ipa-4.11.0-4

- Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid() Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2023-12-01 17:12:39 +01:00 · 2023-12-01 17:12:39 +01:00 · 6a71086391
commit 6a71086391
parent 1c59d31bde
3 changed files with 85 additions and 1 deletions
--- a/0012-group-add-member-fails-with-an-external-member.patch
+++ b/0012-group-add-member-fails-with-an-external-member.patch
@ -0,0 +1,38 @@
+From bc69177ef80d1873026ad91a6e449b9cf20028b9 Mon Sep 17 00:00:00 2001
+From: Florence Blanc-Renaud <flo@redhat.com>
+Date: Thu, 19 Oct 2023 12:47:03 +0200
+Subject: [PATCH] group-add-member fails with an external member
+
+The command ipa group-add-member --external aduser@addomain.test
+fails with an internal error when used with samba 4.19.
+
+The command internally calls samba.security.dom_sid(sid) which
+used to raise a TypeError but now raises a ValueError
+(commit 9abdd67 on https://github.com/samba-team/samba).
+
+IPA source code needs to handle properly both exception types.
+
+Fixes: https://pagure.io/freeipa/issue/9466
+
+Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ ipaserver/dcerpc.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
+index 741f0608f93449f5a3959a47734f965ab484a1e5..7e585c87639db093222fe2cebca5c9094a22d7ce 100644
+--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
+@@ -303,7 +303,7 @@ class DomainValidator:
+         # Parse sid string to see if it is really in a SID format
+         try:
+             test_sid = security.dom_sid(sid)
+-        except TypeError:
+        except (TypeError, ValueError):
+             raise errors.ValidationError(name='sid',
+                                          error=_('SID is not valid'))
+ 
+-- 
+2.43.0
+
--- a/0013-Handle-samba-changes-in-samba.security.dom_sid.patch
+++ b/0013-Handle-samba-changes-in-samba.security.dom_sid.patch
@ -0,0 +1,41 @@
+From c6623f9ce4e1bde729ed6f729da5981c9f26c728 Mon Sep 17 00:00:00 2001
+From: Florence Blanc-Renaud <flo@redhat.com>
+Date: Fri, 20 Oct 2023 10:20:57 +0200
+Subject: [PATCH] Handle samba changes in samba.security.dom_sid()
+
+samba.security.dom_sid() in 4.19 now raises ValueError instead of
+TypeError. Fix the expected exception.
+
+Related: https://pagure.io/freeipa/issue/9466
+
+Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
+Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ ipaserver/dcerpc.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
+index 7e585c87639db093222fe2cebca5c9094a22d7ce..675572c036e4ea5434d2c6808dd301b425229b38 100644
+--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
+@@ -97,7 +97,7 @@ logger = logging.getLogger(__name__)
+ def is_sid_valid(sid):
+     try:
+         security.dom_sid(sid)
+-    except TypeError:
+    except (TypeError, ValueError):
+         return False
+     else:
+         return True
+@@ -457,7 +457,7 @@ class DomainValidator:
+         try:
+             test_sid = security.dom_sid(sid)
+             return unicode(test_sid)
+-        except TypeError:
+        except (TypeError, ValueError):
+             raise errors.ValidationError(name=_('trusted domain object'),
+                                          error=_('Trusted domain did not '
+                                                  'return a valid SID for '
+-- 
+2.43.0
+
--- a/freeipa.spec
+++ b/freeipa.spec
@ -223,7 +223,7 @@

 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        3%{?rc_version:.%rc_version}%{?dist}
+Release:        4%{?rc_version:.%rc_version}%{?dist}
 Summary:        The Identity, Policy and Audit system

 License:        GPL-3.0-or-later
@ -258,6 +258,8 @@ Patch0008:      0008-WIP-Get-the-PKI-version-from-the-remote-to-determine.patch
 Patch0009:      0009-ipatests-fix-expected-output-for-ipahealthcheck.meta.patch
 Patch0010:      0010-ipatests-ignore-nsslapd-accesslog-logbuffering-WARN-.patch
 Patch0011:      0011-ipatests-fix-expected-output-for-ipahealthcheck.ipa..patch
+Patch0012:      0012-group-add-member-fails-with-an-external-member.patch
+Patch0013:      0013-Handle-samba-changes-in-samba.security.dom_sid.patch
 Patch1001:      1001-Change-branding-to-IPA-and-Identity-Management.patch
 %endif
 %endif
@ -1750,6 +1752,9 @@ fi
 %endif

 %changelog
+* Fri Dec 1 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-4
+- Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()
+
 * Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3
 - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'