Merge branch 'master' into f14
Conflicts: sssd.spec
This commit is contained in:
commit
7c5e4bf4d8
1
.gitignore
vendored
1
.gitignore
vendored
@ -6,3 +6,4 @@ sssd-1.2.91.tar.gz
|
||||
/sssd-1.5.1.tar.gz
|
||||
/sssd-1.5.2.tar.gz
|
||||
/sssd-1.5.3.tar.gz
|
||||
/sssd-1.5.4.tar.gz
|
||||
|
@ -1,150 +0,0 @@
|
||||
From 2c97299c19a71aa41eef3f3155c24347cf392615 Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||
Date: Fri, 11 Mar 2011 05:06:48 -0500
|
||||
Subject: [PATCH 1/2] Require existence of GID number and name in group searches
|
||||
|
||||
https://fedorahosted.org/sssd/ticket/824
|
||||
---
|
||||
src/providers/ldap/ldap_id.c | 9 ++++++---
|
||||
src/providers/ldap/ldap_id_enum.c | 28 ++++++++++++++++------------
|
||||
src/providers/ldap/sdap_async_accounts.c | 30 ++++++++++++++++++++----------
|
||||
3 files changed, 42 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
|
||||
index 9a234280082f7396eda4307e9e4bb4bd63b5615c..776df1ac2d9e983a792fbba0f6773c082898708d 100644
|
||||
--- a/src/providers/ldap/ldap_id.c
|
||||
+++ b/src/providers/ldap/ldap_id.c
|
||||
@@ -335,9 +335,12 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
|
||||
- attr_name, clean_name,
|
||||
- ctx->opts->group_map[SDAP_OC_GROUP].name);
|
||||
+ state->filter =
|
||||
+ talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))",
|
||||
+ attr_name, clean_name,
|
||||
+ ctx->opts->group_map[SDAP_OC_GROUP].name,
|
||||
+ ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
+ ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
|
||||
if (!state->filter) {
|
||||
DEBUG(2, ("Failed to build filter\n"));
|
||||
ret = ENOMEM;
|
||||
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
|
||||
index f47ee9fbe170bae0058a682a3a051df21cfbc0d6..42c2911926602bfc2e3a33a0af837d6e809ee68b 100644
|
||||
--- a/src/providers/ldap/ldap_id_enum.c
|
||||
+++ b/src/providers/ldap/ldap_id_enum.c
|
||||
@@ -546,19 +546,23 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
|
||||
state->op = op;
|
||||
|
||||
if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) {
|
||||
- state->filter = talloc_asprintf(state,
|
||||
- "(&(%s=*)(objectclass=%s)(%s>=%s)(!(%s=%s)))",
|
||||
- ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
- ctx->opts->group_map[SDAP_OC_GROUP].name,
|
||||
- ctx->opts->group_map[SDAP_AT_GROUP_USN].name,
|
||||
- ctx->srv_opts->max_group_value,
|
||||
- ctx->opts->group_map[SDAP_AT_GROUP_USN].name,
|
||||
- ctx->srv_opts->max_group_value);
|
||||
+ state->filter = talloc_asprintf(
|
||||
+ state,
|
||||
+ "(&(objectclass=%s)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))",
|
||||
+ ctx->opts->group_map[SDAP_OC_GROUP].name,
|
||||
+ ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
+ ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
|
||||
+ ctx->opts->group_map[SDAP_AT_GROUP_USN].name,
|
||||
+ ctx->srv_opts->max_group_value,
|
||||
+ ctx->opts->group_map[SDAP_AT_GROUP_USN].name,
|
||||
+ ctx->srv_opts->max_group_value);
|
||||
} else {
|
||||
- state->filter = talloc_asprintf(state,
|
||||
- "(&(%s=*)(objectclass=%s))",
|
||||
- ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
- ctx->opts->group_map[SDAP_OC_GROUP].name);
|
||||
+ state->filter = talloc_asprintf(
|
||||
+ state,
|
||||
+ "(&(objectclass=%s)(%s=*)(%s=*))",
|
||||
+ ctx->opts->group_map[SDAP_OC_GROUP].name,
|
||||
+ ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
+ ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
|
||||
}
|
||||
if (!state->filter) {
|
||||
DEBUG(2, ("Failed to build filter\n"));
|
||||
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
|
||||
index 8e459598674d589c0cdfcece125c183f7c95bb4d..3fedf07da7fbdc9409f5360ba8301158a65014cd 100644
|
||||
--- a/src/providers/ldap/sdap_async_accounts.c
|
||||
+++ b/src/providers/ldap/sdap_async_accounts.c
|
||||
@@ -2007,10 +2007,12 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
|
||||
+ filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))",
|
||||
opts->group_map[SDAP_AT_GROUP_MEMBER].name,
|
||||
clean_name,
|
||||
- opts->group_map[SDAP_OC_GROUP].name);
|
||||
+ opts->group_map[SDAP_OC_GROUP].name,
|
||||
+ opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
+ opts->group_map[SDAP_AT_GROUP_GID].name);
|
||||
if (!filter) {
|
||||
talloc_zfree(req);
|
||||
return NULL;
|
||||
@@ -2211,8 +2213,10 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- state->filter = talloc_asprintf(state, "(objectclass=%s)",
|
||||
- opts->group_map[SDAP_OC_GROUP].name);
|
||||
+ state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*)(%s=*))",
|
||||
+ opts->group_map[SDAP_OC_GROUP].name,
|
||||
+ opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
+ opts->group_map[SDAP_AT_GROUP_GID].name);
|
||||
if (!state->filter) {
|
||||
talloc_zfree(req);
|
||||
return NULL;
|
||||
@@ -3103,8 +3107,10 @@ static errno_t sdap_nested_group_lookup_group(struct tevent_req *req)
|
||||
}
|
||||
|
||||
filter = talloc_asprintf(
|
||||
- sdap_attrs, "(objectclass=%s)",
|
||||
- state->opts->group_map[SDAP_OC_GROUP].name);
|
||||
+ sdap_attrs, "(&(objectclass=%s)(%s=*)(%s=*))",
|
||||
+ state->opts->group_map[SDAP_OC_GROUP].name,
|
||||
+ state->opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
+ state->opts->group_map[SDAP_AT_GROUP_GID].name);
|
||||
if (!filter) {
|
||||
talloc_free(sdap_attrs);
|
||||
return ENOMEM;
|
||||
@@ -3435,10 +3441,12 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send(
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
|
||||
+ filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))",
|
||||
opts->group_map[SDAP_AT_GROUP_MEMBER].name,
|
||||
clean_orig_dn,
|
||||
- opts->group_map[SDAP_OC_GROUP].name);
|
||||
+ opts->group_map[SDAP_OC_GROUP].name,
|
||||
+ opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
+ opts->group_map[SDAP_AT_GROUP_GID].name);
|
||||
if (!filter) {
|
||||
talloc_zfree(req);
|
||||
return NULL;
|
||||
@@ -3839,10 +3847,12 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req)
|
||||
}
|
||||
|
||||
filter = talloc_asprintf(
|
||||
- tmp_ctx, "(&(%s=%s)(objectclass=%s))",
|
||||
+ tmp_ctx, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))",
|
||||
state->opts->group_map[SDAP_AT_GROUP_MEMBER].name,
|
||||
clean_orig_dn,
|
||||
- state->opts->group_map[SDAP_OC_GROUP].name);
|
||||
+ state->opts->group_map[SDAP_OC_GROUP].name,
|
||||
+ state->opts->group_map[SDAP_AT_GROUP_NAME].name,
|
||||
+ state->opts->group_map[SDAP_AT_GROUP_GID].name);
|
||||
if (!filter) {
|
||||
ret = ENOMEM;
|
||||
goto error;
|
||||
--
|
||||
1.7.4
|
||||
|
@ -1,55 +0,0 @@
|
||||
From c6f9fcdbf62d616f9fc89b7695aa48fa4c8ebd80 Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||
Date: Mon, 14 Mar 2011 09:56:22 -0400
|
||||
Subject: [PATCH 2/2] Require existence of username, uid and gid for user enumeration
|
||||
|
||||
We will ignore users that do not have these three values.
|
||||
---
|
||||
src/providers/ldap/ldap_id_enum.c | 30 ++++++++++++++++++------------
|
||||
1 files changed, 18 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
|
||||
index 42c2911926602bfc2e3a33a0af837d6e809ee68b..6899b87c08b46c3c2b61fcd975ab14a4118cc918 100644
|
||||
--- a/src/providers/ldap/ldap_id_enum.c
|
||||
+++ b/src/providers/ldap/ldap_id_enum.c
|
||||
@@ -441,19 +441,25 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
|
||||
state->op = op;
|
||||
|
||||
if (ctx->srv_opts && ctx->srv_opts->max_user_value && !purge) {
|
||||
- state->filter = talloc_asprintf(state,
|
||||
- "(&(%s=*)(objectclass=%s)(%s>=%s)(!(%s=%s)))",
|
||||
- ctx->opts->user_map[SDAP_AT_USER_NAME].name,
|
||||
- ctx->opts->user_map[SDAP_OC_USER].name,
|
||||
- ctx->opts->user_map[SDAP_AT_USER_USN].name,
|
||||
- ctx->srv_opts->max_user_value,
|
||||
- ctx->opts->user_map[SDAP_AT_USER_USN].name,
|
||||
- ctx->srv_opts->max_user_value);
|
||||
+ state->filter = talloc_asprintf(
|
||||
+ state,
|
||||
+ "(&(objectclass=%s)(%s=*)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))",
|
||||
+ ctx->opts->user_map[SDAP_OC_USER].name,
|
||||
+ ctx->opts->user_map[SDAP_AT_USER_NAME].name,
|
||||
+ ctx->opts->user_map[SDAP_AT_USER_UID].name,
|
||||
+ ctx->opts->user_map[SDAP_AT_USER_GID].name,
|
||||
+ ctx->opts->user_map[SDAP_AT_USER_USN].name,
|
||||
+ ctx->srv_opts->max_user_value,
|
||||
+ ctx->opts->user_map[SDAP_AT_USER_USN].name,
|
||||
+ ctx->srv_opts->max_user_value);
|
||||
} else {
|
||||
- state->filter = talloc_asprintf(state,
|
||||
- "(&(%s=*)(objectclass=%s))",
|
||||
- ctx->opts->user_map[SDAP_AT_USER_NAME].name,
|
||||
- ctx->opts->user_map[SDAP_OC_USER].name);
|
||||
+ state->filter = talloc_asprintf(
|
||||
+ state,
|
||||
+ "(&(objectclass=%s)(%s=*)(%s=*)(%s=*))",
|
||||
+ ctx->opts->user_map[SDAP_OC_USER].name,
|
||||
+ ctx->opts->user_map[SDAP_AT_USER_NAME].name,
|
||||
+ ctx->opts->user_map[SDAP_AT_USER_UID].name,
|
||||
+ ctx->opts->user_map[SDAP_AT_USER_GID].name);
|
||||
}
|
||||
if (!state->filter) {
|
||||
DEBUG(2, ("Failed to build filter\n"));
|
||||
--
|
||||
1.7.4
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
0d1c73ef2cc60e44098410f20818dc1c sssd-1.5.3.tar.gz
|
||||
d1459f6e0d0a5246374f08e6ab24c7de sssd-1.5.4.tar.gz
|
||||
|
21
sssd.spec
21
sssd.spec
@ -5,10 +5,11 @@
|
||||
|
||||
# Determine the location of the LDB modules directory
|
||||
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
|
||||
%global ldb_version 0.9.10
|
||||
|
||||
Name: sssd
|
||||
Version: 1.5.3
|
||||
Release: 3%{?dist}
|
||||
Version: 1.5.4
|
||||
Release: 1%{?dist}
|
||||
Group: Applications/System
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
@ -17,12 +18,10 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
### Patches ###
|
||||
Patch0001: 0001-Require-existence-of-GID-number-and-name-in-group-se.patch
|
||||
Patch0002: 0002-Require-existence-of-username-uid-and-gid-for-user-e.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
Requires: libldb
|
||||
Requires: libldb = %{ldb_version}
|
||||
Requires: libtdb >= 1.1.3
|
||||
Requires: sssd-client = %{version}-%{release}
|
||||
Requires: cyrus-sasl-gssapi
|
||||
@ -52,7 +51,7 @@ BuildRequires: popt-devel
|
||||
BuildRequires: libtalloc-devel
|
||||
BuildRequires: libtevent-devel
|
||||
BuildRequires: libtdb-devel
|
||||
BuildRequires: libldb-devel
|
||||
BuildRequires: libldb-devel = %{ldb_version}
|
||||
BuildRequires: libdhash-devel >= 0.4.2
|
||||
BuildRequires: libcollection-devel
|
||||
BuildRequires: libini_config-devel
|
||||
@ -112,9 +111,6 @@ use with ldap_default_authtok_type = obfuscated_password.
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%patch0001 -p1
|
||||
%patch0002 -p1
|
||||
|
||||
%build
|
||||
autoreconf -ivf
|
||||
%configure \
|
||||
@ -274,6 +270,13 @@ fi
|
||||
%postun client -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1
|
||||
- New upstream release 1.5.4
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
|
||||
- Fixes for Active Directory when not all users and groups have POSIX attributes
|
||||
- Fixes for handling users and groups that have name aliases (aliases are ignored)
|
||||
- Fix group memberships after initgroups in the IPA provider
|
||||
|
||||
* Fri Mar 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-3
|
||||
- Fix version requirement on libldb
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user