diff --git a/0001-PROXY-Return-data-in-output-parameter-if-everything-.patch b/0001-PROXY-Return-data-in-output-parameter-if-everything-.patch new file mode 100644 index 0000000..b80e629 --- /dev/null +++ b/0001-PROXY-Return-data-in-output-parameter-if-everything-.patch @@ -0,0 +1,133 @@ +From e1b678c0cce73494d986610920b03956c1dbb62a Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Fri, 28 Jun 2019 16:27:21 +0200 +Subject: [PATCH] PROXY: Return data in output parameter if everything is OK + +The function remove_duplicate_group_members might return EOK also in the middle +of function but return parameter was not set with right data. +Processing continued in the function save_group but there was a +dereference of NULL pointer. + +Introduced in: https://pagure.io/SSSD/sssd/issue/3931 + +Crash: + (gdb) bt + #0 0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap", + alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748 + #1 0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=, + ctx=) at src/providers/proxy/proxy_id.c:1160 + #2 0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0) + at src/providers/proxy/proxy_id.c:1553 + #3 get_initgr (i_name=, dom=0x55c9a0efb420, sysdb=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461 + #4 proxy_account_info (domain=0x55c9a0efb420, be_ctx=, data=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659 + #5 proxy_account_info_handler_send (mem_ctx=, id_ctx=0x55c9a0f048e0, data=, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758 + #6 0x000055c99fc67677 in file_dp_request (_dp_req=, req=0x55c9a0f39470, request_data=, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID, + name=, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=) at src/providers/data_provider/dp_request.c:250 + #7 dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=, target=target@entry=DPT_ID, + method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295 + #8 0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=, ev=0x55c9a0eddbc0, sbus_req=, provider=0x55c9a0efe0e0, dp_flags=1, + entry_type=, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528 + #9 0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=, tv=..., private_data=) at src/sss_iface/sbus_sss_invokers.c:2847 + #10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0 + #11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0 + #12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0 + #13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0 + #14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0 + #15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0 + #16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0 + #17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724 + #18 0x000055c99fc59760 in main (argc=8, argv=) at src/providers/data_provider_be.c:747 + (gdb) l + (gdb) bt + #0 0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap", + alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748 + #1 0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=, + ctx=) at src/providers/proxy/proxy_id.c:1160 + #2 0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0) + at src/providers/proxy/proxy_id.c:1553 + #3 get_initgr (i_name=, dom=0x55c9a0efb420, sysdb=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461 + #4 proxy_account_info (domain=0x55c9a0efb420, be_ctx=, data=, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659 + #5 proxy_account_info_handler_send (mem_ctx=, id_ctx=0x55c9a0f048e0, data=, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758 + #6 0x000055c99fc67677 in file_dp_request (_dp_req=, req=0x55c9a0f39470, request_data=, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID, + name=, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=) at src/providers/data_provider/dp_request.c:250 + #7 dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=, target=target@entry=DPT_ID, + method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295 + #8 0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=, ev=0x55c9a0eddbc0, sbus_req=, provider=0x55c9a0efe0e0, dp_flags=1, + entry_type=, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528 + #9 0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=, tv=..., private_data=) at src/sss_iface/sbus_sss_invokers.c:2847 + #10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0 + #11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0 + #12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0 + #13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0 + #14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0 + #15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0 + #16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0 + #17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724 + #18 0x000055c99fc59760 in main (argc=8, argv=) at src/providers/data_provider_be.c:747 + (gdb) l + 733 ret = remove_duplicate_group_members(tmp_ctx, grp, &ngroup); + 734 if (ret != EOK) { + 735 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove duplicate group member s\n"); + 736 goto done; + 737 } + 738 + 739 DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, ngroup); + 740 + 741 ret = sysdb_transaction_start(sysdb); + 742 if (ret != EOK) { + 743 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); + 744 goto done; + 745 } + 746 in_transaction = true; + 747 + 748 if (ngroup->gr_mem && ngroup->gr_mem[0]) { + 749 attrs = sysdb_new_attrs(tmp_ctx); + 750 if (!attrs) { + 751 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n"); + 752 ret = ENOMEM; + (gdb) p ngroup + $1 = (struct group *) 0x0 + 743 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); + 744 goto done; + 745 } + 746 in_transaction = true; + 747 + 748 if (ngroup->gr_mem && ngroup->gr_mem[0]) { + 749 attrs = sysdb_new_attrs(tmp_ctx); + 750 if (!attrs) { + 751 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n"); + 752 ret = ENOMEM; + (gdb) p ngroup + $1 = (struct group *) 0x0 + +Merges: https://pagure.io/SSSD/sssd/pull-request/4036 + +Resolves: +https://pagure.io/SSSD/sssd/issue/4037 + +Reviewed-by: Jakub Hrozek +--- + src/providers/proxy/proxy_id.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c +index e1be29076..91105ce5a 100644 +--- a/src/providers/proxy/proxy_id.c ++++ b/src/providers/proxy/proxy_id.c +@@ -698,10 +698,12 @@ static errno_t remove_duplicate_group_members(TALLOC_CTX *mem_ctx, + } + grp->gr_mem[i] = NULL; + +- *_grp = talloc_steal(mem_ctx, grp); + ret = EOK; + + done: ++ if (ret == EOK) { ++ *_grp = talloc_steal(mem_ctx, grp); ++ } + talloc_zfree(tmp_ctx); + + return ret; +-- +2.20.1 + diff --git a/sssd.spec b/sssd.spec index 74c36ad..09e34e1 100644 --- a/sssd.spec +++ b/sssd.spec @@ -36,14 +36,14 @@ Name: sssd Version: 2.2.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://pagure.io/SSSD/sssd/ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz ### Patches ### -#Patch0001: ... +Patch0001: 0001-PROXY-Return-data-in-output-parameter-if-everything-.patch ### Downstream only patches ### Patch0502: 0502-SYSTEMD-Use-capabilities.patch @@ -1068,6 +1068,10 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog +* Fri Jul 5 2019 Jakub Hrozek - 2.2.0-2 +- Resolves: rhbz#1724717 - sssd-proxy crashes resolving groups with + no members + * Mon Jun 17 2019 Michal Židek - 2.2.0-1 - Update to latest released upstream version - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_0.html