diff --git a/0002-Support-DAL-version-5-and-version-6.patch b/0002-Support-DAL-version-5-and-version-6.patch new file mode 100644 index 0000000..60854e7 --- /dev/null +++ b/0002-Support-DAL-version-5-and-version-6.patch @@ -0,0 +1,130 @@ +From 2775042787be4ea236c0b99dd75337414e24b89d Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Tue, 1 Nov 2016 15:13:14 -0400 +Subject: [PATCH] Support DAL version 5 and version 6 + +https://fedorahosted.org/freeipa/ticket/6466 + +Signed-off-by: Simo Sorce +Reviewed-By: Tomas Krizek +Reviewed-By: Robbie Harwood +--- + daemons/ipa-kdb/ipa_kdb.c | 102 ++++++++++++++++++++++++++++------------------ + 1 file changed, 63 insertions(+), 39 deletions(-) + +diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c +index fbcb03b..e96353f 100644 +--- a/daemons/ipa-kdb/ipa_kdb.c ++++ b/daemons/ipa-kdb/ipa_kdb.c +@@ -625,45 +625,69 @@ static void ipadb_free(krb5_context context, void *ptr) + + /* KDB Virtual Table */ + ++#if KRB5_KDB_DAL_MAJOR_VERSION == 5 + kdb_vftabl kdb_function_table = { +- KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */ +- 0, /* minor version number */ +- ipadb_init_library, /* init_library */ +- ipadb_fini_library, /* fini_library */ +- ipadb_init_module, /* init_module */ +- ipadb_fini_module, /* fini_module */ +- ipadb_create, /* create */ +- NULL, /* destroy */ +- ipadb_get_age, /* get_age */ +- NULL, /* lock */ +- NULL, /* unlock */ +- ipadb_get_principal, /* get_principal */ +- ipadb_free_principal, /* free_principal */ +- ipadb_put_principal, /* put_principal */ +- ipadb_delete_principal, /* delete_principal */ +- ipadb_iterate, /* iterate */ +- ipadb_create_pwd_policy, /* create_policy */ +- ipadb_get_pwd_policy, /* get_policy */ +- ipadb_put_pwd_policy, /* put_policy */ +- ipadb_iterate_pwd_policy, /* iter_policy */ +- ipadb_delete_pwd_policy, /* delete_policy */ +- ipadb_free_pwd_policy, /* free_policy */ +- ipadb_alloc, /* alloc */ +- ipadb_free, /* free */ +- ipadb_fetch_master_key, /* fetch_master_key */ +- NULL, /* fetch_master_key_list */ +- ipadb_store_master_key_list, /* store_master_key_list */ +- NULL, /* dbe_search_enctype */ +- ipadb_change_pwd, /* change_pwd */ +- NULL, /* promote_db */ +- NULL, /* decrypt_key_data */ +- NULL, /* encrypt_key_data */ +- ipadb_sign_authdata, /* sign_authdata */ +- ipadb_check_transited_realms, /* check_transited_realms */ +- ipadb_check_policy_as, /* check_policy_as */ +- NULL, /* check_policy_tgs */ +- ipadb_audit_as_req, /* audit_as_req */ +- NULL, /* refresh_config */ +- ipadb_check_allowed_to_delegate /* check_allowed_to_delegate */ ++ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, ++ .min_ver = 0, ++ .init_library = ipadb_init_library, ++ .fini_library = ipadb_fini_library, ++ .init_module = ipadb_init_module, ++ .fini_module = ipadb_fini_module, ++ .create = ipadb_create, ++ .get_age = ipadb_get_age, ++ .get_principal = ipadb_get_principal, ++ .free_principal = ipadb_free_principal, ++ .put_principal = ipadb_put_principal, ++ .delete_principal = ipadb_delete_principal, ++ .iterate = ipadb_iterate, ++ .create_policy = ipadb_create_pwd_policy, ++ .get_policy = ipadb_get_pwd_policy, ++ .put_policy = ipadb_put_pwd_policy, ++ .iter_policy = ipadb_iterate_pwd_policy, ++ .delete_policy = ipadb_delete_pwd_policy, ++ .free_policy = ipadb_free_pwd_policy, ++ .alloc = ipadb_alloc, ++ .free = ipadb_free, ++ .fetch_master_key = ipadb_fetch_master_key, ++ .store_master_key_list = ipadb_store_master_key_list, ++ .change_pwd = ipadb_change_pwd, ++ .sign_authdata = ipadb_sign_authdata, ++ .check_transited_realms = ipadb_check_transited_realms, ++ .check_policy_as = ipadb_check_policy_as, ++ .audit_as_req = ipadb_audit_as_req, ++ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate + }; + ++#elif KRB5_KDB_DAL_MAJOR_VERSION == 6 ++kdb_vftabl kdb_function_table = { ++ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, ++ .min_ver = 0, ++ .init_library = ipadb_init_library, ++ .fini_library = ipadb_fini_library, ++ .init_module = ipadb_init_module, ++ .fini_module = ipadb_fini_module, ++ .create = ipadb_create, ++ .get_age = ipadb_get_age, ++ .get_principal = ipadb_get_principal, ++ .put_principal = ipadb_put_principal, ++ .delete_principal = ipadb_delete_principal, ++ .iterate = ipadb_iterate, ++ .create_policy = ipadb_create_pwd_policy, ++ .get_policy = ipadb_get_pwd_policy, ++ .put_policy = ipadb_put_pwd_policy, ++ .iter_policy = ipadb_iterate_pwd_policy, ++ .delete_policy = ipadb_delete_pwd_policy, ++ .fetch_master_key = ipadb_fetch_master_key, ++ .store_master_key_list = ipadb_store_master_key_list, ++ .change_pwd = ipadb_change_pwd, ++ .sign_authdata = ipadb_sign_authdata, ++ .check_transited_realms = ipadb_check_transited_realms, ++ .check_policy_as = ipadb_check_policy_as, ++ .audit_as_req = ipadb_audit_as_req, ++ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate ++}; ++ ++#else ++#error unsupported DAL major version ++#endif ++ +-- +2.7.4 + diff --git a/freeipa.spec b/freeipa.spec index 250d47e..3030de8 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -38,7 +38,7 @@ Name: freeipa Version: %{VERSION} -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Identity, Policy and Audit system Group: System Environment/Base @@ -48,6 +48,7 @@ Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch +Patch0002: 0002-Support-DAL-version-5-and-version-6.patch %if ! %{ONLY_CLIENT} BuildRequires: 389-ds-base-devel >= 1.3.5.6 @@ -1475,6 +1476,9 @@ fi %endif # ONLY_CLIENT %changelog +* Tue Nov 29 2016 Petr Vobornik - 4.4.2-3 +- Fixes 1389866 krb5-server: ipadb_change_pwd(): kdb5_util killed by SIGSEGV + * Fri Oct 21 2016 Petr Vobornik - 4.4.2-2 - Rebuild against krb5-1.15