sssd-2.9.2-1: Rebase to latest upstream release
This commit is contained in:
Pavel Březina
parent
730f7222dc
commit
b3524fa5a8
1
.gitignore
vendored
1
.gitignore
vendored
@ -107,3 +107,4 @@ sssd-1.2.91.tar.gz
|
|||||||
/sssd-2.8.2.tar.gz
|
/sssd-2.8.2.tar.gz
|
||||||
/sssd-2.9.0.tar.gz
|
/sssd-2.9.0.tar.gz
|
||||||
/sssd-2.9.1.tar.gz
|
/sssd-2.9.1.tar.gz
|
||||||
|
/sssd-2.9.2.tar.gz
|
||||||
|
|||||||
@ -1,31 +0,0 @@
|
|||||||
From 74d0f4538deb766592079b1abca0d949d6dea105 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
||||||
Date: Thu, 15 Jun 2023 12:05:03 +0200
|
|
||||||
Subject: [PATCH 1/1] BUILD: Accept krb5 1.21 for building the PAC plugin
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Reviewed-by: Alejandro López <allopez@redhat.com>
|
|
||||||
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
||||||
---
|
|
||||||
src/external/pac_responder.m4 | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4
|
|
||||||
index 3cbe3c9cfba03b59e26a8c5c2d73446eead2acea..90727185b574411bddd928f8d87efdc87076eba4 100644
|
|
||||||
--- a/src/external/pac_responder.m4
|
|
||||||
+++ b/src/external/pac_responder.m4
|
|
||||||
@@ -22,7 +22,8 @@ then
|
|
||||||
Kerberos\ 5\ release\ 1.17* | \
|
|
||||||
Kerberos\ 5\ release\ 1.18* | \
|
|
||||||
Kerberos\ 5\ release\ 1.19* | \
|
|
||||||
- Kerberos\ 5\ release\ 1.20*)
|
|
||||||
+ Kerberos\ 5\ release\ 1.20* | \
|
|
||||||
+ Kerberos\ 5\ release\ 1.21*)
|
|
||||||
krb5_version_ok=yes
|
|
||||||
AC_MSG_RESULT([yes])
|
|
||||||
;;
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
||||||
@ -1,39 +0,0 @@
|
|||||||
From 15d7d34b20219e2fd45c43881088f5d542e9603e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sumit Bose <sbose@redhat.com>
|
|
||||||
Date: Tue, 4 Jul 2023 18:56:35 +0200
|
|
||||||
Subject: [PATCH 2/3] sssct: allow cert-show and cert-eval-rule as non-root
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The cert-show and cert-eval-rule sub-commands do not need root access and
|
|
||||||
do not require SSSD to be configured on the host.
|
|
||||||
|
|
||||||
Resolves: https://github.com/SSSD/sssd/issues/6802
|
|
||||||
|
|
||||||
Reviewed-by: Alejandro López <allopez@redhat.com>
|
|
||||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
||||||
(cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4)
|
|
||||||
---
|
|
||||||
src/tools/sssctl/sssctl.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
|
|
||||||
index 855260aed..04c41aa9a 100644
|
|
||||||
--- a/src/tools/sssctl/sssctl.c
|
|
||||||
+++ b/src/tools/sssctl/sssctl.c
|
|
||||||
@@ -340,9 +340,9 @@ int main(int argc, const char **argv)
|
|
||||||
SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),
|
|
||||||
#endif
|
|
||||||
SSS_TOOL_DELIMITER("Certificate related tools:"),
|
|
||||||
- SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show),
|
|
||||||
+ SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
|
|
||||||
SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map),
|
|
||||||
- SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule),
|
|
||||||
+ SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
|
|
||||||
#ifdef BUILD_PASSKEY
|
|
||||||
SSS_TOOL_DELIMITER("Passkey related tools:"),
|
|
||||||
SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
||||||
@ -1,87 +0,0 @@
|
|||||||
From 11afa7a6ef7e15f1e98c7145ad5c80bbdfc520e2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sumit Bose <sbose@redhat.com>
|
|
||||||
Date: Tue, 4 Jul 2023 19:06:27 +0200
|
|
||||||
Subject: [PATCH 3/3] certmap: fix partial string comparison
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
If the formatting option of the certificate digest/hash function
|
|
||||||
contained and additional specifier separated with a '_' the comparison
|
|
||||||
of the provided digest name and the available ones was incomplete, the
|
|
||||||
last character was ignored and the comparison was successful if even if
|
|
||||||
there was only a partial match.
|
|
||||||
|
|
||||||
Resolves: https://github.com/SSSD/sssd/issues/6802
|
|
||||||
|
|
||||||
Reviewed-by: Alejandro López <allopez@redhat.com>
|
|
||||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
||||||
(cherry picked from commit 0817ca3b366f51510705ab77d7900c0b65b7d2fc)
|
|
||||||
---
|
|
||||||
src/lib/certmap/sss_certmap_ldap_mapping.c | 9 ++++++++-
|
|
||||||
src/tests/cmocka/test_certmap.c | 22 ++++++++++++++++++++++
|
|
||||||
2 files changed, 30 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/lib/certmap/sss_certmap_ldap_mapping.c b/src/lib/certmap/sss_certmap_ldap_mapping.c
|
|
||||||
index 2f16837a1..354b0310b 100644
|
|
||||||
--- a/src/lib/certmap/sss_certmap_ldap_mapping.c
|
|
||||||
+++ b/src/lib/certmap/sss_certmap_ldap_mapping.c
|
|
||||||
@@ -228,14 +228,21 @@ int check_digest_conversion(const char *inp, const char **digest_list,
|
|
||||||
bool colon = false;
|
|
||||||
bool reverse = false;
|
|
||||||
char *c;
|
|
||||||
+ size_t len = 0;
|
|
||||||
|
|
||||||
sep = strchr(inp, '_');
|
|
||||||
+ if (sep != NULL) {
|
|
||||||
+ len = sep - inp;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
for (d = 0; digest_list[d] != NULL; d++) {
|
|
||||||
if (sep == NULL) {
|
|
||||||
cmp = strcasecmp(digest_list[d], inp);
|
|
||||||
} else {
|
|
||||||
- cmp = strncasecmp(digest_list[d], inp, (sep - inp -1));
|
|
||||||
+ if (strlen(digest_list[d]) != len) {
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ cmp = strncasecmp(digest_list[d], inp, len);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cmp == 0) {
|
|
||||||
diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c
|
|
||||||
index da312beaf..a15984d60 100644
|
|
||||||
--- a/src/tests/cmocka/test_certmap.c
|
|
||||||
+++ b/src/tests/cmocka/test_certmap.c
|
|
||||||
@@ -2183,6 +2183,28 @@ static void test_sss_certmap_ldapu1_cert(void **state)
|
|
||||||
assert_non_null(ctx);
|
|
||||||
assert_null(ctx->prio_list);
|
|
||||||
|
|
||||||
+ /* cert!sha */
|
|
||||||
+ ret = sss_certmap_add_rule(ctx, 91,
|
|
||||||
+ "KRB5:<ISSUER>.*",
|
|
||||||
+ "LDAP:rule91={cert!sha}", NULL);
|
|
||||||
+ assert_int_equal(ret, EINVAL);
|
|
||||||
+
|
|
||||||
+ ret = sss_certmap_add_rule(ctx, 91,
|
|
||||||
+ "KRB5:<ISSUER>.*",
|
|
||||||
+ "LDAPU1:rule91={cert!sha}", NULL);
|
|
||||||
+ assert_int_equal(ret, EINVAL);
|
|
||||||
+
|
|
||||||
+ /* cert!sha_u */
|
|
||||||
+ ret = sss_certmap_add_rule(ctx, 90,
|
|
||||||
+ "KRB5:<ISSUER>.*",
|
|
||||||
+ "LDAP:rule90={cert!sha_u}", NULL);
|
|
||||||
+ assert_int_equal(ret, EINVAL);
|
|
||||||
+
|
|
||||||
+ ret = sss_certmap_add_rule(ctx, 99,
|
|
||||||
+ "KRB5:<ISSUER>.*",
|
|
||||||
+ "LDAPU1:rule90={cert!sha_u}", NULL);
|
|
||||||
+ assert_int_equal(ret, EINVAL);
|
|
||||||
+
|
|
||||||
/* cert!sha555 */
|
|
||||||
ret = sss_certmap_add_rule(ctx, 89,
|
|
||||||
"KRB5:<ISSUER>.*",
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
||||||
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (sssd-2.9.1.tar.gz) = eb7345dcfbbd51f005f67ee5032364d369d24589111ded60701e2dbe09563f0b862d343f231dd2e9d548acd8c560a036c8b88a0601f9aa048a7202da8202cd9b
|
SHA512 (sssd-2.9.2.tar.gz) = d3d05e2743cf3a31cd1952aeddf7500cf57e5b973bb4010a0a44472441ee0159db0021e0e37df4ce1a11e42c5eb8531f14a1a64a547f83f6958b39b9b9013084
|
||||||
|
|||||||
12
sssd.spec
12
sssd.spec
@ -42,17 +42,14 @@
|
|||||||
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
|
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.9.1
|
Version: 2.9.2
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
URL: https://github.com/SSSD/sssd/
|
URL: https://github.com/SSSD/sssd/
|
||||||
Source0: https://github.com/SSSD/sssd/releases/download/2.9.1/sssd-2.9.1.tar.gz
|
Source0: https://github.com/SSSD/sssd/releases/download/2.9.2/sssd-2.9.2.tar.gz
|
||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
Patch0001: 0001-BUILD-Accept-krb5-1.21-for-building-the-PAC-plugin.patch
|
|
||||||
Patch0002: 0002-sssct-allow-cert-show-and-cert-eval-rule-as-non-root.patch
|
|
||||||
Patch0003: 0003-certmap-fix-partial-string-comparison.patch
|
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
@ -1061,6 +1058,9 @@ fi
|
|||||||
%systemd_postun_with_restart sssd.service
|
%systemd_postun_with_restart sssd.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 07 2023 Pavel Březina <pbrezina@redhat.com> - 2.9.2-1
|
||||||
|
- Rebase to SSSD 2.9.2
|
||||||
|
|
||||||
* Tue Aug 15 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.1-4
|
* Tue Aug 15 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.1-4
|
||||||
- Resolves sss_certmap_test fail
|
- Resolves sss_certmap_test fail
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user