diff --git a/.gitignore b/.gitignore index c16bea9..ca6b1cd 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,4 @@ sssd-1.2.91.tar.gz /sssd-1.11.0beta2.tar.gz /sssd-1.11.0.tar.gz /sssd-1.11.1.tar.gz +/sssd-1.11.2.tar.gz diff --git a/0001-krb5-Remove-ability-to-create-public-directories.patch b/0001-krb5-Remove-ability-to-create-public-directories.patch deleted file mode 100644 index 367e26c..0000000 --- a/0001-krb5-Remove-ability-to-create-public-directories.patch +++ /dev/null @@ -1,284 +0,0 @@ -From 121baf75c457c2642a2408173c5240027734a3fd Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Tue, 3 Sep 2013 22:48:02 -0400 -Subject: [PATCH 1/2] krb5: Remove ability to create public directories - -Setting up public directories is the job of the admin, and -current sssd syntax can't express the actual intention of the admin with -regrads to which parts of the path should be public or private. - -Resolves: -https://fedorahosted.org/sssd/ticket/2071 ---- - src/providers/krb5/krb5_auth.c | 7 ++- - src/providers/krb5/krb5_utils.c | 96 ++++++++++++++--------------------------- - src/providers/krb5/krb5_utils.h | 6 +-- - 3 files changed, 38 insertions(+), 71 deletions(-) - -diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c -index 51c0d739247b7d40a17b6ee367c502df140a7383..a16b5395d21c40e53a5e69519141cbd3c47d7907 100644 ---- a/src/providers/krb5/krb5_auth.c -+++ b/src/providers/krb5/krb5_auth.c -@@ -292,7 +292,7 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, - struct be_ctx *be_ctx) - { - const char *ccname_template; -- bool private_path = false; -+ const char *realm; - errno_t ret; - - if (!kr->is_offline) { -@@ -317,8 +317,7 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, - ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, - KRB5_CCNAME_TMPL); - kr->ccname = expand_ccname_template(kr, kr, ccname_template, true, -- be_ctx->domain->case_sensitive, -- &private_path); -+ be_ctx->domain->case_sensitive); - if (kr->ccname == NULL) { - DEBUG(1, ("expand_ccname_template failed.\n")); - return ENOMEM; -@@ -326,7 +325,7 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, - - ret = sss_krb5_precreate_ccache(kr->ccname, - kr->krb5_ctx->illegal_path_re, -- kr->uid, kr->gid, private_path); -+ kr->uid, kr->gid); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n")); - return ret; -diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c -index e6860482d9d330cbf12ad42d04e2e3af894cee89..cf6d72ad2e67f0d09ce423738003aa719cc43456 100644 ---- a/src/providers/krb5/krb5_utils.c -+++ b/src/providers/krb5/krb5_utils.c -@@ -203,7 +203,7 @@ done: - - char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - const char *template, bool file_mode, -- bool case_sensitive, bool *private_path) -+ bool case_sensitive) - { - char *copy; - char *p; -@@ -217,8 +217,6 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - char action; - bool rerun; - -- *private_path = false; -- - if (template == NULL) { - DEBUG(1, ("Missing template.\n")); - return NULL; -@@ -269,7 +267,6 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - - result = talloc_asprintf_append(result, "%s%s", p, - name); -- if (!file_mode) *private_path = true; - break; - case 'U': - if (kr->uid <= 0) { -@@ -279,7 +276,6 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - } - result = talloc_asprintf_append(result, "%s%"SPRIuid, p, - kr->uid); -- if (!file_mode) *private_path = true; - break; - case 'p': - if (kr->upn == NULL) { -@@ -288,7 +284,6 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - goto done; - } - result = talloc_asprintf_append(result, "%s%s", p, kr->upn); -- if (!file_mode) *private_path = true; - break; - case '%': - result = talloc_asprintf_append(result, "%s%%", p); -@@ -308,7 +303,6 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - goto done; - } - result = talloc_asprintf_append(result, "%s%s", p, kr->homedir); -- if (!file_mode) *private_path = true; - break; - case 'd': - if (file_mode) { -@@ -320,8 +314,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - } - - dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl, -- false, case_sensitive, -- private_path); -+ false, case_sensitive); - if (dummy == NULL) { - DEBUG(1, ("Expanding credential cache directory " - "template failed.\n")); -@@ -414,41 +407,30 @@ done: - return res; - } - --static errno_t check_parent_stat(bool private_path, struct stat *parent_stat, -+static errno_t check_parent_stat(struct stat *parent_stat, - uid_t uid, gid_t gid) - { -- if (private_path) { -- if (!((parent_stat->st_uid == 0 && parent_stat->st_gid == 0) || -- parent_stat->st_uid == uid)) { -- DEBUG(1, ("Private directory can only be created below a " -- "directory belonging to root or to " -- "[%"SPRIuid"][%"SPRIgid"].\n", uid, gid)); -- return EINVAL; -- } -+ if (!((parent_stat->st_uid == 0 && parent_stat->st_gid == 0) || -+ parent_stat->st_uid == uid)) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Private directory can only be created below a directory " -+ "belonging to root or to [%"SPRIuid"][%"SPRIgid"].\n", -+ uid, gid)); -+ return EINVAL; -+ } - -- if (parent_stat->st_uid == uid) { -- if (!(parent_stat->st_mode & S_IXUSR)) { -- DEBUG(1, ("Parent directory does have the search bit set for " -- "the owner.\n")); -- return EINVAL; -- } -- } else { -- if (!(parent_stat->st_mode & S_IXOTH)) { -- DEBUG(1, ("Parent directory does have the search bit set for " -- "others.\n")); -- return EINVAL; -- } -+ if (parent_stat->st_uid == uid) { -+ if (!(parent_stat->st_mode & S_IXUSR)) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Parent directory does not have the search bit set for " -+ "the owner.\n")); -+ return EINVAL; - } - } else { -- if (parent_stat->st_uid != 0 || parent_stat->st_gid != 0) { -- DEBUG(1, ("Public directory cannot be created below a user " -- "directory.\n")); -- return EINVAL; -- } -- - if (!(parent_stat->st_mode & S_IXOTH)) { -- DEBUG(1, ("Parent directory does have the search bit set for " -- "others.\n")); -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ ("Parent directory does not have the search bit set for " -+ "others.\n")); - return EINVAL; - } - } -@@ -559,7 +541,7 @@ check_ccache_re(const char *filename, pcre *illegal_re) - - errno_t - create_ccache_dir(const char *ccdirname, pcre *illegal_re, -- uid_t uid, gid_t gid, bool private_path) -+ uid_t uid, gid_t gid) - { - int ret = EFAULT; - struct stat parent_stat; -@@ -598,27 +580,17 @@ create_ccache_dir(const char *ccdirname, pcre *illegal_re, - goto done; - } - -- ret = check_parent_stat(private_path, &parent_stat, uid, gid); -+ ret = check_parent_stat(&parent_stat, uid, gid); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, -- ("check_parent_stat failed for %s directory [%s].\n", -- private_path ? "private" : "public", ccdirname)); -+ ("check_parent_stat failed for directory [%s].\n", ccdirname)); - goto done; - } - - DLIST_FOR_EACH(li, missing_parents) { - DEBUG(SSSDBG_TRACE_INTERNAL, - ("Creating directory [%s].\n", li->s)); -- if (li->next == NULL) { -- new_dir_mode = private_path ? 