URL: https://github.com/SSSD/sssd/pull/5493
Author: alexey-tikhonov
Title: #5493: Backport of a number of patches to fix build issues of 1-16
branch on modern platforms
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5493/head:pr5493
git checkout pr5493
From 8b35d5d8073e861a3a4e72c3f1736467f84b4b24 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Fri, 24 Jan 2020 15:17:39 +0100
Subject: [PATCH 01/15] Fix build failure against samba 4.12.0rc1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The ndr_pull_get_switch() function was dropped, but it was just a wrapper
around the ndr_token_peek() function, so we can use this approach on both
old and new versions of libndr.
Signed-off-by: Stephen Gallagher <sgall...@redhat.com>
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit bc56b10aea999284458dcc293b54cf65288e325d)
---
src/providers/ad/ad_gpo_ndr.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index 0a8ebaee87..49c49d71b2 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -105,7 +105,7 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
union security_ace_object_type *r)
{
uint32_t level;
- level = ndr_pull_get_switch_value(ndr, r);
+ level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_union_align(ndr, 4));
@@ -135,7 +135,7 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
union security_ace_object_inherited_type *r)
{
uint32_t level;
- level = ndr_pull_get_switch_value(ndr, r);
+ level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_union_align(ndr, 4));
@@ -198,7 +198,7 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
union security_ace_object_ctr *r)
{
uint32_t level;
- level = ndr_pull_get_switch_value(ndr, r);
+ level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_union_align(ndr, 4));
From ad0c77459f9e52de38b41d5a7099fef090f56e97 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.po...@suse.com>
Date: Tue, 24 Mar 2020 13:37:07 +0000
Subject: [PATCH 02/15] Use ndr_pull_steal_switch_value for modern samba
versions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit bc56b10aea999284458dcc293b54cf65288e325d attempted to
fix the build error resulting from removal of 'ndr_pull_get_switch'
This change uses the new replacement method
'ndr_pull_steal_switch_value' however depending on the samba version
the ndr_pull_steal_switch_value abi is different.
Note: ndr_pull_steal_switch_value is used since samba 4.10 for
the affected methods
Note: the following methods have been refreshed from samba-4.12 generated
code;
o ndr_pull_security_ace_object_type
o ndr_pull_security_ace_object_inherited_type
o ndr_pull_security_ace_object_ctr
Signed-off-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit 1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc)
---
src/external/samba.m4 | 9 ++++++-
src/providers/ad/ad_gpo_ndr.c | 45 ++++++++++++++++++++---------------
2 files changed, 34 insertions(+), 20 deletions(-)
diff --git a/src/external/samba.m4 b/src/external/samba.m4
index 089f602a60..8e06174ead 100644
--- a/src/external/samba.m4
+++ b/src/external/samba.m4
@@ -132,10 +132,17 @@ int main(void)
AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1,
[Samba's struct idmap_domain has dom_sid member])
AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member])
+ if test $samba_minor_version -ge 12 ; then
+ AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
+ [Samba's new push/pull switch functions])
+ AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
+ else
+ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
+ fi
else
AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member])
+ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
fi
-
fi
SAVE_CFLAGS=$CFLAGS
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index 49c49d71b2..3d389e513d 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -105,9 +105,14 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
union security_ace_object_type *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_OBJECT_TYPE_PRESENT: {
@@ -117,14 +122,6 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
break; }
}
}
- if (ndr_flags & NDR_BUFFERS) {
- switch (level) {
- case SEC_ACE_OBJECT_TYPE_PRESENT:
- break;
- default:
- break;
- }
- }
return NDR_ERR_SUCCESS;
}
@@ -135,9 +132,14 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
union security_ace_object_inherited_type *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
@@ -149,14 +151,6 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
break; }
}
}
- if (ndr_flags & NDR_BUFFERS) {
- switch (level) {
- case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
- break;
- default:
- break;
- }
- }
return NDR_ERR_SUCCESS;
}
@@ -198,9 +192,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
union security_ace_object_ctr *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
@@ -224,6 +223,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
}
}
if (ndr_flags & NDR_BUFFERS) {
+ if (!(ndr_flags & NDR_SCALARS)) {
+ /* We didn't get it above, and the token is not needed after this. */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
+ }
switch (level) {
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
NDR_CHECK(ndr_pull_security_ace_object
From c0d7c0c189504e70f028e7574591b6c997032174 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.po...@suse.com>
Date: Tue, 24 Mar 2020 18:14:34 +0000
Subject: [PATCH 03/15] ad_gpo_ndr.c: refresh ndr_ methods from samba-4.12
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit c031adde4f532f39845a0efd78693600f1f8b2f4)
---
src/providers/ad/ad_gpo_ndr.c | 201 ++++++++++++++++++----------------
1 file changed, 106 insertions(+), 95 deletions(-)
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index 3d389e513d..a64b1a0f84 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -177,8 +177,16 @@ ndr_pull_security_ace_object(struct ndr_pull *ndr,
NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
}
if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_pull_set_switch_value
+ (ndr,
+ &r->type,
+ r->flags & SEC_ACE_OBJECT_TYPE_PRESENT));
NDR_CHECK(ndr_pull_security_ace_object_type
(ndr, NDR_BUFFERS, &r->type));
+ NDR_CHECK(ndr_pull_set_switch_value
+ (ndr,
+ &r->inherited_type,
+ r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
NDR_CHECK(ndr_pull_security_ace_object_inherited_type
(ndr, NDR_BUFFERS, &r->inherited_type));
}
@@ -342,7 +350,7 @@ ndr_pull_security_acl(struct ndr_pull *ndr,
(ndr, NDR_SCALARS, &r->revision));
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
- if (r->num_aces > 1000) {
+ if (r->num_aces > 2000) {
return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
}
size_aces_0 = r->num_aces;
@@ -408,107 +416,110 @@ ad_gpo_ndr_pull_security_descriptor(struct ndr_pull *ndr,
TALLOC_CTX *_mem_save_sacl_0;
uint32_t _ptr_dacl;
TALLOC_CTX *_mem_save_dacl_0;
- uint32_t _flags_save_STRUCT = ndr->flags;
- uint32_t _relative_save_offset;
-
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
- NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_pull_align(ndr, 5));
- NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
+ {
+ uint32_t _flags_save_STRUCT = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_pull_align(ndr, 5));
+ NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
+ NDR_SCALARS,
+ &r->revision));
+ NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
NDR_SCALARS,
- &r->revision));
- NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
- NDR_SCALARS,
- &r->type));
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
- if (_ptr_owner_sid) {
- NDR_PULL_ALLOC(ndr, r->owner_sid);
- NDR_CHECK(ndr_pull_relative_ptr1(ndr,
- r->owner_sid,
- _ptr_owner_sid));
- } else {
- r->owner_sid = NULL;
- }
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
- if (_ptr_group_sid) {
- NDR_PULL_ALLOC(ndr, r->group_sid);
- NDR_CHECK(ndr_pull_relative_ptr1(ndr,
- r->group_sid,
- _ptr_group_sid));
- } else {
- r->group_sid = NULL;
- }
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
- if (_ptr_sacl) {
- NDR_PULL_ALLOC(ndr, r->sacl);
- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
- } else {
- r->sacl = NULL;
- }
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
- if (_ptr_dacl) {
- NDR_PULL_ALLOC(ndr, r->dacl);
- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
- } else {
- r->dacl = NULL;
- }
- NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
- }
- if (ndr_flags & NDR_BUFFERS) {
- if (r->owner_sid) {
- _relative_save_offset = ndr->offset;
- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
- _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
- if (ndr->offset > ndr->relative_highest_offset) {
- ndr->relative_highest_offset = ndr->offset;
+ &r->type));
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
+ if (_ptr_owner_sid) {
+ NDR_PULL_ALLOC(ndr, r->owner_sid);
+ NDR_CHECK(ndr_pull_relative_ptr1(ndr,
+ r->owner_sid,
+ _ptr_owner_sid));
+ } else {
+ r->owner_sid = NULL;
}
- ndr->offset = _relative_save_offset;
- }
- if (r->group_sid) {
- _relative_save_offset = ndr->offset;
- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
- _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
- if (ndr->offset > ndr->relative_highest_offset) {
- ndr->relative_highest_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
+ if (_ptr_group_sid) {
+ NDR_PULL_ALLOC(ndr, r->group_sid);
+ NDR_CHECK(ndr_pull_relative_ptr1(ndr,
+ r->group_sid,
+ _ptr_group_sid));
+ } else {
+ r->group_sid = NULL;
}
- ndr->offset = _relative_save_offset;
- }
- if (r->sacl) {
- _relative_save_offset = ndr->offset;
- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
- _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
- NDR_CHECK(ndr_pull_security_acl(ndr,
- NDR_SCALARS|NDR_BUFFERS,
- r->sacl));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
- if (ndr->offset > ndr->relative_highest_offset) {
- ndr->relative_highest_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
+ if (_ptr_sacl) {
+ NDR_PULL_ALLOC(ndr, r->sacl);
+ NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
+ } else {
+ r->sacl = NULL;
}
- ndr->offset = _relative_save_offset;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
+ if (_ptr_dacl) {
+ NDR_PULL_ALLOC(ndr, r->dacl);
+ NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
+ } else {
+ r->dacl = NULL;
+ }
+ NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
}
- if (r->dacl) {
- _relative_save_offset = ndr->offset;
- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
- _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
- NDR_CHECK(ndr_pull_security_acl(ndr,
- NDR_SCALARS|NDR_BUFFERS,
- r->dacl));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
- if (ndr->offset > ndr->relative_highest_offset) {
- ndr->relative_highest_offset = ndr->offset;
+ if (ndr_flags & NDR_BUFFERS) {
+ if (r->owner_sid) {
+ uint32_t _relative_save_offset;
+ _relative_save_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
+ _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
+ if (ndr->offset > ndr->relative_highest_offset) {
+ ndr->relative_highest_offset = ndr->offset;
+ }
+ ndr->offset = _relative_save_offset;
+ }
+ if (r->group_sid) {
+ uint32_t _relative_save_offset;
+ _relative_save_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
+ _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
+ if (ndr->offset > ndr->relative_highest_offset) {
+ ndr->relative_highest_offset = ndr->offset;
+ }
+ ndr->offset = _relative_save_offset;
+ }
+ if (r->sacl) {
+ uint32_t _relative_save_offset;
+ _relative_save_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
+ _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
+ NDR_CHECK(ndr_pull_security_acl(ndr,
+ NDR_SCALARS|NDR_BUFFERS,
+ r->sacl));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
+ if (ndr->offset > ndr->relative_highest_offset) {
+ ndr->relative_highest_offset = ndr->offset;
+ }
+ ndr->offset = _relative_save_offset;
+ }
+ if (r->dacl) {
+ uint32_t _relative_save_offset;
+ _relative_save_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
+ _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
+ NDR_CHECK(ndr_pull_security_acl(ndr,
+ NDR_SCALARS|NDR_BUFFERS,
+ r->dacl));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
+ if (ndr->offset > ndr->relative_highest_offset) {
+ ndr->relative_highest_offset = ndr->offset;
+ }
+ ndr->offset = _relative_save_offset;
}
- ndr->offset = _relative_save_offset;
}
-
ndr->flags = _flags_save_STRUCT;
}
return NDR_ERR_SUCCESS;
From 16a46261bd1a8e054ef57d0d7b9f489d74172d95 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Thu, 28 May 2020 15:02:43 +0200
Subject: [PATCH 04/15] ad_gpo_ndr.c: more ndr updates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch add another update to the ndr code which was previously
updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and
1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc.
As missing update in ndr_pull_security_ace() cased
a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was
added to prevent similar issues in future.
Resolves: https://github.com/SSSD/sssd/issues/5183
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit a7c755672cd277497da3df4714f6d9457b6ac5ae)
---
src/providers/ad/ad_gpo_ndr.c | 1 +
src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+)
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index a64b1a0f84..9f040dfb03 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr,
ndr->offset += pad;
}
if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
NDR_CHECK(ndr_pull_security_ace_object_ctr
(ndr, NDR_BUFFERS, &r->object));
}
diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c
index 0589adcc3d..97dbe01794 100644
--- a/src/tests/cmocka/test_ad_gpo.c
+++ b/src/tests/cmocka/test_ad_gpo.c
@@ -329,6 +329,60 @@ void test_ad_gpo_ace_includes_client_sid_false(void **state)
ace_dom_sid, false);
}
+uint8_t test_sid_data[] = {
+0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
+0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8,
+0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55,
+0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00,
+0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60,
+0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
+0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00,
+0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00,
+0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11,
+0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00
+};
+
+void test_ad_gpo_parse_sd(void **state)
+{
+ int ret;
+ struct security_descriptor *sd = NULL;
+
+ ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd);
+ assert_int_equal(ret, EINVAL);
+
+ ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd);
+ assert_int_equal(ret, EOK);
+ assert_non_null(sd);
+ assert_int_equal(sd->revision, 1);
+ assert_int_equal(sd->type, 39940);
+ assert_null(sd->owner_sid);
+ assert_null(sd->group_sid);
+ assert_null(sd->sacl);
+ assert_non_null(sd->dacl);
+ assert_int_equal(sd->dacl->revision, 4);
+ assert_int_equal(sd->dacl->size, 308);
+ assert_int_equal(sd->dacl->num_aces, 10);
+ assert_int_equal(sd->dacl->aces[0].type, 0);
+ assert_int_equal(sd->dacl->aces[0].flags, 0);
+ assert_int_equal(sd->dacl->aces[0].size, 36);
+ assert_int_equal(sd->dacl->aces[0].access_mask, 917693);
+ /* There are more components and ACEs in the security_descriptor struct
+ * which are not checked here. */
+
+ talloc_free(sd);
+}
+
int main(int argc, const char *argv[])
{
poptContext pc;
@@ -364,6 +418,9 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_client_sid_false,
ad_gpo_test_setup,
ad_gpo_test_teardown),
+ cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd,
+ ad_gpo_test_setup,
+ ad_gpo_test_teardown),
};
/* Set debug level to invalid value so we can decide if -d 0 was used. */
From 9a02fa5d12fc7cc6e911e3590eef1cfa8b68e6f6 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabr...@suse.de>
Date: Tue, 17 Nov 2020 12:28:25 +0100
Subject: [PATCH 05/15] Improve samba version check for
ndr_pull_steal_switch_value signature
The current check will fail when samba 5.0 is released.
Signed-off-by: Samuel Cabrero <scabr...@suse.de>
Reviewed-by: Sumit Bose <sb...@redhat.com>
(cherry picked from commit 4ab47a914a16af4984b1f7ae21e3a6f20dde9cd0)
---
src/external/samba.m4 | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/external/samba.m4 b/src/external/samba.m4
index 8e06174ead..a67c76639c 100644
--- a/src/external/samba.m4
+++ b/src/external/samba.m4
@@ -132,15 +132,16 @@ int main(void)
AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1,
[Samba's struct idmap_domain has dom_sid member])
AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member])
- if test $samba_minor_version -ge 12 ; then
- AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
- [Samba's new push/pull switch functions])
- AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
- else
- AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
- fi
else
AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member])
+ fi
+
+ if ([[ $samba_major_version -gt 4 ]]) ||
+ ([[ $samba_major_version -eq 4 ]] && [[ $samba_minor_version -ge 12 ]]); then
+ AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
+ [Samba's new push/pull switch functions])
+ AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
+ else
AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
fi
fi
From d00dd30aefbbf806068ba2e59ac392608e9d8a3f Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Tue, 2 Jun 2020 15:27:53 +0000
Subject: [PATCH 06/15] INTG: Do not use letter similar to numbers in python
code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Running pycodestyle currently reports cases which is one of a set of three style checks
to avoid ambiguous single letter names which look like numbers
./src/tests/intg/krb5utils.py:101:27: E741 ambiguous variable name 'l'
./src/tests/intg/krb5utils.py:116:23: E741 ambiguous variable name 'l'
./src/tests/intg/krb5utils.py:140:28: E741 ambiguous variable name 'l'
https://pycodestyle.pycqa.org/en/latest/intro.html#error-codes
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit 4c4b62b412ab4f22b2d782ed3f0a8bcb52944c5a)
---
src/tests/intg/krb5utils.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/tests/intg/krb5utils.py b/src/tests/intg/krb5utils.py
index 50e4789b5f..67ae430069 100644
--- a/src/tests/intg/krb5utils.py
+++ b/src/tests/intg/krb5utils.py
@@ -98,7 +98,7 @@ def num_princs(self, env=None):
if retval != 0:
return 0
- outlines = [l for l in out.split('\n') if len(l) > 1]
+ outlines = [ln for ln in out.split('\n') if len(ln) > 1]
return len(outlines) - 2
def list_princs(self, env=None):
@@ -113,7 +113,7 @@ def list_princs(self, env=None):
if len(outlines) < 2:
raise Exception("Not enough output from klist -l")
- return [l for l in outlines[2:] if len(l) > 0]
+ return [ln for ln in outlines[2:] if len(ln) > 0]
def has_principal(self, exp_principal, exp_cache=None, env=None):
try:
@@ -137,7 +137,7 @@ def _parse_klist_a(self, out):
thisrealm = None
ccache_dict = dict()
- for line in [l for l in out.split('\n') if len(l) > 0]:
+ for line in [ln for ln in out.split('\n') if len(ln) > 0]:
if line.startswith("Default principal"):
dflprinc = line.split()[2]
thisrealm = '@' + dflprinc.split('@')[1]
From 8f2d01e75b78cab2fb9d5545ba5b52226d5df756 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Tue, 2 Jun 2020 15:24:57 +0000
Subject: [PATCH 07/15] python-test.py: Do not use letter similar to numbers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Running pycodestyle currently reports cases which is one of a set of three style checks
to avoid ambiguous single letter names which look like numbers
./src/tests/python-test.py:54:35: E741 ambiguous variable name 'l'
./src/tests/python-test.py:102:38: E741 ambiguous variable name 'l'
https://pycodestyle.pycqa.org/en/latest/intro.html#error-codes
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit 79e01fc95bfa58b4716c2f2b7256386ee435e41a)
---
src/tests/python-test.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tests/python-test.py b/src/tests/python-test.py
index b66bf3966f..036ea8b3b1 100644
--- a/src/tests/python-test.py
+++ b/src/tests/python-test.py
@@ -51,7 +51,7 @@ def _get_object_info(self, name, subtree, domain):
kw = {}
for key, value in \
- [l.split(':') for l in output.split('\n') if ":" in l]:
+ [ln.split(':') for ln in output.split('\n') if ":" in ln]:
kw[key] = value.strip()
del kw['asq']
@@ -99,7 +99,7 @@ def _get_object_membership(self, name, subtree, domain):
return []
members = [value.strip() for key, value in
- [l.split(':') for l in output.split('\n') if ":" in l]
+ [ln.split(':') for ln in output.split('\n') if ":" in ln]
if key == "memberof"]
return members
From 90491b42fdc803f12d5d1293fcac0d740a708331 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Thu, 27 Feb 2020 06:50:40 +0100
Subject: [PATCH 08/15] nss: Collision with external nss symbol
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
One of our internal static function names started
to collide with external nss symbol. Additional
sss_ suffix was added to avoid the collision.
This is needed to unblock Fedora Rawhide's
SSSD build.
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit fe9eeb51be06059721e873f77092b1e9ba08e6c1)
---
src/responder/nss/nss_cmd.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c
index dae1759103..43b81bbd9a 100644
--- a/src/responder/nss/nss_cmd.c
+++ b/src/responder/nss/nss_cmd.c
@@ -728,11 +728,13 @@ static void nss_getent_done(struct tevent_req *subreq)
talloc_free(cmd_ctx);
}
-static void nss_setnetgrent_done(struct tevent_req *subreq);
+static void sss_nss_setnetgrent_done(struct tevent_req *subreq);
-static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
- enum cache_req_type type,
- nss_protocol_fill_packet_fn fill_fn)
+/* This function's name started to collide with external nss symbol,
+ * so it has additional sss_* prefix unlike other functions here. */
+static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx,
+ enum cache_req_type type,
+ nss_protocol_fill_packet_fn fill_fn)
{
struct nss_ctx *nss_ctx;
struct nss_state_ctx *state_ctx;
@@ -774,7 +776,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
goto done;
}
- tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx);
+ tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx);
ret = EOK;
@@ -787,7 +789,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
return EOK;
}
-static void nss_setnetgrent_done(struct tevent_req *subreq)
+static void sss_nss_setnetgrent_done(struct tevent_req *subreq)
{
struct nss_cmd_ctx *cmd_ctx;
errno_t ret;
@@ -1037,8 +1039,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx)
static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
{
- return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
- nss_protocol_fill_setnetgrent);
+ return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
+ nss_protocol_fill_setnetgrent);
}
static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx)
From 5fd4049445141264152a2c364bd403b985345b13 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Mon, 18 Jan 2021 16:18:25 +0100
Subject: [PATCH 09/15] BUILD: Accept krb5 1.19 for building the PAC plugin
Reviewed-by: Alexey Tikhonov <atikh...@redhat.com>
(cherry picked from commit e7fb88fc6ffd1373a752ceada30d20eddc00a435)
---
src/external/pac_responder.m4 | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4
index dc986a1b8a..26c6bd5bdd 100644
--- a/src/external/pac_responder.m4
+++ b/src/external/pac_responder.m4
@@ -19,7 +19,9 @@ then
Kerberos\ 5\ release\ 1.14* | \
Kerberos\ 5\ release\ 1.15* | \
Kerberos\ 5\ release\ 1.16* | \
- Kerberos\ 5\ release\ 1.17*)
+ Kerberos\ 5\ release\ 1.17* | \
+ Kerberos\ 5\ release\ 1.18* | \
+ Kerberos\ 5\ release\ 1.19*)
krb5_version_ok=yes
AC_MSG_RESULT([yes])
;;
From 2364380217cb05799194c6b68d8c0f83f95cc002 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikh...@redhat.com>
Date: Fri, 18 Sep 2020 13:29:23 +0200
Subject: [PATCH 10/15] cmocka based tests: explicitly turn LTO off
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
cmocka based tests use "-Wl,-wrap" to wrap calls at link time. This is
incompatible with LTO.
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit f434fedf3de90474c496e80d2d982a9de993503a)
---
Makefile.am | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 77f5faf6b0..f9db5e92d7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -123,6 +123,8 @@ if HAVE_GCC
-std=gnu99
endif
+CMOCKA_CFLAGS = -fno-lto
+
pkgconfig_DATA =
ACLOCAL_AMFLAGS = -I m4 -I .
@@ -1960,6 +1962,7 @@ libdlopen_test_providers_la_LDFLAGS = \
-export-dynamic
libsss_nss_idmap_tests_la_SOURCES = $(libsss_nss_idmap_la_SOURCES)
+libsss_nss_idmap_tests_la_CFLAGS = $(CMOCKA_CFLAGS)
libsss_nss_idmap_tests_la_LIBADD = $(libsss_nss_idmap_la_LIBADD)
libsss_nss_idmap_tests_la_LDFLAGS = \
$(libsss_nss_idmap_la_LDFLAGS) \
@@ -2426,7 +2429,8 @@ nss_srv_tests_SOURCES = \
src/responder/nss/nss_utils.c \
src/responder/nss/nsssrv_mmap_cache.c
nss_srv_tests_CFLAGS = \
- $(AM_CFLAGS)
+ $(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS)
nss_srv_tests_LDFLAGS = \
-Wl,-wrap,sss_ncache_check_user \
-Wl,-wrap,sss_ncache_check_upn \
@@ -2467,6 +2471,7 @@ pam_srv_tests_CFLAGS = \
-U SSSD_LIBEXEC_PATH -DSSSD_LIBEXEC_PATH=\"$(abs_builddir)\" \
-I$(abs_builddir)/src \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
pam_srv_tests_LDFLAGS = \
-Wl,-wrap,sss_packet_get_body \
@@ -2504,6 +2509,7 @@ ssh_srv_tests_CFLAGS = \
-U SSSD_LIBEXEC_PATH -DSSSD_LIBEXEC_PATH=\"$(abs_builddir)\" \
-I$(abs_builddir)/src \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
ssh_srv_tests_LDFLAGS = \
-Wl,-wrap,sss_packet_get_body \
@@ -2528,7 +2534,8 @@ responder_get_domains_tests_SOURCES = \
src/tests/cmocka/test_responder_common.c \
src/tests/cmocka/common_mock_resp.c
responder_get_domains_tests_CFLAGS = \
- $(AM_CFLAGS)
+ $(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS)
responder_get_domains_tests_LDFLAGS = \
-Wl,-wrap,sss_parse_name_for_domains \
-Wl,-wrap,sss_ncache_reset_repopulate_permanent
@@ -2679,7 +2686,8 @@ test_prompt_config_LDADD = \
sss_nss_idmap_tests_SOURCES = \
src/tests/cmocka/sss_nss_idmap-tests.c
sss_nss_idmap_tests_CFLAGS = \
- $(AM_CFLAGS)
+ $(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS)
sss_nss_idmap_tests_LDADD = \
$(CMOCKA_LIBS) \
libsss_nss_idmap_tests.la \
@@ -2705,6 +2713,7 @@ dyndns_tests_SOURCES = \
src/providers/data_provider_opts.c
dyndns_tests_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
-DDYNDNS_TIMEOUT=2
dyndns_tests_LDFLAGS = \
-Wl,-wrap,execv \
@@ -2777,7 +2786,8 @@ test_ipa_idmap_SOURCES = \
src/tests/cmocka/test_ipa_idmap.c \
src/providers/ipa/ipa_idmap.c
test_ipa_idmap_CFLAGS = \
- $(AM_CFLAGS)
+ $(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS)
test_ipa_idmap_LDFLAGS = \
-Wl,-wrap,sysdb_get_ranges
test_ipa_idmap_LDADD = \
@@ -2917,6 +2927,7 @@ ad_common_tests_CFLAGS = \
$(AM_CFLAGS) \
$(NDR_NBT_CFLAGS) \
$(NDR_KRB5PAC_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
ad_common_tests_LDFLAGS = \
-Wl,-wrap,sdap_set_sasl_options \
@@ -2961,6 +2972,7 @@ sdap_tests_SOURCES = \
$(NULL)
sdap_tests_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
sdap_tests_LDFLAGS = \
-Wl,-wrap,ldap_set_option \
@@ -3009,6 +3021,7 @@ sss_sifp_tests_SOURCES = \
src/lib/sifp/sss_sifp.c
sss_sifp_tests_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
-I$(top_srcdir)/src/lib/sifp
sss_sifp_tests_LDFLAGS = \
-Wl,-wrap,dbus_bus_get \
@@ -3138,6 +3151,7 @@ test_wbc_calls_SOURCES = \
$(NULL)
test_wbc_calls_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
test_wbc_calls_LDFLAGS = \
-Wl,-wrap,sss_nss_getnamebysid \
@@ -3224,6 +3238,7 @@ test_child_common_SOURCES = \
$(NULL)
test_child_common_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
-DCHILD_DIR=\"$(builddir)\" \
$(NULL)
test_child_common_LDFLAGS = \
@@ -3244,6 +3259,7 @@ responder_cache_req_tests_SOURCES = \
$(NULL)
responder_cache_req_tests_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
responder_cache_req_tests_LDFLAGS = \
-Wl,-wrap,sss_dp_get_account_send \
@@ -3276,6 +3292,7 @@ test_resolv_fake_SOURCES = \
$(NULL)
test_resolv_fake_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
test_resolv_fake_LDFLAGS = \
-Wl,-wrap,ares_query \
@@ -3380,6 +3397,7 @@ test_ipa_subdom_server_SOURCES = \
$(NULL)
test_ipa_subdom_server_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
-DIPA_TRUST_KEYTAB_DIR=TEST_DIR\"/tp_test_ipa_subdom_server-test_ipa_subdomains_server\" \
$(NULL)
test_ipa_subdom_server_LDFLAGS = \
@@ -3461,6 +3479,7 @@ test_data_provider_be_SOURCES = \
$(NULL)
test_data_provider_be_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
-DUNIT_TESTING \
$(NULL)
test_data_provider_be_LDFLAGS = \
@@ -3505,6 +3524,7 @@ test_dp_request_SOURCES = \
$(NULL)
test_dp_request_CFLAGS = \
$(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
-DUNIT_TESTING \
$(NULL)
test_dp_request_LDFLAGS = \
From b18289f07025d36a1bdf3e2b8d4df7197eed37d6 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikh...@redhat.com>
Date: Mon, 1 Feb 2021 17:56:18 +0100
Subject: [PATCH 11/15] Makefile: add missing '-fno-lto' to some tests
Reviewed-by: Alexey Tikhonov <atikh...@redhat.com>
(cherry picked from commit ff0f76561a9794a8a7f53d95a9ebd754dec9a677)
---
Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile.am b/Makefile.am
index f9db5e92d7..6badd95373 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3460,6 +3460,7 @@ test_cert_utils_CFLAGS = \
-U SSSD_LIBEXEC_PATH -DSSSD_LIBEXEC_PATH=\"$(abs_builddir)\" \
-I$(abs_builddir)/src \
$(CRYPTO_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
test_cert_utils_LDADD = \
$(CMOCKA_LIBS) \
From 348a4260c3dd0ed86ddc3a0154da360c6fff5c26 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikh...@redhat.com>
Date: Sun, 7 Feb 2021 18:55:16 +0100
Subject: [PATCH 12/15] Makefile: add missing '-fno-lto' to some tests
---
Makefile.am | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 6badd95373..525d1defab 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2551,7 +2551,8 @@ sbus_internal_tests_SOURCES = \
src/tests/cmocka/sbus_internal_tests.c \
src/sbus/sssd_dbus_request.c
sbus_internal_tests_CFLAGS = \
- $(AM_CFLAGS)
+ $(AM_CFLAGS) \
+ $(CMOCKA_CFLAGS)
sbus_internal_tests_LDFLAGS = \
-Wl,-wrap,dbus_bus_get \
-Wl,-wrap,dbus_pending_call_steal_reply \
From 6d7622196e0ed34547f77fb4f8e4ce6e0eb1ced2 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikh...@redhat.com>
Date: Mon, 21 Sep 2020 17:04:53 +0200
Subject: [PATCH 13/15] sss_nss_idmap-tests: fixed error in iteration over
`test_data`
Reviewed-by: Pawel Polawski <ppola...@redhat.com>
(cherry picked from commit 5f23f2373e55b69fec263b2ced5a8b5f233a238c)
---
src/tests/cmocka/sss_nss_idmap-tests.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/tests/cmocka/sss_nss_idmap-tests.c b/src/tests/cmocka/sss_nss_idmap-tests.c
index 83bab29205..880bab0e58 100644
--- a/src/tests/cmocka/sss_nss_idmap-tests.c
+++ b/src/tests/cmocka/sss_nss_idmap-tests.c
@@ -116,12 +116,12 @@ void test_getsidbyname(void **state)
sid = NULL;
for (c = 0; d[c].d.repbuf != NULL; c++) {
- will_return(__wrap_sss_nss_make_request_timeout, &d[0].d);
+ will_return(__wrap_sss_nss_make_request_timeout, &d[c].d);
ret = sss_nss_getsidbyname("test", &sid, &type);
- assert_int_equal(ret, d[0].ret);
+ assert_int_equal(ret, d[c].ret);
if (ret == EOK) {
- assert_string_equal(sid, d[0].str);
+ assert_string_equal(sid, d[c].str);
assert_int_equal(type, 0);
}
free(sid);
From f5ea8ee47f89125ba6b1cee895f4ae307c7097dc Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikh...@redhat.com>
Date: Fri, 5 Feb 2021 14:51:26 +0100
Subject: [PATCH 14/15] BUILD: fixes gpo_child linking issue
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
/usr/bin/ld: src/util/gpo_child-signal.o (symbol from plugin): undefined reference to symbol 'BlockSignals@@SAMBA_UTIL_0.0.1'
Resolves: https://github.com/SSSD/sssd/issues/5385
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit d547a2dc1803ec10cbeda2b27b92ecc97adfd24b)
---
Makefile.am | 3 ++-
src/external/samba.m4 | 8 ++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 525d1defab..a6bf4d5cd2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4423,7 +4423,8 @@ gpo_child_LDADD = \
$(POPT_LIBS) \
$(DHASH_LIBS) \
$(INI_CONFIG_LIBS) \
- $(SMBCLIENT_LIBS)
+ $(SMBCLIENT_LIBS) \
+ $(SAMBA_UTIL_LIBS)
proxy_child_SOURCES = \
src/providers/proxy/proxy_child.c \
diff --git a/src/external/samba.m4 b/src/external/samba.m4
index a67c76639c..9ff96282a9 100644
--- a/src/external/samba.m4
+++ b/src/external/samba.m4
@@ -30,6 +30,14 @@ without them. In this case, you will need to execute configure script
with argument --without-samba
]]))
+ PKG_CHECK_MODULES(SAMBA_UTIL, samba-util, ,
+ AC_MSG_ERROR([[Please install libsamba-util development libraries.
+libsamba-util libraries are necessary for building ad and ipa provider.
+If you do not want to build these providers it is possible to build SSSD
+without them. In this case, you will need to execute configure script
+with argument --without-samba
+ ]]))
+
if test x"$HAVE_LIBINI_CONFIG_V1_1" != x1; then
AC_MSG_ERROR([[Please install libini_config development libraries
v1.1.0, or newer. libini_config libraries are necessary for building ipa
From ed4163ecd2ad9755eb3165acadfec3985b66f50e Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikh...@redhat.com>
Date: Mon, 21 Sep 2020 22:37:28 +0200
Subject: [PATCH 15/15] Makefile.am: get rid of `libsss_nss_idmap_tests`
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
`libsss_nss_idmap_tests` isn't required since
https://github.com/SSSD/sssd/pull/632
Reviewed-by: Pavel Březina <pbrez...@redhat.com>
(cherry picked from commit d34eb9633332462a7f1ba7a8a105bcbf93d4da4b)
---
Makefile.am | 23 +++---------
src/sss_client/idmap/sss_nss_idmap.unit_tests | 6 ---
.../wrap_sss_nss_make_request_timeout.c | 37 -------------------
src/tests/dlopen-tests.c | 3 --
4 files changed, 5 insertions(+), 64 deletions(-)
delete mode 100644 src/sss_client/idmap/sss_nss_idmap.unit_tests
delete mode 100644 src/tests/cmocka/wrap_sss_nss_make_request_timeout.c
diff --git a/Makefile.am b/Makefile.am
index a6bf4d5cd2..b9ca9a7c62 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1922,7 +1922,6 @@ libsss_test_common_la_SOURCES += \
check_LTLIBRARIES += \
libdlopen_test_providers.la \
- libsss_nss_idmap_tests.la \
$(NULL)
if BUILD_SAMBA
@@ -1933,12 +1932,9 @@ check_LTLIBRARIES += \
endif
# libdlopen_test_providers is a helper library to provide missing symbols for
-# dlopen_tests. It is mainly used for the backend modules but is used as well
-# to provide __wrap_sss_nss_make_request_timeout needed make make dlopen_tests
-# pass for libsss_nss_idmap_tests.
+# dlopen_tests.
libdlopen_test_providers_la_SOURCES = \
$(sssd_be_SOURCES) \
- src/tests/cmocka/wrap_sss_nss_make_request_timeout.c \
$(NULL)
libdlopen_test_providers_la_CFLAGS = \
$(AM_CFLAGS) \
@@ -1961,18 +1957,6 @@ libdlopen_test_providers_la_LDFLAGS = \
-rpath $(abs_top_builddir) \
-export-dynamic
-libsss_nss_idmap_tests_la_SOURCES = $(libsss_nss_idmap_la_SOURCES)
-libsss_nss_idmap_tests_la_CFLAGS = $(CMOCKA_CFLAGS)
-libsss_nss_idmap_tests_la_LIBADD = $(libsss_nss_idmap_la_LIBADD)
-libsss_nss_idmap_tests_la_LDFLAGS = \
- $(libsss_nss_idmap_la_LDFLAGS) \
- -shared \
- -rpath $(libdir) \
- -Wl,-wrap,sss_nss_make_request_timeout \
- -Wl,--version-script,$(srcdir)/src/sss_client/idmap/sss_nss_idmap.unit_tests
-
-dist_noinst_DATA += src/sss_client/idmap/sss_nss_idmap.unit_tests
-
libsss_ad_tests_la_SOURCES = $(libsss_ad_la_SOURCES)
libsss_ad_tests_la_CFLAGS = $(libsss_ad_la_CFLAGS)
libsss_ad_tests_la_LIBADD = \
@@ -2685,13 +2669,16 @@ test_prompt_config_LDADD = \
$(NULL)
sss_nss_idmap_tests_SOURCES = \
+ $(libsss_nss_idmap_la_SOURCES) \
src/tests/cmocka/sss_nss_idmap-tests.c
sss_nss_idmap_tests_CFLAGS = \
$(AM_CFLAGS) \
$(CMOCKA_CFLAGS)
+sss_nss_idmap_tests_LDFLAGS = \
+ -Wl,-wrap,sss_nss_make_request_timeout
sss_nss_idmap_tests_LDADD = \
$(CMOCKA_LIBS) \
- libsss_nss_idmap_tests.la \
+ $(libsss_nss_idmap_la_LIBADD) \
$(NULL)
deskprofile_utils_tests_SOURCES = \
diff --git a/src/sss_client/idmap/sss_nss_idmap.unit_tests b/src/sss_client/idmap/sss_nss_idmap.unit_tests
deleted file mode 100644
index 05c474f008..0000000000
--- a/src/sss_client/idmap/sss_nss_idmap.unit_tests
+++ /dev/null
@@ -1,6 +0,0 @@
-# version script files can be combined. They needn't be in single file
-UNIT_TEST_ONLY {
- # should not be part of installed library
- global:
- sss_nss_make_request_timeout;
-};
diff --git a/src/tests/cmocka/wrap_sss_nss_make_request_timeout.c b/src/tests/cmocka/wrap_sss_nss_make_request_timeout.c
deleted file mode 100644
index 6d2a957e86..0000000000
--- a/src/tests/cmocka/wrap_sss_nss_make_request_timeout.c
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- Authors:
- Sumit Bose <sb...@redhat.com>
-
- Copyright (C) 2018 Red Hat
-
- Helper to make dlopen-tests pass for libsss_nss_idmap_tests.so.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <stdint.h>
-#include <unistd.h>
-#include <nss.h>
-
-#include "sss_client/sss_cli.h"
-
-enum nss_status __wrap_sss_nss_make_request_timeout(enum sss_cli_command cmd,
- struct sss_cli_req_data *rd,
- int timeout,
- uint8_t **repbuf,
- size_t *replen,
- int *errnop)
-{
- return NSS_STATUS_SUCCESS;
-}
diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c
index b8349bfc95..708fadebd3 100644
--- a/src/tests/dlopen-tests.c
+++ b/src/tests/dlopen-tests.c
@@ -127,9 +127,6 @@ struct so {
/* for testing purposes */
{ "libdlopen_test_providers.so", { LIBPFX"libdlopen_test_providers.so",
NULL } },
- { "libsss_nss_idmap_tests.so", { LIBPFX"libdlopen_test_providers.so",
- LIBPFX"libsss_nss_idmap_tests.so",
- NULL } },
#ifdef BUILD_SAMBA
{ "libdlopen_test_winbind_idmap.so",
{ LIBPFX"libdlopen_test_winbind_idmap.so", NULL } },
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
