import sssd-2.7.3-3.el8
This commit is contained in:
parent
5e58104951
commit
a5d9962757
@ -0,0 +1,34 @@
|
|||||||
|
From 0eae0862069e4bbbdd87b809193fc873f3003cff Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Date: Tue, 16 Aug 2022 21:48:43 +0200
|
||||||
|
Subject: [PATCH 5/6] CLIENT:MC: -1 is more appropriate initial value for fd
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
||||||
|
(cherry picked from commit 579cc0b266d5f8954bc71cfcd3fe68002d681a5f)
|
||||||
|
---
|
||||||
|
src/sss_client/nss_mc.h | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h
|
||||||
|
index de1496ccc..0f88521e9 100644
|
||||||
|
--- a/src/sss_client/nss_mc.h
|
||||||
|
+++ b/src/sss_client/nss_mc.h
|
||||||
|
@@ -67,9 +67,9 @@ struct sss_cli_mc_ctx {
|
||||||
|
};
|
||||||
|
|
||||||
|
#if HAVE_PTHREAD
|
||||||
|
-#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), 1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
|
||||||
|
+#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), -1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
|
||||||
|
#else
|
||||||
|
-#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, 1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
|
||||||
|
+#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, -1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx);
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -0,0 +1,78 @@
|
|||||||
|
From d386e94ef49d95d7305a3e6578e41a2cf61dfc5c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Date: Tue, 16 Aug 2022 21:51:03 +0200
|
||||||
|
Subject: [PATCH 6/6] CLIENT:MC: pointer to the context mutex shouldn't be
|
||||||
|
touched
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Even brief window inside `sss_nss_mc_destroy_ctx()` when `mutex == NULL`
|
||||||
|
was creating a possibility for a race.
|
||||||
|
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
||||||
|
(cherry picked from commit 4ac93d9c5df59cdb7f397b4467f1c1c4822ff757)
|
||||||
|
---
|
||||||
|
src/sss_client/nss_mc.h | 4 +++-
|
||||||
|
src/sss_client/nss_mc_common.c | 20 ++++++++++----------
|
||||||
|
2 files changed, 13 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h
|
||||||
|
index 0f88521e9..9ab2736fa 100644
|
||||||
|
--- a/src/sss_client/nss_mc.h
|
||||||
|
+++ b/src/sss_client/nss_mc.h
|
||||||
|
@@ -44,7 +44,9 @@ enum sss_mc_state {
|
||||||
|
RECYCLED,
|
||||||
|
};
|
||||||
|
|
||||||
|
-/* common stuff */
|
||||||
|
+/* In the case this structure is extended, don't forget to update
|
||||||
|
+ * `SSS_CLI_MC_CTX_INITIALIZER` and `sss_nss_mc_destroy_ctx()`.
|
||||||
|
+ */
|
||||||
|
struct sss_cli_mc_ctx {
|
||||||
|
enum sss_mc_state initialized;
|
||||||
|
#if HAVE_PTHREAD
|
||||||
|
diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c
|
||||||
|
index f38a4a85a..3128861bf 100644
|
||||||
|
--- a/src/sss_client/nss_mc_common.c
|
||||||
|
+++ b/src/sss_client/nss_mc_common.c
|
||||||
|
@@ -130,25 +130,25 @@ errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx)
|
||||||
|
|
||||||
|
static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx)
|
||||||
|
{
|
||||||
|
- uint32_t active_threads = ctx->active_threads;
|
||||||
|
-#if HAVE_PTHREAD
|
||||||
|
- pthread_mutex_t *mutex = ctx->mutex;
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
if ((ctx->mmap_base != NULL) && (ctx->mmap_size != 0)) {
|
||||||
|
munmap(ctx->mmap_base, ctx->mmap_size);
|
||||||
|
}
|
||||||
|
+ ctx->mmap_base = NULL;
