From patchwork Fri Jan 21 20:47:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Remco van 't Veer X-Patchwork-Id: 36717 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B5E0E27BBEA; Fri, 21 Jan 2022 20:58:06 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D148A27BBE9 for ; Fri, 21 Jan 2022 20:58:04 +0000 (GMT) Received: from localhost ([::1]:41862 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nB0yx-0002s7-VX for patchwork@mira.cbaines.net; Fri, 21 Jan 2022 15:58:04 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33528) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nB0qE-00028M-Q4 for guix-patches@gnu.org; Fri, 21 Jan 2022 15:49:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:42236) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nB0qE-0004NC-G8 for guix-patches@gnu.org; Fri, 21 Jan 2022 15:49:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nB0qE-0001h5-Fw for guix-patches@gnu.org; Fri, 21 Jan 2022 15:49:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#53421] [PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3 Resent-From: Remco van 't Veer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 21 Jan 2022 20:49:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 53421 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 53421@debbugs.gnu.org Cc: Remco van 't Veer X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16427981146461 (code B ref -1); Fri, 21 Jan 2022 20:49:02 +0000 Received: (at submit) by debbugs.gnu.org; 21 Jan 2022 20:48:34 +0000 Received: from localhost ([127.0.0.1]:35137 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nB0pd-0001fy-Nx for submit@debbugs.gnu.org; Fri, 21 Jan 2022 15:48:34 -0500 Received: from lists.gnu.org ([209.51.188.17]:57664) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nB0pa-0001fh-9F for submit@debbugs.gnu.org; Fri, 21 Jan 2022 15:48:24 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33410) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nB0pZ-0001VS-Mv for guix-patches@gnu.org; Fri, 21 Jan 2022 15:48:22 -0500 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:50265) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nB0pP-0003Uk-M7 for guix-patches@gnu.org; Fri, 21 Jan 2022 15:48:14 -0500 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 3BB443202232; Fri, 21 Jan 2022 15:48:10 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Fri, 21 Jan 2022 15:48:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; bh=um1d8SyBPZMULz lQHcffTytj/h6y3zszm17A4MQcxCo=; b=lYfOc/tNd/1TNwh3nro+ahyqUXH8Cp COzqBSBL6MZPb7Br82kNkdnOyaLEyhEBgvrAXtGWKZ1+ApGRB2H6CX1LnpYkY0Zd gpOfNz4pKVx8N8dgkFYUqWkzDx4opC57zekUyj+gXH+kxZrkIwFNnBCXHPG0t+Uu 5u5ICsrJtWikklE9jwVtBRg8oaU+0nlDjt2HhuU2IKa0JnTOUPMYoYi6ZPdQbAt+ TprBbS56QOuQeH+dg+0Gjh4QdPoleCYnJzbfhDZwlp8AgDoHru8/vz057+y8uQ04 apMAptG6u/nj0vU+gxcr6Wb+T4yDdCOoKPj9r8Xu+JqK/baahCPGV9Nw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=um1d8SyBPZMULzlQHcffTytj/h6y3zszm17A4MQcx Co=; b=bPkTRRpMHbnNAYV61o4UZfvabfMlBdPH1fxgfGAL5pvsb1LeOjnFfbk7K hMrkMtU10hKjwfP4dXGbtkL0VXtrEUmtDIGtKnBh3oPRWmkTdE0pzJkZfhcTgJVk H9XyE3kD56stwdvx2m3aumAuNxExi1KeuhkTGq4V3Z/8pzrE5CXNJJbqUb18PfG5 cZCsC4z0M3q3OhNBWD6e9VLk5i7dzGfBHgKhIUp1cY1bGa4k6CmUkKFtd6/7YwdH JRWPjuNsWQc5jxJKjAIGkhGN9L3wXd6SRLxYjaxjfi7+QMXW70nIXIcCz38zwHAx zXW0uu6Uk+RJ3ycjKlKDWX3o7yXKA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvddtgddugedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhggtgfgsehtke ertdertdejnecuhfhrohhmpeftvghmtghouchvrghnucdkthcugggvvghruceorhgvmhgt ohesrhgvmhifohhrkhhsrdhnvghtqeenucggtffrrghtthgvrhhnpedvhfdugeegtdekud evjeelkedvgfejfeejveeuleegveetkeffkeduhfejtdekhfenucffohhmrghinhepghhi thhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomheprhifvhesfhgrshhtmhgrihhlrdgtohhm X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 21 Jan 2022 15:48:09 -0500 (EST) From: Remco van 't Veer Date: Fri, 21 Jan 2022 21:47:56 +0100 Message-Id: <20220121204756.13638-2-remco@remworks.net> X-Mailer: git-send-email 2.34.0 In-Reply-To: <20220121204756.13638-1-remco@remworks.net> References: <20220121204756.13638-1-remco@remworks.net> MIME-Version: 1.0 Received-SPF: pass client-ip=64.147.123.24; envelope-from=rwv@fastmail.com; helo=wout1-smtp.messagingengine.