From 0d7e32d3cc277deb7b49f23d7b72a050614db29120ad625d43e777ddc37df322 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Tue, 5 Mar 2013 05:50:14 +0000 Subject: [PATCH] Accepting request 157216 from network:ldap Factory only - Resolve user retrieval problems when encountering binary data in LDAP attributes (bnc#806078), OBS-URL: https://build.opensuse.org/request/show/157216 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=43 --- sssd-no-ldb-check.diff | 28 ++++++++++ sssd-sysdb-binary-attrs.diff | 102 +++++++++++++++++++++++++++++++++++ sssd.changes | 9 ++++ sssd.spec | 4 +- 4 files changed, 142 insertions(+), 1 deletion(-) create mode 100644 sssd-no-ldb-check.diff create mode 100644 sssd-sysdb-binary-attrs.diff diff --git a/sssd-no-ldb-check.diff b/sssd-no-ldb-check.diff new file mode 100644 index 0000000..e216a19 --- /dev/null +++ b/sssd-no-ldb-check.diff @@ -0,0 +1,28 @@ +From: Jan Engelhardt +Date: 2013-02-21 09:09:59.418801298 +0100 +Upstream: no + +Whenever ldb has a version number update, memberof.so aborts sssd +loading. Arguably, LDB has not made any ABI stability promises +says +http://lists.fedorahosted.org/pipermail/sssd-devel/2013-February/013686.html +but they are at least trying to, by keeping some versioned symbols. +So, let's try this here for openSUSE. + +--- + src/ldb_modules/memberof.c | 3 --- + 1 file changed, 3 deletions(-) + +Index: sssd-1.9.4/src/ldb_modules/memberof.c +=================================================================== +--- sssd-1.9.4.orig/src/ldb_modules/memberof.c ++++ sssd-1.9.4/src/ldb_modules/memberof.c +@@ -4570,8 +4570,5 @@ const struct ldb_module_ops ldb_memberof + + int ldb_init_module(const char *version) + { +-#ifdef LDB_MODULE_CHECK_VERSION +- LDB_MODULE_CHECK_VERSION(version); +-#endif + return ldb_register_module(&ldb_memberof_module_ops); + } diff --git a/sssd-sysdb-binary-attrs.diff b/sssd-sysdb-binary-attrs.diff new file mode 100644 index 0000000..6075737 --- /dev/null +++ b/sssd-sysdb-binary-attrs.diff @@ -0,0 +1,102 @@ +From 3229c2107e4645240cfc4aa5d262e5330c356a49 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Thu, 21 Feb 2013 13:12:25 +0100 +Subject: [PATCH] sysdb: try dealing with binary-content attributes + +I have here a LDAP user entry which has this attribute + + loginAllowedTimeMap:: + AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA + +In the function sysdb_attrs_add_string(), called from +sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is +the wrong thing to do. The result of strlen is then used to populate +the .v_length member of a struct ldb_val - and this will set it to +zero in this case. (There is also the problem that there may not be +a '\0' at all in the blob.) + +Subsequently, .v_length being 0 makes ldb_modify(), called from +sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End +result is that users do not get stored in the sysdb, and programs like +`id` or `getent ...` show incomplete information. + +The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave +fine, but that may not mean that is the absolute lower boundary of +introduction of the problem. +--- + src/db/sysdb.c | 10 ++++++++++ + src/db/sysdb.h | 2 ++ + src/providers/ldap/sdap.c | 7 +++---- + src/providers/ldap/sdap_async.c | 4 ++-- + 4 files changed, 17 insertions(+), 6 deletions(-) + +diff --git a/src/db/sysdb.c b/src/db/sysdb.c +index e7524f4..7c34791 100644 +--- a/src/db/sysdb.c ++++ b/src/db/sysdb.c +@@ -512,6 +512,16 @@ int sysdb_attrs_add_string(struct sysdb_attrs *attrs, + return sysdb_attrs_add_val(attrs, name, &v); + } + ++int sysdb_attrs_add_mem(struct sysdb_attrs *attrs, const char *name, ++ const void *mem, size_t size) ++{ ++ struct ldb_val v; ++ ++ v.data = discard_const(mem); ++ v.length = size; ++ return sysdb_attrs_add_val(attrs, name, &v); ++} ++ + int sysdb_attrs_add_bool(struct sysdb_attrs *attrs, + const char *name, bool value) + { +diff --git a/src/db/sysdb.h b/src/db/sysdb.h +index fff97a8..23cbbb0 100644 +--- a/src/db/sysdb.h ++++ b/src/db/sysdb.h +@@ -250,6 +250,8 @@ int sysdb_attrs_add_val(struct sysdb_attrs *attrs, + const char *name, const struct ldb_val *val); + int sysdb_attrs_add_string(struct sysdb_attrs *attrs, + const char *name, const char *str); ++int sysdb_attrs_add_mem(struct sysdb_attrs *, const char *, ++ const void *, size_t); + int sysdb_attrs_add_bool(struct sysdb_attrs *attrs, + const char *name, bool value); + int sysdb_attrs_add_long(struct sysdb_attrs *attrs, +diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c +index 371121b..988f27d 100644 +--- a/src/providers/ldap/sdap.c ++++ b/src/providers/ldap/sdap.c +@@ -474,10 +474,9 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, + for (i=0; dval->vals[i].bv_val; i++) { + DEBUG(9, ("Dereferenced attribute value: %s\n", + dval->vals[i].bv_val)); +- v.data = (uint8_t *) dval->vals[i].bv_val; +- v.length = dval->vals[i].bv_len; +- +- ret = sysdb_attrs_add_val(res[mi]->attrs, name, &v); ++ ret = sysdb_attrs_add_mem(res[mi]->attrs, name, ++ dval->vals[i].bv_val, ++ dval->vals[i].bv_len); + if (ret) goto done; + } + } +diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c +index 84497b7..b7d9839 100644 +--- a/src/providers/ldap/sdap_async.c ++++ b/src/providers/ldap/sdap_async.c +@@ -2226,8 +2226,8 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, + DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding %s [%s] to attributes " + "of [%s].\n", desc, el->values[i].data, objname)); + +- ret = sysdb_attrs_add_string(attrs, attr_name, +- (const char *) el->values[i].data); ++ ret = sysdb_attrs_add_mem(attrs, attr_name, el->values[i].data, ++ el->values[i].length); + if (ret) { + return ret; + } +-- +1.7.10.4 + diff --git a/sssd.changes b/sssd.changes index fe7c513..9b75a64 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Feb 26 08:29:43 UTC 2013 - jengelh@inai.de + +- Resolve user retrieval problems when encountering binary data + in LDAP attributes (bnc#806078), + added sssd-sysdb-binary-attrs.diff +- Added sssd-no-ldb-check.diff so that SSSD continues to start + even after an LDB update. + ------------------------------------------------------------------- Fri Feb 8 10:31:52 UTC 2013 - rhafer@suse.com diff --git a/sssd.spec b/sssd.spec index 32f4533..e6ae108 100644 --- a/sssd.spec +++ b/sssd.spec @@ -30,6 +30,8 @@ Source: %name-%version.tar.xz Source3: baselibs.conf Patch1: 0005-implicit-decl.diff Patch2: sssd-ldflags.diff +Patch3: sssd-no-ldb-check.diff +Patch4: sssd-sysdb-binary-attrs.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define servicename sssd @@ -198,7 +200,7 @@ Security Services Daemon (sssd). %prep %setup -q -%patch -P 1 -P 2 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -p1 %build %if 0%{?suse_version} < 1210