all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#53422] [PATCH 0/1] Fix sssd build
@ 2022-01-21 20:47 Remco van 't Veer
  2022-01-21 20:47 ` [bug#53421] [PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3 Remco van 't Veer
       [not found] ` <handler.53422.B.16427981156468.ack@debbugs.gnu.org>
  0 siblings, 2 replies; 6+ messages in thread
From: Remco van 't Veer @ 2022-01-21 20:47 UTC (permalink / raw)
  To: 53422; +Cc: Remco van 't Veer

I managed to get the sssd package to build again by applying some
patches for the original repo pending an official release.

But I'd rather have a version of autofs without depending on sssd
since I only want autofs on nfs filesystems and I expect not to need
ssssd.  Guidance on who to implement that is welcome.

Remco van 't Veer (1):
  gnu: sssd: Fix build with samba-4.15.3

 gnu/local.mk                                  |   2 +
 .../patches/sssd-fix-samba-4.15.3.patch       | 523 ++++++++++++++++++
 gnu/packages/sssd.scm                         |  22 +-
 3 files changed, 543 insertions(+), 4 deletions(-)
 create mode 100644 gnu/packages/patches/sssd-fix-samba-4.15.3.patch


base-commit: e143654088091af84c868b92b77f6618318c859c
-- 
2.34.0





^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#53421] [PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3
  2022-01-21 20:47 [bug#53422] [PATCH 0/1] Fix sssd build Remco van 't Veer
@ 2022-01-21 20:47 ` Remco van 't Veer
       [not found]   ` <handler.53421.B.16427981146461.ack@debbugs.gnu.org>
  2022-01-22  8:30   ` bug#53421: [PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3 Oleg Pykhalov
       [not found] ` <handler.53422.B.16427981156468.ack@debbugs.gnu.org>
  1 sibling, 2 replies; 6+ messages in thread
From: Remco van 't Veer @ 2022-01-21 20:47 UTC (permalink / raw)
  To: 53421; +Cc: Remco van 't Veer

