rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

sssd-2.9.0-1: Rebase to latest upstream release

Browse Source
This commit is contained in:
Pavel Březina 2023-05-05 12:16:48 +02:00
parent d3ba8fb11a
commit 61f34a14b6
4 changed files with 287 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -105,3 +105,4 @@ sssd-1.2.91.tar.gz
/sssd-2.8.0.tar.gz
/sssd-2.8.1.tar.gz
/sssd-2.8.2.tar.gz
/sssd-2.9.0.tar.gz

251
0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch Normal file
View File

@ -0,0 +1,251 @@
From eb43c2400a34a4ab77be4f75ba7536baecda3bef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com>
Date: Wed, 10 May 2023 17:29:07 +0200
Subject: [PATCH 1/4] FILE WATCH: Callback not executed on link or relative
path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When the watched file was a symbolic link or was a relative path,
the calback was not executed because the filename comparison
was wrongly considering the files to be different.
The solution is to normalize the filenames before comparing them.
This cannot be easily done at setup because the file could not
exist at that moment.
The test was adapted to check this situation.
Resolves: https://github.com/SSSD/sssd/issues/6718
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit b2a4ff2aa67707c226c5835c1fcac042fce1cae3)
---
src/tests/file_watch-tests.c | 87 +++++++++++++++++++++++++-----------
src/util/file_watch.c | 26 +++++++++--
2 files changed, 85 insertions(+), 28 deletions(-)
diff --git a/src/tests/file_watch-tests.c b/src/tests/file_watch-tests.c
index 3ca5b44f9553e26bfefa5ee3449b374121c7fcca..3e1aea6cece863c6a762d6a98cc1885aeb395c5a 100644
--- a/src/tests/file_watch-tests.c
+++ b/src/tests/file_watch-tests.c
@@ -36,11 +36,19 @@
#include "util/file_watch.h"
#include "tests/common.h"
-#define FW_DIR TEST_DIR "/file-watch"
-#define WATCHED_FILE_INOTIFY FW_DIR "/watched_file_inotify"
-#define WATCHED_FILE_POLL FW_DIR "/watched_file_poll"
-#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/watched_file_inotify.exists"
-#define WATCHED_EXISTING_FILE_POLL FW_DIR "/watched_file_poll.exists"
+#define FW_NAME "/file-watch-test-dir"
+#define FILE_INOTIFY_NAME "watched_file_inotify"
+#define FILE_POLL_NAME "watched_file_poll"
+#define FW_DIR TEST_DIR FW_NAME
+#define EXISTING_FILE_INOTIFY_NAME FILE_INOTIFY_NAME ".exists"
+#define EXISTING_FILE_POLL_NAME FILE_POLL_NAME ".exists"
+#define WATCHED_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" FILE_INOTIFY_NAME
+#define WATCHED_FILE_POLL FW_DIR "/.." FW_NAME "/" FILE_POLL_NAME
+#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" EXISTING_FILE_INOTIFY_NAME
+#define WATCHED_EXISTING_FILE_POLL FW_DIR "/.." FW_NAME "/" EXISTING_FILE_POLL_NAME
+#define WATCHED_EXISTING_LINK_INOTIFY FW_DIR "/" EXISTING_FILE_INOTIFY_NAME ".link"
+#define WATCHED_EXISTING_LINK_POLL FW_DIR "/" EXISTING_FILE_POLL_NAME ".link"
+#define UNWATCHED_FILE FW_DIR "/unwatched_file"
static TALLOC_CTX *test_mem_ctx;
@@ -50,34 +58,51 @@ struct fn_arg {
int counter;
};
+static void remove_files(void)
+{
+ unlink(WATCHED_FILE_INOTIFY);
+ unlink(WATCHED_FILE_POLL);
+ unlink(WATCHED_EXISTING_LINK_INOTIFY);
+ unlink(WATCHED_EXISTING_LINK_POLL);
+ unlink(WATCHED_EXISTING_FILE_INOTIFY);
+ unlink(WATCHED_EXISTING_FILE_POLL);
+ unlink(UNWATCHED_FILE);
+}
+
static void setup_file_watch(void)
{
+ DEBUG(SSSDBG_TRACE_ALL, "==========================================\n");
test_mem_ctx = talloc_new(NULL);
mkdir(FW_DIR, 0700);
- unlink(WATCHED_FILE_INOTIFY);
- unlink(WATCHED_FILE_POLL);
- unlink(WATCHED_EXISTING_FILE_INOTIFY);
- unlink(WATCHED_EXISTING_FILE_POLL);
+ remove_files();
}
-
static void teardown_file_watch(void)
{
- unlink(WATCHED_FILE_INOTIFY);
- unlink(WATCHED_FILE_POLL);
- unlink(WATCHED_EXISTING_FILE_INOTIFY);
- unlink(WATCHED_EXISTING_FILE_POLL);
talloc_free(test_mem_ctx);
+ remove_files();
+ rmdir(FW_DIR);
}
static void callback(const char *filename, void *arg)
{
- DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n");
+ static char received[PATH_MAX + 1];
+ static char expected[PATH_MAX + 1];
+ char *res;
struct fn_arg *data = (struct fn_arg *) arg;
+ DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n");
+
ck_assert_msg(data != NULL, "Callback received NULL argument");
- ck_assert_msg(strcmp(filename, data->filename) == 0,
+
+ res = realpath(data->filename, expected);
+ ck_assert_msg(res != NULL, "Failed to normalize the expected filename");
+
+ res = realpath(filename, received);
+ ck_assert_msg(res != NULL, "Failed to normalize the received filename");
+
+ ck_assert_msg(strcmp(expected, received) == 0,
"Wrong filename in the callback.");
data->counter++;
}
@@ -88,7 +113,7 @@ static void modify_file(const char *filename)
int fd;
int res;
- DEBUG(SSSDBG_TRACE_FUNC, "File modified\n");
+ DEBUG(SSSDBG_TRACE_FUNC, "Modifying file %s\n", filename);
fd = open(filename, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR);
ck_assert_msg(fd != -1, "Failed to open the file.");
@@ -119,11 +144,14 @@ static void test_file_watch_no_file(bool use_inotify)
arg.filename = filename;
arg.counter = 0;
+ DEBUG(SSSDBG_TRACE_ALL, "Watching file %s\n", filename);
ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg);
ck_assert_msg(ctx != NULL, "Failed to watch a file.");
ck_assert_msg(arg.counter == 0, "Unexpected callback invocation.");
- // At this point the file doesn't exist, we will create it.
+ // At this point the file doesn't exist. We create the watched and an
+ // unwatched file
+ modify_file(UNWATCHED_FILE);
modify_file(filename);
if (use_inotify) {
res = tevent_loop_once(ev);
@@ -152,26 +180,35 @@ static void test_file_watch_with_file(bool use_inotify)
{
struct file_watch_ctx *ctx;
struct tevent_context *ev;
+ const char *filepath;
const char *filename;
+ const char *linkpath;
struct fn_arg arg;
int res;
if (use_inotify) {
- filename = WATCHED_EXISTING_FILE_INOTIFY;
+ filename = EXISTING_FILE_INOTIFY_NAME;
+ filepath = WATCHED_EXISTING_FILE_INOTIFY;
+ linkpath = WATCHED_EXISTING_LINK_INOTIFY;
} else {
- filename = WATCHED_EXISTING_FILE_POLL;
+ filename = EXISTING_FILE_POLL_NAME;
+ filepath = WATCHED_EXISTING_FILE_POLL;
+ linkpath = WATCHED_EXISTING_LINK_POLL;
}
- modify_file(filename);
+ modify_file(filepath);
+ res = symlink(filename, linkpath);
+ ck_assert_msg(res == 0, "Failed create the symbolic link");
ev = tevent_context_init(test_mem_ctx);
ck_assert_msg(ev != NULL, "Failed to create the tevent context.");
- arg.filename = filename;
+ arg.filename = linkpath;
arg.counter = 0;
// File already exists
- ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg);
- ck_assert_msg(ctx != NULL, "Failed to watch a file.");
+ DEBUG(SSSDBG_TRACE_ALL, "Watching link %s\n", linkpath);
+ ctx = fw_watch_file(test_mem_ctx, ev, linkpath, use_inotify, callback, &arg);
+ ck_assert_msg(ctx != NULL, "Failed to watch a link.");
ck_assert_msg(arg.counter >= 1, "Callback not invoked at start up.");
ck_assert_msg(arg.counter <= 1, "Callback invoked too many times at start up.");
@@ -179,7 +216,7 @@ static void test_file_watch_with_file(bool use_inotify)
if (!use_inotify) {
sleep(2); // Detection by polling is based on the file's modification time.
}
- modify_file(filename);
+ modify_file(filepath);
if (use_inotify) {
res = tevent_loop_once(ev);
ck_assert_msg(res == 0, "tevent_loop_once() failed.");
diff --git a/src/util/file_watch.c b/src/util/file_watch.c
index b994e41163a4955a2f68f3b12f6f99831d64ed2e..d19fdccd608a378f3351200a62708a02fb61a529 100644
--- a/src/util/file_watch.c
+++ b/src/util/file_watch.c
@@ -121,7 +121,10 @@ static int watched_file_inotify_cb(const char *filename,
uint32_t flags,
void *pvt)
{
+ static char received[PATH_MAX + 1];
+ static char expected[PATH_MAX + 1];
struct file_watch_ctx *fw_ctx;
+ char *res;
DEBUG(SSSDBG_TRACE_LIBS,
"Received inotify notification for %s\n", filename);
@@ -131,15 +134,32 @@ static int watched_file_inotify_cb(const char *filename,
return EINVAL;
}
- if (strcmp(fw_ctx->filename, filename) == 0) {
- if (access(fw_ctx->filename, F_OK) == 0) {
- fw_ctx->cb(fw_ctx->filename, fw_ctx->cb_arg);
+ res = realpath(fw_ctx->filename, expected);
+ if (res == NULL) {
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Normalization failed for expected %s. Skipping the callback.\n",
+ fw_ctx->filename);
+ goto done;
+ }
+
+ res = realpath(filename, received);
+ if (res == NULL) {
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Normalization failed for received %s. Skipping the callback.\n",
+ filename);
+ goto done;
+ }
+
+ if (strcmp(expected, received) == 0) {
+ if (access(received, F_OK) == 0) {
+ fw_ctx->cb(received, fw_ctx->cb_arg);
} else {
DEBUG(SSSDBG_TRACE_LIBS,
"File %s is missing. Skipping the callback.\n", filename);
}
}
+done:
return EOK;
}
--
2.39.2

