From d895a5f72c49210793ec02ffc768106178521c3e Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 14 Apr 2011 14:16:04 -0400
Subject: [PATCH] Fix systemd conversion. Upgrades from SysV to systemd weren't
 properly enabling the systemd service. Fix a serious memory leak in the
 memberOf plugin Fix an issue where the user's full name would sometimes be
 removed from the cache

---
 ...-fix-calculation-of-replaced-members.patch | 26 +++++++++
 ...e-delete-operation-apyload-once-done.patch | 55 +++++++++++++++++++
 ...er-remove-gecos-from-the-sysdb-cache.patch | 34 ++++++++++++
 sssd.spec                                     | 49 ++++++++++++-----
 4 files changed, 151 insertions(+), 13 deletions(-)
 create mode 100644 0001-memberof-fix-calculation-of-replaced-members.patch
 create mode 100644 0002-memberof-free-delete-operation-apyload-once-done.patch
 create mode 100644 0003-Never-remove-gecos-from-the-sysdb-cache.patch

diff --git a/0001-memberof-fix-calculation-of-replaced-members.patch b/0001-memberof-fix-calculation-of-replaced-members.patch
new file mode 100644
index 0000000..dd2e56f
--- /dev/null
+++ b/0001-memberof-fix-calculation-of-replaced-members.patch
@@ -0,0 +1,26 @@
+>From c4236347f6c807793bd5c8c6a7432c0e9a2e78c2 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <ssorce@redhat.com>
+Date: Wed, 13 Apr 2011 15:21:32 -0400
+Subject: [PATCH 2/3] memberof: fix calculation of replaced members
+
+We were skipping the check on the next value in the added list when a match
+was found for the currentr value being checked.
+---
+ src/ldb_modules/memberof.c |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
+index 55c52fdcbbfccb7607190e21954a1439dc8fa57e..41ea0b344e951ffc47a4882896671bd9b37e1719 100644
+--- a/src/ldb_modules/memberof.c
++++ b/src/ldb_modules/memberof.c
+@@ -2727,6 +2727,7 @@ static int mbof_mod_process(struct mbof_mod_ctx *mod_ctx, bool *done)
+                         added->dns[j] = added->dns[j+1];
+                     }
+                     added->num--;
++                    i--;
+                 }
+             }
+         }
+-- 
+1.7.4.2
+
diff --git a/0002-memberof-free-delete-operation-apyload-once-done.patch b/0002-memberof-free-delete-operation-apyload-once-done.patch
new file mode 100644
index 0000000..b4f44ad
--- /dev/null
+++ b/0002-memberof-free-delete-operation-apyload-once-done.patch
@@ -0,0 +1,55 @@
+>From c808473b784459c65a99db8cf519a619df27f45a Mon Sep 17 00:00:00 2001
+From: Simo Sorce <ssorce@redhat.com>
+Date: Wed, 13 Apr 2011 17:09:09 -0400
+Subject: [PATCH] memberof: free delete operation apyload once done
+
+Large memberof delete operations can cause quite a number of searches
+and the results are attached to a delop operation structure.
+Make sure we free this payload once the operation is done and these
+results are not used anymore so that we get a smaller total memory footprint.
+---
+ src/ldb_modules/memberof.c |   14 +++++++++++++-
+ 1 files changed, 13 insertions(+), 1 deletions(-)
+
+diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
+index 41ea0b344e951ffc47a4882896671bd9b37e1719..4fc46fa84529ac1850cdb588ddf69be0f60e8238 100644
+--- a/src/ldb_modules/memberof.c
++++ b/src/ldb_modules/memberof.c
+@@ -1161,6 +1161,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx,
+ static int mbof_del_muop(struct mbof_del_ctx *ctx);
+ static int mbof_del_muop_callback(struct ldb_request *req,
+                                   struct ldb_reply *ares);
++static void free_delop_contents(struct mbof_del_operation *delop);
+ 
+ 
+ static int memberof_del(struct ldb_module *module, struct ldb_request *req)
+@@ -2182,6 +2183,8 @@ static int mbof_del_progeny(struct mbof_del_operation *delop)
+         return ret;
+     }
+ 
++    free_delop_contents(delop);
++
+     if (nextop) {
+         return mbof_del_execute_op(nextop);
+     }
+@@ -2405,7 +2408,16 @@ static int mbof_del_muop_callback(struct ldb_request *req,
+     return LDB_SUCCESS;
+ }
+ 
+-
++/* delop may carry on a lot of memory, so we need a function to clean up
++ * the payload without breaking the delop chain */
++static void free_delop_contents(struct mbof_del_operation *delop)
++{
++    talloc_zfree(delop->entry);
++    talloc_zfree(delop->parents);
++    talloc_zfree(delop->anc_ctx);
++    delop->num_parents = 0;
++    delop->cur_parent = 0;
++}
+ 
+ /* mod operation */
+ 
+-- 
+1.7.4.2
+
diff --git a/0003-Never-remove-gecos-from-the-sysdb-cache.patch b/0003-Never-remove-gecos-from-the-sysdb-cache.patch
new file mode 100644
index 0000000..081eed4
--- /dev/null
+++ b/0003-Never-remove-gecos-from-the-sysdb-cache.patch
@@ -0,0 +1,34 @@
+From 9d5a7dec9eb1201f48f497b3f5355439977f0c88 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 12 Apr 2011 12:47:14 -0400
+Subject: [PATCH] Never remove gecos from the sysdb cache
+
+Now that gecos can come from either the 'gecos' or 'cn' attributes,
+we need to ensure that we never remove it from the cache.
+---
+ src/providers/ldap/ldap_common.c |    9 +++++++++
+ 1 files changed, 9 insertions(+), 0 deletions(-)
+
+diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
+index ce6d41d5872a6dd474aff4bab8e2920688abda92..29a5820f5c6c765646c43948a9d17fe0016931ed 100644
+--- a/src/providers/ldap/ldap_common.c
++++ b/src/providers/ldap/ldap_common.c
+@@ -962,6 +962,15 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx,
+             continue;
+         }
+ 
++        /* GECOS is another special case. Its value can come
++         * either from the 'gecos' attribute or the 'cn'
++         * attribute. It's best if we just never remove it.
++         */
++        if (strcasecmp(sysdb_name, SYSDB_GECOS) == 0) {
++            talloc_free(sysdb_name);
++            continue;
++        }
++
+         for (j = 0; j < recvd_attrs->num; j++) {
+             /* Check whether this expected attribute appeared in the
+              * received attributes and had a non-zero number of
+-- 
+1.7.4.2
+
diff --git a/sssd.spec b/sssd.spec
index 00a95a8..036b1ca 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -7,12 +7,9 @@
 %global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
 %global ldb_version 1.0.2
 
-# Determine the location of the systemd unit file directory
-%global systemdunitdir %(pkg-config --variable=systemdsystemunitdir systemd)
-
 Name: sssd
 Version: 1.5.5
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -21,7 +18,9 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
-
+Patch0001: 0001-memberof-fix-calculation-of-replaced-members.patch
+Patch0002: 0002-memberof-free-delete-operation-apyload-once-done.patch
+Patch0003: 0003-Never-remove-gecos-from-the-sysdb-cache.patch
 ### Dependencies ###
 
 Requires: libldb = %{ldb_version}
@@ -114,6 +113,10 @@ use with ldap_default_authtok_type = obfuscated_password.
 %prep
 %setup -q
 
+%patch0001 -p1
+%patch0002 -p1
+%patch0003 -p1
+
 %build
 autoreconf -ivf
 %configure \
@@ -158,8 +161,8 @@ install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
 
 # Replace sysv init script with systemd unit file
 rm -f $RPM_BUILD_ROOT/%{_initrddir}/%{name}
-mkdir -p $RPM_BUILD_ROOT/%{systemdunitdir}/
-cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{systemdunitdir}/
+mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/
+cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/
 
 # Remove .la files created by libtool
 rm -f \
@@ -201,7 +204,7 @@ rm -rf $RPM_BUILD_ROOT
 %files -f sssd.lang
 %defattr(-,root,root,-)
 %doc COPYING
-%{systemdunitdir}/sssd.service
+%{_unitdir}/sssd.service
 %{_sbindir}/sssd
 %{_libexecdir}/%{servicename}/
 %{_libdir}/%{name}/
@@ -259,25 +262,45 @@ rm -rf $RPM_BUILD_ROOT
 
 %post
 /sbin/ldconfig
-/sbin/chkconfig --add %{servicename}
 
 if [ $1 -ge 1 ] ; then
-    /sbin/service %{servicename} condrestart 2>&1 > /dev/null
+    # Initial installation
+    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 fi
 
 %preun
 if [ $1 = 0 ]; then
-    /sbin/service %{servicename} stop 2>&1 > /dev/null
-    /sbin/chkconfig --del %{servicename}
+     # Package removal, not upgrade
+    /bin/systemctl --no-reload disable sssd.service > /dev/null 2>&1 || :
+    /bin/systemctl stop sssd.service > /dev/null 2>&1 || :
+fi
+
+%triggerun -- sssd < 1.5.5-3
+if /sbin/chkconfig sssd ; then
+        /bin/systemctl --no-reload enable sssd.service >/dev/null 2>&1 || :
 fi
 
 %postun -p /sbin/ldconfig
 
 %post client -p /sbin/ldconfig
 
-%postun client -p /sbin/ldconfig
+%postun client
+/sbin/ldconfig
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+    # On upgrade, reload init system configuration if we changed unit files
+    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+    /bin/systemctl try-restart sssd.service >/dev/null 2>&1 || :
+fi
 
 %changelog
+* Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-3
+- Fix systemd conversion. Upgrades from SysV to systemd weren't properly
+- enabling the systemd service.
+- Fix a serious memory leak in the memberOf plugin
+- Fix an issue where the user's full name would sometimes be removed
+- from the cache
+
 * Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-2
 - Install systemd unit file instead of sysv init script