Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
Resolves: rhbz#1608496 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search Resolves: rhbz#2110091 - SSSD doesn't handle changes in 'resolv.conf' properly (when started right before network service) Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. Resolves: rhbz#2139684 - [sssd] RHEL 9.2 Tier 0 Localization Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list Resolves: rhbz#2142794 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged Resolves: rhbz#2144893 - changing password with ldap_password_policy = shadow does not take effect immediately Resolves: rhbz#2148737 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around
This commit is contained in:
parent
70d23470fd
commit
6d6ccdb21b
1
.gitignore
vendored
1
.gitignore
vendored
@ -99,3 +99,4 @@ sssd-1.2.91.tar.gz
|
|||||||
/sssd-2.7.1.tar.gz
|
/sssd-2.7.1.tar.gz
|
||||||
/sssd-2.7.3.tar.gz
|
/sssd-2.7.3.tar.gz
|
||||||
/sssd-2.8.1.tar.gz
|
/sssd-2.8.1.tar.gz
|
||||||
|
/sssd-2.8.2.tar.gz
|
||||||
|
158
0001-ldap-update-shadow-last-change-in-sysdb-as-well.patch
Normal file
158
0001-ldap-update-shadow-last-change-in-sysdb-as-well.patch
Normal file
@ -0,0 +1,158 @@
|
|||||||
|
From d7da2966f5931bac3b17f42e251adbbb7e793619 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
|
Date: Thu, 8 Dec 2022 15:14:05 +0100
|
||||||
|
Subject: [PATCH] ldap: update shadow last change in sysdb as well
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Otherwise pam can use the changed information whe id chaching is
|
||||||
|
enabled, so next authentication that fits into the id timeout
|
||||||
|
(5 seconds by default) will still sees the password as expired.
|
||||||
|
|
||||||
|
Resolves: https://github.com/SSSD/sssd/issues/6477
|
||||||
|
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
||||||
|
(cherry picked from commit 7e8b97c14b8ef218d6ea23214be28d25dba13886)
|
||||||
|
---
|
||||||
|
src/db/sysdb.h | 4 ++++
|
||||||
|
src/db/sysdb_ops.c | 32 ++++++++++++++++++++++++++++++++
|
||||||
|
src/providers/ldap/ldap_auth.c | 21 ++++++++++++++++-----
|
||||||
|
3 files changed, 52 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
||||||
|
index 7c666f5c4..06b44f5ba 100644
|
||||||
|
--- a/src/db/sysdb.h
|
||||||
|
+++ b/src/db/sysdb.h
|
||||||
|
@@ -1061,6 +1061,10 @@ int sysdb_set_user_attr(struct sss_domain_info *domain,
|
||||||
|
struct sysdb_attrs *attrs,
|
||||||
|
int mod_op);
|
||||||
|
|
||||||
|
+errno_t sysdb_update_user_shadow_last_change(struct sss_domain_info *domain,
|
||||||
|
+ const char *name,
|
||||||
|
+ const char *attrname);
|
||||||
|
+
|
||||||
|
/* Replace group attrs */
|
||||||
|
int sysdb_set_group_attr(struct sss_domain_info *domain,
|
||||||
|
const char *name,
|
||||||
|
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
|
||||||
|
index 0d6f2d5cd..ed0df9872 100644
|
||||||
|
--- a/src/db/sysdb_ops.c
|
||||||
|
+++ b/src/db/sysdb_ops.c
|
||||||
|
@@ -1485,6 +1485,38 @@ done:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+errno_t sysdb_update_user_shadow_last_change(struct sss_domain_info *domain,
|
||||||
|
+ const char *name,
|
||||||
|
+ const char *attrname)
|
||||||
|
+{
|
||||||
|
+ struct sysdb_attrs *attrs;
|
||||||
|
+ char *value;
|
||||||
|
+ errno_t ret;
|
||||||
|
+
|
||||||
|
+ attrs = sysdb_new_attrs(NULL);
|
||||||
|
+ if (attrs == NULL) {
|
||||||
|
+ return ENOMEM;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* The attribute contains number of days since the epoch */
|
||||||
|
+ value = talloc_asprintf(attrs, "%ld", (long)time(NULL)/86400);
|
||||||
|
+ if (value == NULL) {
|
||||||
|
+ ret = ENOMEM;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ ret = sysdb_attrs_add_string(attrs, attrname, value);
|
||||||
|
+ if (ret != EOK) {
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP);
|
||||||
|
+
|
||||||
|
+done:
|
||||||
|
+ talloc_free(attrs);
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* =Replace-Attributes-On-Group=========================================== */
|
||||||
|
|
||||||
|
int sysdb_set_group_attr(struct sss_domain_info *domain,
|
||||||
|
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
|
||||||
|
index 6404a9d3a..96b9d6df4 100644
|
||||||
|
--- a/src/providers/ldap/ldap_auth.c
|
||||||
|
+++ b/src/providers/ldap/ldap_auth.c
|
||||||
|
@@ -1240,6 +1240,7 @@ struct sdap_pam_chpass_handler_state {
|
||||||
|
struct pam_data *pd;
|
||||||
|
struct sdap_handle *sh;
|
||||||
|
char *dn;
|
||||||
|
+ enum pwexpire pw_expire_type;
|
||||||
|
};
|
||||||
|
|
||||||
|
static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq);
|
||||||
|
@@ -1339,7 +1340,6 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
|
||||||
|
{
|
||||||
|
struct sdap_pam_chpass_handler_state *state;
|
||||||
|
struct tevent_req *req;
|
||||||
|
- enum pwexpire pw_expire_type;
|
||||||
|
void *pw_expire_data;
|
||||||
|
size_t msg_len;
|
||||||
|
uint8_t *msg;
|
||||||
|
@@ -1349,7 +1349,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
|
||||||
|
state = tevent_req_data(req, struct sdap_pam_chpass_handler_state);
|
||||||
|
|
||||||
|
ret = auth_recv(subreq, state, &state->sh, &state->dn,
|
||||||
|
- &pw_expire_type, &pw_expire_data);
|
||||||
|
+ &state->pw_expire_type, &pw_expire_data);
|
||||||
|
talloc_free(subreq);
|
||||||
|
|
||||||
|
if ((ret == EOK || ret == ERR_PASSWORD_EXPIRED) &&
|
||||||
|
@@ -1361,7 +1361,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ret == EOK) {
|
||||||
|
- switch (pw_expire_type) {
|
||||||
|
+ switch (state->pw_expire_type) {
|
||||||
|
case PWEXPIRE_SHADOW:
|
||||||
|
ret = check_pwexpire_shadow(pw_expire_data, time(NULL), NULL);
|
||||||
|
break;
|
||||||
|
@@ -1381,7 +1381,8 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
DEBUG(SSSDBG_CRIT_FAILURE,
|
||||||
|
- "Unknown password expiration type %d.\n", pw_expire_type);
|
||||||
|
+ "Unknown password expiration type %d.\n",
|
||||||
|
+ state->pw_expire_type);
|
||||||
|
state->pd->pam_status = PAM_SYSTEM_ERR;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
@@ -1392,7 +1393,8 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
|
||||||
|
case ERR_PASSWORD_EXPIRED:
|
||||||
|
DEBUG(SSSDBG_TRACE_LIBS,
|
||||||
|
"user [%s] successfully authenticated.\n", state->dn);
|
||||||
|
- ret = sdap_pam_chpass_handler_change_step(state, req, pw_expire_type);
|
||||||
|
+ ret = sdap_pam_chpass_handler_change_step(state, req,
|
||||||
|
+ state->pw_expire_type);
|
||||||
|
if (ret != EOK) {
|
||||||
|
DEBUG(SSSDBG_OP_FAILURE,
|
||||||
|
"sdap_pam_chpass_handler_change_step() failed.\n");
|
||||||
|
@@ -1506,6 +1508,15 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
|
||||||
|
|
||||||
|
switch (ret) {
|
||||||
|
case EOK:
|
||||||
|
+ if (state->pw_expire_type == PWEXPIRE_SHADOW) {
|
||||||
|
+ ret = sysdb_update_user_shadow_last_change(state->be_ctx->domain,
|
||||||
|
+ state->pd->user, SYSDB_SHADOWPW_LASTCHANGE);
|
||||||
|
+ if (ret != EOK) {
|
||||||
|
+ state->pd->pam_status = PAM_SYSTEM_ERR;
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
state->pd->pam_status = PAM_SUCCESS;
|
||||||
|
break;
|
||||||
|
case ERR_CHPASS_DENIED:
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -1,295 +0,0 @@
|
|||||||
From 1b2e4760c52b9abd0d9b9f35b47ed72e79922ccc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
||||||
Date: Thu, 25 Aug 2022 18:10:46 +0200
|
|
||||||
Subject: [PATCH] CLIENT: fix client fd leak
|
|
||||||
|
|
||||||
- close client socket at thread exit
|
|
||||||
- only build lock-free client support if libc has required
|
|
||||||
functionality for a proper cleanup
|
|
||||||
- use proper mechanisms to init lock_mode only once
|
|
||||||
|
|
||||||
:relnote:Lock-free client support will be only built if libc
|
|
||||||
provides `pthread_key_create()` and `pthread_once()`. For glibc
|
|
||||||
this means version 2.34+
|
|
||||||
|
|
||||||
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
||||||
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
||||||
(cherry picked from commit 1a6f67c92399ff8e358a6c6cdda43fb2547a5fdb)
|
|
||||||
---
|
|
||||||
configure.ac | 29 +++++++++--
|
|
||||||
src/man/Makefile.am | 5 +-
|
|
||||||
src/man/sssd.8.xml | 2 +-
|
|
||||||
src/sss_client/common.c | 83 +++++++++++++++++++-------------
|
|
||||||
src/sss_client/idmap/common_ex.c | 4 ++
|
|
||||||
5 files changed, 84 insertions(+), 39 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 93bd93b85..5a05de41e 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -51,18 +51,39 @@ AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
|
|
||||||
m4_include([src/build_macros.m4])
|
|
||||||
BUILD_WITH_SHARED_BUILD_DIR
|
|
||||||
|
|
||||||
-AC_COMPILE_IFELSE(
|
|
||||||
+
|
|
||||||
+SAVE_LIBS=$LIBS
|
|
||||||
+LIBS=
|
|
||||||
+AC_LINK_IFELSE(
|
|
||||||
[AC_LANG_PROGRAM([[#include <pthread.h>]],
|
|
||||||
[[pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER;
|
|
||||||
- (void) m; /* unused */
|
|
||||||
+ pthread_mutex_lock(&m);
|
|
||||||
+ pthread_mutex_unlock(&m);
|
|
||||||
]])],
|
|
||||||
[AC_DEFINE([HAVE_PTHREAD], [1], [Pthread mutexes available.])
|
|
||||||
HAVE_PTHREAD=1
|
|
||||||
],
|
|
||||||
- [AC_MSG_WARN([Pthread library not found! Clients will not be thread safe...])])
|
|
||||||
+ [AC_MSG_WARN([Pthread mutex support not found! Clients will not be thread safe...])])
|
|
||||||
+LIBS=$SAVE_LIBS
|
|
||||||
+AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
|
|
||||||
|
|
||||||
|
|
||||||
-AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
|
|
||||||
+SAVE_LIBS=$LIBS
|
|
||||||
+LIBS=
|
|
||||||
+AC_LINK_IFELSE(
|
|
||||||
+ [AC_LANG_PROGRAM([[#include <pthread.h>]],
|
|
||||||
+ [[static pthread_key_t k;
|
|
||||||
+ static pthread_once_t f = PTHREAD_ONCE_INIT;
|
|
||||||
+ pthread_once(&f, NULL);
|
|
||||||
+ pthread_key_create(&k, NULL);
|
|
||||||
+ ]])],
|
|
||||||
+ [AC_DEFINE([HAVE_PTHREAD_EXT], [1], [Extended pthread functionality is available.])
|
|
||||||
+ HAVE_PTHREAD_EXT=1
|
|
||||||
+ ],
|
|
||||||
+ [AC_MSG_WARN([Extended pthread functionality is not available. Lock-free client feature will not be built.])])
|
|
||||||
+LIBS=$SAVE_LIBS
|
|
||||||
+AM_CONDITIONAL([BUILD_LOCKFREE_CLIENT], [test x"$HAVE_PTHREAD_EXT" != "x"])
|
|
||||||
+
|
|
||||||
|
|
||||||
# Check library for the timer_create function
|
|
||||||
SAVE_LIBS=$LIBS
|
|
||||||
diff --git a/src/man/Makefile.am b/src/man/Makefile.am
|
|
||||||
index 93dd14819..063ff1bf0 100644
|
|
||||||
--- a/src/man/Makefile.am
|
|
||||||
+++ b/src/man/Makefile.am
|
|
||||||
@@ -46,9 +46,12 @@ endif
|
|
||||||
if BUILD_KCM_RENEWAL
|
|
||||||
KCM_RENEWAL_CONDS = ;enable_kcm_renewal
|
|
||||||
endif
|
|
||||||
+if BUILD_LOCKFREE_CLIENT
|
|
||||||
+LOCKFREE_CLIENT_CONDS = ;enable_lockfree_support
|
|
||||||
+endif
|
|
||||||
|
|
||||||
|
|
||||||
-CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SYSTEMD_CONDS)$(FILES_CONDS)$(KCM_CONDS)$(STAP_CONDS)$(KCM_RENEWAL_CONDS)
|
|
||||||
+CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SYSTEMD_CONDS)$(FILES_CONDS)$(KCM_CONDS)$(STAP_CONDS)$(KCM_RENEWAL_CONDS)$(LOCKFREE_CLIENT_CONDS)
|
|
||||||
|
|
||||||
|
|
||||||
#Special Rules:
|
|
||||||
diff --git a/src/man/sssd.8.xml b/src/man/sssd.8.xml
|
|
||||||
index df07b7f29..5f507c631 100644
|
|
||||||
--- a/src/man/sssd.8.xml
|
|
||||||
+++ b/src/man/sssd.8.xml
|
|
||||||
@@ -240,7 +240,7 @@
|
|
||||||
If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO",
|
|
||||||
client applications will not use the fast in-memory cache.
|
|
||||||
</para>
|
|
||||||
- <para>
|
|
||||||
+ <para condition="enable_lockfree_support">
|
|
||||||
If the environment variable SSS_LOCKFREE is set to "NO", requests
|
|
||||||
from multiple threads of a single application will be serialized.
|
|
||||||
</para>
|
|
||||||
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
|
|
||||||
index 29c751a50..d762dff49 100644
|
|
||||||
--- a/src/sss_client/common.c
|
|
||||||
+++ b/src/sss_client/common.c
|
|
||||||
@@ -35,7 +35,6 @@
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <stdint.h>
|
|
||||||
-#include <stdatomic.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
#include <poll.h>
|
|
||||||
@@ -62,8 +61,15 @@
|
|
||||||
|
|
||||||
/* common functions */
|
|
||||||
|
|
||||||
+#ifdef HAVE_PTHREAD_EXT
|
|
||||||
+static pthread_key_t sss_sd_key;
|
|
||||||
+static pthread_once_t sss_sd_key_initialized = PTHREAD_ONCE_INIT;
|
|
||||||
static __thread int sss_cli_sd = -1; /* the sss client socket descriptor */
|
|
||||||
static __thread struct stat sss_cli_sb; /* the sss client stat buffer */
|
|
||||||
+#else
|
|
||||||
+static int sss_cli_sd = -1; /* the sss client socket descriptor */
|
|
||||||
+static struct stat sss_cli_sb; /* the sss client stat buffer */
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR
|
|
||||||
__attribute__((destructor))
|
|
||||||
@@ -76,6 +82,18 @@ void sss_cli_close_socket(void)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef HAVE_PTHREAD_EXT
|
|
||||||
+static void sss_at_thread_exit(void *v)
|
|
||||||
+{
|
|
||||||
+ sss_cli_close_socket();
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void init_sd_key(void)
|
|
||||||
+{
|
|
||||||
+ pthread_key_create(&sss_sd_key, sss_at_thread_exit);
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/* Requests:
|
|
||||||
*
|
|
||||||
* byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X)
|
|
||||||
@@ -553,6 +571,16 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef HAVE_PTHREAD_EXT
|
|
||||||
+ pthread_once(&sss_sd_key_initialized, init_sd_key); /* once for all threads */
|
|
||||||
+
|
|
||||||
+ /* It actually doesn't matter what value to set for a key.
|
|
||||||
+ * The only important thing: key must be non-NULL to ensure
|
|
||||||
+ * destructor is executed at thread exit.
|
|
||||||
+ */
|
|
||||||
+ pthread_setspecific(sss_sd_key, &sss_cli_sd);
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/* set as non-blocking, close on exec, and make sure standard
|
|
||||||
* descriptors are not used */
|
|
||||||
sd = make_safe_fd(sd);
|
|
||||||
@@ -1129,41 +1157,38 @@ errno_t sss_strnlen(const char *str, size_t maxlen, size_t *len)
|
|
||||||
}
|
|
||||||
|
|
||||||
#if HAVE_PTHREAD
|
|
||||||
-bool sss_is_lockfree_mode(void)
|
|
||||||
+
|
|
||||||
+#ifdef HAVE_PTHREAD_EXT
|
|
||||||
+static bool sss_lock_free = true;
|
|
||||||
+static pthread_once_t sss_lock_mode_initialized = PTHREAD_ONCE_INIT;
|
|
||||||
+
|
|
||||||
+static void init_lock_mode(void)
|
|
||||||
{
|
|
||||||
- const char *env = NULL;
|
|
||||||
- enum {
|
|
||||||
- MODE_UNDEF,
|
|
||||||
- MODE_LOCKING,
|
|
||||||
- MODE_LOCKFREE
|
|
||||||
- };
|
|
||||||
- static atomic_int mode = MODE_UNDEF;
|
|
||||||
-
|
|
||||||
- if (mode == MODE_UNDEF) {
|
|
||||||
- env = getenv("SSS_LOCKFREE");
|
|
||||||
- if ((env != NULL) && (strcasecmp(env, "NO") == 0)) {
|
|
||||||
- mode = MODE_LOCKING;
|
|
||||||
- } else {
|
|
||||||
- mode = MODE_LOCKFREE;
|
|
||||||
- }
|
|
||||||
+ const char *env = getenv("SSS_LOCKFREE");
|
|
||||||
+
|
|
||||||
+ if ((env != NULL) && (strcasecmp(env, "NO") == 0)) {
|
|
||||||
+ sss_lock_free = false;
|
|
||||||
}
|
|
||||||
+}
|
|
||||||
|
|
||||||
- return (mode == MODE_LOCKFREE);
|
|
||||||
+bool sss_is_lockfree_mode(void)
|
|
||||||
+{
|
|
||||||
+ pthread_once(&sss_lock_mode_initialized, init_lock_mode);
|
|
||||||
+ return sss_lock_free;
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
struct sss_mutex sss_nss_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER };
|
|
||||||
-
|
|
||||||
static struct sss_mutex sss_pam_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER };
|
|
||||||
-
|
|
||||||
-static struct sss_mutex sss_nss_mc_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER };
|
|
||||||
-
|
|
||||||
static struct sss_mutex sss_pac_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER };
|
|
||||||
|
|
||||||
static void sss_mt_lock(struct sss_mutex *m)
|
|
||||||
{
|
|
||||||
+#ifdef HAVE_PTHREAD_EXT
|
|
||||||
if (sss_is_lockfree_mode()) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
pthread_mutex_lock(&m->mtx);
|
|
||||||
pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &m->old_cancel_state);
|
|
||||||
@@ -1171,9 +1196,11 @@ static void sss_mt_lock(struct sss_mutex *m)
|
|
||||||
|
|
||||||
static void sss_mt_unlock(struct sss_mutex *m)
|
|
||||||
{
|
|
||||||
+#ifdef HAVE_PTHREAD_EXT
|
|
||||||
if (sss_is_lockfree_mode()) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
pthread_setcancelstate(m->old_cancel_state, NULL);
|
|
||||||
pthread_mutex_unlock(&m->mtx);
|
|
||||||
@@ -1189,7 +1216,7 @@ void sss_nss_unlock(void)
|
|
||||||
sss_mt_unlock(&sss_nss_mtx);
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* NSS mutex wrappers */
|
|
||||||
+/* PAM mutex wrappers */
|
|
||||||
void sss_pam_lock(void)
|
|
||||||
{
|
|
||||||
sss_mt_lock(&sss_pam_mtx);
|
|
||||||
@@ -1199,16 +1226,6 @@ void sss_pam_unlock(void)
|
|
||||||
sss_mt_unlock(&sss_pam_mtx);
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* NSS mutex wrappers */
|
|
||||||
-void sss_nss_mc_lock(void)
|
|
||||||
-{
|
|
||||||
- sss_mt_lock(&sss_nss_mc_mtx);
|
|
||||||
-}
|
|
||||||
-void sss_nss_mc_unlock(void)
|
|
||||||
-{
|
|
||||||
- sss_mt_unlock(&sss_nss_mc_mtx);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
/* PAC mutex wrappers */
|
|
||||||
void sss_pac_lock(void)
|
|
||||||
{
|
|
||||||
diff --git a/src/sss_client/idmap/common_ex.c b/src/sss_client/idmap/common_ex.c
|
|
||||||
index 4f454cd63..8c4894fd9 100644
|
|
||||||
--- a/src/sss_client/idmap/common_ex.c
|
|
||||||
+++ b/src/sss_client/idmap/common_ex.c
|
|
||||||
@@ -28,7 +28,9 @@
|
|
||||||
#include "common_private.h"
|
|
||||||
|
|
||||||
extern struct sss_mutex sss_nss_mtx;
|
|
||||||
+#ifdef HAVE_PTHREAD_EXT
|
|
||||||
bool sss_is_lockfree_mode(void);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#define SEC_FROM_MSEC(ms) ((ms) / 1000)
|
|
||||||
#define NSEC_FROM_MSEC(ms) (((ms) % 1000) * 1000 * 1000)
|
|
||||||
@@ -51,9 +53,11 @@ static int sss_mt_timedlock(struct sss_mutex *m, const struct timespec *endtime)
|
|
||||||
{
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
+#ifdef HAVE_PTHREAD_EXT
|
|
||||||
if (sss_is_lockfree_mode()) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
ret = pthread_mutex_timedlock(&m->mtx, endtime);
|
|
||||||
if (ret != 0) {
|
|
||||||
--
|
|
||||||
2.37.1
|
|
||||||
|
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (sssd-2.8.1.tar.gz) = 419798fa3e7ab0ad407d9f53ead183e6c4ffb534c93ed20a944a2eea6760bffaa2336373a8d52bd43f8e7c100e52fccecc9d0859bde04f8ce4e7406102024c0e
|
SHA512 (sssd-2.8.2.tar.gz) = 10b7a641823aefb43e30bff9e5f309a1f48446ffff421a06f86496db24ba1fbd384733b5690864507ef9b2f04c91e563fe9820536031f83f1bd6e93edfedee55
|
||||||
|
16
sssd.spec
16
sssd.spec
@ -26,7 +26,7 @@
|
|||||||
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
|
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.8.1
|
Version: 2.8.2
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -34,7 +34,7 @@ URL: https://github.com/SSSD/sssd/
|
|||||||
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
|
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
|
||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
#Patch0001:
|
Patch0001: 0001-ldap-update-shadow-last-change-in-sysdb-as-well.patch
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
@ -118,6 +118,7 @@ BuildRequires: samba-winbind
|
|||||||
BuildRequires: selinux-policy-targeted
|
BuildRequires: selinux-policy-targeted
|
||||||
# required for p11_child smartcard tests
|
# required for p11_child smartcard tests
|
||||||
BuildRequires: softhsm >= 2.1.0
|
BuildRequires: softhsm >= 2.1.0
|
||||||
|
BuildRequires: bc
|
||||||
BuildRequires: systemd-devel
|
BuildRequires: systemd-devel
|
||||||
BuildRequires: systemtap-sdt-devel
|
BuildRequires: systemtap-sdt-devel
|
||||||
BuildRequires: uid_wrapper
|
BuildRequires: uid_wrapper
|
||||||
@ -1059,6 +1060,17 @@ fi
|
|||||||
%systemd_postun_with_restart sssd.service
|
%systemd_postun_with_restart sssd.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Dec 16 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-1
|
||||||
|
- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
|
||||||
|
- Resolves: rhbz#1608496 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search
|
||||||
|
- Resolves: rhbz#2110091 - SSSD doesn't handle changes in 'resolv.conf' properly (when started right before network service)
|
||||||
|
- Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
|
||||||
|
- Resolves: rhbz#2139684 - [sssd] RHEL 9.2 Tier 0 Localization
|
||||||
|
- Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list
|
||||||
|
- Resolves: rhbz#2142794 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged
|
||||||
|
- Resolves: rhbz#2144893 - changing password with ldap_password_policy = shadow does not take effect immediately
|
||||||
|
- Resolves: rhbz#2148737 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around
|
||||||
|
|
||||||
* Fri Nov 4 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.1-1
|
* Fri Nov 4 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.1-1
|
||||||
- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
|
- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
|
||||||
- Resolves: rhbz#1507035 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file
|
- Resolves: rhbz#1507035 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file
|
||||||
|
Loading…
Reference in New Issue
Block a user