packages/sssd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport upstream patches

Browse Source 
(cherry picked from commit b5ebeb3a657179c358dca9048b88db7ee8021a39)
This commit is contained in:
wangjiang 2024-06-18 15:43:33 +08:00 committed by openeuler-sync-bot
parent 1829d8981c
commit f639c27acd
4 changed files with 203 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
backport-RESPONDER-use-proper-context-for-getDomains.patch Normal file
View File

@ -0,0 +1,55 @@
From 18f378921ed95dfd6a5e373c87712f7935247d71 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 26 Apr 2024 14:04:50 +0200
Subject: [PATCH] RESPONDER: use proper context for getDomains()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Request was created on a long term responder context, but a callback
for this request tries to access memory that is allocated on a short
term client context. So if client disconnects before request is
completed, then callback dereferences already freed memory.
Resolves: https://github.com/SSSD/sssd/issues/7319
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reference:https://github.com/SSSD/sssd/commit/dc637c9730d0ba04a0d8aa2645ee537224cd4b19
Conflict:NA
---
src/responder/pac/pacsrv_cmd.c | 2 +-
src/responder/pam/pamsrv_cmd.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index e3aab88..29d5574 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -146,7 +146,7 @@ static errno_t pac_add_pac_user(struct cli_ctx *cctx)
ret = responder_get_domain_by_id(cctx->rctx, pr_ctx->user_dom_sid_str,
&pr_ctx->dom);
if (ret == EAGAIN || ret == ENOENT) {
- req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true,
+ req = sss_dp_get_domains_send(cctx, cctx->rctx, true,
pr_ctx->domain_name);
if (req == NULL) {
ret = ENOMEM;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 20c332b..1570304 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1918,7 +1918,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
ret = pam_forwarder_parse_data(cctx, pd);
if (ret == EAGAIN) {
- req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, pd->domain);
+ req = sss_dp_get_domains_send(cctx, cctx->rctx, true, pd->domain);
if (req == NULL) {
ret = ENOMEM;
} else {
--
2.33.0

57
backport-UTILS-inotify-avoid-potential-NULL-deref.patch Normal file
View File

@ -0,0 +1,57 @@
From d24073823fa7d82726f631628923e9a5378d529d Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 18 Mar 2024 12:15:21 +0100
Subject: [PATCH] UTILS: inotify: avoid potential NULL deref
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes following error:
```
Error: STRING_NULL (CWE-170):
sssd-2.9.1/src/util/inotify.c:298: string_null_source: Function ""read"" does not terminate string ""ev_buf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
sssd-2.9.1/src/util/inotify.c:316: var_assign_var: Assigning: ""ptr"" = ""ev_buf"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:320: var_assign_var: Assigning: ""in_event"" = ""ptr"". Both now point to the same unterminated string.
sssd-2.9.1/src/util/inotify.c:327: string_null: Passing unterminated string ""in_event->name"" to ""process_dir_event"", which expects a null-terminated string.
# 325|
# 326| if (snctx->wctx->dir_wd == in_event->wd) {
# 327|-> ret = process_dir_event(snctx, in_event);
# 328| } else if (snctx->wctx->file_wd == in_event->wd) {
# 329| ret = process_file_event(snctx, in_event);
```
-- it might be unsafe to dereference `in_event->name`
if `in_event->len == 0`
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reference:https://github.com/SSSD/sssd/commit/4085ee07926303aa26e46dfcc6dec87776432c62
Conflict:NA
---
src/util/inotify.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/util/inotify.c b/src/util/inotify.c
index a3c33ed..8192cfd 100644
--- a/src/util/inotify.c
+++ b/src/util/inotify.c
@@ -233,9 +233,13 @@ static errno_t process_dir_event(struct snotify_ctx *snctx,
{
errno_t ret;
+ if (in_event->len == 0) {
+ DEBUG(SSSDBG_TRACE_FUNC, "Not interested in nameless event\n");
+ return EOK;
+ }
+
DEBUG(SSSDBG_TRACE_ALL, "inotify name: %s\n", in_event->name);
- if (in_event->len == 0 \
- || strcmp(in_event->name, snctx->base_name) != 0) {
+ if (strcmp(in_event->name, snctx->base_name) != 0) {
DEBUG(SSSDBG_TRACE_FUNC, "Not interested in %s\n", in_event->name);
return EOK;
}
--
2.33.0

84
backport-ad-refresh-root-domain-when-read-directly.patch Normal file
View File

@ -0,0 +1,84 @@
From 4d841bf2060717171fecad628480c8f2bc03760d Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 1 Mar 2024 10:50:07 +0100
Subject: [PATCH] ad: refresh root domain when read directly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If the domain object of the forest root domain cannot be found in the
LDAP tree of the local AD domain SSSD tries to read the request data
from an LDAP server of the forest root domain directly. After reading
this data the information is stored in the cache but currently the
information about the domain store in memory is not updated with the
additional data. As a result e.g. the domain SID is missing in this data
and only becomes available after a restart where it is read from the
cache.
With this patch an unconditional refresh is triggered at the end of the
fallback code path.
Resolves: https://github.com/SSSD/sssd/issues/7250
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
Reference:https://github.com/SSSD/sssd/commit/0de6c33047ac7a2b5316ec5ec936d6b675671c53
Conflict:NA
---
src/providers/ad/ad_subdomains.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 5bddf9b..e6745ce 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -1395,7 +1395,7 @@ struct ad_get_root_domain_state {
static void ad_get_root_domain_done(struct tevent_req *subreq);
static void ad_check_root_domain_done(struct tevent_req *subreq);
static errno_t
-ad_get_root_domain_refresh(struct ad_get_root_domain_state *state);
+ad_get_root_domain_refresh(struct ad_get_root_domain_state *state, bool refresh);
struct tevent_req *
ad_check_domain_send(TALLOC_CTX *mem_ctx,
@@ -1582,7 +1582,7 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
return;
}
- ret = ad_get_root_domain_refresh(state);
+ ret = ad_get_root_domain_refresh(state, false);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
}
@@ -1682,7 +1682,7 @@ static void ad_check_root_domain_done(struct tevent_req *subreq)
state->reply_count = 1;
- ret = ad_get_root_domain_refresh(state);
+ ret = ad_get_root_domain_refresh(state, true);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
}
@@ -1697,7 +1697,7 @@ done:
}
static errno_t
-ad_get_root_domain_refresh(struct ad_get_root_domain_state *state)
+ad_get_root_domain_refresh(struct ad_get_root_domain_state *state, bool refresh)
{
struct sss_domain_info *root_domain;
bool has_changes;
@@ -1713,7 +1713,7 @@ ad_get_root_domain_refresh(struct ad_get_root_domain_state *state)
goto done;
}
- if (has_changes) {
+ if (has_changes || refresh) {
ret = ad_subdom_reinit(state->sd_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Could not reinitialize subdomains\n");
--
2.33.0

8
sssd.spec
View File

@ -8,13 +8,16 @@
Name: sssd Name: sssd
Version: 2.9.4 Version: 2.9.4
Release: 5 Release: 6
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0-or-later License: GPL-3.0-or-later
URL: https://github.com/SSSD/sssd/ URL: https://github.com/SSSD/sssd/
Source0: https://github.com/SSSD/sssd/releases/download/2.9.4/sssd-2.9.4.tar.gz Source0: https://github.com/SSSD/sssd/releases/download/2.9.4/sssd-2.9.4.tar.gz
Patch0001: backport-CVE-2023-3758.patch Patch0001: backport-CVE-2023-3758.patch
Patch0002: backport-UTILS-inotify-avoid-potential-NULL-deref.patch
Patch0003: backport-ad-refresh-root-domain-when-read-directly.patch
Patch0004: backport-RESPONDER-use-proper-context-for-getDomains.patch
Requires: sssd-ad = %{version}-%{release} Requires: sssd-ad = %{version}-%{release}
Requires: sssd-common = %{version}-%{release} Requires: sssd-common = %{version}-%{release}
@ -914,6 +917,9 @@ fi
%systemd_postun_with_restart sssd.service %systemd_postun_with_restart sssd.service
%changelog %changelog
* Tue Jun 18 2024 wangjiang <wangjiang37@h-partners.com> - 2.9.4-6
- backport upstream patches
* Tue May 21 2024 wangqingsan <wangqingsan@huawei.com> - 2.9.4-5 * Tue May 21 2024 wangqingsan <wangqingsan@huawei.com> - 2.9.4-5
- redefine chrpath_delete macro to delete runpath/rpath - redefine chrpath_delete macro to delete runpath/rpath