From efb42d79818931e131e54d3f4fe0ab08d8860839 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Fri, 23 Jun 2023 17:08:46 +0200 Subject: [PATCH] Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3 Resolves: rhbz#2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' Resolves: rhbz#2162552 - sssd client caches old data after removing netgroup member on IDM Resolves: rhbz#2189542 - [sssd] RHEL 9.3 Tier 0 Localization Resolves: rhbz#2133854 - [RHEL9] In some cases when `sdap_add_incomplete_groups()` is called with `ignore_group_members = true`, groups should be treated as complete Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys --- .gitignore | 1 + ...ack-not-executed-on-link-or-relative.patch | 248 ------------------ ...MAN-fix-issue-with-multithread-build.patch | 71 ----- ...D_AT_DOMAIN_NAME-for-sub-domain-sear.patch | 28 -- sources | 2 +- sssd.spec | 16 +- 6 files changed, 13 insertions(+), 353 deletions(-) delete mode 100644 0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch delete mode 100644 0002-MAN-fix-issue-with-multithread-build.patch delete mode 100644 0003-AD-add-missing-AD_AT_DOMAIN_NAME-for-sub-domain-sear.patch diff --git a/.gitignore b/.gitignore index 27c8dc3..90ea8a1 100644 --- a/.gitignore +++ b/.gitignore @@ -101,3 +101,4 @@ sssd-1.2.91.tar.gz /sssd-2.8.1.tar.gz /sssd-2.8.2.tar.gz /sssd-2.9.0.tar.gz +/sssd-2.9.1.tar.gz diff --git a/0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch b/0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch deleted file mode 100644 index 21a27c7..0000000 --- a/0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch +++ /dev/null @@ -1,248 +0,0 @@ -From eb43c2400a34a4ab77be4f75ba7536baecda3bef Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= -Date: Wed, 10 May 2023 17:29:07 +0200 -Subject: [PATCH] FILE WATCH: Callback not executed on link or relative path -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When the watched file was a symbolic link or was a relative path, -the calback was not executed because the filename comparison -was wrongly considering the files to be different. - -The solution is to normalize the filenames before comparing them. -This cannot be easily done at setup because the file could not -exist at that moment. - -The test was adapted to check this situation. - -Resolves: https://github.com/SSSD/sssd/issues/6718 - -Reviewed-by: Alexey Tikhonov -Reviewed-by: Pavel Březina -(cherry picked from commit b2a4ff2aa67707c226c5835c1fcac042fce1cae3) ---- - src/tests/file_watch-tests.c | 83 ++++++++++++++++++++++++++---------- - src/util/file_watch.c | 26 +++++++++-- - 2 files changed, 83 insertions(+), 26 deletions(-) - -diff --git a/src/tests/file_watch-tests.c b/src/tests/file_watch-tests.c -index 3ca5b44f9..3e1aea6ce 100644 ---- a/src/tests/file_watch-tests.c -+++ b/src/tests/file_watch-tests.c -@@ -36,11 +36,19 @@ - #include "util/file_watch.h" - #include "tests/common.h" - --#define FW_DIR TEST_DIR "/file-watch" --#define WATCHED_FILE_INOTIFY FW_DIR "/watched_file_inotify" --#define WATCHED_FILE_POLL FW_DIR "/watched_file_poll" --#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/watched_file_inotify.exists" --#define WATCHED_EXISTING_FILE_POLL FW_DIR "/watched_file_poll.exists" -+#define FW_NAME "/file-watch-test-dir" -+#define FILE_INOTIFY_NAME "watched_file_inotify" -+#define FILE_POLL_NAME "watched_file_poll" -+#define FW_DIR TEST_DIR FW_NAME -+#define EXISTING_FILE_INOTIFY_NAME FILE_INOTIFY_NAME ".exists" -+#define EXISTING_FILE_POLL_NAME FILE_POLL_NAME ".exists" -+#define WATCHED_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" FILE_INOTIFY_NAME -+#define WATCHED_FILE_POLL FW_DIR "/.." FW_NAME "/" FILE_POLL_NAME -+#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" EXISTING_FILE_INOTIFY_NAME -+#define WATCHED_EXISTING_FILE_POLL FW_DIR "/.." FW_NAME "/" EXISTING_FILE_POLL_NAME -+#define WATCHED_EXISTING_LINK_INOTIFY FW_DIR "/" EXISTING_FILE_INOTIFY_NAME ".link" -+#define WATCHED_EXISTING_LINK_POLL FW_DIR "/" EXISTING_FILE_POLL_NAME ".link" -+#define UNWATCHED_FILE FW_DIR "/unwatched_file" - - - static TALLOC_CTX *test_mem_ctx; -@@ -50,34 +58,51 @@ struct fn_arg { - int counter; - }; - --static void setup_file_watch(void) -+static void remove_files(void) - { -- test_mem_ctx = talloc_new(NULL); -- mkdir(FW_DIR, 0700); - unlink(WATCHED_FILE_INOTIFY); - unlink(WATCHED_FILE_POLL); -+ unlink(WATCHED_EXISTING_LINK_INOTIFY); -+ unlink(WATCHED_EXISTING_LINK_POLL); - unlink(WATCHED_EXISTING_FILE_INOTIFY); - unlink(WATCHED_EXISTING_FILE_POLL); -+ unlink(UNWATCHED_FILE); - } - -+static void setup_file_watch(void) -+{ -+ DEBUG(SSSDBG_TRACE_ALL, "==========================================\n"); -+ test_mem_ctx = talloc_new(NULL); -+ mkdir(FW_DIR, 0700); -+ remove_files(); -+} - - static void teardown_file_watch(void) - { -- unlink(WATCHED_FILE_INOTIFY); -- unlink(WATCHED_FILE_POLL); -- unlink(WATCHED_EXISTING_FILE_INOTIFY); -- unlink(WATCHED_EXISTING_FILE_POLL); - talloc_free(test_mem_ctx); -+ remove_files(); -+ rmdir(FW_DIR); - } - - - static void callback(const char *filename, void *arg) - { -- DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n"); -+ static char received[PATH_MAX + 1]; -+ static char expected[PATH_MAX + 1]; -+ char *res; - struct fn_arg *data = (struct fn_arg *) arg; - -+ DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n"); -+ - ck_assert_msg(data != NULL, "Callback received NULL argument"); -- ck_assert_msg(strcmp(filename, data->filename) == 0, -+ -+ res = realpath(data->filename, expected); -+ ck_assert_msg(res != NULL, "Failed to normalize the expected filename"); -+ -+ res = realpath(filename, received); -+ ck_assert_msg(res != NULL, "Failed to normalize the received filename"); -+ -+ ck_assert_msg(strcmp(expected, received) == 0, - "Wrong filename in the callback."); - data->counter++; - } -@@ -88,7 +113,7 @@ static void modify_file(const char *filename) - int fd; - int res; - -- DEBUG(SSSDBG_TRACE_FUNC, "File modified\n"); -+ DEBUG(SSSDBG_TRACE_FUNC, "Modifying file %s\n", filename); - fd = open(filename, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR); - ck_assert_msg(fd != -1, "Failed to open the file."); - -@@ -119,11 +144,14 @@ static void test_file_watch_no_file(bool use_inotify) - arg.filename = filename; - arg.counter = 0; - -+ DEBUG(SSSDBG_TRACE_ALL, "Watching file %s\n", filename); - ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg); - ck_assert_msg(ctx != NULL, "Failed to watch a file."); - ck_assert_msg(arg.counter == 0, "Unexpected callback invocation."); - -- // At this point the file doesn't exist, we will create it. -+ // At this point the file doesn't exist. We create the watched and an -+ // unwatched file -+ modify_file(UNWATCHED_FILE); - modify_file(filename); - if (use_inotify) { - res = tevent_loop_once(ev); -@@ -152,26 +180,35 @@ static void test_file_watch_with_file(bool use_inotify) - { - struct file_watch_ctx *ctx; - struct tevent_context *ev; -+ const char *filepath; - const char *filename; -+ const char *linkpath; - struct fn_arg arg; - int res; - - if (use_inotify) { -- filename = WATCHED_EXISTING_FILE_INOTIFY; -+ filename = EXISTING_FILE_INOTIFY_NAME; -+ filepath = WATCHED_EXISTING_FILE_INOTIFY; -+ linkpath = WATCHED_EXISTING_LINK_INOTIFY; - } else { -- filename = WATCHED_EXISTING_FILE_POLL; -+ filename = EXISTING_FILE_POLL_NAME; -+ filepath = WATCHED_EXISTING_FILE_POLL; -+ linkpath = WATCHED_EXISTING_LINK_POLL; - } -- modify_file(filename); -+ modify_file(filepath); -+ res = symlink(filename, linkpath); -+ ck_assert_msg(res == 0, "Failed create the symbolic link"); - - ev = tevent_context_init(test_mem_ctx); - ck_assert_msg(ev != NULL, "Failed to create the tevent context."); - -- arg.filename = filename; -+ arg.filename = linkpath; - arg.counter = 0; - - // File already exists -- ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg); -- ck_assert_msg(ctx != NULL, "Failed to watch a file."); -+ DEBUG(SSSDBG_TRACE_ALL, "Watching link %s\n", linkpath); -+ ctx = fw_watch_file(test_mem_ctx, ev, linkpath, use_inotify, callback, &arg); -+ ck_assert_msg(ctx != NULL, "Failed to watch a link."); - ck_assert_msg(arg.counter >= 1, "Callback not invoked at start up."); - ck_assert_msg(arg.counter <= 1, "Callback invoked too many times at start up."); - -@@ -179,7 +216,7 @@ static void test_file_watch_with_file(bool use_inotify) - if (!use_inotify) { - sleep(2); // Detection by polling is based on the file's modification time. - } -- modify_file(filename); -+ modify_file(filepath); - if (use_inotify) { - res = tevent_loop_once(ev); - ck_assert_msg(res == 0, "tevent_loop_once() failed."); -diff --git a/src/util/file_watch.c b/src/util/file_watch.c -index b994e4116..d19fdccd6 100644 ---- a/src/util/file_watch.c -+++ b/src/util/file_watch.c -@@ -121,7 +121,10 @@ static int watched_file_inotify_cb(const char *filename, - uint32_t flags, - void *pvt) - { -+ static char received[PATH_MAX + 1]; -+ static char expected[PATH_MAX + 1]; - struct file_watch_ctx *fw_ctx; -+ char *res; - - DEBUG(SSSDBG_TRACE_LIBS, - "Received inotify notification for %s\n", filename); -@@ -131,15 +134,32 @@ static int watched_file_inotify_cb(const char *filename, - return EINVAL; - } - -- if (strcmp(fw_ctx->filename, filename) == 0) { -- if (access(fw_ctx->filename, F_OK) == 0) { -- fw_ctx->cb(fw_ctx->filename, fw_ctx->cb_arg); -+ res = realpath(fw_ctx->filename, expected); -+ if (res == NULL) { -+ DEBUG(SSSDBG_TRACE_LIBS, -+ "Normalization failed for expected %s. Skipping the callback.\n", -+ fw_ctx->filename); -+ goto done; -+ } -+ -+ res = realpath(filename, received); -+ if (res == NULL) { -+ DEBUG(SSSDBG_TRACE_LIBS, -+ "Normalization failed for received %s. Skipping the callback.\n", -+ filename); -+ goto done; -+ } -+ -+ if (strcmp(expected, received) == 0) { -+ if (access(received, F_OK) == 0) { -+ fw_ctx->cb(received, fw_ctx->cb_arg); - } else { - DEBUG(SSSDBG_TRACE_LIBS, - "File %s is missing. Skipping the callback.\n", filename); - } - } - -+done: - return EOK; - } - --- -2.38.1 - diff --git a/0002-MAN-fix-issue-with-multithread-build.patch b/0002-MAN-fix-issue-with-multithread-build.patch deleted file mode 100644 index 3c8b1d5..0000000 --- a/0002-MAN-fix-issue-with-multithread-build.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 713c646ec054b72cfaadd21f3faaa9c5acb96222 Mon Sep 17 00:00:00 2001 -From: Alexey Tikhonov -Date: Tue, 16 May 2023 15:22:04 +0200 -Subject: [PATCH] MAN: fix issue with multithread build - -When 'make' runs using multiple threads it can build several man pages -in parallel, executing the same '.5.xml.5:' rule. This can result in -a race condition where multiple threads access the same 'sssd_user_name.include' -file. -To avoid this make 'sssd_user_name.include' file a rule dependency. -But "Suffix rules cannot have any prerequisites of their own", and suffix -rules are obsolete anyway, so change it to pattern rules. ---- - src/man/Makefile.am | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/man/Makefile.am b/src/man/Makefile.am -index ee44dff97..1e51aebfd 100644 ---- a/src/man/Makefile.am -+++ b/src/man/Makefile.am -@@ -117,23 +117,23 @@ man_MANS += sssd-files.5 - endif # BUILD_FILES_PROVIDER - endif - --SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 --.1.xml.1: -+$(builddir)/src/man/sssd_user_name.include: -+ @mkdir -p $(builddir)/src/man -+ @echo -n $(SSSD_USER) > $(builddir)/src/man/sssd_user_name.include -+ -+%.1: %.1.xml - $(XMLLINT) $(XMLLINT_FLAGS) $< - $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< - --.3.xml.3: -+%.3: %.3.xml - $(XMLLINT) $(XMLLINT_FLAGS) $< - $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< - --.5.xml.5: -- @mkdir -p $(builddir)/src/man -- @echo -n $(SSSD_USER) > $(builddir)/src/man/sssd_user_name.include -+%.5: %.5.xml $(builddir)/src/man/sssd_user_name.include - $(XMLLINT) --path "$(srcdir)/src/man:$(builddir)/src/man" $(XMLLINT_FLAGS) $< - $(XSLTPROC) --path "$(srcdir)/src/man:$(builddir)/src/man" -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< -- @rm -f $(builddir)/src/man/sssd_user_name.include - --.8.xml.8: -+%.8: %.8.xml - $(XMLLINT) $(XMLLINT_FLAGS) $< - $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< - -@@ -215,6 +215,7 @@ clean-local: - done - rm -f $(man_MANS) - rm -f man.stamp -+ rm -f $(builddir)/src/man/sssd_user_name.include - - else - -@@ -224,6 +225,7 @@ man.stamp: $(XML_DOC) - clean-local: - rm -f $(man_MANS) - rm -f man.stamp -+ rm -f $(builddir)/src/man/sssd_user_name.include - - endif - --- -2.38.1 - diff --git a/0003-AD-add-missing-AD_AT_DOMAIN_NAME-for-sub-domain-sear.patch b/0003-AD-add-missing-AD_AT_DOMAIN_NAME-for-sub-domain-sear.patch deleted file mode 100644 index 6d2d7f6..0000000 --- a/0003-AD-add-missing-AD_AT_DOMAIN_NAME-for-sub-domain-sear.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e5dfa2a8c3cdb4db8749ae1b37cec8185070bc69 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 23 May 2023 12:36:28 +0200 -Subject: [PATCH] AD: add missing AD_AT_DOMAIN_NAME for sub-domain search - -Reviewed-by: Iker Pedrosa -Reviewed-by: Justin Stephenson -(cherry picked from commit 39b6337f32b76842be65802b0b0aa86050c8aa95) ---- - src/providers/ad/ad_subdomains.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c -index db7f1c3c7..a8d1892cc 100644 ---- a/src/providers/ad/ad_subdomains.c -+++ b/src/providers/ad/ad_subdomains.c -@@ -1216,7 +1216,7 @@ static void ad_get_slave_domain_connect_done(struct tevent_req *subreq) - int dp_error; - errno_t ret; - const char *attrs[] = { AD_AT_FLATNAME, AD_AT_TRUST_PARTNER, -- AD_AT_SID, AD_AT_TRUST_TYPE, -+ AD_AT_SID, AD_AT_TRUST_TYPE, AD_AT_DOMAIN_NAME, - AD_AT_TRUST_ATTRS, AD_AT_TRUST_DIRECTION, NULL }; - - req = tevent_req_callback_data(subreq, struct tevent_req); --- -2.38.1 - diff --git a/sources b/sources index 230117e..0c9a511 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sssd-2.9.0.tar.gz) = cf65572cfa6468c4b3edc3a33a48ab6d58979917901662eb8b2d8fc5931494be81da13295246500a3a315b71d0395594c9a565014e5875f3cdde50da096f253d +SHA512 (sssd-2.9.1.tar.gz) = eb7345dcfbbd51f005f67ee5032364d369d24589111ded60701e2dbe09563f0b862d343f231dd2e9d548acd8c560a036c8b88a0601f9aa048a7202da8202cd9b diff --git a/sssd.spec b/sssd.spec index d765107..4b61753 100644 --- a/sssd.spec +++ b/sssd.spec @@ -26,17 +26,15 @@ %global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) Name: sssd -Version: 2.9.0 -Release: 5%{?dist} +Version: 2.9.1 +Release: 1%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz ### Patches ### -Patch0001: 0001-FILE-WATCH-Callback-not-executed-on-link-or-relative.patch -Patch0002: 0002-MAN-fix-issue-with-multithread-build.patch -Patch0003: 0003-AD-add-missing-AD_AT_DOMAIN_NAME-for-sub-domain-sear.patch +#Patch0001: ### Dependencies ### @@ -1063,6 +1061,14 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Fri Jun 23 2023 Alexey Tikhonov - 2.9.1-1 +- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3 +- Resolves: rhbz#2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' +- Resolves: rhbz#2162552 - sssd client caches old data after removing netgroup member on IDM +- Resolves: rhbz#2189542 - [sssd] RHEL 9.3 Tier 0 Localization +- Resolves: rhbz#2133854 - [RHEL9] In some cases when `sdap_add_incomplete_groups()` is called with `ignore_group_members = true`, groups should be treated as complete +- Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys + * Tue Jun 6 2023 Alexey Tikhonov - 2.9.0-5 - Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs.