[sssd] Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
Stephen Gallagher
sgallagh at fedoraproject.org
Wed Feb 1 19:25:09 UTC 2012
commit ae664ccc43e22bc01c0c168f0fe77633b368cc3d
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Wed Feb 1 14:22:00 2012 -0500
Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
new LDAP features
...-fail-if-RootDSE-check-cannot-determine-s.patch | 214 ++++++++++++++++++++
sssd.spec | 10 +-
2 files changed, 222 insertions(+), 2 deletions(-)
---
diff --git a/0001-LDAP-Do-not-fail-if-RootDSE-check-cannot-determine-s.patch b/0001-LDAP-Do-not-fail-if-RootDSE-check-cannot-determine-s.patch
new file mode 100644
index 0000000..ef4212e
--- /dev/null
+++ b/0001-LDAP-Do-not-fail-if-RootDSE-check-cannot-determine-s.patch
@@ -0,0 +1,214 @@
+From 942714ed5a3ae23e291de2498f947de4bca57456 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh at redhat.com>
+Date: Wed, 1 Feb 2012 14:03:36 -0500
+Subject: [PATCH] LDAP: Do not fail if RootDSE check cannot determine search
+ bases
+
+https://fedorahosted.org/sssd/ticket/1152
+
+Conflicts:
+
+ src/providers/ldap/sdap_async_services.c
+---
+ src/providers/ipa/ipa_netgroups.c | 7 +++++
+ src/providers/ldap/sdap.c | 7 ++++-
+ src/providers/ldap/sdap_async_groups.c | 9 +++++++
+ src/providers/ldap/sdap_async_initgroups.c | 35 +++++++++++++++++++++++++++-
+ src/providers/ldap/sdap_async_users.c | 9 +++++++
+ src/providers/ldap/sdap_sudo.c | 9 +++++++
+ 6 files changed, 74 insertions(+), 2 deletions(-)
+
+diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c
+index 78bcee1b44fec3c8d04fc5ba13b46db26396d1b1..7da1147c7d6fd1dec8872209e442ae99ee810aa1 100644
+--- a/src/providers/ipa/ipa_netgroups.c
++++ b/src/providers/ipa/ipa_netgroups.c
+@@ -209,6 +209,13 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx,
+ state->base_filter = filter;
+ state->netgr_base_iter = 0;
+
++ if (!ipa_options->id->netgroup_search_bases) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ ("Netgroup lookup request without a search base\n"));
++ ret = EINVAL;
++ goto done;
++ }
++
+ ret = sss_hash_create(state, 32, &state->new_netgroups);
+ if (ret != EOK) goto done;
+ ret = sss_hash_create(state, 32, &state->new_users);
+diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
+index 3ca2e286146e1e88b1fd7abef341fa8c3aa699ad..2b29116949b2f8efae269a994a0f3da64a0ee612 100644
+--- a/src/providers/ldap/sdap.c
++++ b/src/providers/ldap/sdap.c
+@@ -748,7 +748,12 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
+ naming_context = get_naming_context(opts->basic, rootdse);
+ if (naming_context == NULL) {
+ DEBUG(1, ("get_naming_context failed.\n"));
+- ret = EINVAL;
++
++ /* This has to be non-fatal, since some servers offer
++ * multiple namingContexts entries. We will just
++ * add NULL checks for the search bases in the lookups.
++ */
++ ret = EOK;
+ goto done;
+ }
+ }
+diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
+index e59640997d78db525a98a63cd230d2bc1a74d1a1..fe5dbd49a159c0ca4f57d60b7f69a8792e9a42c9 100644
+--- a/src/providers/ldap/sdap_async_groups.c
++++ b/src/providers/ldap/sdap_async_groups.c
+@@ -1217,7 +1217,16 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
+ state->base_iter = 0;
+ state->search_bases = search_bases;
+
++ if (!search_bases) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ ("Group lookup request without a search base\n"));
++ ret = EINVAL;
++ goto done;
++ }
++
+ ret = sdap_get_groups_next_base(req);
++
++done:
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
+index 73ab25ea79cd66ff5fe7131ee7606cf71aa382e5..a769b100557b2d685cb022f09bea0d70ccfe3bb3 100644
+--- a/src/providers/ldap/sdap_async_initgroups.c
++++ b/src/providers/ldap/sdap_async_initgroups.c
+@@ -303,6 +303,13 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
+ state->base_iter = 0;
+ state->search_bases = opts->group_search_bases;
+
++ if (!state->search_bases) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ ("Initgroups lookup request without a group search base\n"));
++ ret = EINVAL;
++ goto done;
++ }
++
+ state->name = talloc_strdup(state, name);
+ if (!state->name) {
+ talloc_zfree(req);
+@@ -337,6 +344,8 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
+ talloc_zfree(clean_name);
+
+ ret = sdap_initgr_rfc2307_next_base(req);
++
++done:
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+@@ -1432,6 +1441,13 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send(
+ state->base_iter = 0;
+ state->search_bases = opts->group_search_bases;
+
++ if (!state->search_bases) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ ("Initgroups lookup request without a group search base\n"));
++ ret = EINVAL;
++ goto done;
++ }
++
+ ret = sss_hash_create(state, 32, &state->group_hash);
+ if (ret != EOK) {
+ talloc_free(req);
+@@ -2006,9 +2022,17 @@ struct tevent_req *rfc2307bis_nested_groups_send(
+ SDAP_SEARCH_TIMEOUT);
+ state->base_iter = 0;
+ state->search_bases = opts->group_search_bases;
+-
++ if (!state->search_bases) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ ("Initgroups nested lookup request "
++ "without a group search base\n"));
++ ret = EINVAL;
++ goto done;
++ }
+
+ ret = rfc2307bis_nested_groups_step(req);
++
++done:
+ if (ret == EOK) {
+ /* All parent groups were already processed */
+ tevent_req_done(req);
+@@ -2378,9 +2402,16 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
+ state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
+ state->user_base_iter = 0;
+ state->user_search_bases = id_ctx->opts->user_search_bases;
++ if (!state->user_search_bases) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ ("Initgroups lookup request without a user search base\n"));
++ ret = EINVAL;
++ goto done;
++ }
+
+ ret = sss_filter_sanitize(state, name, &clean_name);
+ if (ret != EOK) {
++ talloc_zfree(req);
+ return NULL;
+ }
+
+@@ -2402,6 +2433,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
+ }
+
+ ret = sdap_get_initgr_next_base(req);
++
++done:
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
+index ac856a64208cb87994f676ab50fdba6d82dbcb50..01168321951fa9d14f4b58d891cb922c6c44d2c2 100644
+--- a/src/providers/ldap/sdap_async_users.c
++++ b/src/providers/ldap/sdap_async_users.c
+@@ -434,7 +434,16 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
+ state->search_bases = search_bases;
+ state->enumeration = enumeration;
+
++ if (!state->search_bases) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ ("User lookup request without a search base\n"));
++ ret = EINVAL;
++ goto done;
++ }
++
+ ret = sdap_get_users_next_base(req);
++
++done:
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, state->ev);
+diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
+index 68cb47cd38952594d34ccc81913b7308caf9af10..aeae22eccf2a9adf3fb2fde831a3b492a6c4afb7 100644
+--- a/src/providers/ldap/sdap_sudo.c
++++ b/src/providers/ldap/sdap_sudo.c
+@@ -237,6 +237,13 @@ struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx,
+ state->ldap_rules = NULL;
+ state->ldap_rules_count = 0;
+
++ if (!state->search_bases) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ ("SUDOERS lookup request without a search base\n"));
++ ret = EINVAL;
++ goto done;
++ }
++
+ /* create filter */
+ state->filter = sdap_sudo_build_filter(state,
+ state->opts->sudorule_map,
+@@ -256,6 +263,8 @@ struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx,
+
+ /* begin search */
+ ret = sdap_sudo_load_sudoers_next_base(req);
++
++done:
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, sudo_ctx->be_ctx->ev);
+--
+1.7.7.6
+
diff --git a/sssd.spec b/sssd.spec
index 9ccaaeb..f2cd307 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -19,7 +19,7 @@
Name: sssd
Version: 1.7.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -29,12 +29,14 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ###
+Patch0001: 0001-LDAP-Do-not-fail-if-RootDSE-check-cannot-determine-s.patch
+
### Dependencies ###
Conflicts: selinux-policy < 3.10.0-46
Requires: libldb = %{ldb_version}
Requires: libtdb >= 1.1.3
-Requires: sssd-client = %{version}-%{release}
+Requires: sssd-client%{?_isa} = %{version}-%{release}
Requires: cyrus-sasl-gssapi
Requires: krb5-libs >= 1.9
Requires(post): systemd-units initscripts chkconfig /sbin/ldconfig
@@ -377,6 +379,10 @@ fi
%postun -n libipa_hbac -p /sbin/ldconfig
%changelog
+* Wed Feb 01 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.7.0-2
+- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
+ new LDAP features
+
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
More information about the scm-commits
mailing list