sssd-1.9.5
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=95
This commit is contained in:
parent
4ebd417d39
commit
d670356e53
@ -1,414 +0,0 @@
|
|||||||
From e5f0ef211e81fcd7a87d5e37b0aadca50201c6d6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
||||||
Date: Sun, 3 Mar 2013 21:43:44 +0100
|
|
||||||
Subject: Add unit tests for simple access test by groups
|
|
||||||
|
|
||||||
I realized that the current unit tests for the simple access provider
|
|
||||||
only tested the user directives. To have a baseline and be able to
|
|
||||||
detect new bugs in the upcoming patch, I implemented unit tests for the
|
|
||||||
group lists, too.
|
|
||||||
(cherry picked from commit 754b09b5444e6da88ed58d6deaed8b815e268b6b)
|
|
||||||
---
|
|
||||||
src/tests/simple_access-tests.c | 285 +++++++++++++++++++++++++++++++++++-----
|
|
||||||
1 file changed, 253 insertions(+), 32 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/tests/simple_access-tests.c b/src/tests/simple_access-tests.c
|
|
||||||
index c61814e..577c6d3 100644
|
|
||||||
--- a/src/tests/simple_access-tests.c
|
|
||||||
+++ b/src/tests/simple_access-tests.c
|
|
||||||
@@ -30,39 +30,152 @@
|
|
||||||
#include "providers/simple/simple_access.h"
|
|
||||||
#include "tests/common.h"
|
|
||||||
|
|
||||||
+#define TESTS_PATH "tests_simple_access"
|
|
||||||
+#define TEST_CONF_FILE "tests_conf.ldb"
|
|
||||||
+
|
|
||||||
const char *ulist_1[] = {"u1", "u2", NULL};
|
|
||||||
+const char *glist_1[] = {"g1", "g2", NULL};
|
|
||||||
+
|
|
||||||
+struct simple_test_ctx *test_ctx = NULL;
|
|
||||||
+
|
|
||||||
+struct simple_test_ctx {
|
|
||||||
+ struct sysdb_ctx *sysdb;
|
|
||||||
+ struct confdb_ctx *confdb;
|
|
||||||
|
|
||||||
-struct simple_ctx *ctx = NULL;
|
|
||||||
+ struct simple_ctx *ctx;
|
|
||||||
+};
|
|
||||||
|
|
||||||
void setup_simple(void)
|
|
||||||
{
|
|
||||||
- fail_unless(ctx == NULL, "Simple context already initialized.");
|
|
||||||
- ctx = talloc_zero(NULL, struct simple_ctx);
|
|
||||||
- fail_unless(ctx != NULL, "Cannot create simple context.");
|
|
||||||
-
|
|
||||||
- ctx->domain = talloc_zero(ctx, struct sss_domain_info);
|
|
||||||
- fail_unless(ctx != NULL, "Cannot create domain in simple context.");
|
|
||||||
- ctx->domain->case_sensitive = true;
|
|
||||||
+ errno_t ret;
|
|
||||||
+ char *conf_db;
|
|
||||||
+ const char *val[2];
|
|
||||||
+ val[1] = NULL;
|
|
||||||
+
|
|
||||||
+ /* Create tests directory if it doesn't exist */
|
|
||||||
+ /* (relative to current dir) */
|
|
||||||
+ ret = mkdir(TESTS_PATH, 0775);
|
|
||||||
+ fail_if(ret == -1 && errno != EEXIST,
|
|
||||||
+ "Could not create %s directory", TESTS_PATH);
|
|
||||||
+
|
|
||||||
+ fail_unless(test_ctx == NULL, "Simple context already initialized.");
|
|
||||||
+ test_ctx = talloc_zero(NULL, struct simple_test_ctx);
|
|
||||||
+ fail_unless(test_ctx != NULL, "Cannot create simple test context.");
|
|
||||||
+
|
|
||||||
+ test_ctx->ctx = talloc_zero(test_ctx, struct simple_ctx);
|
|
||||||
+ fail_unless(test_ctx->ctx != NULL, "Cannot create simple context.");
|
|
||||||
+
|
|
||||||
+ conf_db = talloc_asprintf(test_ctx, "%s/%s", TESTS_PATH, TEST_CONF_FILE);
|
|
||||||
+ fail_if(conf_db == NULL, "Out of memory, aborting!");
|
|
||||||
+ DEBUG(SSSDBG_TRACE_LIBS, ("CONFDB: %s\n", conf_db));
|
|
||||||
+
|
|
||||||
+ /* Connect to the conf db */
|
|
||||||
+ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db);
|
|
||||||
+ fail_if(ret != EOK, "Could not initialize connection to the confdb");
|
|
||||||
+
|
|
||||||
+ val[0] = "LOCAL";
|
|
||||||
+ ret = confdb_add_param(test_ctx->confdb, true,
|
|
||||||
+ "config/sssd", "domains", val);
|
|
||||||
+ fail_if(ret != EOK, "Could not initialize domains placeholder");
|
|
||||||
+
|
|
||||||
+ val[0] = "local";
|
|
||||||
+ ret = confdb_add_param(test_ctx->confdb, true,
|
|
||||||
+ "config/domain/LOCAL", "id_provider", val);
|
|
||||||
+ fail_if(ret != EOK, "Could not initialize provider");
|
|
||||||
+
|
|
||||||
+ val[0] = "TRUE";
|
|
||||||
+ ret = confdb_add_param(test_ctx->confdb, true,
|
|
||||||
+ "config/domain/LOCAL", "enumerate", val);
|
|
||||||
+ fail_if(ret != EOK, "Could not initialize LOCAL domain");
|
|
||||||
+
|
|
||||||
+ val[0] = "TRUE";
|
|
||||||
+ ret = confdb_add_param(test_ctx->confdb, true,
|
|
||||||
+ "config/domain/LOCAL", "cache_credentials", val);
|
|
||||||
+ fail_if(ret != EOK, "Could not initialize LOCAL domain");
|
|
||||||
+
|
|
||||||
+ ret = sysdb_init_domain_and_sysdb(test_ctx, test_ctx->confdb, "local",
|
|
||||||
+ TESTS_PATH,
|
|
||||||
+ &test_ctx->ctx->domain, &test_ctx->ctx->sysdb);
|
|
||||||
+ fail_if(ret != EOK, "Could not initialize connection to the sysdb (%d)", ret);
|
|
||||||
+ test_ctx->ctx->domain->case_sensitive = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
void teardown_simple(void)
|
|
||||||
{
|
|
||||||
int ret;
|
|
||||||
- fail_unless(ctx != NULL, "Simple context already freed.");
|
|
||||||
- ret = talloc_free(ctx);
|
|
||||||
- ctx = NULL;
|
|
||||||
+ fail_unless(test_ctx != NULL, "Simple context already freed.");
|
|
||||||
+ ret = talloc_free(test_ctx);
|
|
||||||
+ test_ctx = NULL;
|
|
||||||
fail_unless(ret == 0, "Connot free simple context.");
|
|
||||||
}
|
|
||||||
|
|
||||||
+void setup_simple_group(void)
|
|
||||||
+{
|
|
||||||
+ errno_t ret;
|
|
||||||
+
|
|
||||||
+ setup_simple();
|
|
||||||
+
|
|
||||||
+ /* Add test users u1 and u2 that would be members of test groups
|
|
||||||
+ * g1 and g2 respectively */
|
|
||||||
+ ret = sysdb_store_user(test_ctx->ctx->sysdb,
|
|
||||||
+ "u1", NULL, 123, 0, "u1", "/home/u1",
|
|
||||||
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not add u1");
|
|
||||||
+
|
|
||||||
+ ret = sysdb_store_user(test_ctx->ctx->sysdb,
|
|
||||||
+ "u2", NULL, 456, 0, "u1", "/home/u1",
|
|
||||||
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not add u2");
|
|
||||||
+
|
|
||||||
+ ret = sysdb_store_user(test_ctx->ctx->sysdb,
|
|
||||||
+ "u3", NULL, 789, 0, "u1", "/home/u1",
|
|
||||||
+ "/bin/bash", NULL, NULL, NULL, -1, 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not add u3");
|
|
||||||
+
|
|
||||||
+ ret = sysdb_add_group(test_ctx->ctx->sysdb,
|
|
||||||
+ "g1", 321, NULL, 0, 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not add g1");
|
|
||||||
+
|
|
||||||
+ ret = sysdb_add_group(test_ctx->ctx->sysdb,
|
|
||||||
+ "g2", 654, NULL, 0, 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not add g2");
|
|
||||||
+
|
|
||||||
+ ret = sysdb_add_group_member(test_ctx->ctx->sysdb,
|
|
||||||
+ "g1", "u1", SYSDB_MEMBER_USER);
|
|
||||||
+ fail_if(ret != EOK, "Could not add u1 to g1");
|
|
||||||
+
|
|
||||||
+ ret = sysdb_add_group_member(test_ctx->ctx->sysdb,
|
|
||||||
+ "g2", "u2", SYSDB_MEMBER_USER);
|
|
||||||
+ fail_if(ret != EOK, "Could not add u2 to g2");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void teardown_simple_group(void)
|
|
||||||
+{
|
|
||||||
+ errno_t ret;
|
|
||||||
+
|
|
||||||
+ ret = sysdb_delete_user(test_ctx->ctx->sysdb, "u1", 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not delete u1");
|
|
||||||
+ ret = sysdb_delete_user(test_ctx->ctx->sysdb, "u2", 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not delete u2");
|
|
||||||
+ ret = sysdb_delete_user(test_ctx->ctx->sysdb, "u3", 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not delete u3");
|
|
||||||
+ ret = sysdb_delete_group(test_ctx->ctx->sysdb, "g1", 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not delete g1");
|
|
||||||
+ ret = sysdb_delete_group(test_ctx->ctx->sysdb, "g2", 0);
|
|
||||||
+ fail_if(ret != EOK, "Could not delete g2");
|
|
||||||
+
|
|
||||||
+ teardown_simple();
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
START_TEST(test_both_empty)
|
|
||||||
{
|
|
||||||
int ret;
|
|
||||||
bool access_granted = false;
|
|
||||||
|
|
||||||
- ctx->allow_users = NULL;
|
|
||||||
- ctx->deny_users = NULL;
|
|
||||||
+ test_ctx->ctx->allow_users = NULL;
|
|
||||||
+ test_ctx->ctx->deny_users = NULL;
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "u1", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == true, "Access denied "
|
|
||||||
"while both lists are empty.");
|
|
||||||
@@ -74,15 +187,15 @@ START_TEST(test_allow_empty)
|
|
||||||
int ret;
|
|
||||||
bool access_granted = true;
|
|
||||||
|
|
||||||
- ctx->allow_users = NULL;
|
|
||||||
- ctx->deny_users = discard_const(ulist_1);
|
|
||||||
+ test_ctx->ctx->allow_users = NULL;
|
|
||||||
+ test_ctx->ctx->deny_users = discard_const(ulist_1);
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "u1", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == false, "Access granted "
|
|
||||||
"while user is in deny list.");
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "u3", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == true, "Access denied "
|
|
||||||
"while user is not in deny list.");
|
|
||||||
@@ -94,15 +207,15 @@ START_TEST(test_deny_empty)
|
|
||||||
int ret;
|
|
||||||
bool access_granted = false;
|
|
||||||
|
|
||||||
- ctx->allow_users = discard_const(ulist_1);
|
|
||||||
- ctx->deny_users = NULL;
|
|
||||||
+ test_ctx->ctx->allow_users = discard_const(ulist_1);
|
|
||||||
+ test_ctx->ctx->deny_users = NULL;
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "u1", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == true, "Access denied "
|
|
||||||
"while user is in allow list.");
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "u3", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == false, "Access granted "
|
|
||||||
"while user is not in allow list.");
|
|
||||||
@@ -114,15 +227,15 @@ START_TEST(test_both_set)
|
|
||||||
int ret;
|
|
||||||
bool access_granted = false;
|
|
||||||
|
|
||||||
- ctx->allow_users = discard_const(ulist_1);
|
|
||||||
- ctx->deny_users = discard_const(ulist_1);
|
|
||||||
+ test_ctx->ctx->allow_users = discard_const(ulist_1);
|
|
||||||
+ test_ctx->ctx->deny_users = discard_const(ulist_1);
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "u1", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == false, "Access granted "
|
|
||||||
"while user is in deny list.");
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "u3", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == false, "Access granted "
|
|
||||||
"while user is not in allow list.");
|
|
||||||
@@ -134,18 +247,18 @@ START_TEST(test_case)
|
|
||||||
int ret;
|
|
||||||
bool access_granted = false;
|
|
||||||
|
|
||||||
- ctx->allow_users = discard_const(ulist_1);
|
|
||||||
- ctx->deny_users = NULL;
|
|
||||||
+ test_ctx->ctx->allow_users = discard_const(ulist_1);
|
|
||||||
+ test_ctx->ctx->deny_users = NULL;
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "U1", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "U1", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == false, "Access granted "
|
|
||||||
"for user with different case "
|
|
||||||
"in case-sensitive domain");
|
|
||||||
|
|
||||||
- ctx->domain->case_sensitive = false;
|
|
||||||
+ test_ctx->ctx->domain->case_sensitive = false;
|
|
||||||
|
|
||||||
- ret = simple_access_check(ctx, "U1", &access_granted);
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "U1", &access_granted);
|
|
||||||
fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
fail_unless(access_granted == true, "Access denied "
|
|
||||||
"for user with different case "
|
|
||||||
@@ -153,11 +266,95 @@ START_TEST(test_case)
|
|
||||||
}
|
|
||||||
END_TEST
|
|
||||||
|
|
||||||
+START_TEST(test_group_allow_empty)
|
|
||||||
+{
|
|
||||||
+ int ret;
|
|
||||||
+ bool access_granted = true;
|
|
||||||
+
|
|
||||||
+ test_ctx->ctx->allow_groups = NULL;
|
|
||||||
+ test_ctx->ctx->deny_groups = discard_const(glist_1);
|
|
||||||
+
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
|
|
||||||
+ fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
+ fail_unless(access_granted == false, "Access granted "
|
|
||||||
+ "while group is in deny list.");
|
|
||||||
+
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
|
|
||||||
+ fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
+ fail_unless(access_granted == true, "Access denied "
|
|
||||||
+ "while group is not in deny list.");
|
|
||||||
+}
|
|
||||||
+END_TEST
|
|
||||||
+
|
|
||||||
+START_TEST(test_group_deny_empty)
|
|
||||||
+{
|
|
||||||
+ int ret;
|
|
||||||
+ bool access_granted = false;
|
|
||||||
+
|
|
||||||
+ test_ctx->ctx->allow_groups = discard_const(glist_1);
|
|
||||||
+ test_ctx->ctx->deny_groups = NULL;
|
|
||||||
+
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
|
|
||||||
+ fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
+ fail_unless(access_granted == true, "Access denied "
|
|
||||||
+ "while group is in allow list.");
|
|
||||||
+
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
|
|
||||||
+ fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
+ fail_unless(access_granted == false, "Access granted "
|
|
||||||
+ "while group is not in allow list.");
|
|
||||||
+}
|
|
||||||
+END_TEST
|
|
||||||
+
|
|
||||||
+START_TEST(test_group_both_set)
|
|
||||||
+{
|
|
||||||
+ int ret;
|
|
||||||
+ bool access_granted = false;
|
|
||||||
+
|
|
||||||
+ test_ctx->ctx->allow_groups = discard_const(ulist_1);
|
|
||||||
+ test_ctx->ctx->deny_groups = discard_const(ulist_1);
|
|
||||||
+
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u1", &access_granted);
|
|
||||||
+ fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
+ fail_unless(access_granted == false, "Access granted "
|
|
||||||
+ "while group is in deny list.");
|
|
||||||
+
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "u3", &access_granted);
|
|
||||||
+ fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
+ fail_unless(access_granted == false, "Access granted "
|
|
||||||
+ "while group is not in allow list.");
|
|
||||||
+}
|
|
||||||
+END_TEST
|
|
||||||
+
|
|
||||||
+START_TEST(test_group_case)
|
|
||||||
+{
|
|
||||||
+ int ret;
|
|
||||||
+ bool access_granted = false;
|
|
||||||
+
|
|
||||||
+ test_ctx->ctx->allow_groups = discard_const(ulist_1);
|
|
||||||
+ test_ctx->ctx->deny_groups = NULL;
|
|
||||||
+
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "U1", &access_granted);
|
|
||||||
+ fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
+ fail_unless(access_granted == false, "Access granted "
|
|
||||||
+ "for group with different case "
|
|
||||||
+ "in case-sensitive domain");
|
|
||||||
+
|
|
||||||
+ test_ctx->ctx->domain->case_sensitive = false;
|
|
||||||
+
|
|
||||||
+ ret = simple_access_check(test_ctx->ctx, "U1", &access_granted);
|
|
||||||
+ fail_unless(ret == EOK, "access_simple_check failed.");
|
|
||||||
+ fail_unless(access_granted == true, "Access denied "
|
|
||||||
+ "for group with different case "
|
|
||||||
+ "in case-insensitive domain");
|
|
||||||
+}
|
|
||||||
+END_TEST
|
|
||||||
+
|
|
||||||
Suite *access_simple_suite (void)
|
|
||||||
{
|
|
||||||
Suite *s = suite_create("access_simple");
|
|
||||||
|
|
||||||
- TCase *tc_allow_deny = tcase_create("allow/deny");
|
|
||||||
+ TCase *tc_allow_deny = tcase_create("user allow/deny");
|
|
||||||
tcase_add_checked_fixture(tc_allow_deny, setup_simple, teardown_simple);
|
|
||||||
tcase_add_test(tc_allow_deny, test_both_empty);
|
|
||||||
tcase_add_test(tc_allow_deny, test_allow_empty);
|
|
||||||
@@ -166,6 +363,15 @@ Suite *access_simple_suite (void)
|
|
||||||
tcase_add_test(tc_allow_deny, test_case);
|
|
||||||
suite_add_tcase(s, tc_allow_deny);
|
|
||||||
|
|
||||||
+ TCase *tc_grp_allow_deny = tcase_create("group allow/deny");
|
|
||||||
+ tcase_add_checked_fixture(tc_grp_allow_deny,
|
|
||||||
+ setup_simple_group, teardown_simple_group);
|
|
||||||
+ tcase_add_test(tc_grp_allow_deny, test_group_allow_empty);
|
|
||||||
+ tcase_add_test(tc_grp_allow_deny, test_group_deny_empty);
|
|
||||||
+ tcase_add_test(tc_grp_allow_deny, test_group_both_set);
|
|
||||||
+ tcase_add_test(tc_grp_allow_deny, test_group_case);
|
|
||||||
+ suite_add_tcase(s, tc_grp_allow_deny);
|
|
||||||
+
|
|
||||||
return s;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -174,6 +380,7 @@ int main(int argc, const char *argv[])
|
|
||||||
int opt;
|
|
||||||
poptContext pc;
|
|
||||||
int number_failed;
|
|
||||||
+ int ret;
|
|
||||||
|
|
||||||
struct poptOption long_options[] = {
|
|
||||||
POPT_AUTOHELP
|
|
||||||
@@ -205,6 +412,20 @@ int main(int argc, const char *argv[])
|
|
||||||
srunner_run_all(sr, CK_ENV);
|
|
||||||
number_failed = srunner_ntests_failed(sr);
|
|
||||||
srunner_free(sr);
|
|
||||||
+
|
|
||||||
+ ret = unlink(TESTS_PATH"/"TEST_CONF_FILE);
|
|
||||||
+ if (ret != EOK) {
|
|
||||||
+ fprintf(stderr, "Could not delete the test config ldb file (%d) (%s)\n",
|
|
||||||
+ errno, strerror(errno));
|
|
||||||
+ return EXIT_FAILURE;
|
|
||||||
+ }
|
|
||||||
+ ret = unlink(TESTS_PATH"/"LOCAL_SYSDB_FILE);
|
|
||||||
+ if (ret != EOK) {
|
|
||||||
+ fprintf(stderr, "Could not delete the test config ldb file (%d) (%s)\n",
|
|
||||||
+ errno, strerror(errno));
|
|
||||||
+ return EXIT_FAILURE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return (number_failed==0 ? EXIT_SUCCESS : EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
From 8dfcfe629db83eb58dd6613aa174222cb853afb1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
||||||
Date: Mon, 4 Mar 2013 16:37:04 +0100
|
|
||||||
Subject: Do not compile main() in DP if UNIT_TESTING is defined
|
|
||||||
|
|
||||||
The simple access provider unit tests now need to link against the Data
|
|
||||||
Provider when they start using the be_file_account_request() function.
|
|
||||||
But then we would start having conflicts as at least the main()
|
|
||||||
functions would clash.
|
|
||||||
|
|
||||||
If UNIT_TESTING is defined, then the data_provider_be.c module does not
|
|
||||||
contain the main() function and can be linked against directly from
|
|
||||||
another module that contains its own main() function
|
|
||||||
(cherry picked from commit 26590d31f492dbbd36be6d0bde46a4bd3b221edb)
|
|
||||||
---
|
|
||||||
src/providers/data_provider_be.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
|
|
||||||
index f85a04d..33590ae 100644
|
|
||||||
--- a/src/providers/data_provider_be.c
|
|
||||||
+++ b/src/providers/data_provider_be.c
|
|
||||||
@@ -2651,6 +2651,7 @@ fail:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifndef UNIT_TESTING
|
|
||||||
int main(int argc, const char *argv[])
|
|
||||||
{
|
|
||||||
int opt;
|
|
||||||
@@ -2732,6 +2733,7 @@ int main(int argc, const char *argv[])
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
static int data_provider_res_init(DBusMessage *message,
|
|
||||||
struct sbus_connection *conn)
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,237 +0,0 @@
|
|||||||
From 455737c0b4b0c1bfeed54f2e27e397ce403acbca Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
||||||
Date: Fri, 22 Feb 2013 11:01:38 +0100
|
|
||||||
Subject: Provide a be_get_account_info_send function
|
|
||||||
|
|
||||||
In order to resolve group names in the simple access provider we need to
|
|
||||||
contact the Data Provider in a generic fashion from the access provider.
|
|
||||||
We can't call any particular implementation (like sdap_generic_send())
|
|
||||||
because we have no idea what kind of provider is configured as the
|
|
||||||
id_provider.
|
|
||||||
|
|
||||||
This patch splits introduces the be_file_account_request() function into
|
|
||||||
the data_provider_be module and makes it public.
|
|
||||||
|
|
||||||
A future patch should make the be_get_account_info function use the
|
|
||||||
be_get_account_info_send function.
|
|
||||||
(cherry picked from commit b63830b142053f99bfe954d4be5a2b0f68ce3a93)
|
|
||||||
---
|
|
||||||
src/providers/data_provider_be.c | 153 ++++++++++++++++++++++++++++++++++-----
|
|
||||||
src/providers/dp_backend.h | 15 ++++
|
|
||||||
2 files changed, 149 insertions(+), 19 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
|
|
||||||
index b261bf8..f85a04d 100644
|
|
||||||
--- a/src/providers/data_provider_be.c
|
|
||||||
+++ b/src/providers/data_provider_be.c
|
|
||||||
@@ -717,6 +717,34 @@ static errno_t be_initgroups_prereq(struct be_req *be_req)
|
|
||||||
}
|
|
||||||
|
|
||||||
static errno_t
|
|
||||||
+be_file_account_request(struct be_req *be_req, struct be_acct_req *ar)
|
|
||||||
+{
|
|
||||||
+ errno_t ret;
|
|
||||||
+ struct be_ctx *be_ctx = be_req->be_ctx;
|
|
||||||
+
|
|
||||||
+ be_req->req_data = ar;
|
|
||||||
+
|
|
||||||
+ /* see if we need a pre request call, only done for initgroups for now */
|
|
||||||
+ if ((ar->entry_type & 0xFF) == BE_REQ_INITGROUPS) {
|
|
||||||
+ ret = be_initgroups_prereq(be_req);
|
|
||||||
+ if (ret) {
|
|
||||||
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Prerequest failed"));
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* process request */
|
|
||||||
+ ret = be_file_request(be_ctx, be_req,
|
|
||||||
+ be_ctx->bet_info[BET_ID].bet_ops->handler);
|
|
||||||
+ if (ret != EOK) {
|
|
||||||
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to file request"));
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return EOK;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static errno_t
|
|
||||||
split_name_extended(TALLOC_CTX *mem_ctx,
|
|
||||||
const char *filter,
|
|
||||||
char **name,
|
|
||||||
@@ -742,6 +770,110 @@ split_name_extended(TALLOC_CTX *mem_ctx,
|
|
||||||
return EOK;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void
|
|
||||||
+be_get_account_info_done(struct be_req *be_req,
|
|
||||||
+ int dp_err, int dp_ret,
|
|
||||||
+ const char *errstr);
|
|
||||||
+
|
|
||||||
+struct be_get_account_info_state {
|
|
||||||
+ int err_maj;
|
|
||||||
+ int err_min;
|
|
||||||
+ const char *err_msg;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+struct tevent_req *
|
|
||||||
+be_get_account_info_send(TALLOC_CTX *mem_ctx,
|
|
||||||
+ struct tevent_context *ev,
|
|
||||||
+ struct be_client *becli,
|
|
||||||
+ struct be_ctx *be_ctx,
|
|
||||||
+ struct be_acct_req *ar)
|
|
||||||
+{
|
|
||||||
+ struct tevent_req *req;
|
|
||||||
+ struct be_get_account_info_state *state;
|
|
||||||
+ struct be_req *be_req;
|
|
||||||
+ errno_t ret;
|
|
||||||
+
|
|
||||||
+ req = tevent_req_create(mem_ctx, &state,
|
|
||||||
+ struct be_get_account_info_state);
|
|
||||||
+ if (!req) return NULL;
|
|
||||||
+
|
|
||||||
+ be_req = talloc_zero(mem_ctx, struct be_req);
|
|
||||||
+ if (be_req == NULL) {
|
|
||||||
+ ret = ENOMEM;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ be_req->becli = becli;
|
|
||||||
+ be_req->be_ctx = be_ctx;
|
|
||||||
+ be_req->fn = be_get_account_info_done;
|
|
||||||
+ be_req->pvt = req;
|
|
||||||
+
|
|
||||||
+ ret = be_file_account_request(be_req, ar);
|
|
||||||
+ if (ret != EOK) {
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return req;
|
|
||||||
+
|
|
||||||
+done:
|
|
||||||
+ tevent_req_error(req, ret);
|
|
||||||
+ tevent_req_post(req, ev);
|
|
||||||
+ return req;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+be_get_account_info_done(struct be_req *be_req,
|
|
||||||
+ int dp_err, int dp_ret,
|
|
||||||
+ const char *errstr)
|
|
||||||
+{
|
|
||||||
+ struct tevent_req *req;
|
|
||||||
+ struct be_get_account_info_state *state;
|
|
||||||
+
|
|
||||||
+ req = talloc_get_type(be_req->pvt, struct tevent_req);
|
|
||||||
+ state = tevent_req_data(req, struct be_get_account_info_state);
|
|
||||||
+
|
|
||||||
+ state->err_maj = dp_err;
|
|
||||||
+ state->err_min = dp_ret;
|
|
||||||
+ if (errstr) {
|
|
||||||
+ state->err_msg = talloc_strdup(state, errstr);
|
|
||||||
+ if (state->err_msg == NULL) {
|
|
||||||
+ talloc_free(be_req);
|
|
||||||
+ tevent_req_error(req, ENOMEM);
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ talloc_free(be_req);
|
|
||||||
+ tevent_req_done(req);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+errno_t be_get_account_info_recv(struct tevent_req *req,
|
|
||||||
+ TALLOC_CTX *mem_ctx,
|
|
||||||
+ int *_err_maj,
|
|
||||||
+ int *_err_min,
|
|
||||||
+ const char **_err_msg)
|
|
||||||
+{
|
|
||||||
+ struct be_get_account_info_state *state;
|
|
||||||
+
|
|
||||||
+ state = tevent_req_data(req, struct be_get_account_info_state);
|
|
||||||
+
|
|
||||||
+ TEVENT_REQ_RETURN_ON_ERROR(req);
|
|
||||||
+
|
|
||||||
+ if (_err_maj) {
|
|
||||||
+ *_err_maj = state->err_maj;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (_err_min) {
|
|
||||||
+ *_err_min = state->err_min;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (_err_msg) {
|
|
||||||
+ *_err_msg = talloc_steal(mem_ctx, state->err_msg);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return EOK;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static int be_get_account_info(DBusMessage *message, struct sbus_connection *conn)
|
|
||||||
{
|
|
||||||
struct be_acct_req *req;
|
|
||||||
@@ -845,8 +977,6 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
- be_req->req_data = req;
|
|
||||||
-
|
|
||||||
if ((attr_type != BE_ATTR_CORE) &&
|
|
||||||
(attr_type != BE_ATTR_MEM) &&
|
|
||||||
(attr_type != BE_ATTR_ALL)) {
|
|
||||||
@@ -893,26 +1023,11 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* see if we need a pre request call, only done for initgroups for now */
|
|
||||||
- if ((type & 0xFF) == BE_REQ_INITGROUPS) {
|
|
||||||
- ret = be_initgroups_prereq(be_req);
|
|
||||||
- if (ret) {
|
|
||||||
- err_maj = DP_ERR_FATAL;
|
|
||||||
- err_min = ret;
|
|
||||||
- err_msg = "Prerequest failed";
|
|
||||||
- goto done;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* process request */
|
|
||||||
-
|
|
||||||
- ret = be_file_request(becli->bectx->bet_info[BET_ID].pvt_bet_data,
|
|
||||||
- be_req,
|
|
||||||
- becli->bectx->bet_info[BET_ID].bet_ops->handler);
|
|
||||||
+ ret = be_file_account_request(be_req, req);
|
|
||||||
if (ret != EOK) {
|
|
||||||
err_maj = DP_ERR_FATAL;
|
|
||||||
err_min = ret;
|
|
||||||
- err_msg = "Failed to file request";
|
|
||||||
+ err_msg = "Cannot file account request";
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h
|
|
||||||
index 58a9b74..743b6f4 100644
|
|
||||||
--- a/src/providers/dp_backend.h
|
|
||||||
+++ b/src/providers/dp_backend.h
|
|
||||||
@@ -258,4 +258,19 @@ int be_fo_run_callbacks_at_next_request(struct be_ctx *ctx,
|
|
||||||
const char *service_name);
|
|
||||||
|
|
||||||
void reset_fo(struct be_ctx *be_ctx);
|
|
||||||
+
|
|
||||||
+/* Request account information */
|
|
||||||
+struct tevent_req *
|
|
||||||
+be_get_account_info_send(TALLOC_CTX *mem_ctx,
|
|
||||||
+ struct tevent_context *ev,
|
|
||||||
+ struct be_client *becli,
|
|
||||||
+ struct be_ctx *be_ctx,
|
|
||||||
+ struct be_acct_req *ar);
|
|
||||||
+
|
|
||||||
+errno_t be_get_account_info_recv(struct tevent_req *req,
|
|
||||||
+ TALLOC_CTX *mem_ctx,
|
|
||||||
+ int *_err_maj,
|
|
||||||
+ int *_err_min,
|
|
||||||
+ const char **_err_msg);
|
|
||||||
+
|
|
||||||
#endif /* __DP_BACKEND_H___ */
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:20e39d7c5d89e217b5301f7e75360eb869ac1889701755a598fb3fbed923f4b4
|
|
||||||
size 3050325
|
|
@ -1,7 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1.4.13 (GNU/Linux)
|
|
||||||
|
|
||||||
iEYEABECAAYFAlEG6DYACgkQHsardTLnvCXjrgCeMSfawp5NaaIu82GDZOq7EMxL
|
|
||||||
tqwAmgN3gn9e7y6AzeSBdYCCcPAyLLFo
|
|
||||||
=hHxo
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
sssd-1.9.5.tar.gz
Normal file
3
sssd-1.9.5.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:a377c436901e92d689de811d48e37d88764460e889e47bfddd90626f0a8a015c
|
||||||
|
size 3106988
|
7
sssd-1.9.5.tar.gz.asc
Normal file
7
sssd-1.9.5.tar.gz.asc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1.4.13 (GNU/Linux)
|
||||||
|
|
||||||
|
iEYEABECAAYFAlF2gY4ACgkQHsardTLnvCW6+QCg4VWHi8mlbi6FQufRtUXOTB2j
|
||||||
|
5OAAniig5/DUZa/mrzUb+8kteg3nanNS
|
||||||
|
=3VHJ
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,102 +0,0 @@
|
|||||||
From 3229c2107e4645240cfc4aa5d262e5330c356a49 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jan Engelhardt <jengelh@inai.de>
|
|
||||||
Date: Thu, 21 Feb 2013 13:12:25 +0100
|
|
||||||
Subject: [PATCH] sysdb: try dealing with binary-content attributes
|
|
||||||
|
|
||||||
I have here a LDAP user entry which has this attribute
|
|
||||||
|
|
||||||
loginAllowedTimeMap::
|
|
||||||
AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA
|
|
||||||
|
|
||||||
In the function sysdb_attrs_add_string(), called from
|
|
||||||
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
|
|
||||||
the wrong thing to do. The result of strlen is then used to populate
|
|
||||||
the .v_length member of a struct ldb_val - and this will set it to
|
|
||||||
zero in this case. (There is also the problem that there may not be
|
|
||||||
a '\0' at all in the blob.)
|
|
||||||
|
|
||||||
Subsequently, .v_length being 0 makes ldb_modify(), called from
|
|
||||||
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
|
|
||||||
result is that users do not get stored in the sysdb, and programs like
|
|
||||||
`id` or `getent ...` show incomplete information.
|
|
||||||
|
|
||||||
The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
|
|
||||||
fine, but that may not mean that is the absolute lower boundary of
|
|
||||||
introduction of the problem.
|
|
||||||
---
|
|
||||||
src/db/sysdb.c | 10 ++++++++++
|
|
||||||
src/db/sysdb.h | 2 ++
|
|
||||||
src/providers/ldap/sdap.c | 7 +++----
|
|
||||||
src/providers/ldap/sdap_async.c | 4 ++--
|
|
||||||
4 files changed, 17 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
|
|
||||||
index e7524f4..7c34791 100644
|
|
||||||
--- a/src/db/sysdb.c
|
|
||||||
+++ b/src/db/sysdb.c
|
|
||||||
@@ -512,6 +512,16 @@ int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
|
|
||||||
return sysdb_attrs_add_val(attrs, name, &v);
|
|
||||||
}
|
|
||||||
|
|
||||||
+int sysdb_attrs_add_mem(struct sysdb_attrs *attrs, const char *name,
|
|
||||||
+ const void *mem, size_t size)
|
|
||||||
+{
|
|
||||||
+ struct ldb_val v;
|
|
||||||
+
|
|
||||||
+ v.data = discard_const(mem);
|
|
||||||
+ v.length = size;
|
|
||||||
+ return sysdb_attrs_add_val(attrs, name, &v);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
|
|
||||||
const char *name, bool value)
|
|
||||||
{
|
|
||||||
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
|
||||||
index fff97a8..23cbbb0 100644
|
|
||||||
--- a/src/db/sysdb.h
|
|
||||||
+++ b/src/db/sysdb.h
|
|
||||||
@@ -250,6 +250,8 @@ int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
|
|
||||||
const char *name, const struct ldb_val *val);
|
|
||||||
int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
|
|
||||||
const char *name, const char *str);
|
|
||||||
+int sysdb_attrs_add_mem(struct sysdb_attrs *, const char *,
|
|
||||||
+ const void *, size_t);
|
|
||||||
int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
|
|
||||||
const char *name, bool value);
|
|
||||||
int sysdb_attrs_add_long(struct sysdb_attrs *attrs,
|
|
||||||
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
|
|
||||||
index 371121b..988f27d 100644
|
|
||||||
--- a/src/providers/ldap/sdap.c
|
|
||||||
+++ b/src/providers/ldap/sdap.c
|
|
||||||
@@ -474,10 +474,9 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
|
|
||||||
for (i=0; dval->vals[i].bv_val; i++) {
|
|
||||||
DEBUG(9, ("Dereferenced attribute value: %s\n",
|
|
||||||
dval->vals[i].bv_val));
|
|
||||||
- v.data = (uint8_t *) dval->vals[i].bv_val;
|
|
||||||
- v.length = dval->vals[i].bv_len;
|
|
||||||
-
|
|
||||||
- ret = sysdb_attrs_add_val(res[mi]->attrs, name, &v);
|
|
||||||
+ ret = sysdb_attrs_add_mem(res[mi]->attrs, name,
|
|
||||||
+ dval->vals[i].bv_val,
|
|
||||||
+ dval->vals[i].bv_len);
|
|
||||||
if (ret) goto done;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
|
|
||||||
index 84497b7..b7d9839 100644
|
|
||||||
--- a/src/providers/ldap/sdap_async.c
|
|
||||||
+++ b/src/providers/ldap/sdap_async.c
|
|
||||||
@@ -2226,8 +2226,8 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
|
|
||||||
DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding %s [%s] to attributes "
|
|
||||||
"of [%s].\n", desc, el->values[i].data, objname));
|
|
||||||
|
|
||||||
- ret = sysdb_attrs_add_string(attrs, attr_name,
|
|
||||||
- (const char *) el->values[i].data);
|
|
||||||
+ ret = sysdb_attrs_add_mem(attrs, attr_name, el->values[i].data,
|
|
||||||
+ el->values[i].length);
|
|
||||||
if (ret) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
1.7.10.4
|
|
||||||
|
|
24
sssd.changes
24
sssd.changes
@ -1,3 +1,27 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 2 09:20:49 UTC 2013 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 1.9.5
|
||||||
|
* Includes a fix for CVE-2013-0287: A simple access provider flaw
|
||||||
|
prevents intended ACL use when SSSD is configured as an Active
|
||||||
|
Directory client.
|
||||||
|
* Fixed spurious password expiration warning that was printed on
|
||||||
|
login with the Kerberos back end.
|
||||||
|
* A new option ldap_rfc2307_fallback_to_local_users was added. If
|
||||||
|
this option is set to true, SSSD is be able to resolve local
|
||||||
|
group members of LDAP groups.
|
||||||
|
* Fixed an indexing bug that prevented the contents of autofs maps
|
||||||
|
from being returned to the automounter deamon in case the map
|
||||||
|
contained a large number of entries.
|
||||||
|
* Several fixes for safer handling of Kerberos credential caches
|
||||||
|
for cases where the ccache is set to be stored in a DIR: type.
|
||||||
|
- Remove Provide-a-be_get_account_info_send-function.patch,
|
||||||
|
Add-unit-tests-for-simple-access-test-by-groups.patch,
|
||||||
|
Do-not-compile-main-in-DP-if-UNIT_TESTING-is-defined.patch,
|
||||||
|
Resolve-GIDs-in-the-simple-access-provider.patch
|
||||||
|
(CVE-2013-0287 material is in upstream),
|
||||||
|
sssd-sysdb-binary-attrs.diff (merged upstream)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Apr 5 16:35:07 UTC 2013 - jengelh@inai.de
|
Fri Apr 5 16:35:07 UTC 2013 - jengelh@inai.de
|
||||||
|
|
||||||
|
13
sssd.spec
13
sssd.spec
@ -17,13 +17,12 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.9.4
|
Version: 1.9.5
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0+ and LGPL-3.0+
|
License: GPL-3.0+ and LGPL-3.0+
|
||||||
Group: System/Daemons
|
Group: System/Daemons
|
||||||
Url: https://fedorahosted.org/sssd/
|
Url: https://fedorahosted.org/sssd/
|
||||||
Requires(postun): pam-config
|
|
||||||
|
|
||||||
#Git-Clone: git://git.fedorahosted.org/sssd
|
#Git-Clone: git://git.fedorahosted.org/sssd
|
||||||
Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz
|
Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz
|
||||||
@ -32,13 +31,6 @@ Source3: baselibs.conf
|
|||||||
Patch1: 0005-implicit-decl.diff
|
Patch1: 0005-implicit-decl.diff
|
||||||
Patch2: sssd-ldflags.diff
|
Patch2: sssd-ldflags.diff
|
||||||
Patch3: sssd-no-ldb-check.diff
|
Patch3: sssd-no-ldb-check.diff
|
||||||
Patch4: sssd-sysdb-binary-attrs.diff
|
|
||||||
# Fixes for CVE-2013-0287 (will be part of 1.9.5) when released
|
|
||||||
Patch5: Provide-a-be_get_account_info_send-function.patch
|
|
||||||
Patch6: Add-unit-tests-for-simple-access-test-by-groups.patch
|
|
||||||
Patch7: Do-not-compile-main-in-DP-if-UNIT_TESTING-is-defined.patch
|
|
||||||
Patch8: Resolve-GIDs-in-the-simple-access-provider.patch
|
|
||||||
# End Fixed for CVE-2013-0287
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%define servicename sssd
|
%define servicename sssd
|
||||||
@ -111,6 +103,7 @@ BuildRequires: systemd
|
|||||||
%if %suse_version >= 1230
|
%if %suse_version >= 1230
|
||||||
BuildRequires: gpg-offline
|
BuildRequires: gpg-offline
|
||||||
%endif
|
%endif
|
||||||
|
Requires(postun): pam-config
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Provides a set of daemons to manage access to remote directories and
|
Provides a set of daemons to manage access to remote directories and
|
||||||
@ -210,7 +203,7 @@ Security Services Daemon (sssd).
|
|||||||
%prep
|
%prep
|
||||||
%{?gpg_verify: %gpg_verify %{S:2}}
|
%{?gpg_verify: %gpg_verify %{S:2}}
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -P 7 -P 8 -p1
|
%patch -P 1 -P 2 -P 3 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?suse_version} < 1210
|
%if 0%{?suse_version} < 1210
|
||||||
|
Loading…
Reference in New Issue
Block a user