diff --git a/0012-TESTS-Order-list-of-entries-in-some-lists.patch b/0012-TESTS-Order-list-of-entries-in-some-lists.patch new file mode 100644 index 0000000..7011d24 --- /dev/null +++ b/0012-TESTS-Order-list-of-entries-in-some-lists.patch @@ -0,0 +1,171 @@ +From caae0e53e6091806634943699f4398b6a20273b4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20=C5=BDidek?= +Date: Mon, 13 Nov 2017 16:15:21 +0100 +Subject: [PATCH] TESTS: Order list of entries in some lists +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some tests started to fail because we depended on specific +order of users in groups or messages in ldb results to be +returned and that order changed. + +This patch adds a simple helper functions into these tests +that order the entries before comparison with expected results. +more deterministic. + +Resolves: +https://pagure.io/SSSD/sssd/issue/3563 + +Reviewed-by: Lukáš Slebodník +--- + src/tests/cmocka/test_nss_srv.c | 22 +++++++++++++++++++ + src/tests/cmocka/test_sysdb_views.c | 42 ++++++++++++++++++++++++++++++++----- + 2 files changed, 59 insertions(+), 5 deletions(-) + +diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c +index 6aa726153183b5a871a75d398727ea7132358ca6..21bd80fb7f6562f6a31452bac6a26c109fef4cb1 100644 +--- a/src/tests/cmocka/test_nss_srv.c ++++ b/src/tests/cmocka/test_nss_srv.c +@@ -585,6 +585,25 @@ static errno_t delete_group(struct nss_test_ctx *ctx, + return ret; + } + ++static int cmp_func(const void *a, const void *b) ++{ ++ char *str1 = *(char **)discard_const(a); ++ char *str2 = *(char **)discard_const(b); ++ ++ return strcmp(str1, str2); ++} ++ ++static void order_string_array(char **_list, int size) ++{ ++ if (size < 2 || _list == NULL || *_list == NULL) { ++ /* Nothing to do */ ++ return; ++ } ++ ++ qsort(_list, size, sizeof(char *), cmp_func); ++ return; ++} ++ + static void assert_groups_equal(struct group *expected, + struct group *gr, const int nmem) + { +@@ -594,6 +613,9 @@ static void assert_groups_equal(struct group *expected, + assert_string_equal(gr->gr_name, expected->gr_name); + assert_string_equal(gr->gr_passwd, expected->gr_passwd); + ++ order_string_array(gr->gr_mem, nmem); ++ order_string_array(expected->gr_mem, nmem); ++ + for (i = 0; i < nmem; i++) { + assert_string_equal(gr->gr_mem[i], expected->gr_mem[i]); + } +diff --git a/src/tests/cmocka/test_sysdb_views.c b/src/tests/cmocka/test_sysdb_views.c +index 0378254b4440b29c3182faf2adde8c3db8a4ce97..dd3eb50f9310ff925734dcf51a669d08a638aefd 100644 +--- a/src/tests/cmocka/test_sysdb_views.c ++++ b/src/tests/cmocka/test_sysdb_views.c +@@ -22,6 +22,7 @@ + along with this program. If not, see . + */ + ++#include + #include + #include + #include +@@ -612,6 +613,31 @@ static int test_enum_users_setup(void **state) + return 0; + } + ++static int cmp_func(const void *a, const void *b) ++{ ++ const char *str1; ++ const char *str2; ++ struct ldb_message *msg1 = *(struct ldb_message **)discard_const(a); ++ struct ldb_message *msg2 = *(struct ldb_message **)discard_const(b); ++ ++ str1 = ldb_msg_find_attr_as_string(msg1, SYSDB_NAME, NULL); ++ str2 = ldb_msg_find_attr_as_string(msg2, SYSDB_NAME, NULL); ++ ++ return strcmp(str1, str2); ++} ++ ++/* Make the order of ldb results deterministic */ ++static void order_ldb_res_msgs(struct ldb_result *res) ++{ ++ if (res == NULL || res->count < 2) { ++ /* Nothing to do */ ++ return; ++ } ++ ++ qsort(res->msgs, res->count, sizeof(struct ldb_message *), cmp_func); ++ return; ++} ++ + static void assert_user_attrs(struct ldb_message *msg, + struct sss_domain_info *dom, + const char *shortname, +@@ -660,8 +686,9 @@ static void check_enumpwent(int ret, struct sss_domain_info *dom, + assert_int_equal(ret, EOK); + assert_int_equal(res->count, N_ELEMENTS(users)-1); + +- assert_user_attrs(res->msgs[0], dom, "barney", views); +- assert_user_attrs(res->msgs[1], dom, "alice", views); ++ order_ldb_res_msgs(res); ++ assert_user_attrs(res->msgs[0], dom, "alice", views); ++ assert_user_attrs(res->msgs[1], dom, "barney", views); + assert_user_attrs(res->msgs[2], dom, "bob", views); + } + +@@ -703,6 +730,7 @@ static void test_sysdb_enumpwent_filter(void **state) + ret = sysdb_enumpwent_filter(test_ctx, test_ctx->domain, "b*", 0, &res); + assert_int_equal(ret, EOK); + assert_int_equal(res->count, 2); ++ order_ldb_res_msgs(res); + assert_user_attrs(res->msgs[0], test_ctx->domain, "barney", false); + assert_user_attrs(res->msgs[1], test_ctx->domain, "bob", false); + +@@ -749,6 +777,7 @@ static void test_sysdb_enumpwent_filter_views(void **state) + "b*", NULL, &res); + assert_int_equal(ret, EOK); + assert_int_equal(res->count, 2); ++ order_ldb_res_msgs(res); + assert_user_attrs(res->msgs[0], test_ctx->domain, "barney", true); + assert_user_attrs(res->msgs[1], test_ctx->domain, "bob", true); + +@@ -896,10 +925,11 @@ static void check_enumgrent(int ret, struct sss_domain_info *dom, + { + assert_int_equal(ret, EOK); + assert_int_equal(res->count, N_ELEMENTS(groups)-1); +- assert_group_attrs(res->msgs[0], dom, "three", +- views ? TEST_GID_OVERRIDE_BASE + 2 : 0); +- assert_group_attrs(res->msgs[1], dom, "one", ++ order_ldb_res_msgs(res); ++ assert_group_attrs(res->msgs[0], dom, "one", + views ? TEST_GID_OVERRIDE_BASE : 0); ++ assert_group_attrs(res->msgs[1], dom, "three", ++ views ? TEST_GID_OVERRIDE_BASE + 2 : 0); + assert_group_attrs(res->msgs[2], dom, "two", + views ? TEST_GID_OVERRIDE_BASE + 1 : 0); + } +@@ -942,6 +972,7 @@ static void test_sysdb_enumgrent_filter(void **state) + ret = sysdb_enumgrent_filter(test_ctx, test_ctx->domain, "t*", 0, &res); + assert_int_equal(ret, EOK); + assert_int_equal(res->count, 2); ++ order_ldb_res_msgs(res); + assert_group_attrs(res->msgs[0], test_ctx->domain, "three", 0); + assert_group_attrs(res->msgs[1], test_ctx->domain, "two", 0); + +@@ -988,6 +1019,7 @@ static void test_sysdb_enumgrent_filter_views(void **state) + "t*", NULL, &res); + assert_int_equal(ret, EOK); + assert_int_equal(res->count, 2); ++ order_ldb_res_msgs(res); + assert_group_attrs(res->msgs[0], test_ctx->domain, + "three", TEST_GID_OVERRIDE_BASE + 2); + assert_group_attrs(res->msgs[1], test_ctx->domain, "two", +-- +2.15.0 + diff --git a/0013-CACHE_REQ-Copy-the-cr_domain-list-for-each-request.patch b/0013-CACHE_REQ-Copy-the-cr_domain-list-for-each-request.patch new file mode 100644 index 0000000..97bf6be --- /dev/null +++ b/0013-CACHE_REQ-Copy-the-cr_domain-list-for-each-request.patch @@ -0,0 +1,141 @@ +From 0f44eefe2ce75a0814c8688495477f6c57f3d39a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Fri, 20 Oct 2017 09:26:43 +0200 +Subject: [PATCH] CACHE_REQ: Copy the cr_domain list for each request +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Let's copy the cr_domain list for each request as this list may be +free'd due to a refresh domains request. + +Resolves: https://pagure.io/SSSD/sssd/issue/3551 + +Signed-off-by: Fabiano Fidêncio + +Reviewed-by: Pavel Březina +--- + src/responder/common/cache_req/cache_req.c | 14 +++++++-- + src/responder/common/cache_req/cache_req_domain.c | 38 +++++++++++++++++++++++ + src/responder/common/cache_req/cache_req_domain.h | 5 +++ + 3 files changed, 55 insertions(+), 2 deletions(-) + +diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c +index abcb9cba351b06e833bacde26a504e5ee3445528..5fed7a2ab8beded2fee91f679a12f9a0ff6013ec 100644 +--- a/src/responder/common/cache_req/cache_req.c ++++ b/src/responder/common/cache_req/cache_req.c +@@ -699,6 +699,7 @@ struct cache_req_state { + const char *domain_name; + + /* work data */ ++ struct cache_req_domain *cr_domains; + struct cache_req_result **results; + size_t num_results; + bool first_iteration; +@@ -953,6 +954,7 @@ static errno_t cache_req_select_domains(struct tevent_req *req, + bool bypass_cache; + bool bypass_dp; + bool search; ++ errno_t ret; + + state = tevent_req_data(req, struct cache_req_state); + +@@ -964,12 +966,20 @@ static errno_t cache_req_select_domains(struct tevent_req *req, + return EOK; + } + ++ ret = cache_req_domain_copy_cr_domains(state, ++ state->cr->rctx->cr_domains, ++ &state->cr_domains); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, "cache_req_copy_cr_domains() failed\n"); ++ return EINVAL; ++ } ++ + if (domain_name != NULL) { + CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, state->cr, + "Performing a single domain search\n"); + + cr_domain = cache_req_domain_get_domain_by_name( +- state->cr->rctx->cr_domains, domain_name); ++ state->cr_domains, domain_name); + if (cr_domain == NULL) { + return ERR_DOMAIN_NOT_FOUND; + } +@@ -978,7 +988,7 @@ static errno_t cache_req_select_domains(struct tevent_req *req, + CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, state->cr, + "Performing a multi-domain search\n"); + +- cr_domain = state->cr->rctx->cr_domains; ++ cr_domain = state->cr_domains; + check_next = true; + } + +diff --git a/src/responder/common/cache_req/cache_req_domain.c b/src/responder/common/cache_req/cache_req_domain.c +index 7b58f7c94a77881429f870bc5162fb2fe0aa57c6..15893ba548f6d0e3979010d6d5bbf27441d5fa97 100644 +--- a/src/responder/common/cache_req/cache_req_domain.c ++++ b/src/responder/common/cache_req/cache_req_domain.c +@@ -47,6 +47,44 @@ cache_req_domain_get_domain_by_name(struct cache_req_domain *domains, + return ret; + } + ++errno_t ++cache_req_domain_copy_cr_domains(TALLOC_CTX *mem_ctx, ++ struct cache_req_domain *src, ++ struct cache_req_domain **_dest) ++{ ++ struct cache_req_domain *cr_domains = NULL; ++ struct cache_req_domain *cr_domain; ++ struct cache_req_domain *iter; ++ errno_t ret; ++ ++ if (src == NULL) { ++ return EINVAL; ++ } ++ ++ DLIST_FOR_EACH(iter, src) { ++ cr_domain = talloc_zero(mem_ctx, struct cache_req_domain); ++ if (cr_domain == NULL) { ++ ret = ENOMEM; ++ goto done; ++ } ++ ++ cr_domain->domain = iter->domain; ++ cr_domain->fqnames = iter->fqnames; ++ ++ DLIST_ADD_END(cr_domains, cr_domain, struct cache_req_domain *); ++ } ++ ++ *_dest = cr_domains; ++ ret = EOK; ++ ++done: ++ if (ret != EOK) { ++ cache_req_domain_list_zfree(&cr_domains); ++ } ++ ++ return ret; ++} ++ + void cache_req_domain_list_zfree(struct cache_req_domain **cr_domains) + { + struct cache_req_domain *p, *q, *r; +diff --git a/src/responder/common/cache_req/cache_req_domain.h b/src/responder/common/cache_req/cache_req_domain.h +index 3780a5d8d88d76e100738d28d1dd0e697edf5eae..ebdc71dd635d5d8a5d06e30e96c5d4101b6d98bf 100644 +--- a/src/responder/common/cache_req/cache_req_domain.h ++++ b/src/responder/common/cache_req/cache_req_domain.h +@@ -50,6 +50,11 @@ cache_req_domain_new_list_from_domain_resolution_order( + const char *domain_resolution_order, + struct cache_req_domain **_cr_domains); + ++errno_t ++cache_req_domain_copy_cr_domains(TALLOC_CTX *mem_ctx, ++ struct cache_req_domain *src, ++ struct cache_req_domain **_dest); ++ + void cache_req_domain_list_zfree(struct cache_req_domain **cr_domains); + + +-- +2.15.0 + diff --git a/0504-KCM-temporary-increase-hardcoded-buffers.patch b/0504-KCM-temporary-increase-hardcoded-buffers.patch new file mode 100644 index 0000000..70e3f15 --- /dev/null +++ b/0504-KCM-temporary-increase-hardcoded-buffers.patch @@ -0,0 +1,41 @@ +From 3f2845f98ad28e57cf6a2a3ce33ff01d417c4a45 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Tue, 21 Nov 2017 17:48:16 +0100 +Subject: [PATCH] KCM: temporary increase hardcoded buffers + +Temporary workaround: +https://pagure.io/SSSD/sssd/issue/3386 +--- + src/responder/kcm/kcmsrv_ops.c | 2 +- + src/util/tev_curl.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c +index 7a78e9d6b36b4aa3d31ad467216244f733f4a57b..5af567c0d19d347e28cdeada22d15807fb8bc0d5 100644 +--- a/src/responder/kcm/kcmsrv_ops.c ++++ b/src/responder/kcm/kcmsrv_ops.c +@@ -31,7 +31,7 @@ + #include "responder/kcm/kcmsrv_ops.h" + #include "responder/kcm/kcmsrv_ccache.h" + +-#define KCM_REPLY_MAX 16384 ++#define KCM_REPLY_MAX 131072 + + struct kcm_op_ctx { + struct kcm_resp_ctx *kcm_data; +diff --git a/src/util/tev_curl.c b/src/util/tev_curl.c +index 4c2f1ec9ff0127ccfd72010460ed75dad43e9ce3..a51003f4118d4dc0dcb697469b861d277cd1b917 100644 +--- a/src/util/tev_curl.c ++++ b/src/util/tev_curl.c +@@ -35,7 +35,7 @@ + #include "util/tev_curl.h" + + #define TCURL_IOBUF_CHUNK 1024 +-#define TCURL_IOBUF_MAX 16384 ++#define TCURL_IOBUF_MAX 131072 + + static bool global_is_curl_initialized; + +-- +2.15.0 + diff --git a/sssd.spec b/sssd.spec index 9cf0b3b..912a485 100644 --- a/sssd.spec +++ b/sssd.spec @@ -32,7 +32,7 @@ Name: sssd Version: 1.16.0 -Release: 2%{?dist} +Release: 3%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -42,10 +42,13 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### Patch0001: 0001-KCM-Fix-restart-during-after-upgrade.patch +Patch0012: 0012-TESTS-Order-list-of-entries-in-some-lists.patch +Patch0013: 0013-CACHE_REQ-Copy-the-cr_domain-list-for-each-request.patch Patch0500: 0500-Revert-libwbclient-sssd-update-interface-to-version-.patch Patch0502: 0502-SYSTEMD-Use-capabilities.patch Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch +Patch0504: 0504-KCM-temporary-increase-hardcoded-buffers.patch ### Dependencies ### @@ -1238,6 +1241,9 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog +* Tue Nov 21 2017 Lukas Slebodnik - 1.16.0-3 +- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next + * Fri Nov 03 2017 Lukas Slebodnik - 1.16.0-2 - Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade