From 9fb6176aa5977217b0b5562722a1c56510fbc7c7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 26 2022 16:16:22 +0000 Subject: import sssd-2.7.3-3.el8 --- diff --git a/SOURCES/0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch b/SOURCES/0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch new file mode 100644 index 0000000..a820d44 --- /dev/null +++ b/SOURCES/0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch @@ -0,0 +1,34 @@ +From 0eae0862069e4bbbdd87b809193fc873f3003cff Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Tue, 16 Aug 2022 21:48:43 +0200 +Subject: [PATCH 5/6] CLIENT:MC: -1 is more appropriate initial value for fd +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Sumit Bose +Reviewed-by: Tomáš Halman +(cherry picked from commit 579cc0b266d5f8954bc71cfcd3fe68002d681a5f) +--- + src/sss_client/nss_mc.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h +index de1496ccc..0f88521e9 100644 +--- a/src/sss_client/nss_mc.h ++++ b/src/sss_client/nss_mc.h +@@ -67,9 +67,9 @@ struct sss_cli_mc_ctx { + }; + + #if HAVE_PTHREAD +-#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), 1, 0, NULL, 0, NULL, 0, NULL, 0, 0} ++#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), -1, 0, NULL, 0, NULL, 0, NULL, 0, 0} + #else +-#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, 1, 0, NULL, 0, NULL, 0, NULL, 0, 0} ++#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, -1, 0, NULL, 0, NULL, 0, NULL, 0, 0} + #endif + + errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx); +-- +2.37.1 + diff --git a/SOURCES/0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch b/SOURCES/0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch new file mode 100644 index 0000000..f759975 --- /dev/null +++ b/SOURCES/0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch @@ -0,0 +1,78 @@ +From d386e94ef49d95d7305a3e6578e41a2cf61dfc5c Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Tue, 16 Aug 2022 21:51:03 +0200 +Subject: [PATCH 6/6] CLIENT:MC: pointer to the context mutex shouldn't be + touched +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Even brief window inside `sss_nss_mc_destroy_ctx()` when `mutex == NULL` +was creating a possibility for a race. + +Reviewed-by: Sumit Bose +Reviewed-by: Tomáš Halman +(cherry picked from commit 4ac93d9c5df59cdb7f397b4467f1c1c4822ff757) +--- + src/sss_client/nss_mc.h | 4 +++- + src/sss_client/nss_mc_common.c | 20 ++++++++++---------- + 2 files changed, 13 insertions(+), 11 deletions(-) + +diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h +index 0f88521e9..9ab2736fa 100644 +--- a/src/sss_client/nss_mc.h ++++ b/src/sss_client/nss_mc.h +@@ -44,7 +44,9 @@ enum sss_mc_state { + RECYCLED, + }; + +-/* common stuff */ ++/* In the case this structure is extended, don't forget to update ++ * `SSS_CLI_MC_CTX_INITIALIZER` and `sss_nss_mc_destroy_ctx()`. ++ */ + struct sss_cli_mc_ctx { + enum sss_mc_state initialized; + #if HAVE_PTHREAD +diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c +index f38a4a85a..3128861bf 100644 +--- a/src/sss_client/nss_mc_common.c ++++ b/src/sss_client/nss_mc_common.c +@@ -130,25 +130,25 @@ errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx) + + static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx) + { +- uint32_t active_threads = ctx->active_threads; +-#if HAVE_PTHREAD +- pthread_mutex_t *mutex = ctx->mutex; +-#endif + + if ((ctx->mmap_base != NULL) && (ctx->mmap_size != 0)) { + munmap(ctx->mmap_base, ctx->mmap_size); + } ++ ctx->mmap_base = NULL; ++ ctx->mmap_size = 0; ++ + if (ctx->fd != -1) { + close(ctx->fd); + } +- memset(ctx, 0, sizeof(struct sss_cli_mc_ctx)); + ctx->fd = -1; + +- /* restore count of active threads */ +- ctx->active_threads = active_threads; +-#if HAVE_PTHREAD +- ctx->mutex = mutex; +-#endif ++ ctx->seed = 0; ++ ctx->data_table = NULL; ++ ctx->dt_size = 0; ++ ctx->hash_table = NULL; ++ ctx->ht_size = 0; ++ ctx->initialized = UNINITIALIZED; ++ /* `mutex` and `active_threads` should be left intact */ + } + + static errno_t sss_nss_mc_init_ctx(const char *name, +-- +2.37.1 + diff --git a/SOURCES/0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch b/SOURCES/0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch new file mode 100644 index 0000000..0e06c29 --- /dev/null +++ b/SOURCES/0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch @@ -0,0 +1,33 @@ +From f8704cc24eafe190e6c78dc21535f6029d51d647 Mon Sep 17 00:00:00 2001 +From: Justin Stephenson +Date: Mon, 15 Aug 2022 16:17:59 -0400 +Subject: [PATCH] SSSCTL: Allow analyzer to work without SSSD setup + +Fixes an issue when the sssctl analyzer option is +used on systems where SSSD is not running or configured. This is +an expected use case when using --logdir option to analyze external +log files. + +Resolves: https://github.com/SSSD/sssd/issues/6298 + +Reviewed-by: Alexey Tikhonov +--- + src/tools/sssctl/sssctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c +index 3816125ad..f18689f9f 100644 +--- a/src/tools/sssctl/sssctl.c ++++ b/src/tools/sssctl/sssctl.c +@@ -296,7 +296,7 @@ int main(int argc, const char **argv) + SSS_TOOL_COMMAND("logs-remove", "Remove existing SSSD log files", 0, sssctl_logs_remove), + SSS_TOOL_COMMAND("logs-fetch", "Archive SSSD log files in tarball", 0, sssctl_logs_fetch), + SSS_TOOL_COMMAND("debug-level", "Change SSSD debug level", 0, sssctl_debug_level), +- SSS_TOOL_COMMAND("analyze", "Analyze logged data", 0, sssctl_analyze), ++ SSS_TOOL_COMMAND_FLAGS("analyze", "Analyze logged data", 0, sssctl_analyze, SSS_TOOL_FLAG_SKIP_CMD_INIT), + #ifdef HAVE_LIBINI_CONFIG_V1_3 + SSS_TOOL_DELIMITER("Configuration files tools:"), + SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT), +-- +2.37.1 + diff --git a/SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch b/SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch new file mode 100644 index 0000000..769e082 --- /dev/null +++ b/SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch @@ -0,0 +1,297 @@ +From e6d450d4f67c3c639a6ab7e891adccc361d80ecd Mon Sep 17 00:00:00 2001 +From: Justin Stephenson +Date: Fri, 19 Aug 2022 09:50:22 -0400 +Subject: [PATCH 8/9] RESPONDER: Fix client ID tracking +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Client ID is not stored properly to match requests +when parallel requests are made to client SSSD + +Resolves: https://github.com/SSSD/sssd/issues/6307 + +Reviewed-by: Alexey Tikhonov +Reviewed-by: Pavel Březina + +Reviewed-by: Alexey Tikhonov +--- + src/responder/common/cache_req/cache_req.c | 5 +++-- + .../plugins/cache_req_autofs_entry_by_name.c | 3 ++- + .../cache_req/plugins/cache_req_autofs_map_by_name.c | 3 ++- + .../cache_req/plugins/cache_req_autofs_map_entries.c | 3 ++- + .../plugins/cache_req_ssh_host_id_by_name.c | 3 ++- + src/responder/common/responder.h | 2 +- + src/responder/common/responder_common.c | 12 +++++++----- + src/responder/common/responder_dp.c | 5 +++-- + src/responder/common/responder_get_domains.c | 3 ++- + src/responder/pam/pamsrv_cmd.c | 4 ++-- + 10 files changed, 26 insertions(+), 17 deletions(-) + +diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c +index 4dd45b038..bc65bae71 100644 +--- a/src/responder/common/cache_req/cache_req.c ++++ b/src/responder/common/cache_req/cache_req.c +@@ -24,6 +24,7 @@ + #include + + #include "util/util.h" ++#include "util/sss_chain_id.h" + #include "responder/common/responder.h" + #include "responder/common/cache_req/cache_req_private.h" + #include "responder/common/cache_req/cache_req_plugin.h" +@@ -1124,8 +1125,8 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx, + } + state->first_iteration = true; + +- SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%u] '%s'\n", +- rctx->client_id_num, cr->reqname); ++ SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%lu] '%s'\n", ++ sss_chain_id_get(), cr->reqname); + + ret = cache_req_is_well_known_object(state, cr, &result); + if (ret == EOK) { +diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c +index 788b6708c..b2b0a06eb 100644 +--- a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c ++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c +@@ -24,6 +24,7 @@ + #include "db/sysdb.h" + #include "db/sysdb_autofs.h" + #include "util/util.h" ++#include "util/sss_chain_id.h" + #include "providers/data_provider.h" + #include "responder/common/cache_req/cache_req_plugin.h" + +@@ -86,7 +87,7 @@ cache_req_autofs_entry_by_name_dp_send(TALLOC_CTX *mem_ctx, + be_conn->bus_name, SSS_BUS_PATH, + 0, data->name.name, + data->autofs_entry_name, +- cr->rctx->client_id_num); ++ sss_chain_id_get()); + } + + bool +diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c +index 5d82641cc..23b11b1cd 100644 +--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c ++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c +@@ -24,6 +24,7 @@ + #include "db/sysdb.h" + #include "db/sysdb_autofs.h" + #include "util/util.h" ++#include "util/sss_chain_id.h" + #include "providers/data_provider.h" + #include "responder/common/cache_req/cache_req_plugin.h" + +@@ -82,7 +83,7 @@ cache_req_autofs_map_by_name_dp_send(TALLOC_CTX *mem_ctx, + return sbus_call_dp_autofs_GetMap_send(mem_ctx, be_conn->conn, + be_conn->bus_name, SSS_BUS_PATH, + 0, data->name.name, +- cr->rctx->client_id_num); ++ sss_chain_id_get()); + } + + bool +diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c +index 29f289723..18c08ca39 100644 +--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c ++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c +@@ -24,6 +24,7 @@ + #include "db/sysdb.h" + #include "db/sysdb_autofs.h" + #include "util/util.h" ++#include "util/sss_chain_id.h" + #include "providers/data_provider.h" + #include "responder/common/cache_req/cache_req_plugin.h" + +@@ -114,7 +115,7 @@ cache_req_autofs_map_entries_dp_send(TALLOC_CTX *mem_ctx, + return sbus_call_dp_autofs_Enumerate_send(mem_ctx, be_conn->conn, + be_conn->bus_name, SSS_BUS_PATH, + 0, data->name.name, +- cr->rctx->client_id_num); ++ sss_chain_id_get()); + } + + bool +diff --git a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c +index a8b8f47a8..29f52f10d 100644 +--- a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c ++++ b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c +@@ -23,6 +23,7 @@ + + #include "db/sysdb_ssh.h" + #include "util/util.h" ++#include "util/sss_chain_id.h" + #include "providers/data_provider.h" + #include "responder/common/cache_req/cache_req_plugin.h" + +@@ -86,7 +87,7 @@ cache_req_host_by_name_dp_send(TALLOC_CTX *mem_ctx, + return sbus_call_dp_dp_hostHandler_send(mem_ctx, be_conn->conn, + be_conn->bus_name, SSS_BUS_PATH, + 0, data->name.name, data->alias, +- cr->rctx->client_id_num); ++ sss_chain_id_get()); + } + + static bool +diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h +index 5cb79e3e6..259b3ff13 100644 +--- a/src/responder/common/responder.h ++++ b/src/responder/common/responder.h +@@ -165,13 +165,13 @@ struct cli_ctx { + + struct cli_creds *creds; + char *cmd_line; +- uint64_t old_chain_id; + + void *protocol_ctx; + void *state_ctx; + + struct tevent_timer *idle; + time_t last_request_time; ++ uint32_t client_id_num; + }; + + struct sss_cmd_table { +diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c +index 6e3b61ef0..a4ba8ea71 100644 +--- a/src/responder/common/responder_common.c ++++ b/src/responder/common/responder_common.c +@@ -87,8 +87,6 @@ static void client_close_fn(struct tevent_context *ev, + "Failed to close fd [%d]: [%s]\n", + ctx->cfd, strerror(ret)); + } +- /* Restore the original chain id */ +- sss_chain_id_set(ctx->old_chain_id); + + DEBUG(SSSDBG_TRACE_INTERNAL, + "Terminated client [%p][%d]\n", +@@ -526,7 +524,6 @@ static void accept_fd_handler(struct tevent_context *ev, + int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd; + + rctx->client_id_num++; +- + if (accept_ctx->is_private) { + ret = stat(rctx->priv_sock_name, &stat_buf); + if (ret == -1) { +@@ -557,6 +554,8 @@ static void accept_fd_handler(struct tevent_context *ev, + + talloc_set_destructor(cctx, cli_ctx_destructor); + ++ cctx->client_id_num = rctx->client_id_num; ++ + len = sizeof(cctx->addr); + cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len); + if (cctx->cfd == -1) { +@@ -645,7 +644,7 @@ static void accept_fd_handler(struct tevent_context *ev, + + DEBUG(SSSDBG_TRACE_FUNC, + "[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n", +- rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds), ++ cctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds), + cctx, cctx->cfd, accept_ctx->is_private ? " to privileged pipe" : ""); + + return; +@@ -1090,6 +1089,7 @@ void sss_client_fd_handler(void *ptr, + uint16_t flags) + { + errno_t ret; ++ uint64_t old_chain_id; + struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); + + /* Always reset the responder idle timer on any activity */ +@@ -1105,7 +1105,7 @@ void sss_client_fd_handler(void *ptr, + } + + /* Set the chain id */ +- cctx->old_chain_id = sss_chain_id_set(cctx->rctx->client_id_num); ++ old_chain_id = sss_chain_id_set(cctx->client_id_num); + + if (flags & TEVENT_FD_READ) { + recv_fn(cctx); +@@ -1116,6 +1116,8 @@ void sss_client_fd_handler(void *ptr, + send_fn(cctx); + return; + } ++ /* Restore the original chain id */ ++ sss_chain_id_set(old_chain_id); + } + + int sss_connection_setup(struct cli_ctx *cctx) +diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c +index d549e02d3..4b4770da1 100644 +--- a/src/responder/common/responder_dp.c ++++ b/src/responder/common/responder_dp.c +@@ -23,6 +23,7 @@ + #include + #include + #include "util/util.h" ++#include "util/sss_chain_id.h" + #include "responder/common/responder_packet.h" + #include "responder/common/responder.h" + #include "providers/data_provider.h" +@@ -276,7 +277,7 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx, + subreq = sbus_call_dp_dp_getAccountInfo_send(state, be_conn->conn, + be_conn->bus_name, SSS_BUS_PATH, dp_flags, + entry_type, filter, dom->name, extra, +- rctx->client_id_num); ++ sss_chain_id_get()); + if (subreq == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n"); + ret = ENOMEM; +@@ -406,7 +407,7 @@ sss_dp_resolver_get_send(TALLOC_CTX *mem_ctx, + SSS_BUS_PATH, + dp_flags, entry_type, + filter_type, filter_value, +- rctx->client_id_num); ++ sss_chain_id_get()); + if (subreq == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n"); + ret = ENOMEM; +diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c +index 918124756..aeff28d73 100644 +--- a/src/responder/common/responder_get_domains.c ++++ b/src/responder/common/responder_get_domains.c +@@ -19,6 +19,7 @@ + */ + + #include "util/util.h" ++#include "util/sss_chain_id.h" + #include "responder/common/responder.h" + #include "providers/data_provider.h" + #include "db/sysdb.h" +@@ -751,7 +752,7 @@ sss_dp_get_account_domain_send(TALLOC_CTX *mem_ctx, + be_conn->bus_name, + SSS_BUS_PATH, dp_flags, + entry_type, filter, +- rctx->client_id_num); ++ sss_chain_id_get()); + if (subreq == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n"); + ret = ENOMEM; +diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c +index cb0e1b82f..1695554fc 100644 +--- a/src/responder/pam/pamsrv_cmd.c ++++ b/src/responder/pam/pamsrv_cmd.c +@@ -1492,7 +1492,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) + } + preq->cctx = cctx; + preq->cert_auth_local = false; +- preq->client_id_num = pctx->rctx->client_id_num; ++ preq->client_id_num = cctx->client_id_num; + + preq->pd = create_pam_data(preq); + if (!preq->pd) { +@@ -1513,7 +1513,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) + + pd->cmd = pam_cmd; + pd->priv = cctx->priv; +- pd->client_id_num = pctx->rctx->client_id_num; ++ pd->client_id_num = cctx->client_id_num; + + ret = pam_forwarder_parse_data(cctx, pd); + if (ret == EAGAIN) { +-- +2.37.1 + diff --git a/SOURCES/0009-Analyzer-support-parallel-requests-parsing.patch b/SOURCES/0009-Analyzer-support-parallel-requests-parsing.patch new file mode 100644 index 0000000..b2c49e1 --- /dev/null +++ b/SOURCES/0009-Analyzer-support-parallel-requests-parsing.patch @@ -0,0 +1,185 @@ +From d22ea2df62b6e245eef75d7201b678601bf63e98 Mon Sep 17 00:00:00 2001 +From: Justin Stephenson +Date: Fri, 19 Aug 2022 14:44:11 -0400 +Subject: [PATCH 9/9] Analyzer: support parallel requests parsing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Analyzer code(primarily the list verbose command) needs +changes to handle parsing the necessary lines from +NSS/PAM log files when multiple intermixed/parallel +client requests are sent to SSSD. + +Resolves: https://github.com/SSSD/sssd/issues/6307 + +Reviewed-by: Alexey Tikhonov +Reviewed-by: Pavel Březina + +Reviewed-by: Alexey Tikhonov +--- + src/tools/analyzer/modules/request.py | 119 +++++++++++++++----------- + 1 file changed, 67 insertions(+), 52 deletions(-) + +diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py +index 935e13adc..b9fe3caf8 100644 +--- a/src/tools/analyzer/modules/request.py ++++ b/src/tools/analyzer/modules/request.py +@@ -16,7 +16,6 @@ class RequestAnalyzer: + """ + module_parser = None + consumed_logs = [] +- done = "" + list_opts = [ + Option('--verbose', 'Verbose output', bool, '-v'), + Option('--pam', 'Filter only PAM requests', bool), +@@ -149,58 +148,74 @@ class RequestAnalyzer: + print(line) + return found_results + +- def print_formatted(self, line, verbose): ++ def print_formatted_verbose(self, source, patterns): ++ """ ++ Parse line and print formatted verbose list_requests output ++ ++ Args: ++ source (Reader): source Reader object ++ patterns (list): List of regex patterns to use for ++ matching lines ++ """ ++ # Get CID number, and print the basic line first ++ for line in self.matched_line(source, patterns): ++ cid = self.print_formatted(line) ++ ++ # Loop through each line with this CID number to extract and ++ # print the verbose data needed ++ verbose_patterns = ["(cache_req_send|cache_req_process_input|" ++ "cache_req_search_send)"] ++ for cidline in self.matched_line(source, verbose_patterns): ++ plugin = "" ++ name = "" ++ id = "" ++ ++ # skip any lines not pertaining to this CID ++ if f"CID#{cid}]" not in cidline: ++ continue ++ if "refreshed" in cidline: ++ continue ++ # CR Plugin name ++ if re.search("cache_req_send", cidline): ++ plugin = cidline.split('\'')[1] ++ # CR Input name ++ elif re.search("cache_req_process_input", cidline): ++ name = cidline.rsplit('[')[-1] ++ # CR Input id ++ elif re.search("cache_req_search_send", cidline): ++ id = cidline.rsplit()[-1] ++ ++ if plugin: ++ print(" - " + plugin) ++ if name: ++ print(" - " + name[:-2]) ++ if (id and ("UID" in cidline or "GID" in cidline)): ++ print(" - " + id) ++ ++ def print_formatted(self, line): + """ + Parse line and print formatted list_requests output + + Args: + line (str): line to parse +- verbose (bool): If true, enable verbose output ++ Returns: ++ Client ID from printed line, 0 otherwise + """ +- plugin = "" +- name = "" +- id = "" +- + # exclude backtrace logs + if line.startswith(' * '): +- return +- fields = line.split("[") +- cr_field = fields[3][7:] +- cr = cr_field.split(":")[0][4:] ++ return 0 + if "refreshed" in line: +- return +- # CR Plugin name +- if re.search("cache_req_send", line): +- plugin = line.split('\'')[1] +- # CR Input name +- elif re.search("cache_req_process_input", line): +- name = line.rsplit('[')[-1] +- # CR Input id +- elif re.search("cache_req_search_send", line): +- id = line.rsplit()[-1] +- # CID and client process name +- else: +- ts = line.split(")")[0] +- ts = ts[1:] +- fields = line.split("[") +- cid = fields[3][4:-9] +- cmd = fields[4][4:-1] +- uid = fields[5][4:-1] +- if not uid.isnumeric(): +- uid = fields[6][4:-1] +- print(f'{ts}: [uid {uid}] CID #{cid}: {cmd}') +- +- if verbose: +- if plugin: +- print(" - " + plugin) +- if name: +- if cr not in self.done: +- print(" - " + name[:-2]) +- self.done = cr +- if id: +- if cr not in self.done: +- print(" - " + id) +- self.done = cr ++ return 0 ++ ts = line.split(")")[0] ++ ts = ts[1:] ++ fields = line.split("[") ++ cid = fields[3][4:-9] ++ cmd = fields[4][4:-1] ++ uid = fields[5][4:-1] ++ if not uid.isnumeric(): ++ uid = fields[6][4:-1] ++ print(f'{ts}: [uid {uid}] CID #{cid}: {cmd}') ++ return cid + + def list_requests(self, args): + """ +@@ -215,20 +230,20 @@ class RequestAnalyzer: + # Log messages matching the following regex patterns contain + # the useful info we need to produce list output + patterns = [r'\[cmd'] +- patterns.append("(cache_req_send|cache_req_process_input|" +- "cache_req_search_send)") + if args.pam: + component = source.Component.PAM + resp = "pam" + + logger.info(f"******** Listing {resp} client requests ********") + source.set_component(component, False) +- self.done = "" +- for line in self.matched_line(source, patterns): +- if isinstance(source, Journald): +- print(line) +- else: +- self.print_formatted(line, args.verbose) ++ if args.verbose: ++ self.print_formatted_verbose(source, patterns) ++ else: ++ for line in self.matched_line(source, patterns): ++ if isinstance(source, Journald): ++ print(line) ++ else: ++ self.print_formatted(line) + + def track_request(self, args): + """ +-- +2.37.1 + diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec index fed8045..230f8ad 100644 --- a/SPECS/sssd.spec +++ b/SPECS/sssd.spec @@ -19,7 +19,7 @@ Name: sssd Version: 2.7.3 -Release: 2%{?dist} +Release: 3%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -31,6 +31,11 @@ Patch0001: 0001-Makefile-remove-unneeded-dependency.patch Patch0002: 0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch Patch0003: 0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch Patch0004: 0004-Analyzer-Fix-escaping-raw-fstring.patch +Patch0005: 0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch +Patch0006: 0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch +Patch0007: 0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch +Patch0008: 0008-RESPONDER-Fix-client-ID-tracking.patch +Patch0009: 0009-Analyzer-support-parallel-requests-parsing.patch ### Downstream Patches ### @@ -1181,6 +1186,11 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Tue Aug 23 2022 Alexey Tikhonov - 2.7.3-3 +- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 +- Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured +- Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend + * Wed Aug 10 2022 Alexey Tikhonov - 2.7.3-2 - Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs