rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix bz 1389866

Browse Source 
Support DAL version 5 and version 6 in KDB driver

https://bugzilla.redhat.com/show_bug.cgi?id=1389866
This commit is contained in:
Petr Vobornik 2016-11-29 10:22:34 +01:00
parent 064dc19e83
commit 26b01c4688
2 changed files with 135 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
0002-Support-DAL-version-5-and-version-6.patch Normal file
View File

@ -0,0 +1,130 @@
From 2775042787be4ea236c0b99dd75337414e24b89d Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 1 Nov 2016 15:13:14 -0400
Subject: [PATCH] Support DAL version 5 and version 6
https://fedorahosted.org/freeipa/ticket/6466
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
---
daemons/ipa-kdb/ipa_kdb.c | 102 ++++++++++++++++++++++++++++------------------
1 file changed, 63 insertions(+), 39 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index fbcb03b..e96353f 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -625,45 +625,69 @@ static void ipadb_free(krb5_context context, void *ptr)
/* KDB Virtual Table */
+#if KRB5_KDB_DAL_MAJOR_VERSION == 5
kdb_vftabl kdb_function_table = {
- KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */
- 0, /* minor version number */
- ipadb_init_library, /* init_library */
- ipadb_fini_library, /* fini_library */
- ipadb_init_module, /* init_module */
- ipadb_fini_module, /* fini_module */
- ipadb_create, /* create */
- NULL, /* destroy */
- ipadb_get_age, /* get_age */
- NULL, /* lock */
- NULL, /* unlock */
- ipadb_get_principal, /* get_principal */
- ipadb_free_principal, /* free_principal */
- ipadb_put_principal, /* put_principal */
- ipadb_delete_principal, /* delete_principal */
- ipadb_iterate, /* iterate */
- ipadb_create_pwd_policy, /* create_policy */
- ipadb_get_pwd_policy, /* get_policy */
- ipadb_put_pwd_policy, /* put_policy */
- ipadb_iterate_pwd_policy, /* iter_policy */
- ipadb_delete_pwd_policy, /* delete_policy */
- ipadb_free_pwd_policy, /* free_policy */
- ipadb_alloc, /* alloc */
- ipadb_free, /* free */
- ipadb_fetch_master_key, /* fetch_master_key */
- NULL, /* fetch_master_key_list */
- ipadb_store_master_key_list, /* store_master_key_list */
- NULL, /* dbe_search_enctype */
- ipadb_change_pwd, /* change_pwd */
- NULL, /* promote_db */
- NULL, /* decrypt_key_data */
- NULL, /* encrypt_key_data */
- ipadb_sign_authdata, /* sign_authdata */
- ipadb_check_transited_realms, /* check_transited_realms */
- ipadb_check_policy_as, /* check_policy_as */
- NULL, /* check_policy_tgs */
- ipadb_audit_as_req, /* audit_as_req */
- NULL, /* refresh_config */
- ipadb_check_allowed_to_delegate /* check_allowed_to_delegate */
+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
+ .min_ver = 0,
+ .init_library = ipadb_init_library,
+ .fini_library = ipadb_fini_library,
+ .init_module = ipadb_init_module,
+ .fini_module = ipadb_fini_module,
+ .create = ipadb_create,
+ .get_age = ipadb_get_age,
+ .get_principal = ipadb_get_principal,
+ .free_principal = ipadb_free_principal,
+ .put_principal = ipadb_put_principal,
+ .delete_principal = ipadb_delete_principal,
+ .iterate = ipadb_iterate,
+ .create_policy = ipadb_create_pwd_policy,
+ .get_policy = ipadb_get_pwd_policy,
+ .put_policy = ipadb_put_pwd_policy,
+ .iter_policy = ipadb_iterate_pwd_policy,
+ .delete_policy = ipadb_delete_pwd_policy,
+ .free_policy = ipadb_free_pwd_policy,
+ .alloc = ipadb_alloc,
+ .free = ipadb_free,
+ .fetch_master_key = ipadb_fetch_master_key,
+ .store_master_key_list = ipadb_store_master_key_list,
+ .change_pwd = ipadb_change_pwd,
+ .sign_authdata = ipadb_sign_authdata,
+ .check_transited_realms = ipadb_check_transited_realms,
+ .check_policy_as = ipadb_check_policy_as,
+ .audit_as_req = ipadb_audit_as_req,
+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate
};
+#elif KRB5_KDB_DAL_MAJOR_VERSION == 6
+kdb_vftabl kdb_function_table = {
+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
+ .min_ver = 0,
+ .init_library = ipadb_init_library,
+ .fini_library = ipadb_fini_library,
+ .init_module = ipadb_init_module,
+ .fini_module = ipadb_fini_module,
+ .create = ipadb_create,
+ .get_age = ipadb_get_age,
+ .get_principal = ipadb_get_principal,
+ .put_principal = ipadb_put_principal,
+ .delete_principal = ipadb_delete_principal,
+ .iterate = ipadb_iterate,
+ .create_policy = ipadb_create_pwd_policy,
+ .get_policy = ipadb_get_pwd_policy,
+ .put_policy = ipadb_put_pwd_policy,
+ .iter_policy = ipadb_iterate_pwd_policy,
+ .delete_policy = ipadb_delete_pwd_policy,
+ .fetch_master_key = ipadb_fetch_master_key,
+ .store_master_key_list = ipadb_store_master_key_list,
+ .change_pwd = ipadb_change_pwd,
+ .sign_authdata = ipadb_sign_authdata,
+ .check_transited_realms = ipadb_check_transited_realms,
+ .check_policy_as = ipadb_check_policy_as,
+ .audit_as_req = ipadb_audit_as_req,
+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate
+};
+
+#else
+#error unsupported DAL major version
+#endif
+
--
2.7.4

6
freeipa.spec
View File

@ -38,7 +38,7 @@
Name: freeipa
Version: %{VERSION}
Release: 2%{?dist}
Release: 3%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@ -48,6 +48,7 @@ Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
Patch0002: 0002-Support-DAL-version-5-and-version-6.patch
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.3.5.6
@ -1475,6 +1476,9 @@ fi
%endif # ONLY_CLIENT
%changelog
* Tue Nov 29 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.2-3
- Fixes 1389866 krb5-server: ipadb_change_pwd(): kdb5_util killed by SIGSEGV
* Fri Oct 21 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.2-2
- Rebuild against krb5-1.15