Fix audit_as_req() callback usage.
Fixes: rhbz#1803786 Signed-off-by: François Cami <fcami@redhat.com>
This commit is contained in:
François Cami
parent
76138553c1
commit
485092e39c
@ -143,7 +143,7 @@
|
|||||||
|
|
||||||
Name: %{package_name}
|
Name: %{package_name}
|
||||||
Version: %{IPA_VERSION}
|
Version: %{IPA_VERSION}
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
Summary: The Identity, Policy and Audit system
|
Summary: The Identity, Policy and Audit system
|
||||||
|
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -157,6 +157,7 @@ Patch0: 4045.patch
|
|||||||
Patch1: krb5-kdb-fixes.patch
|
Patch1: krb5-kdb-fixes.patch
|
||||||
Patch2: krb5-1.18-support.patch
|
Patch2: krb5-1.18-support.patch
|
||||||
Patch3: krb5-1.18-support-constraint-delegation.patch
|
Patch3: krb5-1.18-support-constraint-delegation.patch
|
||||||
|
Patch4: krb5-pg8200.patch
|
||||||
|
|
||||||
# For the timestamp trick in patch application
|
# For the timestamp trick in patch application
|
||||||
BuildRequires: diffstat
|
BuildRequires: diffstat
|
||||||
@ -1363,6 +1364,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 17 2020 François Cami <fcami@redhat.com> - 4.8.4-7
|
||||||
|
- Fix audit_as_req() callback usage
|
||||||
|
- Resolves: #1803786
|
||||||
|
|
||||||
* Sat Feb 01 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-6
|
* Sat Feb 01 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-6
|
||||||
- Fix constraint delegation for krb5 1.18 update
|
- Fix constraint delegation for krb5 1.18 update
|
||||||
- Resolves: #1797096
|
- Resolves: #1797096
|
||||||
|
|||||||
44
krb5-pg8200.patch
Normal file
44
krb5-pg8200.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
From 30b8c8b9985a5eb41e700b80fd03f95548e45fba Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
||||||
|
Date: Feb 17 2020 15:40:16 +0000
|
||||||
|
Subject: kdb: make sure audit_as_req callback signature change is preserved
|
||||||
|
|
||||||
|
|
||||||
|
audit_as_req() callback has changed its signature with MIT krb5 commit
|
||||||
|
20991d55efbe1f987c1dbc1065f2d58c8f34031b in 2017, we should preserve the
|
||||||
|
change for any newer DAL versions. Otherwise audit_as_req() callback
|
||||||
|
would reference wrong data and we might crash.
|
||||||
|
|
||||||
|
Fixes: https://pagure.io/freeipa/issue/8200
|
||||||
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
||||||
|
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
|
||||||
|
index 7519f26..ae37a5a 100644
|
||||||
|
--- a/daemons/ipa-kdb/ipa_kdb.h
|
||||||
|
+++ b/daemons/ipa-kdb/ipa_kdb.h
|
||||||
|
@@ -345,7 +345,7 @@ krb5_error_code ipadb_check_allowed_to_delegate(krb5_context kcontext,
|
||||||
|
|
||||||
|
void ipadb_audit_as_req(krb5_context kcontext,
|
||||||
|
krb5_kdc_req *request,
|
||||||
|
-#if (KRB5_KDB_DAL_MAJOR_VERSION == 7)
|
||||||
|
+#if (KRB5_KDB_DAL_MAJOR_VERSION >= 7)
|
||||||
|
const krb5_address *local_addr,
|
||||||
|
const krb5_address *remote_addr,
|
||||||
|
#endif
|
||||||
|
diff --git a/daemons/ipa-kdb/ipa_kdb_audit_as.c b/daemons/ipa-kdb/ipa_kdb_audit_as.c
|
||||||
|
index 77748a7..a60bc82 100644
|
||||||
|
--- a/daemons/ipa-kdb/ipa_kdb_audit_as.c
|
||||||
|
+++ b/daemons/ipa-kdb/ipa_kdb_audit_as.c
|
||||||
|
@@ -25,7 +25,7 @@
|
||||||
|
|
||||||
|
void ipadb_audit_as_req(krb5_context kcontext,
|
||||||
|
krb5_kdc_req *request,
|
||||||
|
-#if (KRB5_KDB_DAL_MAJOR_VERSION == 7)
|
||||||
|
+#if (KRB5_KDB_DAL_MAJOR_VERSION >= 7)
|
||||||
|
const krb5_address *local_addr,
|
||||||
|
const krb5_address *remote_addr,
|
||||||
|
#endif
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user