diff --git a/0012-group-add-member-fails-with-an-external-member.patch b/0012-group-add-member-fails-with-an-external-member.patch new file mode 100644 index 0000000..61339da --- /dev/null +++ b/0012-group-add-member-fails-with-an-external-member.patch @@ -0,0 +1,38 @@ +From bc69177ef80d1873026ad91a6e449b9cf20028b9 Mon Sep 17 00:00:00 2001 +From: Florence Blanc-Renaud +Date: Thu, 19 Oct 2023 12:47:03 +0200 +Subject: [PATCH] group-add-member fails with an external member + +The command ipa group-add-member --external aduser@addomain.test +fails with an internal error when used with samba 4.19. + +The command internally calls samba.security.dom_sid(sid) which +used to raise a TypeError but now raises a ValueError +(commit 9abdd67 on https://github.com/samba-team/samba). + +IPA source code needs to handle properly both exception types. + +Fixes: https://pagure.io/freeipa/issue/9466 + +Signed-off-by: Florence Blanc-Renaud +Reviewed-By: Rob Crittenden +--- + ipaserver/dcerpc.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py +index 741f0608f93449f5a3959a47734f965ab484a1e5..7e585c87639db093222fe2cebca5c9094a22d7ce 100644 +--- a/ipaserver/dcerpc.py ++++ b/ipaserver/dcerpc.py +@@ -303,7 +303,7 @@ class DomainValidator: + # Parse sid string to see if it is really in a SID format + try: + test_sid = security.dom_sid(sid) +- except TypeError: ++ except (TypeError, ValueError): + raise errors.ValidationError(name='sid', + error=_('SID is not valid')) + +-- +2.43.0 + diff --git a/0013-Handle-samba-changes-in-samba.security.dom_sid.patch b/0013-Handle-samba-changes-in-samba.security.dom_sid.patch new file mode 100644 index 0000000..07196a0 --- /dev/null +++ b/0013-Handle-samba-changes-in-samba.security.dom_sid.patch @@ -0,0 +1,41 @@ +From c6623f9ce4e1bde729ed6f729da5981c9f26c728 Mon Sep 17 00:00:00 2001 +From: Florence Blanc-Renaud +Date: Fri, 20 Oct 2023 10:20:57 +0200 +Subject: [PATCH] Handle samba changes in samba.security.dom_sid() + +samba.security.dom_sid() in 4.19 now raises ValueError instead of +TypeError. Fix the expected exception. + +Related: https://pagure.io/freeipa/issue/9466 + +Signed-off-by: Florence Blanc-Renaud +Reviewed-By: Alexander Bokovoy +--- + ipaserver/dcerpc.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py +index 7e585c87639db093222fe2cebca5c9094a22d7ce..675572c036e4ea5434d2c6808dd301b425229b38 100644 +--- a/ipaserver/dcerpc.py ++++ b/ipaserver/dcerpc.py +@@ -97,7 +97,7 @@ logger = logging.getLogger(__name__) + def is_sid_valid(sid): + try: + security.dom_sid(sid) +- except TypeError: ++ except (TypeError, ValueError): + return False + else: + return True +@@ -457,7 +457,7 @@ class DomainValidator: + try: + test_sid = security.dom_sid(sid) + return unicode(test_sid) +- except TypeError: ++ except (TypeError, ValueError): + raise errors.ValidationError(name=_('trusted domain object'), + error=_('Trusted domain did not ' + 'return a valid SID for ' +-- +2.43.0 + diff --git a/freeipa.spec b/freeipa.spec index 80b384f..7f2c12e 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -223,7 +223,7 @@ Name: %{package_name} Version: %{IPA_VERSION} -Release: 3%{?rc_version:.%rc_version}%{?dist} +Release: 4%{?rc_version:.%rc_version}%{?dist} Summary: The Identity, Policy and Audit system License: GPL-3.0-or-later @@ -258,6 +258,8 @@ Patch0008: 0008-WIP-Get-the-PKI-version-from-the-remote-to-determine.patch Patch0009: 0009-ipatests-fix-expected-output-for-ipahealthcheck.meta.patch Patch0010: 0010-ipatests-ignore-nsslapd-accesslog-logbuffering-WARN-.patch Patch0011: 0011-ipatests-fix-expected-output-for-ipahealthcheck.ipa..patch +Patch0012: 0012-group-add-member-fails-with-an-external-member.patch +Patch0013: 0013-Handle-samba-changes-in-samba.security.dom_sid.patch Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch %endif %endif @@ -1750,6 +1752,9 @@ fi %endif %changelog +* Fri Dec 1 2023 Florence Blanc-Renaud - 4.11.0-4 +- Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid() + * Mon Nov 20 2023 Florence Blanc-Renaud - 4.11.0-3 - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'