diff --git a/SOURCES/libnfsidmap-0.2-memleak.patch b/SOURCES/libnfsidmap-0.2-memleak.patch new file mode 100644 index 0000000..67001c6 --- /dev/null +++ b/SOURCES/libnfsidmap-0.2-memleak.patch @@ -0,0 +1,21 @@ +commit c7edb02d52d048e9e82c0431a3256df3675668ac +Author: Steve Dickson +Date: Wed Aug 17 14:57:01 2016 -0400 + + Fixed a memory leak nss_name_to_gid() + + Signed-off-by: Steve Dickson + +diff --git a/nss.c b/nss.c +index 47c6b14..0f12351 100644 +--- a/nss.c ++++ b/nss.c +@@ -242,7 +242,7 @@ static int nss_name_to_gid(char *name, gid_t *gid) + + err = -ENOMEM; + if (buflen > UINT_MAX) +- goto out; ++ goto out_name; + + do { + buf = malloc(buflen); diff --git a/SOURCES/libnfsidmap-0.2-negativerets.patch b/SOURCES/libnfsidmap-0.2-negativerets.patch new file mode 100644 index 0000000..8626fde --- /dev/null +++ b/SOURCES/libnfsidmap-0.2-negativerets.patch @@ -0,0 +1,34 @@ +diff -up libnfsidmap-0.25/nss.c.save libnfsidmap-0.25/nss.c +--- libnfsidmap-0.25/nss.c.save 2016-08-17 14:09:18.797550853 -0400 ++++ libnfsidmap-0.25/nss.c 2016-08-17 14:09:39.021905256 -0400 +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + #include "nfsidmap.h" + #include "nfsidmap_internal.h" + #include "cfg.h" +@@ -171,6 +172,9 @@ static struct passwd *nss_getpwnam(const + char *localname; + int err = ENOMEM; + ++ if (buflen > UINT_MAX) ++ goto err; ++ + buf = malloc(sizeof(*buf) + buflen); + if (buf == NULL) + goto err; +@@ -236,8 +240,11 @@ static int nss_name_to_gid(char *name, g + if (!localname) + goto out; + ++ err = -ENOMEM; ++ if (buflen > UINT_MAX) ++ goto out; ++ + do { +- err = -ENOMEM; + buf = malloc(buflen); + if (!buf) + goto out_name; diff --git a/SOURCES/libnfsidmap-0.2-stripnewlines.patch b/SOURCES/libnfsidmap-0.2-stripnewlines.patch new file mode 100644 index 0000000..fb94e5f --- /dev/null +++ b/SOURCES/libnfsidmap-0.2-stripnewlines.patch @@ -0,0 +1,806 @@ +commit 6fc893187db3fceb66129a3fd8437f663a5e33d0 +Author: Jeff Layton +Date: Tue Sep 8 11:59:25 2015 -0400 + + Strip newlines out of IDMAP_LOG messages + + When logging to syslog, they aren't needed (or desirable) and when + logging to stderr the logging function generally adds it itself. + + Note that I did not change gums.c since it defaults to using printf() + as a logging function. + + Signed-off-by: Jeff Layton + Signed-off-by: Steve Dickson + +diff --git a/libnfsidmap.c b/libnfsidmap.c +index a8a9229..2db4d13 100644 +--- a/libnfsidmap.c ++++ b/libnfsidmap.c +@@ -141,20 +141,20 @@ static int load_translation_plugin(char *method, struct mapping_plugin *plgn) + + dl = dlopen(plgname, RTLD_NOW | RTLD_LOCAL); + if (dl == NULL) { +- IDMAP_LOG(1, ("libnfsidmap: Unable to load plugin: %s\n", ++ IDMAP_LOG(1, ("libnfsidmap: Unable to load plugin: %s", + dlerror())); + return -1; + } + init_func = (libnfsidmap_plugin_init_t) dlsym(dl, PLUGIN_INIT_FUNC); + if (init_func == NULL) { +- IDMAP_LOG(1, ("libnfsidmap: Unable to get init function: %s\n", ++ IDMAP_LOG(1, ("libnfsidmap: Unable to get init function: %s", + dlerror())); + dlclose(dl); + return -1; + } + trans = init_func(); + if (trans == NULL) { +- IDMAP_LOG(1, ("libnfsidmap: Failed to initialize plugin %s\n", ++ IDMAP_LOG(1, ("libnfsidmap: Failed to initialize plugin %s", + PLUGIN_INIT_FUNC, plgname)); + dlclose(dl); + return -1; +@@ -163,14 +163,14 @@ static int load_translation_plugin(char *method, struct mapping_plugin *plgn) + ret = trans->init(); + if (ret) { + IDMAP_LOG(1, ("libnfsidmap: Failed in %s's init(), " +- "returned %d\n", plgname, ret)); ++ "returned %d", plgname, ret)); + dlclose(dl); + return -1; + } + } + plgn->dl_handle = dl; + plgn->trans = trans; +- IDMAP_LOG(1, ("libnfsidmap: loaded plugin %s for method %s\n", ++ IDMAP_LOG(1, ("libnfsidmap: loaded plugin %s for method %s", + plgname, method)); + + return 0; +@@ -182,7 +182,7 @@ static void unload_plugins(struct mapping_plugin **plgns) + for (i = 0; plgns[i] != NULL; i++) { + if (plgns[i]->dl_handle && dlclose(plgns[i]->dl_handle)) + IDMAP_LOG(1, ("libnfsidmap: failed to " +- "unload plugin for method = %s\n", ++ "unload plugin for method = %s", + plgns[i]->trans->name)); + free(plgns[i]); + } +@@ -207,7 +207,7 @@ static int load_plugins(struct conf_list *methods, + goto out; + if (load_translation_plugin(m->field, plgns[i]) == -1) { + IDMAP_LOG(0, ("libnfsidmap: requested translation " +- "method, '%s', is not available\n", ++ "method, '%s', is not available", + m->field)); + goto out; + } +@@ -251,7 +251,7 @@ int nfs4_init_name_mapping(char *conffile) + IDMAP_LOG(1, ("libnfsidmap: Unable to determine " + "the NFSv4 domain; Using '%s' as the NFSv4 domain " + "which means UIDs will be mapped to the 'Nobody-User' " +- "user defined in %s\n", ++ "user defined in %s", + IDMAPD_DEFAULT_DOMAIN, PATH_IDMAPDCONF)); + default_domain = IDMAPD_DEFAULT_DOMAIN; + } +@@ -344,11 +344,11 @@ int nfs4_init_name_mapping(char *conffile) + if (err == 0 && pw != NULL) + nobody_uid = pw->pw_uid; + else +- IDMAP_LOG(1, ("libnfsidmap: Nobody-User (%s) not found: %s\n", ++ IDMAP_LOG(1, ("libnfsidmap: Nobody-User (%s) not found: %s", + nobody_user, strerror(errno))); + free(buf); + } else +- IDMAP_LOG(0,("libnfsidmap: Nobody-User: no memory : %s\n", ++ IDMAP_LOG(0,("libnfsidmap: Nobody-User: no memory : %s", + nobody_user, strerror(errno))); + } + +@@ -365,11 +365,11 @@ int nfs4_init_name_mapping(char *conffile) + if (err == 0 && gr != NULL) + nobody_gid = gr->gr_gid; + else +- IDMAP_LOG(1, ("libnfsidmap: Nobody-Group (%s) not found: %s\n", ++ IDMAP_LOG(1, ("libnfsidmap: Nobody-Group (%s) not found: %s", + nobody_group, strerror(errno))); + free(buf); + } else +- IDMAP_LOG(0,("libnfsidmap: Nobody-Group: no memory : %s\n", ++ IDMAP_LOG(0,("libnfsidmap: Nobody-Group: no memory : %s", + nobody_group, strerror(errno))); + } + +@@ -395,7 +395,7 @@ char * get_default_domain(void) + ret = domain_from_dns(&default_domain); + if (ret) { + IDMAP_LOG(0, ("Unable to determine a default nfsv4 domain; " +- " consider specifying one in idmapd.conf\n")); ++ " consider specifying one in idmapd.conf")); + default_domain = ""; + } + return default_domain; +@@ -444,12 +444,12 @@ nfs4_get_default_domain(char *server, char *domain, size_t len) + if (plgns[i]->trans->funcname == NULL) \ + continue; \ + \ +- IDMAP_LOG(4, ("%s: calling %s->%s\n", __func__, \ ++ IDMAP_LOG(4, ("%s: calling %s->%s", __func__, \ + plgns[i]->trans->name, #funcname)); \ + \ + ret = plgns[i]->trans->funcname(args); \ + \ +- IDMAP_LOG(4, ("%s: %s->%s returned %d\n", \ ++ IDMAP_LOG(4, ("%s: %s->%s returned %d", \ + __func__, plgns[i]->trans->name, \ + #funcname, ret)); \ + \ +@@ -458,7 +458,7 @@ nfs4_get_default_domain(char *server, char *domain, size_t len) + \ + break; \ + } \ +- IDMAP_LOG(4, ("%s: final return value is %d\n", \ ++ IDMAP_LOG(4, ("%s: final return value is %d", \ + __func__, ret)); \ + return ret; \ + } while (0) +diff --git a/nss.c b/nss.c +index b3fef5a..ffe3333 100644 +--- a/nss.c ++++ b/nss.c +@@ -178,10 +178,10 @@ static struct passwd *nss_getpwnam(const char *name, const char *domain, int *er + err = EINVAL; + localname = strip_domain(name, domain); + IDMAP_LOG(4, ("nss_getpwnam: name '%s' domain '%s': " +- "resulting localname '%s'\n", name, domain, localname)); ++ "resulting localname '%s'", name, domain, localname)); + if (localname == NULL) { + IDMAP_LOG(0, ("nss_getpwnam: name '%s' does not map " +- "into domain '%s'\n", name, ++ "into domain '%s'", name, + domain ? domain : "")); + goto err_free_buf; + } +@@ -189,7 +189,7 @@ static struct passwd *nss_getpwnam(const char *name, const char *domain, int *er + err = getpwnam_r(localname, &buf->pwbuf, buf->buf, buflen, &pw); + if (pw == NULL && domain != NULL) + IDMAP_LOG(0, +- ("nss_getpwnam: name '%s' not found in domain '%s'\n", ++ ("nss_getpwnam: name '%s' not found in domain '%s'", + localname, domain)); + free(localname); + if (err == 0 && pw != NULL) { +diff --git a/static.c b/static.c +index ec04057..9f587af 100644 +--- a/static.c ++++ b/static.c +@@ -124,13 +124,13 @@ again: + if (err == 0) + err = ENOENT; + +- IDMAP_LOG(0, ("static_getpwnam: localname '%s' for '%s' not found\n", ++ IDMAP_LOG(0, ("static_getpwnam: localname '%s' for '%s' not found", + localname, name)); + + goto err_free_buf; + } + +- IDMAP_LOG(4, ("static_getpwnam: name '%s' mapped to '%s'\n", ++ IDMAP_LOG(4, ("static_getpwnam: name '%s' mapped to '%s'", + name, localname)); + + *err_p = 0; +@@ -174,13 +174,13 @@ again: + if (err == 0) + err = ENOENT; + +- IDMAP_LOG(0, ("static_getgrnam: local group '%s' for '%s' not found\n", ++ IDMAP_LOG(0, ("static_getgrnam: local group '%s' for '%s' not found", + localgroup, name)); + + goto err_free_buf; + } + +- IDMAP_LOG(4, ("static_getgrnam: group '%s' mapped to '%s'\n", ++ IDMAP_LOG(4, ("static_getgrnam: group '%s' mapped to '%s'", + name, localgroup)); + + *err_p = 0; +diff --git a/umich_ldap.c b/umich_ldap.c +index b527c5d..886fa0c 100644 +--- a/umich_ldap.c ++++ b/umich_ldap.c +@@ -160,7 +160,7 @@ ldap_init_and_bind(LDAP **pld, + */ + if ((lerr = ldap_initialize(&ld, server_url)) != LDAP_SUCCESS) { + IDMAP_LOG(0, ("ldap_init_and_bind: ldap_initialize() failed " +- "to [%s]: %s (%d)\n", server_url, ++ "to [%s]: %s (%d)", server_url, + ldap_err2string(lerr), lerr)); + goto out; + } +@@ -168,7 +168,7 @@ ldap_init_and_bind(LDAP **pld, + if ((ldap_set_option(ld, LDAP_OPT_DEBUG_LEVEL, &debug_level) + != LDAP_SUCCESS)) { + IDMAP_LOG(0, ("ldap_init_and_bind: error setting ldap " +- "library debugging level\n")); ++ "library debugging level")); + goto out; + } + +@@ -179,7 +179,7 @@ ldap_init_and_bind(LDAP **pld, + ldap_get_option(ld, LDAP_OPT_API_INFO, &apiinfo); + if (apiinfo.ldapai_info_version != LDAP_API_INFO_VERSION) { + IDMAP_LOG(0, ("ldap_init_and_bind: APIInfo version mismatch: " +- "library %d, header %d\n", ++ "library %d, header %d", + apiinfo.ldapai_info_version, LDAP_API_INFO_VERSION)); + goto out; + } +@@ -189,7 +189,7 @@ ldap_init_and_bind(LDAP **pld, + new_version = LDAP_VERSION3; + IDMAP_LOG(4, ("ldap_init_and_bind: version mismatch between " + "API information and protocol version. Setting " +- "protocol version to %d\n", new_version)); ++ "protocol version to %d", new_version)); + ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &new_version); + } + +@@ -212,7 +212,7 @@ ldap_init_and_bind(LDAP **pld, + lerr = ldap_set_option(ld, LDAP_OPT_X_TLS, &tls_type); + if (lerr != LDAP_SUCCESS) { + IDMAP_LOG(2, ("ldap_init_and_bind: setting SSL " +- "failed : %s (%d)\n", ++ "failed : %s (%d)", + ldap_err2string(lerr), lerr)); + goto out; + } +@@ -220,7 +220,7 @@ ldap_init_and_bind(LDAP **pld, + linfo->ca_cert); + if (lerr != LDAP_SUCCESS) { + IDMAP_LOG(2, ("ldap_init_and_bind: setting CA " +- "certificate file failed : %s (%d)\n", ++ "certificate file failed : %s (%d)", + ldap_err2string(lerr), lerr)); + goto out; + } +@@ -242,24 +242,24 @@ retry_bind: + IDMAP_LOG(2, ("ldap_init_and_bind: " + "got protocol error while attempting " + "bind with protocol version %d, " +- "trying protocol version %d\n", ++ "trying protocol version %d", + current_version, new_version)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) + && (errmsg != NULL) && (*errmsg != '\0')) { + IDMAP_LOG(2, ("ldap_init_and_bind: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + goto retry_bind; + } + IDMAP_LOG(2, ("ldap_init_and_bind: ldap_simple_bind_s " +- "to [%s] as user '%s': %s (%d)\n", ++ "to [%s] as user '%s': %s (%d)", + server_url, linfo->user_dn, + ldap_err2string(lerr), lerr)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) + && (errmsg != NULL)&& (*errmsg != '\0')) { + IDMAP_LOG(2, ("ldap_init_and_bind: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + goto out; +@@ -272,12 +272,12 @@ retry_bind: + char *errmsg; + + IDMAP_LOG(2, ("ldap_init_and_bind: ldap_simple_bind_s " +- "to [%s] as anonymous: %s (%d)\n", server_url, ++ "to [%s] as anonymous: %s (%d)", server_url, + ldap_err2string(lerr), lerr)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) + && (errmsg != NULL) && (*errmsg != '\0')) { + IDMAP_LOG(2, ("ldap_init_and_bind: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + goto out; +@@ -323,7 +323,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid, + attrtype, name)) + == LDAP_FILT_MAXSIZ) { + IDMAP_LOG(0, ("ERROR: umich_name_to_ids: filter " +- "too long!\n")); ++ "too long!")); + goto out; + } + base = linfo->people_tree; +@@ -335,13 +335,13 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid, + attrtype, name)) + == LDAP_FILT_MAXSIZ) { + IDMAP_LOG(0, ("ERROR: umich_name_to_ids: filter " +- "too long!\n")); ++ "too long!")); + goto out; + } + base = linfo->group_tree; + } + else { +- IDMAP_LOG(0, ("ERROR: umich_name_to_ids: invalid idtype (%d)\n", ++ IDMAP_LOG(0, ("ERROR: umich_name_to_ids: invalid idtype (%d)", + idtype)); + goto out; + } +@@ -360,12 +360,12 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid, + char *errmsg; + + IDMAP_LOG(2, ("umich_name_to_ids: ldap_search_st for " +- "base '%s', filter '%s': %s (%d)\n", ++ "base '%s', filter '%s': %s (%d)", + base, filter, ldap_err2string(err), err)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) + && (errmsg != NULL) && (*errmsg != '\0')) { + IDMAP_LOG(2, ("umich_name_to_ids: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + err = -ENOENT; +@@ -381,7 +381,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid, + if (!(entry = ldap_first_entry(ld, result))) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_name_to_ids: ldap_first_entry: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_unbind; + } + +@@ -402,7 +402,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid, + if ((idstr = ldap_get_values(ld, result, attr_res)) == NULL) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_name_to_ids: ldap_get_values: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_memfree; + } + if (strcasecmp(attr_res, ldap_map.NFSv4_uid_attr) == 0) { +@@ -411,7 +411,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid, + if (tmp_uid != tmp_u || + (errno == ERANGE && tmp_u == ULONG_MAX)) { + IDMAP_LOG(0, ("ERROR: umich_name_to_ids: " +- "uidNumber too long converting '%s'\n", ++ "uidNumber too long converting '%s'", + *idstr)); + ldap_memfree(attr_res); + ldap_value_free(idstr); +@@ -424,7 +424,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid, + if (tmp_gid != tmp_g || + (errno == ERANGE && tmp_g == ULONG_MAX)) { + IDMAP_LOG(0, ("ERROR: umich_name_to_ids: " +- "gidNumber too long converting '%s'\n", ++ "gidNumber too long converting '%s'", + *idstr)); + ldap_memfree(attr_res); + ldap_value_free(idstr); +@@ -433,7 +433,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid, + *gid = tmp_gid; + } else { + IDMAP_LOG(0, ("umich_name_to_ids: received attr " +- "'%s' ???\n", attr_res)); ++ "'%s' ???", attr_res)); + ldap_memfree(attr_res); + ldap_value_free(idstr); + goto out_memfree; +@@ -485,7 +485,7 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len, + ldap_map.NFSv4_uid_attr, idstr)) + == LDAP_FILT_MAXSIZ) { + IDMAP_LOG(0, ("ERROR: umich_id_to_name: " +- "uid filter too long!\n")); ++ "uid filter too long!")); + goto out; + } + base = linfo->people_tree; +@@ -496,12 +496,12 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len, + ldap_map.NFSv4_gid_attr,idstr)) + == LDAP_FILT_MAXSIZ) { + IDMAP_LOG(0, ("ERROR: umich_id_to_name: " +- "gid filter too long!\n")); ++ "gid filter too long!")); + goto out; + } + base = linfo->group_tree; + } else { +- IDMAP_LOG(0, ("ERROR: umich_id_to_name: invalid idtype (%d)\n", ++ IDMAP_LOG(0, ("ERROR: umich_id_to_name: invalid idtype (%d)", + idtype)); + err = -EINVAL; + goto out; +@@ -523,12 +523,12 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len, + char * errmsg; + + IDMAP_LOG(2, ("umich_id_to_name: ldap_search_st for " +- "base '%s, filter '%s': %s (%d)\n", base, filter, ++ "base '%s, filter '%s': %s (%d)", base, filter, + ldap_err2string(err), err)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) + && (errmsg != NULL) && (*errmsg != '\0')) { + IDMAP_LOG(2, ("umich_id_to_name: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + +@@ -544,21 +544,21 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len, + if (!(entry = ldap_first_entry(ld, result))) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_id_to_name: ldap_first_entry: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_unbind; + } + + if (!(attr_res = ldap_first_attribute(ld, result, &ber))) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_id_to_name: ldap_first_attribute: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_unbind; + } + + if ((names = ldap_get_values(ld, result, attr_res)) == NULL) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_id_to_name: ldap_get_values: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_memfree; + } + +@@ -571,7 +571,7 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len, + if (strlen(names[0]) >= len) { + /* not enough space to return the name */ + IDMAP_LOG(1, ("umich_id_to_name: output buffer size (%d) " +- "too small to return string, '%s', of length %d\n", ++ "too small to return string, '%s', of length %d", + len, names[0], strlen(names[0]))); + goto out_memfree; + } +@@ -625,7 +625,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + ldap_map.GSS_principal_attr, principal)) + == LDAP_FILT_MAXSIZ) { + IDMAP_LOG(0, ("ERROR: umich_gss_princ_to_grouplist: " +- "filter too long!\n")); ++ "filter too long!")); + goto out; + } + +@@ -638,13 +638,13 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + char *errmsg; + + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_search_st " +- "for tree '%s, filter '%s': %s (%d)\n", ++ "for tree '%s, filter '%s': %s (%d)", + linfo->people_tree, filter, + ldap_err2string(err), err)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) + && (errmsg != NULL) && (*errmsg != '\0')) { + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + err = -ENOENT; +@@ -655,7 +655,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + count = ldap_count_entries(ld, result); + if (count != 1) { + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: " +- "ldap account lookup of gssauthname %s returned %d accounts\n", ++ "ldap account lookup of gssauthname %s returned %d accounts", + principal,count)); + goto out_unbind; + } +@@ -663,14 +663,14 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + if (!(entry = ldap_first_entry(ld, result))) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_first_entry: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_unbind; + } + + if ((names = ldap_get_values(ld, result, attrs[0])) == NULL) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_get_values: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_unbind; + } + +@@ -685,7 +685,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + ldap_map.NFSv4_acctname_attr, + names[0])) == LDAP_FILT_MAXSIZ ) { + IDMAP_LOG(2, ("ERROR: umich_gss_princ_to_grouplist: " +- "filter too long!\n")); ++ "filter too long!")); + ldap_value_free(names); + goto out_unbind; + } +@@ -702,13 +702,13 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + char *errmsg; + + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_search_st " +- "for tree '%s, filter '%s': %s (%d)\n", ++ "for tree '%s, filter '%s': %s (%d)", + linfo->people_tree, filter, + ldap_err2string(err), err)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) + && (errmsg != NULL) && (*errmsg != '\0')) { + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + err = -ENOENT; +@@ -720,7 +720,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + count = ldap_count_entries(ld, result); + if (count != 1) { + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: " +- "ldap group member lookup of gssauthname %s returned %d multiple entries\n", ++ "ldap group member lookup of gssauthname %s returned %d multiple entries", + principal,count)); + goto out_unbind; + } +@@ -728,14 +728,14 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + if (!(entry = ldap_first_entry(ld, result))) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_first_entry: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_unbind; + } + + if ((names = ldap_get_values(ld, result, attrs[0])) == NULL) { + lerr = ldap_result2error(ld, result, 0); + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_get_values: " +- "%s (%d)\n", ldap_err2string(lerr), lerr)); ++ "%s (%d)", ldap_err2string(lerr), lerr)); + goto out_unbind; + } + +@@ -747,7 +747,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + ldap_value_free(names); + err = -EINVAL; + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: User %s, " +- "number of groups %d, exceeds requested number %d\n", ++ "number of groups %d, exceeds requested number %d", + principal, i, *ngroups)); + *ngroups = i; + goto out_unbind; +@@ -780,7 +780,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + + if ( f_len == LDAP_FILT_MAXSIZ ) { + IDMAP_LOG(2, ("ERROR: umich_gss_princ_to_grouplist: " +- "filter too long!\n")); ++ "filter too long!")); + ldap_value_free(names); + goto out_unbind; + } +@@ -793,14 +793,14 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + char *errmsg; + + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_search_st " +- "for tree '%s, filter '%s': %s (%d)\n", ++ "for tree '%s, filter '%s': %s (%d)", + linfo->group_tree, filter, + ldap_err2string(err), err)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg)==LDAP_SUCCESS) + && + (errmsg != NULL) && (*errmsg != '\0')) { + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + continue; +@@ -822,7 +822,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + /* There should be only one gidNumber attribute per group */ + if ((valcount = ldap_count_values(vals)) != 1) { + IDMAP_LOG(2, ("DB problem getting gidNumber of " +- "posixGroup! (count was %d)\n", valcount)); ++ "posixGroup! (count was %d)", valcount)); + ldap_value_free(vals); + continue; + } +@@ -832,7 +832,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + if (tmp_gid != tmp_g || + (errno == ERANGE && tmp_g == ULONG_MAX)) { + IDMAP_LOG(2, ("ERROR: umich_gss_princ_to_grouplist: " +- "gidNumber too long converting '%s'\n", ++ "gidNumber too long converting '%s'", + vals[0])); + ldap_value_free(vals); + continue; +@@ -867,7 +867,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + + if ( f_len == LDAP_FILT_MAXSIZ ) { + IDMAP_LOG(0, ("ERROR: umich_gss_princ_to_grouplist: " +- "filter too long!\n")); ++ "filter too long!")); + ldap_value_free(names); + goto out_unbind; + } +@@ -884,13 +884,13 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + char *errmsg; + + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_search_st " +- "for tree '%s, filter '%s': %s (%d)\n", ++ "for tree '%s, filter '%s': %s (%d)", + linfo->group_tree, filter, + ldap_err2string(err), err)); + if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) && + (errmsg != NULL) && (*errmsg != '\0')) { + IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: " +- "Additional info: %s\n", errmsg)); ++ "Additional info: %s", errmsg)); + ldap_memfree(errmsg); + } + err = -ENOENT; +@@ -938,7 +938,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + /* There should be only one gidNumber attribute per group */ + if ((valcount = ldap_count_values(vals)) != 1) { + IDMAP_LOG(0, ("DB problem getting gidNumber of " +- "posixGroup! (count was %d)\n", valcount)); ++ "posixGroup! (count was %d)", valcount)); + goto out_unbind; + } + tmp_g = strtoul(vals[0], (char **)NULL, 10); +@@ -946,7 +946,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups, + if (tmp_gid != tmp_g || + (errno == ERANGE && tmp_g == ULONG_MAX)) { + IDMAP_LOG(0, ("ERROR: umich_gss_princ_to_grouplist: " +- "gidNumber too long converting '%s'\n", ++ "gidNumber too long converting '%s'", + vals[0])); + ldap_value_free(vals); + goto out_unbind; +@@ -978,7 +978,7 @@ umichldap_gss_princ_to_ids(char *secname, char *principal, + + if ((strcmp(secname, "krb5") != 0) && (strcmp(secname, "spkm3") != 0)) { + IDMAP_LOG(0, ("ERROR: umichldap_gss_princ_to_ids: " +- "invalid secname '%s'\n", secname)); ++ "invalid secname '%s'", secname)); + return err; + } + +@@ -1031,7 +1031,7 @@ umichldap_gss_princ_to_grouplist(char *secname, char *principal, + + if ((strcmp(secname, "krb5") != 0) && (strcmp(secname, "spkm3") != 0)) { + IDMAP_LOG(0, ("ERROR: umichldap_gss_princ_to_grouplist: " +- "invalid secname '%s'\n", secname)); ++ "invalid secname '%s'", secname)); + return err; + } + +@@ -1068,11 +1068,11 @@ get_canonical_hostname(const char *inname) + msg = gai_strerror(aierr); + break; + } +- IDMAP_LOG(1, ("%s: '%s': %s\n", __FUNCTION__, inname, msg)); ++ IDMAP_LOG(1, ("%s: '%s': %s", __FUNCTION__, inname, msg)); + goto out_err; + } + if (ap == 0) { +- IDMAP_LOG(1, ("%s: no addresses for host '%s'?\n", ++ IDMAP_LOG(1, ("%s: no addresses for host '%s'?", + __FUNCTION__, inname)); + goto out_err; + } +@@ -1080,7 +1080,7 @@ get_canonical_hostname(const char *inname) + error = getnameinfo (ap->ai_addr, ap->ai_addrlen, tmphost, + sizeof(tmphost), NULL, 0, 0); + if (error) { +- IDMAP_LOG(1, ("%s: getnameinfo for host '%s' failed (%d)\n", ++ IDMAP_LOG(1, ("%s: getnameinfo for host '%s' failed (%d)", + __FUNCTION__, inname)); + goto out_free; + } +@@ -1125,7 +1125,7 @@ umichldap_init(void) + strncat(missing_msg, "LDAP_base ", sizeof(missing_msg)); + if (strlen(missing_msg) != 0) { + IDMAP_LOG(0, ("umichldap_init: Missing required information: " +- "%s\n", missing_msg)); ++ "%s", missing_msg)); + goto fail; + } + +@@ -1137,7 +1137,7 @@ umichldap_init(void) + canon_name = get_canonical_hostname(server_in); + if (canon_name == NULL) + IDMAP_LOG(0, ("umichldap_init: Warning! Unable to " +- "canonicalize server name '%s' as requested.\n", ++ "canonicalize server name '%s' as requested.", + server_in)); + else + ldap_info.server = canon_name; +@@ -1226,56 +1226,56 @@ umichldap_init(void) + + if (ldap_info.use_ssl && ldap_info.ca_cert == NULL) { + IDMAP_LOG(0, ("umichldap_init: You must specify LDAP_ca_cert " +- "with LDAP_use_ssl=yes\n")); ++ "with LDAP_use_ssl=yes")); + goto fail; + } + + + /* print out some good debugging info */ +- IDMAP_LOG(1, ("umichldap_init: canonicalize_name: %s\n", ++ IDMAP_LOG(1, ("umichldap_init: canonicalize_name: %s", + canonicalize)); +- IDMAP_LOG(1, ("umichldap_init: server : %s (from config value '%s')\n", ++ IDMAP_LOG(1, ("umichldap_init: server : %s (from config value '%s')", + ldap_info.server, server_in)); +- IDMAP_LOG(1, ("umichldap_init: port : %d\n", ldap_info.port)); +- IDMAP_LOG(1, ("umichldap_init: people : %s\n", ldap_info.people_tree)); +- IDMAP_LOG(1, ("umichldap_init: groups : %s\n", ldap_info.group_tree)); ++ IDMAP_LOG(1, ("umichldap_init: port : %d", ldap_info.port)); ++ IDMAP_LOG(1, ("umichldap_init: people : %s", ldap_info.people_tree)); ++ IDMAP_LOG(1, ("umichldap_init: groups : %s", ldap_info.group_tree)); + +- IDMAP_LOG(1, ("umichldap_init: user_dn : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: user_dn : %s", + (ldap_info.user_dn && strlen(ldap_info.user_dn) != 0) + ? ldap_info.user_dn : "")); + /* Don't print actual password into the log. */ +- IDMAP_LOG(1, ("umichldap_init: passwd : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: passwd : %s", + (ldap_info.passwd && strlen(ldap_info.passwd) != 0) ? + "" : "")); +- IDMAP_LOG(1, ("umichldap_init: use_ssl : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: use_ssl : %s", + ldap_info.use_ssl ? "yes" : "no")); +- IDMAP_LOG(1, ("umichldap_init: ca_cert : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: ca_cert : %s", + ldap_info.ca_cert ? ldap_info.ca_cert : "")); +- IDMAP_LOG(1, ("umichldap_init: use_memberof_for_groups : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: use_memberof_for_groups : %s", + ldap_info.memberof_for_groups ? "yes" : "no")); + +- IDMAP_LOG(1, ("umichldap_init: NFSv4_person_objectclass : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_person_objectclass : %s", + ldap_map.NFSv4_person_objcls)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_nfsname_attr : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_nfsname_attr : %s", + ldap_map.NFSv4_nfsname_attr)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_acctname_attr : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_acctname_attr : %s", + ldap_map.NFSv4_acctname_attr)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_uid_attr : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_uid_attr : %s", + ldap_map.NFSv4_uid_attr)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_group_objectclass : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_group_objectclass : %s", + ldap_map.NFSv4_group_objcls)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_gid_attr : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_gid_attr : %s", + ldap_map.NFSv4_gid_attr)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_group_nfsname_attr : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_group_nfsname_attr : %s", + ldap_map.NFSv4_group_nfsname_attr)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_member_attr : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_member_attr : %s", + ldap_map.NFSv4_member_attr)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_member_of_attr : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_member_of_attr : %s", + ldap_map.NFSv4_member_of_attr)); +- IDMAP_LOG(1, ("umichldap_init: NFSv4_grouplist_filter : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: NFSv4_grouplist_filter : %s", + ldap_map.NFSv4_grouplist_filter ? + ldap_map.NFSv4_grouplist_filter : "")); +- IDMAP_LOG(1, ("umichldap_init: GSS_principal_attr : %s\n", ++ IDMAP_LOG(1, ("umichldap_init: GSS_principal_attr : %s", + ldap_map.GSS_principal_attr)); + return 0; + fail: diff --git a/SPECS/libnfsidmap.spec b/SPECS/libnfsidmap.spec index 88e02b4..22e4af1 100644 --- a/SPECS/libnfsidmap.spec +++ b/SPECS/libnfsidmap.spec @@ -3,7 +3,7 @@ Summary: NFSv4 User and Group ID Mapping Library Name: libnfsidmap Version: 0.25 -Release: 12%{?dist} +Release: 15%{?dist} Provides: libnfsidmap Obsoletes: nfs-utils-lib URL: http://www.citi.umich.edu/projects/nfsv4/linux/ @@ -20,6 +20,12 @@ Patch005: libnfsidmap-0.25-warnings.patch # RHEL7.2 # Patch006: libnfsidmap-0.25-nullnames.patch +# +# RHEL7.3 +# +Patch007: libnfsidmap-0.2-stripnewlines.patch +Patch008: libnfsidmap-0.2-negativerets.patch +Patch009: libnfsidmap-0.2-memleak.patch Group: System Environment/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-root @@ -60,6 +66,12 @@ developing programs which use the libnfsidmap library. %patch005 -p1 # 1214882 - libnfsidmap: crash due to not checking argument %patch006 -p1 +# 1261124 - libnfsidmap: strip newlines out of IDMAP_LOG messages +%patch007 -p1 +# 1271449 - "Covscan test" failures in errata RHBA-2015:20444-05.... +%patch008 -p1 +%patch009 -p1 + rm -f configure.in %build @@ -103,6 +115,14 @@ rm -rf %{buildroot} %{_root_libdir}/*.so %changelog +* Wed Aug 17 2016 Steve Dickson 0.25-14 +- nss_getpwnam: correctly check for negative values (bz 1271449) +- Fixed a memory leak in nss_name_to_gid() (bz 1271449) + +* Thu Apr 7 2016 Steve Dickson 0.25-13 +- Strip newlines out of IDMAP_LOG messages (bz 1261124) +- Fixed some NEGATIVE_RETURNS that a Covscan scan found (bz 1271449) + * Mon May 4 2015 Steve Dickson 0.25-12 - Handle NULL names better (bz 1214882)