(address . guix-patches@gnu.org)
20220121214447.30625-1-remco@remworks.net
* gnu/packages/patches/sssd-fix-samba-4.15.3.patch: Commits from sssd repo
* gnu/packages/sssd.scm: Add patch and autoconf
---
Fixed in this v2: add #undef instead of #define to config.h.in
gnu/local.mk | 2 +
.../patches/sssd-fix-samba-4.15.3.patch | 523 ++++++++++++++++++
gnu/packages/sssd.scm | 22 +-
3 files changed, 543 insertions(+), 4 deletions(-)
create mode 100644 gnu/packages/patches/sssd-fix-samba-4.15.3.patch
Toggle diff (436 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 26da4fc0a7..b91c673c40 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -48,6 +48,7 @@
# Copyright © 2021 Andrew Tropin <andrew@trop.in>
# Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
# Copyright © 2022 Daniel Meißner <daniel.meissner-i4k@ruhr-uni-bochum.de>
+# Copyright © 2022 Remco van 't Veer <remco@remworks.net>
#
# This file is part of GNU Guix.
#
@@ -1607,6 +1608,7 @@ dist_patch_DATA = \
%D%/packages/patches/smalltalk-multiplication-overflow.patch \
%D%/packages/patches/sqlite-hurd.patch \
%D%/packages/patches/sssd-collision-with-external-nss-symbol.patch \
+ %D%/packages/patches/sssd-fix-samba-4.15.3.patch \
%D%/packages/patches/strace-readlink-tests.patch \
%D%/packages/patches/sunxi-tools-remove-sys-io.patch \
%D%/packages/patches/p11-kit-hurd.patch \
diff --git a/gnu/packages/patches/sssd-fix-samba-4.15.3.patch b/gnu/packages/patches/sssd-fix-samba-4.15.3.patch
new file mode 100644
index 0000000000..731daa0ed9
--- /dev/null
+++ b/gnu/packages/patches/sssd-fix-samba-4.15.3.patch
@@ -0,0 +1,523 @@
+From 3ba88c317fd64b69b000adbdf881c88383f325d1 Mon Sep 17 00:00:00 2001
+From: Noel Power <noel.power@suse.com>
+Date: Tue, 24 Mar 2020 13:37:07 +0000
+Subject: [PATCH] Use ndr_pull_steal_switch_value for modern samba versions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+commit bc56b10aea999284458dcc293b54cf65288e325d attempted to
+fix the build error resulting from removal of 'ndr_pull_get_switch'
+
+This change uses the new replacement method
+'ndr_pull_steal_switch_value' however depending on the samba version
+the ndr_pull_steal_switch_value abi is different.
+
+Note: ndr_pull_steal_switch_value is used since samba 4.10 for
+ the affected methods
+
+Note: the following methods have been refreshed from samba-4.12 generated
+ code;
+
+ o ndr_pull_security_ace_object_type
+ o ndr_pull_security_ace_object_inherited_type
+ o ndr_pull_security_ace_object_ctr
+
+Signed-off-by: Noel Power <noel.power@suse.com>
+
+Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
+(cherry picked from commit 1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc)
+
+Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
+---
+ src/external/samba.m4 | 9 ++++++-
+ src/providers/ad/ad_gpo_ndr.c | 45 ++++++++++++++++++++---------------
+ 2 files changed, 34 insertions(+), 20 deletions(-)
+
+diff --git a/src/external/samba.m4 b/src/external/samba.m4
+index 089f602a60..8e06174ead 100644
+--- a/src/external/samba.m4
++++ b/src/external/samba.m4
+@@ -132,8 +132,15 @@ int main(void)
+ AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1,
+ [Samba's struct idmap_domain has dom_sid member])
+ AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member])
++ if test $samba_minor_version -ge 12 ; then
++ AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
++ [Samba's new push/pull switch functions])
++ AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
++ else
++ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
++ fi
+ else
+ AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member])
++ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
+ fi
+-
+ fi
+
+ SAVE_CFLAGS=$CFLAGS
+diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
+index 49c49d71b2..3d389e513d 100644
+--- a/src/providers/ad/ad_gpo_ndr.c
++++ b/src/providers/ad/ad_gpo_ndr.c