|
||||||
|
+ ctx->mmap_size = 0;
|
||||||
|
+
|
||||||
|
if (ctx->fd != -1) {
|
||||||
|
close(ctx->fd);
|
||||||
|
}
|
||||||
|
- memset(ctx, 0, sizeof(struct sss_cli_mc_ctx));
|
||||||
|
ctx->fd = -1;
|
||||||
|
|
||||||
|
- /* restore count of active threads */
|
||||||
|
- ctx->active_threads = active_threads;
|
||||||
|
-#if HAVE_PTHREAD
|
||||||
|
- ctx->mutex = mutex;
|
||||||
|
-#endif
|
||||||
|
+ ctx->seed = 0;
|
||||||
|
+ ctx->data_table = NULL;
|
||||||
|
+ ctx->dt_size = 0;
|
||||||
|
+ ctx->hash_table = NULL;
|
||||||
|
+ ctx->ht_size = 0;
|
||||||
|
+ ctx->initialized = UNINITIALIZED;
|
||||||
|
+ /* `mutex` and `active_threads` should be left intact */
|
||||||
|
}
|
||||||
|
|
||||||
|
static errno_t sss_nss_mc_init_ctx(const char *name,
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From f8704cc24eafe190e6c78dc21535f6029d51d647 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Justin Stephenson <jstephen@redhat.com>
|
||||||
|
Date: Mon, 15 Aug 2022 16:17:59 -0400
|
||||||
|
Subject: [PATCH] SSSCTL: Allow analyzer to work without SSSD setup
|
||||||
|
|
||||||
|
Fixes an issue when the sssctl analyzer option is
|
||||||
|
used on systems where SSSD is not running or configured. This is
|
||||||
|
an expected use case when using --logdir option to analyze external
|
||||||
|
log files.
|
||||||
|
|
||||||
|
Resolves: https://github.com/SSSD/sssd/issues/6298
|
||||||
|
|
||||||
|
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
---
|
||||||
|
src/tools/sssctl/sssctl.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
|
||||||
|
index 3816125ad..f18689f9f 100644
|
||||||
|
--- a/src/tools/sssctl/sssctl.c
|
||||||
|
+++ b/src/tools/sssctl/sssctl.c
|
||||||
|
@@ -296,7 +296,7 @@ int main(int argc, const char **argv)
|
||||||
|
SSS_TOOL_COMMAND("logs-remove", "Remove existing SSSD log files", 0, sssctl_logs_remove),
|
||||||
|
SSS_TOOL_COMMAND("logs-fetch", "Archive SSSD log files in tarball", 0, sssctl_logs_fetch),
|
||||||
|
SSS_TOOL_COMMAND("debug-level", "Change SSSD debug level", 0, sssctl_debug_level),
|
||||||
|
- SSS_TOOL_COMMAND("analyze", "Analyze logged data", 0, sssctl_analyze),
|
||||||
|
+ SSS_TOOL_COMMAND_FLAGS("analyze", "Analyze logged data", 0, sssctl_analyze, SSS_TOOL_FLAG_SKIP_CMD_INIT),
|
||||||
|
#ifdef HAVE_LIBINI_CONFIG_V1_3
|
||||||
|
SSS_TOOL_DELIMITER("Configuration files tools:"),
|
||||||
|
SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
297
SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch
Normal file
297
SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch
Normal file
@ -0,0 +1,297 @@
|
|||||||
|
From e6d450d4f67c3c639a6ab7e891adccc361d80ecd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Justin Stephenson <jstephen@redhat.com>
|
||||||
|
Date: Fri, 19 Aug 2022 09:50:22 -0400
|
||||||
|
Subject: [PATCH 8/9] RESPONDER: Fix client ID tracking
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Client ID is not stored properly to match requests
|
||||||
|
when parallel requests are made to client SSSD
|
||||||
|
|
||||||
|
Resolves: https://github.com/SSSD/sssd/issues/6307
|
||||||
|
|
||||||
|
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||||
|
|
||||||
|
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
---
|
||||||
|
src/responder/common/cache_req/cache_req.c | 5 +++--
|
||||||
|
.../plugins/cache_req_autofs_entry_by_name.c | 3 ++-
|
||||||
|
.../cache_req/plugins/cache_req_autofs_map_by_name.c | 3 ++-
|
||||||
|
.../cache_req/plugins/cache_req_autofs_map_entries.c | 3 ++-
|
||||||
|
.../plugins/cache_req_ssh_host_id_by_name.c | 3 ++-
|
||||||
|
src/responder/common/responder.h | 2 +-
|
||||||
|
src/responder/common/responder_common.c | 12 +++++++-----
|
||||||
|
src/responder/common/responder_dp.c | 5 +++--
|
||||||
|
src/responder/common/responder_get_domains.c | 3 ++-
|
||||||
|
src/responder/pam/pamsrv_cmd.c | 4 ++--
|
||||||
|
10 files changed, 26 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c
|
||||||
|
index 4dd45b038..bc65bae71 100644
|
||||||
|
--- a/src/responder/common/cache_req/cache_req.c
|
||||||
|
+++ b/src/responder/common/cache_req/cache_req.c
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include <errno.h>
|
||||||
|
|
||||||
|
#include "util/util.h"
|
||||||
|
+#include "util/sss_chain_id.h"
|
||||||
|
#include "responder/common/responder.h"
|
||||||
|
#include "responder/common/cache_req/cache_req_private.h"
|
||||||
|
#include "responder/common/cache_req/cache_req_plugin.h"
|
||||||
|
@@ -1124,8 +1125,8 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx,
|
||||||
|
}
|
||||||
|
state->first_iteration = true;
|
||||||
|
|
||||||
|
- SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%u] '%s'\n",
|
||||||
|
- rctx->client_id_num, cr->reqname);
|
||||||
|
+ SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%lu] '%s'\n",
|
||||||
|
+ sss_chain_id_get(), cr->reqname);
|
||||||
|
|
||||||
|
ret = cache_req_is_well_known_object(state, cr, &result);
|
||||||
|
if (ret == EOK) {
|
||||||
|
diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
|
||||||
|
index 788b6708c..b2b0a06eb 100644
|
||||||
|
--- a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
|
||||||
|
+++ b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include "db/sysdb.h"
|
||||||
|
#include "db/sysdb_autofs.h"
|
||||||
|
#include "util/util.h"
|
||||||
|
+#include "util/sss_chain_id.h"
|
||||||
|
#include "providers/data_provider.h"
|
||||||
|
#include "responder/common/cache_req/cache_req_plugin.h"
|
||||||
|
|
||||||
|
@@ -86,7 +87,7 @@ cache_req_autofs_entry_by_name_dp_send(TALLOC_CTX *mem_ctx,
|
||||||
|
be_conn->bus_name, SSS_BUS_PATH,
|
||||||
|
0, data->name.name,
|
||||||
|
data->autofs_entry_name,
|
||||||
|
- cr->rctx->client_id_num);
|
||||||
|
+ sss_chain_id_get());
|
||||||
|
}
|
||||||
|
|
||||||
|
bool
|
||||||
|
diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
|
||||||
|
index 5d82641cc..23b11b1cd 100644
|
||||||
|
--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
|
||||||
|
+++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include "db/sysdb.h"
|
||||||
|
#include "db/sysdb_autofs.h"
|
||||||
|
#include "util/util.h"
|
||||||
|
+#include "util/sss_chain_id.h"
|
||||||
|
#include "providers/data_provider.h"
|
||||||
|
#include "responder/common/cache_req/cache_req_plugin.h"
|
||||||
|
|
||||||
|
@@ -82,7 +83,7 @@ cache_req_autofs_map_by_name_dp_send(TALLOC_CTX *mem_ctx,
|
||||||
|
return sbus_call_dp_autofs_GetMap_send(mem_ctx, be_conn->conn,
|
||||||
|
be_conn->bus_name, SSS_BUS_PATH,
|
||||||
|
0, data->name.name,
|
||||||
|
- cr->rctx->client_id_num);
|
||||||
|
+ sss_chain_id_get());
|
||||||
|
}
|
||||||
|
|
||||||
|
bool
|
||||||
|
diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
|
||||||
|
index 29f289723..18c08ca39 100644
|
||||||
|
--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
|
||||||
|
+++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include "db/sysdb.h"
|
||||||
|
#include "db/sysdb_autofs.h"
|
||||||
|
#include "util/util.h"
|
||||||
|
+#include "util/sss_chain_id.h"
|
||||||
|
#include "providers/data_provider.h"
|
||||||
|
#include "responder/common/cache_req/cache_req_plugin.h"
|
||||||
|
|
||||||
|
@@ -114,7 +115,7 @@ cache_req_autofs_map_entries_dp_send(TALLOC_CTX *mem_ctx,
|
||||||
|
return sbus_call_dp_autofs_Enumerate_send(mem_ctx, be_conn->conn,
|
||||||
|
be_conn->bus_name, SSS_BUS_PATH,
|
||||||
|
0, data->name.name,
|
||||||
|
- cr->rctx->client_id_num);
|
||||||
|
+ sss_chain_id_get());
|
||||||
|
}
|
||||||
|
|
||||||
|
bool
|
||||||
|
diff --git a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c
|
||||||
|
index a8b8f47a8..29f52f10d 100644
|
||||||
|
--- a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c
|
||||||
|
+++ b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
|
||||||
|
#include "db/sysdb_ssh.h"
|
||||||
|
#include "util/util.h"
|
||||||
|
+#include "util/sss_chain_id.h"
|
||||||
|
#include "providers/data_provider.h"
|
||||||
|
#include "responder/common/cache_req/cache_req_plugin.h"
|
||||||
|
|
||||||
|
@@ -86,7 +87,7 @@ cache_req_host_by_name_dp_send(TALLOC_CTX *mem_ctx,
|
||||||
|
return sbus_call_dp_dp_hostHandler_send(mem_ctx, be_conn->conn,
|
||||||
|
be_conn->bus_name, SSS_BUS_PATH,
|
||||||
|
0, data->name.name, data->alias,
|
||||||
|
- cr->rctx->client_id_num);
|
||||||
|
+ sss_chain_id_get());
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool
|
||||||
|
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
|
||||||
|
index 5cb79e3e6..259b3ff13 100644
|
||||||
|
--- a/src/responder/common/responder.h
|
||||||
|
+++ b/src/responder/common/responder.h
|
||||||
|
@@ -165,13 +165,13 @@ struct cli_ctx {
|
||||||
|
|
||||||
|
struct cli_creds *creds;
|
||||||
|
char *cmd_line;
|
||||||
|
- uint64_t old_chain_id;
|
||||||
|
|
||||||
|
void *protocol_ctx;
|
||||||
|
void *state_ctx;
|
||||||
|
|
||||||
|
struct tevent_timer *idle;
|
||||||
|
time_t last_request_time;
|
||||||
|
+ uint32_t client_id_num;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct sss_cmd_table {
|
||||||
|
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
|
||||||
|
index 6e3b61ef0..a4ba8ea71 100644
|
||||||
|
--- a/src/responder/common/responder_common.c
|
||||||
|
+++ b/src/responder/common/responder_common.c
|
||||||
|
@@ -87,8 +87,6 @@ static void client_close_fn(struct tevent_context *ev,
|
||||||
|
"Failed to close fd [%d]: [%s]\n",
|
||||||
|
ctx->cfd, strerror(ret));
|
||||||
|
}
|
||||||
|
- /* Restore the original chain id */
|
||||||
|
- sss_chain_id_set(ctx->old_chain_id);
|
||||||
|
|
||||||
|
DEBUG(SSSDBG_TRACE_INTERNAL,
|
||||||
|
"Terminated client [%p][%d]\n",
|
||||||
|
@@ -526,7 +524,6 @@ static void accept_fd_handler(struct tevent_context *ev,
|
||||||
|
int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd;
|
||||||
|
|
||||||
|
rctx->client_id_num++;
|
||||||
|
-
|
||||||
|
if (accept_ctx->is_private) {
|
||||||
|
ret = stat(rctx->priv_sock_name, &stat_buf);
|
||||||
|
if (ret == -1) {
|
||||||
|
@@ -557,6 +554,8 @@ static void accept_fd_handler(struct tevent_context *ev,
|
||||||
|
|
||||||
|
talloc_set_destructor(cctx, cli_ctx_destructor);
|
||||||
|
|
||||||
|
+ cctx->client_id_num = rctx->client_id_num;
|
||||||
|
+
|
||||||
|
len = sizeof(cctx->addr);
|
||||||
|
cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len);
|
||||||
|
if (cctx->cfd == -1) {
|
||||||
|
@@ -645,7 +644,7 @@ static void accept_fd_handler(struct tevent_context *ev,
|
||||||
|
|
||||||
|
DEBUG(SSSDBG_TRACE_FUNC,
|
||||||
|
"[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n",
|
||||||
|
- rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),
|
||||||
|
+ cctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),
|
||||||
|
cctx, cctx->cfd, accept_ctx->is_private ? " to privileged pipe" : "");
|
||||||
|
|
||||||
|
return;
|
||||||
|
@@ -1090,6 +1089,7 @@ void sss_client_fd_handler(void *ptr,
|
||||||
|
uint16_t flags)
|
||||||
|
{
|
||||||
|
errno_t ret;
|
||||||
|
+ uint64_t old_chain_id;
|
||||||
|
struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx);
|
||||||
|
|
||||||
|
/* Always reset the responder idle timer on any activity */
|
||||||
|
@@ -1105,7 +1105,7 @@ void sss_client_fd_handler(void *ptr,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set the chain id */
|
||||||
|
- cctx->old_chain_id = sss_chain_id_set(cctx->rctx->client_id_num);
|
||||||
|
+ old_chain_id = sss_chain_id_set(cctx->client_id_num);
|
||||||
|
|
||||||
|
if (flags & TEVENT_FD_READ) {
|
||||||
|
recv_fn(cctx);
|
||||||
|
@@ -1116,6 +1116,8 @@ void sss_client_fd_handler(void *ptr,
|
||||||
|
send_fn(cctx);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
+ /* Restore the original chain id */
|
||||||
|
+ sss_chain_id_set(old_chain_id);
|
||||||
|
}
|
||||||
|
|
||||||
|
int sss_connection_setup(struct cli_ctx *cctx)
|
||||||
|
diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c
|
||||||
|
index d549e02d3..4b4770da1 100644
|
||||||
|
--- a/src/responder/common/responder_dp.c
|
||||||
|
+++ b/src/responder/common/responder_dp.c
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
#include <sys/time.h>
|
||||||
|
#include <time.h>
|
||||||
|
#include "util/util.h"
|
||||||
|
+#include "util/sss_chain_id.h"
|
||||||
|
#include "responder/common/responder_packet.h"
|
||||||
|
#include "responder/common/responder.h"
|
||||||
|
#include "providers/data_provider.h"
|
||||||
|
@@ -276,7 +277,7 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx,
|
||||||
|
subreq = sbus_call_dp_dp_getAccountInfo_send(state, be_conn->conn,
|
||||||
|
be_conn->bus_name, SSS_BUS_PATH, dp_flags,
|
||||||
|
entry_type, filter, dom->name, extra,
|
||||||
|
- rctx->client_id_num);
|
||||||
|
+ sss_chain_id_get());
|
||||||
|
if (subreq == NULL) {
|
||||||
|
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");
|
||||||
|
ret = ENOMEM;
|
||||||
|
@@ -406,7 +407,7 @@ sss_dp_resolver_get_send(TALLOC_CTX *mem_ctx,
|
||||||
|
SSS_BUS_PATH,
|
||||||
|
dp_flags, entry_type,
|
||||||
|
filter_type, filter_value,
|
||||||
|
- rctx->client_id_num);
|
||||||
|
+ sss_chain_id_get());
|
||||||
|
if (subreq == NULL) {
|
||||||
|
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");
|
||||||
|
ret = ENOMEM;
|
||||||
|
diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c
|
||||||
|
index 918124756..aeff28d73 100644
|
||||||
|
--- a/src/responder/common/responder_get_domains.c
|
||||||
|
+++ b/src/responder/common/responder_get_domains.c
|
||||||
|
@@ -19,6 +19,7 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "util/util.h"
|
||||||
|
+#include "util/sss_chain_id.h"
|
||||||
|
#include "responder/common/responder.h"
|
||||||
|
#include "providers/data_provider.h"
|
||||||
|
#include "db/sysdb.h"
|
||||||
|
@@ -751,7 +752,7 @@ sss_dp_get_account_domain_send(TALLOC_CTX *mem_ctx,
|
||||||
|
be_conn->bus_name,
|
||||||
|
SSS_BUS_PATH, dp_flags,
|
||||||
|
entry_type, filter,
|
||||||
|
- rctx->client_id_num);
|
||||||
|
+ sss_chain_id_get());
|
||||||
|
if (subreq == NULL) {
|
||||||
|
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");
|
||||||
|
ret = ENOMEM;
|
||||||
|
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
|
||||||
|
index cb0e1b82f..1695554fc 100644
|
||||||
|
--- a/src/responder/pam/pamsrv_cmd.c
|
||||||
|
+++ b/src/responder/pam/pamsrv_cmd.c
|
||||||
|
@@ -1492,7 +1492,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
|
||||||
|
}
|
||||||
|
preq->cctx = cctx;
|
||||||
|
preq->cert_auth_local = false;
|
||||||
|
- preq->client_id_num = pctx->rctx->client_id_num;
|
||||||
|
+ preq->client_id_num = cctx->client_id_num;
|
||||||
|
|
||||||
|
preq->pd = create_pam_data(preq);
|
||||||
|
if (!preq->pd) {
|
||||||
|
@@ -1513,7 +1513,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
|
||||||
|
|
||||||
|
pd->cmd = pam_cmd;
|
||||||
|
pd->priv = cctx->priv;
|
||||||
|
- pd->client_id_num = pctx->rctx->client_id_num;
|
||||||
|
+ pd->client_id_num = cctx->client_id_num;
|
||||||
|
|
||||||
|
ret = pam_forwarder_parse_data(cctx, pd);
|
||||||
|
if (ret == EAGAIN) {
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
185
SOURCES/0009-Analyzer-support-parallel-requests-parsing.patch
Normal file
185
SOURCES/0009-Analyzer-support-parallel-requests-parsing.patch
Normal file
@ -0,0 +1,185 @@
|
|||||||
|
From d22ea2df62b6e245eef75d7201b678601bf63e98 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Justin Stephenson <jstephen@redhat.com>
|
||||||
|
Date: Fri, 19 Aug 2022 14:44:11 -0400
|
||||||
|
Subject: [PATCH 9/9] Analyzer: support parallel requests parsing
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Analyzer code(primarily the list verbose command) needs
|
||||||
|
changes to handle parsing the necessary lines from
|
||||||
|
NSS/PAM log files when multiple intermixed/parallel
|
||||||
|
client requests are sent to SSSD.
|
||||||
|
|
||||||
|
Resolves: https://github.com/SSSD/sssd/issues/6307
|
||||||
|
|
||||||
|
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||||
|
|
||||||
|
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
---
|
||||||
|
src/tools/analyzer/modules/request.py | 119 +++++++++++++++-----------
|
||||||
|
1 file changed, 67 insertions(+), 52 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
|
||||||
|
index 935e13adc..b9fe3caf8 100644
|
||||||
|
--- a/src/tools/analyzer/modules/request.py
|
||||||
|
+++ b/src/tools/analyzer/modules/request.py
|
||||||
|
@@ -16,7 +16,6 @@ class RequestAnalyzer:
|
||||||
|
"""
|
||||||
|
module_parser = None
|
||||||
|
consumed_logs = []
|
||||||
|
- done = ""
|
||||||
|
list_opts = [
|
||||||
|
Option('--verbose', 'Verbose output', bool, '-v'),
|
||||||
|
Option('--pam', 'Filter only PAM requests', bool),
|
||||||
|
@@ -149,58 +148,74 @@ class RequestAnalyzer:
|
||||||
|
print(line)
|
||||||
|
return found_results
|
||||||
|
|
||||||
|
- def print_formatted(self, line, verbose):
|
||||||
|
+ def print_formatted_verbose(self, source, patterns):
|
||||||
|
+ """
|
||||||
|
+ Parse line and print formatted verbose list_requests output
|
||||||
|
+
|
||||||
|
+ Args:
|
||||||
|
+ source (Reader): source Reader object
|
||||||
|
+ patterns (list): List of regex patterns to use for
|
||||||
|
+ matching lines
|
||||||
|
+ """
|
||||||
|
+ # Get CID number, and print the basic line first
|
||||||
|
+ for line in self.matched_line(source, patterns):
|
||||||
|
+ cid = self.print_formatted(line)
|
||||||
|
+
|
||||||
|
+ # Loop through each line with this CID number to extract and
|
||||||
|
+ # print the verbose data needed
|
||||||
|
+ verbose_patterns = ["(cache_req_send|cache_req_process_input|"
|
||||||
|
+ "cache_req_search_send)"]
|
||||||
|
+ for cidline in self.matched_line(source, verbose_patterns):
|
||||||
|
+ plugin = ""
|
||||||
|
+ name = ""
|
||||||
|
+ id = ""
|
||||||
|
+
|
||||||
|
+ # skip any lines not pertaining to this CID
|
||||||
|
+ if f"CID#{cid}]" not in cidline:
|
||||||
|
+ continue
|
||||||
|
+ if "refreshed" in cidline:
|
||||||
|
+ continue
|
||||||
|
+ # CR Plugin name
|
||||||
|
+ if re.search("cache_req_send", cidline):
|
||||||
|
+ plugin = cidline.split('\'')[1]
|
||||||
|
+ # CR Input name
|
||||||
|
+ elif re.search("cache_req_process_input", cidline):
|
||||||
|
+ name = cidline.rsplit('[')[-1]
|
||||||
|
+ # CR Input id
|
||||||
|
+ elif re.search("cache_req_search_send", cidline):
|
||||||
|
+ id = cidline.rsplit()[-1]
|
||||||
|
+
|
||||||
|
+ if plugin:
|
||||||
|
+ print(" - " + plugin)
|
||||||
|
+ if name:
|
||||||
|
+ print(" - " + name[:-2])
|
||||||
|
+ if (id and ("UID" in cidline or "GID" in cidline)):
|
||||||
|
+ print(" - " + id)
|
||||||
|
+
|
||||||
|
+ def print_formatted(self, line):
|
||||||
|
"""
|
||||||
|
Parse line and print formatted list_requests output
|
||||||
|
|
||||||
|
Args:
|
||||||
|
line (str): line to parse
|
||||||
|
- verbose (bool): If true, enable verbose output
|
||||||
|
+ Returns:
|
||||||
|
+ Client ID from printed line, 0 otherwise
|
||||||
|
"""
|
||||||
|
- plugin = ""
|
||||||
|
- name = ""
|
||||||
|
- id = ""
|
||||||
|
-
|
||||||
|
# exclude backtrace logs
|
||||||
|
if line.startswith(' * '):
|
||||||
|
- return
|
||||||
|
- fields = line.split("[")
|
||||||
|
- cr_field = fields[3][7:]
|
||||||
|
- cr = cr_field.split(":")[0][4:]
|
||||||
|
+ return 0
|
||||||
|
if "refreshed" in line:
|
||||||
|
- return
|
||||||
|
- # CR Plugin name
|
||||||
|
- if re.search("cache_req_send", line):
|
||||||
|
- plugin = line.split('\'')[1]
|
||||||
|
- # CR Input name
|
||||||
|
- elif re.search("cache_req_process_input", line):
|
||||||
|
- name = line.rsplit('[')[-1]
|
||||||
|
- # CR Input id
|
||||||
|
- elif re.search("cache_req_search_send", line):
|
||||||
|
- id = line.rsplit()[-1]
|
||||||
|
- # CID and client process name
|
||||||
|
- else:
|
||||||
|
- ts = line.split(")")[0]
|
||||||
|
- ts = ts[1:]
|
||||||
|
- fields = line.split("[")
|
||||||
|
- cid = fields[3][4:-9]
|
||||||
|
- cmd = fields[4][4:-1]
|
||||||
|
- uid = fields[5][4:-1]
|
||||||
|
- if not uid.isnumeric():
|
||||||
|
- uid = fields[6][4:-1]
|
||||||
|
- print(f'{ts}: [uid {uid}] CID #{cid}: {cmd}')
|
||||||
|
-
|
||||||
|
- if verbose:
|
||||||
|
- if plugin:
|
||||||
|
- print(" - " + plugin)
|
||||||
|
- if name:
|
||||||
|
- if cr not in self.done:
|
||||||
|
- print(" - " + name[:-2])
|
||||||
|
- self.done = cr
|
||||||
|
- if id:
|
||||||
|
- if cr not in self.done:
|
||||||
|
- print(" - " + id)
|
||||||
|
- self.done = cr
|
||||||
|
+ return 0
|
||||||
|
+ ts = line.split(")")[0]
|
||||||
|
+ ts = ts[1:]
|
||||||
|
+ fields = line.split("[")
|
||||||
|
+ cid = fields[3][4:-9]
|
||||||
|
+ cmd = fields[4][4:-1]
|
||||||
|
+ uid = fields[5][4:-1]
|
||||||
|
+ if not uid.isnumeric():
|
||||||
|
+ uid = fields[6][4:-1]
|
||||||
|
+ print(f'{ts}: [uid {uid}] CID #{cid}: {cmd}')
|
||||||
|
+ return cid
|
||||||
|
|
||||||
|
def list_requests(self, args):
|
||||||
|
"""
|
||||||
|
@@ -215,20 +230,20 @@ class RequestAnalyzer:
|
||||||
|
# Log messages matching the following regex patterns contain
|
||||||
|
# the useful info we need to produce list output
|
||||||
|
patterns = [r'\[cmd']
|
||||||
|
- patterns.append("(cache_req_send|cache_req_process_input|"
|
||||||
|
- "cache_req_search_send)")
|
||||||
|
if args.pam:
|
||||||
|
component = source.Component.PAM
|
||||||
|
resp = "pam"
|
||||||
|
|
||||||
|
logger.info(f"******** Listing {resp} client requests ********")
|
||||||
|
source.set_component(component, False)
|
||||||
|
- self.done = ""
|
||||||
|
- for line in self.matched_line(source, patterns):
|
||||||
|
- if isinstance(source, Journald):
|
||||||
|
- print(line)
|
||||||
|
- else:
|
||||||
|
- self.print_formatted(line, args.verbose)
|
||||||
|
+ if args.verbose:
|
||||||
|
+ self.print_formatted_verbose(source, patterns)
|
||||||
|
+ else:
|
||||||
|
+ for line in self.matched_line(source, patterns):
|
||||||
|
+ if isinstance(source, Journald):
|
||||||
|
+ print(line)
|
||||||
|
+ else:
|
||||||
|
+ self.print_formatted(line)
|
||||||
|
|
||||||
|
def track_request(self, args):
|
||||||
|
"""
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -19,7 +19,7 @@
|
|||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.7.3
|
Version: 2.7.3
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -31,6 +31,11 @@ Patch0001: 0001-Makefile-remove-unneeded-dependency.patch
|
|||||||
Patch0002: 0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch
|
Patch0002: 0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch
|
||||||
Patch0003: 0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch
|
Patch0003: 0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch
|
||||||
Patch0004: 0004-Analyzer-Fix-escaping-raw-fstring.patch
|
Patch0004: 0004-Analyzer-Fix-escaping-raw-fstring.patch
|
||||||
|
Patch0005: 0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch
|
||||||
|
Patch0006: 0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch
|
||||||
|
Patch0007: 0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch
|
||||||
|
Patch0008: 0008-RESPONDER-Fix-client-ID-tracking.patch
|
||||||
|
Patch0009: 0009-Analyzer-support-parallel-requests-parsing.patch
|
||||||
|
|
||||||
### Downstream Patches ###
|
### Downstream Patches ###
|
||||||
|
|
||||||
@ -1181,6 +1186,11 @@ fi
|
|||||||
%systemd_postun_with_restart sssd.service
|
%systemd_postun_with_restart sssd.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 23 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-3
|
||||||
|
- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8
|
||||||
|
- Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured
|
||||||
|
- Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend
|
||||||
|
|
||||||
* Wed Aug 10 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-2
|
* Wed Aug 10 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-2
|
||||||
- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases
|
- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases
|
||||||
- Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs
|
- Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs
|
||||||
|
Loading…
Reference in New Issue
Block a user