Rebuild against krb5 1.18 beta
This commit is contained in:
parent
7ba1008817
commit
87131d93f7
13
freeipa.spec
13
freeipa.spec
@ -76,12 +76,13 @@
|
||||
%global package_name freeipa
|
||||
%global alt_name ipa
|
||||
# Fix for CVE-2018-20217
|
||||
%global krb5_version 1.17-17
|
||||
%global krb5_kdb_version 7.0
|
||||
%global krb5_version 1.19
|
||||
%global krb5_kdb_version 8.0
|
||||
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
|
||||
%global python_netaddr_version 0.7.16
|
||||
# Require 4.7.0 which brings Python 3 bindings
|
||||
%global samba_version 2:4.9.0
|
||||
# Require 4.12 which has DsRGetForestTrustInformation access rights fixes
|
||||
%global samba_version 2:4.12
|
||||
# SELinux context for /etc/named directory, RHBZ#1759495
|
||||
%global selinux_policy_version 3.14.3-52
|
||||
%global slapi_nis_version 0.56.1
|
||||
@ -142,7 +143,7 @@
|
||||
|
||||
Name: %{package_name}
|
||||
Version: %{IPA_VERSION}
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: The Identity, Policy and Audit system
|
||||
|
||||
License: GPLv3+
|
||||
@ -153,6 +154,7 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.as
|
||||
# https://github.com/freeipa/freeipa/pull/4045
|
||||
# Fix bugs in the overlapping DNS zone check
|
||||
Patch0: 4045.patch
|
||||
Patch1: krb5-1.18-support.patch
|
||||
|
||||
# For the timestamp trick in patch application
|
||||
BuildRequires: diffstat
|
||||
@ -1359,6 +1361,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jan 24 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-3
|
||||
- Rebuild against krb5 1.18 beta
|
||||
|
||||
* Mon Dec 16 2019 Adam Williamson <awilliam@redhat.com> - 4.8.4-2
|
||||
- Backport PR #4045 to fix overlapping DNS zone check bugs
|
||||
|
||||
|
409
krb5-1.18-support.patch
Normal file
409
krb5-1.18-support.patch
Normal file
@ -0,0 +1,409 @@
|
||||
From b750e3f153ef97144ea6696672000f70da8d9bf1 Mon Sep 17 00:00:00 2001
|
||||
From: Robbie Harwood <rharwood@redhat.com>
|
||||
Date: Thu, 9 Jan 2020 16:44:15 -0500
|
||||
Subject: [PATCH 1/3] [KDB] Handle the removal of KRB5_KDB_FLAG_ALIAS_OK
|
||||
|
||||
In ac8865a22138ab0c657208c41be8fd6bc7968148 (between 1.17 and 1.18),
|
||||
krb5 removed this flag, and always accepts aliases.
|
||||
|
||||
Related-to: https://pagure.io/freeipa/issue/7879
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
---
|
||||
daemons/ipa-kdb/ipa_kdb_certauth.c | 21 +++++++-------
|
||||
daemons/ipa-kdb/ipa_kdb_kdcpolicy.c | 11 +++++--
|
||||
daemons/ipa-kdb/ipa_kdb_principals.c | 43 ++++++++++++++++------------
|
||||
3 files changed, 43 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/daemons/ipa-kdb/ipa_kdb_certauth.c b/daemons/ipa-kdb/ipa_kdb_certauth.c
|
||||
index 47911aa3d..bc6b26578 100644
|
||||
--- a/daemons/ipa-kdb/ipa_kdb_certauth.c
|
||||
+++ b/daemons/ipa-kdb/ipa_kdb_certauth.c
|
||||
@@ -261,16 +261,18 @@ static krb5_error_code ipa_certauth_authorize(krb5_context context,
|
||||
const krb5_db_entry *db_entry,
|
||||
char ***authinds_out)
|
||||
{
|
||||
- char *cert_filter = NULL;
|
||||
- char **domains = NULL;
|
||||
- int ret;
|
||||
+ char *cert_filter = NULL, **domains = NULL;
|
||||
+ int ret, flags = 0;
|
||||
size_t c;
|
||||
- char *principal = NULL;
|
||||
- char **auth_inds = NULL;
|
||||
+ char *principal = NULL, **auth_inds = NULL;
|
||||
LDAPMessage *res = NULL;
|
||||
krb5_error_code kerr;
|
||||
LDAPMessage *lentry;
|
||||
|
||||
+#ifdef KRB5_KDB_FLAG_ALIAS_OK
|
||||
+ flags = KRB5_KDB_FLAG_ALIAS_OK;
|
||||
+#endif
|
||||
+
|
||||
if (moddata == NULL) {
|
||||
return KRB5_PLUGIN_NO_HANDLE;
|
||||
}
|
||||
@@ -327,10 +329,8 @@ static krb5_error_code ipa_certauth_authorize(krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
- kerr = ipadb_fetch_principals_with_extra_filter(moddata->ipactx,
|
||||
- KRB5_KDB_FLAG_ALIAS_OK,
|
||||
- principal,
|
||||
- cert_filter,
|
||||
+ kerr = ipadb_fetch_principals_with_extra_filter(moddata->ipactx, flags,
|
||||
+ principal, cert_filter,
|
||||
&res);
|
||||
if (kerr != 0) {
|
||||
krb5_klog_syslog(LOG_ERR, "Search failed [%d]", kerr);
|
||||
@@ -338,8 +338,7 @@ static krb5_error_code ipa_certauth_authorize(krb5_context context,
|
||||
goto done;
|
||||
}
|
||||
|
||||
- kerr = ipadb_find_principal(context, KRB5_KDB_FLAG_ALIAS_OK, res,
|
||||
- &principal, &lentry);
|
||||
+ kerr = ipadb_find_principal(context, flags, res, &principal, &lentry);
|
||||
if (kerr == KRB5_KDB_NOENTRY) {
|
||||
krb5_klog_syslog(LOG_INFO, "No matching entry found");
|
||||
ret = KRB5KDC_ERR_CERTIFICATE_MISMATCH;
|
||||
diff --git a/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c b/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
|
||||
index 9467b1ba1..8d2ad66f7 100644
|
||||
--- a/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
|
||||
+++ b/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c
|
||||
@@ -22,9 +22,14 @@ ipa_kdcpolicy_check_as(krb5_context context, krb5_kdcpolicy_moddata moddata,
|
||||
enum ipadb_user_auth ua;
|
||||
struct ipadb_e_data *ied;
|
||||
struct ipadb_e_pol_limits *pol_limits = NULL;
|
||||
- int valid_auth_indicators = 0;
|
||||
+ int valid_auth_indicators = 0, flags = 0;
|
||||
krb5_db_entry *client_actual = NULL;
|
||||
|
||||
+#ifdef KRB5_KDB_FLAG_ALIAS_OK
|
||||
+ flags = KRB5_KDB_FLAG_ALIAS_OK;
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
*status = NULL;
|
||||
*lifetime_out = 0;
|
||||
*renew_lifetime_out = 0;
|
||||
@@ -33,8 +38,8 @@ ipa_kdcpolicy_check_as(krb5_context context, krb5_kdcpolicy_moddata moddata,
|
||||
if (ied == NULL || ied->magic != IPA_E_DATA_MAGIC) {
|
||||
/* e-data is not availble, getting user auth from LDAP */
|
||||
krb5_klog_syslog(LOG_INFO, "IPA kdcpolicy: client e_data not availble. Try fetching...");
|
||||
- kerr = ipadb_get_principal(context, request->client,
|
||||
- KRB5_KDB_FLAG_ALIAS_OK, &client_actual);
|
||||
+ kerr = ipadb_get_principal(context, request->client, flags,
|
||||
+ &client_actual);
|
||||
if (kerr != 0) {
|
||||
krb5_klog_syslog(LOG_ERR, "IPA kdcpolicy: ipadb_find_principal failed.");
|
||||
return kerr;
|
||||
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
|
||||
index 47e44f090..da0b841a1 100644
|
||||
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
|
||||
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
|
||||
@@ -964,8 +964,7 @@ ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
|
||||
LDAPMessage **result)
|
||||
{
|
||||
krb5_error_code kerr;
|
||||
- char *src_filter = NULL;
|
||||
- char *esc_original_princ = NULL;
|
||||
+ char *src_filter = NULL, *esc_original_princ = NULL;
|
||||
int ret;
|
||||
|
||||
if (!ipactx->lcontext) {
|
||||
@@ -976,28 +975,33 @@ ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
|
||||
}
|
||||
}
|
||||
|
||||
- /* escape filter but do not touch '*' as this function accepts
|
||||
- * wildcards in names */
|
||||
+ /* Escape filter but do not touch '*' as this function accepts
|
||||
+ * wildcards in names. */
|
||||
esc_original_princ = ipadb_filter_escape(principal, false);
|
||||
if (!esc_original_princ) {
|
||||
kerr = KRB5_KDB_INTERNAL_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