* gnu/packages/patches/sssd-fix-samba-4.15.3.patch: Commits from sssd repo
* gnu/packages/sssd.scm: Add patch and autoconf
---
 gnu/local.mk                                  |   2 +
 .../patches/sssd-fix-samba-4.15.3.patch       | 523 ++++++++++++++++++
 gnu/packages/sssd.scm                         |  22 +-
 3 files changed, 543 insertions(+), 4 deletions(-)
 create mode 100644 gnu/packages/patches/sssd-fix-samba-4.15.3.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 26da4fc0a7..b91c673c40 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -48,6 +48,7 @@
 # Copyright © 2021 Andrew Tropin <andrew@trop.in>
 # Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
 # Copyright © 2022 Daniel Meißner <daniel.meissner-i4k@ruhr-uni-bochum.de>
+# Copyright © 2022 Remco van 't Veer <remco@remworks.net>
 #
 # This file is part of GNU Guix.
 #
@@ -1607,6 +1608,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/smalltalk-multiplication-overflow.patch	\
   %D%/packages/patches/sqlite-hurd.patch			\
   %D%/packages/patches/sssd-collision-with-external-nss-symbol.patch	\
+  %D%/packages/patches/sssd-fix-samba-4.15.3.patch	\
   %D%/packages/patches/strace-readlink-tests.patch		\
   %D%/packages/patches/sunxi-tools-remove-sys-io.patch	\
   %D%/packages/patches/p11-kit-hurd.patch			\
diff --git a/gnu/packages/patches/sssd-fix-samba-4.15.3.patch b/gnu/packages/patches/sssd-fix-samba-4.15.3.patch
new file mode 100644
index 0000000000..731daa0ed9
--- /dev/null
+++ b/gnu/packages/patches/sssd-fix-samba-4.15.3.patch
@@ -0,0 +1,523 @@
+From 3ba88c317fd64b69b000adbdf881c88383f325d1 Mon Sep 17 00:00:00 2001
+From: Noel Power <noel.power@suse.com>
+Date: Tue, 24 Mar 2020 13:37:07 +0000
+Subject: [PATCH] Use ndr_pull_steal_switch_value for modern samba versions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+commit bc56b10aea999284458dcc293b54cf65288e325d attempted to
+fix the build error resulting from removal of 'ndr_pull_get_switch'
+
+This change uses the new replacement method
+'ndr_pull_steal_switch_value' however depending on the samba version
+the ndr_pull_steal_switch_value abi is different.
+
+Note: ndr_pull_steal_switch_value is used since samba 4.10 for
+      the affected methods
+
+Note: the following methods have been refreshed from samba-4.12 generated
+      code;
+
+    o ndr_pull_security_ace_object_type
+    o ndr_pull_security_ace_object_inherited_type
+    o ndr_pull_security_ace_object_ctr
+
+Signed-off-by: Noel Power <noel.power@suse.com>
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit 1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc)
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/external/samba.m4         |  9 ++++++-
+ src/providers/ad/ad_gpo_ndr.c | 45 ++++++++++++++++++++---------------
+ 2 files changed, 34 insertions(+), 20 deletions(-)
+
+diff --git a/src/external/samba.m4 b/src/external/samba.m4
+index 089f602a60..8e06174ead 100644
+--- a/src/external/samba.m4
++++ b/src/external/samba.m4
+@@ -132,8 +132,15 @@ int main(void)
+         AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1,
+                            [Samba's struct idmap_domain has dom_sid member])
+         AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member])
++        if test $samba_minor_version -ge 12 ; then
++            AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
++                               [Samba's new push/pull switch functions])
++            AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
++        else
++            AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
++        fi
+     else
+         AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member])
++        AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
+     fi
+-
+ fi
+
+ SAVE_CFLAGS=$CFLAGS
+diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
+index 49c49d71b2..3d389e513d 100644
+--- a/src/providers/ad/ad_gpo_ndr.c
++++ b/src/providers/ad/ad_gpo_ndr.c
+@@ -105,9 +105,14 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
+                                   union security_ace_object_type *r)
+ {
+     uint32_t level;
+-    level = ndr_token_peek(&ndr->switch_list, r);
+     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+     if (ndr_flags & NDR_SCALARS) {
++        /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
++        NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
++#else
++        level = ndr_pull_steal_switch_value(ndr, r);
++#endif
+         NDR_CHECK(ndr_pull_union_align(ndr, 4));
+         switch (level) {
+         case SEC_ACE_OBJECT_TYPE_PRESENT: {
+@@ -117,14 +122,6 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
+             break; }
+         }
+     }
+-    if (ndr_flags & NDR_BUFFERS) {
+-        switch (level) {
+-        case SEC_ACE_OBJECT_TYPE_PRESENT:
+-            break;
+-        default:
+-            break;
+-        }
+-    }
+     return NDR_ERR_SUCCESS;
+ }
+
+@@ -135,9 +132,14 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
+                                             union security_ace_object_inherited_type *r)
+ {
+     uint32_t level;
+-    level = ndr_token_peek(&ndr->switch_list, r);
