diff --git a/.gitignore b/.gitignore index c24cfdc..ea989c1 100644 --- a/.gitignore +++ b/.gitignore @@ -68,3 +68,4 @@ sssd-1.2.91.tar.gz /sssd-1.13.2.tar.gz /sssd-1.13.3.tar.gz /sssd-1.13.4.tar.gz +/sssd-1.14.0alpha.tar.gz diff --git a/0001-IPA-terminate-properly-if-view-name-lookup-fails.patch b/0001-IPA-terminate-properly-if-view-name-lookup-fails.patch deleted file mode 100644 index c1720dc..0000000 --- a/0001-IPA-terminate-properly-if-view-name-lookup-fails.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d3fd5365fb9fad89af47e17da35cef1a34aff1d3 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 19 Apr 2016 15:07:18 +0200 -Subject: [PATCH] IPA: terminate properly if view name lookup fails - -Since commit 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 the view name -lookup is the last step in the subdomain lookup request. In case of an -error the request should be finished and no previous step should be -called again. - -Resolves https://fedorahosted.org/sssd/ticket/2993 - -Reviewed-by: Jakub Hrozek -(cherry picked from commit 57d8b4b9254442a568838cb60ea16068965f2df0) ---- - src/providers/ipa/ipa_subdomains.c | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - -diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c -index cb5a23bfb8043e620061e11d5e567d3e39eab6e3..62796b8d15682aedb952b9c46561867d82684b80 100644 ---- a/src/providers/ipa/ipa_subdomains.c -+++ b/src/providers/ipa/ipa_subdomains.c -@@ -840,13 +840,7 @@ static void ipa_get_view_name_done(struct tevent_req *req) - if (ret == EOPNOTSUPP || ret == EIO) { - DEBUG(SSSDBG_TRACE_FUNC, "get_view_name request failed, looks " \ - "like server does not support views.\n"); -- ret = ipa_check_master(ctx); -- if (ret == EAGAIN) { -- return; -- } else if (ret != EOK) { -- goto done; -- } -- -+ ret = EOK; - } else { - DEBUG(SSSDBG_OP_FAILURE, "get_view_name request failed.\n"); - } --- -2.7.3 - diff --git a/0002-UTIL-Add-ERR_SBUS_REQUEST_HANDLED.patch b/0002-UTIL-Add-ERR_SBUS_REQUEST_HANDLED.patch deleted file mode 100644 index 0352f29..0000000 --- a/0002-UTIL-Add-ERR_SBUS_REQUEST_HANDLED.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 33abcf8b0ba5c71369c1c12f91b89e6f6a0143c3 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 27 Apr 2016 11:11:31 +0200 -Subject: [PATCH 2/3] UTIL: Add ERR_SBUS_REQUEST_HANDLED -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In most cases when sbus request parsing finishes, the request is handled -internally and a reply is sent to the caller. However, in handlers that -are parsed and handled completely manually, we might want to be notified -about this case so that the called of sbus_request_parse_or_finish() -aborts the request and doesn't proceed with using the sbus request which -is already freed internally in sbus_request_parse_or_finish(). - -Reviewed-by: Pavel Březina -(cherry picked from commit 406a7e5b731ae79084dce00021e01ebe7b7d724a) ---- - src/sbus/sssd_dbus_request.c | 1 + - src/util/util_errors.c | 1 + - src/util/util_errors.h | 1 + - 3 files changed, 3 insertions(+) - -diff --git a/src/sbus/sssd_dbus_request.c b/src/sbus/sssd_dbus_request.c -index aa57f6b6587183a9edd7764d123e82b01b5f6070..c71a79b1f06c92c25f8bb836b5bf815c056d3912 100644 ---- a/src/sbus/sssd_dbus_request.c -+++ b/src/sbus/sssd_dbus_request.c -@@ -74,6 +74,7 @@ sbus_request_invoke_or_finish(struct sbus_request *dbus_req, - } - - switch(ret) { -+ case ERR_SBUS_REQUEST_HANDLED: - case EOK: - return; - case ENOMEM: -diff --git a/src/util/util_errors.c b/src/util/util_errors.c -index 59ae63ab8d6e834a772349b162bf282f9a4f1c72..c998e14c26e43c3cd6a5a060bb6f74698b9e93ae 100644 ---- a/src/util/util_errors.c -+++ b/src/util/util_errors.c -@@ -84,6 +84,7 @@ struct err_string error_to_str[] = { - { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */ - { "Account is locked" }, /* ERR_ACCOUNT_LOCKED */ - { "AD renewal child failed" }, /* ERR_RENEWAL_CHILD */ -+ { "SBUS request already handled" }, /* ERR_SBUS_REQUEST_HANDLED */ - { "ERR_LAST" } /* ERR_LAST */ - }; - -diff --git a/src/util/util_errors.h b/src/util/util_errors.h -index 05791f2f08f107a8b4830b810b8826983763174f..c0d9622a431a9946fdfa5e5c60ecf7b9e1ae66a5 100644 ---- a/src/util/util_errors.h -+++ b/src/util/util_errors.h -@@ -106,6 +106,7 @@ enum sssd_errors { - ERR_SUBDOM_INACTIVE, - ERR_ACCOUNT_LOCKED, - ERR_RENEWAL_CHILD, -+ ERR_SBUS_REQUEST_HANDLED, - ERR_LAST /* ALWAYS LAST */ - }; - --- -2.7.4 - diff --git a/0003-IFP-Do-not-crash-on-invalid-arguments-to-GetUserAttr.patch b/0003-IFP-Do-not-crash-on-invalid-arguments-to-GetUserAttr.patch deleted file mode 100644 index ee48f19..0000000 --- a/0003-IFP-Do-not-crash-on-invalid-arguments-to-GetUserAttr.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 2dcfe9ba33d65aa08373f84a31065597413fc762 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 10 May 2016 12:24:44 +0200 -Subject: [PATCH 3/3] IFP: Do not crash on invalid arguments to GetUserAttr -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reviewed-by: Pavel Březina -(cherry picked from commit 7ff6858b18fb463bc446797aa860960d5165fe9e) ---- - src/responder/ifp/ifpsrv_cmd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c -index ab6156fd6c92e8fd8176da6664cd6b79eb3f5a97..624db5f9f16b7f864dc2df67f7a62983686d8e29 100644 ---- a/src/responder/ifp/ifpsrv_cmd.c -+++ b/src/responder/ifp/ifpsrv_cmd.c -@@ -83,7 +83,7 @@ int ifp_user_get_attr(struct sbus_request *dbus_req, void *data) - - ret = ifp_user_get_attr_unpack_msg(attr_req); - if (ret != EOK) { -- return ret; /* handled internally */ -+ return ret; /* internal error */ - } - - DEBUG(SSSDBG_FUNC_DATA, -@@ -117,7 +117,7 @@ ifp_user_get_attr_unpack_msg(struct ifp_attr_req *attr_req) - DBUS_TYPE_INVALID); - if (parsed == false) { - DEBUG(SSSDBG_OP_FAILURE, "Could not parse arguments\n"); -- return EOK; /* handled */ -+ return ERR_SBUS_REQUEST_HANDLED; - } - - /* Copy the attributes to maintain memory hierarchy with talloc */ --- -2.7.4 - diff --git a/1001-Netlink-Ignore-RTM_NEWADDR-signals-from-link-local.patch b/1001-Netlink-Ignore-RTM_NEWADDR-signals-from-link-local.patch deleted file mode 100644 index 7baa2d4..0000000 --- a/1001-Netlink-Ignore-RTM_NEWADDR-signals-from-link-local.patch +++ /dev/null @@ -1,88 +0,0 @@ -From fcb8b9bdfa4eed9958e536e8afc8ec9ec7303002 Mon Sep 17 00:00:00 2001 -From: Stephen Gallagher -Date: Tue, 5 Apr 2016 12:43:49 -0400 -Subject: [PATCH] Netlink: Ignore RTM_NEWADDR signals from link-local - -We only need to go online if we receive a netlink signal that might -indicate that the external connection might have become available. This -will never be true for link-local addresses. - -Reviewed-by: Jakub Hrozek -(cherry picked from commit a9d1b4b61b614a954c784f224b8fe7a47b6dd206) ---- - src/monitor/monitor_netlink.c | 50 +++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 50 insertions(+) - -diff --git a/src/monitor/monitor_netlink.c b/src/monitor/monitor_netlink.c -index 7e6f8cbbd3c4815fb2c9991698ecfd4ee5deeeef..22262949c67744493dfa722ff38257a75a5b8291 100644 ---- a/src/monitor/monitor_netlink.c -+++ b/src/monitor/monitor_netlink.c -@@ -669,8 +669,13 @@ static void addr_msg_debug_print(struct rtnl_addr *addr_obj) - - static void addr_msg_handler(struct nl_object *obj, void *arg) - { -+ int err; - struct netlink_ctx *ctx = (struct netlink_ctx *) arg; - struct rtnl_addr *addr_obj; -+ struct nl_addr *local_addr; -+ struct sockaddr_in sa4; -+ struct sockaddr_in6 sa6; -+ socklen_t salen; - - if (!nlw_is_addr_object(obj)) return; - -@@ -679,6 +684,51 @@ static void addr_msg_handler(struct nl_object *obj, void *arg) - addr_msg_debug_print(addr_obj); - } - -+ local_addr = rtnl_addr_get_local(addr_obj); -+ if (local_addr == NULL) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Received RTM_NEWADDR with no address\n"); -+ return; -+ } -+ -+ switch (nl_addr_get_family(local_addr)) { -+ case AF_INET6: -+ salen = sizeof(struct sockaddr_in6); -+ err = nl_addr_fill_sockaddr(local_addr, -+ (struct sockaddr *) &sa6, -+ &salen); -+ if (err < 0) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Unknown error in nl_addr_fill_sockaddr\n"); -+ return; -+ } -+ -+ if (!check_ipv6_addr(&sa6.sin6_addr, SSS_NO_SPECIAL)) { -+ DEBUG(SSSDBG_TRACE_LIBS, "Ignoring special address.