New upstream release 1.11.4
- Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
This commit is contained in:
parent
4b219e485d
commit
4d4fe7434d
1
.gitignore
vendored
1
.gitignore
vendored
@ -51,3 +51,4 @@ sssd-1.2.91.tar.gz
|
||||
/sssd-1.11.1.tar.gz
|
||||
/sssd-1.11.2.tar.gz
|
||||
/sssd-1.11.3.tar.gz
|
||||
/sssd-1.11.4.tar.gz
|
||||
|
@ -1,46 +0,0 @@
|
||||
From 153efc74ff188c12c03e9578c6fb1d39c69ef5d7 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Bokovoy <ab@samba.org>
|
||||
Date: Tue, 24 Dec 2013 13:01:46 +0200
|
||||
Subject: [PATCH] FAST: when parsing krb5_child response, make sure to not miss
|
||||
OTP message if it was last one
|
||||
|
||||
The last message in the stream might be with empty payload which means we get
|
||||
only message type and message length (0) returned, i.e. 8 bytes left remaining
|
||||
in the stream after processing preceding message. This makes our calculation at
|
||||
the end of a message processing loop incorrect -- p+2*sizeof(int32_t) can be
|
||||
equal to len, after all.
|
||||
|
||||
Fixes FAST processing for FreeIPA native OTP case:
|
||||
https://fedorahosted.org/sssd/ticket/2186
|
||||
---
|
||||
src/providers/krb5/krb5_child_handler.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
|
||||
index 92dec0d2afb1627b61c3dd1037e91546a7ee08d6..d6c1dc1f9707444a82e433a375839cadf73f1259 100644
|
||||
--- a/src/providers/krb5/krb5_child_handler.c
|
||||
+++ b/src/providers/krb5/krb5_child_handler.c
|
||||
@@ -548,8 +548,9 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
|
||||
* CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because
|
||||
* sizeof() counts the trailing '\0' of a string. */
|
||||
pref_len = sizeof(CCACHE_ENV_NAME);
|
||||
- if (msg_len > pref_len &&
|
||||
- strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0) {
|
||||
+ if ((msg_type == SSS_PAM_ENV_ITEM) &&
|
||||
+ (msg_len > pref_len) &&
|
||||
+ (strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0)) {
|
||||
ccname = (char *) &buf[p+pref_len];
|
||||
ccname_len = msg_len-pref_len;
|
||||
}
|
||||
@@ -600,7 +601,7 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
|
||||
|
||||
p += msg_len;
|
||||
|
||||
- if ((p < len) && (p + 2*sizeof(int32_t) >= len)) {
|
||||
+ if ((p < len) && (p + 2*sizeof(int32_t) > len)) {
|
||||
DEBUG(SSSDBG_CRIT_FAILURE,
|
||||
("The remainder of the message is too short.\n"));
|
||||
return EINVAL;
|
||||
--
|
||||
1.8.5.3
|
||||
|
@ -1,41 +0,0 @@
|
||||
From f244195582ec804f1022341e2e3394754e31b36a Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 9 Oct 2013 18:19:08 +0200
|
||||
Subject: [PATCH] LDAP: handle SID requests if noexist_delete is set
|
||||
|
||||
Fixes https://fedorahosted.org/sssd/ticket/2116
|
||||
---
|
||||
src/providers/ldap/ldap_id.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
|
||||
index 162d987..59dfd0a 100644
|
||||
--- a/src/providers/ldap/ldap_id.c
|
||||
+++ b/src/providers/ldap/ldap_id.c
|
||||
@@ -365,6 +365,11 @@ static void users_get_done(struct tevent_req *subreq)
|
||||
}
|
||||
break;
|
||||
|
||||
+ case BE_FILTER_SECID:
|
||||
+ /* Since it is not clear if the SID belongs to a user or a group
|
||||
+ * we have nothing to do here. */
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
tevent_req_error(req, EINVAL);
|
||||
return;
|
||||
@@ -694,6 +699,11 @@ static void groups_get_done(struct tevent_req *subreq)
|
||||
}
|
||||
break;
|
||||
|
||||
+ case BE_FILTER_SECID:
|
||||
+ /* Since it is not clear if the SID belongs to a user or a group
|
||||
+ * we have nothing to do here. */
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
tevent_req_error(req, EINVAL);
|
||||
return;
|
||||
--
|
||||
1.8.3.1
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
46af96f609768a88ef8e5868e9526ab8 sssd-1.11.3.tar.gz
|
||||
6b52a62fd6f6b170553d032deb7b0bc8 sssd-1.11.4.tar.gz
|
||||
|
10
sssd.spec
10
sssd.spec
@ -13,8 +13,8 @@
|
||||
%global ldb_version 1.1.16
|
||||
|
||||
Name: sssd
|
||||
Version: 1.11.3
|
||||
Release: 2%{?dist}
|
||||
Version: 1.11.4
|
||||
Release: 1%{?dist}
|
||||
Group: Applications/System
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
@ -23,7 +23,6 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
### Patches ###
|
||||
Patch0001: 0001-FAST-when-parsing-krb5_child-response-make-sure-to-n.patch
|
||||
Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch
|
||||
|
||||
### Dependencies ###
|
||||
@ -731,6 +730,11 @@ fi
|
||||
%postun -n libsss_idmap -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
|
||||
- New upstream release 1.11.4
|
||||
- Remove upstreamed patch
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
|
||||
|
||||
* Tue Feb 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-2
|
||||
- Handle OTP response from FreeIPA server gracefully
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user