rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 0.3.2

Browse Source
This commit is contained in:
Jakub Hrozek 2009-04-20 18:17:19 +00:00
parent cb09420cd2
commit 6f3fcee1b7
8 changed files with 10 additions and 998 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
sssd-0.3.1.tar.gz sssd-0.3.2.tar.gz

90
0001-Add-reconnection-code-between-the-NSS-responder-and.patch
View File

@ -1,90 +0,0 @@
From ecd411426a6c37d842b6d390c4895f34538130cf Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 14 Apr 2009 09:24:27 -0400
Subject: [PATCH] Add reconnection code between the NSS responder and the Data provider
---
server/responder/nss/nsssrv.c | 53 ++++++++++++++++++++++++++++++++++++++++-
1 files changed, 52 insertions(+), 1 deletions(-)
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index 58b09fb..8e72a95 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -219,6 +219,41 @@ done:
return ret;
}
+static void nss_shutdown(struct resp_ctx *rctx)
+{
+ /* TODO: Do clean-up here */
+
+ /* Nothing left to do but exit() */
+ exit(0);
+}
+
+
+static void nss_dp_reconnect_init(struct sbus_conn_ctx *sconn, int status, void *pvt)
+{
+ int ret;
+ struct resp_ctx *rctx = talloc_get_type(pvt, struct resp_ctx);
+
+ /* Did we reconnect successfully? */
+ if (status == SBUS_RECONNECT_SUCCESS) {
+ /* Add the methods back to the new connection */
+ ret = sbus_conn_add_method_ctx(rctx->dp_ctx->scon_ctx,
+ rctx->dp_ctx->sm_ctx);
+ if (ret != EOK) {
+ DEBUG(0, ("Could not re-add methods on reconnection.\n"));
+ nss_shutdown(rctx);
+ }
+
+ DEBUG(1, ("Reconnected to the Data Provider.\n"));
+ return;
+ }
+
+ /* Handle failure */
+ DEBUG(0, ("Could not reconnect to data provider.\n"));
+ /* Kill the backend and let the monitor restart it */
+ nss_shutdown(rctx);
+}
+
+
int nss_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
@@ -226,7 +261,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
struct sbus_method *nss_dp_methods;
struct sss_cmd_table *nss_cmds;
struct nss_ctx *nctx;
- int ret;
+ int ret, max_retries;
nctx = talloc_zero(mem_ctx, struct nss_ctx);
if (!nctx) {
@@ -261,6 +296,22 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
return ret;
}
+ /* Enable automatic reconnection to the Data Provider */
+
+ /* FIXME: "retries" is too generic, either get it from a global config
+ * or specify these retries are about the sbus connections to DP */
+ ret = confdb_get_int(nctx->rctx->cdb, nctx->rctx,
+ nctx->rctx->confdb_service_path,
+ "retries", 3, &max_retries);
+ if (ret != EOK) {
+ DEBUG(0, ("Failed to set up automatic reconnection\n"));
+ return ret;
+ }
+
+ sbus_reconnect_init(nctx->rctx->dp_ctx->scon_ctx,
+ max_retries,
+ nss_dp_reconnect_init, nctx->rctx);
+
DEBUG(1, ("NSS Initialization complete\n"));
return EOK;
--
1.6.0.6