\n"); -+ return; -+ } -+ break; -+ -+ case AF_INET: -+ salen = sizeof(struct sockaddr_in); -+ err = nl_addr_fill_sockaddr(local_addr, -+ (struct sockaddr *) &sa4, -+ &salen); -+ if (err < 0) { -+ DEBUG(SSSDBG_MINOR_FAILURE, -+ "Unknown error in nl_addr_fill_sockaddr\n"); -+ return; -+ } -+ if (check_ipv4_addr(&sa4.sin_addr, SSS_NO_SPECIAL)) { -+ DEBUG(SSSDBG_TRACE_LIBS, "Ignoring special address.\n"); -+ return; -+ } -+ break; -+ default: -+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown address family\n"); -+ return; -+ } -+ - ctx->change_cb(ctx->cb_data); - } - --- -2.7.3 - diff --git a/sources b/sources index a97dce0..3cab944 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d147e0a4f4719d993693c6a99370b350 sssd-1.13.4.tar.gz +11b107740e84918ea652e3b82a0cfe4f sssd-1.14.0alpha.tar.gz diff --git a/sssd.spec b/sssd.spec index 4065603..60ca010 100644 --- a/sssd.spec +++ b/sssd.spec @@ -14,6 +14,7 @@ %global with_krb5_localauth_plugin 1 + %global enable_systemtap_opt --enable-systemtap %global libwbc_alternatives_version 0.12 %global libwbc_lib_version %{libwbc_alternatives_version}.0 @@ -23,20 +24,16 @@ %endif Name: sssd -Version: 1.13.4 -Release: 3%{?dist} +Version: 1.14.0 +Release: 1%{?dist}.alpha Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ URL: http://fedorahosted.org/sssd/ -Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz +Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}alpha.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### -Patch0001: 0001-IPA-terminate-properly-if-view-name-lookup-fails.patch -Patch0002: 0002-UTIL-Add-ERR_SBUS_REQUEST_HANDLED.patch -Patch0003: 0003-IFP-Do-not-crash-on-invalid-arguments-to-GetUserAttr.patch -Patch1001: 1001-Netlink-Ignore-RTM_NEWADDR-signals-from-link-local.patch ### Dependencies ### @@ -108,6 +105,7 @@ BuildRequires: cifs-utils-devel BuildRequires: libnfsidmap-devel BuildRequires: samba4-devel >= 4.0.0-59beta2 BuildRequires: libsmbclient-devel +BuildRequires: systemtap-sdt-devel %description Provides a set of daemons to manage access to remote directories and @@ -520,7 +518,7 @@ UpdateTimestamps() { done } -%setup -q +%setup -q -n %{name}-1.13.90 for p in %patches ; do %__patch -p1 -i $p @@ -548,6 +546,7 @@ autoreconf -ivf --with-syslog=journald \ --enable-sss-default-nss-plugin \ %{?with_cifs_utils_plugin_option} \ + %{?enable_systemtap_opt} \ make %{?_smp_mflags} all docs @@ -728,6 +727,9 @@ done %dir %{_sysconfdir}/rwtab.d %config(noreplace) %{_sysconfdir}/rwtab.d/sssd %dir %{_datadir}/sssd +%{_sysconfdir}/pam.d/sssd-shadowutils +%{_libdir}/%{name}/conf/sssd.conf + %{_datadir}/sssd/sssd.api.conf %{_datadir}/sssd/sssd.api.d %{_mandir}/man1/sss_ssh_authorizedkeys.1* @@ -738,6 +740,14 @@ done %{_mandir}/man5/sss_rpcidmapd.5* %{_mandir}/man8/sssd.8* %{_mandir}/man8/sss_cache.8* +%dir %{_datadir}/sssd/systemtap +%{_datadir}/sssd/systemtap/id_perf.stp +%{_datadir}/sssd/systemtap/nested_group_perf.stp +%dir %{_datadir}/systemtap +%dir %{_datadir}/systemtap/tapset +%{_datadir}/systemtap/tapset/sssd.stp +%{_datadir}/systemtap/tapset/sssd_functions.stp + %files ldap -f sssd_ldap.lang %defattr(-,root,root,-) @@ -1032,6 +1042,10 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog +* Tue Jun 21 2016 Lukas Slebodnik - 1.14.0-1.alpha +- New upstream release 1.14 alpha +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha + * Fri May 13 2016 Lukas Slebodnik - 1.13.4-3 - Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV