rpms/ipa
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Apply 0026-ipa-kdb-fix-error-handling-of-is_master_host.patch

Browse Source
This commit is contained in:
eabdullin 2023-09-12 16:19:05 +03:00
parent 2184916d1f
commit 86257fbf82
2 changed files with 91 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
SOURCES/0026-ipa-kdb-fix-error-handling-of-is_master_host.patch Normal file
View File

@ -0,0 +1,85 @@
From c84c59c66f1b22ebc671960cae90088a024d2d62 Mon Sep 17 00:00:00 2001
From: Julien Rische <jrische@redhat.com>
Date: Aug 01 2023 11:31:09 +0000
Subject: ipa-kdb: fix error handling of is_master_host()
Adding proper error handling to the is_master_host() function to allow
it to make the difference between the absence of a master host object
and a connection failure. This will keep the krb5kdc daemon from
continuing to run with a NULL LDAP context.
Fixes: https://pagure.io/freeipa/issue/9422
Signed-off-by: Julien Rische <jrische@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 83b507c..1558e2b 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -401,27 +401,29 @@ static krb5_error_code ipadb_add_asserted_identity(struct ipadb_context *ipactx,
return 0;
}
-static bool is_master_host(struct ipadb_context *ipactx, const char *fqdn)
+static krb5_error_code
+is_master_host(struct ipadb_context *ipactx, const char *fqdn, bool *result)
{
- int ret;
+ int err;
char *master_host_base = NULL;
- LDAPMessage *result = NULL;
- krb5_error_code err;
+ LDAPMessage *ldap_res = NULL;
- ret = asprintf(&master_host_base, "cn=%s,cn=masters,cn=ipa,cn=etc,%s",
+ err = asprintf(&master_host_base, "cn=%s,cn=masters,cn=ipa,cn=etc,%s",
fqdn, ipactx->base);
- if (ret == -1) {
- return false;
- }
+ if (err == -1)
+ return ENOMEM;
+
err = ipadb_simple_search(ipactx, master_host_base, LDAP_SCOPE_BASE,
- NULL, NULL, &result);
+ NULL, NULL, &ldap_res);
free(master_host_base);
- ldap_msgfree(result);
- if (err == 0) {
- return true;
- }
+ ldap_msgfree(ldap_res);
+ if (err != KRB5_KDB_NOENTRY && err != 0)
+ return err;
+
+ if (result)
+ *result = err != KRB5_KDB_NOENTRY;
- return false;
+ return 0;
}
static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx,
@@ -692,9 +694,14 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx,
if ((is_host || is_service)) {
/* it is either host or service, so get the hostname first */
char *sep = strchr(info3->base.account_name.string, '/');
- bool is_master = is_master_host(
- ipactx,
- sep ? sep + 1 : info3->base.account_name.string);
+ bool is_master;
+
+ ret = is_master_host(ipactx,
+ sep ? sep + 1 : info3->base.account_name.string,
+ &is_master);
+ if (ret)
+ return ret;
+
if (is_master) {
/* Well known RID of domain controllers group */
if (info3->base.rid == 0) {

7
SPECS/freeipa.spec
View File

@ -223,7 +223,7 @@
Name: %{package_name}
Version: %{IPA_VERSION}
Release: 8%{?rc_version:.%rc_version}%{?dist}.alma
Release: 9%{?rc_version:.%rc_version}%{?dist}.alma.1
Summary: The Identity, Policy and Audit system
License: GPLv3+
@ -275,6 +275,8 @@ Patch0024: 0024-ipa-kdb-postpone-ticket-checksum-configuration.patch
# Patch was taken from
# https://pagure.io/freeipa/c/7060e3a031fb4e4cdf85f616f1e1a3435d61e696.patch
Patch0025: 0025-Fix-OTP-on-s390x.patch
# https://pagure.io/freeipa/c/c84c59c66f1b22ebc671960cae90088a024d2d62.patch
Patch0026: 0026-ipa-kdb-fix-error-handling-of-is_master_host.patch
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
%endif
@ -1763,6 +1765,9 @@ fi
%endif
%changelog
* Tue Sep 12 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.10.1-9.alma.1
- Apply 0026-ipa-kdb-fix-error-handling-of-is_master_host.patch
* Wed Aug 02 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.10.1-8.alma
- Apply 0025-Fix-OTP-on-s390x patch