PR#16: sssd-2.5.1-1: Rebase to latest upstream release - rpms/sssd

rpms / sssd

#16 sssd-2.5.1-1: Rebase to latest upstream release

Merged 2 years ago by pbrezina. Opened 2 years ago by pbrezina.

rpms/ pbrezina/sssd rawhide into rawhide

sssd-2.5.1-1: Rebase to latest upstream release

Pavel Březina • 2 years ago

948a68a

.gitignore

file modified

		`@@ -92,3 +92,4 @@`
		`/sssd-2.4.1.tar.gz`
		`/sssd-2.4.2.tar.gz`
		`/sssd-2.5.0.tar.gz`
		`+ /sssd-2.5.1.tar.gz`

0001-KCM-return-KRB5_FCC_INTERNAL-for-unknown-or-not-impl.patch

file removed

-49

		`@@ -1,49 +0,0 @@`
		`- From 9b017dbc80cf09b3a2d7e09f771faf70d4538b4f Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>`
		`- Date: Thu, 13 May 2021 12:18:24 +0200`
		`- Subject: [PATCH 1/5] KCM: return KRB5_FCC_INTERNAL for unknown or not`
		`- implemented operation`
		`-`
		- sssd-kcm should follow Heimdal's return codes. Heimdal returns `KRB5_FCC_INTERNAL`
		`- for cases where operation code is not known or not implemented. See:`
		`-`
		`- * https://github.com/heimdal/heimdal/blob/master/kcm/protocol.c#L1785`
		`- * https://github.com/heimdal/heimdal/blob/master/kcm/protocol.c#L1792`
		`-`
		`- We returned different codes before this patch which makes Kerberos to differentiate`
		`- between Heimdal and sssd implementation. This leads to errors like:`
		`-`
		`- * https://github.com/krb5/krb5/pull/1178#issuecomment-838289703`
		`-`
		`- Resolves: https://github.com/SSSD/sssd/issues/5628`
		`-`
		`- Reviewed-by: Justin Stephenson <jstephen@redhat.com>`
		`- ---`
		`- src/responder/kcm/kcmsrv_cmd.c \| 4 ++--`
		`- 1 file changed, 2 insertions(+), 2 deletions(-)`
		`-`
		`- diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c`
		`- index 6b11b184124c7cb17be2c7858afda3d56a4dcea6..3ad17ef431bb3d42b39f56d04c97acfc25f06d2f 100644`
		`- --- a/src/responder/kcm/kcmsrv_cmd.c`
		`- +++ b/src/responder/kcm/kcmsrv_cmd.c`
		`- @@ -197,7 +197,7 @@ static errno_t kcm_input_parse(struct kcm_reqbuf *reqbuf,`
		`- if (op_io->op == NULL) {`
		`- DEBUG(SSSDBG_CRIT_FAILURE,`
		`- "Did not find a KCM operation handler for the requested opcode\n");`
		`- - return ERR_KCM_MALFORMED_IN_PKT;`
		`- + return ERR_KCM_OP_NOT_IMPLEMENTED;`
		`- }`
		`-`
		`- /* The operation only receives the payload, not the opcode or the protocol info */`
		`- @@ -643,7 +643,7 @@ krb5_error_code sss2krb5_error(errno_t err)`
		`- case EACCES:`
		`- return KRB5_FCC_PERM;`
		`- case ERR_KCM_OP_NOT_IMPLEMENTED:`
		`- - return KRB5_CC_NOSUPP;`
		`- + return KRB5_FCC_INTERNAL;`
		`- case ERR_WRONG_NAME_FORMAT:`
		`- return KRB5_CC_BADNAME;`
		`- case ERR_NO_MATCHING_CREDS:`
		`- --`
		`- 2.30.2`
		`-`

0002-SECRETS-Resolve-mkey-path-correctly.patch

file removed

-104

		`@@ -1,104 +0,0 @@`
		`- From dbde4e692e34d3ff8233ac17a5eae5a062637e48 Mon Sep 17 00:00:00 2001`
		`- From: Justin Stephenson <jstephen@redhat.com>`
		`- Date: Wed, 19 May 2021 10:54:52 -0400`
		`- Subject: [PATCH 2/5] SECRETS: Resolve mkey path correctly`
		`- MIME-Version: 1.0`
		`- Content-Type: text/plain; charset=UTF-8`
		`- Content-Transfer-Encoding: 8bit`
		`-`
		`- Use the correct master key path for the secrets database,`
		`- fixing an issue on upgrade.`
		`-`
		`- Reviewed-by: Pavel Březina <pbrezina@redhat.com>`
		`- Reviewed-by: Sumit Bose <sbose@redhat.com>`
		`- ---`
		`- src/tests/cmocka/test_kcm_renewals.c \| 3 ++-`
		`- src/util/secrets/secrets.c \| 10 ++++++----`
		`- src/util/secrets/secrets.h \| 1 +`
		`- 3 files changed, 9 insertions(+), 5 deletions(-)`
		`-`
		`- diff --git a/src/tests/cmocka/test_kcm_renewals.c b/src/tests/cmocka/test_kcm_renewals.c`
		`- index f508bab005ff916a8f2a453670c137a56ac9ba46..53ce558be22cffb486d593bbc8c021b91e8fb2fa 100644`
		`- --- a/src/tests/cmocka/test_kcm_renewals.c`
		`- +++ b/src/tests/cmocka/test_kcm_renewals.c`
		`- @@ -37,6 +37,7 @@`
		`- #define TESTS_PATH "tp_" BASE_FILE_STEM`
		`- #define TEST_CONF_DB "test_kcm_renewals_conf.ldb"`
		`- #define TEST_DB_FULL_PATH TESTS_PATH "/secrets.ldb"`
		`- +#define TEST_MKEY_FULL_PATH TESTS_PATH "/.secrets.mkey"`
		`-`
		`- errno_t kcm_renew_all_tgts(TALLOC_CTX *mem_ctx,`
		`- struct kcm_renew_tgt_ctx *renew_tgt_ctx,`
		`- @@ -199,7 +200,7 @@ static void test_kcm_renewals_tgt(void **state)`
		`- open(TEST_DB_FULL_PATH, O_CREAT\|O_EXCL\|O_WRONLY, 0600);`
		`-`
		`- ret = sss_sec_init_with_path(test_ctx->ccdb, NULL, TEST_DB_FULL_PATH,`
		`- - &secdb->sctx);`
		`- + TEST_MKEY_FULL_PATH, &secdb->sctx);`
		`-`
		`- /* Create renew ctx */`
		`- renew_tgt_ctx = talloc_zero(test_ctx, struct kcm_renew_tgt_ctx);`
		`- diff --git a/src/util/secrets/secrets.c b/src/util/secrets/secrets.c`
		`- index 42df14aa9c6265cbd723f826ce47f35529c4be10..2801eb24263ef8116a7afc294ee91a863295f5be 100644`
		`- --- a/src/util/secrets/secrets.c`
		`- +++ b/src/util/secrets/secrets.c`
		`- @@ -634,13 +634,13 @@ static int generate_master_key(const char *filename, size_t size)`
		`- }`
		`-`
		`- static errno_t lcl_read_mkey(TALLOC_CTX *mem_ctx,`
		`- - const char *dbpath,`
		`- + const char *mkeypath,`
		`- struct sss_sec_data *master_key)`
		`- {`
		`- int mfd;`
		`- ssize_t size;`
		`- errno_t ret;`
		`- - const char *mkey = dbpath;`
		`- + const char *mkey = mkeypath;`
		`-`
		`- master_key->data = talloc_size(mem_ctx, MKEY_SIZE);`
		`- if (master_key->data == NULL) {`
		`- @@ -703,6 +703,7 @@ static int set_quotas(struct sss_sec_ctx *sec_ctx,`
		`- errno_t sss_sec_init_with_path(TALLOC_CTX *mem_ctx,`
		`- struct sss_sec_hive_config **config_list,`
		`- const char *dbpath,`
		`- + const char *mkeypath,`
		`- struct sss_sec_ctx **_sec_ctx)`
		`- {`
		`- struct sss_sec_ctx *sec_ctx;`
		`- @@ -746,7 +747,7 @@ errno_t sss_sec_init_with_path(TALLOC_CTX *mem_ctx,`
		`- goto done;`
		`- }`
		`-`
		`- - ret = lcl_read_mkey(sec_ctx, dbpath, &sec_ctx->master_key);`
		`- + ret = lcl_read_mkey(sec_ctx, mkeypath, &sec_ctx->master_key);`
		`- if (ret != EOK) {`
		`- DEBUG(SSSDBG_OP_FAILURE, "Cannot get the master key\n");`
		`- goto done;`
		`- @@ -764,9 +765,10 @@ errno_t sss_sec_init(TALLOC_CTX *mem_ctx,`
		`- struct sss_sec_ctx **_sec_ctx)`
		`- {`
		`- const char *dbpath = SECRETS_DB_PATH"/secrets.ldb";`
		`- + const char *mkeypath = SECRETS_DB_PATH"/.secrets.mkey";`
		`- errno_t ret;`
		`-`
		`- - ret = sss_sec_init_with_path(mem_ctx, config_list, dbpath, _sec_ctx);`
		`- + ret = sss_sec_init_with_path(mem_ctx, config_list, dbpath, mkeypath, _sec_ctx);`
		`- if (ret != EOK) {`
		`- DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize secdb [%d]: %s\n",`
		`- ret, sss_strerror(ret));`
		`- diff --git a/src/util/secrets/secrets.h b/src/util/secrets/secrets.h`
		`- index a15b99ffec6d1810e0c0cf815ed48d118ba2a08c..958f0824b5c89d8cafc249c7ac123ed999931347 100644`
		`- --- a/src/util/secrets/secrets.h`
		`- +++ b/src/util/secrets/secrets.h`
		`- @@ -83,6 +83,7 @@ errno_t sss_sec_init(TALLOC_CTX *mem_ctx,`
		`- errno_t sss_sec_init_with_path(TALLOC_CTX *mem_ctx,`
		`- struct sss_sec_hive_config **config_list,`
		`- const char *dbpath,`
		`- + const char *mkeypath,`
		`- struct sss_sec_ctx **_sec_ctx);`
		`-`
		`- errno_t sss_sec_new_req(TALLOC_CTX *mem_ctx,`
		`- --`
		`- 2.30.2`
		`-`

0003-UTIL-SECRETS-mistype-fix.patch

file removed

-51

		`@@ -1,51 +0,0 @@`
		`- From 9777427facccbbe45c855b0319258335dffb986a Mon Sep 17 00:00:00 2001`
		`- From: Alexey Tikhonov <atikhono@redhat.com>`
		`- Date: Tue, 18 May 2021 12:04:01 +0200`
		`- Subject: [PATCH 3/5] UTIL/SECRETS: mistype fix`
		`-`
		`- Wrong variable was tested after mem allocation.`
		`-`
		`- Also fixes following covscan issues:`
		- ```
		`- Error: DEADCODE (CWE-561):`
		`- sssd-2.5.0/src/util/secrets/secrets.c:1004: cond_notnull: Condition "uuid_list == NULL", taking false branch. Now the value of "uuid_list" is not "NULL".`
		`- sssd-2.5.0/src/util/secrets/secrets.c:1010: notnull: At condition "uuid_list == NULL", the value of "uuid_list" cannot be "NULL".`
		`- sssd-2.5.0/src/util/secrets/secrets.c:1010: dead_error_condition: The condition "uuid_list == NULL" cannot be true.`
		`- sssd-2.5.0/src/util/secrets/secrets.c:1011: dead_error_begin: Execution cannot reach this statement: "ret = 12;".`
		`- # 1009\| uid_list = talloc_zero_array(tmp_ctx, const char *, res->count);`
		`- # 1010\| if (uuid_list == NULL) {`
		`- # 1011\|-> ret = ENOMEM;`
		`- # 1012\| goto done;`
		`- # 1013\| }`
		- ```
		`-`
		`- Reviewed-by: Justin Stephenson <jstephen@redhat.com>`
		`- ---`
		`- src/util/secrets/secrets.c \| 6 +++---`
		`- 1 file changed, 3 insertions(+), 3 deletions(-)`
		`-`
		`- diff --git a/src/util/secrets/secrets.c b/src/util/secrets/secrets.c`
		`- index 2801eb24263ef8116a7afc294ee91a863295f5be..6e99e291dd355cc69b0d872f53624ca3446e18ad 100644`
		`- --- a/src/util/secrets/secrets.c`
		`- +++ b/src/util/secrets/secrets.c`
		`- @@ -1002,14 +1002,14 @@ errno_t sss_sec_list_cc_uuids(TALLOC_CTX *mem_ctx,`
		`- goto done;`
		`- }`
		`-`
		`- - uuid_list = talloc_zero_array(tmp_ctx, const char *, res->count);`
		`- + uuid_list = talloc_zero_array(tmp_ctx, const char *, res->count);`
		`- if (uuid_list == NULL) {`
		`- ret = ENOMEM;`
		`- goto done;`
		`- }`
		`-`
		`- - uid_list = talloc_zero_array(tmp_ctx, const char *, res->count);`
		`- - if (uuid_list == NULL) {`
		`- + uid_list = talloc_zero_array(tmp_ctx, const char *, res->count);`
		`- + if (uid_list == NULL) {`
		`- ret = ENOMEM;`
		`- goto done;`
		`- }`
		`- --`
		`- 2.30.2`
		`-`

sources

file modified

+1 -1

		`@@ -1,1 +1,1 @@`
		`- SHA512 (sssd-2.5.0.tar.gz) = 80b5e81cedacdf0bbe724af20d69b918bb6cc353976c6c65421afcd5809d1723f523bc3c1be294b9e01cfda9617c2df5c6ceb007837f195eb1abc2abdab9858c`
		`+ SHA512 (sssd-2.5.1.tar.gz) = 7441df3b5f1cc1eadb0c6853b048d780ecb36761876aaeb26b9a2d87729211d3ceeae01085dc3ec4fd1c5328f951c8abe854b1d01d91fae25466f930fe16e44a`

sssd.spec

file modified

+6 -7

		`@@ -26,19 +26,15 @@`
		`%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})`

		`Name: sssd`
		`- Version: 2.5.0`
		`- Release: 3%{?dist}`
		`+ Version: 2.5.1`
		`+ Release: 1%{?dist}`
		`Summary: System Security Services Daemon`
		`License: GPLv3+`
		`URL: https://github.com/SSSD/sssd/`
		`- Source0: https://github.com/SSSD/sssd/releases/download/2.5.0/sssd-2.5.0.tar.gz`
		`+ Source0: https://github.com/SSSD/sssd/releases/download/2.5.1/sssd-2.5.1.tar.gz`

		`### Patches ###`

		`- Patch0001: 0001-KCM-return-KRB5_FCC_INTERNAL-for-unknown-or-not-impl.patch`
		`- Patch0002: 0002-SECRETS-Resolve-mkey-path-correctly.patch`
		`- Patch0003: 0003-UTIL-SECRETS-mistype-fix.patch`
		`-`
		`### Dependencies ###`

		`Requires: sssd-ad = %{version}-%{release}`
		`@@ -1002,6 +998,9 @@`
		`%systemd_postun_with_restart sssd.service`

		`%changelog`
		`+ * Tue Jun 08 2021 Pavel Březina <pbrezina@redhat.com> - 2.5.1-1`
		`+ - Rebase to SSSD 2.5.1`
		`+`
		`* Fri Jun 04 2021 Python Maint <python-maint@redhat.com>`
		`- Rebuilt for Python 3.10`