rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import sssd-2.5.2-1.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-07-22 16:21:25 +00:00 committed by Andrew Lukoshko
parent 40a7bf0075
commit 7915a33e06
8 changed files with 15 additions and 547 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/sssd-2.5.1.tar.gz SOURCES/sssd-2.5.2.tar.gz

2
.sssd.metadata
View File

@ -1 +1 @@
cda4b8fd8a6862cbc315cd178b942e4b8313f654 SOURCES/sssd-2.5.1.tar.gz 680a282289fdfc6e27562e0ac82933ccd1f9574e SOURCES/sssd-2.5.2.tar.gz

169
SOURCES/0001-fix-log-levels.patch
View File

@ -1,169 +0,0 @@
From 75a5e1c7a80eaa921cb0b0531d685c9c7ed12127 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 14 Jun 2021 21:25:23 +0200
Subject: [PATCH 1/4] krb5_child: reduce log severity in sss_send_pac() in case
PAC responder isn't running.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/providers/krb5/krb5_child.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 713e90f83..4e55d9a37 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -223,7 +223,10 @@ static errno_t sss_send_pac(krb5_authdata **pac_authdata)
ret = sss_pac_make_request(SSS_PAC_ADD_PAC_USER, &sss_data,
NULL, NULL, &errnop);
- if (ret != NSS_STATUS_SUCCESS || errnop != 0) {
+ if (ret == NSS_STATUS_UNAVAIL) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "failed to contact PAC responder\n");
+ return EIO;
+ } else if (ret != NSS_STATUS_SUCCESS || errnop != 0) {
DEBUG(SSSDBG_OP_FAILURE, "sss_pac_make_request failed [%d][%d].\n",
ret, errnop);
return EIO;
--
2.26.3
From 9cfcbe6edc451d7187e0a89a6a5bd7125a10f1c8 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 14 Jun 2021 21:47:52 +0200
Subject: [PATCH 2/4] secrets: reduce log severity in local_db_create() in case
entry already exists since this is expected during normal oprations.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/util/secrets/secrets.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/secrets/secrets.c b/src/util/secrets/secrets.c
index 6e99e291d..f12b615f8 100644
--- a/src/util/secrets/secrets.c
+++ b/src/util/secrets/secrets.c
@@ -476,7 +476,7 @@ static int local_db_create(struct sss_sec_req *req)
ret = ldb_add(req->sctx->ldb, msg);
if (ret != LDB_SUCCESS) {
if (ret == LDB_ERR_ENTRY_ALREADY_EXISTS) {
- DEBUG(SSSDBG_OP_FAILURE,
+ DEBUG(SSSDBG_FUNC_DATA,
"Secret %s already exists\n", ldb_dn_get_linearized(msg->dn));
} else {
DEBUG(SSSDBG_CRIT_FAILURE,
--
2.26.3
From 32a1fbfb262ea9657fa268f7ce09ef6e942b0829 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 14 Jun 2021 21:56:16 +0200
Subject: [PATCH 3/4] KCM: use SSSDBG_MINOR_FAILURE for
ERR_KCM_OP_NOT_IMPLEMENTED
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/responder/kcm/kcmsrv_cmd.c | 13 +++++++++----
src/responder/kcm/kcmsrv_ops.c | 2 +-
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c
index 3ad17ef43..49518920b 100644
--- a/src/responder/kcm/kcmsrv_cmd.c
+++ b/src/responder/kcm/kcmsrv_cmd.c
@@ -195,7 +195,7 @@ static errno_t kcm_input_parse(struct kcm_reqbuf *reqbuf,
op_io->op = kcm_get_opt(be16toh(opcode_be));
if (op_io->op == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
+ DEBUG(SSSDBG_MINOR_FAILURE,
"Did not find a KCM operation handler for the requested opcode\n");
return ERR_KCM_OP_NOT_IMPLEMENTED;
}
@@ -312,7 +312,8 @@ static void kcm_reply_error(struct cli_ctx *cctx,
errno_t ret;
krb5_error_code kerr;
- DEBUG(SSSDBG_OP_FAILURE,
+ DEBUG(retcode == ERR_KCM_OP_NOT_IMPLEMENTED ?
+ SSSDBG_MINOR_FAILURE : SSSDBG_OP_FAILURE,
"KCM operation returns failure [%d]: %s\n",
retcode, sss_strerror(retcode));
kerr = sss2krb5_error(retcode);
@@ -405,8 +406,12 @@ static void kcm_cmd_request_done(struct tevent_req *req)
&req_ctx->op_io.reply);
talloc_free(req);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
- "KCM operation failed [%d]: %s\n", ret, sss_strerror(ret));
+ if (ret == ERR_KCM_OP_NOT_IMPLEMENTED) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "%s\n", sss_strerror(ret));
+ } else {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "KCM operation failed [%d]: %s\n", ret, sss_strerror(ret));
+ }
kcm_reply_error(req_ctx->cctx, ret, &req_ctx->repbuf);
return;
}
diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c
index a8f49cedb..f7f80d850 100644
--- a/src/responder/kcm/kcmsrv_ops.c
+++ b/src/responder/kcm/kcmsrv_ops.c
@@ -122,7 +122,7 @@ struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx,
}
if (op->fn_send == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
+ DEBUG(SSSDBG_MINOR_FAILURE,
"KCM op %s has no handler\n", kcm_opt_name(op));
ret = ERR_KCM_OP_NOT_IMPLEMENTED;
goto immediate;
--
2.26.3
From 5ead448c859860a4eb57a529a5b85eca1815e73a Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 14 Jun 2021 22:04:21 +0200
Subject: [PATCH 4/4] KCM: reduce log severity in sec_get() in case entry not
found
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/responder/kcm/kcmsrv_ccache_secdb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c
index 6c8c35b86..4631bfea0 100644
--- a/src/responder/kcm/kcmsrv_ccache_secdb.c
+++ b/src/responder/kcm/kcmsrv_ccache_secdb.c
@@ -58,7 +58,7 @@ static errno_t sec_get(TALLOC_CTX *mem_ctx,
ret = sss_sec_get(tmp_ctx, req, &data, &len, &datatype);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
+ DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot retrieve the secret [%d]: %s\n", ret, sss_strerror(ret));
goto done;
}
--
2.26.3

198
SOURCES/0002-DEBUG-don-t-reset-debug_timestamps-microseconds-to-D.patch
View File

@ -1,198 +0,0 @@
From 8dba7476922856e3a0f6cb935570df47b51917f1 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 18 Jun 2021 21:56:53 +0200
Subject: [PATCH] DEBUG: don't reset debug_timestamps/microseconds to DEFAULT
in `_sss_debug_init()`.
Otherwise `server_setup()` skips reading config settings.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
---
src/tests/cmocka/test_child_common.c | 2 +-
src/tests/debug-tests.c | 26 +++++++++++++-------------
src/util/debug.c | 14 +++-----------
src/util/debug.h | 8 ++++++--
src/util/server.c | 8 ++++----
5 files changed, 27 insertions(+), 31 deletions(-)
diff --git a/src/tests/cmocka/test_child_common.c b/src/tests/cmocka/test_child_common.c
index 87cae3405..9fb26412f 100644
--- a/src/tests/cmocka/test_child_common.c
+++ b/src/tests/cmocka/test_child_common.c
@@ -163,7 +163,7 @@ static void extra_args_test(struct child_test_ctx *child_tctx,
child_pid = fork();
assert_int_not_equal(child_pid, -1);
if (child_pid == 0) {
- debug_timestamps = 1;
+ debug_timestamps = SSSDBG_TIMESTAMP_ENABLED;
exec_child_ex(child_tctx,
child_tctx->pipefd_to_child,
diff --git a/src/tests/debug-tests.c b/src/tests/debug-tests.c
index e27fee457..68a1fb779 100644
--- a/src/tests/debug-tests.c
+++ b/src/tests/debug-tests.c
@@ -194,7 +194,7 @@ int test_helper_debug_check_message(int level)
}
msg[fsize] = '\0';
- if (debug_timestamps == 1) {
+ if (debug_timestamps == SSSDBG_TIMESTAMP_ENABLED) {
int time_hour = 0;
int time_min = 0;
int time_sec = 0;
@@ -344,8 +344,8 @@ START_TEST(test_debug_is_set_single_no_timestamp)
SSSDBG_TRACE_LDB
};
- debug_timestamps = 0;
- debug_microseconds = 0;
+ debug_timestamps = SSSDBG_TIMESTAMP_DISABLED;
+ debug_microseconds = SSSDBG_MICROSECONDS_DISABLED;
debug_prg_name = "sssd";
sss_set_logger(sss_logger_str[FILES_LOGGER]);
@@ -384,8 +384,8 @@ START_TEST(test_debug_is_set_single_timestamp)
SSSDBG_TRACE_LDB
};
- debug_timestamps = 1;
- debug_microseconds = 0;
+ debug_timestamps = SSSDBG_TIMESTAMP_ENABLED;
+ debug_microseconds = SSSDBG_MICROSECONDS_DISABLED;
debug_prg_name = "sssd";
sss_set_logger(sss_logger_str[FILES_LOGGER]);
@@ -428,8 +428,8 @@ START_TEST(test_debug_is_set_single_timestamp_microseconds)
SSSDBG_TRACE_LDB
};
- debug_timestamps = 1;
- debug_microseconds = 1;
+ debug_timestamps = SSSDBG_TIMESTAMP_ENABLED;
+ debug_microseconds = SSSDBG_MICROSECONDS_ENABLED;
debug_prg_name = "sssd";
sss_set_logger(sss_logger_str[FILES_LOGGER]);
@@ -473,8 +473,8 @@ START_TEST(test_debug_is_notset_no_timestamp)
SSSDBG_TRACE_LDB
};
- debug_timestamps = 0;
- debug_microseconds = 0;
+ debug_timestamps = SSSDBG_TIMESTAMP_DISABLED;
+ debug_microseconds = SSSDBG_MICROSECONDS_DISABLED;
debug_prg_name = "sssd";
sss_set_logger(sss_logger_str[FILES_LOGGER]);
@@ -515,8 +515,8 @@ START_TEST(test_debug_is_notset_timestamp)
SSSDBG_TRACE_LDB
};
- debug_timestamps = 0;
- debug_microseconds = 0;
+ debug_timestamps = SSSDBG_TIMESTAMP_DISABLED;
+ debug_microseconds = SSSDBG_MICROSECONDS_DISABLED;
debug_prg_name = "sssd";
sss_set_logger(sss_logger_str[FILES_LOGGER]);
@@ -557,8 +557,8 @@ START_TEST(test_debug_is_notset_timestamp_microseconds)
SSSDBG_TRACE_LDB
};
- debug_timestamps = 0;
- debug_microseconds = 1;
+ debug_timestamps = SSSDBG_TIMESTAMP_DISABLED;
+ debug_microseconds = SSSDBG_MICROSECONDS_ENABLED;
debug_prg_name = "sssd";
sss_set_logger(sss_logger_str[FILES_LOGGER]);
diff --git a/src/util/debug.c b/src/util/debug.c
index f87e85812..6f1234437 100644
--- a/src/util/debug.c
+++ b/src/util/debug.c
@@ -103,14 +103,6 @@ void _sss_debug_init(int dbg_lvl, const char *logger)
debug_level = SSSDBG_UNRESOLVED;
}
- if (debug_timestamps == SSSDBG_TIMESTAMP_UNRESOLVED) {
- debug_timestamps = SSSDBG_TIMESTAMP_DEFAULT;
- }
-
- if (debug_microseconds == SSSDBG_MICROSECONDS_UNRESOLVED) {
- debug_microseconds = SSSDBG_MICROSECONDS_DEFAULT;
- }
-
sss_set_logger(logger);
/* if 'FILES_LOGGER' is requested then open log file, if it wasn't
@@ -305,8 +297,8 @@ void sss_vdebug_fn(const char *file,
}
#endif
- if (debug_timestamps) {
- if (debug_microseconds) {
+ if (debug_timestamps == SSSDBG_TIMESTAMP_ENABLED) {
+ if (debug_microseconds == SSSDBG_MICROSECONDS_ENABLED) {
gettimeofday(&tv, NULL);
t = tv.tv_sec;
} else {
@@ -320,7 +312,7 @@ void sss_vdebug_fn(const char *file,
tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
tm.tm_hour, tm.tm_min, tm.tm_sec);
}
- if (debug_microseconds) {
+ if (debug_microseconds == SSSDBG_MICROSECONDS_ENABLED) {
sss_debug_backtrace_printf(level, "%s:%.6ld): ",
last_time_str, tv.tv_usec);
} else {
diff --git a/src/util/debug.h b/src/util/debug.h
index 97564d43e..9d3499dbd 100644
--- a/src/util/debug.h
+++ b/src/util/debug.h
@@ -29,10 +29,14 @@
#include "util/util_errors.h"
#define SSSDBG_TIMESTAMP_UNRESOLVED -1
-#define SSSDBG_TIMESTAMP_DEFAULT 1
+#define SSSDBG_TIMESTAMP_DISABLED 0
+#define SSSDBG_TIMESTAMP_ENABLED 1
+#define SSSDBG_TIMESTAMP_DEFAULT SSSDBG_TIMESTAMP_ENABLED
#define SSSDBG_MICROSECONDS_UNRESOLVED -1
-#define SSSDBG_MICROSECONDS_DEFAULT 0
+#define SSSDBG_MICROSECONDS_DISABLED 0
+#define SSSDBG_MICROSECONDS_ENABLED 1
+#define SSSDBG_MICROSECONDS_DEFAULT SSSDBG_MICROSECONDS_DISABLED
enum sss_logger_t {
diff --git a/src/util/server.c b/src/util/server.c
index b6f450a79..4fe29f96b 100644
--- a/src/util/server.c
+++ b/src/util/server.c
@@ -624,8 +624,8 @@ int server_setup(const char *name, int flags,
"[%s]\n", ret, strerror(ret));
return ret;
}
- if (dt) debug_timestamps = 1;
- else debug_timestamps = 0;
+ if (dt) debug_timestamps = SSSDBG_TIMESTAMP_ENABLED;
+ else debug_timestamps = SSSDBG_TIMESTAMP_DISABLED;
}
/* same for debug microseconds */
@@ -639,8 +639,8 @@ int server_setup(const char *name, int flags,
"[%s]\n", ret, strerror(ret));
return ret;
}
- if (dm) debug_microseconds = 1;
- else debug_microseconds = 0;
+ if (dm) debug_microseconds = SSSDBG_MICROSECONDS_ENABLED;
+ else debug_microseconds = SSSDBG_MICROSECONDS_DISABLED;
}
ret = confdb_get_bool(ctx->confdb_ctx, conf_entry,
--
2.26.3