+     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+     if (ndr_flags & NDR_SCALARS) {
++        /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
++        NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
++#else
++        level = ndr_pull_steal_switch_value(ndr, r);
++#endif
+         NDR_CHECK(ndr_pull_union_align(ndr, 4));
+         switch (level) {
+         case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
+@@ -149,14 +151,6 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
+             break; }
+         }
+     }
+-    if (ndr_flags & NDR_BUFFERS) {
+-        switch (level) {
+-        case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
+-            break;
+-        default:
+-            break;
+-        }
+-    }
+     return NDR_ERR_SUCCESS;
+ }
+
+@@ -198,9 +192,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
+                                  union security_ace_object_ctr *r)
+ {
+     uint32_t level;
+-    level = ndr_token_peek(&ndr->switch_list, r);
+     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+     if (ndr_flags & NDR_SCALARS) {
++        /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
++        NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
++#else
++        level = ndr_pull_steal_switch_value(ndr, r);
++#endif
+         NDR_CHECK(ndr_pull_union_align(ndr, 4));
+         switch (level) {
+         case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
+@@ -224,6 +223,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
+         }
+     }
+     if (ndr_flags & NDR_BUFFERS) {
++        if (!(ndr_flags & NDR_SCALARS)) {
++            /* We didn't get it above, and the token is not needed after this. */
++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
++            NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
++#else
++            level = ndr_pull_steal_switch_value(ndr, r);
++#endif
++        }
+         switch (level) {
+         case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+             NDR_CHECK(ndr_pull_security_ace_object
+From 5285a1896ee19bb8f1ff752380547bc6d7a43334 Mon Sep 17 00:00:00 2001
+From: Noel Power <noel.power@suse.com>
+Date: Tue, 24 Mar 2020 18:14:34 +0000
+Subject: [PATCH] ad_gpo_ndr.c: refresh ndr_ methods from samba-4.12
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Noel Power <noel.power@suse.com>
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit c031adde4f532f39845a0efd78693600f1f8b2f4)
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_gpo_ndr.c | 201 ++++++++++++++++++----------------
+ 1 file changed, 106 insertions(+), 95 deletions(-)
+
+diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
+index 3d389e513d..a64b1a0f84 100644
+--- a/src/providers/ad/ad_gpo_ndr.c
++++ b/src/providers/ad/ad_gpo_ndr.c
+@@ -177,8 +177,16 @@ ndr_pull_security_ace_object(struct ndr_pull *ndr,
+         NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
+     }
+     if (ndr_flags & NDR_BUFFERS) {
++        NDR_CHECK(ndr_pull_set_switch_value
++                  (ndr,
++                   &r->type,
++                   r->flags & SEC_ACE_OBJECT_TYPE_PRESENT));
+         NDR_CHECK(ndr_pull_security_ace_object_type
+                   (ndr, NDR_BUFFERS, &r->type));
++        NDR_CHECK(ndr_pull_set_switch_value
++                  (ndr,
++                   &r->inherited_type,
++                   r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
+         NDR_CHECK(ndr_pull_security_ace_object_inherited_type
+                   (ndr, NDR_BUFFERS, &r->inherited_type));
+     }
+@@ -342,7 +350,7 @@ ndr_pull_security_acl(struct ndr_pull *ndr,
+                   (ndr, NDR_SCALARS, &r->revision));
+         NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+         NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
+-        if (r->num_aces > 1000) {
++        if (r->num_aces > 2000) {
+             return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+         }
+         size_aces_0 = r->num_aces;
+@@ -408,107 +416,110 @@ ad_gpo_ndr_pull_security_descriptor(struct ndr_pull *ndr,
+     TALLOC_CTX *_mem_save_sacl_0;
+     uint32_t _ptr_dacl;
+     TALLOC_CTX *_mem_save_dacl_0;
+-    uint32_t _flags_save_STRUCT = ndr->flags;
+-    uint32_t _relative_save_offset;
+-
+-    ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
+-    NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+-    if (ndr_flags & NDR_SCALARS) {
+-        NDR_CHECK(ndr_pull_align(ndr, 5));
+-        NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
++    {
++        uint32_t _flags_save_STRUCT = ndr->flags;
++        ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
++        NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
++        if (ndr_flags & NDR_SCALARS) {
++            NDR_CHECK(ndr_pull_align(ndr, 5));
++            NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
++                                                            NDR_SCALARS,
++                                                            &r->revision));
++            NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
+                                                         NDR_SCALARS,
+-                                                        &r->revision));
+-        NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
+-                                                    NDR_SCALARS,
+-                                                    &r->type));
+-        NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
+-        if (_ptr_owner_sid) {
+-            NDR_PULL_ALLOC(ndr, r->owner_sid);
+-            NDR_CHECK(ndr_pull_relative_ptr1(ndr,
+-                                             r->owner_sid,
+-                                             _ptr_owner_sid));
+-        } else {
+-            r->owner_sid = NULL;
+-        }
+-        NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
+-        if (_ptr_group_sid) {
+-            NDR_PULL_ALLOC(ndr, r->group_sid);
+-            NDR_CHECK(ndr_pull_relative_ptr1(ndr,
+-                                             r->group_sid,
+-                                             _ptr_group_sid));
+-        } else {
+-            r->group_sid = NULL;
+-        }
+-        NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
+-        if (_ptr_sacl) {
+-            NDR_PULL_ALLOC(ndr, r->sacl);
+-            NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
+-        } else {
+-            r->sacl = NULL;
+-        }
+-        NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
+-        if (_ptr_dacl) {
+-            NDR_PULL_ALLOC(ndr, r->dacl);
+-            NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
+-        } else {
+-            r->dacl = NULL;
+-        }
+-        NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
+-    }
+-    if (ndr_flags & NDR_BUFFERS) {
+-        if (r->owner_sid) {
+-            _relative_save_offset = ndr->offset;
+-            NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
+-            _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+-            NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
+-            NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
+-            NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
+-            if (ndr->offset > ndr->relative_highest_offset) {
+-                ndr->relative_highest_offset = ndr->offset;
++                                                        &r->type));
++            NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
++            if (_ptr_owner_sid) {
++                NDR_PULL_ALLOC(ndr, r->owner_sid);
++                NDR_CHECK(ndr_pull_relative_ptr1(ndr,
++                                                 r->owner_sid,
++                                                 _ptr_owner_sid));
++            } else {
++                r->owner_sid = NULL;
+             }
+-            ndr->offset = _relative_save_offset;
+-        }
+-        if (r->group_sid) {
+-            _relative_save_offset = ndr->offset;
+-            NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
+-            _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+-            NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
+-            NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
+-            NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
+-            if (ndr->offset > ndr->relative_highest_offset) {
+-                ndr->relative_highest_offset = ndr->offset;
++            NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
++            if (_ptr_group_sid) {
++                NDR_PULL_ALLOC(ndr, r->group_sid);
++                NDR_CHECK(ndr_pull_relative_ptr1(ndr,
++                                                 r->group_sid,
++                                                 _ptr_group_sid));
++            } else {
++                r->group_sid = NULL;
+             }
+-            ndr->offset = _relative_save_offset;
+-        }
+-        if (r->sacl) {
+-            _relative_save_offset = ndr->offset;
+-            NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
+-            _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+-            NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
+-            NDR_CHECK(ndr_pull_security_acl(ndr,
+-                                            NDR_SCALARS|NDR_BUFFERS,
+-                                            r->sacl));
+-            NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
+-            if (ndr->offset > ndr->relative_highest_offset) {
+-                ndr->relative_highest_offset = ndr->offset;
++            NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
++            if (_ptr_sacl) {
++                NDR_PULL_ALLOC(ndr, r->sacl);
++                NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
++            } else {
++                r->sacl = NULL;
+             }
+-            ndr->offset = _relative_save_offset;
++            NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
++            if (_ptr_dacl) {
++                NDR_PULL_ALLOC(ndr, r->dacl);
++                NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
++            } else {
++                r->dacl = NULL;
++            }
++            NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
+         }
+-        if (r->dacl) {
+-            _relative_save_offset = ndr->offset;
+-            NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
+-            _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+-            NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
+-            NDR_CHECK(ndr_pull_security_acl(ndr,
+-                                            NDR_SCALARS|NDR_BUFFERS,
+-                                            r->dacl));
+-            NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
+-            if (ndr->offset > ndr->relative_highest_offset) {
+-                ndr->relative_highest_offset = ndr->offset;
++        if (ndr_flags & NDR_BUFFERS) {
++            if (r->owner_sid) {
++                uint32_t _relative_save_offset;
++                _relative_save_offset = ndr->offset;
++                NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
++                _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
++                NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
++                NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
++                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
++                if (ndr->offset > ndr->relative_highest_offset) {
++                    ndr->relative_highest_offset = ndr->offset;
++                }
++                ndr->offset = _relative_save_offset;
++            }
++            if (r->group_sid) {
++                uint32_t _relative_save_offset;
++                _relative_save_offset = ndr->offset;
++                NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
++                _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
++                NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
++                NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
++                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
++                if (ndr->offset > ndr->relative_highest_offset) {
++                    ndr->relative_highest_offset = ndr->offset;
++                }
++                ndr->offset = _relative_save_offset;
++            }
++            if (r->sacl) {
++                uint32_t _relative_save_offset;
++                _relative_save_offset = ndr->offset;
++                NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
++                _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
++                NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
++                NDR_CHECK(ndr_pull_security_acl(ndr,
++                                                NDR_SCALARS|NDR_BUFFERS,
++                                                r->sacl));
++                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
++                if (ndr->offset > ndr->relative_highest_offset) {
++                    ndr->relative_highest_offset = ndr->offset;
++                }
++                ndr->offset = _relative_save_offset;
++            }
++            if (r->dacl) {
++                uint32_t _relative_save_offset;
++                _relative_save_offset = ndr->offset;
++                NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
++                _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
++                NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
++                NDR_CHECK(ndr_pull_security_acl(ndr,
++                                                NDR_SCALARS|NDR_BUFFERS,
++                                                r->dacl));
++                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
++                if (ndr->offset > ndr->relative_highest_offset) {
++                    ndr->relative_highest_offset = ndr->offset;
++                }
++                ndr->offset = _relative_save_offset;
+             }
+-            ndr->offset = _relative_save_offset;
+         }
+-
+         ndr->flags = _flags_save_STRUCT;
+     }
+     return NDR_ERR_SUCCESS;
+From d5809f6f41ec0dc3fd38f9e4ae917a38bf7dfa43 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 28 May 2020 15:02:43 +0200
+Subject: [PATCH] ad_gpo_ndr.c: more ndr updates
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch add another update to the ndr code which was previously
+updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and
+1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc.
+
+As missing update in ndr_pull_security_ace() cased
+a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was
+added to prevent similar issues in future.
+
+Resolves: https://github.com/SSSD/sssd/issues/5183
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit a7c755672cd277497da3df4714f6d9457b6ac5ae)
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_gpo_ndr.c  |  1 +
+ src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 58 insertions(+)
+
+diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
+index a64b1a0f84..9f040dfb03 100644
+--- a/src/providers/ad/ad_gpo_ndr.c
++++ b/src/providers/ad/ad_gpo_ndr.c
+@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr,
+         ndr->offset += pad;
+     }
+     if (ndr_flags & NDR_BUFFERS) {
++        NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
