File 0011-sudo-use-dbus-array-for-rules-refresh.patch of Package sssd.5306
From dfef1d050c35398c6061256a947b4cc9c1f4b8e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 23 Jul 2014 14:21:34 +0200
Subject: [PATCH] sudo: use dbus array for rules refresh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
D-Bus only supports 255 signatures which caused a segmentation fault
when sudo responder tried to refresh more rules at once.
Resolves:
https://fedorahosted.org/sssd/ticket/2387
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Line numbers and debug message are slightly adjusted by Howard Guo <hguo@suse.com> to fit into this older version of SSSD.
diff -rupN sssd-1.11.5.1/src/providers/data_provider_be.c sssd-1.11.5.1-patched/src/providers/data_provider_be.c
--- sssd-1.11.5.1/src/providers/data_provider_be.c 2014-04-11 18:18:59.000000000 +0200
+++ sssd-1.11.5.1-patched/src/providers/data_provider_be.c 2016-05-02 11:46:09.597956400 +0200
@@ -1551,7 +1551,7 @@ static int be_sudo_handler(DBusMessage *
DBusError dbus_error;
DBusMessage *reply = NULL;
DBusMessageIter iter;
- dbus_bool_t iter_next = FALSE;
+ DBusMessageIter array_iter;
struct be_client *be_cli = NULL;
struct be_req *be_req = NULL;
struct be_sudo_req *sudo_req = NULL;
@@ -1655,15 +1655,19 @@ static int be_sudo_handler(DBusMessage *
goto fail;
}
+ dbus_message_iter_next(&iter);
+
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse the message!\n"));
+ ret = EIO;
+ err_msg = "Invalid D-Bus message format";
+ goto fail;
+ }
+
+ dbus_message_iter_recurse(&iter, &array_iter);
+
/* read the rules */
for (i = 0; i < rules_num; i++) {
- iter_next = dbus_message_iter_next(&iter);
- if (iter_next == FALSE) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse the message!\n"));
- ret = EIO;
- err_msg = "Invalid D-Bus message format";
- goto fail;
- }
if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse the message!\n"));
ret = EIO;
@@ -1678,6 +1682,8 @@ static int be_sudo_handler(DBusMessage *
ret = ENOMEM;
goto fail;
}
+
+ dbus_message_iter_next(&iter);
}
sudo_req->rules[rules_num] = NULL;
diff -rupN sssd-1.11.5.1/src/responder/sudo/sudosrv_dp.c sssd-1.11.5.1-patched/src/responder/sudo/sudosrv_dp.c
--- sssd-1.11.5.1/src/responder/sudo/sudosrv_dp.c 2014-04-11 18:18:59.000000000 +0200
+++ sssd-1.11.5.1-patched/src/responder/sudo/sudosrv_dp.c 2016-05-02 11:43:09.140331143 +0200
@@ -117,6 +117,7 @@ sss_dp_get_sudoers_msg(void *pvt)
{
DBusMessage *msg;
DBusMessageIter iter;
+ DBusMessageIter array_iter;
dbus_bool_t dbret;
errno_t ret;
struct sss_dp_get_sudoers_info *info;
@@ -169,6 +170,13 @@ sss_dp_get_sudoers_msg(void *pvt)
goto fail;
}
+ dbret = dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY,
+ DBUS_TYPE_STRING_AS_STRING,
+ &array_iter);
+ if (dbret == FALSE) {
+ goto fail;
+ }
+
for (i = 0; i < info->num_rules; i++) {
ret = sysdb_attrs_get_string(info->rules[i], SYSDB_NAME, &rule_name);
if (ret != EOK) {
@@ -177,12 +185,18 @@ sss_dp_get_sudoers_msg(void *pvt)
goto fail;
}
- dbret = dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING,
+ dbret = dbus_message_iter_append_basic(&array_iter,
+ DBUS_TYPE_STRING,
&rule_name);
if (dbret == FALSE) {
goto fail;
}
}
+
+ dbret = dbus_message_iter_close_container(&iter, &array_iter);
+ if (dbret == FALSE) {
+ goto fail;
+ }
}
return msg;
