diff --git a/.gitignore b/.gitignore index e64dbd2..7190614 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/sssd-2.5.1.tar.gz +SOURCES/sssd-2.5.2.tar.gz diff --git a/.sssd.metadata b/.sssd.metadata index 0fffe29..461c481 100644 --- a/.sssd.metadata +++ b/.sssd.metadata @@ -1 +1 @@ -cda4b8fd8a6862cbc315cd178b942e4b8313f654 SOURCES/sssd-2.5.1.tar.gz +680a282289fdfc6e27562e0ac82933ccd1f9574e SOURCES/sssd-2.5.2.tar.gz diff --git a/SOURCES/0001-fix-log-levels.patch b/SOURCES/0001-fix-log-levels.patch deleted file mode 100644 index 55cce66..0000000 --- a/SOURCES/0001-fix-log-levels.patch +++ /dev/null @@ -1,169 +0,0 @@ -From 75a5e1c7a80eaa921cb0b0531d685c9c7ed12127 Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Mon, 14 Jun 2021 21:25:23 +0200 -Subject: [PATCH 1/4] krb5_child: reduce log severity in sss_send_pac() in case - PAC responder isn't running. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Pavel Březina -Reviewed-by: Sumit Bose ---- - src/providers/krb5/krb5_child.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c -index 713e90f83..4e55d9a37 100644 ---- a/src/providers/krb5/krb5_child.c -+++ b/src/providers/krb5/krb5_child.c -@@ -223,7 +223,10 @@ static errno_t sss_send_pac(krb5_authdata **pac_authdata) - - ret = sss_pac_make_request(SSS_PAC_ADD_PAC_USER, &sss_data, - NULL, NULL, &errnop); -- if (ret != NSS_STATUS_SUCCESS || errnop != 0) { -+ if (ret == NSS_STATUS_UNAVAIL) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "failed to contact PAC responder\n"); -+ return EIO; -+ } else if (ret != NSS_STATUS_SUCCESS || errnop != 0) { - DEBUG(SSSDBG_OP_FAILURE, "sss_pac_make_request failed [%d][%d].\n", - ret, errnop); - return EIO; --- -2.26.3 - - -From 9cfcbe6edc451d7187e0a89a6a5bd7125a10f1c8 Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Mon, 14 Jun 2021 21:47:52 +0200 -Subject: [PATCH 2/4] secrets: reduce log severity in local_db_create() in case - entry already exists since this is expected during normal oprations. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Pavel Březina -Reviewed-by: Sumit Bose ---- - src/util/secrets/secrets.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/util/secrets/secrets.c b/src/util/secrets/secrets.c -index 6e99e291d..f12b615f8 100644 ---- a/src/util/secrets/secrets.c -+++ b/src/util/secrets/secrets.c -@@ -476,7 +476,7 @@ static int local_db_create(struct sss_sec_req *req) - ret = ldb_add(req->sctx->ldb, msg); - if (ret != LDB_SUCCESS) { - if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) { -- DEBUG(SSSDBG_OP_FAILURE, -+ DEBUG(SSSDBG_FUNC_DATA, - "Secret %s already exists\n", ldb_dn_get_linearized(msg->dn)); - } else { - DEBUG(SSSDBG_CRIT_FAILURE, --- -2.26.3 - - -From 32a1fbfb262ea9657fa268f7ce09ef6e942b0829 Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Mon, 14 Jun 2021 21:56:16 +0200 -Subject: [PATCH 3/4] KCM: use SSSDBG_MINOR_FAILURE for - ERR_KCM_OP_NOT_IMPLEMENTED -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Pavel Březina -Reviewed-by: Sumit Bose ---- - src/responder/kcm/kcmsrv_cmd.c | 13 +++++++++---- - src/responder/kcm/kcmsrv_ops.c | 2 +- - 2 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c -index 3ad17ef43..49518920b 100644 ---- a/src/responder/kcm/kcmsrv_cmd.c -+++ b/src/responder/kcm/kcmsrv_cmd.c -@@ -195,7 +195,7 @@ static errno_t kcm_input_parse(struct kcm_reqbuf *reqbuf, - - op_io->op = kcm_get_opt(be16toh(opcode_be)); - if (op_io->op == NULL) { -- DEBUG(SSSDBG_CRIT_FAILURE, -+ DEBUG(SSSDBG_MINOR_FAILURE, - "Did not find a KCM operation handler for the requested opcode\n"); - return ERR_KCM_OP_NOT_IMPLEMENTED; - } -@@ -312,7 +312,8 @@ static void kcm_reply_error(struct cli_ctx *cctx, - errno_t ret; - krb5_error_code kerr; - -- DEBUG(SSSDBG_OP_FAILURE, -+ DEBUG(retcode == ERR_KCM_OP_NOT_IMPLEMENTED ? -+ SSSDBG_MINOR_FAILURE : SSSDBG_OP_FAILURE, - "KCM operation returns failure [%d]: %s\n", - retcode, sss_strerror(retcode)); - kerr = sss2krb5_error(retcode); -@@ -405,8 +406,12 @@ static void kcm_cmd_request_done(struct tevent_req *req) - &req_ctx->op_io.reply); - talloc_free(req); - if (ret != EOK) { -- DEBUG(SSSDBG_OP_FAILURE, -- "KCM operation failed [%d]: %s\n", ret, sss_strerror(ret)); -+ if (ret == ERR_KCM_OP_NOT_IMPLEMENTED) { -+ DEBUG(SSSDBG_MINOR_FAILURE, "%s\n", sss_strerror(ret)); -+ } else { -+ DEBUG(SSSDBG_OP_FAILURE, -+ "KCM operation failed [%d]: %s\n", ret, sss_strerror(ret)); -+ } - kcm_reply_error(req_ctx->cctx, ret, &req_ctx->repbuf); - return; - } -diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c -index a8f49cedb..f7f80d850 100644 ---- a/src/responder/kcm/kcmsrv_ops.c -+++ b/src/responder/kcm/kcmsrv_ops.c -@@ -122,7 +122,7 @@ struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx, - } - - if (op->fn_send == NULL) { -- DEBUG(SSSDBG_CRIT_FAILURE, -+ DEBUG(SSSDBG_MINOR_FAILURE, - "KCM op %s has no handler\n", kcm_opt_name(op)); - ret = ERR_KCM_OP_NOT_IMPLEMENTED; - goto immediate; --- -2.26.3 - - -From 5ead448c859860a4eb57a529a5b85eca1815e73a Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Mon, 14 Jun 2021 22:04:21 +0200 -Subject: [PATCH 4/4] KCM: reduce log severity in sec_get() in case entry not - found -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Pavel Březina -Reviewed-by: Sumit Bose ---- - src/responder/kcm/kcmsrv_ccache_secdb.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c -index 6c8c35b86..4631bfea0 100644 ---- a/src/responder/kcm/kcmsrv_ccache_secdb.c -+++ b/src/responder/kcm/kcmsrv_ccache_secdb.c -@@ -58,7 +58,7 @@ static errno_t sec_get(TALLOC_CTX *mem_ctx, - - ret = sss_sec_get(tmp_ctx, req, &data, &len, &datatype); - if (ret != EOK) { -- DEBUG(SSSDBG_OP_FAILURE, -+ DEBUG(SSSDBG_MINOR_FAILURE, - "Cannot retrieve the secret [%d]: %s\n", ret, sss_strerror(ret)); - goto done; - } --- -2.26.3 - diff --git a/SOURCES/0002-DEBUG-don-t-reset-debug_timestamps-microseconds-to-D.patch b/SOURCES/0002-DEBUG-don-t-reset-debug_timestamps-microseconds-to-D.patch deleted file mode 100644 index a32883b..0000000 --- a/SOURCES/0002-DEBUG-don-t-reset-debug_timestamps-microseconds-to-D.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 8dba7476922856e3a0f6cb935570df47b51917f1 Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Fri, 18 Jun 2021 21:56:53 +0200 -Subject: [PATCH] DEBUG: don't reset debug_timestamps/microseconds to DEFAULT - in `_sss_debug_init()`. - -Otherwise `server_setup()` skips reading config settings. - -Reviewed-by: Pawel Polawski ---- - src/tests/cmocka/test_child_common.c | 2 +- - src/tests/debug-tests.c | 26 +++++++++++++------------- - src/util/debug.c | 14 +++----------- - src/util/debug.h | 8 ++++++-- - src/util/server.c | 8 ++++---- - 5 files changed, 27 insertions(+), 31 deletions(-) - -diff --git