+         NDR_CHECK(ndr_pull_security_ace_object_ctr
+                   (ndr, NDR_BUFFERS, &r->object));
+     }
+diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c
+index 0589adcc3d..97dbe01794 100644
+--- a/src/tests/cmocka/test_ad_gpo.c
++++ b/src/tests/cmocka/test_ad_gpo.c
+@@ -329,6 +329,60 @@ void test_ad_gpo_ace_includes_client_sid_false(void **state)
+                                         ace_dom_sid, false);
+ }
+
++uint8_t test_sid_data[] = {
++0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
++0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
++0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
++0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
++0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8,
++0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55,
++0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00,
++0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60,
++0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
++0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
++0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
++0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
++0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00,
++0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00,
++0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11,
++0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
++0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00
++};
++
++void test_ad_gpo_parse_sd(void **state)
++{
++    int ret;
++    struct security_descriptor *sd = NULL;
++
++    ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd);
++    assert_int_equal(ret, EINVAL);
++
++    ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd);
++    assert_int_equal(ret, EOK);
++    assert_non_null(sd);
++    assert_int_equal(sd->revision, 1);
++    assert_int_equal(sd->type, 39940);
++    assert_null(sd->owner_sid);
++    assert_null(sd->group_sid);
++    assert_null(sd->sacl);
++    assert_non_null(sd->dacl);
++    assert_int_equal(sd->dacl->revision, 4);
++    assert_int_equal(sd->dacl->size, 308);
++    assert_int_equal(sd->dacl->num_aces, 10);
++    assert_int_equal(sd->dacl->aces[0].type, 0);
++    assert_int_equal(sd->dacl->aces[0].flags, 0);
++    assert_int_equal(sd->dacl->aces[0].size, 36);
++    assert_int_equal(sd->dacl->aces[0].access_mask, 917693);
++    /* There are more components and ACEs in the security_descriptor struct
++     * which are not checked here. */
++
++    talloc_free(sd);
++}
++
+ int main(int argc, const char *argv[])
+ {
+     poptContext pc;
+@@ -364,6 +418,9 @@ int main(int argc, const char *argv[])
+         cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_client_sid_false,
+                                         ad_gpo_test_setup,
+                                         ad_gpo_test_teardown),
++        cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd,
++                                        ad_gpo_test_setup,
++                                        ad_gpo_test_teardown),
+     };
+
+     /* Set debug level to invalid value so we can decide if -d 0 was used. */
diff --git a/gnu/packages/sssd.scm b/gnu/packages/sssd.scm
index 9d254d4b3c..3d8c69e722 100644
--- a/gnu/packages/sssd.scm
+++ b/gnu/packages/sssd.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2021 Timotej Lazar <timotej.lazar@araneo.si>
-;;; Copyright © 2021 Remco van 't Veer <remco@remworks.net>
+;;; Copyright © 2021, 2022 Remco van 't Veer <remco@remworks.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -152,7 +152,8 @@ (define-public sssd
                 "1h6hwibaf3xa2w6qpzjiiywmfj6zkgbz4r2isf3gd0xm6vq7n6if"))
               (patches (search-patches "sssd-fix-samba.patch"
                                        "sssd-system-directories.patch"
-                                       "sssd-collision-with-external-nss-symbol.patch"))))
+                                       "sssd-collision-with-external-nss-symbol.patch"
+                                       "sssd-fix-samba-4.15.3.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags
@@ -196,7 +197,19 @@ (define-public sssd
            (lambda _
              (substitute* "src/tests/responder_socket_access-tests.c"
                (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") ""))
-             #t)))))
+             #t))
+         (add-after 'unpack 'add-config-in
+           (lambda _
+             (let ((config.h (open-file "config.h.in" "a")))
+               (display (string-append "
+/* Missing in commits on original repo, dunno why but won't work without. */
+#define SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH 1
+")
+                        config.h)
+               (close config.h))))
+         (add-before 'configure 'autoconf
+           (lambda _
+             (invoke "autoconf"))))))
     (inputs
      (list augeas
            `(,isc-bind "utils")
@@ -225,7 +238,8 @@ (define-public sssd
            tdb
            tevent))
     (native-inputs
-     (list check-0.14
+     (list autoconf-2.69
+           check-0.14
            docbook-xsl
            docbook-xml
            libxml2 ; for xmllint
-- 
2.34.0