2
sources
View File

@ -1 +1 @@
SHA512 (sssd-2.8.2.tar.gz) = 10b7a641823aefb43e30bff9e5f309a1f48446ffff421a06f86496db24ba1fbd384733b5690864507ef9b2f04c91e563fe9820536031f83f1bd6e93edfedee55
SHA512 (sssd-2.9.0.tar.gz) = cf65572cfa6468c4b3edc3a33a48ab6d58979917901662eb8b2d8fc5931494be81da13295246500a3a315b71d0395594c9a565014e5875f3cdde50da096f253d

66
sssd.spec
View File

@ -42,14 +42,15 @@
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
Name: sssd
Version: 2.8.2
Release: 4%{?dist}
Version: 2.9.0
Release: 1%{?dist}
Summary: System Security Services Daemon
License: GPLv3+
URL: https://github.com/SSSD/sssd/
Source0: https://github.com/SSSD/sssd/releases/download/2.8.2/sssd-2.8.2.tar.gz
Source0: https://github.com/SSSD/sssd/releases/download/2.9.0/sssd-2.9.0.tar.gz
### Patches ###
Patch0001: 0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch
### Dependencies ###
@ -98,6 +99,7 @@ BuildRequires: keyutils-libs-devel
BuildRequires: krb5-devel
BuildRequires: libcmocka-devel >= 1.0.0
BuildRequires: libdhash-devel >= 0.4.2
BuildRequires: libfido2-devel
BuildRequires: libini_config-devel >= 1.1
BuildRequires: libldb-devel >= %{ldb_version}
BuildRequires: libnfsidmap-devel
@ -161,6 +163,9 @@ the existing back ends.
%package common
Summary: Common files for the SSSD
License: GPLv3+
# libsss_simpleifp is removed starting 2.9.0
Obsoletes: libsss_simpleifp < 2.9.0
Obsoletes: libsss_simpleifp-debuginfo < 2.9.0
# Requires
# due to ABI changes in 1.1.30/1.2.0
Requires: libldb >= %{ldb_version}
@ -432,23 +437,6 @@ Provides rules for polkit integration with SSSD. This is required
for smartcard support.
%endif
%package -n libsss_simpleifp
Summary: The SSSD D-Bus responder helper library
License: GPLv3+
Requires: sssd-dbus = %{version}-%{release}
%description -n libsss_simpleifp
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
%package -n libsss_simpleifp-devel
Summary: The SSSD D-Bus responder helper library
License: GPLv3+
Requires: dbus-devel
Requires: libsss_simpleifp = %{version}-%{release}
%description -n libsss_simpleifp-devel
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
%package winbind-idmap
Summary: SSSD's idmap_sss Backend for Winbind
License: GPLv3+ and LGPLv3+
@ -509,6 +497,16 @@ This package provides Kerberos plugins that are required to enable
authentication against external identity providers. Additionally a helper
program to handle the OAuth 2.0 Device Authorization Grant is provided.
%package passkey
Summary: SSSD helpers and plugins needed for authentication with passkey token
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
Requires: libfido2
%description passkey
This package provides helper processes and Kerberos plugins that are required to
enable authentication with passkey token.
%prep
%autosetup -p1
@ -537,12 +535,14 @@ autoreconf -ivf
--with-sssd-user=%{sssd_user} \
--with-syslog=journald \
--with-test-dir=/dev/shm \
--with-files-provider \
%if %{build_subid}
--with-subid \
%endif
%if 0%{?fedora}
--disable-polkit-rules-path \
%endif
--with-passkey \
%{nil}
%make_build all docs runstatedir=%{_rundir}
@ -579,6 +579,10 @@ cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp
# Enable krb5 passkey plugins by default (when sssd-passkey package is installed)
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_passkey \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_passkey
# krb5 configuration snippet
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
@ -714,7 +718,6 @@ done
%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
%dir %{_libdir}/%{name}
# The files provider is intentionally packaged in -common
%{_libdir}/%{name}/libsss_files.so
%{_libdir}/%{name}/libsss_simple.so
@ -841,19 +844,9 @@ done
%{_mandir}/man5/sssd-ifp.5*
%{_unitdir}/sssd-ifp.service
# InfoPipe DBus plumbing
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%{_datadir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
%files -n libsss_simpleifp
%{_libdir}/libsss_simpleifp.so.*
%files -n libsss_simpleifp-devel
%doc sss_simpleifp_doc/html
%{_includedir}/sss_sifp.h
%{_includedir}/sss_sifp_dbus.h
%{_libdir}/libsss_simpleifp.so
%{_libdir}/pkgconfig/sss_simpleifp.pc
%files client -f sssd_client.lang
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libnss_sss.so.2
@ -986,6 +979,12 @@ done
%{_datadir}/sssd/krb5-snippets/sssd_enable_idp
%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp
%files passkey
%attr(755,%{sssd_user},%{sssd_user}) %{_libexecdir}/%{servicename}/passkey_child
%{_libdir}/%{name}/modules/sssd_krb5_passkey_plugin.so
%{_datadir}/sssd/krb5-snippets/sssd_enable_passkey
%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_passkey
%if 0%{?rhel}
%pre common
getent group sssd >/dev/null || groupadd -r sssd
@ -1060,6 +1059,9 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Fri May 5 2023 Pavel Březina <pbrezina@redhat.com> - 2.9.0-1
- Rebase to SSSD 2.9.0
* Thu Jan 26 2023 Stephen Gallagher <sgallagh@redhat.com> - 2.8.2-4
- Rebuild against libunistring 1.1