0700 : 01777; -- } else { -- if (private_path && -- parent_stat.st_uid == uid && parent_stat.st_gid == gid) { -- new_dir_mode = 0700; -- } else { -- new_dir_mode = 0755; -- } -- } -+ new_dir_mode = 0700; - - old_umask = umask(0000); - ret = mkdir(li->s, new_dir_mode); -@@ -630,16 +602,12 @@ create_ccache_dir(const char *ccdirname, pcre *illegal_re, - strerror(ret))); - goto done; - } -- if (private_path && -- ((parent_stat.st_uid == uid && parent_stat.st_gid == gid) || -- li->next == NULL)) { -- ret = chown(li->s, uid, gid); -- if (ret != EOK) { -- ret = errno; -- DEBUG(SSSDBG_MINOR_FAILURE, -- ("chown failed [%d][%s].\n", ret, strerror(ret))); -- goto done; -- } -+ ret = chown(li->s, uid, gid); -+ if (ret != EOK) { -+ ret = errno; -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ ("chown failed [%d][%s].\n", ret, strerror(ret))); -+ goto done; - } - } - -@@ -758,7 +726,7 @@ done: - } - - errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, -- uid_t uid, gid_t gid, bool private_path) -+ uid_t uid, gid_t gid) - { - TALLOC_CTX *tmp_ctx = NULL; - const char *filename; -@@ -802,7 +770,7 @@ errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, - *end = '\0'; - } while (*(end+1) == '\0'); - -- ret = create_ccache_dir(ccdirname, illegal_re, uid, gid, private_path); -+ ret = create_ccache_dir(ccdirname, illegal_re, uid, gid); - done: - talloc_free(tmp_ctx); - return ret; -diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h -index 33cc6112b02af6991ef4aa4f1988dcbe08ed9266..4b1ebb0bb7a9e13d68ee62820f6408d029a2f072 100644 ---- a/src/providers/krb5/krb5_utils.h -+++ b/src/providers/krb5/krb5_utils.h -@@ -43,11 +43,11 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb, - const char *upn); - - errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, -- uid_t uid, gid_t gid, bool private_path); -+ uid_t uid, gid_t gid); - - char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - const char *template, bool file_mode, -- bool case_sensitive, bool *private_path); -+ bool case_sensitive); - - errno_t become_user(uid_t uid, gid_t gid); - struct sss_creds; -@@ -58,7 +58,7 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx, - errno_t restore_creds(struct sss_creds *saved_creds); - - errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, -- uid_t uid, gid_t gid, bool private_path); -+ uid_t uid, gid_t gid); - errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid); - errno_t sss_krb5_check_ccache_princ(uid_t uid, gid_t gid, - const char *ccname, const char *principal); --- -1.8.3.1 - diff --git a/0002-krb5-Fix-unit-tests.patch b/0002-krb5-Fix-unit-tests.patch deleted file mode 100644 index 369c1f3..0000000 --- a/0002-krb5-Fix-unit-tests.patch +++ /dev/null @@ -1,432 +0,0 @@ -From adf0fd14ea54a3b015efe8a6d67532b87a064cdd Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Fri, 4 Oct 2013 09:40:34 +0200 -Subject: [PATCH 2/2] krb5: Fix unit tests - ---- - src/tests/krb5_child-test.c | 5 +- - src/tests/krb5_utils-tests.c | 126 +++++++++++++++---------------------------- - 2 files changed, 46 insertions(+), 85 deletions(-) - -diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c -index 959b1bd698284d0db16634357e39fcd076b9fa00..0c6b68b82c648b8e83f5d11b613dd57be89482a0 100644 ---- a/src/tests/krb5_child-test.c -+++ b/src/tests/krb5_child-test.c -@@ -198,7 +198,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, - { - struct krb5child_req *kr; - struct passwd *pwd; -- bool private = false; - errno_t ret; - - /* The top level child request */ -@@ -246,7 +245,7 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, - kr->ccname = expand_ccname_template(kr, kr, - dp_opt_get_cstring(kr->krb5_ctx->opts, - KRB5_CCNAME_TMPL), -- true, true, &private); -+ true, true); - if (!kr->ccname) goto fail; - - DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n", -@@ -262,7 +261,7 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, - - ret = sss_krb5_precreate_ccache(kr->ccname, - kr->krb5_ctx->illegal_path_re, -- kr->uid, kr->gid, private); -+ kr->uid, kr->gid); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("create_ccache_dir failed.\n")); - goto fail; -diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c -index ea0292569135e0fc22a44251cfc4e8719a15837f..3e0c607a58b9ff0840a93867c1ad61cc5a2ae665 100644 ---- a/src/tests/krb5_utils-tests.c -+++ b/src/tests/krb5_utils-tests.c -@@ -117,13 +117,13 @@ START_TEST(test_pub_ccache_dir) - - ret = chmod(testpath, 0754); - fail_unless(ret == EOK, "chmod failed."); -- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false); -+ ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345); - fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL " - "while x-bit is missing."); - - ret = chmod(testpath, 0755); - fail_unless(ret == EOK, "chmod failed."); -- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false); -+ ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345); - fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed."); - - check_dir(subdirname, 0, 0, 01777); -@@ -158,7 +158,7 @@ START_TEST(test_pub_ccache_dir_in_user_dir) - filename = talloc_asprintf(tmp_ctx, "%s/ccfile", subdirname); - fail_unless(filename != NULL, "talloc_asprintf failed."); - -- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false); -+ ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345); - fail_unless(ret == EINVAL, "Creating public ccache dir in user dir " - "does not failed with EINVAL."); - -@@ -193,13 +193,13 @@ START_TEST(test_priv_ccache_dir) - - ret = chmod(testpath, 0754); - fail_unless(ret == EOK, "chmod failed."); -- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true); -+ ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid); - fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL " - "while x-bit is missing."); - - ret = chmod(testpath, 0755); - fail_unless(ret == EOK, "chmod failed."); -- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true); -+ ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid); - fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed."); - - check_dir(subdir, uid, gid, 0700); -@@ -248,13 +248,13 @@ START_TEST(test_private_ccache_dir_in_user_dir) - - ret = chmod(user_dir, 0600); - fail_unless(ret == EOK, "chmod failed."); -- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true); -+ ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid); - fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL " - "while x-bit is missing."); - - ret = chmod(user_dir, 0700); - fail_unless(ret == EOK, "chmod failed."); -- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true); -+ ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid); - fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed."); - - check_dir(dn3, uid, gid, 0700); -@@ -292,7 +292,7 @@ START_TEST(test_private_ccache_dir_in_wrong_user_dir) - filename = talloc_asprintf(tmp_ctx, "%s/ccfile", subdirname); - fail_unless(filename != NULL, "talloc_asprintf failed."); - -- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, true); -+ ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345); - fail_unless(ret == EINVAL, "Creating private ccache dir in wrong user " - "dir does not failed with EINVAL."); - -@@ -329,27 +329,27 @@ START_TEST(test_illegal_patterns) - - filename = talloc_asprintf(tmp_ctx, "abc/./ccfile"); - fail_unless(filename != NULL, "talloc_asprintf failed."); -- ret = create_ccache_dir(filename, illegal_re, uid, gid, true); -+ ret = create_ccache_dir(filename, illegal_re, uid, gid); - fail_unless(ret == EINVAL, "create_ccache_dir allowed relative path [%s].", - filename); - - filename = talloc_asprintf(tmp_ctx, "%s/abc/./ccfile", dirname); - fail_unless(filename != NULL, "talloc_asprintf failed."); -- ret = create_ccache_dir(filename, illegal_re, uid, gid, true); -+ ret = create_ccache_dir(filename, illegal_re, uid, gid); - fail_unless(ret == EINVAL, "create_ccache_dir allowed " - "illegal pattern '/./' in filename [%s].", - filename); - - filename = talloc_asprintf(tmp_ctx, "%s/abc/../ccfile", dirname); - fail_unless(filename != NULL, "talloc_asprintf failed."); -- ret = create_ccache_dir(filename, illegal_re, uid, gid, true); -+ ret = create_ccache_dir(filename, illegal_re, uid, gid); - fail_unless(ret == EINVAL, "create_ccache_dir allowed " - "illegal pattern '/../' in filename [%s].", - filename); - - filename = talloc_asprintf(tmp_ctx, "%s/abc//ccfile", dirname); - fail_unless(filename != NULL, "talloc_asprintf failed."); -- ret = create_ccache_dir(filename, illegal_re, uid, gid, true); -+ ret = create_ccache_dir(filename, illegal_re, uid, gid); - fail_unless(ret == EINVAL, "create_ccache_dir allowed " - "illegal pattern '//' in filename [%s].", - filename); -@@ -385,7 +385,7 @@ START_TEST(test_cc_dir_create) - residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir"); - fail_unless(residual != NULL, "talloc_asprintf failed."); - -- ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid, true); -+ ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid); - fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n"); - ret = rmdir(dirname); - if (ret < 0) ret = errno; -@@ -398,7 +398,7 @@ START_TEST(test_cc_dir_create) - residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir/"); - fail_unless(residual != NULL, "talloc_asprintf failed."); - -- ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid, true); -+ ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid); - fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n"); - ret = rmdir(dirname); - if (ret < 0) ret = errno; -@@ -463,40 +463,34 @@ void free_talloc_context(void) - } - - static void do_test(const char *file_template, const char *dir_template, -- const char *expected, const bool expected_private_path) -+ const char *expected) - { - char *result; - int ret; -- bool private_path = false; - - ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, dir_template); - fail_unless(ret == EOK, "Failed to set Ccache dir"); - -- result = expand_ccname_template(tmp_ctx, kr, file_template, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, file_template, true, true); - - fail_unless(result != NULL, "Cannot expand template [%s].", file_template); - fail_unless(strcmp(result, expected) == 0, - "Expansion failed, result [%s], expected [%s].", - result, expected); -- fail_unless(private_path == expected_private_path, -- "Unexpected private path, get [%s], expected [%s].", -- private_path ? "true" : "false", -- expected_private_path ? "true" : "false"); - } - - START_TEST(test_multiple_substitutions) - { -- do_test(BASE"_%u_%U_%u", CCACHE_DIR, BASE"_"USERNAME"_"UID"_"USERNAME, false); -+ do_test(BASE"_%u_%U_%u", CCACHE_DIR, BASE"_"USERNAME"_"UID"_"USERNAME); - do_test("%d/"FILENAME, BASE"_%u_%U_%u", -- BASE"_"USERNAME"_"UID"_"USERNAME"/"FILENAME, true); -+ BASE"_"USERNAME"_"UID"_"USERNAME"/"FILENAME); - } - END_TEST - - START_TEST(test_username) - { -- do_test(BASE"_%u", CCACHE_DIR, BASE"_"USERNAME, false); -- do_test("%d/"FILENAME, BASE"_%u", BASE"_"USERNAME"/"FILENAME, true); -+ do_test(BASE"_%u", CCACHE_DIR, BASE"_"USERNAME); -+ do_test("%d/"FILENAME, BASE"_%u", BASE"_"USERNAME"/"FILENAME); - } - END_TEST - -@@ -504,7 +498,6 @@ START_TEST(test_case_sensitive) - { - char *result; - int ret; -- bool private_path = false; - const char *file_template = BASE"_%u"; - const char *expected_cs = BASE"_TestUser"; - const char *expected_ci = BASE"_testuser"; -@@ -513,16 +506,14 @@ START_TEST(test_case_sensitive) - ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR); - fail_unless(ret == EOK, "Failed to set Ccache dir"); - -- result = expand_ccname_template(tmp_ctx, kr, file_template, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, file_template, true, true); - - fail_unless(result != NULL, "Cannot expand template [%s].", file_template); - fail_unless(strcmp(result, expected_cs) == 0, - "Expansion failed, result [%s], expected [%s].", - result, expected_cs); - -- result = expand_ccname_template(tmp_ctx, kr, file_template, true, -- false, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, file_template, true, false); - - fail_unless(result != NULL, "Cannot expand template [%s].", file_template); - fail_unless(strcmp(result, expected_ci) == 0, -@@ -533,29 +524,29 @@ END_TEST - - START_TEST(test_uid) - { -- do_test(BASE"_%U", CCACHE_DIR, BASE"_"UID, false); -- do_test("%d/"FILENAME, BASE"_%U", BASE"_"UID"/"FILENAME, true); -+ do_test(BASE"_%U", CCACHE_DIR, BASE"_"UID); -+ do_test("%d/"FILENAME, BASE"_%U", BASE"_"UID"/"FILENAME); - } - END_TEST - - START_TEST(test_upn) - { -- do_test(BASE"_%p", CCACHE_DIR, BASE"_"PRINCIPAL_NAME, false); -- do_test("%d/"FILENAME, BASE"_%p", BASE"_"PRINCIPAL_NAME"/"FILENAME, true); -+ do_test(BASE"_%p", CCACHE_DIR, BASE"_"PRINCIPAL_NAME); -+ do_test("%d/"FILENAME, BASE"_%p", BASE"_"PRINCIPAL_NAME"/"FILENAME); - } - END_TEST - - START_TEST(test_realm) - { -- do_test(BASE"_%r", CCACHE_DIR, BASE"_"REALM, false); -- do_test("%d/"FILENAME, BASE"_%r", BASE"_"REALM"/"FILENAME, false); -+ do_test(BASE"_%r", CCACHE_DIR, BASE"_"REALM); -+ do_test("%d/"FILENAME, BASE"_%r", BASE"_"REALM"/"FILENAME); - } - END_TEST - - START_TEST(test_home) - { -- do_test(BASE"_%h", CCACHE_DIR, BASE"_"HOME_DIRECTORY, false); -- do_test("%d/"FILENAME, BASE"_%h", BASE"_"HOME_DIRECTORY"/"FILENAME, true); -+ do_test(BASE"_%h", CCACHE_DIR, BASE"_"HOME_DIRECTORY); -+ do_test("%d/"FILENAME, BASE"_%h", BASE"_"HOME_DIRECTORY"/"FILENAME); - } - END_TEST - -@@ -563,20 +554,15 @@ START_TEST(test_ccache_dir) - { - char *result; - int ret; -- bool private_path = false; - -- do_test(BASE"_%d", CCACHE_DIR, BASE"_"CCACHE_DIR, false); -+ do_test(BASE"_%d", CCACHE_DIR, BASE"_"CCACHE_DIR); - - ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%d"); - fail_unless(ret == EOK, "Failed to set Ccache dir"); - -- result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, true); - - fail_unless(result == NULL, "Using %%d in ccache dir should fail."); -- fail_unless(private_path == false, -- "Unexpected private path, get [%s], expected [%s].", -- private_path ? "true" : "false", "false"); - } - END_TEST - -@@ -584,39 +570,32 @@ START_TEST(test_pid) - { - char *result; - int ret; -- bool private_path = false; - -- do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID, false); -+ do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID); - - ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%P"); - fail_unless(ret == EOK, "Failed to set Ccache dir"); - -- result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, true); - - fail_unless(result == NULL, "Using %%P in ccache dir should fail."); -- fail_unless(private_path == false, -- "Unexpected private path, get [%s], expected [%s].", -- private_path ? "true" : "false", "false"); - } - END_TEST - - START_TEST(test_percent) - { -- do_test(BASE"_%%", CCACHE_DIR, BASE"_%", false); -- do_test("%d/"FILENAME, BASE"_%%", BASE"_%/"FILENAME, false); -+ do_test(BASE"_%%", CCACHE_DIR, BASE"_%"); -+ do_test("%d/"FILENAME, BASE"_%%", BASE"_%/"FILENAME); - } - END_TEST - --START_TEST(test_unknow_template) -+START_TEST(test_unknown_template) - { - const char *test_template = BASE"_%X"; - char *result; - int ret; -- bool private_path = false; - -- result = expand_ccname_template(tmp_ctx, kr, test_template, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, test_template, true, true); - - fail_unless(result == NULL, "Unknown template [%s] should fail.", - test_template); -@@ -624,14 +603,10 @@ START_TEST(test_unknow_template) - ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%X"); - fail_unless(ret == EOK, "Failed to set Ccache dir"); - test_template = "%d/"FILENAME; -- result = expand_ccname_template(tmp_ctx, kr, test_template, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, test_template, true, true); - - fail_unless(result == NULL, "Unknown template [%s] should fail.", - test_template); -- fail_unless(private_path == false, -- "Unexpected private path, get [%s], expected [%s].", -- private_path ? "true" : "false", "false"); - } - END_TEST - -@@ -639,16 +614,11 @@ START_TEST(test_NULL) - { - char *test_template = NULL; - char *result; -- bool private_path = false; - -- result = expand_ccname_template(tmp_ctx, kr, test_template, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, test_template, true, true); - - fail_unless(result == NULL, "Expected NULL as a result for an empty input.", - test_template); -- fail_unless(private_path == false, -- "Unexpected private path, get [%s], expected [%s].", -- private_path ? "true" : "false", "false"); - } - END_TEST - -@@ -656,32 +626,25 @@ START_TEST(test_no_substitution) - { - const char *test_template = BASE; - char *result; -- bool private_path = false; - -- result = expand_ccname_template(tmp_ctx, kr, test_template, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, test_template, true, true); - - fail_unless(result != NULL, "Cannot expand template [%s].", test_template); - fail_unless(strcmp(result, test_template) == 0, - "Expansion failed, result [%s], expected [%s].", - result, test_template); -- fail_unless(private_path == false, -- "Unexpected private path, get [%s], expected [%s].", -- private_path ? "true" : "false", "false"); - } - END_TEST - - START_TEST(test_krb5_style_expansion) - { - char *result; -- bool private_path = false; - const char *file_template; - const char *expected; - - file_template = BASE"/%{uid}/%{USERID}/%{euid}/%{username}"; - expected = BASE"/"UID"/"UID"/"UID"/"USERNAME; -- result = expand_ccname_template(tmp_ctx, kr, file_template, true, -- true, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, file_template, true, true); - - fail_unless(result != NULL, "Cannot expand template [%s].", file_template); - fail_unless(strcmp(result, expected) == 0, -@@ -690,8 +653,7 @@ START_TEST(test_krb5_style_expansion) - - file_template = BASE"/%{unknown}"; - expected = BASE"/%{unknown}"; -- result = expand_ccname_template(tmp_ctx, kr, file_template, true, -- false, &private_path); -+ result = expand_ccname_template(tmp_ctx, kr, file_template, true, false); - - fail_unless(result != NULL, "Cannot expand template [%s].", file_template); - fail_unless(strcmp(result, expected) == 0, -@@ -754,7 +716,7 @@ Suite *krb5_utils_suite (void) - free_talloc_context); - tcase_add_test (tc_ccname_template, test_no_substitution); - tcase_add_test (tc_ccname_template, test_NULL); -- tcase_add_test (tc_ccname_template, test_unknow_template); -+ tcase_add_test (tc_ccname_template, test_unknown_template); - tcase_add_test (tc_ccname_template, test_username); - tcase_add_test (tc_ccname_template, test_case_sensitive); - tcase_add_test (tc_ccname_template, test_uid); --- -1.8.3.1 - diff --git a/0003-AD-properly-intitialize-GC-from-ad_server-option.patch b/0003-AD-properly-intitialize-GC-from-ad_server-option.patch deleted file mode 100644 index cd39fdd..0000000 --- a/0003-AD-properly-intitialize-GC-from-ad_server-option.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 9a9a813906472ffff3911b6006d023e1c6cbff8a Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Wed, 2 Oct 2013 18:21:42 +0200 -Subject: [PATCH] AD: properly intitialize GC from ad_server option - ---- - src/providers/ad/ad_common.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c -index 700ac033f42ac700b4e255a74350d774a3340358..ab62d64a943a726724698d1b7eb9f15bc40b389e 100644 ---- a/src/providers/ad/ad_common.c -+++ b/src/providers/ad/ad_common.c -@@ -441,7 +441,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx, - } - sdata->gc = true; - -- ret = be_fo_add_server(bectx, fo_service, list[i], 0, sdata, primary); -+ ret = be_fo_add_server(bectx, fo_gc_service, list[i], 0, sdata, primary); - if (ret && ret != EEXIST) { - DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); - goto done; --- -1.8.3.1 - diff --git a/0004-IPA-server-mode-properly-initialize-ext_groups.patch b/0004-IPA-server-mode-properly-initialize-ext_groups.patch deleted file mode 100644 index ae43277..0000000 --- a/0004-IPA-server-mode-properly-initialize-ext_groups.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3d6fb8fcaa650d1da60a2e575847bd6fcfa08c72 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Wed, 16 Oct 2013 10:45:52 +0200 -Subject: [PATCH] IPA server mode: properly initialize ext_groups - ---- - src/providers/ipa/ipa_subdomains.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c -index bfbdabf..ea55f70 100644 ---- a/src/providers/ipa/ipa_subdomains.c -+++ b/src/providers/ipa/ipa_subdomains.c -@@ -1305,13 +1305,14 @@ int ipa_ad_subdom_init(struct be_ctx *be_ctx, - return EINVAL; - } - -- id_ctx->server_mode = talloc(id_ctx, struct ipa_server_mode_ctx); -+ id_ctx->server_mode = talloc_zero(id_ctx, struct ipa_server_mode_ctx); - if (id_ctx->server_mode == NULL) { - return ENOMEM; - } - id_ctx->server_mode->realm = realm; - id_ctx->server_mode->hostname = hostname; - id_ctx->server_mode->trusts = NULL; -+ id_ctx->server_mode->ext_groups = NULL; - - return EOK; - } --- -1.8.3.1 - diff --git a/sources b/sources index 514253b..479c9d3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -507a6b8dd5e18b3b604989fe26ce19b0 sssd-1.11.1.tar.gz +b22b43cfab8e52961e1e8b2f6d9c403b sssd-1.11.2.tar.gz diff --git a/sssd.spec b/sssd.spec index d269c88..de5889a 100644 --- a/sssd.spec +++ b/sssd.spec @@ -13,8 +13,8 @@ %global ldb_version 1.1.16 Name: sssd -Version: 1.11.1 -Release: 5%{?dist} +Version: 1.11.2 +Release: 1%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -23,12 +23,6 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### -Patch0001: 0001-krb5-Remove-ability-to-create-public-directories.patch -Patch0002: 0002-krb5-Fix-unit-tests.patch -Patch0003: 0003-AD-properly-intitialize-GC-from-ad_server-option.patch -Patch0004: 0004-IPA-server-mode-properly-initialize-ext_groups.patch - -Patch0601: 0601-FEDORA-LDAP-handle-SID-requests-if-noexist_delete-is-set.patch Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch ### Dependencies ### @@ -736,6 +730,11 @@ fi %postun -n libsss_idmap -p /sbin/ldconfig %changelog +* Wed Oct 30 2013 Jakub Hrozek - 1.11.2-1 +- New upstream release 1.11.2 +- Remove upstreamed patches +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 + * Wed Oct 16 2013 Sumit Bose - 1.11.1-5 - Fix potential crash with external groups in trusted IPA-AD setup