mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity

sssd: 2.7.4 -> 2.9.1

Browse Source 
Update sssd from 2.7.4 to 2.9.1.

* backport patch to fix interpreter of script sss_analyze
* add runtime dependency python3-systemd when systemd is enabled
* update FILES

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Kai Kang
2023-07-28 14:30:08 +08:00
committed by Armin Kuster
parent 21bb5627e0
commit 782251aa8f
2 changed files with 323 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

318
dynamic-layers/networking-layer/recipes-security/sssd/files/0001-sssctl-add-error-analyzer.patch Normal file
View File

@@ -0,0 +1,318 @@
Backport patch to fix interpreter of sss_analyze.
Upstream-Status: Backport [https://github.com/SSSD/sssd/commit/ed3726c]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
From ed3726c37fe07aab788404bfa2f9003db15f4210 Mon Sep 17 00:00:00 2001
From: roy214 <abroy@redhat.com>
Date: Tue, 25 Apr 2023 20:01:24 +0530
Subject: [PATCH] sssctl: add error analyzer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Also removing unused variable and import.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
---
src/tools/analyzer/Makefile.am | 2 +
src/tools/analyzer/modules/error.py | 61 +++++++++++++++++++++++++++
src/tools/analyzer/modules/request.py | 54 +++++-------------------
src/tools/analyzer/sss_analyze | 2 +-
src/tools/analyzer/sss_analyze.py | 3 ++
src/tools/analyzer/util.py | 44 +++++++++++++++++++
6 files changed, 121 insertions(+), 45 deletions(-)
create mode 100644 src/tools/analyzer/modules/error.py
create mode 100644 src/tools/analyzer/util.py
diff --git a/src/tools/analyzer/Makefile.am b/src/tools/analyzer/Makefile.am
index b40043d043..7692af8528 100644
--- a/src/tools/analyzer/Makefile.am
+++ b/src/tools/analyzer/Makefile.am
@@ -13,10 +13,12 @@ dist_pkgpython_DATA = \
source_reader.py \
parser.py \
sss_analyze.py \
+ util.py \
$(NULL)
modulesdir = $(pkgpythondir)/modules
dist_modules_DATA = \
modules/__init__.py \
modules/request.py \
+ modules/error.py \
$(NULL)
diff --git a/src/tools/analyzer/modules/error.py b/src/tools/analyzer/modules/error.py
new file mode 100644
index 0000000000..71173670c5
--- /dev/null
+++ b/src/tools/analyzer/modules/error.py
@@ -0,0 +1,61 @@
+from sssd import util
+from sssd.parser import SubparsersAction
+from sssd import sss_analyze
+
+class ErrorAnalyzer:
+ """
+ An error analyzer module, list if there is any error reported by sssd_be
+ """
+ module_parser = None
+ print_opts = []
+
+ def print_module_help(self, args):
+ """
+ Print the module parser help output
+
+ Args:
+ args (Namespace): argparse parsed arguments
+ """
+ self.module_parser.print_help()
+
+ def setup_args(self, parser_grp, cli):
+ """
+ Setup module parser, subcommands, and options
+
+ Args:
+ parser_grp (argparse.Action): Parser group to nest
+ module and subcommands under
+ """
+ desc = "Analyze error check module"
+ self.module_parser = parser_grp.add_parser('error',
+ description=desc,
+ help='Error checker')
+
+ subparser = self.module_parser.add_subparsers(title=None,
+ dest='subparser',
+ action=SubparsersAction,
+ metavar='COMMANDS')
+
+ subcmd_grp = subparser.add_parser_group('Operation Modes')
+ cli.add_subcommand(subcmd_grp, 'list', 'Print error messages found in backend',
+ self.print_error, self.print_opts)
+
+ self.module_parser.set_defaults(func=self.print_module_help)
+
+ return self.module_parser
+
+ def print_error(self, args):
+ err = 0
+ utl = util.Utils()
+ source = utl.load(args)
+ component = source.Component.BE
+ source.set_component(component, False)
+ patterns = ['sdap_async_sys_connect request failed', 'terminated by own WATCHDOG',
+ 'ldap_sasl_interactive_bind_s failed', 'Communication with KDC timed out', 'SSSD is offline', 'Backend is offline',
+ 'tsig verify failure', 'ldap_install_tls failed', 's2n exop request failed']
+ for line in utl.matched_line(source, patterns):
+ err +=1
+ print(line)
+ if err > 0:
+ print("For possible solutions please refer to https://sssd.io/troubleshooting/errors.html")
+ return
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index d661dddb84..e4d5f060c7 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -1,6 +1,6 @@
import re
import logging
-
+from sssd import util
from sssd.parser import SubparsersAction
from sssd.parser import Option
@@ -38,7 +38,6 @@ def print_module_help(self, args):
def setup_args(self, parser_grp, cli):
"""
Setup module parser, subcommands, and options
-
Args:
parser_grp (argparse.Action): Parser group to nest
module and subcommands under
@@ -63,42 +62,6 @@ def setup_args(self, parser_grp, cli):
return self.module_parser
- def load(self, args):
- """
- Load the appropriate source reader.
-
- Args:
- args (Namespace): argparse parsed arguments
-
- Returns:
- Instantiated source object
- """
- if args.source == "journald":
- from sssd.source_journald import Journald
- source = Journald()
- else:
- from sssd.source_files import Files
- source = Files(args.logdir)
- return source
-
- def matched_line(self, source, patterns):
- """
- Yield lines which match any number of patterns (OR) in
- provided patterns list.
-
- Args:
- source (Reader): source Reader object
- Yields:
- lines matching the provided pattern(s)
- """
- for line in source:
- for pattern in patterns:
- re_obj = re.compile(pattern)
- if re_obj.search(line):
- if line.startswith(' * '):
- continue
- yield line
-
def get_linked_ids(self, source, pattern, regex):
"""
Retrieve list of associated REQ_TRACE ids. Filter
@@ -114,8 +77,9 @@ def get_linked_ids(self, source, pattern, regex):
Returns:
List of linked ids discovered
"""
+ utl = util.Utils()
linked_ids = []
- for match in self.matched_line(source, pattern):
+ for match in utl.matched_line(source, pattern):
id_re = re.compile(regex)
match = id_re.search(match)
if match:
@@ -250,7 +214,8 @@ def list_requests(self, args):
Args:
args (Namespace): populated argparse namespace
"""
- source = self.load(args)
+ utl = util.Utils()
+ source = utl.load(args)
component = source.Component.NSS
resp = "nss"
# Log messages matching the following regex patterns contain
@@ -266,7 +231,7 @@ def list_requests(self, args):
if args.verbose:
self.print_formatted_verbose(source)
else:
- for line in self.matched_line(source, patterns):
+ for line in utl.matched_line(source, patterns):
if type(source).__name__ == 'Journald':
print(line)
else:
@@ -279,7 +244,8 @@ def track_request(self, args):
Args:
args (Namespace): populated argparse namespace
"""
- source = self.load(args)
+ utl = util.Utils()
+ source = utl.load(args)
cid = args.cid
resp_results = False
be_results = False
@@ -294,7 +260,7 @@ def track_request(self, args):
logger.info(f"******** Checking {resp} responder for Client ID"
f" {cid} *******")
source.set_component(component, args.child)
- for match in self.matched_line(source, pattern):
+ for match in utl.matched_line(source, pattern):
resp_results = self.consume_line(match, source, args.merge)
logger.info(f"********* Checking Backend for Client ID {cid} ********")
@@ -307,7 +273,7 @@ def track_request(self, args):
pattern.clear()
[pattern.append(f'\\{id}') for id in be_ids]
- for match in self.matched_line(source, pattern):
+ for match in utl.matched_line(source, pattern):
be_results = self.consume_line(match, source, args.merge)
if args.merge:
diff --git a/src/tools/analyzer/sss_analyze b/src/tools/analyzer/sss_analyze
index 3f1beaf38b..6d4b5b30c6 100755
--- a/src/tools/analyzer/sss_analyze
+++ b/src/tools/analyzer/sss_analyze
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
from sssd import sss_analyze
diff --git a/src/tools/analyzer/sss_analyze.py b/src/tools/analyzer/sss_analyze.py
index 18b998f380..dafc84fc03 100644
--- a/src/tools/analyzer/sss_analyze.py
+++ b/src/tools/analyzer/sss_analyze.py
@@ -1,6 +1,7 @@
import argparse
from sssd.modules import request
+from sssd.modules import error
from sssd.parser import SubparsersAction
@@ -55,9 +56,11 @@ def load_modules(self, parser, parser_grp):
"""
# Currently only the 'request' module exists
req = request.RequestAnalyzer()
+ err = error.ErrorAnalyzer()
cli = Analyzer()
req.setup_args(parser_grp, cli)
+ err.setup_args(parser_grp, cli)
def setup_args(self):
"""
diff --git a/src/tools/analyzer/util.py b/src/tools/analyzer/util.py
new file mode 100644
index 0000000000..2a8d153a71
--- /dev/null
+++ b/src/tools/analyzer/util.py
@@ -0,0 +1,44 @@
+import re
+import logging
+
+from sssd.source_files import Files
+from sssd.source_journald import Journald
+
+logger = logging.getLogger()
+
+
+class Utils:
+
+ def load(self, args):
+ """
+ Load the appropriate source reader.
+
+ Args:
+ args (Namespace): argparse parsed arguments
+
+ Returns:
+ Instantiated source object
+ """
+ if args.source == "journald":
+ source = Journald()
+ else:
+ source = Files(args.logdir)
+ return source
+
+ def matched_line(self, source, patterns):
+ """
+ Yield lines which match any number of patterns (OR) in
+ provided patterns list.
+
+ Args:
+ source (Reader): source Reader object
+ Yields:
+ lines matching the provided pattern(s)
+ """
+ for line in source:
+ for pattern in patterns:
+ re_obj = re.compile(pattern)
+ if re_obj.search(line):
+ if line.startswith(' * '):
+ continue
+ yield line

8
dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.4.bb → dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.1.bb
View File

@@ -16,7 +16,7 @@ DEPENDS:append:libc-musl = " musl-nscd"
DEPENDS += "${@bb.utils.contains('PACKAGECONFIG', 'nss', '', \
bb.utils.contains('PACKAGECONFIG', 'crypto', '', 'nss', d), d)}"
SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/sssd-${PV}.tar.gz \
SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/${BP}.tar.gz \
file://sssd.conf \
file://volatiles.99_sssd \
file://no_gen.patch \
@@ -24,9 +24,10 @@ SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/sssd-${PV}.tar.g
file://drop_ntpdate_chk.patch \
file://fix-ldblibdir.patch \
file://musl_fixup.patch \
file://0001-sssctl-add-error-analyzer.patch \
"
SRC_URI[sha256sum] = "10ef90c63fdbfda905145077679035bd5ad16b24daad13160de8d0ff82ea9950"
SRC_URI[sha256sum] = "97703d38159994a869aad1c852de4582c76f189cf044f51e15ba26e1e4b75298"
UPSTREAM_CHECK_URI = "https://github.com/SSSD/${BPN}/releases"
@@ -58,7 +59,7 @@ PACKAGECONFIG[samba] = "--with-samba, --with-samba=no, samba"
PACKAGECONFIG[selinux] = "--with-selinux, --with-selinux=no --with-semanage=no, libselinux"
PACKAGECONFIG[ssh] = "--with-ssh, --with-ssh=no, "
PACKAGECONFIG[sudo] = "--with-sudo, --with-sudo=no, "
PACKAGECONFIG[systemd] = "--with-initscript=systemd,--with-initscript=sysv"
PACKAGECONFIG[systemd] = "--with-initscript=systemd,--with-initscript=sysv,,python3-systemd"
EXTRA_OECONF += " \
--disable-cifs-idmap-plugin \
@@ -146,6 +147,7 @@ ALLOW_EMPTY:libsss-sudo = "1"
FILES:${PN} += "${base_libdir}/security/pam_sss*.so \
${nonarch_libdir}/tmpfiles.d \
${datadir}/dbus-1/system.d/*.conf \
${datadir}/dbus-1/system-services/*.service \
${libdir}/krb5/* \
${libdir}/ldb/* \