- if (filter == NULL) {
|
||||
- if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
|
||||
+ /* Starting in DAL 8.0, aliases are always okay. */
|
||||
+#ifdef KRB5_KDB_FLAG_ALIAS_OK
|
||||
+ if (!(flags & KRB5_KDB_FLAG_ALIAS_OK)) {
|
||||
+ if (filter == NULL) {
|
||||
+ ret = asprintf(&src_filter, PRINC_SEARCH_FILTER,
|
||||
+ esc_original_princ);
|
||||
+ } else {
|
||||
+ ret = asprintf(&src_filter, PRINC_SEARCH_FILTER_EXTRA,
|
||||
+ esc_original_princ, filter);
|
||||
+ }
|
||||
+ } else
|
||||
+#endif
|
||||
+ {
|
||||
+ if (filter == NULL) {
|
||||
ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
|
||||
esc_original_princ, esc_original_princ);
|
||||
} else {
|
||||
- ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
|
||||
- }
|
||||
- } else {
|
||||
- if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
|
||||
ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER_EXTRA,
|
||||
esc_original_princ, esc_original_princ, filter);
|
||||
- } else {
|
||||
- ret = asprintf(&src_filter, PRINC_SEARCH_FILTER_EXTRA,
|
||||
- esc_original_princ, filter);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1006,11 +1010,8 @@ ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
|
||||
goto done;
|
||||
}
|
||||
|
||||
- kerr = ipadb_simple_search(ipactx,
|
||||
- ipactx->base, LDAP_SCOPE_SUBTREE,
|
||||
- src_filter, std_principal_attrs,
|
||||
- result);
|
||||
-
|
||||
+ kerr = ipadb_simple_search(ipactx, ipactx->base, LDAP_SCOPE_SUBTREE,
|
||||
+ src_filter, std_principal_attrs, result);
|
||||
done:
|
||||
free(src_filter);
|
||||
free(esc_original_princ);
|
||||
@@ -1054,6 +1055,7 @@ krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
||||
/* We need to check for a strict match as a '*' in the name may have
|
||||
* caused the ldap server to return multiple entries. */
|
||||
for (int i = 0; vals[i]; i++) {
|
||||
+#ifdef KRB5_KDB_FLAG_ALIAS_OK
|
||||
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) == 0) {
|
||||
found = strcmp(vals[i]->bv_val, *principal) == 0;
|
||||
if (found)
|
||||
@@ -1061,6 +1063,7 @@ krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
||||
|
||||
continue;
|
||||
}
|
||||
+#endif
|
||||
|
||||
/* The KDC will accept aliases when doing TGT lookup
|
||||
* (ref_tgt_again in do_tgs_req.c), so use case-insensitive
|
||||
@@ -1094,6 +1097,7 @@ krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
||||
if (vals == NULL)
|
||||
break;
|
||||
|
||||
+#ifdef KRB5_KDB_FLAG_ALIAS_OK
|
||||
/* If aliases aren't accepted by the KDC, use case-sensitive
|
||||
* comparison. */
|
||||
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) == 0) {
|
||||
@@ -1103,6 +1107,7 @@ krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
||||
continue;
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
|
||||
free(*principal);
|
||||
*principal = strdup(vals[0]->bv_val);
|
||||
@@ -2601,7 +2606,9 @@ krb5_error_code ipadb_delete_principal(krb5_context kcontext,
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#ifdef KRB5_KDB_FLAG_ALIAS_OK
|
||||
flags = KRB5_KDB_FLAG_ALIAS_OK;
|
||||
+#endif
|
||||
kerr = ipadb_find_principal(kcontext, flags, res, &canonicalized, &lentry);
|
||||
if (kerr != 0) {
|
||||
goto done;
|
||||
--
|
||||
2.24.1
|
||||
|
||||
|
||||
From 0dfebd690dc79db8f4fdcd663508e5d7e095eb20 Mon Sep 17 00:00:00 2001
|
||||
From: Robbie Harwood <rharwood@redhat.com>
|
||||
Date: Thu, 9 Jan 2020 17:02:44 -0500
|
||||
Subject: [PATCH 2/3] [KDB] Support DAL version 8.0
|
||||
|
||||
Provide stubs for backward compatibility. DAL 8.0 was released with
|
||||
krb5-1.18.
|
||||
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
---
|
||||
daemons/ipa-kdb/ipa_kdb.c | 61 ++++++++++++++++++++++++++++++++++++++-
|
||||
freeipa.spec.in | 2 +-
|
||||
2 files changed, 61 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
|
||||
index 612857b38..9a5c29b13 100644
|
||||
--- a/daemons/ipa-kdb/ipa_kdb.c
|
||||
+++ b/daemons/ipa-kdb/ipa_kdb.c
|
||||
@@ -751,8 +751,67 @@ kdb_vftabl kdb_function_table = {
|
||||
};
|
||||
#endif
|
||||
|
||||
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 8)
|
||||
+/* Version 8 adds several arguments here. However, if we want to actually use
|
||||
+ * them in mspac, we really ought to drop support for older DAL versions. */
|
||||
+static inline krb5_error_code
|
||||
+stub_sign_authdata(krb5_context context, unsigned int flags,
|
||||
+ krb5_const_principal client_princ,
|
||||
+ krb5_const_principal server_princ, krb5_db_entry *client,
|
||||
+ krb5_db_entry *server, krb5_db_entry *header_server,
|
||||
+ krb5_db_entry *local_tgt, krb5_keyblock *client_key,
|
||||
+ krb5_keyblock *server_key, krb5_keyblock *header_key,
|
||||
+ krb5_keyblock *local_tgt_key, krb5_keyblock *session_key,
|
||||
+ krb5_timestamp authtime, krb5_authdata **tgt_auth_data,
|
||||
+ void *ad_info, krb5_data ***auth_indicators,
|
||||
+ krb5_authdata ***signed_auth_data)
|
||||
+{
|
||||
+ krb5_db_entry *krbtgt = header_server ? header_server : server;
|
||||
+ krb5_keyblock *krbtgt_key = header_key ? header_key : server_key;
|
||||
+
|
||||
+ return ipadb_sign_authdata(context, flags, client_princ, client, server,
|
||||
+ krbtgt, client_key, server_key, krbtgt_key,
|
||||
+ session_key, authtime, tgt_auth_data,
|
||||
+ signed_auth_data);
|
||||
+}
|
||||
+
|
||||
+kdb_vftabl kdb_function_table = {
|
||||
+ .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
|
||||
+ .min_ver = 0,
|
||||
+ .init_library = ipadb_init_library,
|
||||
+ .fini_library = ipadb_fini_library,
|
||||
+ .init_module = ipadb_init_module,
|
||||
+ .fini_module = ipadb_fini_module,
|
||||
+ .create = ipadb_create,
|
||||
+ .get_age = ipadb_get_age,
|
||||
+ .get_principal = ipadb_get_principal,
|
||||
+ .put_principal = ipadb_put_principal,
|
||||
+ .delete_principal = ipadb_delete_principal,
|
||||
+ .iterate = ipadb_iterate,
|
||||
+ .create_policy = ipadb_create_pwd_policy,
|
||||
+ .get_policy = ipadb_get_pwd_policy,
|
||||
+ .put_policy = ipadb_put_pwd_policy,
|
||||
+ .iter_policy = ipadb_iterate_pwd_policy,
|
||||
+ .delete_policy = ipadb_delete_pwd_policy,
|
||||
+ .fetch_master_key = ipadb_fetch_master_key,
|
||||
+ .store_master_key_list = ipadb_store_master_key_list,
|
||||
+ .change_pwd = ipadb_change_pwd,
|
||||
+ .sign_authdata = stub_sign_authdata,
|
||||
+ .check_transited_realms = ipadb_check_transited_realms,
|
||||
+ .check_policy_as = ipadb_check_policy_as,
|
||||
+ .audit_as_req = ipadb_audit_as_req,
|
||||
+ .check_allowed_to_delegate = ipadb_check_allowed_to_delegate,
|
||||
+ .free_principal_e_data = ipadb_free_principal_e_data,
|
||||
+ .get_s4u_x509_principal = NULL,
|
||||
+ .allowed_to_delegate_from = NULL,
|
||||
+ .get_authdata_info = NULL,
|
||||
+ .free_authdata_info = NULL,
|
||||
+};
|
||||
+#endif
|
||||
+
|
||||
#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && \
|
||||
(KRB5_KDB_DAL_MAJOR_VERSION != 6) && \
