Always initialize ID mapping objects

Apply a couple of patches from upstream git that resolve crashes when
ID mapping object was not initialized properly but needed later
This commit is contained in:
Jakub Hrozek 2013-05-24 10:44:53 +02:00
parent 2f295ac01f
commit af82f760d4
4 changed files with 101 additions and 1 deletions

View File

@ -0,0 +1,28 @@
From 574061e65d3fb687b9cb2c757afa1fe92812245e Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Wed, 15 May 2013 10:09:08 +0200
Subject: [PATCH] Fix segfault in AD Subdomains Module
In function ad_subdomains_get_netlogon_done:
If variable "reply_count" is zero then variable "reply" will not be
initialized. Therefore we should not continue.
---
src/providers/ad/ad_subdomains.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 1da343f8711b2b99a7afff6a4a398a1aa515a875..2ad318f63a89b2e8894ca07d007cde11867ed290 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -307,6 +307,8 @@ static void ad_subdomains_get_netlogon_done(struct tevent_req *req)
if (reply_count == 0) {
DEBUG(SSSDBG_TRACE_FUNC, ("No netlogon data available.\n"));
+ ret = ENOENT;
+ goto done;
} else if (reply_count > 1) {
DEBUG(SSSDBG_OP_FAILURE,
("More than one netlogon info returned.\n"));
--
1.8.2.1

View File

@ -0,0 +1,36 @@
From 392dce02615e446b3c73dfb8b4e0a19ebb86f914 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 13 May 2013 10:15:09 +0200
Subject: [PATCH] LDAP: Always initialize idmap object
https://fedorahosted.org/sssd/ticket/1922
Since we always store the SID now, we need to always initialize the ID
mapping object in LDAP provider as well. Some users might want to
configure the LDAP provider with ID mapping, not the AD provider itself.
---
src/providers/ldap/ldap_init.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 2e30c37edb707799baada3d695776ae602c6a7eb..0884a85c7d9db2c7c777caf0baebf59217076982 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -155,11 +155,9 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
goto done;
}
- if (dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING)) {
- /* Set up the ID mapping object */
- ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx);
- if (ret != EOK) goto done;
- }
+ /* Set up the ID mapping object */
+ ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx);
+ if (ret != EOK) goto done;
ret = sdap_id_setup_tasks(ctx);
if (ret != EOK) {
--
1.8.2.1

View File

@ -0,0 +1,29 @@
From 5aad10b49e193ee14a86e1277146a223005a2d6b Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 13 May 2013 10:23:56 +0200
Subject: [PATCH] Re-add a useful DEBUG message
In commit 46222e5191473f9a46aec581273eb2eef22e23be we removed a very
similar DEBUG message while moving the whole piece of code to the idmap
library. But it turned out that the DEBUG message was useful while
testing the functionality, so this patch adds it back.
---
src/providers/ldap/sdap_idmap.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index 050b2c5a768f58acd376e68a15a579e1e56894ac..43db0c83354ed2f8f112a8853ab66ab51e1d9fd2 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -242,6 +242,8 @@ sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx,
ret = EIO;
goto done;
}
+ DEBUG(SSSDBG_TRACE_LIBS,
+ ("Adding domain [%s] as slice [%llu]\n", dom_sid, slice));
if (range.max > idmap_upper) {
/* This should never happen */
--
1.8.2.1

View File

@ -16,7 +16,7 @@
Name: sssd
Version: 1.10.0
Release: 6%{?dist}.beta1
Release: 7%{?dist}.beta1
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@ -33,6 +33,9 @@ Patch0005: 0005-SSH-Use-separate-field-for-domain-name-in-client-req.patch
Patch0006: 0006-SSH-Do-not-skip-domains-with-use_fully_qualified_nam.patch
Patch0007: 0007-Always-update-cached-upn-if-enterprise-principals-ar.patch
Patch0008: 0008-Enable-the-AD-dynamic-DNS-updates-by-default.patch
Patch0009: 0009-Fix-segfault-in-AD-Subdomains-Module.patch
Patch0010: 0010-LDAP-Always-initialize-idmap-object.patch
Patch0011: 0011-Re-add-a-useful-DEBUG-message.patch
Patch0501: 0501-FEDORA-Switch-the-default-ccache-location.patch
@ -605,6 +608,10 @@ fi
%postun -n libsss_sudo -p /sbin/ldconfig
%changelog
* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1
- Apply a couple of patches from upstream git that resolve crashes when
ID mapping object was not initialized properly but needed later
* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
realm join