a/src/tests/cmocka/test_child_common.c b/src/tests/cmocka/test_child_common.c -index 87cae3405..9fb26412f 100644 ---- a/src/tests/cmocka/test_child_common.c -+++ b/src/tests/cmocka/test_child_common.c -@@ -163,7 +163,7 @@ static void extra_args_test(struct child_test_ctx *child_tctx, - child_pid = fork(); - assert_int_not_equal(child_pid, -1); - if (child_pid == 0) { -- debug_timestamps = 1; -+ debug_timestamps = SSSDBG_TIMESTAMP_ENABLED; - - exec_child_ex(child_tctx, - child_tctx->pipefd_to_child, -diff --git a/src/tests/debug-tests.c b/src/tests/debug-tests.c -index e27fee457..68a1fb779 100644 ---- a/src/tests/debug-tests.c -+++ b/src/tests/debug-tests.c -@@ -194,7 +194,7 @@ int test_helper_debug_check_message(int level) - } - msg[fsize] = '\0'; - -- if (debug_timestamps == 1) { -+ if (debug_timestamps == SSSDBG_TIMESTAMP_ENABLED) { - int time_hour = 0; - int time_min = 0; - int time_sec = 0; -@@ -344,8 +344,8 @@ START_TEST(test_debug_is_set_single_no_timestamp) - SSSDBG_TRACE_LDB - }; - -- debug_timestamps = 0; -- debug_microseconds = 0; -+ debug_timestamps = SSSDBG_TIMESTAMP_DISABLED; -+ debug_microseconds = SSSDBG_MICROSECONDS_DISABLED; - debug_prg_name = "sssd"; - sss_set_logger(sss_logger_str[FILES_LOGGER]); - -@@ -384,8 +384,8 @@ START_TEST(test_debug_is_set_single_timestamp) - SSSDBG_TRACE_LDB - }; - -- debug_timestamps = 1; -- debug_microseconds = 0; -+ debug_timestamps = SSSDBG_TIMESTAMP_ENABLED; -+ debug_microseconds = SSSDBG_MICROSECONDS_DISABLED; - debug_prg_name = "sssd"; - sss_set_logger(sss_logger_str[FILES_LOGGER]); - -@@ -428,8 +428,8 @@ START_TEST(test_debug_is_set_single_timestamp_microseconds) - SSSDBG_TRACE_LDB - }; - -- debug_timestamps = 1; -- debug_microseconds = 1; -+ debug_timestamps = SSSDBG_TIMESTAMP_ENABLED; -+ debug_microseconds = SSSDBG_MICROSECONDS_ENABLED; - debug_prg_name = "sssd"; - sss_set_logger(sss_logger_str[FILES_LOGGER]); - -@@ -473,8 +473,8 @@ START_TEST(test_debug_is_notset_no_timestamp) - SSSDBG_TRACE_LDB - }; - -- debug_timestamps = 0; -- debug_microseconds = 0; -+ debug_timestamps = SSSDBG_TIMESTAMP_DISABLED; -+ debug_microseconds = SSSDBG_MICROSECONDS_DISABLED; - debug_prg_name = "sssd"; - sss_set_logger(sss_logger_str[FILES_LOGGER]); - -@@ -515,8 +515,8 @@ START_TEST(test_debug_is_notset_timestamp) - SSSDBG_TRACE_LDB - }; - -- debug_timestamps = 0; -- debug_microseconds = 0; -+ debug_timestamps = SSSDBG_TIMESTAMP_DISABLED; -+ debug_microseconds = SSSDBG_MICROSECONDS_DISABLED; - debug_prg_name = "sssd"; - sss_set_logger(sss_logger_str[FILES_LOGGER]); - -@@ -557,8 +557,8 @@ START_TEST(test_debug_is_notset_timestamp_microseconds) - SSSDBG_TRACE_LDB - }; - -- debug_timestamps = 0; -- debug_microseconds = 1; -+ debug_timestamps = SSSDBG_TIMESTAMP_DISABLED; -+ debug_microseconds = SSSDBG_MICROSECONDS_ENABLED; - debug_prg_name = "sssd"; - sss_set_logger(sss_logger_str[FILES_LOGGER]); - -diff --git a/src/util/debug.c b/src/util/debug.c -index f87e85812..6f1234437 100644 ---- a/src/util/debug.c -+++ b/src/util/debug.c -@@ -103,14 +103,6 @@ void _sss_debug_init(int dbg_lvl, const char *logger) - debug_level = SSSDBG_UNRESOLVED; - } - -- if (debug_timestamps == SSSDBG_TIMESTAMP_UNRESOLVED) { -- debug_timestamps = SSSDBG_TIMESTAMP_DEFAULT; -- } -- -- if (debug_microseconds == SSSDBG_MICROSECONDS_UNRESOLVED) { -- debug_microseconds = SSSDBG_MICROSECONDS_DEFAULT; -- } -- - sss_set_logger(logger); - - /* if 'FILES_LOGGER' is requested then open log file, if it wasn't -@@ -305,8 +297,8 @@ void sss_vdebug_fn(const char *file, - } - #endif - -- if (debug_timestamps) { -- if (debug_microseconds) { -+ if (debug_timestamps == SSSDBG_TIMESTAMP_ENABLED) { -+ if (debug_microseconds == SSSDBG_MICROSECONDS_ENABLED) { - gettimeofday(&tv, NULL); - t = tv.tv_sec; - } else { -@@ -320,7 +312,7 @@ void sss_vdebug_fn(const char *file, - tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, - tm.tm_hour, tm.tm_min, tm.tm_sec); - } -- if (debug_microseconds) { -+ if (debug_microseconds == SSSDBG_MICROSECONDS_ENABLED) { - sss_debug_backtrace_printf(level, "%s:%.6ld): ", - last_time_str, tv.tv_usec); - } else { -diff --git a/src/util/debug.h b/src/util/debug.h -index 97564d43e..9d3499dbd 100644 ---- a/src/util/debug.h -+++ b/src/util/debug.h -@@ -29,10 +29,14 @@ - #include "util/util_errors.h" - - #define SSSDBG_TIMESTAMP_UNRESOLVED -1 --#define SSSDBG_TIMESTAMP_DEFAULT 1 -+#define SSSDBG_TIMESTAMP_DISABLED 0 -+#define SSSDBG_TIMESTAMP_ENABLED 1 -+#define SSSDBG_TIMESTAMP_DEFAULT SSSDBG_TIMESTAMP_ENABLED - - #define SSSDBG_MICROSECONDS_UNRESOLVED -1 --#define SSSDBG_MICROSECONDS_DEFAULT 0 -+#define SSSDBG_MICROSECONDS_DISABLED 0 -+#define SSSDBG_MICROSECONDS_ENABLED 1 -+#define SSSDBG_MICROSECONDS_DEFAULT SSSDBG_MICROSECONDS_DISABLED - - - enum sss_logger_t { -diff --git a/src/util/server.c b/src/util/server.c -index b6f450a79..4fe29f96b 100644 ---- a/src/util/server.c -+++ b/src/util/server.c -@@ -624,8 +624,8 @@ int server_setup(const char *name, int flags, - "[%s]\n", ret, strerror(ret)); - return ret; - } -- if (dt) debug_timestamps = 1; -- else debug_timestamps = 0; -+ if (dt) debug_timestamps = SSSDBG_TIMESTAMP_ENABLED; -+ else debug_timestamps = SSSDBG_TIMESTAMP_DISABLED; - } - - /* same for debug microseconds */ -@@ -639,8 +639,8 @@ int server_setup(const char *name, int flags, - "[%s]\n", ret, strerror(ret)); - return ret; - } -- if (dm) debug_microseconds = 1; -- else debug_microseconds = 0; -+ if (dm) debug_microseconds = SSSDBG_MICROSECONDS_ENABLED; -+ else debug_microseconds = SSSDBG_MICROSECONDS_DISABLED; - } - - ret = confdb_get_bool(ctx->confdb_ctx, conf_entry, --- -2.26.3 - diff --git a/SOURCES/0003-SSSD-Log-invalid_argument-msg-mod.patch b/SOURCES/0003-SSSD-Log-invalid_argument-msg-mod.patch deleted file mode 100644 index fc169b2..0000000 --- a/SOURCES/0003-SSSD-Log-invalid_argument-msg-mod.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 89a40e77a1477a3957f4ddc47890eaecbc4d5c7c Mon Sep 17 00:00:00 2001 -From: Deepak Das -Date: Sat, 19 Jun 2021 17:51:21 +0530 -Subject: [PATCH] SSSD Log: invalid_argument msg mod - -Improve invalid argument msg with additional information - -Resolves: https://github.com/SSSD/sssd/issues/5578 - -Reviewed-by: Pawel Polawski ---- - src/providers/ad/ad_gpo.c | 15 ++++++++++++--- - src/providers/ldap/sdap_idmap.c | 19 +++++++++++++++---- - 2 files changed, 27 insertions(+), 7 deletions(-) - -diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c -index 4ef6a7219..b2df3e998 100644 ---- a/src/providers/ad/ad_gpo.c -+++ b/src/providers/ad/ad_gpo.c -@@ -4742,9 +4742,18 @@ static void gpo_cse_done(struct tevent_req *subreq) - ret = ad_gpo_parse_gpo_child_response(state->buf, state->len, - &sysvol_gpt_version, &child_result); - if (ret != EOK) { -- DEBUG(SSSDBG_CRIT_FAILURE, -- "ad_gpo_parse_gpo_child_response failed: [%d][%s]\n", -- ret, sss_strerror(ret)); -+ if (ret == EINVAL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ "ad_gpo_parse_gpo_child_response failed: [%d][%s]. " -+ "Broken GPO data received from AD. Check AD child logs for " -+ "more information.\n", -+ ret, sss_strerror(ret)); -+ } else { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ "ad_gpo_parse_gpo_child_response failed: [%d][%s]\n", -+ ret, sss_strerror(ret)); -+ } -+ - tevent_req_error(req, ret); - return; - } else if (child_result != 0){ -diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c -index 22ed9d301..3795ed69a 100644 ---- a/src/providers/ldap/sdap_idmap.c -+++ b/src/providers/ldap/sdap_idmap.c -@@ -270,10 +270,21 @@ sdap_idmap_init(TALLOC_CTX *mem_ctx, - ret = sdap_idmap_add_domain(idmap_ctx, dom_name, - sid_str, slice_num); - if (ret != EOK) { -- DEBUG(SSSDBG_CRIT_FAILURE, -- "Could not add domain [%s][%s][%"SPRIid"] " -- "to ID map: [%s]\n", -- dom_name, sid_str, slice_num, strerror(ret)); -+ if (ret == EINVAL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ "Could not add domain [%s][%s][%"SPRIid"] " -+ "to ID map: [%s] " -+ "Unexpected ID map configuration. Check ID map related " -+ "parameters in sssd.conf and remove the sssd cache if " -+ "some of these parameters were changed recently.\n", -+ dom_name, sid_str, slice_num, strerror(ret)); -+ } else { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ "Could not add domain [%s][%s][%"SPRIid"] " -+ "to ID map: [%s]\n", -+ dom_name, sid_str, slice_num, strerror(ret)); -+ } -+ - goto done; - } - } --- -2.26.3 - diff --git a/SOURCES/0004-KCM-Unset-_SSS_LOOPS.patch b/SOURCES/0004-KCM-Unset-_SSS_LOOPS.patch deleted file mode 100644 index cae2396..0000000 --- a/SOURCES/0004-KCM-Unset-_SSS_LOOPS.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 9e47bb98ce8904300e8e8ec38a5c988c3d280969 Mon Sep 17 00:00:00 2001 -From: Justin Stephenson -Date: Thu, 10 Jun 2021 09:37:52 -0400 -Subject: [PATCH] KCM: Unset _SSS_LOOPS - -Since sssd_kcm is working independently of other SSSD components, -especially the nss responder, and the kcm client side in libkrb5 of -course does not check for _SSS_LOOPS to protect sssd_kcm from calling -into itself the variable is not needed. - -This allows repeated getpwuid() calls in KCM renewals code to succeed. - -Reviewed-by: Alexey Tikhonov ---- - src/responder/kcm/kcm.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c -index 9be56b0b8..09578c0cb 100644 ---- a/src/responder/kcm/kcm.c -+++ b/src/responder/kcm/kcm.c -@@ -268,6 +268,12 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx, - kctx->rctx = rctx; - kctx->rctx->pvt_ctx = kctx; - -+ /* KCM operates independently, getpw* recursion is not a concern */ -+ ret = unsetenv("_SSS_LOOPS"); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS"); -+ } -+ - ret = kcm_get_config(kctx); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting KCM config\n"); --- -2.26.3 - diff --git a/SOURCES/0005-kcm-terminate-client-on-bad-message.patch b/SOURCES/0005-kcm-terminate-client-on-bad-message.patch deleted file mode 100644 index dd5d98f..0000000 --- a/SOURCES/0005-kcm-terminate-client-on-bad-message.patch +++ /dev/null @@ -1,59 +0,0 @@ -From a6e5d53a358f3871d8ae646b252250d215d09883 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 16 Jun 2021 15:28:28 +0200 -Subject: [PATCH] kcm: terminate client on bad message - -The debug message clearly says that the original intention was to -abort the client, not send an error message. - -We may end up in a state where we get into an infinit loop, fo example -when the client send an message that indicates 0 lenght, but there is -actually more data written. In this case, we never read the rest of the -message but the file descriptor is still readable so the fd handler gets -fired again and again. - -More information can be seen in relevant FreeIPA ticket: -https://pagure.io/freeipa/issue/8877 - -Reviewed-by: Alexey Tikhonov -Reviewed-by: Pawel Polawski ---- - src/responder/kcm/kcmsrv_cmd.c | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c -index 49518920b..9b27bbdcc 100644 ---- a/src/responder/kcm/kcmsrv_cmd.c -+++ b/src/responder/kcm/kcmsrv_cmd.c -@@ -548,7 +548,8 @@ static void kcm_recv(struct cli_ctx *cctx) - DEBUG(SSSDBG_FATAL_FAILURE, - "Failed to parse data (%d, %s), aborting client\n", - ret, sss_strerror(ret)); -- goto fail; -+ talloc_free(cctx); -+ return; - } - - /* do not read anymore, client is done sending */ -@@ -559,15 +560,13 @@ static void kcm_recv(struct cli_ctx *cctx) - DEBUG(SSSDBG_FATAL_FAILURE, - "Failed to dispatch KCM operation [%d]: %s\n", - ret, sss_strerror(ret)); -- goto fail; -+ /* Fail with reply */ -+ kcm_reply_error(cctx, ret, &req->repbuf); -+ return; - } - - /* Dispatched request resumes in kcm_cmd_request_done */ - return; -- --fail: -- /* Fail with reply */ -- kcm_reply_error(cctx, ret, &req->repbuf); - } - - static int kcm_send_data(struct cli_ctx *cctx) --- -2.26.3 - diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec index 989b4a0..34fb426 100644 --- a/SPECS/sssd.spec +++ b/SPECS/sssd.spec @@ -18,8 +18,8 @@ %global enable_systemtap_opt --enable-systemtap Name: sssd -Version: 2.5.1 -Release: 2%{?dist} +Version: 2.5.2 +Release: 1%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -27,11 +27,7 @@ URL: https://github.com/SSSD/sssd Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz ### Patches ### -Patch0001: 0001-fix-log-levels.patch -Patch0002: 0002-DEBUG-don-t-reset-debug_timestamps-microseconds-to-D.patch -Patch0003: 0003-SSSD-Log-invalid_argument-msg-mod.patch -Patch0004: 0004-KCM-Unset-_SSS_LOOPS.patch -Patch0005: 0005-kcm-terminate-client-on-bad-message.patch +#Patch0001: ### Downstream Patches ### @@ -802,7 +798,7 @@ done %dir %{_sysconfdir}/rwtab.d %config(noreplace) %{_sysconfdir}/rwtab.d/sssd %dir %{_datadir}/sssd -%{_sysconfdir}/pam.d/sssd-shadowutils +%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils %dir %{_libdir}/%{name}/conf %{_libdir}/%{name}/conf/sssd.conf @@ -1147,6 +1143,15 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Mon Jul 12 2021 Alexey Tikhonov - 2.5.2-1 +- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 +- Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU +- Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` +- Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling +- Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address +- Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group +- Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade + * Mon Jun 21 2021 Alexey Tikhonov - 2.5.1-2 - Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument