From 43583062641ed7f66b69265116de49f43d1c8c7a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 08 2015 10:31:23 +0000 Subject: import sssd-1.13.0-40.el7_2.1 --- diff --git a/SOURCES/0105-IPA-fix-override-with-the-same-name.patch b/SOURCES/0105-IPA-fix-override-with-the-same-name.patch new file mode 100644 index 0000000..1709e1c --- /dev/null +++ b/SOURCES/0105-IPA-fix-override-with-the-same-name.patch @@ -0,0 +1,238 @@ +From 6f25f357e3d000f6ad750bc336d24f8402e896af Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 19 Nov 2015 11:42:39 +0100 +Subject: [PATCH] IPA: fix override with the same name + +If the user name of a AD user is overridden with the name itself in an +IPA override object SSSD adds this name twice to the alias list causing +an ldb error when trying to write the user object to the cache. As a +result the user is not available. + +This patch makes sure that there are no duplicated alias names. + +Resolves https://fedorahosted.org/sssd/ticket/2874 + +Reviewed-by: Jakub Hrozek +(cherry picked from commit aedc71fe8360a51785933523f14bb5c4e7e2c38b) +--- + src/db/sysdb.c | 18 ++++++++-- + src/db/sysdb.h | 4 ++- + src/providers/ipa/ipa_s2n_exop.c | 13 +++---- + src/tests/sysdb-tests.c | 78 ++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 103 insertions(+), 10 deletions(-) + +diff --git a/src/db/sysdb.c b/src/db/sysdb.c +index 07a83a8a8e30df1b8e461a8d04866f2dbc53baf8..a71364d7c4b600eafd10fafa6641eac7b2292764 100644 +--- a/src/db/sysdb.c ++++ b/src/db/sysdb.c +@@ -598,7 +598,7 @@ int sysdb_attrs_add_string(struct sysdb_attrs *attrs, + return sysdb_attrs_add_val(attrs, name, &v); + } + +-int sysdb_attrs_add_lower_case_string(struct sysdb_attrs *attrs, ++int sysdb_attrs_add_lower_case_string(struct sysdb_attrs *attrs, bool safe, + const char *name, const char *str) + { + char *lc_str; +@@ -614,7 +614,11 @@ int sysdb_attrs_add_lower_case_string(struct sysdb_attrs *attrs, + return ENOMEM; + } + +- ret = sysdb_attrs_add_string(attrs, name, lc_str); ++ if (safe) { ++ ret = sysdb_attrs_add_string_safe(attrs, name, lc_str); ++ } else { ++ ret = sysdb_attrs_add_string(attrs, name, lc_str); ++ } + talloc_free(lc_str); + + return ret; +@@ -729,7 +733,15 @@ int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs, + int sysdb_attrs_add_lc_name_alias(struct sysdb_attrs *attrs, + const char *value) + { +- return sysdb_attrs_add_lower_case_string(attrs, SYSDB_NAME_ALIAS, value); ++ return sysdb_attrs_add_lower_case_string(attrs, false, SYSDB_NAME_ALIAS, ++ value); ++} ++ ++int sysdb_attrs_add_lc_name_alias_safe(struct sysdb_attrs *attrs, ++ const char *value) ++{ ++ return sysdb_attrs_add_lower_case_string(attrs, true, SYSDB_NAME_ALIAS, ++ value); + } + + int sysdb_attrs_copy_values(struct sysdb_attrs *src, +diff --git a/src/db/sysdb.h b/src/db/sysdb.h +index 9e28b5c6691f3710e3051d9746ac5fa47aff8424..3fa3f040708a4984158206d66a1d28a079091cf7 100644 +--- a/src/db/sysdb.h ++++ b/src/db/sysdb.h +@@ -315,7 +315,7 @@ int sysdb_attrs_add_string_safe(struct sysdb_attrs *attrs, + const char *name, const char *str); + int sysdb_attrs_add_string(struct sysdb_attrs *attrs, + const char *name, const char *str); +-int sysdb_attrs_add_lower_case_string(struct sysdb_attrs *attrs, ++int sysdb_attrs_add_lower_case_string(struct sysdb_attrs *attrs, bool safe, + const char *name, const char *str); + int sysdb_attrs_add_mem(struct sysdb_attrs *attrs, const char *name, + const void *mem, size_t size); +@@ -329,6 +329,8 @@ int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs, + const char *name, time_t value); + int sysdb_attrs_add_lc_name_alias(struct sysdb_attrs *attrs, + const char *value); ++int sysdb_attrs_add_lc_name_alias_safe(struct sysdb_attrs *attrs, ++ const char *value); + int sysdb_attrs_copy_values(struct sysdb_attrs *src, + struct sysdb_attrs *dst, + const char *name); +diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c +index 1e6368dc7ef1a6f60b541409f7f6740d602f0d43..bcd11749fbde4cae2a47b9b2182138ae04f2d6bc 100644 +--- a/src/providers/ipa/ipa_s2n_exop.c ++++ b/src/providers/ipa/ipa_s2n_exop.c +@@ -1804,10 +1804,11 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, + ret = sysdb_attrs_get_string(attrs->sysdb_attrs, + SYSDB_DEFAULT_OVERRIDE_NAME, &tmp_str); + if (ret == EOK) { +- ret = sysdb_attrs_add_lc_name_alias(attrs->sysdb_attrs, tmp_str); ++ ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, ++ tmp_str); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, +- "sysdb_attrs_add_lc_name_alias failed.\n"); ++ "sysdb_attrs_add_lc_name_alias_safe failed.\n"); + goto done; + } + } else if (ret != ENOENT) { +@@ -1876,10 +1877,10 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, + } + } + +- ret = sysdb_attrs_add_lc_name_alias(attrs->sysdb_attrs, name); ++ ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, +- "sysdb_attrs_add_lc_name_alias failed.\n"); ++ "sysdb_attrs_add_lc_name_alias_safe failed.\n"); + goto done; + } + +@@ -2133,10 +2134,10 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, + } + DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", name); + +- ret = sysdb_attrs_add_lc_name_alias(attrs->sysdb_attrs, name); ++ ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, +- "sysdb_attrs_add_lc_name_alias failed.\n"); ++ "sysdb_attrs_add_lc_name_alias_safe failed.\n"); + goto done; + } + +diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c +index 522a44aa4d5c0da6d10bba10d960fff9426200c1..0b091f741ce158713ed383ad3d98dfea25f388ed 100644 +--- a/src/tests/sysdb-tests.c ++++ b/src/tests/sysdb-tests.c +@@ -4690,6 +4690,7 @@ START_TEST(test_sysdb_attrs_add_lc_name_alias) + int ret; + struct sysdb_attrs *attrs; + const char *str; ++ char **list = NULL; + + ret = sysdb_attrs_add_lc_name_alias(NULL, NULL); + fail_unless(ret == EINVAL, "EINVAL not returned for NULL input"); +@@ -4706,6 +4707,82 @@ START_TEST(test_sysdb_attrs_add_lc_name_alias) + "Unexpected value, expected [%s], got [%s]", + LC_NAME_ALIAS_CHECK_VAL, str); + ++ /* Add the same value a second time, it is not recommended to do this on ++ * purpose but the test should illustrate the different to ++ * sysdb_attrs_add_lc_name_alias_safe(). */ ++ ret = sysdb_attrs_add_lc_name_alias(attrs, LC_NAME_ALIAS_TEST_VAL); ++ fail_unless(ret == EOK, "sysdb_attrs_add_lc_name_alias failed"); ++ ++ ret = sysdb_attrs_get_string_array(attrs, SYSDB_NAME_ALIAS, attrs, &list); ++ fail_unless(ret == EOK, "sysdb_attrs_get_string_array failed"); ++ fail_unless(list != NULL, "No list returned"); ++ fail_unless(list[0] != NULL, "Missing first list element"); ++ fail_unless(strcmp(list[0], LC_NAME_ALIAS_CHECK_VAL) == 0, ++ "Unexpected value, expected [%s], got [%s]", ++ LC_NAME_ALIAS_CHECK_VAL, list[0]); ++ fail_unless(list[1] != NULL, "Missing second list element"); ++ fail_unless(strcmp(list[1], LC_NAME_ALIAS_CHECK_VAL) == 0, ++ "Unexpected value, expected [%s], got [%s]", ++ LC_NAME_ALIAS_CHECK_VAL, list[1]); ++ fail_unless(list[2] == NULL, "Missing list terminator"); ++ ++ talloc_free(attrs); ++} ++END_TEST ++ ++START_TEST(test_sysdb_attrs_add_lc_name_alias_safe) ++{ ++ int ret; ++ struct sysdb_attrs *attrs; ++ const char *str; ++ char **list = NULL; ++ ++ ret = sysdb_attrs_add_lc_name_alias_safe(NULL, NULL); ++ fail_unless(ret == EINVAL, "EINVAL not returned for NULL input"); ++ ++ attrs = sysdb_new_attrs(NULL); ++ fail_unless(attrs != NULL, "sysdb_new_attrs failed"); ++ ++ ret = sysdb_attrs_add_lc_name_alias_safe(attrs, LC_NAME_ALIAS_TEST_VAL); ++ fail_unless(ret == EOK, "sysdb_attrs_add_lc_name_alias failed"); ++ ++ ret = sysdb_attrs_get_string(attrs, SYSDB_NAME_ALIAS, &str); ++ fail_unless(ret == EOK, "sysdb_attrs_get_string failed"); ++ fail_unless(strcmp(str, LC_NAME_ALIAS_CHECK_VAL) == 0, ++ "Unexpected value, expected [%s], got [%s]", ++ LC_NAME_ALIAS_CHECK_VAL, str); ++ ++ /* Adding the same value a second time should be ignored */ ++ ret = sysdb_attrs_add_lc_name_alias_safe(attrs, LC_NAME_ALIAS_TEST_VAL); ++ fail_unless(ret == EOK, "sysdb_attrs_add_lc_name_alias failed"); ++ ++ ret = sysdb_attrs_get_string_array(attrs, SYSDB_NAME_ALIAS, attrs, &list); ++ fail_unless(ret == EOK, "sysdb_attrs_get_string_array failed"); ++ fail_unless(list != NULL, "No list returned"); ++ fail_unless(list[0] != NULL, "Missing first list element"); ++ fail_unless(strcmp(list[0], LC_NAME_ALIAS_CHECK_VAL) == 0, ++ "Unexpected value, expected [%s], got [%s]", ++ LC_NAME_ALIAS_CHECK_VAL, list[0]); ++ fail_unless(list[1] == NULL, "Missing list terminator"); ++ ++ /* Adding different value */ ++ ret = sysdb_attrs_add_lc_name_alias_safe(attrs, ++ "2nd_" LC_NAME_ALIAS_TEST_VAL); ++ fail_unless(ret == EOK, "sysdb_attrs_add_lc_name_alias failed"); ++ ++ ret = sysdb_attrs_get_string_array(attrs, SYSDB_NAME_ALIAS, attrs, &list); ++ fail_unless(ret == EOK, "sysdb_attrs_get_string_array failed"); ++ fail_unless(list != NULL, "No list returned"); ++ fail_unless(list[0] != NULL, "Missing first list element"); ++ fail_unless(strcmp(list[0], LC_NAME_ALIAS_CHECK_VAL) == 0, ++ "Unexpected value, expected [%s], got [%s]", ++ LC_NAME_ALIAS_CHECK_VAL, list[0]); ++ fail_unless(list[1] != NULL, "Missing first list element"); ++ fail_unless(strcmp(list[1], "2nd_" LC_NAME_ALIAS_CHECK_VAL) == 0, ++ "Unexpected value, expected [%s], got [%s]", ++ "2nd_" LC_NAME_ALIAS_CHECK_VAL, list[1]); ++ fail_unless(list[2] == NULL, "Missing list terminator"); ++ + talloc_free(attrs); + } + END_TEST +@@ -6412,6 +6489,7 @@ Suite *create_sysdb_suite(void) + tcase_add_test(tc_sysdb, test_sysdb_svc_remove_alias); + + tcase_add_test(tc_sysdb, test_sysdb_attrs_add_lc_name_alias); ++ tcase_add_test(tc_sysdb, test_sysdb_attrs_add_lc_name_alias_safe); + + /* ===== UTIL TESTS ===== */ + tcase_add_test(tc_sysdb, test_sysdb_attrs_get_string_array); +-- +2.4.3 + diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec index 76d90cb..1808930 100644 --- a/SPECS/sssd.spec +++ b/SPECS/sssd.spec @@ -16,6 +16,8 @@ %global with_krb5_localauth_plugin 1 +%global libwbc_alternatives_version 0.12 +%global libwbc_lib_version %{libwbc_alternatives_version}.0 %global libwbc_alternatives_suffix %nil %if 0%{?__isa_bits} == 64 %global libwbc_alternatives_suffix -64 @@ -23,7 +25,7 @@ Name: sssd Version: 1.13.0 -Release: 40%{?dist} +Release: 40%{?dist}.1 Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -138,6 +140,7 @@ Patch0101: 0101-AD-Consolidate-connection-list-construction-on-ad_co.patch Patch0102: 0102-nss-send-original-name-and-id-with-local-views-if-po.patch Patch0103: 0103-sudo-search-with-view-even-if-user-is-found.patch Patch0104: 0104-sudo-send-original-name-and-id-with-local-views-if-p.patch +Patch0105: 0105-IPA-fix-override-with-the-same-name.patch #This patch should not be removed in RHEL-7 Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec @@ -616,6 +619,12 @@ rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT +if [ ! -f %{buildroot}/%{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version}] +then + echo "Expected libwbclient version not found, please check if version has changed." + exit -1 +fi + # Prepare language files /usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd @@ -1028,16 +1037,17 @@ fi %postun -n libsss_nss_idmap -p /sbin/ldconfig %post libwbclient -%{_sbindir}/update-alternatives --install %{_libdir}/libwbclient.so.0.11 \ - libwbclient.so.0.11%{libwbc_alternatives_suffix} \ - %{_libdir}/%{name}/modules/libwbclient.so.0.11.0 20 +%{_sbindir}/update-alternatives \ + --install %{_libdir}/libwbclient.so.%{libwbc_alternatives_version} \ + libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \ + %{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} 20 /sbin/ldconfig %preun libwbclient if [ $1 -eq 0 ]; then - %{_sbindir}/update-alternatives --remove \ - libwbclient.so.0.11%{libwbc_alternatives_suffix} \ - %{_libdir}/%{name}/modules/libwbclient.so.0.11.0 + %{_sbindir}/update-alternatives \ + --remove libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \ + %{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} fi /sbin/ldconfig @@ -1063,6 +1073,10 @@ fi /usr/bin/rm -f /var/tmp/sssd.upgrade || : %changelog +* Tue Nov 24 2015 Jakub Hrozek - 1.13.0-41 +- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17 + (File exists) + * Wed Oct 14 2015 Jakub Hrozek - 1.13.0-40 - Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id