+@@ -105,9 +105,14 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
+ union security_ace_object_type *r)
+ {
+ uint32_t level;
+- level = ndr_token_peek(&ndr->switch_list, r);
+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+ if (ndr_flags & NDR_SCALARS) {
++ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
++ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
++#else
++ level = ndr_pull_steal_switch_value(ndr, r);
++#endif
+ NDR_CHECK(ndr_pull_union_align(ndr, 4));
+ switch (level) {
+ case SEC_ACE_OBJECT_TYPE_PRESENT: {
+@@ -117,14 +122,6 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
+ break; }
+ }
+ }
+- if (ndr_flags & NDR_BUFFERS) {
+- switch (level) {
+- case SEC_ACE_OBJECT_TYPE_PRESENT:
+- break;
+- default:
+- break;
+- }
+- }
+ return NDR_ERR_SUCCESS;
+ }
+
+@@ -135,9 +132,14 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
+ union security_ace_object_inherited_type *r)
+ {
+ uint32_t level;
+- level = ndr_token_peek(&ndr->switch_list, r);
+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+ if (ndr_flags & NDR_SCALARS) {
++ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
++ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
++#else
++ level = ndr_pull_steal_switch_value(ndr, r);
++#endif
+ NDR_CHECK(ndr_pull_union_align(ndr, 4));
+ switch (level) {
+ case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
+@@ -149,14 +151,6 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
+ break; }
+ }
+ }
+- if (ndr_flags & NDR_BUFFERS) {
+- switch (level) {
+- case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
+- break;
+- default:
+- break;
+- }
+- }
+ return NDR_ERR_SUCCESS;
+ }
+
+@@ -198,9 +192,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
+ union security_ace_object_ctr *r)
+ {
+ uint32_t level;
+- level = ndr_token_peek(&ndr->switch_list, r);
+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+ if (ndr_flags & NDR_SCALARS) {
++ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
++ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
++#else
++ level = ndr_pull_steal_switch_value(ndr, r);
++#endif
+ NDR_CHECK(ndr_pull_union_align(ndr, 4));
+ switch (level) {
+ case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
+@@ -224,6 +223,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
+ }
+ }
+ if (ndr_flags & NDR_BUFFERS) {
++ if (!(ndr_flags & NDR_SCALARS)) {
++ /* We didn't get it above, and the token is not needed after this. */
++#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
++ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
++#else
++ level = ndr_pull_steal_switch_value(ndr, r);
++#endif
++ }
+ switch (level) {
+ case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+ NDR_CHECK(ndr_pull_security_ace_object
+From 5285a1896ee19bb8f1ff752380547bc6d7a43334 Mon Sep 17 00:00:00 2001
+From: Noel Power <noel.power@suse.com>
+Date: Tue, 24 Mar 2020 18:14:34 +0000
+Subject: [PATCH] ad_gpo_ndr.c: refresh ndr_ methods from samba-4.12
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Noel Power <noel.power@suse.com>
+
+Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
+(cherry picked from commit c031adde4f532f39845a0efd78693600f1f8b2f4)
+
+Reviewed-by: Pavel B?ezina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_gpo_ndr.c | 201 ++++++++++++++++++----------------
+ 1 file changed, 106 insertions(+), 95 deletions(-)
+
+diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
+index 3d389e513d..a64b1a0f84 100644
+--- a/src/providers/ad/ad_gpo_ndr.c
++++ b/src/providers/ad/ad_gpo_ndr.c
+@@ -177,8 +177,16 @@ ndr_pull_security_ace_object(struct ndr_pull *ndr,
+ NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
++ NDR_CHECK(ndr_pull_set_switch_value
++ (ndr,
++ &r->type,
++ r->flags & SEC_ACE_OBJECT_TYPE_PRESENT));
+ NDR_CHECK(ndr_pull_security_ace_object_type
+ (ndr, NDR_BUFFERS, &r->type));
++ NDR_CHECK(ndr_pull_set_switch_value
++ (ndr,
++ &r->inherited_type,
++ r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
+ NDR_CHECK(ndr_pull_security_ace_object_inherited_type
+ (ndr, NDR_BUFFERS, &r->inherited_type));
+ }
+@@ -342,7 +350,7 @@ ndr_pull_security_acl(struct ndr_pull *ndr,
+ (ndr, NDR_SCALARS, &r->revision));
+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
+- if (r->num_aces > 1000) {
++ if (r->num_aces > 2000) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
+ size_aces_0 = r->num_aces;
+@@ -408,107 +416,110 @@ ad_gpo_ndr_pull_security_descriptor(struct ndr_pull *ndr,
+ TALLOC_CTX *_mem_save_sacl_0;
+ uint32_t _ptr_dacl;
+ TALLOC_CTX *_mem_save_dacl_0;
+- uint32_t _flags_save_STRUCT = ndr->flags;
+- uint32_t _relative_save_offset;
+-
+- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
+- NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+- if (ndr_flags & NDR_SCALARS) {
+- NDR_CHECK(ndr_pull_align(ndr, 5));
+- NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
++ {
++ uint32_t _flags_save_STRUCT = ndr->flags;
++ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
++ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
++ if (ndr_flags & NDR_SCALARS) {
++ NDR_CHECK(ndr_pull_align(ndr, 5));
++ NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
++ NDR_SCALARS,
++ &r->revision));
++ NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
+ NDR_SCALARS,
+- &r->revision));
+- NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
+- NDR_SCALARS,
+- &r->type));
+- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
+- if (_ptr_owner_sid) {
+- NDR_PULL_ALLOC(ndr, r->owner_sid);
+- NDR_CHECK(ndr_pull_relative_ptr1(ndr,
+- r->owner_sid,
+- _ptr_owner_sid));
+- } else {
+- r->owner_sid = NULL;
+- }
+- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
+- if (_ptr_group_sid) {
+- NDR_PULL_ALLOC(ndr, r->group_sid);
+- NDR_CHECK(ndr_pull_relative_ptr1(ndr,
+- r->group_sid,
+- _ptr_group_sid));
+- } else {
+- r->group_sid = NULL;
+- }
+- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
+- if (_ptr_sacl) {
+- NDR_PULL_ALLOC(ndr, r->sacl);
+- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
+- } else {
+- r->sacl = NULL;
+- }
+- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
+- if (_ptr_dacl) {
+- NDR_PULL_ALLOC(ndr, r->dacl);
+- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
+- } else {
+- r->dacl = NULL;
+- }
+- NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
+- }
+- if (ndr_flags & NDR_BUFFERS) {
+- if (r->owner_sid) {
+- _relative_save_offset = ndr->offset;
+- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
+- _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+- NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
+- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
+- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
+- if (ndr->offset > ndr->relative_highest_offset) {
+- ndr->relative_highest_offset = ndr->offset;
++ &r->type));
++ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
++ if (_ptr_owner_sid) {
++ NDR_PULL_ALLOC(ndr, r->owner_sid);
++ NDR_CHECK(ndr_pull_relative_ptr1(ndr,
++ r->owner_sid,
++ _ptr_owner_sid));
++ } else {
++ r->owner_sid = NULL;
+ }
+- ndr->offset = _relative_save_offset;
+- }
+- if (r->group_sid) {
+- _relative_save_offset = ndr->offset;
+- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
+- _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+- NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
+- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
+- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
+- if (ndr->offset > ndr->relative_highest_offset) {
+- ndr->relative_highest_offset = ndr->offset;
++ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
++ if (_ptr_group_sid) {
++ NDR_PULL_ALLOC(ndr, r->group_sid);
++ NDR_CHECK(ndr_pull_relative_ptr1(ndr,
++ r->group_sid,
++ _ptr_group_sid));
++ } else {
++ r->group_sid = NULL;
+ }
+- ndr->offset = _relative_save_offset;
+- }
+- if (r->sacl) {
+- _relative_save_offset = ndr->offset;
+- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
+- _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+- NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
+- NDR_CHECK(ndr_pull_security_acl(ndr,
+- NDR_SCALARS|NDR_BUFFERS,
+- r->sacl));
+- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
+- if (ndr->offset > ndr->relative_highest_offset) {
+- ndr->relative_highest_offset = ndr->offset;
++ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
++ if (_ptr_sacl) {
++ NDR_PULL_ALLOC(ndr, r->sacl);
++ NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
++ } else {
++ r->sacl = NULL;
+ }
+- ndr->offset = _relative_save_offset;
++ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
++ if (_ptr_dacl) {
++ NDR_PULL_ALLOC(ndr, r->dacl);
++ NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
++ } else {
++ r->dacl = NULL;
++ }
++ NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
+ }
+- if (r->dacl) {
+- _relative_save_offset = ndr->offset;
+- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
+- _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+- NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
+- NDR_CHECK(ndr_pull_security_acl(ndr,
+- NDR_SCALARS|NDR_BUFFERS,
+- r->dacl));
+- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
+- if (ndr->offset > ndr->relative_highest_offset) {
+- ndr->relative_highest_offset = ndr->offset;
++ if (ndr_flags & NDR_BUFFERS) {
++ if (r->owner_sid) {
++ uint32_t _relative_save_offset;
++ _relative_save_offset = ndr->offset;
++ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
++ _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
++ NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
++ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
++ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
++ if (ndr->offset > ndr->relative_highest_offset) {
++ ndr->relative_highest_offset = ndr->offset;
++ }
++ ndr->offset = _relative_save_offset;
++ }
++ if (r->group_sid) {
++ uint32_t _relative_save_offset;
++ _relative_save_offset = ndr->offset;
++ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
++ _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
++ NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
++ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
++ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
++ if (ndr->offset > ndr->relative_highest_offset) {
++ ndr->relative_highest_offset = ndr->offset;
++ }
++ ndr->offset = _relative_save_offset;
++ }
++ if (r->sacl) {
++ uint32_t _relative_save_offset;
++ _relative_save_offset = ndr->offset;
++ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
++ _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
++ NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
++ NDR_CHECK(ndr_pull_security_acl(ndr,
++ NDR_SCALARS|NDR_BUFFERS,
++ r->sacl));
++ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
++ if (ndr->offset > ndr->relative_highest_offset) {
++ ndr->relative_highest_offset = ndr->offset;
++ }
++ ndr->offset = _relative_save_offset;
++ }
++ if (r->dacl) {
++ uint32_t _relative_save_offset;
++ _relative_save_offset = ndr->offset;
++ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
++ _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
++ NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
++ NDR_CHECK(ndr_pull_security_acl(ndr,
++ NDR_SCALARS|NDR_BUFFERS,
++ r->dacl));
++ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
++ if (ndr->offset > ndr->relative_highest_offset) {
++ ndr->relative_highest_offset = ndr->offset;
++ }
++ ndr->offset = _relative_save_offset;
+ }
+- ndr->offset = _relative_save_offset;
+ }
+-
+ ndr->flags = _flags_save_STRUCT;
+ }
+ return NDR_ERR_SUCCESS;
+From d5809f6f41ec0dc3fd38f9e4ae917a38bf7dfa43 Mon Sep 17 00:00:00 2
This message was truncated. Download the full message here.