^ permalink raw reply related	[flat|nested] 6+ messages in thread

* bug#53422: Acknowledgement ([PATCH 0/1] Fix sssd build)
       [not found] ` <handler.53422.B.16427981156468.ack@debbugs.gnu.org>
@ 2022-01-21 21:06   ` Remco van 't Veer
  0 siblings, 0 replies; 6+ messages in thread
From: Remco van 't Veer @ 2022-01-21 21:06 UTC (permalink / raw)
  To: 53422-done

Oeps, bug tracker doesn't like cover letters.  Closing issue.




^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#53421] Acknowledgement ([PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3)
       [not found]   ` <handler.53421.B.16427981146461.ack@debbugs.gnu.org>
@ 2022-01-21 21:43     ` Remco van 't Veer
  2022-01-21 21:58       ` Tobias Geerinckx-Rice via Guix-patches via
  0 siblings, 1 reply; 6+ messages in thread
From: Remco van 't Veer @ 2022-01-21 21:43 UTC (permalink / raw)
  To: 53421

Oeps, #define in config.h.in should be an #undef.  Will make a v2 and cc
this issue (not sure what the proper way is).




^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#53421] Acknowledgement ([PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3)
  2022-01-21 21:43     ` [bug#53421] Acknowledgement ([PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3) Remco van 't Veer
@ 2022-01-21 21:58       ` Tobias Geerinckx-Rice via Guix-patches via
  0 siblings, 0 replies; 6+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2022-01-21 21:58 UTC (permalink / raw)
  To: Remco van 't Veer; +Cc: 53421

[-- Attachment #1: Type: text/plain, Size: 676 bytes --]

Hullo Remco,

Remco van 't Veer 写道:
> Oeps, #define in config.h.in should be an #undef.  Will make a 
> v2 and cc
> this issue (not sure what the proper way is).

You have to perform the Ritual Debbugs Dance as documented in the 
manual[0].

The bug tracker is very simple and easily confused:

  https://issues.guix.gnu.org/53421
  https://issues.guix.gnu.org/53422
  https://issues.guix.gnu.org/53428

I've merged them all so further action is needed, but please send 
further revisions of this patch to 53428@debbugs.gnu.org.

Thanks!

T G-R

[0]: 
https://guix.gnu.org/en/manual/devel/en/html_node/Submitting-Patches.html#Submitting-Patches

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* bug#53421: [PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3
  2022-01-21 20:47 ` [bug#53421] [PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3 Remco van 't Veer
       [not found]   ` <handler.53421.B.16427981146461.ack@debbugs.gnu.org>
@ 2022-01-22  8:30   ` Oleg Pykhalov
  1 sibling, 0 replies; 6+ messages in thread
From: Oleg Pykhalov @ 2022-01-22  8:30 UTC (permalink / raw)
  To: Remco van 't Veer; +Cc: 53421-done

[-- Attachment #1: Type: text/plain, Size: 582 bytes --]

Hi,

Thank you for the fix!

Remco van 't Veer <remco@remworks.net> writes:

> * gnu/packages/patches/sssd-fix-samba-4.15.3.patch: Commits from sssd repo
> * gnu/packages/sssd.scm: Add patch and autoconf
> ---
>  gnu/local.mk                                  |   2 +
>  .../patches/sssd-fix-samba-4.15.3.patch       | 523 ++++++++++++++++++
>  gnu/packages/sssd.scm                         |  22 +-
>  3 files changed, 543 insertions(+), 4 deletions(-)
>  create mode 100644 gnu/packages/patches/sssd-fix-samba-4.15.3.patch

Modified commit message and pushed to the master.

Oleg.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 861 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-01-22  8:32 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-21 20:47 [bug#53422] [PATCH 0/1] Fix sssd build Remco van 't Veer
2022-01-21 20:47 ` [bug#53421] [PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3 Remco van 't Veer
     [not found]   ` <handler.53421.B.16427981146461.ack@debbugs.gnu.org>
2022-01-21 21:43     ` [bug#53421] Acknowledgement ([PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3) Remco van 't Veer
2022-01-21 21:58       ` Tobias Geerinckx-Rice via Guix-patches via
2022-01-22  8:30   ` bug#53421: [PATCH 1/1] gnu: sssd: Fix build with samba-4.15.3 Oleg Pykhalov
     [not found] ` <handler.53422.B.16427981156468.ack@debbugs.gnu.org>
2022-01-21 21:06   ` bug#53422: Acknowledgement ([PATCH 0/1] Fix sssd build) Remco van 't Veer

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.