rpms
/
sssd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New upstream release 1.8.5

This commit is contained in:
Jakub Hrozek 2012-10-07 22:21:46 +02:00
parent 75380a749d
commit c13be84ef8
5 changed files with 7 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -29,3 +29,4 @@ sssd-1.2.91.tar.gz
/sssd-1.8.2.tar.gz
/sssd-1.8.3.tar.gz
/sssd-1.8.4.tar.gz
/sssd-1.8.5.tar.gz

246
0001-Assorted-SSH-fixes.patch
View File

@ -1,246 +0,0 @@
From cb79e6cad17849be94dff05309a5ca0b9ea62613 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 30 May 2012 09:40:13 -0400
Subject: [PATCH 1/2] Assorted SSH fixes
SSH: Update sss_ssh_knownhostsproxy manual page
Don't use GlobalKnownHostsFile2 in ssh_config, as it has been deprecated in
OpenSSH 5.9.
SSH: Supress error message output in sss_ssh_knownhostsproxy
SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are missing
https://fedorahosted.org/sssd/ticket/1356
---
src/man/sss_ssh_knownhostsproxy.1.xml | 2 +-
src/sss_client/ssh/sss_ssh_client.c | 8 +--
src/sss_client/ssh/sss_ssh_knownhostsproxy.c | 94 ++++++++++++++------------
3 files changed, 55 insertions(+), 49 deletions(-)
diff --git a/src/man/sss_ssh_knownhostsproxy.1.xml b/src/man/sss_ssh_knownhostsproxy.1.xml
index 241e8a7ffbef102f367ba108b2f5fe3e6e68103c..5767e8426da34fb0124c927162aae6448ed8f89e 100644
--- a/src/man/sss_ssh_knownhostsproxy.1.xml
+++ b/src/man/sss_ssh_knownhostsproxy.1.xml
@@ -53,7 +53,7 @@
<manvolnum>1</manvolnum></citerefentry> configuration:
<programlisting>
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
-GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts
+GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
</programlisting>
</para>
<para>
diff --git a/src/sss_client/ssh/sss_ssh_client.c b/src/sss_client/ssh/sss_ssh_client.c
index 8520cd1b1704f1387a105a854ea72a9fcd2c85fc..645f2928985637f26213ab7a0d48a626b088ad58 100644
--- a/src/sss_client/ssh/sss_ssh_client.c
+++ b/src/sss_client/ssh/sss_ssh_client.c
@@ -146,14 +146,14 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx,
rd.len = req_len;
req_ret = sss_ssh_make_request(command, &rd, &rep, &rep_len, &req_errno);
- if (req_ret != SSS_STATUS_SUCCESS) {
- ret = EFAULT;
- goto done;
- }
if (req_errno != EOK) {
ret = req_errno;
goto done;
}
+ if (req_ret != SSS_STATUS_SUCCESS) {
+ ret = EFAULT;
+ goto done;
+ }
/* parse reply */
c = 0;
diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
index 6424d7b7c3c17375ad4ac8dc6ec2276786bf0560..cac8eb7ef47eb70591dfb274a01cfbb392eee8aa 100644
--- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
+++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
@@ -73,7 +73,6 @@ connect_socket(int family, struct sockaddr *addr, size_t addr_len)
ret = errno;
DEBUG(SSSDBG_OP_FAILURE, ("socket() failed (%d): %s\n",
ret, strerror(ret)));
- ERROR("Failed to open a socket\n");
goto done;
}
@@ -83,7 +82,6 @@ connect_socket(int family, struct sockaddr *addr, size_t addr_len)
ret = errno;
DEBUG(SSSDBG_OP_FAILURE, ("connect() failed (%d): %s\n",
ret, strerror(ret)));
- ERROR("Failed to connect to the server\n");
goto done;
}
@@ -176,7 +174,6 @@ connect_proxy_command(char **args)
ret = errno;
DEBUG(SSSDBG_OP_FAILURE, ("execv() failed (%d): %s\n",
ret, strerror(ret)));
- ERROR("Failed to execute proxy command\n");
return ret;
}
@@ -185,7 +182,7 @@ int main(int argc, const char **argv)
{
TALLOC_CTX *mem_ctx = NULL;
int pc_debug = SSSDBG_DEFAULT;
- const char *pc_port = "22";
+ int pc_port = 22;
const char *pc_domain = NULL;
const char *pc_host = NULL;
const char **pc_args = NULL;
@@ -193,17 +190,18 @@ int main(int argc, const char **argv)
POPT_AUTOHELP
{ "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0,
_("The debug level to run with"), NULL },
- { "port", 'p', POPT_ARG_STRING, &pc_port, 0,
+ { "port", 'p', POPT_ARG_INT, &pc_port, 0,
_("The port to use to connect to the host"), NULL },
{ "domain", 'd', POPT_ARG_STRING, &pc_domain, 0,
_("The SSSD domain to use"), NULL },
POPT_TABLEEND
};
poptContext pc = NULL;
+ char strport[6];
struct addrinfo ai_hint;
struct addrinfo *ai = NULL;
char canonhost[NI_MAXHOST];
- const char *host;
+ const char *host = NULL;
struct sss_ssh_ent *ent;
int ret;
@@ -213,14 +211,13 @@ int main(int argc, const char **argv)
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("set_locale() failed (%d): %s\n", ret, strerror(ret)));
- ERROR("Error setting the locale\n");
ret = EXIT_FAILURE;
goto fini;
}
mem_ctx = talloc_new(NULL);
if (!mem_ctx) {
- ERROR("Not enough memory\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Not enough memory\n"));
ret = EXIT_FAILURE;
goto fini;
}
@@ -237,6 +234,10 @@ int main(int argc, const char **argv)
BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini);
}
+ if (pc_port < 1 || pc_port > 65535) {
+ BAD_POPT_PARAMS(pc, _("Invalid port\n"), ret, fini);
+ }
+
pc_host = poptGetArg(pc);
if (pc_host == NULL) {
BAD_POPT_PARAMS(pc, _("Host not specified\n"), ret, fini);
@@ -249,59 +250,64 @@ int main(int argc, const char **argv)
ret, fini);
}
- /* get IP addresses of the host */
+ /* canonicalize hostname */
+ snprintf(strport, 6, "%d", pc_port);
+
memset(&ai_hint, 0, sizeof(struct addrinfo));
ai_hint.ai_family = AF_UNSPEC;
ai_hint.ai_socktype = SOCK_STREAM;
ai_hint.ai_protocol = IPPROTO_TCP;
- ai_hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV;
+ ai_hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST | AI_NUMERICSERV;
- ret = getaddrinfo(pc_host, pc_port, &ai_hint, &ai);
+ ret = getaddrinfo(pc_host, strport, &ai_hint, &ai);
if (ret) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
- ERROR("Host name cannot be resolved\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
+ ai_hint.ai_flags = AI_ADDRCONFIG | AI_CANONNAME | AI_NUMERICSERV;
- /* canonicalize hostname */
- ret = getnameinfo(ai[0].ai_addr, ai[0].ai_addrlen,
- canonhost, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
- if (ret) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
- ERROR("Reverse lookup failed\n");
- ret = EXIT_FAILURE;
- goto fini;
- }
-
- /* append domain to hostname if domain is specified */
- if (pc_domain) {
- host = talloc_asprintf(mem_ctx, "%s@%s", canonhost, pc_domain);
- if (!host) {
- ERROR("Not enough memory\n");
- ret = EXIT_FAILURE;
- goto fini;
+ ret = getaddrinfo(pc_host, strport, &ai_hint, &ai);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
+ } else {
+ host = ai[0].ai_canonname;
}
} else {
- host = canonhost;
+ ret = getnameinfo(ai[0].ai_addr, ai[0].ai_addrlen,
+ canonhost, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("getnameinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
+ } else {
+ host = canonhost;
+ }
}
- /* look up public keys */
- ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS,
- host, pc_host, &ent);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)));
- ERROR("Error looking up public keys\n");
+ if (host) {
+ /* append domain to hostname if domain is specified */
+ if (pc_domain) {
+ host = talloc_asprintf(mem_ctx, "%s@%s", host, pc_domain);
+ if (!host) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Not enough memory\n"));
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+ }
+
+ /* look up public keys */
+ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS,
+ host, pc_host, &ent);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)));
+ }
}
/* connect to server */
if (pc_args) {
ret = connect_proxy_command(discard_const(pc_args));
- } else {
+ } else if (ai) {
ret = connect_socket(ai[0].ai_family, ai[0].ai_addr, ai[0].ai_addrlen);
+ } else {
+ ret = EFAULT;
}
ret = (ret == EOK) ? EXIT_SUCCESS : EXIT_FAILURE;
--
1.7.10.2

75
0002-Use-HTML_TIMESTAMP-instead-of-HTML_FOOTER_DESCRIPTIO.patch
View File

@ -1,75 +0,0 @@
From d3c702624e0e83b3f1b33ba31d3583dbfa5292c9 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 2 Apr 2012 00:17:15 +0200
Subject: [PATCH 2/2] Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION
https://fedorahosted.org/sssd/ticket/1271
Conflicts:
src/lib/idmap/sss_idmap.doxy.in
---
src/doxy.config.in | 7 ++++---
src/providers/ipa/ipa_hbac.doxy.in | 7 ++++---
src/sss_client/sudo/sss_sudo.doxy.in | 7 ++++---
3 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/src/doxy.config.in b/src/doxy.config.in
index dc41b1fd156613808efa00cf9fe95bef4247c781..1f9b5a324f68aa189b309d5b7293d769c8ca5acf 100644
--- a/src/doxy.config.in
+++ b/src/doxy.config.in
@@ -784,10 +784,11 @@ IGNORE_PREFIX =
GENERATE_HTML = YES
-# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
-# add generated date, project name and doxygen version to HTML footer.
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
+# HTML page will contain the date and time when the page was generated. Setting
+# this to NO can help when comparing the output of multiple runs.
-HTML_FOOTER_DESCRIPTION= NO
+HTML_TIMESTAMP = NO
# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
# If a relative path is entered the value of OUTPUT_DIRECTORY will be
diff --git a/src/providers/ipa/ipa_hbac.doxy.in b/src/providers/ipa/ipa_hbac.doxy.in
index 3c9672f01c04c5f42cdfffee8603cf6fb181b25f..37528efc2a0d7849b09763a6a0a91c54451f2cf2 100644
--- a/src/providers/ipa/ipa_hbac.doxy.in
+++ b/src/providers/ipa/ipa_hbac.doxy.in
@@ -782,10 +782,11 @@ IGNORE_PREFIX =
GENERATE_HTML = YES
-# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
-# add generated date, project name and doxygen version to HTML footer.
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
+# HTML page will contain the date and time when the page was generated. Setting
+# this to NO can help when comparing the output of multiple runs.
-HTML_FOOTER_DESCRIPTION= NO
+HTML_TIMESTAMP = NO
# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
# If a relative path is entered the value of OUTPUT_DIRECTORY will be
diff --git a/src/sss_client/sudo/sss_sudo.doxy.in b/src/sss_client/sudo/sss_sudo.doxy.in
index ee4a03885ca844a9e7c556a8fd8c4d705f7d3e57..4e777f427823b33d0ca286ae0a032c0dceb5f803 100644
--- a/src/sss_client/sudo/sss_sudo.doxy.in
+++ b/src/sss_client/sudo/sss_sudo.doxy.in
@@ -782,10 +782,11 @@ IGNORE_PREFIX =
GENERATE_HTML = YES
-# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
-# add generated date, project name and doxygen version to HTML footer.
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
+# HTML page will contain the date and time when the page was generated. Setting
+# this to NO can help when comparing the output of multiple runs.
-HTML_FOOTER_DESCRIPTION= NO
+HTML_TIMESTAMP = NO
# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
# If a relative path is entered the value of OUTPUT_DIRECTORY will be
--
1.7.10.2

2
sources
View File

@ -1 +1 @@
196cc355f74a1a431f9bd5dcd2c6cc41 sssd-1.8.4.tar.gz
385a5ecb6c9f69eadf93c863e1b7d6a4 sssd-1.8.5.tar.gz

10
sssd.spec
View File

@ -15,8 +15,8 @@
%global ldb_version 1.1.6
Name: sssd
Version: 1.8.4
Release: 14%{?dist}
Version: 1.8.5
Release: 1%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@ -26,9 +26,6 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ###
Patch0001: 0001-Assorted-SSH-fixes.patch
Patch0002: 0002-Use-HTML_TIMESTAMP-instead-of-HTML_FOOTER_DESCRIPTIO.patch
### Dependencies ###
Conflicts: selinux-policy < 3.10.0-46
@ -457,6 +454,9 @@ fi
%postun -n libipa_hbac -p /sbin/ldconfig
%changelog
* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.8.5-1
- New upstream release 1.8.5
* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.4-14
- Switch unicode library from libunistring to Glib
- Drop unnecessary explicit Requires on keyutils