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/packages/patches/sssd-fix-samba-4.15.3.patch: Commits from sssd repo * gnu/packages/sssd.scm: Add patch and autoconf --- gnu/local.mk | 2 + .../patches/sssd-fix-samba-4.15.3.patch | 523 ++++++++++++++++++ gnu/packages/sssd.scm | 22 +- 3 files changed, 543 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/sssd-fix-samba-4.15.3.patch diff --git a/gnu/local.mk b/gnu/local.mk index 26da4fc0a7..b91c673c40 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -48,6 +48,7 @@ # Copyright © 2021 Andrew Tropin # Copyright © 2021 Simon Tournier # Copyright © 2022 Daniel Meißner +# Copyright © 2022 Remco van 't Veer # # This file is part of GNU Guix. # @@ -1607,6 +1608,7 @@ dist_patch_DATA = \ %D%/packages/patches/smalltalk-multiplication-overflow.patch \ %D%/packages/patches/sqlite-hurd.patch \ %D%/packages/patches/sssd-collision-with-external-nss-symbol.patch \ + %D%/packages/patches/sssd-fix-samba-4.15.3.patch \ %D%/packages/patches/strace-readlink-tests.patch \ %D%/packages/patches/sunxi-tools-remove-sys-io.patch \ %D%/packages/patches/p11-kit-hurd.patch \ diff --git a/gnu/packages/patches/sssd-fix-samba-4.15.3.patch b/gnu/packages/patches/sssd-fix-samba-4.15.3.patch new file mode 100644 index 0000000000..731daa0ed9 --- /dev/null +++ b/gnu/packages/patches/sssd-fix-samba-4.15.3.patch @@ -0,0 +1,523 @@ +From 3ba88c317fd64b69b000adbdf881c88383f325d1 Mon Sep 17 00:00:00 2001 +From: Noel Power +Date: Tue, 24 Mar 2020 13:37:07 +0000 +Subject: [PATCH] Use ndr_pull_steal_switch_value for modern samba versions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +commit bc56b10aea999284458dcc293b54cf65288e325d attempted to +fix the build error resulting from removal of 'ndr_pull_get_switch' + +This change uses the new replacement method +'ndr_pull_steal_switch_value' however depending on the samba version +the ndr_pull_steal_switch_value abi is different. + +Note: ndr_pull_steal_switch_value is used since samba 4.10 for + the affected methods + +Note: the following methods have been refreshed from samba-4.12 generated + code; + + o ndr_pull_security_ace_object_type + o ndr_pull_security_ace_object_inherited_type + o ndr_pull_security_ace_object_ctr + +Signed-off-by: Noel Power + +Reviewed-by: Pavel Březina +(cherry picked from commit 1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc) + +Reviewed-by: Pavel Březina +--- + src/external/samba.m4 | 9 ++++++- + src/providers/ad/ad_gpo_ndr.c | 45 ++++++++++++++++++++--------------- + 2 files changed, 34 insertions(+), 20 deletions(-) + +diff --git a/src/external/samba.m4 b/src/external/samba.m4 +index 089f602a60..8e06174ead 100644 +--- a/src/external/samba.m4 ++++ b/src/external/samba.m4 +@@ -132,8 +132,15 @@ int main(void) + AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1, + [Samba's struct idmap_domain has dom_sid member]) + AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member]) ++ if test $samba_minor_version -ge 12 ; then ++ AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1, ++ [Samba's new push/pull switch functions]) ++ AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions]) ++ else ++ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions]) ++ fi + else + AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member]) ++ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions]) + fi +- + fi + + SAVE_CFLAGS=$CFLAGS +diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c +index 49c49d71b2..3d389e513d 100644 +--- a/src/providers/ad/ad_gpo_ndr.c ++++ b/src/providers/ad/ad_gpo_ndr.c +@@ -105,9 +105,14 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr, + union security_ace_object_type *r) + { + uint32_t level; +- level = ndr_token_peek(&ndr->switch_list, r); + NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + if (ndr_flags & NDR_SCALARS) { ++ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */ ++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH ++ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level)); ++#else ++ level = ndr_pull_steal_switch_value(ndr, r); ++#endif + NDR_CHECK(ndr_pull_union_align(ndr, 4)); + switch (level) { + case SEC_ACE_OBJECT_TYPE_PRESENT: { +@@ -117,14 +122,6 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr, + break; } + } + } +- if (ndr_flags & NDR_BUFFERS) { +- switch (level) { +- case SEC_ACE_OBJECT_TYPE_PRESENT: +- break; +- default: +- break; +- } +- } + return NDR_ERR_SUCCESS; + } + +@@ -135,9 +132,14 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr, + union security_ace_object_inherited_type *r) + { + uint32_t level; +- level = ndr_token_peek(&ndr->switch_list, r); + NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + if (ndr_flags & NDR_SCALARS) { ++ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */ ++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH ++ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level)); ++#else ++ level = ndr_pull_steal_switch_value(ndr, r); ++#endif + NDR_CHECK(ndr_pull_union_align(ndr, 4)); + switch (level) { + case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: { +@@ -149,14 +151,6 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr, + break; } + } + } +- if (ndr_flags & NDR_BUFFERS) { +- switch (level) { +- case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: +- break; +- default: +- break; +- } +- } + return NDR_ERR_SUCCESS; + } + +@@ -198,9 +192,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, + union security_ace_object_ctr *r) + { + uint32_t level; +- level = ndr_token_peek(&ndr->switch_list, r); + NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); + if (ndr_flags & NDR_SCALARS) { ++ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */ ++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH ++ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level)); ++#else ++ level = ndr_pull_steal_switch_value(ndr, r); ++#endif + NDR_CHECK(ndr_pull_union_align(ndr, 4)); + switch (level) { + case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: { +@@ -224,6 +223,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, + } + } + if (ndr_flags & NDR_BUFFERS) { ++ if (!(ndr_flags & NDR_SCALARS)) { ++ /* We didn't get it above, and the token is not needed after this. */ ++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH ++ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level)); ++#else ++ level = ndr_pull_steal_switch_value(ndr, r); ++#endif ++ } + switch (level) { + case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: + NDR_CHECK(ndr_pull_security_ace_object +From 5285a1896ee19bb8f1ff752380547bc6d7a43334 Mon Sep 17 00:00:00 2001 +From: Noel Power +Date: Tue, 24 Mar 2020 18:14:34 +0000 +Subject: [PATCH] ad_gpo_ndr.c: refresh ndr_ methods from samba-4.12 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Noel Power + +Reviewed-by: Pavel Březina +(cherry picked from commit c031adde4f532f39845a0efd78693600f1f8b2f4) + +Reviewed-by: Pavel Březina +--- + src/providers/ad/ad_gpo_ndr.c | 201 ++++++++++++++++++---------------- + 1 file changed, 106 insertions(+), 95 deletions(-) + +diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c +index 3d389e513d..a64b1a0f84 100644 +--- a/src/providers/ad/ad_gpo_ndr.c ++++ b/src/providers/ad/ad_gpo_ndr.c +@@ -177,8 +177,16 @@ ndr_pull_security_ace_object(struct ndr_pull *ndr, + NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); + } + if (ndr_flags & NDR_BUFFERS) { ++ NDR_CHECK(ndr_pull_set_switch_value ++ (ndr, ++ &r->type, ++ r->flags & SEC_ACE_OBJECT_TYPE_PRESENT)); + NDR_CHECK(ndr_pull_security_ace_object_type + (ndr, NDR_BUFFERS, &r->type)); ++ NDR_CHECK(ndr_pull_set_switch_value ++ (ndr, ++ &r->inherited_type, ++ r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)); + NDR_CHECK(ndr_pull_security_ace_object_inherited_type + (ndr, NDR_BUFFERS, &r->inherited_type)); + } +@@ -342,7 +350,7 @@ ndr_pull_security_acl(struct ndr_pull *ndr, + (ndr, NDR_SCALARS, &r->revision)); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces)); +- if (r->num_aces > 1000) { ++ if (r->num_aces > 2000) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + size_aces_0 = r->num_aces; +@@ -408,107 +416,110 @@ ad_gpo_ndr_pull_security_descriptor(struct ndr_pull *ndr, + TALLOC_CTX *_mem_save_sacl_0; + uint32_t _ptr_dacl; + TALLOC_CTX *_mem_save_dacl_0; +- uint32_t _flags_save_STRUCT = ndr->flags; +- uint32_t _relative_save_offset; +- +- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN); +- NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); +- if (ndr_flags & NDR_SCALARS) { +- NDR_CHECK(ndr_pull_align(ndr, 5)); +- NDR_CHECK(ndr_pull_security_descriptor_revision(ndr, ++ { ++ uint32_t _flags_save_STRUCT = ndr->flags; ++ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN); ++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); ++ if (ndr_flags & NDR_SCALARS) { ++ NDR_CHECK(ndr_pull_align(ndr, 5)); ++ NDR_CHECK(ndr_pull_security_descriptor_revision(ndr, ++ NDR_SCALARS, ++ &r->revision)); ++ NDR_CHECK(ndr_pull_security_descriptor_type(ndr, + NDR_SCALARS, +- &r->revision)); +- NDR_CHECK(ndr_pull_security_descriptor_type(ndr, +- NDR_SCALARS, +- &r->type)); +- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid)); +- if (_ptr_owner_sid) { +- NDR_PULL_ALLOC(ndr, r->owner_sid); +- NDR_CHECK(ndr_pull_relative_ptr1(ndr, +- r->owner_sid, +- _ptr_owner_sid)); +- } else { +- r->owner_sid = NULL; +- } +- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid)); +- if (_ptr_group_sid) { +- NDR_PULL_ALLOC(ndr, r->group_sid); +- NDR_CHECK(ndr_pull_relative_ptr1(ndr, +- r->group_sid, +- _ptr_group_sid)); +- } else { +- r->group_sid = NULL; +- } +- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl)); +- if (_ptr_sacl) { +- NDR_PULL_ALLOC(ndr, r->sacl); +- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl)); +- } else { +- r->sacl = NULL; +- } +- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl)); +- if (_ptr_dacl) { +- NDR_PULL_ALLOC(ndr, r->dacl); +- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl)); +- } else { +- r->dacl = NULL; +- } +- NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); +- } +- if (ndr_flags & NDR_BUFFERS) { +- if (r->owner_sid) { +- _relative_save_offset = ndr->offset; +- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid)); +- _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); +- NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0); +- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid)); +- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0); +- if (ndr->offset > ndr->relative_highest_offset) { +- ndr->relative_highest_offset = ndr->offset; ++ &r->type)); ++ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid)); ++ if (_ptr_owner_sid) { ++ NDR_PULL_ALLOC(ndr, r->owner_sid); ++ NDR_CHECK(ndr_pull_relative_ptr1(ndr, ++ r->owner_sid, ++ _ptr_owner_sid)); ++ } else { ++ r->owner_sid = NULL; + } +- ndr->offset = _relative_save_offset; +- } +- if (r->group_sid) { +- _relative_save_offset = ndr->offset; +- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid)); +- _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); +- NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0); +- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); +- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); +- if (ndr->offset > ndr->relative_highest_offset) { +- ndr->relative_highest_offset = ndr->offset; ++ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid)); ++ if (_ptr_group_sid) { ++ NDR_PULL_ALLOC(ndr, r->group_sid); ++ NDR_CHECK(ndr_pull_relative_ptr1(ndr, ++ r->group_sid, ++ _ptr_group_sid)); ++ } else { ++ r->group_sid = NULL; + } +- ndr->offset = _relative_save_offset; +- } +- if (r->sacl) { +- _relative_save_offset = ndr->offset; +- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl)); +- _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr); +- NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0); +- NDR_CHECK(ndr_pull_security_acl(ndr, +- NDR_SCALARS|NDR_BUFFERS, +- r->sacl)); +- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0); +- if (ndr->offset > ndr->relative_highest_offset) { +- ndr->relative_highest_offset = ndr->offset; ++ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl)); ++ if (_ptr_sacl) { ++ NDR_PULL_ALLOC(ndr, r->sacl); ++ NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl)); ++ } else { ++ r->sacl = NULL; + } +- ndr->offset = _relative_save_offset; ++ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl)); ++ if (_ptr_dacl) { ++ NDR_PULL_ALLOC(ndr, r->dacl); ++ NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl)); ++ } else { ++ r->dacl = NULL; ++ } ++ NDR_CHECK(ndr_pull_trailer_align(ndr, 5)); + } +- if (r->dacl) { +- _relative_save_offset = ndr->offset; +- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl)); +- _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr); +- NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0); +- NDR_CHECK(ndr_pull_security_acl(ndr, +- NDR_SCALARS|NDR_BUFFERS, +- r->dacl)); +- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0); +- if (ndr->offset > ndr->relative_highest_offset) { +- ndr->relative_highest_offset = ndr->offset; ++ if (ndr_flags & NDR_BUFFERS) { ++ if (r->owner_sid) { ++ uint32_t _relative_save_offset; ++ _relative_save_offset = ndr->offset; ++ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid)); ++ _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); ++ NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0); ++ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid)); ++ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0); ++ if (ndr->offset > ndr->relative_highest_offset) { ++ ndr->relative_highest_offset = ndr->offset; ++ } ++ ndr->offset = _relative_save_offset; ++ } ++ if (r->group_sid) { ++ uint32_t _relative_save_offset; ++ _relative_save_offset = ndr->offset; ++ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid)); ++ _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); ++ NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0); ++ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); ++ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); ++ if (ndr->offset > ndr->relative_highest_offset) { ++ ndr->relative_highest_offset = ndr->offset; ++ } ++ ndr->offset = _relative_save_offset; ++ } ++ if (r->sacl) { ++ uint32_t _relative_save_offset; ++ _relative_save_offset = ndr->offset; ++ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl)); ++ _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr); ++ NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0); ++ NDR_CHECK(ndr_pull_security_acl(ndr, ++ NDR_SCALARS|NDR_BUFFERS, ++ r->sacl)); ++ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0); ++ if (ndr->offset > ndr->relative_highest_offset) { ++ ndr->relative_highest_offset = ndr->offset; ++ } ++ ndr->offset = _relative_save_offset; ++ } ++ if (r->dacl) { ++ uint32_t _relative_save_offset; ++ _relative_save_offset = ndr->offset; ++ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl)); ++ _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr); ++ NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0); ++ NDR_CHECK(ndr_pull_security_acl(ndr, ++ NDR_SCALARS|NDR_BUFFERS, ++ r->dacl)); ++ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0); ++ if (ndr->offset > ndr->relative_highest_offset) { ++ ndr->relative_highest_offset = ndr->offset; ++ } ++ ndr->offset = _relative_save_offset; + } +- ndr->offset = _relative_save_offset; + } +- + ndr->flags = _flags_save_STRUCT; + } + return NDR_ERR_SUCCESS; +From d5809f6f41ec0dc3fd38f9e4ae917a38bf7dfa43 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 28 May 2020 15:02:43 +0200 +Subject: [PATCH] ad_gpo_ndr.c: more ndr updates +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch add another update to the ndr code which was previously +updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and +1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc. + +As missing update in ndr_pull_security_ace() cased +a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was +added to prevent similar issues in future. + +Resolves: https://github.com/SSSD/sssd/issues/5183 + +Reviewed-by: Pavel Březina +(cherry picked from commit a7c755672cd277497da3df4714f6d9457b6ac5ae) + +Reviewed-by: Pavel Březina +--- + src/providers/ad/ad_gpo_ndr.c | 1 + + src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++ + 2 files changed, 58 insertions(+) + +diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c +index a64b1a0f84..9f040dfb03 100644 +--- a/src/providers/ad/ad_gpo_ndr.c ++++ b/src/providers/ad/ad_gpo_ndr.c +@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr, + ndr->offset += pad; + } + if (ndr_flags & NDR_BUFFERS) { ++ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type)); + NDR_CHECK(ndr_pull_security_ace_object_ctr + (ndr, NDR_BUFFERS, &r->object)); + } +diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c +index 0589adcc3d..97dbe01794 100644 +--- a/src/tests/cmocka/test_ad_gpo.c ++++ b/src/tests/cmocka/test_ad_gpo.c +@@ -329,6 +329,60 @@ void test_ad_gpo_ace_includes_client_sid_false(void **state) + ace_dom_sid, false); + } + ++uint8_t test_sid_data[] = { ++0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, ++0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, ++0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00, ++0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, ++0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, ++0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, ++0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, ++0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, ++0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, ++0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, ++0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, ++0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00, ++0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, ++0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, ++0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, ++0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00, ++0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11, ++0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, ++0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00, ++0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00 ++}; ++ ++void test_ad_gpo_parse_sd(void **state) ++{ ++ int ret; ++ struct security_descriptor *sd = NULL; ++ ++ ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd); ++ assert_int_equal(ret, EINVAL); ++ ++ ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd); ++ assert_int_equal(ret, EOK); ++ assert_non_null(sd); ++ assert_int_equal(sd->revision, 1); ++ assert_int_equal(sd->type, 39940); ++ assert_null(sd->owner_sid); ++ assert_null(sd->group_sid); ++ assert_null(sd->sacl); ++ assert_non_null(sd->dacl); ++ assert_int_equal(sd->dacl->revision, 4); ++ assert_int_equal(sd->dacl->size, 308); ++ assert_int_equal(sd->dacl->num_aces, 10); ++ assert_int_equal(sd->dacl->aces[0].type, 0); ++ assert_int_equal(sd->dacl->aces[0].flags, 0); ++ assert_int_equal(sd->dacl->aces[0].size, 36); ++ assert_int_equal(sd->dacl->aces[0].access_mask, 917693); ++ /* There are more components and ACEs in the security_descriptor struct ++ * which are not checked here. */ ++ ++ talloc_free(sd); ++} ++ + int main(int argc, const char *argv[]) + { + poptContext pc; +@@ -364,6 +418,9 @@ int main(int argc, const char *argv[]) + cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_client_sid_false, + ad_gpo_test_setup, + ad_gpo_test_teardown), ++ cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd, ++ ad_gpo_test_setup, ++ ad_gpo_test_teardown), + }; + + /* Set debug level to invalid value so we can decide if -d 0 was used. */ diff --git a/gnu/packages/sssd.scm b/gnu/packages/sssd.scm index 9d254d4b3c..3d8c69e722 100644 --- a/gnu/packages/sssd.scm +++ b/gnu/packages/sssd.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice ;;; Copyright © 2020 Efraim Flashner ;;; Copyright © 2021 Timotej Lazar -;;; Copyright © 2021 Remco van 't Veer +;;; Copyright © 2021, 2022 Remco van 't Veer ;;; ;;; This file is part of GNU Guix. ;;; @@ -152,7 +152,8 @@ (define-public sssd "1h6hwibaf3xa2w6qpzjiiywmfj6zkgbz4r2isf3gd0xm6vq7n6if")) (patches (search-patches "sssd-fix-samba.patch" "sssd-system-directories.patch" - "sssd-collision-with-external-nss-symbol.patch")))) + "sssd-collision-with-external-nss-symbol.patch" + "sssd-fix-samba-4.15.3.patch")))) (build-system gnu-build-system) (arguments `(#:make-flags @@ -196,7 +197,19 @@ (define-public sssd (lambda _ (substitute* "src/tests/responder_socket_access-tests.c" (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") "")) - #t))))) + #t)) + (add-after 'unpack 'add-config-in + (lambda _ + (let ((config.h (open-file "config.h.in" "a"))) + (display (string-append " +/* Missing in commits on original repo, dunno why but won't work without. */ +#define SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH 1 +") + config.h) + (close config.h)))) + (add-before 'configure 'autoconf + (lambda _ + (invoke "autoconf")))))) (inputs (list augeas `(,isc-bind "utils") @@ -225,7 +238,8 @@ (define-public sssd tdb tevent)) (native-inputs - (list check-0.14 + (list autoconf-2.69 + check-0.14 docbook-xsl docbook-xml libxml2 ; for xmllint