From 797caead4fd8608c9269894665341125928bb06f Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 16 Oct 2013 13:59:35 +0200 Subject: [PATCH] Fix potential crash with external groups in trusted IPA-AD setup --- ...-mode-properly-initialize-ext_groups.patch | 32 +++++++++++++++++++ sssd.spec | 6 +++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 0004-IPA-server-mode-properly-initialize-ext_groups.patch diff --git a/0004-IPA-server-mode-properly-initialize-ext_groups.patch b/0004-IPA-server-mode-properly-initialize-ext_groups.patch new file mode 100644 index 0000000..ae43277 --- /dev/null +++ b/0004-IPA-server-mode-properly-initialize-ext_groups.patch @@ -0,0 +1,32 @@ +From 3d6fb8fcaa650d1da60a2e575847bd6fcfa08c72 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 16 Oct 2013 10:45:52 +0200 +Subject: [PATCH] IPA server mode: properly initialize ext_groups + +--- + src/providers/ipa/ipa_subdomains.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c +index bfbdabf..ea55f70 100644 +--- a/src/providers/ipa/ipa_subdomains.c ++++ b/src/providers/ipa/ipa_subdomains.c +@@ -1305,13 +1305,14 @@ int ipa_ad_subdom_init(struct be_ctx *be_ctx, + return EINVAL; + } + +- id_ctx->server_mode = talloc(id_ctx, struct ipa_server_mode_ctx); ++ id_ctx->server_mode = talloc_zero(id_ctx, struct ipa_server_mode_ctx); + if (id_ctx->server_mode == NULL) { + return ENOMEM; + } + id_ctx->server_mode->realm = realm; + id_ctx->server_mode->hostname = hostname; + id_ctx->server_mode->trusts = NULL; ++ id_ctx->server_mode->ext_groups = NULL; + + return EOK; + } +-- +1.8.3.1 + diff --git a/sssd.spec b/sssd.spec index 0bd404f..fbcf7ba 100644 --- a/sssd.spec +++ b/sssd.spec @@ -14,7 +14,7 @@ Name: sssd Version: 1.11.1 -Release: 4%{?dist} +Release: 5%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -26,6 +26,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Patch0001: 0001-krb5-Remove-ability-to-create-public-directories.patch Patch0002: 0002-krb5-Fix-unit-tests.patch Patch0003: 0003-AD-properly-intitialize-GC-from-ad_server-option.patch +Patch0004: 0004-IPA-server-mode-properly-initialize-ext_groups.patch Patch0601: 0601-FEDORA-LDAP-handle-SID-requests-if-noexist_delete-is-set.patch Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch @@ -737,6 +738,9 @@ fi %postun -n libsss_idmap -p /sbin/ldconfig %changelog +* Wed Oct 16 2013 Sumit Bose - 1.11.1-5 +- Fix potential crash with external groups in trusted IPA-AD setup + * Mon Oct 14 2013 Sumit Bose - 1.11.1-4 - Add plugin for cifs-utils - Resolves: rhbz#998544