140
0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch
View File

@ -1,140 +0,0 @@
From 2f9fb5b8dcf09a3285386b8bade78bcd6867cb24 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 14 Apr 2009 09:30:43 -0400
Subject: [PATCH] Replace the example sssd.conf file with the one used in Fedora
Also remove the [services/infopipe] section, since we're not
shipping InfoPipe yet, and that would be confusing.
---
server/examples/sssd.conf | 103 +++++++++++++++++++++++++++++++--------------
1 files changed, 71 insertions(+), 32 deletions(-)
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index c5fd7e6..b9a421e 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -1,50 +1,89 @@
[services]
description = Local Service Configuration
-activeServices = nss, dp, pam, info
+activeServices = nss, dp, pam
[services/nss]
description = NSS Responder Configuration
-timeout = 10
-filterGroups = root, foo@TEST
-filterUsers = root, bar@TEST
+# the following prevents sssd for searching for the root user/group in
+# all domains (you can add here a comma separated list of system accounts are
+# always going to be /etc/passwd users, or that you want to filter out)
+filterGroups = root
+filterUsers = root
[services/dp]
description = Data Provider Configuration
-timeout = 10
[services/pam]
description = PAM Responder Configuration
-timeout = 10
-
-[services/info]
-description = InfoPipe Configuration
-timeout = 10
[services/monitor]
description = Service Monitor Configuration
-sbusTimeout = 10
+#if a backend is particularly slow you can raise this timeout here
+sbusTimeout = 30
[domains]
description = Domains served by SSSD
-domains = LOCAL
-
-[domains/LOCAL]
-description = Reserved domain for local configurations
-enumerate = 3
-minId = 500
-maxId = 999
-legacy = TRUE
-libName = files
-libPath = /lib64/libnss_files.so.2
-magicPrivateGroups = FALSE
-provider = proxy
-auth-module = proxy
-pam-target = sssdproxylocal
-
-[domains/EXAMPLE.COM]
-description = Example LDAP domain
-basedn = dc=example,dc=com
-command = /usr/libexec/sssd/sssd_be --provider ldap --domain EXAMPLE.COM
-provider = ldap
-userSearchBase = ou=user,dc=example,dc=com
+; domains = LOCAL,LDAP
+
+# SSSD will not start if you don't configure any domain.
+# Add new domains condifgurations as [domains/<NAME>] sections.
+# Then add the list of domains (in the order you want them to be
+# queried in the 'domains" attribute above and uncomment it
+
+# Example LOCAL domain that proxies to /etc/passwd and /etc/group files
+# This configuration is meant mostly as a migration path to be able to store
+# additional information about users while still keeping /etc/passwd
+# authoritative.
+
+; [domains/LOCAL]
+; description = LOCAL migration domain
+; enumerate = 3
+; minId = 500
+; magicPrivateGroups = FALSE
+; legacy = TRUE
+;
+; provider = proxy
+; libName = files
+; libPath = libnss_files.so.2
+
+# optionally a file named sssdproxylocal can be place in pam.d configured to
+# check pam_unix only and pam_sss can be used in the normal pam stack
+; auth-module = proxy
+; pam-target = sssdproxylocal
+
+# Example LOCAL domain that stores all users natively in the SSSD internal
+# directory. These local users and groups are not visibile in /etc/passwd, it
+# now contains only root and system accounts.
+
+; [domains/LOCAL]
+; description = LOCAL Users domain
+; enumerate = 3
+; minId = 500
+; maxId = 999
+; legacy = FALSE
+; magicPrivateGroups = TRUE
+
+# Example LDAP domain that uses the proxy backend and the standard nss_ldap
+# and pam_ldap modules (Useful until we have good working native ldap backends).
+# For this to work the /etc/ldap.conf file needs to be correctly configured just
+# like you would do when using nss_ldap in nsswitch.conf, but instead of setting
+# passwd: files ldap, set passwd: files, sss instead there.
+# Also consider using the following setting in /etc/ldap.conf to avoid needless
+# delays if the ldap server is offline:
+# timelimit 10
+# bind_timelimit 5
+# nss_reconnect_maxsleeptime 2
+# nss_reconnect_sleeptime 1
+; [domains/LDAP]
+; description = Proxy request to our LDAP server
+; enumerate = 0
+; minId = 1000
+; legacy = TRUE
+;
+; provider = proxy
+; libName = ldap
+; libPath = libnss_ldap.so.2
+;
+#if a backend is particularly slow you can raise this timeout here
+; timeout = 60
--
1.6.0.6

110
0003-Make-reconnection-to-the-Data-Provider-a-global-sett.patch
View File

@ -1,110 +0,0 @@
From ac5a54e24ac79a33ddf8320811d981b950e21e8e Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 14 Apr 2009 10:22:20 -0400
Subject: [PATCH] Make reconnection to the Data Provider a global setting
Previously, every DP client was allowed to set its own "retries"
option. This option was ambiguous, and useless. All DP clients
will now use a global option set in the services config called
"reconnection_retries"
---
server/confdb/confdb.h | 2 ++
server/examples/sssd.conf | 3 +++
server/monitor/monitor.c | 2 +-
server/providers/data_provider_be.c | 4 ++--
server/responder/nss/nsssrv.c | 7 ++-----
server/responder/pam/pamsrv.c | 4 ++--
6 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h
index fda584c..19614fc 100644
--- a/server/confdb/confdb.h
+++ b/server/confdb/confdb.h
@@ -32,6 +32,8 @@
#define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf"
#define SSSD_MIN_ID 1000
+#define SERVICE_CONF_ENTRY "config/services"
+
struct confdb_ctx;
typedef int (*confdb_reconf_fn) (struct confdb_ctx *cdb, void *pvt);
diff --git a/server/examples/sssd.conf b/server/examples/sssd.conf
index b9a421e..a480b54 100644
--- a/server/examples/sssd.conf
+++ b/server/examples/sssd.conf
@@ -1,6 +1,9 @@
[services]
description = Local Service Configuration
activeServices = nss, dp, pam
+# Number of times services should attempt to reconnect in the
+# event of a Data Provider crash or restart before they give up
+reconnection_retries = 3
[services/nss]
description = NSS Responder Configuration
diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c
index 69640b9..dd80830 100644
--- a/server/monitor/monitor.c
+++ b/server/monitor/monitor.c
@@ -558,7 +558,7 @@ int get_monitor_config(struct mt_ctx *ctx)
}
ret = confdb_get_string(ctx->cdb, ctx,
- "config/services", "activeServices",
+ SERVICE_CONF_ENTRY, "activeServices",
NULL, &svcs);
if (ret != EOK || svcs == NULL) {
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c
index 3d824c3..6cd86e8 100644
--- a/server/providers/data_provider_be.c
+++ b/server/providers/data_provider_be.c
@@ -681,8 +681,8 @@ static int be_cli_init(struct be_ctx *ctx)
}
/* Enable automatic reconnection to the Data Provider */
- ret = confdb_get_int(ctx->cdb, ctx, ctx->conf_path,
- "retries", 3, &max_retries);
+ ret = confdb_get_int(ctx->cdb, ctx, SERVICE_CONF_ENTRY,
+ "reconnection_retries", 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
return ret;
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index 8e72a95..e85e56b 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -297,12 +297,9 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
}
/* Enable automatic reconnection to the Data Provider */
-
- /* FIXME: "retries" is too generic, either get it from a global config
- * or specify these retries are about the sbus connections to DP */
ret = confdb_get_int(nctx->rctx->cdb, nctx->rctx,
- nctx->rctx->confdb_service_path,
- "retries", 3, &max_retries);
+ SERVICE_CONF_ENTRY,
+ "reconnection_retries", 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
return ret;
diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c
index 1adbb14..e4ddc43 100644
--- a/server/responder/pam/pamsrv.c
+++ b/server/responder/pam/pamsrv.c
@@ -163,8 +163,8 @@ static int pam_process_init(struct main_context *main_ctx,
/* FIXME: "retries" is too generic, either get it from a global config
* or specify these retries are about the sbus connections to DP */
- ret = confdb_get_int(rctx->cdb, rctx, rctx->confdb_service_path,
- "retries", 3, &max_retries);
+ ret = confdb_get_int(rctx->cdb, rctx, SERVICE_CONF_ENTRY,
+ "reconnection_retries", 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
return ret;
--
1.6.0.6

426
0004-Add-common-function-to-retrieve-comma-sep.-lists.patch
View File

@ -1,426 +0,0 @@
From 4ad7fe5e6acc87140fc29b635605af8445d2d32f Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Tue, 14 Apr 2009 11:20:30 -0400
Subject: [PATCH] Add common function to retrieve comma sep. lists
Also convert all places where we were using custom code to parse
config arguments.
And fix a copy&paste error in nss_get_config
---
server/confdb/confdb.c | 203 ++++++++++++++++++++++++++++++++---------
server/confdb/confdb.h | 4 +
server/monitor/monitor.c | 54 +----------
server/responder/nss/nsssrv.c | 24 +++--
4 files changed, 179 insertions(+), 106 deletions(-)
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index d3a2a08..1f642ca 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -36,8 +36,8 @@
#include "ini_config.h"
#define CONFDB_VERSION "1"
-#define CONFDB_BASEDN "cn=config"
-#define CONFDB_DOMAIN_BASEDN "cn=domains,"CONFDB_BASEDN
+#define CONFDB_DOMAINS_PATH "config/domains"
+#define CONFDB_DOMAIN_BASEDN "cn=domains,cn=config"
#define CONFDB_DOMAIN_ATTR "cn"
#define CONFDB_MPG "magicPrivateGroups"
#define CONFDB_FQ "useFullyQualifiedNames"
@@ -121,6 +121,110 @@ done:
return ret;
}
+/* split a string into an allocated array of strings.
+ * the separator is a string, and is case-sensitive.
+ * optionally single values can be trimmed of of spaces and tabs */
+static int split_on_separator(TALLOC_CTX *mem_ctx, const char *str,
+ char *sep, bool trim, char ***_list, int *size)
+{
+ const char *t, *p, *n;
+ size_t l, s, len;
+ char **list, **r;
+
+ if (!str || !*str || !sep || !*sep || !_list) return EINVAL;
+
+ s = strlen(sep);
+ t = str;
+
+ list = NULL;
+ l = 0;
+
+ if (trim)
+ while (*t == ' ' || *t == '\t') t++;
+
+ while (t && (p = strstr(t, sep))) {
+ len = p - t;
+ n = p + s; /* save next string starting point */
+ if (trim) {
+ while (*t == ' ' || *t == '\t') {
+ t++;
+ len--;
+ if (len == 0) break;
+ }
+ p--;
+ while (len > 0 && (*p == ' ' || *p == '\t')) {
+ len--;
+ p--;
+ }
+ }
+
+ r = talloc_realloc(mem_ctx, list, char *, l + 2);
+ if (!r) {
+ talloc_free(list);
+ return ENOMEM;
+ } else {
+ list = r;
+ }
+
+ if (len == 0) {
+ list[l] = talloc_strdup(list, "");
+ } else {
+ list[l] = talloc_strndup(list, t, len);
+ }
+ if (!list[l]) {
+ talloc_free(list);
+ return ENOMEM;
+ }
+ l++;
+
+ t = n; /* move to next string */
+ }
+
+ if (t) {
+ r = talloc_realloc(mem_ctx, list, char *, l + 2);
+ if (!r) {
+ talloc_free(list);
+ return ENOMEM;
+ } else {
+ list = r;
+ }
+
+ if (trim) {
+ len = strlen(t);
+ while (*t == ' ' || *t == '\t') {
+ t++;
+ len--;
+ if (len == 0) break;
+ }
+ p = t + len - 1;
+ while (len > 0 && (*p == ' ' || *p == '\t')) {
+ len--;
+ p--;
+ }
+
+ if (len == 0) {
+ list[l] = talloc_strdup(list, "");
+ } else {
+ list[l] = talloc_strndup(list, t, len);
+ }
+ } else {
+ list[l] = talloc_strdup(list, t);
+ }
+ if (!list[l]) {
+ talloc_free(list);
+ return ENOMEM;
+ }
+ l++;
+ }
+
+ list[l] = NULL; /* terminate list */
+
+ if (size) *size = l + 1;
+ *_list = list;
+
+ return EOK;
+}
+
int confdb_add_param(struct confdb_ctx *cdb,
bool replace,
const char *section,
@@ -496,6 +600,43 @@ failed:
return ret;
}
+/* WARNING: Unlike other similar functions, this one does NOT take a default,
+ * and returns ENOENT if the attribute was not found ! */
+int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
+ const char *section, const char *attribute,
+ char ***result)
+{
+ char **values = NULL;
+ int ret;
+
+ ret = confdb_get_param(cdb, ctx, section, attribute, &values);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ if (values && values[0]) {
+ if (values[1] != NULL) {
+ /* too many values */
+ ret = EINVAL;
+ goto done;
+ }
+ } else {
+ /* Did not return a value */
+ ret = ENOENT;
+ goto done;
+ }
+
+ ret = split_on_separator(ctx, values[0], ",", true, result, NULL);
+
+done:
+ talloc_free(values);
+ if (ret != EOK && ret != ENOENT) {
+ DEBUG(2, ("Failed to get [%s] from [%s], error [%d] (%s)",
+ attribute, section, ret, strerror(ret)));
+ }
+ return ret;
+}
+
int confdb_test(struct confdb_ctx *cdb)
{
char **values;
@@ -948,61 +1089,33 @@ int confdb_get_domains(struct confdb_ctx *cdb,
struct sss_domain_info **domains)
{
TALLOC_CTX *tmp_ctx;
- struct ldb_dn *dn;
- struct ldb_result *res;
struct sss_domain_info *domain, *prevdom;
struct sss_domain_info *first = NULL;
- const char *attrs[] = { "domains", NULL };
- const char *tmp;
- char *cur, *p, *t;
- int ret;
+ char **domlist;
+ int ret, i;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) return ENOMEM;
- dn = ldb_dn_new(tmp_ctx, cdb->ldb, CONFDB_DOMAIN_BASEDN);
- if (!dn) {
- ret = EIO;
- goto done;
- }
-
- ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn,
- LDB_SCOPE_BASE, attrs, NULL);
- if (ret != LDB_SUCCESS) {
- ret = EIO;
- goto done;
- }
-
- if (res->count != 1) {
- ret = EFAULT;
+ ret = confdb_get_string_as_list(cdb, tmp_ctx,
+ CONFDB_DOMAINS_PATH, "domains", &domlist);
+ if (ret == ENOENT) {
+ DEBUG(0, ("No domains configured, fatal error!\n"));
goto done;
}
-
- tmp = ldb_msg_find_attr_as_string(res->msgs[0], "domains", NULL);
- if (!tmp) {
- DEBUG(0, ("No domains configured, fatal error!\n"));
- ret = EINVAL;
+ if (ret != EOK ) {
+ DEBUG(0, ("Fatal error retrieving domains list!\n"));
goto done;
}
- cur = p = talloc_strdup(tmp_ctx, tmp);
- while (p && *p) {
-
- for (cur = p; (*cur == ' ' || *cur == '\t'); cur++) /* trim */ ;
- if (!*cur) break;
-
- p = strchr(cur, ',');
- if (p) {
- /* terminate element */
- *p = '\0';
- /* trim spaces */
- for (t = p-1; (*t == ' ' || *t == '\t'); t--) *t = '\0';
- p++;
+ for (i = 0; domlist[i]; i++) {
+ ret = confdb_get_domain(cdb, mem_ctx, domlist[i], &domain);
+ if (ret) {
+ DEBUG(0, ("Error (%d [%s]) retrieving domain %s, skipping!\n",
+ ret, strerror(ret), domains[i]));
+ continue;
}
- ret = confdb_get_domain(cdb, mem_ctx, cur, &domain);
- if (ret) goto done;
-
if (first == NULL) {
first = domain;
prevdom = first;
@@ -1014,7 +1127,7 @@ int confdb_get_domains(struct confdb_ctx *cdb,
if (first == NULL) {
DEBUG(0, ("No domains configured, fatal error!\n"));
- ret = EINVAL;
+ ret = ENOENT;
}
*domains = first;
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h
index 19614fc..76e4482 100644
--- a/server/confdb/confdb.h
+++ b/server/confdb/confdb.h
@@ -80,6 +80,10 @@ int confdb_get_bool(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
const char *section, const char *attribute,
bool defval, bool *result);
+int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
+ const char *section, const char *attribute,
+ char ***result);
+
int confdb_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx **cdb_ctx,
diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c
index dd80830..20734d1 100644
--- a/server/monitor/monitor.c
+++ b/server/monitor/monitor.c
@@ -544,11 +544,6 @@ static int service_signal_reload(struct mt_svc *svc)
int get_monitor_config(struct mt_ctx *ctx)
{
int ret;
- size_t svc_count = 0;
- char *svcs;
- char *cur, *p, *t;
- char **svc_list = NULL;
- char **tmp_list = NULL;
ret = confdb_get_int(ctx->cdb, ctx,
MONITOR_CONF_ENTRY, "sbusTimeout",
@@ -557,61 +552,20 @@ int get_monitor_config(struct mt_ctx *ctx)
return ret;
}
- ret = confdb_get_string(ctx->cdb, ctx,
- SERVICE_CONF_ENTRY, "activeServices",
- NULL, &svcs);
-
- if (ret != EOK || svcs == NULL) {
+ ret = confdb_get_string_as_list(ctx->cdb, ctx, SERVICE_CONF_ENTRY,
+ "activeServices", &ctx->services);
+ if (ret != EOK) {
DEBUG(0, ("No services configured!\n"));
return EINVAL;
}
- cur = p = talloc_strdup(svcs, svcs);
- while (p && *p) {
- for (cur = p; (*cur == ' ' || *cur == '\t'); cur++) /* trim */ ;
- if (!*cur) break;
-
- p = strchr(cur, ',');
- if (p) {
- /* terminate element */
- *p = '\0';
- /* trim spaces */
- for (t = p-1; (*t == ' ' || *t == '\t'); t--) *t = '\0';
- p++;
- }
-
- svc_count++;
- tmp_list = talloc_realloc(svcs, svc_list, char *, svc_count);
- if (!tmp_list) {
- ret = ENOMEM;
- goto done;
- }
- svc_list = tmp_list;
- svc_list[svc_count-1] = talloc_strdup(svc_list, cur);
- }
-
- svc_count++;
- tmp_list = talloc_realloc(svcs, svc_list, char *, svc_count);
- if (!tmp_list) {
- ret = ENOMEM;
- goto done;
- }
- svc_list = tmp_list;
- svc_list[svc_count-1] = NULL;
-
- ctx->services = talloc_steal(ctx, svc_list);
-
ret = confdb_get_domains(ctx->cdb, ctx, &ctx->domains);
if (ret != EOK) {
DEBUG(2, ("No domains configured. LOCAL should always exist!\n"));
return ret;
}
- ret = EOK;
-
-done:
- talloc_free(svcs);
- return ret;
+ return EOK;
}
static int get_service_config(struct mt_ctx *ctx, const char *name,
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index e85e56b..e04a8c8 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -138,18 +138,20 @@ static int nss_get_config(struct nss_ctx *nctx,
ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG,
"EntryCacheTimeout", 600,
- &nctx->enum_cache_timeout);
+ &nctx->cache_timeout);
if (ret != EOK) goto done;
ret = confdb_get_int(cdb, nctx, NSS_SRV_CONFIG,
"EntryNegativeTimeout", 15,
- &nctx->enum_cache_timeout);
+ &nctx->neg_timeout);
if (ret != EOK) goto done;
- ret = confdb_get_param(cdb, nctx, NSS_SRV_CONFIG,
- "filterUsers", &filter_list);
- if (ret != EOK) goto done;
- for (i = 0; filter_list[i]; i++) {
+ ret = confdb_get_string_as_list(cdb, tmpctx, NSS_SRV_CONFIG,
+ "filterUsers", &filter_list);
+ if (ret == ENOENT) filter_list = NULL;
+ else if (ret != EOK) goto done;
+
+ for (i = 0; (filter_list && filter_list[i]); i++) {
ret = sss_parse_name(tmpctx, nctx->rctx->names,
filter_list[i], &domain, &name);
if (ret != EOK) {
@@ -178,11 +180,12 @@ static int nss_get_config(struct nss_ctx *nctx,
}
}
}
- talloc_free(filter_list);
- ret = confdb_get_param(cdb, nctx, NSS_SRV_CONFIG,
- "filterGroups", &filter_list);
- if (ret != EOK) goto done;
+ ret = confdb_get_string_as_list(cdb, tmpctx, NSS_SRV_CONFIG,
+ "filterGroups", &filter_list);
+ if (ret == ENOENT) filter_list = NULL;
+ else if (ret != EOK) goto done;
+
for (i = 0; filter_list[i]; i++) {
ret = sss_parse_name(tmpctx, nctx->rctx->names,
filter_list[i], &domain, &name);
@@ -212,7 +215,6 @@ static int nss_get_config(struct nss_ctx *nctx,
}
}
}
- talloc_free(filter_list);
done:
talloc_free(tmpctx);
--
1.6.0.6

217
0005-Fixing-memory-issues-in-ini-and-collection.patch
View File

@ -1,217 +0,0 @@
From 9fc454c84d539cd90aed3a74a350bdc792455407 Mon Sep 17 00:00:00 2001
From: Dmitri Pal <dpal@redhat.com>
Date: Tue, 14 Apr 2009 14:55:42 -0400
Subject: [PATCH] Fixing memory issues in ini and collection
The read_line() function used an internal buffer allocated on stack
as temporary storage for a line read from file, then returned it.
read_line() now gets a buffer from the caller.
Fixed memory leaks in INI and Collection found by valgrind.
---
common/collection/collection_ut.c | 15 +++++++++------
common/ini/ini_config.c | 36 +++++++++++++++++++++++++++++-------
common/ini/ini_config_ut.c | 4 ++--
3 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/common/collection/collection_ut.c b/common/collection/collection_ut.c
index 6d27db6..eabf522 100644
--- a/common/collection/collection_ut.c
+++ b/common/collection/collection_ut.c
@@ -480,6 +480,7 @@ int mixed_collection_test()
/* Traverse collection again - peer should still be there */
error = print_collection(event);
if(error) {
+ destroy_collection(event);
printf("Error printing collection %d\n",error);
return error;
}
@@ -488,18 +489,17 @@ int mixed_collection_test()
error = debug_collection(event,COL_TRAVERSE_DEFAULT);
if(error) {
+ destroy_collection(event);
printf("Error printing collection %d\n",error);
return error;
}
printf("Attempt to add property to a referenced collection.\n");
- /* Some negative tests */
- /* Can't add attributes to the referenced collection */
error = add_int_property(event,"host","session",500);
- if(error != 0) printf("Error was NOT able to add property to a referenced collection.\n");
- else {
- printf("Unexpected success which is an implementation error.\n");
+ if(error) {
+ destroy_collection(event);
+ printf("Error was NOT able to add property to a referenced collection %d.\n", error);
return error;
}
@@ -508,6 +508,7 @@ int mixed_collection_test()
/* Can't delete non exitent property */
error = delete_property(event,"host.host",COL_TYPE_ANY, COL_TRAVERSE_DEFAULT);
if(error == 0) {
+ destroy_collection(event);
printf("Error was able to delete property that does not exist.\n");
return -1;
}
@@ -516,12 +517,14 @@ int mixed_collection_test()
/* Set collection class */
error = set_collection_class(event,2);
if(error != 0) {
+ destroy_collection(event);
printf("Error was NOT able to set class.\n");
return error;
}
error = get_collection_class(event,&class);
if(error != 0) {
+ destroy_collection(event);
printf("Error was NOT able to get class.\n");
return error;
}
@@ -529,6 +532,7 @@ int mixed_collection_test()
if(is_of_class(event,2)) printf("Class mathced!\n");
else {
+ destroy_collection(event);
printf("Error - bad class.\n");
return -1;
}
@@ -706,4 +710,3 @@ int main()
/* Add other tests here ... */
return error;
}
-
diff --git a/common/ini/ini_config.c b/common/ini/ini_config.c
index 4112049..fd1efb0 100644
--- a/common/ini/ini_config.c
+++ b/common/ini/ini_config.c
@@ -83,8 +83,14 @@ inline const char *parsing_error_str(int parsing_error)
return str_error[parsing_error-1];
}
-
-int read_line(FILE *file,char **key,char **value, int *length, int *ext_error);
+/* Internal function to read line from INI file */
+int read_line(FILE *file,
+ char *buf,
+ int read_size,
+ char **key,
+ char **value,
+ int *length,
+ int *ext_error);
/* Add to collection or update - CONSIDER moving to the collection.c */
static int add_or_update(struct collection_item *current_section,
@@ -137,6 +143,8 @@ static int ini_to_collection(const char *filename,
struct parse_error pe;
int line = 0;
int created = 0;
+ char buf[BUFFER_SIZE+1];
+
TRACE_FLOW_STRING("ini_to_collection", "Entry");
@@ -162,7 +170,8 @@ static int ini_to_collection(const char *filename,
/* Read file lines */
while (1) {
- status = read_line(file, &key, &value, &length, &ext_err);
+ /* Always read one less than the buffer */
+ status = read_line(file, buf, BUFFER_SIZE+1, &key, &value, &length, &ext_err);
if (status == RET_EOF) break;
line++;
@@ -505,11 +514,15 @@ int config_for_app(const char *application,
}
/* Reads a line from the file */
-int read_line(FILE *file, char **key,char **value, int *length, int *ext_error)
+int read_line(FILE *file,
+ char *buf,
+ int read_size,
+ char **key, char **value,
+ int *length,
+ int *ext_error)
{
char *res;
- char buf[BUFFER_SIZE+1];
int len;
char *buffer;
int i;
@@ -522,12 +535,15 @@ int read_line(FILE *file, char **key,char **value, int *length, int *ext_error)
buffer = buf;
/* Get data from file */
- res = fgets(buffer, BUFFER_SIZE, file);
+ res = fgets(buffer, read_size - 1, file);
if (res == NULL) {
TRACE_ERROR_STRING("Read nothing", "");
return RET_EOF;
}
+ /* Make sure the buffer is NULL terminated */
+ buffer[read_size - 1] = '\0';
+
len = strlen(buffer);
if (len == 0) {
TRACE_ERROR_STRING("Nothing was read.", "");
@@ -550,7 +566,8 @@ int read_line(FILE *file, char **key,char **value, int *length, int *ext_error)
TRACE_INFO_STRING("BUFFER before trimming:", buffer);
/* Trucate trailing spaces and CRs */
- while (isspace(buffer[len - 1])) {
+ /* Make sure not to step before the beginning */
+ while (len && isspace(buffer[len - 1])) {
buffer[len - 1] = '\0';
len--;
}
@@ -847,6 +864,9 @@ int get_config_item(const char *section,
error = get_item(section_handle, name,
COL_TYPE_STRING, COL_TRAVERSE_ONELEVEL, item);
+ /* Make sure we free the section we found */
+ destroy_collection(section_handle);
+
TRACE_FLOW_NUMBER("get_config_item returning", error);
return error;
}
@@ -1521,6 +1541,8 @@ char **get_attribute_list(struct collection_item *ini_config, const char *sectio
/* Pass it to the function from collection API */
list = collection_to_list(subcollection, size, error);
+ destroy_collection(subcollection);
+
TRACE_FLOW_STRING("get_attribute_list returning", list == NULL ? "NULL" : list[0]);
return list;
}
diff --git a/common/ini/ini_config_ut.c b/common/ini/ini_config_ut.c
index 6787c36..5441e02 100644
--- a/common/ini/ini_config_ut.c
+++ b/common/ini/ini_config_ut.c
@@ -303,7 +303,6 @@ int get_test()
debug_item(item);
-
printf("Get item as string without duplication from NULL item.\n");
/* Get a string without duplicication */
@@ -759,9 +758,10 @@ int get_test()
return -1;
}
- for (i=0;i<size;i++) printf("Section: [%s]\n", prop_array[i]);
+ for (i=0;i<size;i++) printf("Attribute: [%s]\n", prop_array[i]);
free_attribute_list(prop_array);
+ destroy_collection(ini_config);
printf("Done with get test!\n");
return EOK;
}
--
1.6.0.6

2
sources
View File

@ -1 +1 @@
c46bcc028e10c7da3fd0057a038a023f sssd-0.3.1.tar.gz 3bfe3145c3ea71fb35d82bae5f7adc47 sssd-0.3.2.tar.gz

21
sssd.spec
View File

@ -1,6 +1,6 @@
Name: sssd Name: sssd
Version: 0.3.1 Version: 0.3.2
Release: 2%{?dist} Release: 1%{?dist}
Group: Applications/System Group: Applications/System
Summary: System Security Services Daemon Summary: System Security Services Daemon
@ -13,11 +13,6 @@ Source1: sssd.conf.default
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ### ### Patches ###
Patch101: 0001-Add-reconnection-code-between-the-NSS-responder-and.patch
Patch102: 0002-Replace-the-example-sssd.conf-file-with-the-one-used.patch
Patch103: 0003-Make-reconnection-to-the-Data-Provider-a-global-sett.patch
Patch104: 0004-Add-common-function-to-retrieve-comma-sep.-lists.patch
Patch105: 0005-Fixing-memory-issues-in-ini-and-collection.patch
### Dependencies ### ### Dependencies ###
@ -56,11 +51,6 @@ services for projects like FreeIPA.
%prep %prep
%setup -q %setup -q
%patch101 -p1 -b .reconnect
%patch102 -p1 -b .examples
%patch103 -p1 -b .global_reconnect_option
%patch104 -p1 -b .fix_filters
%patch105 -p1 -b .fix_mem_issues
%build %build
@ -104,7 +94,7 @@ pushd sss_client
make install DESTDIR=$RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT
popd popd
install -m700 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf install -m600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -149,6 +139,11 @@ if [ $1 -ge 1 ] ; then
fi fi
%changelog %changelog
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
- bugfix release 0.3.2
- includes previous release patches
- change permissions of the /etc/sssd/sssd.conf to 0600
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2 * Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
- Add last minute bug fixes, found in testing the package - Add last minute bug fixes, found in testing the package