diff --git a/.gitignore b/.gitignore index 98f0466..db1c834 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/realmd-0.14.6.tar.gz +SOURCES/realmd-0.16.1.tar.gz diff --git a/.realmd.metadata b/.realmd.metadata index 898de2f..1a53878 100644 --- a/.realmd.metadata +++ b/.realmd.metadata @@ -1 +1 @@ -e007cb2c50898b5d5415141b269cc7523e60d257 SOURCES/realmd-0.14.6.tar.gz +f761e3a1b1c9843e195581c77b0c0bbf6263ce17 SOURCES/realmd-0.16.1.tar.gz diff --git a/SOURCES/dns-domain-name-liberal.patch b/SOURCES/dns-domain-name-liberal.patch new file mode 100644 index 0000000..b7a2a3e --- /dev/null +++ b/SOURCES/dns-domain-name-liberal.patch @@ -0,0 +1,196 @@ +From e368c5a42656a687e6b726978752eb4abf6503d0 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Fri, 31 Jul 2015 12:53:04 +0200 +Subject: [PATCH 1/3] Be more liberal on what we accept as a domain name + +Make the checks on what we accept as a domain name more liberal +for values coming in from the network. + +DNS Domain names are pretty liberal (internet domain names +are more restrictive) See RFC 2181 section 11 + +http://www.ietf.org/rfc/rfc2181.txt + +However we cannot consume names with whitespace and problematic +punctuation, due to the various programs that parse the +configuration files we set up. +--- + service/realm-disco-mscldap.c | 9 +++------ + service/realm-disco-rootdse.c | 15 +++++++-------- + service/realm-options.c | 31 +++++++++++++++++++++++++++++++ + service/realm-options.h | 2 ++ + 4 files changed, 43 insertions(+), 14 deletions(-) + +diff --git a/service/realm-disco-mscldap.c b/service/realm-disco-mscldap.c +index 1ed4063..d3d3c10 100644 +--- a/service/realm-disco-mscldap.c ++++ b/service/realm-disco-mscldap.c +@@ -17,6 +17,7 @@ + #include "realm-dbus-constants.h" + #include "realm-disco-mscldap.h" + #include "realm-ldap.h" ++#include "realm-options.h" + + #include + +@@ -40,8 +41,6 @@ typedef struct { + #define HOST_NAME_MAX 255 + #endif + +-#define DOMAIN_NAME_VALID "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-." +- + static void + closure_free (gpointer data) + { +@@ -100,21 +99,19 @@ get_string (guchar *beg, + guchar **at) + { + gchar buffer[HOST_NAME_MAX]; +- gsize len; + int n; + + n = dn_expand (beg, end, *at, buffer, sizeof (buffer)); + if (n < 0) + return NULL; + +- len = strlen (buffer); +- if (strspn (buffer, DOMAIN_NAME_VALID) != len) { ++ if (!realm_options_check_domain_name (buffer)) { + g_message ("received invalid NetLogon string characters"); + return NULL; + } + + (*at) += n; +- return g_strndup (buffer, len); ++ return g_strdup (buffer); + } + + static gboolean +diff --git a/service/realm-disco-rootdse.c b/service/realm-disco-rootdse.c +index 1a80d98..3100650 100644 +--- a/service/realm-disco-rootdse.c ++++ b/service/realm-disco-rootdse.c +@@ -19,13 +19,12 @@ + #include "realm-disco-mscldap.h" + #include "realm-disco-rootdse.h" + #include "realm-ldap.h" ++#include "realm-options.h" + + #include + + #include + +-#define DOMAIN_NAME_VALID "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-." +- + typedef struct _Closure Closure; + + struct _Closure { +@@ -92,7 +91,7 @@ static gchar * + entry_get_attribute (LDAP *ldap, + LDAPMessage *entry, + const gchar *field, +- const gchar *valid) ++ gboolean domain_name) + { + struct berval **bvs = NULL; + gchar *value = NULL; +@@ -102,8 +101,8 @@ entry_get_attribute (LDAP *ldap, + + if (bvs && bvs[0]) { + value = g_strndup (bvs[0]->bv_val, bvs[0]->bv_len); +- if (valid) { +- if (strspn (value, valid) != bvs[0]->bv_len) { ++ if (domain_name) { ++ if (!realm_options_check_domain_name (value)) { + g_free (value); + g_message ("Invalid value in LDAP %s field", field); + value = NULL; +@@ -155,7 +154,7 @@ result_krb_realm (GTask *task, + entry = ldap_first_entry (ldap, message); + + g_free (clo->disco->kerberos_realm); +- clo->disco->kerberos_realm = entry_get_attribute (ldap, entry, "cn", DOMAIN_NAME_VALID); ++ clo->disco->kerberos_realm = entry_get_attribute (ldap, entry, "cn", TRUE); + + g_debug ("Found realm: %s", clo->disco->kerberos_realm); + +@@ -211,7 +210,7 @@ result_domain_info (GTask *task, + + /* What is the domain name? */ + g_free (clo->disco->domain_name); +- clo->disco->domain_name = entry_get_attribute (ldap, entry, "associatedDomain", DOMAIN_NAME_VALID); ++ clo->disco->domain_name = entry_get_attribute (ldap, entry, "associatedDomain", TRUE); + + g_debug ("Got associatedDomain: %s", clo->disco->domain_name); + +@@ -310,7 +309,7 @@ result_root_dse (GTask *task, + entry = ldap_first_entry (ldap, message); + + /* Parse out the default naming context */ +- clo->default_naming_context = entry_get_attribute (ldap, entry, "defaultNamingContext", NULL); ++ clo->default_naming_context = entry_get_attribute (ldap, entry, "defaultNamingContext", FALSE); + + g_debug ("Got defaultNamingContext: %s", clo->default_naming_context); + +diff --git a/service/realm-options.c b/service/realm-options.c +index 53266f6..bba3ee4 100644 +--- a/service/realm-options.c ++++ b/service/realm-options.c +@@ -18,6 +18,8 @@ + #include "realm-options.h" + #include "realm-settings.h" + ++#include ++ + gboolean + realm_options_automatic_install (void) + { +@@ -128,3 +130,32 @@ realm_options_qualify_names (const gchar *realm_name) + + return qualify; + } ++ ++gboolean ++realm_options_check_domain_name (const gchar *name) ++{ ++ /* ++ * DNS Domain names are pretty liberal (internet domain names ++ * are more restrictive) See RFC 2181 section 11 ++ * ++ * http://www.ietf.org/rfc/rfc2181.txt ++ * ++ * However we cannot consume names with whitespace and problematic ++ * punctuation, due to the various programs that parse the ++ * configuration files we set up. ++ */ ++ ++ gsize i, len; ++ static const gchar *invalid = "=[]:"; ++ ++ g_return_val_if_fail (name != NULL, FALSE); ++ ++ for (i = 0, len = strlen (name); i < len; i++) { ++ if (name[i] <= ' ') ++ return FALSE; ++ if (strchr (invalid, name[i])) ++ return FALSE; ++ } ++ ++ return TRUE; ++} +diff --git a/service/realm-options.h b/service/realm-options.h +index 52dc6ff..4890cba 100644 +--- a/service/realm-options.h ++++ b/service/realm-options.h +@@ -39,6 +39,8 @@ gboolean realm_options_automatic_mapping (GVariant *options, + + gboolean realm_options_qualify_names (const gchar *realm_name); + ++gboolean realm_options_check_domain_name (const gchar *domain_name); ++ + G_END_DECLS + + #endif /* __REALM_OPTIONS_H__ */ +-- +2.4.3 + diff --git a/SOURCES/duplicate-test-path.patch b/SOURCES/duplicate-test-path.patch new file mode 100644 index 0000000..5d62837 --- /dev/null +++ b/SOURCES/duplicate-test-path.patch @@ -0,0 +1,26 @@ +From ab41e2830d2f7540d58370b5f35f85c2808c1871 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Fri, 11 Sep 2015 12:32:36 +0200 +Subject: [PATCH] tests: Fix duplicate test case path + +GLib is now stricter about this +--- + tests/test-safe-format.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/test-safe-format.c b/tests/test-safe-format.c +index 02aa5f1..204e10d 100644 +--- a/tests/test-safe-format.c ++++ b/tests/test-safe-format.c +@@ -194,7 +194,7 @@ main (int argc, + else + escaped = g_strdup (fixtures[i].format); + g_strdelimit (escaped, " =\\/", '_'); +- name = g_strdup_printf ("/realmd/safe-format/%s", escaped); ++ name = g_strdup_printf ("/realmd/safe-format/%d-%s", i, escaped); + g_free (escaped); + + g_test_add_data_func (name, fixtures + i, test_safe_format_string_cb); +-- +2.4.3 + diff --git a/SOURCES/increase-packagekit-timeout.patch b/SOURCES/increase-packagekit-timeout.patch new file mode 100644 index 0000000..6bd1f86 --- /dev/null +++ b/SOURCES/increase-packagekit-timeout.patch @@ -0,0 +1,54 @@ +From f2ed12faa4ecb5468f6396f1695a3ca5e2e13b84 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Fri, 24 Jul 2015 17:25:32 +0200 +Subject: [PATCH] service: Increase timeout when calling PackageKit + +Use a timeout of a day ... PackageKit should return from a call +sooner than that. If it crashes we'll get a response right away. +--- + service/realm-packages.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/service/realm-packages.c b/service/realm-packages.c +index c32da44..9da852c 100644 +--- a/service/realm-packages.c ++++ b/service/realm-packages.c +@@ -24,6 +24,8 @@ + + #include + ++#define CALL_TIMEOUT (24 * 60 * 60 * 1000) ++ + static gboolean + packages_check_paths (const gchar **paths, + GDBusMethodInvocation *invocation) +@@ -226,7 +228,7 @@ on_set_hints (GObject *source, + transaction->parameters, + G_VARIANT_TYPE ("()"), + G_DBUS_CALL_FLAGS_NO_AUTO_START, +- -1, g_task_get_cancellable (task), ++ CALL_TIMEOUT, g_task_get_cancellable (task), + on_method_done, g_object_ref (task)); + } + +@@ -276,7 +278,7 @@ on_create_transaction (GObject *source, + g_variant_new ("(^as)", hints), + G_VARIANT_TYPE ("()"), + G_DBUS_CALL_FLAGS_NO_AUTO_START, +- -1, g_task_get_cancellable (task), ++ CALL_TIMEOUT, g_task_get_cancellable (task), + on_set_hints, g_object_ref (task)); + } + +@@ -310,7 +312,7 @@ package_transaction_create (const gchar *method, + g_variant_new ("()"), + G_VARIANT_TYPE ("(o)"), + G_DBUS_CALL_FLAGS_NONE, +- -1, cancellable, ++ CALL_TIMEOUT, cancellable, + on_create_transaction, g_object_ref (task)); + } + +-- +2.4.3 + diff --git a/SOURCES/ipa-packages.patch b/SOURCES/ipa-packages.patch index 3bcbc80..633bd95 100644 --- a/SOURCES/ipa-packages.patch +++ b/SOURCES/ipa-packages.patch @@ -10,4 +10,4 @@ index da2de55..856b36d 100644 +ipa-client = /usr/sbin/ipa-client-install [commands] - winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service" + winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" diff --git a/SOURCES/missing-fqname.patch b/SOURCES/missing-fqname.patch deleted file mode 100644 index e4d4ed4..0000000 --- a/SOURCES/missing-fqname.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 761fc873a5089ecd9e95fc77511fa07338d05b44 Mon Sep 17 00:00:00 2001 -From: Stef Walter -Date: Fri, 10 Jan 2014 15:20:24 +0100 -Subject: [PATCH] service: Don't crash if missing full_name_format in sssd.conf - -Use the same default full_name_format as sssd. - -We would like to retrieve this information from sssd, perhaps soon -we'll be able to do that via DBus. ---- - service/realm-sssd.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/service/realm-sssd.c b/service/realm-sssd.c -index 3fdd390..3b2678c 100644 ---- a/service/realm-sssd.c -+++ b/service/realm-sssd.c -@@ -350,6 +350,10 @@ update_login_formats (RealmSssd *self) - - /* Setup the login formats */ - format = realm_ini_config_get (self->pv->config, self->pv->section, "full_name_format"); -+ if (format == NULL) -+ format = realm_ini_config_get (self->pv->config, "sssd", "full_name_format"); -+ if (format == NULL) -+ format = g_strdup ("%1$s@%2$s"); - - /* The full domain name */ - domain_name = calc_domain (self); --- -1.8.4.2 - diff --git a/SOURCES/net-in-samba-common.patch b/SOURCES/net-in-samba-common.patch new file mode 100644 index 0000000..6903373 --- /dev/null +++ b/SOURCES/net-in-samba-common.patch @@ -0,0 +1,27 @@ +From 3d510c6a42ce2fa8e00b6e36487a6e7c7047b0d6 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Tue, 14 Jul 2015 20:40:04 +0200 +Subject: [PATCH] Revert "service: /usr/bin/net is provided by + samba-common-tools" + +This reverts commit ccb21883a515f17e8a4f6076a585450e20bcd933. +--- + service/realmd-redhat.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf +index e39fad5..e0bfbf5 100644 +--- a/service/realmd-redhat.conf ++++ b/service/realmd-redhat.conf +@@ -3,7 +3,7 @@ + smb.conf = /etc/samba/smb.conf + + [samba-packages] +-samba-common-tools = /usr/bin/net ++samba-common = /usr/bin/net + + [winbind-packages] + samba-winbind = /usr/sbin/winbindd +-- +2.4.3 + diff --git a/SOURCES/oddjob-start.patch b/SOURCES/oddjob-start.patch deleted file mode 100644 index 207ae78..0000000 --- a/SOURCES/oddjob-start.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf -index da2de55..5198c37 100644 ---- a/service/realmd-redhat.conf -+++ b/service/realmd-redhat.conf -@@ -23,7 +23,7 @@ adcli = /usr/sbin/adcli - ipa-client = /usr/sbin/ipa-client-install - - [commands] --winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service" -+winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" - winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart - winbind-enable-service = /usr/bin/systemctl enable winbind.service - winbind-disable-service = /usr/bin/systemctl disable winbind.service -@@ -30,7 +30,7 @@ winbind-disable-service = /usr/bin/systemctl disable winbind.service - winbind-restart-service = /usr/bin/systemctl restart winbind.service - winbind-stop-service = /usr/bin/systemctl stop winbind.service - --sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service" -+sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" - sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart - sssd-enable-service = /usr/bin/systemctl enable sssd.service - sssd-disable-service = /usr/bin/systemctl disable sssd.service - diff --git a/SOURCES/remove-spurious-print.patch b/SOURCES/remove-spurious-print.patch new file mode 100644 index 0000000..ade8a8b --- /dev/null +++ b/SOURCES/remove-spurious-print.patch @@ -0,0 +1,24 @@ +From f46ba61d7df33d63c1e904c5559017a57a7e8228 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Fri, 24 Jul 2015 17:03:25 +0200 +Subject: [PATCH] tools: Remove spurious print output + +--- + tools/realm-join.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tools/realm-join.c b/tools/realm-join.c +index e5760b2..feb6edc 100644 +--- a/tools/realm-join.c ++++ b/tools/realm-join.c +@@ -237,7 +237,6 @@ perform_join (RealmClient *client, + return 1; + } + +-g_printerr ("id mapping %d %d\n", args->automatic_id_mapping_set, args->automatic_id_mapping); + options = realm_build_options (REALM_DBUS_OPTION_COMPUTER_OU, args->computer_ou, + REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, args->membership_software, + REALM_DBUS_OPTION_USER_PRINCIPAL, args->user_principal, +-- +2.4.3 + diff --git a/SOURCES/safe-printf.patch b/SOURCES/safe-printf.patch deleted file mode 100644 index 1efb2e3..0000000 --- a/SOURCES/safe-printf.patch +++ /dev/null @@ -1,793 +0,0 @@ -From 05d657339a80405900f8a066e41f08c121755cbf Mon Sep 17 00:00:00 2001 -From: Stef Walter -Date: Fri, 3 Jan 2014 16:37:12 +0100 -Subject: [PATCH] sssd: Use safe printf when formatting full_name_format - strings - -Since sssd.conf uses such printf formats in its code, and it's -completely bogus to be passing user provided input to printf -directly... ---- - service/Makefile.am | 1 + - service/realm-sssd.c | 52 ++++--- - service/safe-printf.c | 348 +++++++++++++++++++++++++++++++++++++++++++++++ - service/safe-printf.h | 45 ++++++ - tests/Makefile.am | 6 + - tests/test-safe-printf.c | 238 ++++++++++++++++++++++++++++++++ - 7 files changed, 662 insertions(+), 29 deletions(-) - create mode 100644 service/safe-printf.c - create mode 100644 service/safe-printf.h - create mode 100644 tests/test-safe-printf.c - -diff --git a/service/Makefile.am b/service/Makefile.am -index 37743a7..603ccbe 100644 ---- a/service/Makefile.am -+++ b/service/Makefile.am -@@ -59,6 +59,7 @@ realmd_SOURCES = \ - realm-sssd-config.c realm-sssd-config.h \ - realm-sssd-ipa.c realm-sssd-ipa.h \ - realm-usleep-async.c realm-usleep-async.h \ -+ safe-printf.c safe-printf.h \ - $(NULL) - - realmd_CFLAGS = \ -diff --git a/service/realm-sssd.c b/service/realm-sssd.c -index b904514..a4863d4 100644 ---- a/service/realm-sssd.c -+++ b/service/realm-sssd.c -@@ -25,6 +25,7 @@ - #include "realm-service.h" - #include "realm-sssd.h" - #include "realm-sssd-config.h" -+#include "safe-printf.h" - - #include - #include -@@ -315,38 +316,13 @@ update_domain (RealmSssd *self) - g_free (domain); - } - --static gchar * --build_login_format (const gchar *format, -- ...) G_GNUC_PRINTF (1, 2); -- --static gchar * --build_login_format (const gchar *format, -- ...) --{ -- gchar *result; -- va_list va; -- -- /* This function exists mostly to get around gcc warnings */ -- -- if (format == NULL) -- format = "%1$s@%2$s"; -- -- va_start (va, format); -- result = g_strdup_vprintf (format, va); -- va_end (va); -- -- return result; --} -- --#pragma GCC diagnostic push --#pragma GCC diagnostic ignored "-Wformat-nonliteral" -- - static void - update_login_formats (RealmSssd *self) - { - RealmKerberos *kerberos = REALM_KERBEROS (self); - gchar *login_formats[2] = { NULL, NULL }; - gchar *format = NULL; -+ gchar *domain_name; - gboolean qualify; - - if (self->pv->section == NULL) { -@@ -366,10 +342,28 @@ update_login_formats (RealmSssd *self) - /* Setup the login formats */ - format = realm_ini_config_get (self->pv->config, self->pv->section, "full_name_format"); - -- /* Here we place a '%s' in the place of the user in the format */ -- login_formats[0] = build_login_format (format, "%U", self->pv->domain); -- realm_kerberos_set_login_formats (kerberos, (const gchar **)login_formats); -+ /* The full domain name */ -+ domain_name = calc_domain (self); -+ -+ /* -+ * In theory we should be discovering the short name or flat name as sssd -+ * calls it. We configured it as the sssd.conf 'domains' name, so we just -+ * use that. Eventually we want to have a way to query sssd for that. -+ */ -+ -+ /* -+ * Here we place a '%U' in the place of the user in the format, and -+ * fill in the domain appropriately. sssd uses snprintf for this, which -+ * is risky and very compex to do right with positional arguments. -+ * -+ * We only replace the arguments documented in sssd.conf, as well as -+ * other non-field printf replacements. -+ */ -+ -+ if (safe_asprintf (login_formats, format, "%U", domain_name ? domain_name : "", self->pv->domain, NULL) >= 0) -+ realm_kerberos_set_login_formats (kerberos, (const gchar **)login_formats); - g_free (login_formats[0]); -+ g_free (domain_name); - g_free (format); - } - -diff --git a/service/safe-printf.c b/service/safe-printf.c -new file mode 100644 -index 0000000..069c915 ---- /dev/null -+++ b/service/safe-printf.c -@@ -0,0 +1,348 @@ -+/* realmd -- Realm configuration service -+ * -+ * Copyright 2013 Red Hat Inc -+ * -+ * This program is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU Lesser General Public License as published -+ * by the Free Software Foundation; either version 2 of the licence or (at -+ * your option) any later version. -+ * -+ * See the included COPYING file for more information. -+ * -+ * Author: Stef Walter -+ */ -+ -+#include "config.h" -+ -+#include "safe-printf.h" -+ -+#include -+#include -+ -+#ifndef MIN -+#define MIN(a, b) (((a) < (b)) ? (a) : (b)) -+#endif -+ -+#ifndef MAX -+#define MAX(a, b) (((a) > (b)) ? (a) : (b)) -+#endif -+ -+static void -+safe_padding (int count, -+ int *total, -+ void (* callback) (void *, const char *, size_t), -+ void *data) -+{ -+ char eight[] = " "; -+ int num; -+ -+ while (count > 0) { -+ num = MIN (count, 8); -+ callback (data, eight, num); -+ count -= num; -+ *total += num; -+ } -+} -+ -+static void -+dummy_callback (void *data, -+ const char *piece, -+ size_t len) -+{ -+ -+} -+ -+int -+safe_printf_cb (void (* callback) (void *, const char *, size_t), -+ void *data, -+ const char *format, -+ const char * const args[], -+ int num_args) -+{ -+ int at_arg = 0; -+ const char *cp; -+ int precision; -+ int width; -+ int len; -+ const char *value; -+ int total; -+ int left; -+ -+ if (!callback) -+ callback = dummy_callback; -+ -+ total = 0; -+ cp = format; -+ -+ while (*cp) { -+ -+ /* Piece of raw string */ -+ if (*cp != '%') { -+ len = strcspn (cp, "%"); -+ callback (data, cp, len); -+ total += len; -+ cp += len; -+ continue; -+ } -+ -+ cp++; -+ -+ /* An literal percent sign? */ -+ if (*cp == '%') { -+ callback (data, "%", 1); -+ total++; -+ cp++; -+ continue; -+ } -+ -+ value = NULL; -+ left = 0; -+ precision = -1; -+ width = -1; -+ -+ /* Test for positional argument. */ -+ if (*cp >= '0' && *cp <= '9') { -+ /* Look-ahead parsing, otherwise skipped */ -+ if (cp[strspn (cp, "0123456789")] == '$') { -+ unsigned int n = 0; -+ for (; *cp >= '0' && *cp <= '9'; cp++) -+ n = 10 * n + (*cp - '0'); -+ /* Positional argument 0 is invalid. */ -+ if (n == 0) -+ return -1; -+ /* Positional argument N too high */ -+ if (n > num_args) -+ return -1; -+ value = args[n - 1]; -+ cp++; /* $ */ -+ } -+ } -+ -+ /* Read the supported flags. */ -+ for (; ; cp++) { -+ if (*cp == '-') -+ left = 1; -+ /* Supported but ignored */ -+ else if (*cp != ' ') -+ break; -+ } -+ -+ /* Parse the width. */ -+ if (*cp >= '0' && *cp <= '9') { -+ width = 0; -+ for (; *cp >= '0' && *cp <= '9'; cp++) -+ width = 10 * width + (*cp - '0'); -+ } -+ -+ /* Parse the precision. */ -+ if (*cp == '.') { -+ precision = 0; -+ for (cp++; *cp >= '0' && *cp <= '9'; cp++) -+ precision = 10 * precision + (*cp - '0'); -+ } -+ -+ /* Read the conversion character. */ -+ switch (*cp++) { -+ case 's': -+ /* Non-positional argument */ -+ if (value == NULL) { -+ /* Too many arguments used */ -+ if (at_arg == num_args) -+ return -1; -+ value = args[at_arg++]; -+ } -+ break; -+ -+ /* No other conversion characters are supported */ -+ default: -+ return -1; -+ } -+ -+ /* How many characters are we printing? */ -+ len = strlen (value); -+ if (precision >= 0) -+ len = MIN (precision, len); -+ -+ /* Do we need padding? */ -+ safe_padding (left ? 0 : width - len, &total, callback, data); -+ -+ /* The actual data */; -+ callback (data, value, len); -+ total += len; -+ -+ /* Do we need padding? */ -+ safe_padding (left ? width - len : 0, &total, callback, data); -+ } -+ -+ return total; -+} -+ -+struct sprintf_ctx { -+ char *data; -+ size_t length; -+ size_t alloc; -+}; -+ -+static void -+asprintf_callback (void *data, -+ const char *piece, -+ size_t length) -+{ -+ struct sprintf_ctx *cx = data; -+ void *mem; -+ -+ if (!cx->data) -+ return; -+ -+ /* Reallocate if necessary */ -+ if (cx->length + length + 1 > cx->alloc) { -+ cx->alloc += MAX (length + 1, 1024); -+ mem = realloc (cx->data, cx->alloc); -+ if (mem == NULL) { -+ free (cx->data); -+ cx->data = NULL; -+ return; -+ } -+ cx->data = mem; -+ } -+ -+ memcpy (cx->data + cx->length, piece, length); -+ cx->length += length; -+ cx->data[cx->length] = 0; -+} -+ -+static const char ** -+valist_to_args (va_list va, -+ int *num_args) -+{ -+ int alo_args; -+ const char **args; -+ const char *arg; -+ void *mem; -+ -+ *num_args = alo_args = 0; -+ args = NULL; -+ -+ for (;;) { -+ arg = va_arg (va, const char *); -+ if (arg == NULL) -+ break; -+ if (*num_args == alo_args) { -+ alo_args += 8; -+ mem = realloc (args, sizeof (const char *) * alo_args); -+ if (!mem) { -+ free (args); -+ return NULL; -+ } -+ args = mem; -+ } -+ args[(*num_args)++] = arg; -+ } -+ -+ return args; -+} -+ -+int -+safe_asprintf (char **strp, -+ const char *format, -+ ...) -+{ -+ struct sprintf_ctx cx; -+ const char **args; -+ int num_args; -+ va_list va; -+ int ret; -+ int i; -+ -+ va_start (va, format); -+ args = valist_to_args (va, &num_args); -+ va_end (va); -+ -+ if (args == NULL) -+ return -1; -+ -+ /* Preallocate a pretty good guess */ -+ cx.alloc = strlen (format) + 1; -+ for (i = 0; i < num_args; i++) -+ cx.alloc += strlen (args[i]); -+ -+ cx.data = malloc (cx.alloc); -+ if (!cx.data) { -+ free (args); -+ return -1; -+ } -+ -+ cx.data[0] = '\0'; -+ cx.length = 0; -+ -+ ret = safe_printf_cb (asprintf_callback, &cx, format, args, num_args); -+ if (cx.data == NULL) -+ ret = -1; -+ if (ret < 0) -+ free (cx.data); -+ else -+ *strp = cx.data; -+ -+ free (args); -+ return ret; -+} -+ -+static void -+snprintf_callback (void *data, -+ const char *piece, -+ size_t length) -+{ -+ struct sprintf_ctx *cx = data; -+ -+ /* Don't copy if too much data */ -+ if (cx->length > cx->alloc) -+ length = 0; -+ else if (cx->length + length > cx->alloc) -+ length = cx->alloc - cx->length; -+ else -+ length = length; -+ -+ if (length > 0) -+ memcpy (cx->data + cx->length, piece, length); -+ -+ /* Null termination happens later */ -+ cx->length += length; -+} -+ -+int -+safe_snprintf (char *str, -+ size_t len, -+ const char *format, -+ ...) -+{ -+ struct sprintf_ctx cx; -+ int num_args; -+ va_list va; -+ const char **args; -+ int ret; -+ -+ cx.data = str; -+ cx.length = 0; -+ cx.alloc = len; -+ -+ va_start (va, format); -+ args = valist_to_args (va, &num_args); -+ va_end (va); -+ -+ if (args == NULL) -+ return -1; -+ -+ if (len) -+ cx.data[0] = '\0'; -+ -+ ret = safe_printf_cb (snprintf_callback, &cx, format, args, num_args); -+ if (ret < 0) -+ return ret; -+ -+ /* Null terminate appropriately */ -+ if (len > 0) -+ cx.data[MIN(cx.length, len - 1)] = '\0'; -+ -+ free (args); -+ return ret; -+} -diff --git a/service/safe-printf.h b/service/safe-printf.h -new file mode 100644 -index 0000000..8881b91 ---- /dev/null -+++ b/service/safe-printf.h -@@ -0,0 +1,45 @@ -+/* realmd -- Realm configuration service -+ * -+ * Copyright 2013 Red Hat Inc -+ * -+ * This program is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU Lesser General Public License as published -+ * by the Free Software Foundation; either version 2 of the licence or (at -+ * your option) any later version. -+ * -+ * See the included COPYING file for more information. -+ * -+ * Author: Stef Walter -+ */ -+ -+#include "config.h" -+ -+#ifndef __SAFE_PRINTF_H__ -+#define __SAFE_PRINTF_H__ -+ -+#include -+ -+#ifndef GNUC_NULL_TERMINATED -+#if __GNUC__ >= 4 -+#define GNUC_NULL_TERMINATED __attribute__((__sentinel__)) -+#else -+#define GNUC_NULL_TERMINATED -+#endif -+#endif -+ -+int safe_asprintf (char **strp, -+ const char *format, -+ ...) GNUC_NULL_TERMINATED; -+ -+int safe_snprintf (char *str, -+ size_t len, -+ const char *format, -+ ...) GNUC_NULL_TERMINATED; -+ -+int safe_printf_cb (void (* callback) (void *data, const char *piece, size_t len), -+ void *data, -+ const char *format, -+ const char * const args[], -+ int num_args); -+ -+#endif /* __SAFE_PRINTF_H__ */ -diff --git a/tests/Makefile.am b/tests/Makefile.am -index f6d400b..d26c762 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -17,6 +17,7 @@ LDADD = \ - TEST_PROGS = \ - test-ini-config \ - test-sssd-config \ -+ test-safe-printf \ - test-login-name \ - test-samba-ou-format \ - test-settings \ -@@ -43,6 +44,11 @@ test_sssd_config_SOURCES = \ - $(top_srcdir)/service/realm-settings.c \ - $(NULL) - -+test_safe_printf_SOURCES = \ -+ test-safe-printf.c \ -+ $(top_srcdir)/service/safe-printf.c \ -+ $(NULL) -+ - test_login_name_SOURCES = \ - test-login-name.c \ - $(top_srcdir)/service/realm-login-name.c \ -diff --git a/tests/test-safe-printf.c b/tests/test-safe-printf.c -new file mode 100644 -index 0000000..fa337ac ---- /dev/null -+++ b/tests/test-safe-printf.c -@@ -0,0 +1,238 @@ -+/* realmd -- Realm configuration service -+ * -+ * Copyright 2012 Red Hat Inc -+ * -+ * This program is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU Lesser General Public License as published -+ * by the Free Software Foundation; either version 2 of the licence or (at -+ * your option) any later version. -+ * -+ * See the included COPYING file for more information. -+ * -+ * Author: Stef Walter -+ */ -+ -+#include "config.h" -+ -+#include "service/safe-printf.h" -+ -+#include -+ -+#include -+ -+typedef struct { -+ const gchar *format; -+ const gchar *args[8]; -+ const gchar *result; -+} Fixture; -+ -+static void -+callback (void *data, -+ const char *piece, -+ size_t len) -+{ -+ g_string_append_len (data, piece, len); -+} -+ -+static void -+test_safe_printf (gconstpointer user_data) -+{ -+ const Fixture *fixture = user_data; -+ GString *out; -+ int num_args; -+ int ret; -+ -+ for (num_args = 0; fixture->args[num_args] != NULL; ) -+ num_args++; -+ -+ out = g_string_new (""); -+ ret = safe_printf_cb (callback, out, fixture->format, (const gchar **)fixture->args, num_args); -+ if (fixture->result) { -+ g_assert_cmpint (ret, >=, 0); -+ g_assert_cmpstr (out->str, ==, fixture->result); -+ g_assert_cmpint (ret, ==, out->len); -+ } else { -+ g_assert_cmpint (ret, <, 0); -+ } -+ -+ g_string_free (out, TRUE); -+} -+ -+static const Fixture fixtures[] = { -+ { -+ /* Just a bog standard string */ -+ "%s", { "blah", NULL, }, -+ "blah" -+ }, -+ { -+ /* Empty to print */ -+ "%s", { "", NULL, }, -+ "" -+ }, -+ { -+ /* Nothing to print */ -+ "", { "blah", NULL, }, -+ "" -+ }, -+ { -+ /* Width right aligned */ -+ "%8s", { "blah", NULL, }, -+ " blah" -+ }, -+ { -+ /* Width left aligned */ -+ "whoop %-8s doo", { "dee", NULL, }, -+ "whoop dee doo" -+ }, -+ { -+ /* Width space aligned (ignored) */ -+ "whoop % 8s doo", { "dee", NULL, }, -+ "whoop dee doo" -+ }, -+ { -+ /* Width left space aligned (ignored) */ -+ "whoop % -8s doo", { "dee", NULL, }, -+ "whoop dee doo" -+ }, -+ { -+ /* Precision 1 digit */ -+ "whoop %.3s doo", { "deedle-dee", NULL, }, -+ "whoop dee doo" -+ }, -+ { -+ /* Precision, N digits */ -+ "whoop %.10s doo", { "deedle-dee-deedle-do-deedle-dum", NULL, }, -+ "whoop deedle-dee doo" -+ }, -+ { -+ /* Precision, zero digits */ -+ "whoop %.s doo", { "deedle", NULL, }, -+ "whoop doo" -+ }, -+ { -+ /* Multiple simple arguments */ -+ "space %s %s", { "man", "dances", NULL, }, -+ "space man dances" -+ }, -+ { -+ /* Literal percent */ -+ "100%% of space folk dance", { NULL, }, -+ "100% of space folk dance" -+ }, -+ { -+ /* Multiple simple arguments */ -+ "space %2$s %1$s", { "dances", "man", NULL, }, -+ "space man dances" -+ }, -+ { -+ /* Skipping an argument (not supported by standard printf) */ -+ "space %2$s dances", { "dances", "man", NULL, }, -+ "space man dances" -+ }, -+ -+ /* Failures start here */ -+ -+ { -+ /* Unsupported conversion */ -+ "%x", { "blah", NULL, }, -+ NULL -+ }, -+ { -+ /* Bad positional argument */ -+ "space %55$s dances", { "dances", "man", NULL, }, -+ NULL -+ }, -+ { -+ /* Zero positional argument */ -+ "space %0$s dances", { "dances", "man", NULL, }, -+ NULL -+ }, -+ { -+ /* Too many args used */ -+ "%s %s dances", { "space", NULL, }, -+ NULL -+ }, -+ -+}; -+ -+static void -+test_safe_snprintf (void) -+{ -+ char buffer[8]; -+ int ret; -+ -+ ret = safe_snprintf (buffer, 8, "%s", "space", "man", NULL); -+ g_assert_cmpint (ret, ==, 5); -+ g_assert_cmpstr (buffer, ==, "space"); -+ -+ ret = safe_snprintf (buffer, 8, "", "space", "man", NULL); -+ g_assert_cmpint (ret, ==, 0); -+ g_assert_cmpstr (buffer, ==, ""); -+ -+ ret = safe_snprintf (buffer, 8, "the %s %s dances away", "space", "man", NULL); -+ g_assert_cmpint (ret, ==, 25); -+ g_assert_cmpstr (buffer, ==, "the spa"); -+ -+ ret = safe_snprintf (buffer, 8, "%5$s", NULL); -+ g_assert_cmpint (ret, <, 0); -+} -+ -+static void -+test_safe_asprintf (void) -+{ -+ char *buffer; -+ int ret; -+ -+ ret = safe_asprintf (&buffer, "%s", "space", "man", NULL); -+ g_assert_cmpint (ret, ==, 5); -+ g_assert_cmpstr (buffer, ==, "space"); -+ free (buffer); -+ -+ ret = safe_asprintf (&buffer, "", "space", "man", NULL); -+ g_assert_cmpint (ret, ==, 0); -+ g_assert_cmpstr (buffer, ==, ""); -+ free (buffer); -+ -+ ret = safe_asprintf (&buffer, "the %s %s dances away", "space", "man", NULL); -+ g_assert_cmpint (ret, ==, 25); -+ g_assert_cmpstr (buffer, ==, "the space man dances away"); -+ free (buffer); -+ -+ ret = safe_asprintf (&buffer, "%1$s %1$s %1$s %1$s %1$s %1$s", "space man", NULL); -+ g_assert_cmpint (ret, ==, 59); -+ g_assert_cmpstr (buffer, ==, "space man space man space man space man space man space man"); -+ free (buffer); -+ -+ ret = safe_asprintf (&buffer, "%5$s", NULL); -+ g_assert_cmpint (ret, <, 0); -+} -+ -+int -+main (int argc, -+ char **argv) -+{ -+ gchar *escaped; -+ gchar *name; -+ gint i; -+ -+ g_test_init (&argc, &argv, NULL); -+ g_set_prgname ("test-safe-printf"); -+ -+ for (i = 0; i < G_N_ELEMENTS (fixtures); i++) { -+ if (g_str_equal (fixtures[i].format, "")) -+ escaped = g_strdup ("_empty_"); -+ else -+ escaped = g_strdup (fixtures[i].format); -+ g_strdelimit (escaped, " =\\/", '_'); -+ name = g_strdup_printf ("/realmd/safe-printf/%s", escaped); -+ g_free (escaped); -+ -+ g_test_add_data_func (name, fixtures + i, test_safe_printf); -+ g_free (name); -+ } -+ -+ g_test_add_func ("/realmd/safe-snprintf", test_safe_snprintf); -+ g_test_add_func ("/realmd/safe-asprintf", test_safe_asprintf); -+ -+ return g_test_run (); -+} --- -1.8.4.2 - diff --git a/SOURCES/samba-by-default.patch b/SOURCES/samba-by-default.patch new file mode 100644 index 0000000..0a10de0 --- /dev/null +++ b/SOURCES/samba-by-default.patch @@ -0,0 +1,48 @@ +From 36e35c860cebc5e3f3d2199742c7f46d5ef7b778 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Fri, 16 Oct 2015 11:41:14 +0200 +Subject: [PATCH] Revert "service: Prefer adcli over samba for most credential + types" + +This reverts commit 70878dec6e23226ab25f731654ab53cc0e7b11c3. +--- + service/realm-sssd-ad.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c +index c7ffe8a..39fcf81 100644 +--- a/service/realm-sssd-ad.c ++++ b/service/realm-sssd-ad.c +@@ -343,13 +343,26 @@ parse_join_options (JoinClosure *join, + } + + /* +- * For other valid types of credentials we prefer adcli. ++ * If we are enrolling with a ccache, then prefer to use adcli over samba. ++ * There have been some strange corner case problems when using samba with ++ * a ccache. + */ +- } else if (cred->type == REALM_CREDENTIAL_CCACHE || +- (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN)) { ++ } else if (cred->type == REALM_CREDENTIAL_CCACHE) { + if (!software) + software = REALM_DBUS_IDENTIFIER_ADCLI; + ++ /* ++ * For other supported enrolling credentials, we support either adcli or ++ * samba. But since adcli is pretty immature at this point, we use samba ++ * by default. Samba falls over with hostnames that are not perfectly ++ * specified, so use adcli there. ++ */ ++ } else if (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN) { ++ if (!software && join->disco->explicit_server) ++ software = REALM_DBUS_IDENTIFIER_ADCLI; ++ else if (!software) ++ software = REALM_DBUS_IDENTIFIER_SAMBA; ++ + /* It would be odd to get here */ + } else { + g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, +-- +2.5.0 + diff --git a/SPECS/realmd.spec b/SPECS/realmd.spec index 6dbbe17..0a9df5a 100644 --- a/SPECS/realmd.spec +++ b/SPECS/realmd.spec @@ -1,20 +1,27 @@ Name: realmd -Version: 0.14.6 -Release: 6%{?dist} +Version: 0.16.1 +Release: 5%{?dist} Summary: Kerberos realm enrollment service License: LGPLv2+ URL: http://cgit.freedesktop.org/realmd/realmd/ Source0: http://www.freedesktop.org/software/realmd/releases/realmd-%{version}.tar.gz -Patch0: ipa-packages.patch -Patch1: oddjob-start.patch -Patch2: safe-printf.patch -Patch3: missing-fqname.patch +Patch0: ipa-packages.patch +Patch1: net-in-samba-common.patch +Patch2: remove-spurious-print.patch +Patch3: increase-packagekit-timeout.patch +Patch4: dns-domain-name-liberal.patch + +Patch13: duplicate-test-path.patch + +Patch20: samba-by-default.patch + +BuildRequires: automake +BuildRequires: autoconf BuildRequires: intltool pkgconfig BuildRequires: gettext-devel BuildRequires: glib2-devel >= 2.32.0 BuildRequires: openldap-devel -BuildRequires: PackageKit-glib-devel BuildRequires: polkit-devel BuildRequires: krb5-devel BuildRequires: systemd-devel @@ -45,8 +52,14 @@ applications that use %{name}. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch13 -p1 +%patch20 -p1 %build +aclocal +automake --add-missing +autoconf %configure --disable-silent-rules make %{?_smp_mflags} @@ -58,9 +71,8 @@ make install DESTDIR=%{buildroot} %find_lang realmd -%clean - %files -f realmd.lang +%doc AUTHORS COPYING NEWS README %{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf %{_sbindir}/realm %dir %{_libdir}/realmd @@ -70,17 +82,42 @@ make install DESTDIR=%{buildroot} %{_unitdir}/realmd.service %{_datadir}/dbus-1/system-services/org.freedesktop.realmd.service %{_datadir}/polkit-1/actions/org.freedesktop.realmd.policy -%doc AUTHORS COPYING ChangeLog NEWS README %{_mandir}/man8/realm.8.gz %{_mandir}/man5/realmd.conf.5.gz %{_localstatedir}/cache/realmd/ %files devel-docs %doc %{_datadir}/doc/realmd/ +%doc ChangeLog %changelog -* Fri Jan 24 2014 Daniel Mach - 0.14.6-6 -- Mass rebuild 2014-01-24 +* Fri Oct 16 2015 Stef Walter - 0.16.1-5 +- Revert 0.16.1-4 +- Use samba by default +- Resolves: rhbz#1271618 + +* Fri Sep 11 2015 Stef Walter - 0.16.1-4 +- Fix regressions in 0.16.x releases +- Resolves: rhbz#1258745 +- Resolves: rhbz#1258488 + +* Fri Jul 31 2015 Stef Walter - 0.16.1-3 +- Fix regression accepting DNS domain names +- Resolves: rhbz#1243771 + +* Fri Jul 24 2015 Stef Walter - 0.16.1-2 +- Fix discarded patch: ipa-packages.patch + +* Tue Jul 14 2015 Stef Walter - 0.16.1-1 +- Updated to upstream 0.16.1 +- Resolves: rhbz#1241832 +- Resolves: rhbz#1230941 + +* Tue Apr 14 2015 Stef Walter - 0.16.0-1 +- Updated to upstream 0.16.0 +- Resolves: rhbz#1174911 +- Resolves: rhbz#1142191 +- Resolves: rhbz#1142148 * Fri Jan 10 2014 Stef Walter - 0.14.6-5 - Don't crash when full_name_format is not in sssd.conf [#1051033]