74
SOURCES/0003-SSSD-Log-invalid_argument-msg-mod.patch
View File

@ -1,74 +0,0 @@
From 89a40e77a1477a3957f4ddc47890eaecbc4d5c7c Mon Sep 17 00:00:00 2001
From: Deepak Das <ddas@redhat.com>
Date: Sat, 19 Jun 2021 17:51:21 +0530
Subject: [PATCH] SSSD Log: invalid_argument msg mod
Improve invalid argument msg with additional information
Resolves: https://github.com/SSSD/sssd/issues/5578
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
---
src/providers/ad/ad_gpo.c | 15 ++++++++++++---
src/providers/ldap/sdap_idmap.c | 19 +++++++++++++++----
2 files changed, 27 insertions(+), 7 deletions(-)
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 4ef6a7219..b2df3e998 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -4742,9 +4742,18 @@ static void gpo_cse_done(struct tevent_req *subreq)
ret = ad_gpo_parse_gpo_child_response(state->buf, state->len,
&sysvol_gpt_version, &child_result);
if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "ad_gpo_parse_gpo_child_response failed: [%d][%s]\n",
- ret, sss_strerror(ret));
+ if (ret == EINVAL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ad_gpo_parse_gpo_child_response failed: [%d][%s]. "
+ "Broken GPO data received from AD. Check AD child logs for "
+ "more information.\n",
+ ret, sss_strerror(ret));
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "ad_gpo_parse_gpo_child_response failed: [%d][%s]\n",
+ ret, sss_strerror(ret));
+ }
+
tevent_req_error(req, ret);
return;
} else if (child_result != 0){
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index 22ed9d301..3795ed69a 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -270,10 +270,21 @@ sdap_idmap_init(TALLOC_CTX *mem_ctx,
ret = sdap_idmap_add_domain(idmap_ctx, dom_name,
sid_str, slice_num);
if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Could not add domain [%s][%s][%"SPRIid"] "
- "to ID map: [%s]\n",
- dom_name, sid_str, slice_num, strerror(ret));
+ if (ret == EINVAL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not add domain [%s][%s][%"SPRIid"] "
+ "to ID map: [%s] "
+ "Unexpected ID map configuration. Check ID map related "
+ "parameters in sssd.conf and remove the sssd cache if "
+ "some of these parameters were changed recently.\n",
+ dom_name, sid_str, slice_num, strerror(ret));
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Could not add domain [%s][%s][%"SPRIid"] "
+ "to ID map: [%s]\n",
+ dom_name, sid_str, slice_num, strerror(ret));
+ }
+
goto done;
}
}
--
2.26.3

