- Apply 0003-mc-recover-from-invalid-memory-cache-size.patch
- Apply 0004-sss_iface-do-not-add-cli_id-to-chain-key.patch - Apply 0005-Accept-krb5-1.21-for-building-the-PAC-plugin.patch - Apply 0006-MC-a-couple-of-additions-to-recover-from-invalid-memory.patch
This commit is contained in:
parent
8a58df9b66
commit
742312a8a9
220
SOURCES/0003-mc-recover-from-invalid-memory-cache-size.patch
Normal file
220
SOURCES/0003-mc-recover-from-invalid-memory-cache-size.patch
Normal file
@ -0,0 +1,220 @@
|
||||
From 641e5f73d3bd5b3d32cafd551013d3bfd2a52732 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Fri, 4 Aug 2023 12:19:49 +0200
|
||||
Subject: [PATCH] mc: recover from invalid memory cache size
|
||||
|
||||
If we access the mmap file outside its boundaries a SIGBUS is raised.
|
||||
We can now safely recover if the file has unexpected size.
|
||||
|
||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||
---
|
||||
src/responder/nss/nsssrv_mmap_cache.c | 86 +++++++++++++++++----
|
||||
src/sss_client/nss_mc_common.c | 42 +++++++---
|
||||
src/tests/system/tests/test_memory_cache.py | 36 ++++++++-
|
||||
3 files changed, 135 insertions(+), 29 deletions(-)
|
||||
|
||||
diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
|
||||
index 12c2996596..bd814f3bc7 100644
|
||||
--- a/src/responder/nss/nsssrv_mmap_cache.c
|
||||
+++ b/src/responder/nss/nsssrv_mmap_cache.c
|
||||
@@ -722,6 +722,57 @@ static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx *mcc,
|
||||
return EOK;
|
||||
}
|
||||
|
||||
+static errno_t sss_mmap_cache_validate_or_reinit(struct sss_mc_ctx **_mcc)
|
||||
+{
|
||||
+ struct sss_mc_ctx *mcc = *_mcc;
|
||||
+ struct stat fdstat;
|
||||
+ bool reinit = false;
|
||||
+ errno_t ret;
|
||||
+
|
||||
+ /* No mcc initialized? Memory cache may be disabled. */
|
||||
+ if (mcc == NULL || mcc->fd < 0) {
|
||||
+ ret = EINVAL;
|
||||
+ reinit = false;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (fstat(mcc->fd, &fdstat) == -1) {
|
||||
+ ret = errno;
|
||||
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
||||
+ "Unable to stat memory cache [file=%s, fd=%d] [%d]: %s\n",
|
||||
+ mcc->file, mcc->fd, ret, sss_strerror(ret));
|
||||
+ reinit = true;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (fdstat.st_nlink == 0) {
|
||||
+ DEBUG(SSSDBG_CRIT_FAILURE, "Memory cache file was removed\n");
|
||||
+ ret = ENOENT;
|
||||
+ reinit = true;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (fdstat.st_size != mcc->mmap_size) {
|
||||
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
||||
+ "Memory cache is corrupted, invalid size [file=%s, fd=%d, "
|
||||
+ "expected_size=%zu, real_size=%zu]\n",
|
||||
+ mcc->file, mcc->fd, mcc->mmap_size, fdstat.st_size);
|
||||
+ ret = EINVAL;
|
||||
+ reinit = true;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = EOK;
|
||||
+ reinit = false;
|
||||
+
|
||||
+done:
|
||||
+ if (reinit) {
|
||||
+ return sss_mmap_cache_reinit(talloc_parent(mcc), -1, -1, -1, -1, _mcc);
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/***************************************************************************
|
||||
* passwd map
|
||||
***************************************************************************/
|
||||
@@ -744,9 +795,9 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc,
|
||||
size_t pos;
|
||||
int ret;
|
||||
|
||||
- if (mcc == NULL) {
|
||||
- /* cache not initialized? */
|
||||
- return EINVAL;
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ if (ret != EOK) {
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
ret = snprintf(uidstr, 11, "%ld", (long)uid);
|
||||
@@ -815,9 +866,9 @@ errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid)
|
||||
char *uidstr;
|
||||
errno_t ret;
|
||||
|
||||
- if (mcc == NULL) {
|
||||
- /* cache not initialized? */
|
||||
- return EINVAL;
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ if (ret != EOK) {
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
uidstr = talloc_asprintf(NULL, "%ld", (long)uid);
|
||||
@@ -886,9 +937,9 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc,
|
||||
size_t pos;
|
||||
int ret;
|
||||
|
||||
- if (mcc == NULL) {
|
||||
- /* cache not initialized? */
|
||||
- return EINVAL;
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ if (ret != EOK) {
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
ret = snprintf(gidstr, 11, "%ld", (long)gid);
|
||||
@@ -953,9 +1004,9 @@ errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid)
|
||||
char *gidstr;
|
||||
errno_t ret;
|
||||
|
||||
- if (mcc == NULL) {
|
||||
- /* cache not initialized? */
|
||||
- return EINVAL;
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ if (ret != EOK) {
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
gidstr = talloc_asprintf(NULL, "%ld", (long)gid);
|
||||
@@ -1018,9 +1069,9 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
|
||||
size_t pos;
|
||||
int ret;
|
||||
|
||||
- if (mcc == NULL) {
|
||||
- /* cache not initialized? */
|
||||
- return EINVAL;
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ if (ret != EOK) {
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
/* array of gids + name + unique_name */
|
||||
@@ -1087,8 +1138,9 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc,
|
||||
size_t rec_len;
|
||||
int ret;
|
||||
|
||||
- if (mcc == NULL) {
|
||||
- return EINVAL;
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ if (ret != EOK) {
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
ret = snprintf(idkey, sizeof(idkey), "%d-%ld",
|
||||
diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c
|
||||
index 3128861bf3..e227c0bae3 100644
|
||||
--- a/src/sss_client/nss_mc_common.c
|
||||
+++ b/src/sss_client/nss_mc_common.c
|
||||
@@ -69,13 +69,43 @@ static void sss_mt_unlock(struct sss_cli_mc_ctx *ctx)
|
||||
#endif
|
||||
}
|
||||
|
||||
+static errno_t sss_nss_mc_validate(struct sss_cli_mc_ctx *ctx)
|
||||
+{
|
||||
+ struct stat fdstat;
|
||||
+
|
||||
+ /* No mc ctx initialized?*/
|
||||
+ if (ctx == NULL || ctx->fd < 0) {
|
||||
+ return EINVAL;
|
||||
+ }
|
||||
+
|
||||
+ if (fstat(ctx->fd, &fdstat) == -1) {
|
||||
+ return errno;
|
||||
+ }
|
||||
+
|
||||
+ /* Memcache was removed. */
|
||||
+ if (fdstat.st_nlink == 0) {
|
||||
+ return ENOENT;
|
||||
+ }
|
||||
+
|
||||
+ /* Invalid size. */
|
||||
+ if (fdstat.st_size != ctx->mmap_size) {
|
||||
+ return ERANGE;
|
||||
+ }
|
||||
+
|
||||
+ return EOK;
|
||||
+}
|
||||
+
|
||||
errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx)
|
||||
{
|
||||
struct sss_mc_header h;
|
||||
bool copy_ok;
|
||||
int count;
|
||||
int ret;
|
||||
- struct stat fdstat;
|
||||
+
|
||||
+ ret = sss_nss_mc_validate(ctx);
|
||||
+ if (ret != EOK) {
|
||||
+ return ret;
|
||||
+ }
|
||||
|
||||
/* retry barrier protected reading max 5 times then give up */
|
||||
for (count = 5; count > 0; count--) {
|
||||
@@ -115,16 +145,6 @@ errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx)
|
||||
}
|
||||
}
|
||||
|
||||
- ret = fstat(ctx->fd, &fdstat);
|
||||
- if (ret == -1) {
|
||||
- return EIO;
|
||||
- }
|
||||
-
|
||||
- if (fdstat.st_nlink == 0) {
|
||||
- /* memory cache was removed; we need to reinitialize it. */
|
||||
- return EINVAL;
|
||||
- }
|
||||
-
|
||||
return 0;
|
||||
}
|
400
SOURCES/0004-sss_iface-do-not-add-cli_id-to-chain-key.patch
Normal file
400
SOURCES/0004-sss_iface-do-not-add-cli_id-to-chain-key.patch
Normal file
@ -0,0 +1,400 @@
|
||||
From 1e5dfc187c7659cca567d2f7d5592e72794ef13c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 4 Sep 2023 14:12:58 +0200
|
||||
Subject: [PATCH] sss_iface: do not add cli_id to chain key
|
||||
|
||||
Otherwise we only chain identical requests from the same client
|
||||
which effectively renders chaining not functional.
|
||||
|
||||
Resolves: https://github.com/SSSD/sssd/issues/6911
|
||||
|
||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
||||
---
|
||||
src/sss_iface/sbus_sss_client_async.c | 12 +++----
|
||||
src/sss_iface/sbus_sss_interface.h | 24 ++++++-------
|
||||
src/sss_iface/sbus_sss_keygens.c | 50 +++++++++++++--------------
|
||||
src/sss_iface/sbus_sss_keygens.h | 10 +++---
|
||||
src/sss_iface/sss_iface.xml | 12 +++----
|
||||
5 files changed, 54 insertions(+), 54 deletions(-)
|
||||
|
||||
diff --git a/src/sss_iface/sbus_sss_client_async.c b/src/sss_iface/sbus_sss_client_async.c
|
||||
index 042d1b7b34..5ca925283a 100644
|
||||
--- a/src/sss_iface/sbus_sss_client_async.c
|
||||
+++ b/src/sss_iface/sbus_sss_client_async.c
|
||||
@@ -1861,7 +1861,7 @@ sbus_call_dp_autofs_Enumerate_send
|
||||
const char * arg_mapname,
|
||||
uint32_t arg_cli_id)
|
||||
{
|
||||
- return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1_2,
|
||||
+ return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1,
|
||||
busname, object_path, "sssd.DataProvider.Autofs", "Enumerate", arg_dp_flags, arg_mapname, arg_cli_id);
|
||||
}
|
||||
|
||||
@@ -1883,7 +1883,7 @@ sbus_call_dp_autofs_GetEntry_send
|
||||
const char * arg_entryname,
|
||||
uint32_t arg_cli_id)
|
||||
{
|
||||
- return sbus_method_in_ussu_out__send(mem_ctx, conn, _sbus_sss_key_ussu_0_1_2_3,
|
||||
+ return sbus_method_in_ussu_out__send(mem_ctx, conn, _sbus_sss_key_ussu_0_1_2,
|
||||
busname, object_path, "sssd.DataProvider.Autofs", "GetEntry", arg_dp_flags, arg_mapname, arg_entryname, arg_cli_id);
|
||||
}
|
||||
|
||||
@@ -1904,7 +1904,7 @@ sbus_call_dp_autofs_GetMap_send
|
||||
const char * arg_mapname,
|
||||
uint32_t arg_cli_id)
|
||||
{
|
||||
- return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1_2,
|
||||
+ return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1,
|
||||
busname, object_path, "sssd.DataProvider.Autofs", "GetMap", arg_dp_flags, arg_mapname, arg_cli_id);
|
||||
}
|
||||
|
||||
@@ -2142,7 +2142,7 @@ sbus_call_dp_dp_getAccountDomain_send
|
||||
const char * arg_filter,
|
||||
uint32_t arg_cli_id)
|
||||
{
|
||||
- return sbus_method_in_uusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusu_0_1_2_3,
|
||||
+ return sbus_method_in_uusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusu_0_1_2,
|
||||
busname, object_path, "sssd.dataprovider", "getAccountDomain", arg_dp_flags, arg_entry_type, arg_filter, arg_cli_id);
|
||||
}
|
||||
|
||||
@@ -2170,7 +2170,7 @@ sbus_call_dp_dp_getAccountInfo_send
|
||||
const char * arg_extra,
|
||||
uint32_t arg_cli_id)
|
||||
{
|
||||
- return sbus_method_in_uusssu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusssu_0_1_2_3_4_5,
|
||||
+ return sbus_method_in_uusssu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusssu_0_1_2_3_4,
|
||||
busname, object_path, "sssd.dataprovider", "getAccountInfo", arg_dp_flags, arg_entry_type, arg_filter, arg_domain, arg_extra, arg_cli_id);
|
||||
}
|
||||
|
||||
@@ -2267,7 +2267,7 @@ sbus_call_dp_dp_resolverHandler_send
|
||||
const char * arg_filter_value,
|
||||
uint32_t arg_cli_id)
|
||||
{
|
||||
- return sbus_method_in_uuusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uuusu_0_1_2_3_4,
|
||||
+ return sbus_method_in_uuusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uuusu_0_1_2_3,
|
||||
busname, object_path, "sssd.dataprovider", "resolverHandler", arg_dp_flags, arg_entry_type, arg_filter_type, arg_filter_value, arg_cli_id);
|
||||
}
|
||||
|
||||
diff --git a/src/sss_iface/sbus_sss_interface.h b/src/sss_iface/sbus_sss_interface.h
|
||||
index fc86c71d90..5b4d1c362a 100644
|
||||
--- a/src/sss_iface/sbus_sss_interface.h
|
||||
+++ b/src/sss_iface/sbus_sss_interface.h
|
||||
@@ -166,7 +166,7 @@
|
||||
&_sbus_sss_args_sssd_DataProvider_Autofs_Enumerate, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_usu_out__send, \
|
||||
- _sbus_sss_key_usu_0_1_2, \
|
||||
+ _sbus_sss_key_usu_0_1, \
|
||||
(handler), (data)); \
|
||||
})
|
||||
|
||||
@@ -177,7 +177,7 @@
|
||||
&_sbus_sss_args_sssd_DataProvider_Autofs_Enumerate, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_usu_out__send, \
|
||||
- _sbus_sss_key_usu_0_1_2, \
|
||||
+ _sbus_sss_key_usu_0_1, \
|
||||
(handler_send), (handler_recv), (data)); \
|
||||
})
|
||||
|
||||
@@ -188,7 +188,7 @@
|
||||
&_sbus_sss_args_sssd_DataProvider_Autofs_GetEntry, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_ussu_out__send, \
|
||||
- _sbus_sss_key_ussu_0_1_2_3, \
|
||||
+ _sbus_sss_key_ussu_0_1_2, \
|
||||
(handler), (data)); \
|
||||
})
|
||||
|
||||
@@ -199,7 +199,7 @@
|
||||
&_sbus_sss_args_sssd_DataProvider_Autofs_GetEntry, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_ussu_out__send, \
|
||||
- _sbus_sss_key_ussu_0_1_2_3, \
|
||||
+ _sbus_sss_key_ussu_0_1_2, \
|
||||
(handler_send), (handler_recv), (data)); \
|
||||
})
|
||||
|
||||
@@ -210,7 +210,7 @@
|
||||
&_sbus_sss_args_sssd_DataProvider_Autofs_GetMap, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_usu_out__send, \
|
||||
- _sbus_sss_key_usu_0_1_2, \
|
||||
+ _sbus_sss_key_usu_0_1, \
|
||||
(handler), (data)); \
|
||||
})
|
||||
|
||||
@@ -221,7 +221,7 @@
|
||||
&_sbus_sss_args_sssd_DataProvider_Autofs_GetMap, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_usu_out__send, \
|
||||
- _sbus_sss_key_usu_0_1_2, \
|
||||
+ _sbus_sss_key_usu_0_1, \
|
||||
(handler_send), (handler_recv), (data)); \
|
||||
})
|
||||
|
||||
@@ -522,7 +522,7 @@
|
||||
&_sbus_sss_args_sssd_dataprovider_getAccountDomain, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_uusu_out_qus_send, \
|
||||
- _sbus_sss_key_uusu_0_1_2_3, \
|
||||
+ _sbus_sss_key_uusu_0_1_2, \
|
||||
(handler), (data)); \
|
||||
})
|
||||
|
||||
@@ -533,7 +533,7 @@
|
||||
&_sbus_sss_args_sssd_dataprovider_getAccountDomain, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_uusu_out_qus_send, \
|
||||
- _sbus_sss_key_uusu_0_1_2_3, \
|
||||
+ _sbus_sss_key_uusu_0_1_2, \
|
||||
(handler_send), (handler_recv), (data)); \
|
||||
})
|
||||
|
||||
@@ -544,7 +544,7 @@
|
||||
&_sbus_sss_args_sssd_dataprovider_getAccountInfo, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_uusssu_out_qus_send, \
|
||||
- _sbus_sss_key_uusssu_0_1_2_3_4_5, \
|
||||
+ _sbus_sss_key_uusssu_0_1_2_3_4, \
|
||||
(handler), (data)); \
|
||||
})
|
||||
|
||||
@@ -555,7 +555,7 @@
|
||||
&_sbus_sss_args_sssd_dataprovider_getAccountInfo, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_uusssu_out_qus_send, \
|
||||
- _sbus_sss_key_uusssu_0_1_2_3_4_5, \
|
||||
+ _sbus_sss_key_uusssu_0_1_2_3_4, \
|
||||
(handler_send), (handler_recv), (data)); \
|
||||
})
|
||||
|
||||
@@ -632,7 +632,7 @@
|
||||
&_sbus_sss_args_sssd_dataprovider_resolverHandler, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_uuusu_out_qus_send, \
|
||||
- _sbus_sss_key_uuusu_0_1_2_3_4, \
|
||||
+ _sbus_sss_key_uuusu_0_1_2_3, \
|
||||
(handler), (data)); \
|
||||
})
|
||||
|
||||
@@ -643,7 +643,7 @@
|
||||
&_sbus_sss_args_sssd_dataprovider_resolverHandler, \
|
||||
NULL, \
|
||||
_sbus_sss_invoke_in_uuusu_out_qus_send, \
|
||||
- _sbus_sss_key_uuusu_0_1_2_3_4, \
|
||||
+ _sbus_sss_key_uuusu_0_1_2_3, \
|
||||
(handler_send), (handler_recv), (data)); \
|
||||
})
|
||||
|
||||
diff --git a/src/sss_iface/sbus_sss_keygens.c b/src/sss_iface/sbus_sss_keygens.c
|
||||
index 1bffc1360f..0bded60f83 100644
|
||||
--- a/src/sss_iface/sbus_sss_keygens.c
|
||||
+++ b/src/sss_iface/sbus_sss_keygens.c
|
||||
@@ -90,86 +90,86 @@ _sbus_sss_key_ussu_0_1
|
||||
}
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_ussu_0_1_2_3
|
||||
+_sbus_sss_key_ussu_0_1_2
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_ussu *args)
|
||||
{
|
||||
if (sbus_req->sender == NULL) {
|
||||
- return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%s",
|
||||
sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3);
|
||||
+ sbus_req->path, args->arg0, args->arg1, args->arg2);
|
||||
}
|
||||
|
||||
- return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%s",
|
||||
sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3);
|
||||
+ sbus_req->path, args->arg0, args->arg1, args->arg2);
|
||||
}
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_usu_0_1_2
|
||||
+_sbus_sss_key_usu_0_1
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_usu *args)
|
||||
{
|
||||
if (sbus_req->sender == NULL) {
|
||||
- return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s",
|
||||
sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2);
|
||||
+ sbus_req->path, args->arg0, args->arg1);
|
||||
}
|
||||
|
||||
- return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s",
|
||||
sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2);
|
||||
+ sbus_req->path, args->arg0, args->arg1);
|
||||
}
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_uusssu_0_1_2_3_4_5
|
||||
+_sbus_sss_key_uusssu_0_1_2_3_4
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_uusssu *args)
|
||||
{
|
||||
if (sbus_req->sender == NULL) {
|
||||
- return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s",
|
||||
sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4, args->arg5);
|
||||
+ sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4);
|
||||
}
|
||||
|
||||
- return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s",
|
||||
sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4, args->arg5);
|
||||
+ sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4);
|
||||
}
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_uusu_0_1_2_3
|
||||
+_sbus_sss_key_uusu_0_1_2
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_uusu *args)
|
||||
{
|
||||
if (sbus_req->sender == NULL) {
|
||||
- return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s",
|
||||
sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3);
|
||||
+ sbus_req->path, args->arg0, args->arg1, args->arg2);
|
||||
}
|
||||
|
||||
- return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s",
|
||||
sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3);
|
||||
+ sbus_req->path, args->arg0, args->arg1, args->arg2);
|
||||
}
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_uuusu_0_1_2_3_4
|
||||
+_sbus_sss_key_uuusu_0_1_2_3
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_uuusu *args)
|
||||
{
|
||||
if (sbus_req->sender == NULL) {
|
||||
- return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s",
|
||||
sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4);
|
||||
+ sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3);
|
||||
}
|
||||
|
||||
- return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "",
|
||||
+ return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s",
|
||||
sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member,
|
||||
- sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4);
|
||||
+ sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3);
|
||||
}
|
||||
diff --git a/src/sss_iface/sbus_sss_keygens.h b/src/sss_iface/sbus_sss_keygens.h
|
||||
index 8f09b46de5..7e42c2c53f 100644
|
||||
--- a/src/sss_iface/sbus_sss_keygens.h
|
||||
+++ b/src/sss_iface/sbus_sss_keygens.h
|
||||
@@ -49,31 +49,31 @@ _sbus_sss_key_ussu_0_1
|
||||
struct _sbus_sss_invoker_args_ussu *args);
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_ussu_0_1_2_3
|
||||
+_sbus_sss_key_ussu_0_1_2
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_ussu *args);
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_usu_0_1_2
|
||||
+_sbus_sss_key_usu_0_1
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_usu *args);
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_uusssu_0_1_2_3_4_5
|
||||
+_sbus_sss_key_uusssu_0_1_2_3_4
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_uusssu *args);
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_uusu_0_1_2_3
|
||||
+_sbus_sss_key_uusu_0_1_2
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_uusu *args);
|
||||
|
||||
const char *
|
||||
-_sbus_sss_key_uuusu_0_1_2_3_4
|
||||
+_sbus_sss_key_uuusu_0_1_2_3
|
||||
(TALLOC_CTX *mem_ctx,
|
||||
struct sbus_request *sbus_req,
|
||||
struct _sbus_sss_invoker_args_uuusu *args);
|
||||
diff --git a/src/sss_iface/sss_iface.xml b/src/sss_iface/sss_iface.xml
|
||||
index 6709c4e48a..82c65aa0b8 100644
|
||||
--- a/src/sss_iface/sss_iface.xml
|
||||
+++ b/src/sss_iface/sss_iface.xml
|
||||
@@ -91,18 +91,18 @@
|
||||
<method name="GetMap">
|
||||
<arg name="dp_flags" type="u" direction="in" key="1" />
|
||||
<arg name="mapname" type="s" direction="in" key="2" />
|
||||
- <arg name="cli_id" type="u" direction="in" key="3" />
|
||||
+ <arg name="cli_id" type="u" direction="in" />
|
||||
</method>
|
||||
<method name="GetEntry">
|
||||
<arg name="dp_flags" type="u" direction="in" key="1" />
|
||||
<arg name="mapname" type="s" direction="in" key="2" />
|
||||
<arg name="entryname" type="s" direction="in" key="3" />
|
||||
- <arg name="cli_id" type="u" direction="in" key="4" />
|
||||
+ <arg name="cli_id" type="u" direction="in" />
|
||||
</method>
|
||||
<method name="Enumerate">
|
||||
<arg name="dp_flags" type="u" direction="in" key="1" />
|
||||
<arg name="mapname" type="s" direction="in" key="2" />
|
||||
- <arg name="cli_id" type="u" direction="in" key="3" />
|
||||
+ <arg name="cli_id" type="u" direction="in" />
|
||||
</method>
|
||||
</interface>
|
||||
|
||||
@@ -133,7 +133,7 @@
|
||||
<arg name="entry_type" type="u" direction="in" key="2" />
|
||||
<arg name="filter_type" type="u" direction="in" key="3" />
|
||||
<arg name="filter_value" type="s" direction="in" key="4" />
|
||||
- <arg name="cli_id" type="u" direction="in" key="5" />
|
||||
+ <arg name="cli_id" type="u" direction="in" />
|
||||
<arg name="dp_error" type="q" direction="out" />
|
||||
<arg name="error" type="u" direction="out" />
|
||||
<arg name="error_message" type="s" direction="out" />
|
||||
@@ -150,7 +150,7 @@
|
||||
<arg name="filter" type="s" direction="in" key="3" />
|
||||
<arg name="domain" type="s" direction="in" key="4" />
|
||||
<arg name="extra" type="s" direction="in" key="5" />
|
||||
- <arg name="cli_id" type="u" direction="in" key="6" />
|
||||
+ <arg name="cli_id" type="u" direction="in" />
|
||||
<arg name="dp_error" type="q" direction="out" />
|
||||
<arg name="error" type="u" direction="out" />
|
||||
<arg name="error_message" type="s" direction="out" />
|
||||
@@ -159,7 +159,7 @@
|
||||
<arg name="dp_flags" type="u" direction="in" key="1" />
|
||||
<arg name="entry_type" type="u" direction="in" key="2" />
|
||||
<arg name="filter" type="s" direction="in" key="3" />
|
||||
- <arg name="cli_id" type="u" direction="in" key="4" />
|
||||
+ <arg name="cli_id" type="u" direction="in" />
|
||||
<arg name="dp_error" type="q" direction="out" />
|
||||
<arg name="error" type="u" direction="out" />
|
||||
<arg name="domain_name" type="s" direction="out" />
|
@ -0,0 +1,28 @@
|
||||
From 74d0f4538deb766592079b1abca0d949d6dea105 Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Tikhonov <atikhono@redhat.com>
|
||||
Date: Thu, 15 Jun 2023 12:05:03 +0200
|
||||
Subject: [PATCH] BUILD: Accept krb5 1.21 for building the PAC plugin
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Reviewed-by: Alejandro López <allopez@redhat.com>
|
||||
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||
---
|
||||
src/external/pac_responder.m4 | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4
|
||||
index 3cbe3c9cfb..90727185b5 100644
|
||||
--- a/src/external/pac_responder.m4
|
||||
+++ b/src/external/pac_responder.m4
|
||||
@@ -22,7 +22,8 @@ then
|
||||
Kerberos\ 5\ release\ 1.17* | \
|
||||
Kerberos\ 5\ release\ 1.18* | \
|
||||
Kerberos\ 5\ release\ 1.19* | \
|
||||
- Kerberos\ 5\ release\ 1.20*)
|
||||
+ Kerberos\ 5\ release\ 1.20* | \
|
||||
+ Kerberos\ 5\ release\ 1.21*)
|
||||
krb5_version_ok=yes
|
||||
AC_MSG_RESULT([yes])
|
||||
;;
|
@ -0,0 +1,332 @@
|
||||
From 88d8afbb115f18007dcc11f7ebac1b238c3ebd98 Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Tikhonov <atikhono@redhat.com>
|
||||
Date: Mon, 25 Sep 2023 12:36:09 +0200
|
||||
Subject: [PATCH] MC: a couple of additions to 'recover from invalid memory
|
||||
cache size' patch
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Additions to 641e5f73d3bd5b3d32cafd551013d3bfd2a52732 :
|
||||
|
||||
- handle all invalidations consistently
|
||||
- supply a valid pointer to `sss_mmap_cache_validate_or_reinit()`,
|
||||
not a pointer to a local var
|
||||
|
||||
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||
---
|
||||
src/responder/nss/nss_get_object.c | 10 ++---
|
||||
src/responder/nss/nss_iface.c | 8 ++--
|
||||
src/responder/nss/nsssrv_mmap_cache.c | 64 ++++++++++++++++++---------
|
||||
src/responder/nss/nsssrv_mmap_cache.h | 10 ++---
|
||||
4 files changed, 56 insertions(+), 36 deletions(-)
|
||||
|
||||
diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c
|
||||
index 5d62dd0985..29f9cb59b5 100644
|
||||
--- a/src/responder/nss/nss_get_object.c
|
||||
+++ b/src/responder/nss/nss_get_object.c
|
||||
@@ -34,13 +34,13 @@ memcache_delete_entry_by_name(struct sss_nss_ctx *nss_ctx,
|
||||
|
||||
switch (type) {
|
||||
case SSS_MC_PASSWD:
|
||||
- ret = sss_mmap_cache_pw_invalidate(nss_ctx->pwd_mc_ctx, name);
|
||||
+ ret = sss_mmap_cache_pw_invalidate(&nss_ctx->pwd_mc_ctx, name);
|
||||
break;
|
||||
case SSS_MC_GROUP:
|
||||
- ret = sss_mmap_cache_gr_invalidate(nss_ctx->grp_mc_ctx, name);
|
||||
+ ret = sss_mmap_cache_gr_invalidate(&nss_ctx->grp_mc_ctx, name);
|
||||
break;
|
||||
case SSS_MC_INITGROUPS:
|
||||
- ret = sss_mmap_cache_initgr_invalidate(nss_ctx->initgr_mc_ctx, name);
|
||||
+ ret = sss_mmap_cache_initgr_invalidate(&nss_ctx->initgr_mc_ctx, name);
|
||||
break;
|
||||
default:
|
||||
return EINVAL;
|
||||
@@ -66,10 +66,10 @@ memcache_delete_entry_by_id(struct sss_nss_ctx *nss_ctx,
|
||||
|
||||
switch (type) {
|
||||
case SSS_MC_PASSWD:
|
||||
- ret = sss_mmap_cache_pw_invalidate_uid(nss_ctx->pwd_mc_ctx, (uid_t)id);
|
||||
+ ret = sss_mmap_cache_pw_invalidate_uid(&nss_ctx->pwd_mc_ctx, (uid_t)id);
|
||||
break;
|
||||
case SSS_MC_GROUP:
|
||||
- ret = sss_mmap_cache_gr_invalidate_gid(nss_ctx->grp_mc_ctx, (gid_t)id);
|
||||
+ ret = sss_mmap_cache_gr_invalidate_gid(&nss_ctx->grp_mc_ctx, (gid_t)id);
|
||||
break;
|
||||
default:
|
||||
return EINVAL;
|
||||
diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c
|
||||
index 07e91aa811..db743f8b7e 100644
|
||||
--- a/src/responder/nss/nss_iface.c
|
||||
+++ b/src/responder/nss/nss_iface.c
|
||||
@@ -78,7 +78,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx,
|
||||
|
||||
if (ret == ENOENT || res->count == 0) {
|
||||
/* The user is gone. Invalidate the mc record */
|
||||
- ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, delete_name);
|
||||
+ ret = sss_mmap_cache_pw_invalidate(&nctx->pwd_mc_ctx, delete_name);
|
||||
if (ret != EOK && ret != ENOENT) {
|
||||
DEBUG(SSSDBG_CRIT_FAILURE,
|
||||
"Internal failure in memory cache code: %d [%s]\n",
|
||||
@@ -125,7 +125,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx,
|
||||
for (i = 0; i < gnum; i++) {
|
||||
id = groups[i];
|
||||
|
||||
- ret = sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, id);
|
||||
+ ret = sss_mmap_cache_gr_invalidate_gid(&nctx->grp_mc_ctx, id);
|
||||
if (ret != EOK && ret != ENOENT) {
|
||||
DEBUG(SSSDBG_CRIT_FAILURE,
|
||||
"Internal failure in memory cache code: %d [%s]\n",
|
||||
@@ -134,7 +134,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx,
|
||||
}
|
||||
|
||||
to_sized_string(delete_name, fq_name);
|
||||
- ret = sss_mmap_cache_initgr_invalidate(nctx->initgr_mc_ctx,
|
||||
+ ret = sss_mmap_cache_initgr_invalidate(&nctx->initgr_mc_ctx,
|
||||
delete_name);
|
||||
if (ret != EOK && ret != ENOENT) {
|
||||
DEBUG(SSSDBG_CRIT_FAILURE,
|
||||
@@ -208,7 +208,7 @@ sss_nss_memorycache_invalidate_group_by_id(TALLOC_CTX *mem_ctx,
|
||||
DEBUG(SSSDBG_TRACE_LIBS,
|
||||
"Invalidating group %u from memory cache\n", gid);
|
||||
|
||||
- sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid);
|
||||
+ sss_mmap_cache_gr_invalidate_gid(&nctx->grp_mc_ctx, gid);
|
||||
|
||||
return EOK;
|
||||
}
|
||||
diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
|
||||
index 90d12299a4..06f3d7a694 100644
|
||||
--- a/src/responder/nss/nsssrv_mmap_cache.c
|
||||
+++ b/src/responder/nss/nsssrv_mmap_cache.c
|
||||
@@ -701,16 +701,22 @@ static inline void sss_mmap_chain_in_rec(struct sss_mc_ctx *mcc,
|
||||
* generic invalidation
|
||||
***************************************************************************/
|
||||
|
||||
-static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx *mcc,
|
||||
+static errno_t sss_mmap_cache_validate_or_reinit(struct sss_mc_ctx **_mcc);
|
||||
+
|
||||
+static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx **_mcc,
|
||||
const struct sized_string *key)
|
||||
{
|
||||
+ struct sss_mc_ctx *mcc;
|
||||
struct sss_mc_rec *rec;
|
||||
+ int ret;
|
||||
|
||||
- if (mcc == NULL) {
|
||||
- /* cache not initialized? */
|
||||
- return EINVAL;
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
||||
+ if (ret != EOK) {
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
+ mcc = *_mcc;
|
||||
+
|
||||
rec = sss_mc_find_record(mcc, key);
|
||||
if (rec == NULL) {
|
||||
/* nothing to invalidate */
|
||||
@@ -785,7 +791,7 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc,
|
||||
const struct sized_string *homedir,
|
||||
const struct sized_string *shell)
|
||||
{
|
||||
- struct sss_mc_ctx *mcc = *_mcc;
|
||||
+ struct sss_mc_ctx *mcc;
|
||||
struct sss_mc_rec *rec;
|
||||
struct sss_mc_pwd_data *data;
|
||||
struct sized_string uidkey;
|
||||
@@ -795,11 +801,13 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc,
|
||||
size_t pos;
|
||||
int ret;
|
||||
|
||||
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
+ mcc = *_mcc;
|
||||
+
|
||||
ret = snprintf(uidstr, 11, "%ld", (long)uid);
|
||||
if (ret > 10) {
|
||||
return EINVAL;
|
||||
@@ -851,14 +859,15 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc,
|
||||
return EOK;
|
||||
}
|
||||
|
||||
-errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc,
|
||||
+errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx **_mcc,
|
||||
const struct sized_string *name)
|
||||
{
|
||||
- return sss_mmap_cache_invalidate(mcc, name);
|
||||
+ return sss_mmap_cache_invalidate(_mcc, name);
|
||||
}
|
||||
|
||||
-errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid)
|
||||
+errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx **_mcc, uid_t uid)
|
||||
{
|
||||
+ struct sss_mc_ctx *mcc;
|
||||
struct sss_mc_rec *rec = NULL;
|
||||
struct sss_mc_pwd_data *data;
|
||||
uint32_t hash;
|
||||
@@ -866,11 +875,13 @@ errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid)
|
||||
char *uidstr;
|
||||
errno_t ret;
|
||||
|
||||
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
+ mcc = *_mcc;
|
||||
+
|
||||
uidstr = talloc_asprintf(NULL, "%ld", (long)uid);
|
||||
if (!uidstr) {
|
||||
return ENOMEM;
|
||||
@@ -927,7 +938,7 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc,
|
||||
gid_t gid, size_t memnum,
|
||||
const char *membuf, size_t memsize)
|
||||
{
|
||||
- struct sss_mc_ctx *mcc = *_mcc;
|
||||
+ struct sss_mc_ctx *mcc;
|
||||
struct sss_mc_rec *rec;
|
||||
struct sss_mc_grp_data *data;
|
||||
struct sized_string gidkey;
|
||||
@@ -937,11 +948,13 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc,
|
||||
size_t pos;
|
||||
int ret;
|
||||
|
||||
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
+ mcc = *_mcc;
|
||||
+
|
||||
ret = snprintf(gidstr, 11, "%ld", (long)gid);
|
||||
if (ret > 10) {
|
||||
return EINVAL;
|
||||
@@ -989,14 +1002,15 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc,
|
||||
return EOK;
|
||||
}
|
||||
|
||||
-errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc,
|
||||
+errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx **_mcc,
|
||||
const struct sized_string *name)
|
||||
{
|
||||
- return sss_mmap_cache_invalidate(mcc, name);
|
||||
+ return sss_mmap_cache_invalidate(_mcc, name);
|
||||
}
|
||||
|
||||
-errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid)
|
||||
+errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx **_mcc, gid_t gid)
|
||||
{
|
||||
+ struct sss_mc_ctx *mcc;
|
||||
struct sss_mc_rec *rec = NULL;
|
||||
struct sss_mc_grp_data *data;
|
||||
uint32_t hash;
|
||||
@@ -1004,11 +1018,13 @@ errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid)
|
||||
char *gidstr;
|
||||
errno_t ret;
|
||||
|
||||
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
+ mcc = *_mcc;
|
||||
+
|
||||
gidstr = talloc_asprintf(NULL, "%ld", (long)gid);
|
||||
if (!gidstr) {
|
||||
return ENOMEM;
|
||||
@@ -1061,7 +1077,7 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
|
||||
uint32_t num_groups,
|
||||
const uint8_t *gids_buf)
|
||||
{
|
||||
- struct sss_mc_ctx *mcc = *_mcc;
|
||||
+ struct sss_mc_ctx *mcc;
|
||||
struct sss_mc_rec *rec;
|
||||
struct sss_mc_initgr_data *data;
|
||||
size_t data_len;
|
||||
@@ -1069,11 +1085,13 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
|
||||
size_t pos;
|
||||
int ret;
|
||||
|
||||
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
+ mcc = *_mcc;
|
||||
+
|
||||
/* array of gids + name + unique_name */
|
||||
data_len = num_groups * sizeof(uint32_t) + name->len + unique_name->len;
|
||||
rec_len = sizeof(struct sss_mc_rec) + sizeof(struct sss_mc_initgr_data)
|
||||
@@ -1119,10 +1137,10 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc,
|
||||
return EOK;
|
||||
}
|
||||
|
||||
-errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc,
|
||||
+errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx **_mcc,
|
||||
const struct sized_string *name)
|
||||
{
|
||||
- return sss_mmap_cache_invalidate(mcc, name);
|
||||
+ return sss_mmap_cache_invalidate(_mcc, name);
|
||||
}
|
||||
|
||||
errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc,
|
||||
@@ -1131,18 +1149,20 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc,
|
||||
uint32_t type,
|
||||
bool explicit_lookup)
|
||||
{
|
||||
- struct sss_mc_ctx *mcc = *_mcc;
|
||||
+ struct sss_mc_ctx *mcc;
|
||||
struct sss_mc_rec *rec;
|
||||
struct sss_mc_sid_data *data;
|
||||
char idkey[16];
|
||||
size_t rec_len;
|
||||
int ret;
|
||||
|
||||
- ret = sss_mmap_cache_validate_or_reinit(&mcc);
|
||||
+ ret = sss_mmap_cache_validate_or_reinit(_mcc);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
+ mcc = *_mcc;
|
||||
+
|
||||
ret = snprintf(idkey, sizeof(idkey), "%d-%ld",
|
||||
(type == SSS_ID_TYPE_GID) ? SSS_ID_TYPE_GID : SSS_ID_TYPE_UID,
|
||||
(long)id);
|
||||
diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h
|
||||
index 686b8e1b21..28ee5adb64 100644
|
||||
--- a/src/responder/nss/nsssrv_mmap_cache.h
|
||||
+++ b/src/responder/nss/nsssrv_mmap_cache.h
|
||||
@@ -63,17 +63,17 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc,
|
||||
uint32_t type, /* enum sss_id_type*/
|
||||
bool explicit_lookup); /* false ~ by_id(), true ~ by_uid/gid() */
|
||||
|
||||
-errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc,
|
||||
+errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx **_mcc,
|
||||
const struct sized_string *name);
|
||||
|
||||
-errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid);
|
||||
+errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx **_mcc, uid_t uid);
|
||||
|
||||
-errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc,
|
||||
+errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx **_mcc,
|
||||
const struct sized_string *name);
|
||||
|
||||
-errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid);
|
||||
+errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx **_mcc, gid_t gid);
|
||||
|
||||
-errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc,
|
||||
+errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx **_mcc,
|
||||
const struct sized_string *name);
|
||||
|
||||
errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx,
|
@ -27,7 +27,7 @@
|
||||
|
||||
Name: sssd
|
||||
Version: 2.9.1
|
||||
Release: 2%{?dist}
|
||||
Release: 4%{?dist}.alma.1
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
URL: https://github.com/SSSD/sssd/
|
||||
@ -38,11 +38,15 @@ Patch0001: 0001-watchdog-add-arm_watchdog-and-disarm_watchdog-calls.patch
|
||||
Patch0002: 0002-sbus-arm-watchdog-for-sbus_connect_init_send.patch
|
||||
|
||||
# Patches were taken from:
|
||||
# https://gitlab.com/redhat/centos-stream/rpms/sssd/-/commit/26c81cdfa6fdda4aab69e0184839be0fb74ef73d
|
||||
Patch0004: 0004-watchdog-add-arm_watchdog-and-disarm_watchdog-calls.patch
|
||||
Patch0005: 0005-sbus-arm-watchdog-for-sbus_connect_init_send.patch
|
||||
# https://github.com/SSSD/sssd/commit/01d02794e02f051ea9a78cd63b30384de3e7c9b0
|
||||
Patch0006: 0006-sysdb-fix-string-comparison-when-checking-for-overrides.patch
|
||||
# https://github.com/SSSD/sssd/commit/641e5f73d3bd5b3d32cafd551013d3bfd2a52732
|
||||
Patch0003: 0003-mc-recover-from-invalid-memory-cache-size.patch
|
||||
# https://github.com/SSSD/sssd/commit/1e5dfc187c7659cca567d2f7d5592e72794ef13c
|
||||
Patch0004: 0004-sss_iface-do-not-add-cli_id-to-chain-key.patch
|
||||
# https://github.com/SSSD/sssd/commit/74d0f4538deb766592079b1abca0d949d6dea105
|
||||
Patch0005: 0005-Accept-krb5-1.21-for-building-the-PAC-plugin.patch
|
||||
# https://github.com/SSSD/sssd/commit/88d8afbb115f18007dcc11f7ebac1b238c3ebd98
|
||||
Patch0006: 0006-MC-a-couple-of-additions-to-recover-from-invalid-memory.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
Requires: sssd-ad = %{version}-%{release}
|
||||
@ -1068,6 +1072,12 @@ fi
|
||||
%systemd_postun_with_restart sssd.service
|
||||
|
||||
%changelog
|
||||
* Wed Nov 08 2023 Eduard Abdullin <eabdullin@almalinux.org> - 2.9.1-4.alma.1
|
||||
- Apply 0003-mc-recover-from-invalid-memory-cache-size.patch
|
||||
- Apply 0004-sss_iface-do-not-add-cli_id-to-chain-key.patch
|
||||
- Apply 0005-Accept-krb5-1.21-for-building-the-PAC-plugin.patch
|
||||
- Apply 0006-MC-a-couple-of-additions-to-recover-from-invalid-memory.patch
|
||||
|
||||
* Mon Jul 10 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.1-2
|
||||
- Resolves: rhbz#2218858 - [sssd] SSSD enters failed state after heavy load in the system
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user