[sssd] - Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the
Stephen Gallagher
sgallagh at fedoraproject.org
Tue Feb 1 14:21:16 UTC 2011
commit d12cd5dd264b036a53c54bb06fdae7f9d67c37d2
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue Feb 1 08:40:52 2011 -0500
- Fix nested group member filter sanitization for RFC2307bis
- Put translated tool manpages into the sssd-tools subpackage
...e-search-filters-for-nested-group-lookups.patch | 73 ++++++++++++++++++++
sssd.spec | 31 +++++++--
2 files changed, 99 insertions(+), 5 deletions(-)
---
diff --git a/0001-Sanitize-search-filters-for-nested-group-lookups.patch b/0001-Sanitize-search-filters-for-nested-group-lookups.patch
new file mode 100644
index 0000000..58b9544
--- /dev/null
+++ b/0001-Sanitize-search-filters-for-nested-group-lookups.patch
@@ -0,0 +1,73 @@
+From 979943195da209bdc28efd5e90a19f888f4b88ed Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh at redhat.com>
+Date: Mon, 31 Jan 2011 13:00:56 -0500
+Subject: [PATCH] Sanitize search filters for nested group lookups
+
+---
+ src/providers/ldap/sdap_async_accounts.c | 20 +++++++++++++++++---
+ 1 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
+index 648f9a734eca60401c07d2b0d0fa432751c9ab73..5b6d3d74ac1496fe6a4266c327d0111e12e24b64 100644
+--- a/src/providers/ldap/sdap_async_accounts.c
++++ b/src/providers/ldap/sdap_async_accounts.c
+@@ -3409,6 +3409,7 @@ errno_t save_rfc2307bis_user_memberships(
+ {
+ errno_t ret, tret;
+ char *member_dn;
++ char *sanitized_dn;
+ char *filter;
+ const char **attrs;
+ size_t reply_count, i;
+@@ -3447,12 +3448,18 @@ errno_t save_rfc2307bis_user_memberships(
+ ret = ENOMEM;
+ goto error;
+ }
++ ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
++ if (ret != EOK) {
++ goto error;
++ }
++ talloc_free(member_dn);
+
+- filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn);
++ filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn);
+ if (!filter) {
+ ret = ENOMEM;
+ goto error;
+ }
++ talloc_free(sanitized_dn);
+
+ ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom,
+ filter, attrs, &reply_count, &replies);
+@@ -3874,6 +3881,7 @@ static errno_t rfc2307bis_nested_groups_update_sysdb(
+ const char *name;
+ bool in_transaction = false;
+ char *member_dn;
++ char *sanitized_dn;
+ char *filter;
+ const char **attrs;
+ size_t reply_count, i;
+@@ -3918,12 +3926,18 @@ static errno_t rfc2307bis_nested_groups_update_sysdb(
+ goto error;
+ }
+
+- filter = talloc_asprintf(tmp_ctx, "(member=%s)", member_dn);
++ ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
++ if (ret != EOK) {
++ goto error;
++ }
++ talloc_free(member_dn);
++
++ filter = talloc_asprintf(tmp_ctx, "(member=%s)", sanitized_dn);
+ if (!filter) {
+ ret = ENOMEM;
+ goto error;
+ }
+- talloc_free(member_dn);
++ talloc_free(sanitized_dn);
+
+ ret = sysdb_search_groups(tmp_ctx, state->sysdb, state->dom,
+ filter, attrs,
+--
+1.7.3.5
+
diff --git a/sssd.spec b/sssd.spec
index 1f72daf..14913b2 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -5,7 +5,7 @@
Name: sssd
Version: 1.5.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -14,6 +14,7 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ###
+Patch0001: 0001-Sanitize-search-filters-for-nested-group-lookups.patch
### Dependencies ###
@@ -73,6 +74,7 @@ BuildRequires: bind-utils
BuildRequires: keyutils-libs-devel
BuildRequires: libnl-devel
BuildRequires: nscd
+BuildRequires: gettext-devel
%description
Provides a set of daemons to manage access to remote directories and
@@ -106,6 +108,10 @@ use with ldap_default_authtok_type = obfuscated_password.
%prep
%setup -q
+autoreconf -ivf
+
+%patch0001 -p1
+
%build
%configure \
--with-db-path=%{dbpath} \
@@ -167,6 +173,20 @@ do
echo %{python_sitelib}/`basename $file` >> sssd.lang
done
+touch sssd_tools.lang
+for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
+do
+ lang=`echo $man | cut -c 1-2`
+ case `basename $man` in
+ sss_*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
+ ;;
+ *)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
+ ;;
+ esac
+done
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -200,10 +220,7 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/pysss.so
%{python_sitelib}/*.py*
-%lang(cs) %{_mandir}/cs/man[58]/*
-%lang(uk) %{_mandir}/uk/man[58]/*
-
-%files client
+%files client -f sssd_tools.lang
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
/%{_lib}/libnss_sss.so.2
@@ -253,6 +270,10 @@ fi
%postun client -p /sbin/ldconfig
%changelog
+* Tue Feb 01 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.1-3
+- Fix nested group member filter sanitization for RFC2307bis
+- Put translated tool manpages into the sssd-tools subpackage
+
* Thu Jan 27 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.1-2
- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
- rpmbuild
More information about the scm-commits
mailing list