From af82f760d44950a835c779d790926f83b73eec69 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: May 24 2013 08:44:53 +0000 Subject: Always initialize ID mapping objects Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later --- diff --git a/0009-Fix-segfault-in-AD-Subdomains-Module.patch b/0009-Fix-segfault-in-AD-Subdomains-Module.patch new file mode 100644 index 0000000..21794cd --- /dev/null +++ b/0009-Fix-segfault-in-AD-Subdomains-Module.patch @@ -0,0 +1,28 @@ +From 574061e65d3fb687b9cb2c757afa1fe92812245e Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Wed, 15 May 2013 10:09:08 +0200 +Subject: [PATCH] Fix segfault in AD Subdomains Module + +In function ad_subdomains_get_netlogon_done: +If variable "reply_count" is zero then variable "reply" will not be +initialized. Therefore we should not continue. +--- + src/providers/ad/ad_subdomains.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c +index 1da343f8711b2b99a7afff6a4a398a1aa515a875..2ad318f63a89b2e8894ca07d007cde11867ed290 100644 +--- a/src/providers/ad/ad_subdomains.c ++++ b/src/providers/ad/ad_subdomains.c +@@ -307,6 +307,8 @@ static void ad_subdomains_get_netlogon_done(struct tevent_req *req) + + if (reply_count == 0) { + DEBUG(SSSDBG_TRACE_FUNC, ("No netlogon data available.\n")); ++ ret = ENOENT; ++ goto done; + } else if (reply_count > 1) { + DEBUG(SSSDBG_OP_FAILURE, + ("More than one netlogon info returned.\n")); +-- +1.8.2.1 + diff --git a/0010-LDAP-Always-initialize-idmap-object.patch b/0010-LDAP-Always-initialize-idmap-object.patch new file mode 100644 index 0000000..1c4a743 --- /dev/null +++ b/0010-LDAP-Always-initialize-idmap-object.patch @@ -0,0 +1,36 @@ +From 392dce02615e446b3c73dfb8b4e0a19ebb86f914 Mon Sep 17 00:00:00 2001 +From: Jakub Hrozek +Date: Mon, 13 May 2013 10:15:09 +0200 +Subject: [PATCH] LDAP: Always initialize idmap object + +https://fedorahosted.org/sssd/ticket/1922 + +Since we always store the SID now, we need to always initialize the ID +mapping object in LDAP provider as well. Some users might want to +configure the LDAP provider with ID mapping, not the AD provider itself. +--- + src/providers/ldap/ldap_init.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c +index 2e30c37edb707799baada3d695776ae602c6a7eb..0884a85c7d9db2c7c777caf0baebf59217076982 100644 +--- a/src/providers/ldap/ldap_init.c ++++ b/src/providers/ldap/ldap_init.c +@@ -155,11 +155,9 @@ int sssm_ldap_id_init(struct be_ctx *bectx, + goto done; + } + +- if (dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING)) { +- /* Set up the ID mapping object */ +- ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx); +- if (ret != EOK) goto done; +- } ++ /* Set up the ID mapping object */ ++ ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx); ++ if (ret != EOK) goto done; + + ret = sdap_id_setup_tasks(ctx); + if (ret != EOK) { +-- +1.8.2.1 + diff --git a/0011-Re-add-a-useful-DEBUG-message.patch b/0011-Re-add-a-useful-DEBUG-message.patch new file mode 100644 index 0000000..9f8654e --- /dev/null +++ b/0011-Re-add-a-useful-DEBUG-message.patch @@ -0,0 +1,29 @@ +From 5aad10b49e193ee14a86e1277146a223005a2d6b Mon Sep 17 00:00:00 2001 +From: Jakub Hrozek +Date: Mon, 13 May 2013 10:23:56 +0200 +Subject: [PATCH] Re-add a useful DEBUG message + +In commit 46222e5191473f9a46aec581273eb2eef22e23be we removed a very +similar DEBUG message while moving the whole piece of code to the idmap +library. But it turned out that the DEBUG message was useful while +testing the functionality, so this patch adds it back. +--- + src/providers/ldap/sdap_idmap.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c +index 050b2c5a768f58acd376e68a15a579e1e56894ac..43db0c83354ed2f8f112a8853ab66ab51e1d9fd2 100644 +--- a/src/providers/ldap/sdap_idmap.c ++++ b/src/providers/ldap/sdap_idmap.c +@@ -242,6 +242,8 @@ sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx, + ret = EIO; + goto done; + } ++ DEBUG(SSSDBG_TRACE_LIBS, ++ ("Adding domain [%s] as slice [%llu]\n", dom_sid, slice)); + + if (range.max > idmap_upper) { + /* This should never happen */ +-- +1.8.2.1 + diff --git a/sssd.spec b/sssd.spec index 48b4173..6ed319d 100644 --- a/sssd.spec +++ b/sssd.spec @@ -16,7 +16,7 @@ Name: sssd Version: 1.10.0 -Release: 6%{?dist}.beta1 +Release: 7%{?dist}.beta1 Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -33,6 +33,9 @@ Patch0005: 0005-SSH-Use-separate-field-for-domain-name-in-client-req.patch Patch0006: 0006-SSH-Do-not-skip-domains-with-use_fully_qualified_nam.patch Patch0007: 0007-Always-update-cached-upn-if-enterprise-principals-ar.patch Patch0008: 0008-Enable-the-AD-dynamic-DNS-updates-by-default.patch +Patch0009: 0009-Fix-segfault-in-AD-Subdomains-Module.patch +Patch0010: 0010-LDAP-Always-initialize-idmap-object.patch +Patch0011: 0011-Re-add-a-useful-DEBUG-message.patch Patch0501: 0501-FEDORA-Switch-the-default-ccache-location.patch @@ -605,6 +608,10 @@ fi %postun -n libsss_sudo -p /sbin/ldconfig %changelog +* Fri May 24 2013 Jakub Hrozek - 1.10.0-7.beta1 +- Apply a couple of patches from upstream git that resolve crashes when + ID mapping object was not initialized properly but needed later + * Tue May 14 2013 Jakub Hrozek - 1.10.0-6.beta1 - Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join