[sssd] Always initialize ID mapping objects
Jakub Hrozek
jhrozek at fedoraproject.org
Fri May 24 08:55:03 UTC 2013
commit af82f760d44950a835c779d790926f83b73eec69
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Fri May 24 10:44:53 2013 +0200
Always initialize ID mapping objects
Apply a couple of patches from upstream git that resolve crashes when
ID mapping object was not initialized properly but needed later
0009-Fix-segfault-in-AD-Subdomains-Module.patch | 28 +++++++++++++++++
0010-LDAP-Always-initialize-idmap-object.patch | 36 +++++++++++++++++++++++
0011-Re-add-a-useful-DEBUG-message.patch | 29 ++++++++++++++++++
sssd.spec | 9 +++++-
4 files changed, 101 insertions(+), 1 deletions(-)
---
diff --git a/0009-Fix-segfault-in-AD-Subdomains-Module.patch b/0009-Fix-segfault-in-AD-Subdomains-Module.patch
new file mode 100644
index 0000000..21794cd
--- /dev/null
+++ b/0009-Fix-segfault-in-AD-Subdomains-Module.patch
@@ -0,0 +1,28 @@
+From 574061e65d3fb687b9cb2c757afa1fe92812245e Mon Sep 17 00:00:00 2001
+From: Lukas Slebodnik <lslebodn at redhat.com>
+Date: Wed, 15 May 2013 10:09:08 +0200
+Subject: [PATCH] Fix segfault in AD Subdomains Module
+
+In function ad_subdomains_get_netlogon_done:
+If variable "reply_count" is zero then variable "reply" will not be
+initialized. Therefore we should not continue.
+---
+ src/providers/ad/ad_subdomains.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index 1da343f8711b2b99a7afff6a4a398a1aa515a875..2ad318f63a89b2e8894ca07d007cde11867ed290 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -307,6 +307,8 @@ static void ad_subdomains_get_netlogon_done(struct tevent_req *req)
+
+ if (reply_count == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC, ("No netlogon data available.\n"));
++ ret = ENOENT;
++ goto done;
+ } else if (reply_count > 1) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("More than one netlogon info returned.\n"));
+--
+1.8.2.1
+
diff --git a/0010-LDAP-Always-initialize-idmap-object.patch b/0010-LDAP-Always-initialize-idmap-object.patch
new file mode 100644
index 0000000..1c4a743
--- /dev/null
+++ b/0010-LDAP-Always-initialize-idmap-object.patch
@@ -0,0 +1,36 @@
+From 392dce02615e446b3c73dfb8b4e0a19ebb86f914 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek at redhat.com>
+Date: Mon, 13 May 2013 10:15:09 +0200
+Subject: [PATCH] LDAP: Always initialize idmap object
+
+https://fedorahosted.org/sssd/ticket/1922
+
+Since we always store the SID now, we need to always initialize the ID
+mapping object in LDAP provider as well. Some users might want to
+configure the LDAP provider with ID mapping, not the AD provider itself.
+---
+ src/providers/ldap/ldap_init.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
+index 2e30c37edb707799baada3d695776ae602c6a7eb..0884a85c7d9db2c7c777caf0baebf59217076982 100644
+--- a/src/providers/ldap/ldap_init.c
++++ b/src/providers/ldap/ldap_init.c
+@@ -155,11 +155,9 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
+ goto done;
+ }
+
+- if (dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING)) {
+- /* Set up the ID mapping object */
+- ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx);
+- if (ret != EOK) goto done;
+- }
++ /* Set up the ID mapping object */
++ ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx);
++ if (ret != EOK) goto done;
+
+ ret = sdap_id_setup_tasks(ctx);
+ if (ret != EOK) {
+--
+1.8.2.1
+
diff --git a/0011-Re-add-a-useful-DEBUG-message.patch b/0011-Re-add-a-useful-DEBUG-message.patch
new file mode 100644
index 0000000..9f8654e
--- /dev/null
+++ b/0011-Re-add-a-useful-DEBUG-message.patch
@@ -0,0 +1,29 @@
+From 5aad10b49e193ee14a86e1277146a223005a2d6b Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek at redhat.com>
+Date: Mon, 13 May 2013 10:23:56 +0200
+Subject: [PATCH] Re-add a useful DEBUG message
+
+In commit 46222e5191473f9a46aec581273eb2eef22e23be we removed a very
+similar DEBUG message while moving the whole piece of code to the idmap
+library. But it turned out that the DEBUG message was useful while
+testing the functionality, so this patch adds it back.
+---
+ src/providers/ldap/sdap_idmap.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
+index 050b2c5a768f58acd376e68a15a579e1e56894ac..43db0c83354ed2f8f112a8853ab66ab51e1d9fd2 100644
+--- a/src/providers/ldap/sdap_idmap.c
++++ b/src/providers/ldap/sdap_idmap.c
+@@ -242,6 +242,8 @@ sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx,
+ ret = EIO;
+ goto done;
+ }
++ DEBUG(SSSDBG_TRACE_LIBS,
++ ("Adding domain [%s] as slice [%llu]\n", dom_sid, slice));
+
+ if (range.max > idmap_upper) {
+ /* This should never happen */
+--
+1.8.2.1
+
diff --git a/sssd.spec b/sssd.spec
index 48b4173..6ed319d 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -16,7 +16,7 @@
Name: sssd
Version: 1.10.0
-Release: 6%{?dist}.beta1
+Release: 7%{?dist}.beta1
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -33,6 +33,9 @@ Patch0005: 0005-SSH-Use-separate-field-for-domain-name-in-client-req.patch
Patch0006: 0006-SSH-Do-not-skip-domains-with-use_fully_qualified_nam.patch
Patch0007: 0007-Always-update-cached-upn-if-enterprise-principals-ar.patch
Patch0008: 0008-Enable-the-AD-dynamic-DNS-updates-by-default.patch
+Patch0009: 0009-Fix-segfault-in-AD-Subdomains-Module.patch
+Patch0010: 0010-LDAP-Always-initialize-idmap-object.patch
+Patch0011: 0011-Re-add-a-useful-DEBUG-message.patch
Patch0501: 0501-FEDORA-Switch-the-default-ccache-location.patch
@@ -605,6 +608,10 @@ fi
%postun -n libsss_sudo -p /sbin/ldconfig
%changelog
+* Fri May 24 2013 Jakub Hrozek <jhrozek at redhat.com> - 1.10.0-7.beta1
+- Apply a couple of patches from upstream git that resolve crashes when
+ ID mapping object was not initialized properly but needed later
+
* Tue May 14 2013 Jakub Hrozek <jhrozek at redhat.com> - 1.10.0-6.beta1
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
realm join
More information about the scm-commits
mailing list