rpms/sssd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for

Browse Source 
new LDAP features - fix netgroups and sudo as well
This commit is contained in:
Stephen Gallagher 2012-02-04 20:20:10 -05:00
parent b6ef581001
commit e8905f5363
2 changed files with 47 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
0001-LDAP-Do-not-fail-if-RootDSE-check-cannot-determine-s.patch
View File

@ -1,4 +1,4 @@
From 942714ed5a3ae23e291de2498f947de4bca57456 Mon Sep 17 00:00:00 2001 From cd59e5d02ec97ea309fd51d4d6a6a4421617cd12 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com> From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 1 Feb 2012 14:03:36 -0500 Date: Wed, 1 Feb 2012 14:03:36 -0500
Subject: [PATCH] LDAP: Do not fail if RootDSE check cannot determine search Subject: [PATCH] LDAP: Do not fail if RootDSE check cannot determine search
@ -11,12 +11,14 @@ Conflicts:
src/providers/ldap/sdap_async_services.c src/providers/ldap/sdap_async_services.c
--- ---
src/providers/ipa/ipa_netgroups.c | 7 +++++ src/providers/ipa/ipa_netgroups.c | 7 +++++
src/providers/ldap/ldap_common.c | 5 +--
src/providers/ldap/sdap.c | 7 ++++- src/providers/ldap/sdap.c | 7 ++++-
src/providers/ldap/sdap_async_groups.c | 9 +++++++ src/providers/ldap/sdap_async_groups.c | 9 +++++++
src/providers/ldap/sdap_async_initgroups.c | 35 +++++++++++++++++++++++++++- src/providers/ldap/sdap_async_initgroups.c | 35 +++++++++++++++++++++++++++-
src/providers/ldap/sdap_async_netgroups.c | 10 ++++++++
src/providers/ldap/sdap_async_users.c | 9 +++++++ src/providers/ldap/sdap_async_users.c | 9 +++++++
src/providers/ldap/sdap_sudo.c | 9 +++++++ src/providers/ldap/sdap_sudo.c | 9 +++++++
6 files changed, 74 insertions(+), 2 deletions(-) 8 files changed, 86 insertions(+), 5 deletions(-)
diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c
index 78bcee1b44fec3c8d04fc5ba13b46db26396d1b1..7da1147c7d6fd1dec8872209e442ae99ee810aa1 100644 index 78bcee1b44fec3c8d04fc5ba13b46db26396d1b1..7da1147c7d6fd1dec8872209e442ae99ee810aa1 100644
@ -36,6 +38,22 @@ index 78bcee1b44fec3c8d04fc5ba13b46db26396d1b1..7da1147c7d6fd1dec8872209e442ae99
ret = sss_hash_create(state, 32, &state->new_netgroups); ret = sss_hash_create(state, 32, &state->new_netgroups);
if (ret != EOK) goto done; if (ret != EOK) goto done;
ret = sss_hash_create(state, 32, &state->new_users); ret = sss_hash_create(state, 32, &state->new_users);
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 71921963a768a9975eca6432025704e06f28a2b8..c287b345217befeb872b25521d80d601fc27f0c7 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -538,9 +538,8 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx,
dp_opt_get_string(opts->basic, SDAP_SUDO_SEARCH_BASE)));
}
} else {
- /* FIXME: try to discover it later */
- DEBUG(SSSDBG_OP_FAILURE, ("Error: no SUDO search base set\n"));
- return ENOENT;
+ DEBUG(SSSDBG_TRACE_FUNC, ("Search base not set, trying to discover it later "
+ "connecting to the LDAP server.\n"));
}
ret = sdap_parse_search_base(opts, opts->basic,
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 3ca2e286146e1e88b1fd7abef341fa8c3aa699ad..2b29116949b2f8efae269a994a0f3da64a0ee612 100644 index 3ca2e286146e1e88b1fd7abef341fa8c3aa699ad..2b29116949b2f8efae269a994a0f3da64a0ee612 100644
--- a/src/providers/ldap/sdap.c --- a/src/providers/ldap/sdap.c
@ -161,6 +179,28 @@ index 73ab25ea79cd66ff5fe7131ee7606cf71aa382e5..a769b100557b2d685cb022f09bea0d70
if (ret != EOK) { if (ret != EOK) {
tevent_req_error(req, ret); tevent_req_error(req, ret);
tevent_req_post(req, ev); tevent_req_post(req, ev);
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index 0888c7e2fcf03d0b133bcf93ad017086aedffe16..f3a378f6488cfd46001c22b3a5abf29724f2fd0d 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -579,7 +579,17 @@ struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx,
state->base_iter = 0;
state->search_bases = search_bases;
+ if (!state->search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Netgroup lookup request without a netgroup search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
+
ret = sdap_get_netgroups_next_base(req);
+
+done:
if (ret != EOK) {
tevent_req_error(req, ret);
tevent_req_post(req, state->ev);
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index ac856a64208cb87994f676ab50fdba6d82dbcb50..01168321951fa9d14f4b58d891cb922c6c44d2c2 100644 index ac856a64208cb87994f676ab50fdba6d82dbcb50..01168321951fa9d14f4b58d891cb922c6c44d2c2 100644
--- a/src/providers/ldap/sdap_async_users.c --- a/src/providers/ldap/sdap_async_users.c

6
sssd.spec
View File

@ -19,7 +19,7 @@
Name: sssd Name: sssd
Version: 1.7.0 Version: 1.7.0
Release: 4%{?dist} Release: 5%{?dist}
Group: Applications/System Group: Applications/System
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
@ -380,6 +380,10 @@ fi
%postun -n libipa_hbac -p /sbin/ldconfig %postun -n libipa_hbac -p /sbin/ldconfig
%changelog %changelog
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-5
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
new LDAP features - fix netgroups and sudo as well
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4 * Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4
- Fixes a serious memory hierarchy bug causing unpredictable behavior in the - Fixes a serious memory hierarchy bug causing unpredictable behavior in the
LDAP provider. LDAP provider.