37
SOURCES/0004-KCM-Unset-_SSS_LOOPS.patch
View File

@ -1,37 +0,0 @@
From 9e47bb98ce8904300e8e8ec38a5c988c3d280969 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstephen@redhat.com>
Date: Thu, 10 Jun 2021 09:37:52 -0400
Subject: [PATCH] KCM: Unset _SSS_LOOPS
Since sssd_kcm is working independently of other SSSD components,
especially the nss responder, and the kcm client side in libkrb5 of
course does not check for _SSS_LOOPS to protect sssd_kcm from calling
into itself the variable is not needed.
This allows repeated getpwuid() calls in KCM renewals code to succeed.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
---
src/responder/kcm/kcm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
index 9be56b0b8..09578c0cb 100644
--- a/src/responder/kcm/kcm.c
+++ b/src/responder/kcm/kcm.c
@@ -268,6 +268,12 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx,
kctx->rctx = rctx;
kctx->rctx->pvt_ctx = kctx;
+ /* KCM operates independently, getpw* recursion is not a concern */
+ ret = unsetenv("_SSS_LOOPS");
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS");
+ }
+
ret = kcm_get_config(kctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting KCM config\n");
--
2.26.3

59
SOURCES/0005-kcm-terminate-client-on-bad-message.patch
View File

@ -1,59 +0,0 @@
From a6e5d53a358f3871d8ae646b252250d215d09883 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 16 Jun 2021 15:28:28 +0200
Subject: [PATCH] kcm: terminate client on bad message
The debug message clearly says that the original intention was to
abort the client, not send an error message.
We may end up in a state where we get into an infinit loop, fo example
when the client send an message that indicates 0 lenght, but there is
actually more data written. In this case, we never read the rest of the
message but the file descriptor is still readable so the fd handler gets
fired again and again.
More information can be seen in relevant FreeIPA ticket:
https://pagure.io/freeipa/issue/8877
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
---
src/responder/kcm/kcmsrv_cmd.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c
index 49518920b..9b27bbdcc 100644
--- a/src/responder/kcm/kcmsrv_cmd.c
+++ b/src/responder/kcm/kcmsrv_cmd.c
@@ -548,7 +548,8 @@ static void kcm_recv(struct cli_ctx *cctx)
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to parse data (%d, %s), aborting client\n",
ret, sss_strerror(ret));
- goto fail;
+ talloc_free(cctx);
+ return;
}
/* do not read anymore, client is done sending */
@@ -559,15 +560,13 @@ static void kcm_recv(struct cli_ctx *cctx)
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to dispatch KCM operation [%d]: %s\n",
ret, sss_strerror(ret));
- goto fail;
+ /* Fail with reply */
+ kcm_reply_error(cctx, ret, &req->repbuf);
+ return;
}
/* Dispatched request resumes in kcm_cmd_request_done */
return;
-
-fail:
- /* Fail with reply */
- kcm_reply_error(cctx, ret, &req->repbuf);
}
static int kcm_send_data(struct cli_ctx *cctx)
--
2.26.3

21
SPECS/sssd.spec
View File

@ -18,8 +18,8 @@
%global enable_systemtap_opt --enable-systemtap %global enable_systemtap_opt --enable-systemtap
Name: sssd Name: sssd
Version: 2.5.1 Version: 2.5.2
Release: 2%{?dist} Release: 1%{?dist}
Group: Applications/System Group: Applications/System
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
@ -27,11 +27,7 @@ URL: https://github.com/SSSD/sssd
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
### Patches ### ### Patches ###
Patch0001: 0001-fix-log-levels.patch #Patch0001:
Patch0002: 0002-DEBUG-don-t-reset-debug_timestamps-microseconds-to-D.patch
Patch0003: 0003-SSSD-Log-invalid_argument-msg-mod.patch
Patch0004: 0004-KCM-Unset-_SSS_LOOPS.patch
Patch0005: 0005-kcm-terminate-client-on-bad-message.patch
### Downstream Patches ### ### Downstream Patches ###
@ -802,7 +798,7 @@ done
%dir %{_sysconfdir}/rwtab.d %dir %{_sysconfdir}/rwtab.d
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd %config(noreplace) %{_sysconfdir}/rwtab.d/sssd
%dir %{_datadir}/sssd %dir %{_datadir}/sssd
%{_sysconfdir}/pam.d/sssd-shadowutils %config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils
%dir %{_libdir}/%{name}/conf %dir %{_libdir}/%{name}/conf
%{_libdir}/%{name}/conf/sssd.conf %{_libdir}/%{name}/conf/sssd.conf
@ -1147,6 +1143,15 @@ fi
%systemd_postun_with_restart sssd.service %systemd_postun_with_restart sssd.service
%changelog %changelog
* Mon Jul 12 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-1
- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5
- Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU
- Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber`
- Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling
- Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address
- Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group
- Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade
* Mon Jun 21 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-2 * Mon Jun 21 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-2
- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken
- Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument