dereferenced a group without name, skipping ...\n"));
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
@ -0,0 +1,46 @@
|
|||||||
|
From 977de33c57278fe0d90a3f937c58046298ab8742 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Wed, 16 May 2012 14:32:29 -0400
|
||||||
|
Subject: [PATCH 11/19] NSS: Expire in-memory netgroup cache before the nowait
|
||||||
|
timeout
|
||||||
|
|
||||||
|
The fact that we were keeping it in memory for the full duration
|
||||||
|
of the cache timeout meant that we would never reap the benefits
|
||||||
|
of the midpoint cache refresh.
|
||||||
|
|
||||||
|
https://fedorahosted.org/sssd/ticket/1340
|
||||||
|
---
|
||||||
|
src/responder/nss/nsssrv_netgroup.c | 10 +++++++++-
|
||||||
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
|
||||||
|
index 83e79a2fae7f957264d452bbc39550cacb792774..593b7e435b1e8e504975d20a2295ce65cb60e7a0 100644
|
||||||
|
--- a/src/responder/nss/nsssrv_netgroup.c
|
||||||
|
+++ b/src/responder/nss/nsssrv_netgroup.c
|
||||||
|
@@ -416,6 +416,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
|
||||||
|
struct getent_ctx *netgr;
|
||||||
|
struct sysdb_ctx *sysdb;
|
||||||
|
char *name = NULL;
|
||||||
|
+ uint32_t lifetime;
|
||||||
|
|
||||||
|
/* Check each domain for this netgroup name */
|
||||||
|
while (dom) {
|
||||||
|
@@ -531,7 +532,14 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
|
||||||
|
name, dom->name));
|
||||||
|
netgr->ready = true;
|
||||||
|
netgr->found = true;
|
||||||
|
- set_netgr_lifetime(dom->netgroup_timeout, step_ctx, netgr);
|
||||||
|
+ if (step_ctx->nctx->cache_refresh_percent) {
|
||||||
|
+ lifetime = dom->netgroup_timeout *
|
||||||
|
+ (step_ctx->nctx->cache_refresh_percent / 100);
|
||||||
|
+ } else {
|
||||||
|
+ lifetime = dom->netgroup_timeout;
|
||||||
|
+ }
|
||||||
|
+ if (lifetime < 10) lifetime = 10;
|
||||||
|
+ set_netgr_lifetime(lifetime, step_ctx, netgr);
|
||||||
|
return EOK;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
264
0012-Always-use-positional-arguments-in-translatable-stri.patch
Normal file
264
0012-Always-use-positional-arguments-in-translatable-stri.patch
Normal file
@ -0,0 +1,264 @@
|
|||||||
|
From 56f1f51468005df27198c51acc203e2fe00312f8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Thu, 17 May 2012 13:54:29 -0400
|
||||||
|
Subject: [PATCH 12/19] Always use positional arguments in translatable
|
||||||
|
strings
|
||||||
|
|
||||||
|
https://fedorahosted.org/sssd/ticket/1336
|
||||||
|
---
|
||||||
|
src/sss_client/pam_sss.c | 4 ++--
|
||||||
|
src/tools/sss_cache.c | 10 +++++-----
|
||||||
|
src/tools/sss_groupdel.c | 2 +-
|
||||||
|
src/tools/sss_groupmod.c | 4 ++--
|
||||||
|
src/tools/sss_groupshow.c | 10 +++++-----
|
||||||
|
src/tools/sss_useradd.c | 6 +++---
|
||||||
|
src/tools/sss_userdel.c | 8 ++++----
|
||||||
|
src/tools/sss_usermod.c | 4 ++--
|
||||||
|
src/tools/tools_util.h | 2 +-
|
||||||
|
9 files changed, 25 insertions(+), 25 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
|
||||||
|
index e25792fc012c587e2ffc804057a2b43ec6b90068..9dca7e3c7b2f773abf08d5127d63b0bfc52ed06e 100644
|
||||||
|
--- a/src/sss_client/pam_sss.c
|
||||||
|
+++ b/src/sss_client/pam_sss.c
|
||||||
|
@@ -637,7 +637,7 @@ static int user_info_grace_login(pam_handle_t *pamh,
|
||||||
|
memcpy(&grace, buf + sizeof(uint32_t), sizeof(uint32_t));
|
||||||
|
ret = snprintf(user_msg, sizeof(user_msg),
|
||||||
|
_("Your password has expired. "
|
||||||
|
- "You have %d grace login(s) remaining."),
|
||||||
|
+ "You have %1$d grace login(s) remaining."),
|
||||||
|
grace);
|
||||||
|
if (ret < 0 || ret >= sizeof(user_msg)) {
|
||||||
|
D(("snprintf failed."));
|
||||||
|
@@ -682,7 +682,7 @@ static int user_info_expire_warn(pam_handle_t *pamh,
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = snprintf(user_msg, sizeof(user_msg),
|
||||||
|
- _("Your password will expire in %d %s."), expire, unit);
|
||||||
|
+ _("Your password will expire in %1$d %2$s."), expire, unit);
|
||||||
|
if (ret < 0 || ret >= sizeof(user_msg)) {
|
||||||
|
D(("snprintf failed."));
|
||||||
|
return PAM_SYSTEM_ERR;
|
||||||
|
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
|
||||||
|
index d0f2b28714140a068ed43d22e0b0bf75feb804e3..1b2b29fe774b58bc15bf51ec0560a681382bc66d 100644
|
||||||
|
--- a/src/tools/sss_cache.c
|
||||||
|
+++ b/src/tools/sss_cache.c
|
||||||
|
@@ -169,10 +169,10 @@ bool invalidate_entries(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
|
||||||
|
("Searching for %s with filter %s failed\n",
|
||||||
|
type_rec.type_string, filter));
|
||||||
|
if (name) {
|
||||||
|
- ERROR("No such %s named %s, skipping\n",
|
||||||
|
+ ERROR("No such %1$s named %2$s, skipping\n",
|
||||||
|
type_rec.type_string, name);
|
||||||
|
} else {
|
||||||
|
- ERROR("No objects of type %s in the cache, skipping\n",
|
||||||
|
+ ERROR("No objects of type %1$s in the cache, skipping\n",
|
||||||
|
type_rec.type_string);
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
@@ -184,14 +184,14 @@ bool invalidate_entries(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
|
||||||
|
if (c_name == NULL) {
|
||||||
|
DEBUG(SSSDBG_MINOR_FAILURE,
|
||||||
|
("Something bad happened, can't find attribute %s", SYSDB_NAME));
|
||||||
|
- ERROR("Couldn't invalidate %s", type_rec.type_string);
|
||||||
|
+ ERROR("Couldn't invalidate %1$s", type_rec.type_string);
|
||||||
|
iret = false;
|
||||||
|
} else {
|
||||||
|
ret = invalidate_entry(ctx, sysdb, c_name, entry_type);
|
||||||
|
if (ret != EOK) {
|
||||||
|
DEBUG(SSSDBG_MINOR_FAILURE,
|
||||||
|
("Couldn't invalidate %s %s", type_rec.type_string, c_name));
|
||||||
|
- ERROR("Couldn't invalidate %s %s", type_rec.type_string, c_name);
|
||||||
|
+ ERROR("Couldn't invalidate %1$s %2$s", type_rec.type_string, c_name);
|
||||||
|
iret = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -452,7 +452,7 @@ errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx)
|
||||||
|
ret = init_domains(ctx, domain);
|
||||||
|
if (ret != EOK) {
|
||||||
|
if (domain) {
|
||||||
|
- ERROR("Could not open domain %s\n", domain);
|
||||||
|
+ ERROR("Could not open domain %1$s\n", domain);
|
||||||
|
} else {
|
||||||
|
ERROR("Could not open available domains\n");
|
||||||
|
}
|
||||||
|
diff --git a/src/tools/sss_groupdel.c b/src/tools/sss_groupdel.c
|
||||||
|
index 09f73504df9039a38879ba16e7d8628741176ec8..70030cab4f38b89cfbb61d896a04903eeac311f0 100644
|
||||||
|
--- a/src/tools/sss_groupdel.c
|
||||||
|
+++ b/src/tools/sss_groupdel.c
|
||||||
|
@@ -98,7 +98,7 @@ int main(int argc, const char **argv)
|
||||||
|
|
||||||
|
if ((tctx->octx->gid < tctx->local->id_min) ||
|
||||||
|
(tctx->local->id_max && tctx->octx->gid > tctx->local->id_max)) {
|
||||||
|
- ERROR("Group %s is outside the defined ID range for domain\n",
|
||||||
|
+ ERROR("Group %1$s is outside the defined ID range for domain\n",
|
||||||
|
tctx->octx->name);
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
diff --git a/src/tools/sss_groupmod.c b/src/tools/sss_groupmod.c
|
||||||
|
index 47134aedf78354aa1107cf30e01fc1fcbe2abc4f..abab4f57f644215e130b787a176bf4b9a72d9e44 100644
|
||||||
|
--- a/src/tools/sss_groupmod.c
|
||||||
|
+++ b/src/tools/sss_groupmod.c
|
||||||
|
@@ -152,7 +152,7 @@ int main(int argc, const char **argv)
|
||||||
|
/* Check group names in the LOCAL domain */
|
||||||
|
ret = check_group_names(tctx, tctx->octx->addgroups, &badgroup);
|
||||||
|
if (ret != EOK) {
|
||||||
|
- ERROR("Cannot find group %s in local domain, "
|
||||||
|
+ ERROR("Cannot find group %1$s in local domain, "
|
||||||
|
"only groups in local domain are allowed\n", badgroup);
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
@@ -179,7 +179,7 @@ int main(int argc, const char **argv)
|
||||||
|
/* Check group names in the LOCAL domain */
|
||||||
|
ret = check_group_names(tctx, tctx->octx->rmgroups, &badgroup);
|
||||||
|
if (ret != EOK) {
|
||||||
|
- ERROR("Cannot find group %s in local domain, "
|
||||||
|
+ ERROR("Cannot find group %1$s in local domain, "
|
||||||
|
"only groups in local domain are allowed\n", badgroup);
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
diff --git a/src/tools/sss_groupshow.c b/src/tools/sss_groupshow.c
|
||||||
|
index 764e32416b046dfc6ff2a47de37627e40b0109f0..0eecd3a9671c1aae5ced8e8fa35f4ab6a3310075 100644
|
||||||
|
--- a/src/tools/sss_groupshow.c
|
||||||
|
+++ b/src/tools/sss_groupshow.c
|
||||||
|
@@ -559,26 +559,26 @@ static void print_group_info(struct group_info *g, int level)
|
||||||
|
snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES);
|
||||||
|
snprintf(padding, 512, fmt, "");
|
||||||
|
|
||||||
|
- printf(_("%s%sGroup: %s\n"), padding,
|
||||||
|
+ printf(_("%1$s%2$sGroup: %3$s\n"), padding,
|
||||||
|
g->mpg ? _("Magic Private ") : "",
|
||||||
|
g->name);
|
||||||
|
- printf(_("%sGID number: %d\n"), padding, g->gid);
|
||||||
|
+ printf(_("%1$sGID number: %2$d\n"), padding, g->gid);
|
||||||
|
|
||||||
|
- printf(_("%sMember users: "), padding);
|
||||||
|
+ printf(_("%1$sMember users: "), padding);
|
||||||
|
if (g->user_members) {
|
||||||
|
for (i=0; g->user_members[i]; ++i) {
|
||||||
|
printf("%s%s", i>0 ? "," : "",
|
||||||
|
g->user_members[i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- printf(_("\n%sIs a member of: "), padding);
|
||||||
|
+ printf(_("\n%1$sIs a member of: "), padding);
|
||||||
|
if (g->memberofs) {
|
||||||
|
for (i=0; g->memberofs[i]; ++i) {
|
||||||
|
printf("%s%s", i>0 ? "," : "",
|
||||||
|
g->memberofs[i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- printf(_("\n%sMember groups: "), padding);
|
||||||
|
+ printf(_("\n%1$sMember groups: "), padding);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void print_recursive(struct group_info **group_members, int level)
|
||||||
|
diff --git a/src/tools/sss_useradd.c b/src/tools/sss_useradd.c
|
||||||
|
index 5ca2612a351bb060f172434ace3bce9c7e022a1d..4df7c098e554d4b8c924961305f35492bfba3807 100644
|
||||||
|
--- a/src/tools/sss_useradd.c
|
||||||
|
+++ b/src/tools/sss_useradd.c
|
||||||
|
@@ -150,7 +150,7 @@ int main(int argc, const char **argv)
|
||||||
|
/* Check group names in the LOCAL domain */
|
||||||
|
ret = check_group_names(tctx, tctx->octx->addgroups, &badgroup);
|
||||||
|
if (ret != EOK) {
|
||||||
|
- ERROR("Cannot find group %s in local domain\n", badgroup);
|
||||||
|
+ ERROR("Cannot find group %1$s in local domain\n", badgroup);
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
}
|
||||||
|
@@ -229,7 +229,7 @@ int main(int argc, const char **argv)
|
||||||
|
ERROR("User's home directory already exists, not copying "
|
||||||
|
"data from skeldir\n");
|
||||||
|
} else if (ret != EOK) {
|
||||||
|
- ERROR("Cannot create user's home directory: %s\n", strerror(ret));
|
||||||
|
+ ERROR("Cannot create user's home directory: %1$s\n", strerror(ret));
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
}
|
||||||
|
@@ -240,7 +240,7 @@ int main(int argc, const char **argv)
|
||||||
|
tctx->octx->uid,
|
||||||
|
tctx->octx->gid);
|
||||||
|
if (ret != EOK) {
|
||||||
|
- ERROR("Cannot create user's mail spool: %s\n", strerror(ret));
|
||||||
|
+ ERROR("Cannot create user's mail spool: %1$s\n", strerror(ret));
|
||||||
|
DEBUG(1, ("Cannot create user's mail spool: [%d][%s].\n",
|
||||||
|
ret, strerror(ret)));
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
diff --git a/src/tools/sss_userdel.c b/src/tools/sss_userdel.c
|
||||||
|
index 6d5e8295877afee3106e2a9d978504697f870d46..0d1c63e4ce58544775ae28041c65443ac054ee0d 100644
|
||||||
|
--- a/src/tools/sss_userdel.c
|
||||||
|
+++ b/src/tools/sss_userdel.c
|
||||||
|
@@ -227,7 +227,7 @@ int main(int argc, const char **argv)
|
||||||
|
|
||||||
|
if ((tctx->octx->uid < tctx->local->id_min) ||
|
||||||
|
(tctx->local->id_max && tctx->octx->uid > tctx->local->id_max)) {
|
||||||
|
- ERROR("User %s is outside the defined ID range for domain\n",
|
||||||
|
+ ERROR("User %1$s is outside the defined ID range for domain\n",
|
||||||
|
tctx->octx->name);
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
@@ -264,7 +264,7 @@ int main(int argc, const char **argv)
|
||||||
|
break;
|
||||||
|
|
||||||
|
case EOK:
|
||||||
|
- ERROR("WARNING: The user (uid %lu) was still logged in when "
|
||||||
|
+ ERROR("WARNING: The user (uid %1$lu) was still logged in when "
|
||||||
|
"deleted.\n", (unsigned long) tctx->octx->uid);
|
||||||
|
break;
|
||||||
|
|
||||||
|
@@ -281,7 +281,7 @@ int main(int argc, const char **argv)
|
||||||
|
|
||||||
|
ret = run_userdel_cmd(tctx);
|
||||||
|
if (ret != EOK) {
|
||||||
|
- ERROR("The post-delete command failed: %s\n", strerror(ret));
|
||||||
|
+ ERROR("The post-delete command failed: %1$s\n", strerror(ret));
|
||||||
|
goto fini;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -295,7 +295,7 @@ int main(int argc, const char **argv)
|
||||||
|
if (ret == EPERM) {
|
||||||
|
ERROR("Not removing home dir - not owned by user\n");
|
||||||
|
} else if (ret != EOK) {
|
||||||
|
- ERROR("Cannot remove homedir: %s\n", strerror(ret));
|
||||||
|
+ ERROR("Cannot remove homedir: %1$s\n", strerror(ret));
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
}
|
||||||
|
diff --git a/src/tools/sss_usermod.c b/src/tools/sss_usermod.c
|
||||||
|
index dfcde9e56c632b6ddee0ec5cf375258c713ac360..b761de225de5842624d8f888bb0d7053617eb37d 100644
|
||||||
|
--- a/src/tools/sss_usermod.c
|
||||||
|
+++ b/src/tools/sss_usermod.c
|
||||||
|
@@ -173,7 +173,7 @@ int main(int argc, const char **argv)
|
||||||
|
/* Check group names in the LOCAL domain */
|
||||||
|
ret = check_group_names(tctx, tctx->octx->addgroups, &badgroup);
|
||||||
|
if (ret != EOK) {
|
||||||
|
- ERROR("Cannot find group %s in local domain, "
|
||||||
|
+ ERROR("Cannot find group %1$s in local domain, "
|
||||||
|
"only groups in local domain are allowed\n", badgroup);
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
@@ -200,7 +200,7 @@ int main(int argc, const char **argv)
|
||||||
|
/* Check group names in the LOCAL domain */
|
||||||
|
ret = check_group_names(tctx, tctx->octx->rmgroups, &badgroup);
|
||||||
|
if (ret != EOK) {
|
||||||
|
- ERROR("Cannot find group %s in local domain, "
|
||||||
|
+ ERROR("Cannot find group %1$s in local domain, "
|
||||||
|
"only groups in local domain are allowed\n", badgroup);
|
||||||
|
ret = EXIT_FAILURE;
|
||||||
|
goto fini;
|
||||||
|
diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h
|
||||||
|
index fccd9d96bdc293f85d4af2ebcb0756a1fcc940cc..fd26b89056cf16b974102b5163e7ee76608a2d2e 100644
|
||||||
|
--- a/src/tools/tools_util.h
|
||||||
|
+++ b/src/tools/tools_util.h
|
||||||
|
@@ -37,7 +37,7 @@
|
||||||
|
val = getuid(); \
|
||||||
|
if (val != 0) { \
|
||||||
|
DEBUG(1, ("Running under %d, must be root\n", val)); \
|
||||||
|
- ERROR("%s must be run as root\n", prg_name); \
|
||||||
|
+ ERROR("%1$s must be run as root\n", prg_name); \
|
||||||
|
val = EXIT_FAILURE; \
|
||||||
|
goto fini; \
|
||||||
|
} \
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
204
0013-Simple-implementation-of-Netscape-password-warning-e.patch
Normal file
204
0013-Simple-implementation-of-Netscape-password-warning-e.patch
Normal file
@ -0,0 +1,204 @@
|
|||||||
|
From 0aac71d726bda4af3ba141bed7707512cda7fd9a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Joshua Roys <roysjosh@gmail.com>
|
||||||
|
Date: Mon, 14 May 2012 10:23:34 -0400
|
||||||
|
Subject: [PATCH 13/19] Simple implementation of Netscape password warning
|
||||||
|
expiration control
|
||||||
|
|
||||||
|
---
|
||||||
|
src/providers/ldap/sdap_async_connection.c | 96 +++++++++++++++++++++-------
|
||||||
|
src/util/sss_ldap.h | 8 +++
|
||||||
|
2 files changed, 82 insertions(+), 22 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
|
||||||
|
index e933e296b7df20ff8d034c2a11745b5c68b25e65..efd9cd8cc7205e4cb838523b0311ffd50805d590 100644
|
||||||
|
--- a/src/providers/ldap/sdap_async_connection.c
|
||||||
|
+++ b/src/providers/ldap/sdap_async_connection.c
|
||||||
|
@@ -26,6 +26,7 @@
|
||||||
|
#include "util/util.h"
|
||||||
|
#include "util/sss_krb5.h"
|
||||||
|
#include "util/sss_ldap.h"
|
||||||
|
+#include "util/strtonum.h"
|
||||||
|
#include "providers/ldap/sdap_async_private.h"
|
||||||
|
#include "providers/ldap/ldap_common.h"
|
||||||
|
|
||||||
|
@@ -541,7 +542,9 @@ static void simple_bind_done(struct sdap_op *op,
|
||||||
|
struct simple_bind_state *state = tevent_req_data(req,
|
||||||
|
struct simple_bind_state);
|
||||||
|
char *errmsg = NULL;
|
||||||
|
- int ret;
|
||||||
|
+ char *nval;
|
||||||
|
+ errno_t ret;
|
||||||
|
+ int lret;
|
||||||
|
LDAPControl **response_controls;
|
||||||
|
int c;
|
||||||
|
ber_int_t pp_grace;
|
||||||
|
@@ -555,30 +558,33 @@ static void simple_bind_done(struct sdap_op *op,
|
||||||
|
|
||||||
|
state->reply = talloc_steal(state, reply);
|
||||||
|
|
||||||
|
- ret = ldap_parse_result(state->sh->ldap, state->reply->msg,
|
||||||
|
+ lret = ldap_parse_result(state->sh->ldap, state->reply->msg,
|
||||||
|
&state->result, NULL, &errmsg, NULL,
|
||||||
|
&response_controls, 0);
|
||||||
|
- if (ret != LDAP_SUCCESS) {
|
||||||
|
- DEBUG(2, ("ldap_parse_result failed (%d)\n", state->op->msgid));
|
||||||
|
+ if (lret != LDAP_SUCCESS) {
|
||||||
|
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
||||||
|
+ ("ldap_parse_result failed (%d)\n", state->op->msgid));
|
||||||
|
ret = EIO;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response_controls == NULL) {
|
||||||
|
- DEBUG(5, ("Server returned no controls.\n"));
|
||||||
|
+ DEBUG(SSSDBG_TRACE_LIBS, ("Server returned no controls.\n"));
|
||||||
|
state->ppolicy = NULL;
|
||||||
|
} else {
|
||||||
|
for (c = 0; response_controls[c] != NULL; c++) {
|
||||||
|
- DEBUG(9, ("Server returned control [%s].\n",
|
||||||
|
- response_controls[c]->ldctl_oid));
|
||||||
|
+ DEBUG(SSSDBG_TRACE_INTERNAL,
|
||||||
|
+ ("Server returned control [%s].\n",
|
||||||
|
+ response_controls[c]->ldctl_oid));
|
||||||
|
if (strcmp(response_controls[c]->ldctl_oid,
|
||||||
|
LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) {
|
||||||
|
- ret = ldap_parse_passwordpolicy_control(state->sh->ldap,
|
||||||
|
+ lret = ldap_parse_passwordpolicy_control(state->sh->ldap,
|
||||||
|
response_controls[c],
|
||||||
|
&pp_expire, &pp_grace,
|
||||||
|
&pp_error);
|
||||||
|
- if (ret != LDAP_SUCCESS) {
|
||||||
|
- DEBUG(1, ("ldap_parse_passwordpolicy_control failed.\n"));
|
||||||
|
+ if (lret != LDAP_SUCCESS) {
|
||||||
|
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
||||||
|
+ ("ldap_parse_passwordpolicy_control failed.\n"));
|
||||||
|
ret = EIO;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
@@ -586,9 +592,10 @@ static void simple_bind_done(struct sdap_op *op,
|
||||||
|
DEBUG(7, ("Password Policy Response: expire [%d] grace [%d] "
|
||||||
|
"error [%s].\n", pp_expire, pp_grace,
|
||||||
|
ldap_passwordpolicy_err2txt(pp_error)));
|
||||||
|
- state->ppolicy = talloc(state, struct sdap_ppolicy_data);
|
||||||
|
+ if (!state->ppolicy)
|
||||||
|
+ state->ppolicy = talloc_zero(state,
|
||||||
|
+ struct sdap_ppolicy_data);
|
||||||
|
if (state->ppolicy == NULL) {
|
||||||
|
- DEBUG(1, ("talloc failed.\n"));
|
||||||
|
ret = ENOMEM;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
@@ -596,36 +603,81 @@ static void simple_bind_done(struct sdap_op *op,
|
||||||
|
state->ppolicy->expire = pp_expire;
|
||||||
|
if (state->result == LDAP_SUCCESS) {
|
||||||
|
if (pp_error == PP_changeAfterReset) {
|
||||||
|
- DEBUG(4, ("Password was reset. "
|
||||||
|
- "User must set a new password.\n"));
|
||||||
|
+ DEBUG(SSSDBG_TRACE_LIBS,
|
||||||
|
+ ("Password was reset. "
|
||||||
|
+ "User must set a new password.\n"));
|
||||||
|
state->result = LDAP_X_SSSD_PASSWORD_EXPIRED;
|
||||||
|
} else if (pp_grace > 0) {
|
||||||
|
- DEBUG(4, ("Password expired. "
|
||||||
|
- "[%d] grace logins remaining.\n", pp_grace));
|
||||||
|
+ DEBUG(SSSDBG_TRACE_LIBS,
|
||||||
|
+ ("Password expired. "
|
||||||
|
+ "[%d] grace logins remaining.\n",
|
||||||
|
+ pp_grace));
|
||||||
|
} else if (pp_expire > 0) {
|
||||||
|
- DEBUG(4, ("Password will expire in [%d] seconds.\n",
|
||||||
|
- pp_expire));
|
||||||
|
+ DEBUG(SSSDBG_TRACE_LIBS,
|
||||||
|
+ ("Password will expire in [%d] seconds.\n",
|
||||||
|
+ pp_expire));
|
||||||
|
}
|
||||||
|
} else if (state->result == LDAP_INVALID_CREDENTIALS &&
|
||||||
|
pp_error == PP_passwordExpired) {
|
||||||
|
- DEBUG(4,
|
||||||
|
+ DEBUG(SSSDBG_TRACE_LIBS,
|
||||||
|
("Password expired user must set a new password.\n"));
|
||||||
|
state->result = LDAP_X_SSSD_PASSWORD_EXPIRED;
|
||||||
|
}
|
||||||
|
+ } else if (strcmp(response_controls[c]->ldctl_oid,
|
||||||
|
+ LDAP_CONTROL_PWEXPIRED) == 0) {
|
||||||
|
+ DEBUG(SSSDBG_TRACE_LIBS,
|
||||||
|
+ ("Password expired user must set a new password.\n"));
|
||||||
|
+ state->result = LDAP_X_SSSD_PASSWORD_EXPIRED;
|
||||||
|
+ } else if (strcmp(response_controls[c]->ldctl_oid,
|
||||||
|
+ LDAP_CONTROL_PWEXPIRING) == 0) {
|
||||||
|
+ /* ignore controls with suspiciously long values */
|
||||||
|
+ if (response_controls[c]->ldctl_value.bv_len > 32) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!state->ppolicy) {
|
||||||
|
+ state->ppolicy = talloc(state, struct sdap_ppolicy_data);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (state->ppolicy == NULL) {
|
||||||
|
+ ret = ENOMEM;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+ /* ensure that bv_val is a null-terminated string */
|
||||||
|
+ nval = talloc_strndup(NULL,
|
||||||
|
+ response_controls[c]->ldctl_value.bv_val,
|
||||||
|
+ response_controls[c]->ldctl_value.bv_len);
|
||||||
|
+ if (nval == NULL) {
|
||||||
|
+ ret = ENOMEM;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+ state->ppolicy->expire = strtouint32(nval, NULL, 10);
|
||||||
|
+ ret = errno;
|
||||||
|
+ talloc_zfree(nval);
|
||||||
|
+ if (ret != EOK) {
|
||||||
|
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
||||||
|
+ ("Could not convert control response to an integer. ",
|
||||||
|
+ "[%s]\n", strerror(ret)));
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ DEBUG(SSSDBG_TRACE_LIBS,
|
||||||
|
+ ("Password will expire in [%d] seconds.\n",
|
||||||
|
+ state->ppolicy->expire));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- DEBUG(3, ("Bind result: %s(%d), %s\n",
|
||||||
|
+ DEBUG(SSSDBG_TRACE_FUNC, ("Bind result: %s(%d), %s\n",
|
||||||
|
sss_ldap_err2string(state->result), state->result,
|
||||||
|
errmsg ? errmsg : "no errmsg set"));
|
||||||
|
|
||||||
|
- ret = LDAP_SUCCESS;
|
||||||
|
+ ret = EOK;
|
||||||
|
done:
|
||||||
|
ldap_controls_free(response_controls);
|
||||||
|
ldap_memfree(errmsg);
|
||||||
|
|
||||||
|
- if (ret == LDAP_SUCCESS) {
|
||||||
|
+ if (ret == EOK) {
|
||||||
|
tevent_req_done(req);
|
||||||
|
} else {
|
||||||
|
tevent_req_error(req, ret);
|
||||||
|
diff --git a/src/util/sss_ldap.h b/src/util/sss_ldap.h
|
||||||
|
index 8a69b832965bf5ad23986a9b64cb5252cc3b1999..46829259aedcf4a4f2ba3f94fc059c343c0e9ba6 100644
|
||||||
|
--- a/src/util/sss_ldap.h
|
||||||
|
+++ b/src/util/sss_ldap.h
|
||||||
|
@@ -29,6 +29,14 @@
|
||||||
|
|
||||||
|
#define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D
|
||||||
|
|
||||||
|
+#ifndef LDAP_CONTROL_PWEXPIRED
|
||||||
|
+#define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4"
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifndef LDAP_CONTROL_PWEXPIRING
|
||||||
|
+#define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5"
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
|
||||||
|
#define SDAP_DIAGNOSTIC_MESSAGE LDAP_OPT_DIAGNOSTIC_MESSAGE
|
||||||
|
#else
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
45
0014-KRB5-Avoid-NULL-dereference-with-empty-keytab.patch
Normal file
45
0014-KRB5-Avoid-NULL-dereference-with-empty-keytab.patch
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
From 0549c49a94c24672657748303fff1d33128c1c74 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Mon, 21 May 2012 20:36:44 -0400
|
||||||
|
Subject: [PATCH 14/19] KRB5: Avoid NULL-dereference with empty keytab
|
||||||
|
|
||||||
|
https://fedorahosted.org/sssd/ticket/1330
|
||||||
|
---
|
||||||
|
src/util/sss_krb5.c | 20 +++++++++++++-------
|
||||||
|
1 file changed, 13 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
|
||||||
|
index 988531995aba7fd7a2a1d801fabde19fa537e26b..81a1623ef9df340d7618bdf55c1707ce4cfb1a6a 100644
|
||||||
|
--- a/src/util/sss_krb5.c
|
||||||
|
+++ b/src/util/sss_krb5.c
|
||||||
|
@@ -1104,14 +1104,20 @@ sss_krb5_read_etypes_for_keytab(TALLOC_CTX *mem_ctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ret == 0) {
|
||||||
|
- /* Sort the preferred enctypes first */
|
||||||
|
- qsort(etypes, count, sizeof(*etypes), compare_etypes);
|
||||||
|
- etypes = talloc_realloc(tmp_ctx, etypes, krb5_enctype, count);
|
||||||
|
- if (etypes == NULL) {
|
||||||
|
- ret = ENOMEM;
|
||||||
|
+ if (etypes) {
|
||||||
|
+ /* Sort the preferred enctypes first */
|
||||||
|
+ qsort(etypes, count, sizeof(*etypes), compare_etypes);
|
||||||
|
+ etypes = talloc_realloc(tmp_ctx, etypes, krb5_enctype, count);
|
||||||
|
+ if (etypes == NULL) {
|
||||||
|
+ ret = ENOMEM;
|
||||||
|
+ } else {
|
||||||
|
+ *etype_list = talloc_steal(mem_ctx, etypes);
|
||||||
|
+ *n_etype_list = count;
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
- *etype_list = talloc_steal(mem_ctx, etypes);
|
||||||
|
- *n_etype_list = count;
|
||||||
|
+ /* The key table was empty. There are no enctypes to match */
|
||||||
|
+ *etype_list = NULL;
|
||||||
|
+ *n_etype_list = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
27
0015-Warn-to-syslog-when-dereference-requests-fail.patch
Normal file
27
0015-Warn-to-syslog-when-dereference-requests-fail.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From e52a31484c88d46e381238493384f26d9c95f8ff Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ariel Barria <arielb@fedoraproject.org>
|
||||||
|
Date: Tue, 22 May 2012 07:13:21 -0500
|
||||||
|
Subject: [PATCH 15/19] Warn to syslog when dereference requests fail
|
||||||
|
|
||||||
|
---
|
||||||
|
src/providers/ldap/sdap_async.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
|
||||||
|
index a8a12c3d390a4ebee0dca81d6610be9fe240a4a6..14a27bcba2385fef5980a5a933cb7e7a9742a231 100644
|
||||||
|
--- a/src/providers/ldap/sdap_async.c
|
||||||
|
+++ b/src/providers/ldap/sdap_async.c
|
||||||
|
@@ -2051,8 +2051,8 @@ static void sdap_deref_search_done(struct tevent_req *subreq)
|
||||||
|
|
||||||
|
talloc_zfree(subreq);
|
||||||
|
if (ret != EOK) {
|
||||||
|
- DEBUG(2, ("dereference processing failed [%d]: %s\n",
|
||||||
|
- ret, strerror(ret)));
|
||||||
|
+ DEBUG(2, ("dereference processing failed [%d]: %s\n", ret, strerror(ret)));
|
||||||
|
+ sss_log(SSS_LOG_WARNING, "dereference processing failed : %s", strerror(ret));
|
||||||
|
tevent_req_error(req, ret);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
4201
0016-Update-translation-sources.patch
Normal file
4201
0016-Update-translation-sources.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,58 @@
|
|||||||
|
From 04462f020ebb14c9b7a34425606f47db064f4f4a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||||
|
Date: Tue, 22 May 2012 17:41:52 +0200
|
||||||
|
Subject: [PATCH 17/19] LDAP nested groups: Do not process callback with _post
|
||||||
|
deep in the nested structure
|
||||||
|
|
||||||
|
https://fedorahosted.org/sssd/ticket/1343
|
||||||
|
---
|
||||||
|
src/providers/ldap/sdap_async_groups.c | 22 ++++++++++------------
|
||||||
|
1 file changed, 10 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
|
||||||
|
index b48fe72eca1ab1dfe2dcb7a97a856ecef86d6f33..c3cc2ac92b80a52632655be03f8386ab2e68d7b9 100644
|
||||||
|
--- a/src/providers/ldap/sdap_async_groups.c
|
||||||
|
+++ b/src/providers/ldap/sdap_async_groups.c
|
||||||
|
@@ -2493,14 +2493,13 @@ static errno_t sdap_nested_group_lookup_user(struct tevent_req *req,
