Fix regression while retrieving ldap group names

Resolves: RHEL-61691
2024-10-29 05:35:21 +01:00 · 2024-10-29 05:35:21 +01:00 · 7f02a4454c
commit 7f02a4454c
parent 74ad97956b
2 changed files with 39 additions and 1 deletions
--- a/cyrus-imapd.spec
+++ b/cyrus-imapd.spec
@ -9,7 +9,7 @@

 Name: cyrus-imapd
 Version: 3.0.7
-Release: 26%{?dist}
+Release: 27%{?dist}

 %define ssl_pem_file_prefix /etc/pki/%name/%name

@ -54,6 +54,8 @@ Patch13: cyrus-squatter-assert-crash.patch
 Patch14: cyrus-imapd-load-tombstones-for-cleanup.patch
 # https://github.com/cyrusimap/cyrus-imapd/commit/ed1a17b09e2e03788852e122f213b88352bc24b9
 Patch15: cyrus-imapd-ptclient-canonification_across_multiple_domains.patch
+# https://github.com/cyrusimap/cyrus-imapd/commit/1152ce70af232fc4200bbeca18961f99e12d73df
+Patch16: patch-cyrus-ldap-group-retriaval

 Source10: cyrus-imapd.logrotate
 Source11: cyrus-imapd.pam-config
@ -691,6 +693,10 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v


 %changelog
+* Tue Oct 29 2024 Martin Osvald <mosvald@redhat.com> - 3.0.7-27
+- Fix regression while retrieving ldap group names
+- Resolves: RHEL-61691
+
 * Mon Jul 01 2024 Martin Osvald <mosvald@redhat.com> - 3.0.7-26
 - Update fmf plans and gating for c8s

--- a/32
+++ b/32
@ -0,0 +1,32 @@
+commit 1152ce70af232fc4200bbeca18961f99e12d73df
+Author: Felix Schumacher <felix.schumacher@internetallee.de>
+Date:   Wed Feb 6 19:02:11 2019 +0100
+
+    Return correct group names when groups are resolved by filter
+    
+    This fixes an regression, that was introduced with 61f5296c0d727faee4726525a6812b200d946d83.
+    Back then the logic was changed from len(vals) != 1 to two if clauses len(vals) < 1 and len(vals) > 1
+    which logged errors and an else clause (which matched the correct number of len(val) == 1) that
+    got the old error handling code.
+
+diff --git a/ptclient/ldap.c b/ptclient/ldap.c
+index 40c9adee3..457951928 100644
+--- a/ptclient/ldap.c
+++ b/ptclient/ldap.c
+@@ -1336,11 +1336,15 @@ static int ptsmodule_make_authstate_filter(
+             syslog(LOG_ERR, "No values for attribute '%s' on entry '%s'",
+                             ptsm->member_attribute,
+                             errdn);
+            *reply = "no values";
+            rc = PTSM_FAIL;
+            ldap_value_free(vals);
+            vals = NULL;
+            goto done;
+         } else if (ldap_count_values(vals) > 1) {
+             syslog(LOG_ERR, "Too many values for attribute '%s' on entry '%s'",
+                             ptsm->member_attribute,
+                             errdn);
+-        } else {
+             *reply = "too many values";
+             rc = PTSM_FAIL;
+             ldap_value_free(vals);