From f73d44d40a139b36cd9d34ab23bf49c608b4dbc9 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Mon, 19 Dec 2011 16:13:43 -0500
Subject: [PATCH] New upstream release 1.6.4 Rolls up previous patches applied
 to the 1.6.3 tarball Fixes a rare issue causing crashes in the failover logic
 Fixes an issue where SSSD would return the wrong PAM error code for users
 that it does not recognize.

---
 .gitignore                                    |   1 +
 ...moving-in-old-domain-when-saving-a-n.patch |  35 ----
 ...-that-all-input-strings-are-valid-UT.patch | 172 ------------------
 ...ry-next-failover-server-on-any-error.patch |  38 ----
 sources                                       |   2 +-
 sssd.spec                                     |  14 +-
 6 files changed, 11 insertions(+), 251 deletions(-)
 delete mode 100644 0001-configAPI-Fix-removing-in-old-domain-when-saving-a-n.patch
 delete mode 100644 0002-RESPONDER-Ensure-that-all-input-strings-are-valid-UT.patch
 delete mode 100644 0003-LDAP-Try-next-failover-server-on-any-error.patch

diff --git a/.gitignore b/.gitignore
index 7ead0d3..08df1d1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@ sssd-1.2.91.tar.gz
 /sssd-1.6.1.tar.gz
 /sssd-1.6.2.tar.gz
 /sssd-1.6.3.tar.gz
+/sssd-1.6.4.tar.gz
diff --git a/0001-configAPI-Fix-removing-in-old-domain-when-saving-a-n.patch b/0001-configAPI-Fix-removing-in-old-domain-when-saving-a-n.patch
deleted file mode 100644
index 9c6b4aa..0000000
--- a/0001-configAPI-Fix-removing-in-old-domain-when-saving-a-n.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From cc1bae136c35b0a72c0e39928b0be414e182d375 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek@redhat.com>
-Date: Thu, 10 Nov 2011 12:36:26 +0100
-Subject: [PATCH] configAPI: Fix removing in old domain when saving a new
- domain
-
----
- src/config/SSSDConfig.py |    4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
-index 87b1d63..6858ce4 100644
---- a/src/config/SSSDConfig.py
-+++ b/src/config/SSSDConfig.py
-@@ -1760,7 +1760,7 @@ class SSSDConfig(SSSDChangeConf):
-             domain.oldname = None;
- 
-         sectionname = 'domain/%s' % name
--        section_subtree = self.findOpts(self.opts, 'section', sectionname)
-+        (no, section_subtree) = self.findOpts(self.opts, 'section', sectionname)
- 
-         if name not in self.list_domains():
-             self.add_section(sectionname, []);
-@@ -1768,7 +1768,7 @@ class SSSDConfig(SSSDChangeConf):
-         for option in self.options(sectionname):
-             if option['type'] == 'option':
-                 if option['name'] not in domain.get_all_options():
--                    self.delete_option_subtree(section_subtree, 'option', option['name'], True)
-+                    self.delete_option_subtree(section_subtree['values'], 'option', option['name'], True)
- 
-         for option,value in domain.get_all_options().items():
-             if (type(value) == list):
--- 
-1.7.7
-
diff --git a/0002-RESPONDER-Ensure-that-all-input-strings-are-valid-UT.patch b/0002-RESPONDER-Ensure-that-all-input-strings-are-valid-UT.patch
deleted file mode 100644
index 312ab6b..0000000
--- a/0002-RESPONDER-Ensure-that-all-input-strings-are-valid-UT.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 6bfda68007ef402e2dc94e674df1e5b83686b0b5 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Mon, 14 Nov 2011 11:31:37 -0500
-Subject: [PATCH 1/4] RESPONDER: Ensure that all input strings are valid UTF-8
-
----
- Makefile.am                             |    6 ++++--
- src/external/libunistring.m4            |    5 +++++
- src/responder/common/responder.h        |    2 ++
- src/responder/common/responder_common.c |    9 +++++++++
- src/responder/nss/nsssrv_cmd.c          |   21 +++++++++++++++++++++
- src/responder/nss/nsssrv_netgroup.c     |    7 +++++++
- src/responder/pam/pamsrv_cmd.c          |    5 +++++
- 7 files changed, 53 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 916881e17329bc6175888c7e53d3b313f24c92c0..9b438f5a78587eb579f589997bf13db9e6ebfab4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -409,7 +409,8 @@ sssd_nss_SOURCES = \
- sssd_nss_LDADD = \
-     $(TDB_LIBS) \
-     $(SSSD_LIBS) \
--    libsss_util.la
-+    libsss_util.la \
-+    -lunistring
- 
- sssd_pam_SOURCES = \
-     src/responder/pam/pam_LOCAL_domain.c \
-@@ -420,7 +421,8 @@ sssd_pam_SOURCES = \
- sssd_pam_LDADD = \
-     $(TDB_LIBS) \
-     $(SSSD_LIBS) \
--    libsss_util.la
-+    libsss_util.la \
-+    -lunistring
- 
- sssd_be_SOURCES = \
-     src/providers/data_provider_be.c \
-diff --git a/src/external/libunistring.m4 b/src/external/libunistring.m4
-index 69c54fe3faf4bffea120cb30e1d3ed73a2a104c8..18ea3e62a727032a86d248318b5a2a19011ee8ac 100644
---- a/src/external/libunistring.m4
-+++ b/src/external/libunistring.m4
-@@ -6,4 +6,9 @@ AC_CHECK_HEADERS(unistr.h,
- AC_CHECK_HEADERS(unicase.h,
-     [AC_CHECK_LIB([unistring], [u8_casecmp], [ UNISTRING_LIBS="-lunistring" ], [AC_MSG_ERROR([No usable libunistring library found])])],
-     [AC_MSG_ERROR([libunistring header files are not installed])]
-+)
-+
-+AC_CHECK_HEADERS(unistr.h,
-+    [AC_CHECK_LIB([unistring], [u8_check], [ UNISTRING_LIBS="-lunistring" ], [AC_MSG_ERROR([No usable libunistring library found])])],
-+    [AC_MSG_ERROR([libunistring header files are not installed])]
- )
-\ No newline at end of file
-diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
-index 321cedda8f495e38e19fe07b60271d54915316b7..1b39fdd5b6854e05acdf5b7be2c63a2c8381f3c3 100644
---- a/src/responder/common/responder.h
-+++ b/src/responder/common/responder.h
-@@ -174,4 +174,6 @@ int sss_dp_send_acct_req(struct resp_ctx *rctx, TALLOC_CTX *callback_memctx,
- int responder_logrotate(DBusMessage *message,
-                         struct sbus_connection *conn);
- 
-+bool sss_utf8_check(const uint8_t *s, size_t n);
-+
- #endif /* __SSS_RESPONDER_H__ */
-diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
-index 719f2464733faa0498be59226eeb39f5736d0d26..f97ec06fd2d93d9568607c00bb3399792eec397a 100644
---- a/src/responder/common/responder_common.c
-+++ b/src/responder/common/responder_common.c
-@@ -32,6 +32,7 @@
- #include <sys/time.h>
- #include <errno.h>
- #include <popt.h>
-+#include <unistr.h>
- #include "util/util.h"
- #include "db/sysdb.h"
- #include "confdb/confdb.h"
-@@ -627,3 +628,11 @@ int responder_logrotate(DBusMessage *message,
- 
-     return monitor_common_pong(message, conn);
- }
-+
-+bool sss_utf8_check(const uint8_t *s, size_t n)
-+{
-+    if (u8_check(s, n) == NULL) {
-+        return true;
-+    }
-+    return false;
-+}
-diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
-index 56ebe4815b41a2dae158b3028cc03b5e2848ada4..c531ae2c53b4019561092b29f90baf24dd397c76 100644
---- a/src/responder/nss/nsssrv_cmd.c
-+++ b/src/responder/nss/nsssrv_cmd.c
-@@ -873,6 +873,13 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
-         ret = EINVAL;
-         goto done;
-     }
-+
-+    /* If the body isn't valid UTF-8, fail */
-+    if (!sss_utf8_check(body, blen)) {
-+        ret = EINVAL;
-+        goto done;
-+    }
-+
-     rawname = (const char *)body;
- 
-     domname = NULL;
-@@ -2140,6 +2147,13 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
-         ret = EINVAL;
-         goto done;
-     }
-+
-+    /* If the body isn't valid UTF-8, fail */
-+    if (!sss_utf8_check(body, blen)) {
-+        ret = EINVAL;
-+        goto done;
-+    }
-+
-     rawname = (const char *)body;
- 
-     domname = NULL;
-@@ -3180,6 +3194,13 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
-         ret = EINVAL;
-         goto done;
-     }
-+
-+    /* If the body isn't valid UTF-8, fail */
-+    if (!sss_utf8_check(body, blen)) {
-+        ret = EINVAL;
-+        goto done;
-+    }
-+
-     rawname = (const char *)body;
- 
-     domname = NULL;
-diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
-index df3823ed2798e6022c07e1c8af630c2cb8a14028..c8b7bd1d9a1805c7a4688290e3b6fb4c5883bac0 100644
---- a/src/responder/nss/nsssrv_netgroup.c
-+++ b/src/responder/nss/nsssrv_netgroup.c
-@@ -113,6 +113,13 @@ int nss_cmd_setnetgrent(struct cli_ctx *client)
-         ret = EINVAL;
-         goto done;
-     }
-+
-+    /* If the body isn't valid UTF-8, fail */
-+    if (!sss_utf8_check(body, blen)) {
-+        ret = EINVAL;
-+        goto done;
-+    }
-+
-     rawname = (const char *)body;
- 
-     req = setnetgrent_send(cmdctx, rawname, cmdctx);
-diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
-index 3c9d7600a70465cd087950d775d2f7a78a3ab141..cbf22236e1d5ecd8186ed171e59753fca18d0609 100644
---- a/src/responder/pam/pamsrv_cmd.c
-+++ b/src/responder/pam/pamsrv_cmd.c
-@@ -70,6 +70,11 @@ static int extract_string(char **var, size_t size, uint8_t *body, size_t blen,
- 
-     if (str[size-1]!='\0') return EINVAL;
- 
-+    /* If the string isn't valid UTF-8, fail */
-+    if (!sss_utf8_check(str, size)) {
-+        return EINVAL;
-+    }
-+
-     *c += size;
- 
-     *var = (char *) str;
--- 
-1.7.7.3
-
diff --git a/0003-LDAP-Try-next-failover-server-on-any-error.patch b/0003-LDAP-Try-next-failover-server-on-any-error.patch
deleted file mode 100644
index 15dfe38..0000000
--- a/0003-LDAP-Try-next-failover-server-on-any-error.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 11f9ae2ef3a4884b5e7750a3d549a58a71abc015 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Mon, 28 Nov 2011 11:26:41 -0500
-Subject: [PATCH 4/4] LDAP: Try next failover server on any error
-
----
- src/providers/ldap/sdap_async_connection.c |   14 +++++---------
- 1 files changed, 5 insertions(+), 9 deletions(-)
-
-diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
-index c69b9bce0f4649e76138168a4883c138ff5c721f..045f009c2f62e4d3d4d906a017508c2f4fbceda9 100644
---- a/src/providers/ldap/sdap_async_connection.c
-+++ b/src/providers/ldap/sdap_async_connection.c
-@@ -1226,16 +1226,12 @@ static void sdap_cli_connect_done(struct tevent_req *subreq)
-     ret = sdap_connect_recv(subreq, state, &state->sh);
-     talloc_zfree(subreq);
-     if (ret) {
--        if (ret == ETIMEDOUT) { /* retry another server */
--            fo_set_port_status(state->srv, PORT_NOT_WORKING);
--            ret = sdap_cli_resolve_next(req);
--            if (ret != EOK) {
--                tevent_req_error(req, ret);
--            }
--            return;
-+        /* retry another server */
-+        fo_set_port_status(state->srv, PORT_NOT_WORKING);
-+        ret = sdap_cli_resolve_next(req);
-+        if (ret != EOK) {
-+            tevent_req_error(req, ret);
-         }
--
--        tevent_req_error(req, ret);
-         return;
-     }
- 
--- 
-1.7.7.3
-
diff --git a/sources b/sources
index 2b61958..7c8bb2d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-835c7fe267d7380fd42876ccc5a98b19  sssd-1.6.3.tar.gz
+2087b80443ecaef4fe1e9af1a4b5e76c  sssd-1.6.4.tar.gz
diff --git a/sssd.spec b/sssd.spec
index c1467ad..d29b71f 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -18,8 +18,8 @@
 %global ldb_version 1.1.4
 
 Name: sssd
-Version: 1.6.3
-Release: 5%{?dist}
+Version: 1.6.4
+Release: 1%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -28,9 +28,6 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
-Patch0001: 0001-configAPI-Fix-removing-in-old-domain-when-saving-a-n.patch
-Patch0002: 0002-RESPONDER-Ensure-that-all-input-strings-are-valid-UT.patch
-Patch0003: 0003-LDAP-Try-next-failover-server-on-any-error.patch
 
 ### Dependencies ###
 
@@ -378,6 +375,13 @@ fi
 %postun -n libipa_hbac -p /sbin/ldconfig
 
 %changelog
+* Mon Dec 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.4-1
+- New upstream release 1.6.4
+- Rolls up previous patches applied to the 1.6.3 tarball
+- Fixes a rare issue causing crashes in the failover logic
+- Fixes an issue where SSSD would return the wrong PAM error code for users
+  that it does not recognize.
+
 * Wed Dec 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-5
 - Rebuild against libldb 1.1.4