backport patches to fix bugs
This commit is contained in:
xuraoqing
parent
68444ad60c
commit
ae9262408c
@ -0,0 +1,36 @@
|
|||||||
|
From 30a9f4f389f0a09057f9d7c424b96020c940c5e1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: John Veitch <john.veitch@glasgow.ac.uk>
|
||||||
|
Date: Mon, 1 Jul 2024 13:02:20 +0100
|
||||||
|
Subject: [PATCH] Update sssd.in to remove -f option from sysv init script
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
fee3883 removed the -f option from the sssd but the init script was
|
||||||
|
not updated accordingly at that time.
|
||||||
|
|
||||||
|
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
||||||
|
|
||||||
|
Reference:https://github.com/SSSD/sssd/commit/30a9f4f389f0a09057f9d7c424b96020c940c5e1
|
||||||
|
Conflict:NA
|
||||||
|
|
||||||
|
---
|
||||||
|
src/sysv/sssd.in | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/sysv/sssd.in b/src/sysv/sssd.in
|
||||||
|
index 68485bfb8..52308a4e2 100644
|
||||||
|
--- a/src/sysv/sssd.in
|
||||||
|
+++ b/src/sysv/sssd.in
|
||||||
|
@@ -45,7 +45,7 @@ TIMEOUT=15
|
||||||
|
start() {
|
||||||
|
[ -x $SSSD ] || exit 5
|
||||||
|
echo -n $"Starting $prog: "
|
||||||
|
- daemon $SSSD -f -D
|
||||||
|
+ daemon $SSSD -D
|
||||||
|
RETVAL=$?
|
||||||
|
echo
|
||||||
|
[ "$RETVAL" = 0 ] && touch $LOCK_FILE
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -0,0 +1,61 @@
|
|||||||
|
From 986bb726202e69b05f861c14c3a220379baf9bd1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Fri, 14 Jun 2024 16:10:34 +0200
|
||||||
|
Subject: [PATCH] sysdb: do not fail to add non-posix user to MPG domain
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
SSSD does not handle the root user (UID==0) and treats all accounts with
|
||||||
|
UID 0 as non-Posix accounts. The primary GID of those accounts is 0 as
|
||||||
|
well and as a result for those accounts in MPG domains the check for a
|
||||||
|
collisions of the primary GID should be skipped. The current code might
|
||||||
|
e.g. cause issues during GPO evaluation when adding a host account into
|
||||||
|
the cache which does not have any UID or GID set in AD and SSSD is
|
||||||
|
configured to read UID and GID from AD.
|
||||||
|
|
||||||
|
Resolves: https://github.com/SSSD/sssd/issues/7451
|
||||||
|
|
||||||
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
||||||
|
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
||||||
|
|
||||||
|
Reference:https://github.com/SSSD/sssd/commit/986bb726202e69b05f861c14c3a220379baf9bd1
|
||||||
|
Conflict:NA
|
||||||
|
|
||||||
|
---
|
||||||
|
src/db/sysdb_ops.c | 18 ++++++++++--------
|
||||||
|
1 file changed, 10 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
|
||||||
|
index a47d9b174..32e49d759 100644
|
||||||
|
--- a/src/db/sysdb_ops.c
|
||||||
|
+++ b/src/db/sysdb_ops.c
|
||||||
|
@@ -1914,15 +1914,17 @@ int sysdb_add_user(struct sss_domain_info *domain,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ret = sysdb_search_group_by_gid(tmp_ctx, domain, uid, NULL, &msg);
|
||||||
|
- if (ret != ENOENT) {
|
||||||
|
- if (ret == EOK) {
|
||||||
|
- DEBUG(SSSDBG_OP_FAILURE,
|
||||||
|
- "Group with GID [%"SPRIgid"] already exists in an "
|
||||||
|
- "MPG domain\n", gid);
|
||||||
|
- ret = EEXIST;
|
||||||
|
+ if (uid != 0) { /* uid == 0 means non-POSIX object */
|
||||||
|
+ ret = sysdb_search_group_by_gid(tmp_ctx, domain, uid, NULL, &msg);
|
||||||
|
+ if (ret != ENOENT) {
|
||||||
|
+ if (ret == EOK) {
|
||||||
|
+ DEBUG(SSSDBG_OP_FAILURE,
|
||||||
|
+ "Group with GID [%"SPRIgid"] already exists in an "
|
||||||
|
+ "MPG domain\n", uid);
|
||||||
|
+ ret = EEXIST;
|
||||||
|
+ }
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
- goto done;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.9.4
|
Version: 2.9.4
|
||||||
Release: 6
|
Release: 7
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
URL: https://github.com/SSSD/sssd/
|
URL: https://github.com/SSSD/sssd/
|
||||||
@ -18,6 +18,8 @@ Patch0001: backport-CVE-2023-3758.patch
|
|||||||
Patch0002: backport-UTILS-inotify-avoid-potential-NULL-deref.patch
|
Patch0002: backport-UTILS-inotify-avoid-potential-NULL-deref.patch
|
||||||
Patch0003: backport-ad-refresh-root-domain-when-read-directly.patch
|
Patch0003: backport-ad-refresh-root-domain-when-read-directly.patch
|
||||||
Patch0004: backport-RESPONDER-use-proper-context-for-getDomains.patch
|
Patch0004: backport-RESPONDER-use-proper-context-for-getDomains.patch
|
||||||
|
Patch0005: backport-sysdb-do-not-fail-to-add-non-posix-user-to-MPG-domai.patch
|
||||||
|
Patch0006: backport-Update-sssd.in-to-remove-f-option-from-sysv-init-scr.patch
|
||||||
|
|
||||||
Requires: sssd-ad = %{version}-%{release}
|
Requires: sssd-ad = %{version}-%{release}
|
||||||
Requires: sssd-common = %{version}-%{release}
|
Requires: sssd-common = %{version}-%{release}
|
||||||
@ -917,6 +919,9 @@ fi
|
|||||||
%systemd_postun_with_restart sssd.service
|
%systemd_postun_with_restart sssd.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 25 2024 xuraoqing <xuraoqing@huawei.com> - 2.9.4-7
|
||||||
|
- backport patches to fix bugs
|
||||||
|
|
||||||
* Tue Jun 18 2024 wangjiang <wangjiang37@h-partners.com> - 2.9.4-6
|
* Tue Jun 18 2024 wangjiang <wangjiang37@h-partners.com> - 2.9.4-6
|
||||||
- backport upstream patches
|
- backport upstream patches
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user