forked from jengelh/sssd
Accepting request 157216 from network:ldap
Factory only - Resolve user retrieval problems when encountering binary data in LDAP attributes (bnc#806078), OBS-URL: https://build.opensuse.org/request/show/157216 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=43
This commit is contained in:
commit
b86460ab71
28
sssd-no-ldb-check.diff
Normal file
28
sssd-no-ldb-check.diff
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From: Jan Engelhardt <jengelh@inai.de>
|
||||||
|
Date: 2013-02-21 09:09:59.418801298 +0100
|
||||||
|
Upstream: no
|
||||||
|
|
||||||
|
Whenever ldb has a version number update, memberof.so aborts sssd
|
||||||
|
loading. Arguably, LDB has not made any ABI stability promises
|
||||||
|
says
|
||||||
|
http://lists.fedorahosted.org/pipermail/sssd-devel/2013-February/013686.html
|
||||||
|
but they are at least trying to, by keeping some versioned symbols.
|
||||||
|
So, let's try this here for openSUSE.
|
||||||
|
|
||||||
|
---
|
||||||
|
src/ldb_modules/memberof.c | 3 ---
|
||||||
|
1 file changed, 3 deletions(-)
|
||||||
|
|
||||||
|
Index: sssd-1.9.4/src/ldb_modules/memberof.c
|
||||||
|
===================================================================
|
||||||
|
--- sssd-1.9.4.orig/src/ldb_modules/memberof.c
|
||||||
|
+++ sssd-1.9.4/src/ldb_modules/memberof.c
|
||||||
|
@@ -4570,8 +4570,5 @@ const struct ldb_module_ops ldb_memberof
|
||||||
|
|
||||||
|
int ldb_init_module(const char *version)
|
||||||
|
{
|
||||||
|
-#ifdef LDB_MODULE_CHECK_VERSION
|
||||||
|
- LDB_MODULE_CHECK_VERSION(version);
|
||||||
|
-#endif
|
||||||
|
return ldb_register_module(&ldb_memberof_module_ops);
|
||||||
|
}
|
102
sssd-sysdb-binary-attrs.diff
Normal file
102
sssd-sysdb-binary-attrs.diff
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
From 3229c2107e4645240cfc4aa5d262e5330c356a49 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Engelhardt <jengelh@inai.de>
|
||||||
|
Date: Thu, 21 Feb 2013 13:12:25 +0100
|
||||||
|
Subject: [PATCH] sysdb: try dealing with binary-content attributes
|
||||||
|
|
||||||
|
I have here a LDAP user entry which has this attribute
|
||||||
|
|
||||||
|
loginAllowedTimeMap::
|
||||||
|
AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA
|
||||||
|
|
||||||
|
In the function sysdb_attrs_add_string(), called from
|
||||||
|
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
|
||||||
|
the wrong thing to do. The result of strlen is then used to populate
|
||||||
|
the .v_length member of a struct ldb_val - and this will set it to
|
||||||
|
zero in this case. (There is also the problem that there may not be
|
||||||
|
a '\0' at all in the blob.)
|
||||||
|
|
||||||
|
Subsequently, .v_length being 0 makes ldb_modify(), called from
|
||||||
|
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
|
||||||
|
result is that users do not get stored in the sysdb, and programs like
|
||||||
|
`id` or `getent ...` show incomplete information.
|
||||||
|
|
||||||
|
The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
|
||||||
|
fine, but that may not mean that is the absolute lower boundary of
|
||||||
|
introduction of the problem.
|
||||||
|
---
|
||||||
|
src/db/sysdb.c | 10 ++++++++++
|
||||||
|
src/db/sysdb.h | 2 ++
|
||||||
|
src/providers/ldap/sdap.c | 7 +++----
|
||||||
|
src/providers/ldap/sdap_async.c | 4 ++--
|
||||||
|
4 files changed, 17 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
|
||||||
|
index e7524f4..7c34791 100644
|
||||||
|
--- a/src/db/sysdb.c
|
||||||
|
+++ b/src/db/sysdb.c
|
||||||
|
@@ -512,6 +512,16 @@ int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
|
||||||
|
return sysdb_attrs_add_val(attrs, name, &v);
|
||||||
|
}
|
||||||
|
|
||||||
|
+int sysdb_attrs_add_mem(struct sysdb_attrs *attrs, const char *name,
|
||||||
|
+ const void *mem, size_t size)
|
||||||
|
+{
|
||||||
|
+ struct ldb_val v;
|
||||||
|
+
|
||||||
|
+ v.data = discard_const(mem);
|
||||||
|
+ v.length = size;
|
||||||
|
+ return sysdb_attrs_add_val(attrs, name, &v);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
|
||||||
|
const char *name, bool value)
|
||||||
|
{
|
||||||
|
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
||||||
|
index fff97a8..23cbbb0 100644
|
||||||
|
--- a/src/db/sysdb.h
|
||||||
|
+++ b/src/db/sysdb.h
|
||||||
|
@@ -250,6 +250,8 @@ int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
|
||||||
|
const char *name, const struct ldb_val *val);
|
||||||
|
int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
|
||||||
|
const char *name, const char *str);
|
||||||
|
+int sysdb_attrs_add_mem(struct sysdb_attrs *, const char *,
|
||||||
|
+ const void *, size_t);
|
||||||
|
int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
|
||||||
|
const char *name, bool value);
|
||||||
|
int sysdb_attrs_add_long(struct sysdb_attrs *attrs,
|
||||||
|
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
|
||||||
|
index 371121b..988f27d 100644
|
||||||
|
--- a/src/providers/ldap/sdap.c
|
||||||
|
+++ b/src/providers/ldap/sdap.c
|
||||||
|
@@ -474,10 +474,9 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
|
||||||
|
for (i=0; dval->vals[i].bv_val; i++) {
|
||||||
|
DEBUG(9, ("Dereferenced attribute value: %s\n",
|
||||||
|
dval->vals[i].bv_val));
|
||||||
|
- v.data = (uint8_t *) dval->vals[i].bv_val;
|
||||||
|
- v.length = dval->vals[i].bv_len;
|
||||||
|
-
|
||||||
|
- ret = sysdb_attrs_add_val(res[mi]->attrs, name, &v);
|
||||||
|
+ ret = sysdb_attrs_add_mem(res[mi]->attrs, name,
|
||||||
|
+ dval->vals[i].bv_val,
|
||||||
|
+ dval->vals[i].bv_len);
|
||||||
|
if (ret) goto done;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
|
||||||
|
index 84497b7..b7d9839 100644
|
||||||
|
--- a/src/providers/ldap/sdap_async.c
|
||||||
|
+++ b/src/providers/ldap/sdap_async.c
|
||||||
|
@@ -2226,8 +2226,8 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
|
||||||
|
DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding %s [%s] to attributes "
|
||||||
|
"of [%s].\n", desc, el->values[i].data, objname));
|
||||||
|
|
||||||
|
- ret = sysdb_attrs_add_string(attrs, attr_name,
|
||||||
|
- (const char *) el->values[i].data);
|
||||||
|
+ ret = sysdb_attrs_add_mem(attrs, attr_name, el->values[i].data,
|
||||||
|
+ el->values[i].length);
|
||||||
|
if (ret) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.10.4
|
||||||
|
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 26 08:29:43 UTC 2013 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Resolve user retrieval problems when encountering binary data
|
||||||
|
in LDAP attributes (bnc#806078),
|
||||||
|
added sssd-sysdb-binary-attrs.diff
|
||||||
|
- Added sssd-no-ldb-check.diff so that SSSD continues to start
|
||||||
|
even after an LDB update.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 8 10:31:52 UTC 2013 - rhafer@suse.com
|
Fri Feb 8 10:31:52 UTC 2013 - rhafer@suse.com
|
||||||
|
|
||||||
|
@ -30,6 +30,8 @@ Source: %name-%version.tar.xz
|
|||||||
Source3: baselibs.conf
|
Source3: baselibs.conf
|
||||||
Patch1: 0005-implicit-decl.diff
|
Patch1: 0005-implicit-decl.diff
|
||||||
Patch2: sssd-ldflags.diff
|
Patch2: sssd-ldflags.diff
|
||||||
|
Patch3: sssd-no-ldb-check.diff
|
||||||
|
Patch4: sssd-sysdb-binary-attrs.diff
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%define servicename sssd
|
%define servicename sssd
|
||||||
@ -198,7 +200,7 @@ Security Services Daemon (sssd).
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -P 1 -P 2 -p1
|
%patch -P 1 -P 2 -P 3 -P 4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?suse_version} < 1210
|
%if 0%{?suse_version} < 1210
|
||||||
|
Loading…
Reference in New Issue
Block a user