packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!168 backport patches from upstream community

Browse Source 
From: @fwo 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-12-03 07:15:55 +00:00 committed by Gitee
commit 1e04340036
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 174 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
backport-Missing-dns_update_per_family-option.patch Normal file
View File

@ -0,0 +1,76 @@
From a822206c7859b5f39af2b2ea1b117850a0589e3c Mon Sep 17 00:00:00 2001
From: Tomas Halman <thalman@redhat.com>
Date: Mon, 21 Oct 2024 16:31:38 +0200
Subject: [PATCH] Missing 'dns_update_per_family' option
This update fixes missing 'dns_update_per_family' option in python code
and config files.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
---
src/config/SSSDConfig/sssdoptions.py | 2 ++
src/config/SSSDConfigTest.py | 2 ++
src/config/cfg_rules.ini | 1 +
src/config/etc/sssd.api.conf | 1 +
4 files changed, 6 insertions(+)
diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
index e7de867..3aba87a 100644
--- a/src/config/SSSDConfig/sssdoptions.py
+++ b/src/config/SSSDConfig/sssdoptions.py
@@ -198,6 +198,8 @@ class SSSDOptions(object):
'refresh_expired_interval': _('How often should expired entries be refreshed in background'),
'refresh_expired_interval_offset': _("Maximum period deviation when refreshing expired entries in background"),
'dyndns_update': _("Whether to automatically update the client's DNS entry"),
+ 'dyndns_update_per_family': _('Whether DNS update of A and AAAA record should be performed '
+ 'in one update or in two separate updates'),
'dyndns_ttl': _("The TTL to apply to the client's DNS entry after updating it"),
'dyndns_iface': _("The interface whose IP should be used for dynamic DNS updates"),
'dyndns_refresh_interval': _("How often to periodically update the client's DNS entry"),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index e08109a..21a08c8 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -580,6 +580,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'dns_resolver_timeout',
'dns_discovery_domain',
'dyndns_update',
+ 'dyndns_update_per_family',
'dyndns_ttl',
'dyndns_iface',
'dyndns_refresh_interval',
@@ -940,6 +941,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'dns_resolver_timeout',
'dns_discovery_domain',
'dyndns_update',
+ 'dyndns_update_per_family',
'dyndns_ttl',
'dyndns_iface',
'dyndns_refresh_interval',
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 39b66ba..0a630f1 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -442,6 +442,7 @@ option = refresh_expired_interval_offset
# Dynamic DNS updates
option = dyndns_update
+option = dyndns_update_per_family
option = dyndns_ttl
option = dyndns_iface
option = dyndns_refresh_interval
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 67b7a5f..5930f4a 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -208,6 +208,7 @@ refresh_expired_interval_offset = int, None, false
# Dynamic DNS updates
dyndns_update = bool, None, false
+dyndns_update_per_family = bool, None, false
dyndns_ttl = int, None, false
dyndns_iface = str, None, false
dyndns_refresh_interval = int, None, false
--
2.33.0

30
backport-TOOLS-mistype-fix.patch Normal file
View File

@ -0,0 +1,30 @@
From 3621a587a32589e8404ed1f2356fcbfebc128efc Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 2 Sep 2024 21:04:34 +0200
Subject: [PATCH] TOOLS: mistype fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
---
src/tools/sssctl/sssctl_data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tools/sssctl/sssctl_data.c b/src/tools/sssctl/sssctl_data.c
index 79e12078e..43b9814ea 100644
--- a/src/tools/sssctl/sssctl_data.c
+++ b/src/tools/sssctl/sssctl_data.c
@@ -168,7 +168,7 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
}
}
- if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
+ if (sssctl_backup_file_exists(SSS_BACKUP_GROUP_OVERRIDES)) {
ret = sssctl_run_command((const char *[]){"sss_override", "group-import",
SSS_BACKUP_GROUP_OVERRIDES, NULL});
if (ret != EOK) {
--
2.33.0

61
backport-ad-honor-ad_use_ldaps-setting-with-ad_machine_pw_ren.patch Normal file
View File

@ -0,0 +1,61 @@
From d004e7b4b977da3dd9f1d3de910c28c093a6fb26 Mon Sep 17 00:00:00 2001
From: santeri3700 <santeri.pikarinen@gmail.com>
Date: Tue, 15 Oct 2024 20:13:20 +0300
Subject: [PATCH] ad: honor ad_use_ldaps setting with ad_machine_pw_renewal
The value of ad_use_ldaps was not passed as `--use-ldaps`
argument to the adcli update command which handles
the automatic renewal of AD machine account password.
Resolves: https://github.com/SSSD/sssd/issues/7642
Signed-off-by: santeri3700 <santeri.pikarinen@gmail.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/providers/ad/ad_machine_pw_renewal.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c
index 56b64a2a9..2e54e9bff 100644
--- a/src/providers/ad/ad_machine_pw_renewal.c
+++ b/src/providers/ad/ad_machine_pw_renewal.c
@@ -39,6 +39,7 @@ struct renewal_data {
static errno_t get_adcli_extra_args(const char *ad_domain,
const char *ad_hostname,
const char *ad_keytab,
+ bool ad_use_ldaps,
size_t pw_lifetime_in_days,
bool add_samba_data,
size_t period,
@@ -59,7 +60,7 @@ static errno_t get_adcli_extra_args(const char *ad_domain,
return ENOMEM;
}
- args = talloc_array(renewal_data, const char *, 9);
+ args = talloc_array(renewal_data, const char *, 10);
if (args == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n");
return ENOMEM;
@@ -79,6 +80,9 @@ static errno_t get_adcli_extra_args(const char *ad_domain,
args[c++] = talloc_asprintf(args, "--host-keytab=%s", ad_keytab);
}
args[c++] = talloc_asprintf(args, "--domain=%s", ad_domain);
+ if (ad_use_ldaps) {
+ args[c++] = talloc_strdup(args, "--use-ldaps");
+ }
if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {
args[c++] = talloc_strdup(args, "--verbose");
}
@@ -390,6 +394,7 @@ errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx,
dp_opt_get_cstring(ad_opts->basic, AD_HOSTNAME),
dp_opt_get_cstring(ad_opts->id_ctx->sdap_id_ctx->opts->basic,
SDAP_KRB5_KEYTAB),
+ dp_opt_get_bool(ad_opts->basic, AD_USE_LDAPS),
lifetime,
dp_opt_get_bool(ad_opts->basic,
AD_UPDATE_SAMBA_MACHINE_ACCOUNT_PASSWORD),
--
2.33.0

8
sssd.spec
View File

@ -8,7 +8,7 @@
Name: sssd
Version: 2.9.4
Release: 9
Release: 10
Summary: System Security Services Daemon
License: GPL-3.0-or-later
URL: https://github.com/SSSD/sssd/
@ -22,6 +22,9 @@ Patch0005: backport-SSH-sanity-check-to-please-coverity.patch
Patch0006: backport-CLIENT-idmap-fix-coverity-warning.patch
Patch0007: backport-sysdb-do-not-fail-to-add-non-posix-user-to-MPG-domai.patch
Patch0008: backport-Update-sssd.in-to-remove-f-option-from-sysv-init-scr.patch
Patch0009: backport-Missing-dns_update_per_family-option.patch
Patch0010: backport-TOOLS-mistype-fix.patch
Patch0011: backport-ad-honor-ad_use_ldaps-setting-with-ad_machine_pw_ren.patch
Requires: sssd-ad = %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
@ -920,6 +923,9 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Tue Dec 03 2024 wangjiang <app@cameyan.com> - 2.9.4-10
- backport upstream patches
* Wed Oct 30 2024 xuraoqing <xuraoqing@huawei.com> - 2.9.4-9
- option --enable-files-domain in configure has been removed