packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!150 backport patches to fix bugs

Browse Source 
From: @xuraoqing 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-09-25 09:48:54 +00:00 committed by Gitee
commit 029ea8b56b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 103 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-Update-sssd.in-to-remove-f-option-from-sysv-init-scr.patch Normal file
View File

@ -0,0 +1,36 @@
From 30a9f4f389f0a09057f9d7c424b96020c940c5e1 Mon Sep 17 00:00:00 2001
From: John Veitch <john.veitch@glasgow.ac.uk>
Date: Mon, 1 Jul 2024 13:02:20 +0100
Subject: [PATCH] Update sssd.in to remove -f option from sysv init script
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
fee3883 removed the -f option from the sssd but the init script was
not updated accordingly at that time.
Reviewed-by: Tomáš Halman <thalman@redhat.com>
Reference:https://github.com/SSSD/sssd/commit/30a9f4f389f0a09057f9d7c424b96020c940c5e1
Conflict:NA
---
src/sysv/sssd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sysv/sssd.in b/src/sysv/sssd.in
index 68485bfb8..52308a4e2 100644
--- a/src/sysv/sssd.in
+++ b/src/sysv/sssd.in
@@ -45,7 +45,7 @@ TIMEOUT=15
start() {
[ -x $SSSD ] || exit 5
echo -n $"Starting $prog: "
- daemon $SSSD -f -D
+ daemon $SSSD -D
RETVAL=$?
echo
[ "$RETVAL" = 0 ] && touch $LOCK_FILE
--
2.33.0

61
backport-sysdb-do-not-fail-to-add-non-posix-user-to-MPG-domai.patch Normal file
View File

@ -0,0 +1,61 @@
From 986bb726202e69b05f861c14c3a220379baf9bd1 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 14 Jun 2024 16:10:34 +0200
Subject: [PATCH] sysdb: do not fail to add non-posix user to MPG domain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
SSSD does not handle the root user (UID==0) and treats all accounts with
UID 0 as non-Posix accounts. The primary GID of those accounts is 0 as
well and as a result for those accounts in MPG domains the check for a
collisions of the primary GID should be skipped. The current code might
e.g. cause issues during GPO evaluation when adding a host account into
the cache which does not have any UID or GID set in AD and SSSD is
configured to read UID and GID from AD.
Resolves: https://github.com/SSSD/sssd/issues/7451
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
Reference:https://github.com/SSSD/sssd/commit/986bb726202e69b05f861c14c3a220379baf9bd1
Conflict:NA
---
src/db/sysdb_ops.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index a47d9b174..32e49d759 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -1914,15 +1914,17 @@ int sysdb_add_user(struct sss_domain_info *domain,
goto done;
}
- ret = sysdb_search_group_by_gid(tmp_ctx, domain, uid, NULL, &msg);
- if (ret != ENOENT) {
- if (ret == EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
- "Group with GID [%"SPRIgid"] already exists in an "
- "MPG domain\n", gid);
- ret = EEXIST;
+ if (uid != 0) { /* uid == 0 means non-POSIX object */
+ ret = sysdb_search_group_by_gid(tmp_ctx, domain, uid, NULL, &msg);
+ if (ret != ENOENT) {
+ if (ret == EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Group with GID [%"SPRIgid"] already exists in an "
+ "MPG domain\n", uid);
+ ret = EEXIST;
+ }
+ goto done;
}
- goto done;
}
}
--
2.33.0

7
sssd.spec
View File

@ -8,7 +8,7 @@
Name: sssd Name: sssd
Version: 2.9.4 Version: 2.9.4
Release: 6 Release: 7
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0-or-later License: GPL-3.0-or-later
URL: https://github.com/SSSD/sssd/ URL: https://github.com/SSSD/sssd/
@ -18,6 +18,8 @@ Patch0001: backport-CVE-2023-3758.patch
Patch0002: backport-UTILS-inotify-avoid-potential-NULL-deref.patch Patch0002: backport-UTILS-inotify-avoid-potential-NULL-deref.patch
Patch0003: backport-ad-refresh-root-domain-when-read-directly.patch Patch0003: backport-ad-refresh-root-domain-when-read-directly.patch
Patch0004: backport-RESPONDER-use-proper-context-for-getDomains.patch Patch0004: backport-RESPONDER-use-proper-context-for-getDomains.patch
Patch0005: backport-sysdb-do-not-fail-to-add-non-posix-user-to-MPG-domai.patch
Patch0006: backport-Update-sssd.in-to-remove-f-option-from-sysv-init-scr.patch
Requires: sssd-ad = %{version}-%{release} Requires: sssd-ad = %{version}-%{release}
Requires: sssd-common = %{version}-%{release} Requires: sssd-common = %{version}-%{release}
@ -917,6 +919,9 @@ fi
%systemd_postun_with_restart sssd.service %systemd_postun_with_restart sssd.service
%changelog %changelog
* Wed Sep 25 2024 xuraoqing <xuraoqing@huawei.com> - 2.9.4-7
- backport patches to fix bugs
* Tue Jun 18 2024 wangjiang <wangjiang37@h-partners.com> - 2.9.4-6 * Tue Jun 18 2024 wangjiang <wangjiang37@h-partners.com> - 2.9.4-6
- backport upstream patches - backport upstream patches