From d895a5f72c49210793ec02ffc768106178521c3e Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 14 Apr 2011 14:16:04 -0400 Subject: [PATCH] Fix systemd conversion. Upgrades from SysV to systemd weren't properly enabling the systemd service. Fix a serious memory leak in the memberOf plugin Fix an issue where the user's full name would sometimes be removed from the cache --- ...-fix-calculation-of-replaced-members.patch | 26 +++++++++ ...e-delete-operation-apyload-once-done.patch | 55 +++++++++++++++++++ ...er-remove-gecos-from-the-sysdb-cache.patch | 34 ++++++++++++ sssd.spec | 49 ++++++++++++----- 4 files changed, 151 insertions(+), 13 deletions(-) create mode 100644 0001-memberof-fix-calculation-of-replaced-members.patch create mode 100644 0002-memberof-free-delete-operation-apyload-once-done.patch create mode 100644 0003-Never-remove-gecos-from-the-sysdb-cache.patch diff --git a/0001-memberof-fix-calculation-of-replaced-members.patch b/0001-memberof-fix-calculation-of-replaced-members.patch new file mode 100644 index 0000000..dd2e56f --- /dev/null +++ b/0001-memberof-fix-calculation-of-replaced-members.patch @@ -0,0 +1,26 @@ +>From c4236347f6c807793bd5c8c6a7432c0e9a2e78c2 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 13 Apr 2011 15:21:32 -0400 +Subject: [PATCH 2/3] memberof: fix calculation of replaced members + +We were skipping the check on the next value in the added list when a match +was found for the currentr value being checked. +--- + src/ldb_modules/memberof.c | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c +index 55c52fdcbbfccb7607190e21954a1439dc8fa57e..41ea0b344e951ffc47a4882896671bd9b37e1719 100644 +--- a/src/ldb_modules/memberof.c ++++ b/src/ldb_modules/memberof.c +@@ -2727,6 +2727,7 @@ static int mbof_mod_process(struct mbof_mod_ctx *mod_ctx, bool *done) + added->dns[j] = added->dns[j+1]; + } + added->num--; ++ i--; + } + } + } +-- +1.7.4.2 + diff --git a/0002-memberof-free-delete-operation-apyload-once-done.patch b/0002-memberof-free-delete-operation-apyload-once-done.patch new file mode 100644 index 0000000..b4f44ad --- /dev/null +++ b/0002-memberof-free-delete-operation-apyload-once-done.patch @@ -0,0 +1,55 @@ +>From c808473b784459c65a99db8cf519a619df27f45a Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 13 Apr 2011 17:09:09 -0400 +Subject: [PATCH] memberof: free delete operation apyload once done + +Large memberof delete operations can cause quite a number of searches +and the results are attached to a delop operation structure. +Make sure we free this payload once the operation is done and these +results are not used anymore so that we get a smaller total memory footprint. +--- + src/ldb_modules/memberof.c | 14 +++++++++++++- + 1 files changed, 13 insertions(+), 1 deletions(-) + +diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c +index 41ea0b344e951ffc47a4882896671bd9b37e1719..4fc46fa84529ac1850cdb588ddf69be0f60e8238 100644 +--- a/src/ldb_modules/memberof.c ++++ b/src/ldb_modules/memberof.c +@@ -1161,6 +1161,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, + static int mbof_del_muop(struct mbof_del_ctx *ctx); + static int mbof_del_muop_callback(struct ldb_request *req, + struct ldb_reply *ares); ++static void free_delop_contents(struct mbof_del_operation *delop); + + + static int memberof_del(struct ldb_module *module, struct ldb_request *req) +@@ -2182,6 +2183,8 @@ static int mbof_del_progeny(struct mbof_del_operation *delop) + return ret; + } + ++ free_delop_contents(delop); ++ + if (nextop) { + return mbof_del_execute_op(nextop); + } +@@ -2405,7 +2408,16 @@ static int mbof_del_muop_callback(struct ldb_request *req, + return LDB_SUCCESS; + } + +- ++/* delop may carry on a lot of memory, so we need a function to clean up ++ * the payload without breaking the delop chain */ ++static void free_delop_contents(struct mbof_del_operation *delop) ++{ ++ talloc_zfree(delop->entry); ++ talloc_zfree(delop->parents); ++ talloc_zfree(delop->anc_ctx); ++ delop->num_parents = 0; ++ delop->cur_parent = 0; ++} + + /* mod operation */ + +-- +1.7.4.2 + diff --git a/0003-Never-remove-gecos-from-the-sysdb-cache.patch b/0003-Never-remove-gecos-from-the-sysdb-cache.patch new file mode 100644 index 0000000..081eed4 --- /dev/null +++ b/0003-Never-remove-gecos-from-the-sysdb-cache.patch @@ -0,0 +1,34 @@ +From 9d5a7dec9eb1201f48f497b3f5355439977f0c88 Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Tue, 12 Apr 2011 12:47:14 -0400 +Subject: [PATCH] Never remove gecos from the sysdb cache + +Now that gecos can come from either the 'gecos' or 'cn' attributes, +we need to ensure that we never remove it from the cache. +--- + src/providers/ldap/ldap_common.c | 9 +++++++++ + 1 files changed, 9 insertions(+), 0 deletions(-) + +diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c +index ce6d41d5872a6dd474aff4bab8e2920688abda92..29a5820f5c6c765646c43948a9d17fe0016931ed 100644 +--- a/src/providers/ldap/ldap_common.c ++++ b/src/providers/ldap/ldap_common.c +@@ -962,6 +962,15 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx, + continue; + } + ++ /* GECOS is another special case. Its value can come ++ * either from the 'gecos' attribute or the 'cn' ++ * attribute. It's best if we just never remove it. ++ */ ++ if (strcasecmp(sysdb_name, SYSDB_GECOS) == 0) { ++ talloc_free(sysdb_name); ++ continue; ++ } ++ + for (j = 0; j < recvd_attrs->num; j++) { + /* Check whether this expected attribute appeared in the + * received attributes and had a non-zero number of +-- +1.7.4.2 + diff --git a/sssd.spec b/sssd.spec index 00a95a8..036b1ca 100644 --- a/sssd.spec +++ b/sssd.spec @@ -7,12 +7,9 @@ %global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) %global ldb_version 1.0.2 -# Determine the location of the systemd unit file directory -%global systemdunitdir %(pkg-config --variable=systemdsystemunitdir systemd) - Name: sssd Version: 1.5.5 -Release: 2%{?dist} +Release: 3%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -21,7 +18,9 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### - +Patch0001: 0001-memberof-fix-calculation-of-replaced-members.patch +Patch0002: 0002-memberof-free-delete-operation-apyload-once-done.patch +Patch0003: 0003-Never-remove-gecos-from-the-sysdb-cache.patch ### Dependencies ### Requires: libldb = %{ldb_version} @@ -114,6 +113,10 @@ use with ldap_default_authtok_type = obfuscated_password. %prep %setup -q +%patch0001 -p1 +%patch0002 -p1 +%patch0003 -p1 + %build autoreconf -ivf %configure \ @@ -158,8 +161,8 @@ install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd # Replace sysv init script with systemd unit file rm -f $RPM_BUILD_ROOT/%{_initrddir}/%{name} -mkdir -p $RPM_BUILD_ROOT/%{systemdunitdir}/ -cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{systemdunitdir}/ +mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/ +cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/ # Remove .la files created by libtool rm -f \ @@ -201,7 +204,7 @@ rm -rf $RPM_BUILD_ROOT %files -f sssd.lang %defattr(-,root,root,-) %doc COPYING -%{systemdunitdir}/sssd.service +%{_unitdir}/sssd.service %{_sbindir}/sssd %{_libexecdir}/%{servicename}/ %{_libdir}/%{name}/ @@ -259,25 +262,45 @@ rm -rf $RPM_BUILD_ROOT %post /sbin/ldconfig -/sbin/chkconfig --add %{servicename} if [ $1 -ge 1 ] ; then - /sbin/service %{servicename} condrestart 2>&1 > /dev/null + # Initial installation + /bin/systemctl daemon-reload >/dev/null 2>&1 || : fi %preun if [ $1 = 0 ]; then - /sbin/service %{servicename} stop 2>&1 > /dev/null - /sbin/chkconfig --del %{servicename} + # Package removal, not upgrade + /bin/systemctl --no-reload disable sssd.service > /dev/null 2>&1 || : + /bin/systemctl stop sssd.service > /dev/null 2>&1 || : +fi + +%triggerun -- sssd < 1.5.5-3 +if /sbin/chkconfig sssd ; then + /bin/systemctl --no-reload enable sssd.service >/dev/null 2>&1 || : fi %postun -p /sbin/ldconfig %post client -p /sbin/ldconfig -%postun client -p /sbin/ldconfig +%postun client +/sbin/ldconfig +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ] ; then + # On upgrade, reload init system configuration if we changed unit files + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl try-restart sssd.service >/dev/null 2>&1 || : +fi %changelog +* Thu Apr 14 2011 Stephen Gallagher - 1.5.5-3 +- Fix systemd conversion. Upgrades from SysV to systemd weren't properly +- enabling the systemd service. +- Fix a serious memory leak in the memberOf plugin +- Fix an issue where the user's full name would sometimes be removed +- from the cache + * Tue Apr 12 2011 Stephen Gallagher - 1.5.5-2 - Install systemd unit file instead of sysv init script