|
||||||
|
ret = sdap_nested_group_process_step(req);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (ret == EOK) {
|
||||||
|
- /* EOK means it's complete */
|
||||||
|
- tevent_req_done(req);
|
||||||
|
- tevent_req_post(req, state->ev);
|
||||||
|
- } else if (ret != EAGAIN) {
|
||||||
|
+ if (ret != EOK && ret != EAGAIN) {
|
||||||
|
+ DEBUG(SSSDBG_OP_FAILURE, ("Nested group processing failed\n"));
|
||||||
|
return ret;
|
||||||
|
+ } else if (ret == EOK) {
|
||||||
|
+ DEBUG(SSSDBG_TRACE_FUNC, ("All done.\n"));
|
||||||
|
+ tevent_req_done(req);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
return EOK;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
@@ -2578,14 +2577,13 @@ static errno_t sdap_nested_group_lookup_group(struct tevent_req *req)
|
||||||
|
ret = sdap_nested_group_process_step(req);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (ret == EOK) {
|
||||||
|
- /* EOK means it's complete */
|
||||||
|
- tevent_req_done(req);
|
||||||
|
- tevent_req_post(req, state->ev);
|
||||||
|
- } else if (ret != EAGAIN) {
|
||||||
|
+ if (ret != EOK && ret != EAGAIN) {
|
||||||
|
+ DEBUG(SSSDBG_OP_FAILURE, ("Nested group processing failed\n"));
|
||||||
|
return ret;
|
||||||
|
+ } else if (ret == EOK) {
|
||||||
|
+ DEBUG(SSSDBG_TRACE_FUNC, ("All done.\n"));
|
||||||
|
+ tevent_req_done(req);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
return EOK;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
35
0018-Fixed-issue-in-SELinux-user-maps.patch
Normal file
35
0018-Fixed-issue-in-SELinux-user-maps.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 2c3443347ea83ff5e39515bd47b632c8efa1124c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Zeleny <jzeleny@redhat.com>
|
||||||
|
Date: Tue, 15 May 2012 10:49:14 -0400
|
||||||
|
Subject: [PATCH 18/19] Fixed issue in SELinux user maps
|
||||||
|
|
||||||
|
There was an issue when IPA provider didn't set PAM_SUCCESS when
|
||||||
|
successfully finished loading SELinux user maps. This lead to the map
|
||||||
|
not being read in the responder.
|
||||||
|
---
|
||||||
|
src/providers/ipa/ipa_session.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c
|
||||||
|
index e23b0120e6c2ce1303f4e70190721721a99b124a..238acdde776520dbb69046b8d45ecac4569e5cbc 100644
|
||||||
|
--- a/src/providers/ipa/ipa_session.c
|
||||||
|
+++ b/src/providers/ipa/ipa_session.c
|
||||||
|
@@ -104,6 +104,7 @@ static void ipa_session_handler_done(struct tevent_req *req)
|
||||||
|
struct sysdb_attrs **maps;
|
||||||
|
bool in_transaction = false;
|
||||||
|
char *default_user;
|
||||||
|
+ struct pam_data *pd = talloc_get_type(breq->req_data, struct pam_data);
|
||||||
|
char *map_order;
|
||||||
|
|
||||||
|
ret = ipa_get_selinux_recv(req, breq, &map_count, &maps,
|
||||||
|
@@ -140,6 +141,7 @@ static void ipa_session_handler_done(struct tevent_req *req)
|
||||||
|
in_transaction = false;
|
||||||
|
|
||||||
|
|
||||||
|
+ pd->pam_status = PAM_SUCCESS;
|
||||||
|
breq->fn(breq, DP_ERR_OK, EOK, "Success");
|
||||||
|
return;
|
||||||
|
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
@ -0,0 +1,35 @@
|
|||||||
|
From faa68e44b8f4237cc7a99a94dadc090ae8bd003f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Wed, 23 May 2012 08:35:26 -0400
|
||||||
|
Subject: [PATCH 19/19] NSS: Fix segfault when mmap cache cannot be
|
||||||
|
initialized
|
||||||
|
|
||||||
|
---
|
||||||
|
src/responder/nss/nsssrv_cmd.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
|
||||||
|
index aa3ef3cbc0b98d3fe44e14dce212ecf1279f14f3..1b444e68a2f09749a3f230905febc5efa15c8a82 100644
|
||||||
|
--- a/src/responder/nss/nsssrv_cmd.c
|
||||||
|
+++ b/src/responder/nss/nsssrv_cmd.c
|
||||||
|
@@ -365,7 +365,7 @@ static int fill_pwent(struct sss_packet *packet,
|
||||||
|
|
||||||
|
num++;
|
||||||
|
|
||||||
|
- if (pw_mmap_cache) {
|
||||||
|
+ if (pw_mmap_cache && nctx->pwd_mc_ctx) {
|
||||||
|
ret = sss_mmap_cache_pw_store(nctx->pwd_mc_ctx,
|
||||||
|
&fullname, &pwfield,
|
||||||
|
uid, gid,
|
||||||
|
@@ -1918,7 +1918,7 @@ static int fill_grent(struct sss_packet *packet,
|
||||||
|
|
||||||
|
num++;
|
||||||
|
|
||||||
|
- if (gr_mmap_cache) {
|
||||||
|
+ if (gr_mmap_cache && nctx->grp_mc_ctx) {
|
||||||
|
/* body was reallocated, so fullname might be pointing to
|
||||||
|
* where body used to be, not where it is */
|
||||||
|
to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]);
|
||||||
|
--
|
||||||
|
1.7.10.1
|
||||||
|
|
35
sssd.spec
35
sssd.spec
@ -12,11 +12,11 @@
|
|||||||
|
|
||||||
# Determine the location of the LDB modules directory
|
# Determine the location of the LDB modules directory
|
||||||
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
|
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
|
||||||
%global ldb_version 1.1.4
|
%global ldb_version 1.1.6
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.9.0
|
Version: 1.9.0
|
||||||
Release: 1%{?dist}.beta1
|
Release: 2%{?dist}.beta1
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -26,7 +26,27 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
|
|
||||||
Patch1001: FED01-Change-Kerberos-credential-cache-default-loca.patch
|
#Fedora-specific: set the default credential cache location
|
||||||
|
Patch0001: 0001-FEDORA-Change-Kerberos-credential-cache-default-loca.patch
|
||||||
|
|
||||||
|
Patch0002: 0002-Potential-NULL-dereference-in-proxy-provider.patch
|
||||||
|
Patch0003: 0003-Fix-typos-in-message-and-man-pages.patch
|
||||||
|
Patch0004: 0004-Fixed-two-minor-memory-leaks.patch
|
||||||
|
Patch0005: 0005-Rename-struct-dom_sid-to-struct-sss_dom_sid.patch
|
||||||
|
Patch0006: 0006-Fix-libsss_hbac-library-version.patch
|
||||||
|
Patch0007: 0007-NSS-keep-a-pointer-to-body-after-body-is-reallocated.patch
|
||||||
|
Patch0008: 0008-Use-sized_string-correctly-in-FQDN-domains.patch
|
||||||
|
Patch0009: 0009-RPM-Allow-running-make-rpms-on-RHEL-5-machines.patch
|
||||||
|
Patch0010: 0010-Use-the-sysdb-attribute-name-not-LDAP-attribute-name.patch
|
||||||
|
Patch0011: 0011-NSS-Expire-in-memory-netgroup-cache-before-the-nowai.patch
|
||||||
|
Patch0012: 0012-Always-use-positional-arguments-in-translatable-stri.patch
|
||||||
|
Patch0013: 0013-Simple-implementation-of-Netscape-password-warning-e.patch
|
||||||
|
Patch0014: 0014-KRB5-Avoid-NULL-dereference-with-empty-keytab.patch
|
||||||
|
Patch0015: 0015-Warn-to-syslog-when-dereference-requests-fail.patch
|
||||||
|
Patch0016: 0016-Update-translation-sources.patch
|
||||||
|
Patch0017: 0017-LDAP-nested-groups-Do-not-process-callback-with-_pos.patch
|
||||||
|
Patch0018: 0018-Fixed-issue-in-SELinux-user-maps.patch
|
||||||
|
Patch0019: 0019-NSS-Fix-segfault-when-mmap-cache-cannot-be-initializ.patch
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
@ -48,6 +68,7 @@ Requires(postun): systemd-units initscripts chkconfig /sbin/ldconfig
|
|||||||
%global dbpath %{sssdstatedir}/db
|
%global dbpath %{sssdstatedir}/db
|
||||||
%global pipepath %{sssdstatedir}/pipes
|
%global pipepath %{sssdstatedir}/pipes
|
||||||
%global pubconfpath %{sssdstatedir}/pubconf
|
%global pubconfpath %{sssdstatedir}/pubconf
|
||||||
|
%global mcachepath %{sssdstatedir}/mc
|
||||||
|
|
||||||
### Build Dependencies ###
|
### Build Dependencies ###
|
||||||
|
|
||||||
@ -213,6 +234,7 @@ autoreconf -ivf
|
|||||||
--with-db-path=%{dbpath} \
|
--with-db-path=%{dbpath} \
|
||||||
--with-pipe-path=%{pipepath} \
|
--with-pipe-path=%{pipepath} \
|
||||||
--with-pubconf-path=%{pubconfpath} \
|
--with-pubconf-path=%{pubconfpath} \
|
||||||
|
--with-mcache-path=%{mcachepath} \
|
||||||
--with-init-dir=%{_initrddir} \
|
--with-init-dir=%{_initrddir} \
|
||||||
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
|
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
|
||||||
--enable-nsslibdir=/%{_lib} \
|
--enable-nsslibdir=/%{_lib} \
|
||||||
@ -336,6 +358,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(700,root,root) %dir %{dbpath}
|
%attr(700,root,root) %dir %{dbpath}
|
||||||
%attr(755,root,root) %dir %{pipepath}
|
%attr(755,root,root) %dir %{pipepath}
|
||||||
%attr(755,root,root) %dir %{pubconfpath}
|
%attr(755,root,root) %dir %{pubconfpath}
|
||||||
|
%attr(755,root,root) %dir %{mcachepath}
|
||||||
%attr(700,root,root) %dir %{pipepath}/private
|
%attr(700,root,root) %dir %{pipepath}/private
|
||||||
%attr(750,root,root) %dir %{_var}/log/%{name}
|
%attr(750,root,root) %dir %{_var}/log/%{name}
|
||||||
%attr(700,root,root) %dir %{_sysconfdir}/sssd
|
%attr(700,root,root) %dir %{_sysconfdir}/sssd
|
||||||
@ -486,6 +509,12 @@ fi
|
|||||||
%postun -n libipa_hbac -p /sbin/ldconfig
|
%postun -n libipa_hbac -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-2.beta1
|
||||||
|
- Fix several regressions since 1.5.x
|
||||||
|
- Ensure that the RPM creates the /var/lib/sss/mc directory
|
||||||
|
- Add support for Netscape password warning expiration control
|
||||||
|
- Rebuild against libldb 1.1.6
|
||||||
|
|
||||||
* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1
|
* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1
|
||||||
- New upstream release 1.9.0 beta 1
|
- New upstream release 1.9.0 beta 1
|
||||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
|
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
|
||||||
|
Loading…
Reference in New Issue
Block a user