|
||||
- (KRB5_KDB_DAL_MAJOR_VERSION != 7)
|
||||
+ (KRB5_KDB_DAL_MAJOR_VERSION != 7) && \
|
||||
+ (KRB5_KDB_DAL_MAJOR_VERSION != 8)
|
||||
#error unsupported DAL major version
|
||||
#endif
|
||||
diff --git a/freeipa.spec.in b/freeipa.spec.in
|
||||
index 502ac2499..7617c935a 100755
|
||||
--- a/freeipa.spec.in
|
||||
+++ b/freeipa.spec.in
|
||||
@@ -61,7 +61,7 @@
|
||||
%global alt_name ipa
|
||||
# Fix for CVE-2018-20217
|
||||
%global krb5_version 1.16.1-24
|
||||
-%global krb5_kdb_version 7.0
|
||||
+%global krb5_kdb_version 8.0
|
||||
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
|
||||
%global python_netaddr_version 0.7.16
|
||||
# Require 4.7.0 which brings Python 3 bindings
|
||||
--
|
||||
2.24.1
|
||||
|
||||
|
||||
From fb48a25c43c2110c27d36f09ac533403738328e2 Mon Sep 17 00:00:00 2001
|
||||
From: Robbie Harwood <rharwood@redhat.com>
|
||||
Date: Thu, 9 Jan 2020 17:08:07 -0500
|
||||
Subject: [PATCH 3/3] [KDB] Drop support for DAL version 5.0
|
||||
|
||||
No supported Linux distro packages a version of krb5 with this DAL, so
|
||||
we don't lose anything by removing it.
|
||||
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
---
|
||||
daemons/ipa-kdb/ipa_kdb.c | 49 +--------------------------------------
|
||||
1 file changed, 1 insertion(+), 48 deletions(-)
|
||||
|
||||
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
|
||||
index 9a5c29b13..3982c131b 100644
|
||||
--- a/daemons/ipa-kdb/ipa_kdb.c
|
||||
+++ b/daemons/ipa-kdb/ipa_kdb.c
|
||||
@@ -635,57 +635,11 @@ static krb5_error_code ipadb_get_age(krb5_context kcontext,
|
||||
return 0;
|
||||
}
|
||||
|
||||
-#if KRB5_KDB_DAL_MAJOR_VERSION == 5
|
||||
-static void *ipadb_alloc(krb5_context context, void *ptr, size_t size)
|
||||
-{
|
||||
- return realloc(ptr, size);
|
||||
-}
|
||||
-
|
||||
-static void ipadb_free(krb5_context context, void *ptr)
|
||||
-{
|
||||
- free(ptr);
|
||||
-}
|
||||
-#endif
|
||||
-
|
||||
/* KDB Virtual Table */
|
||||
|
||||
/* We explicitly want to keep different ABI tables below separate. */
|
||||
/* Do not merge them together. Older ABI does not need to be updated */
|
||||
|
||||
-#if KRB5_KDB_DAL_MAJOR_VERSION == 5
|
||||
-kdb_vftabl kdb_function_table = {
|
||||
- .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
|
||||
- .min_ver = 0,
|
||||
- .init_library = ipadb_init_library,
|
||||
- .fini_library = ipadb_fini_library,
|
||||
- .init_module = ipadb_init_module,
|
||||
- .fini_module = ipadb_fini_module,
|
||||
- .create = ipadb_create,
|
||||
- .get_age = ipadb_get_age,
|
||||
- .get_principal = ipadb_get_principal,
|
||||
- .free_principal = ipadb_free_principal,
|
||||
- .put_principal = ipadb_put_principal,
|
||||
- .delete_principal = ipadb_delete_principal,
|
||||
- .iterate = ipadb_iterate,
|
||||
- .create_policy = ipadb_create_pwd_policy,
|
||||
- .get_policy = ipadb_get_pwd_policy,
|
||||
- .put_policy = ipadb_put_pwd_policy,
|
||||
- .iter_policy = ipadb_iterate_pwd_policy,
|
||||
- .delete_policy = ipadb_delete_pwd_policy,
|
||||
- .free_policy = ipadb_free_pwd_policy,
|
||||
- .alloc = ipadb_alloc,
|
||||
- .free = ipadb_free,
|
||||
- .fetch_master_key = ipadb_fetch_master_key,
|
||||
- .store_master_key_list = ipadb_store_master_key_list,
|
||||
- .change_pwd = ipadb_change_pwd,
|
||||
- .sign_authdata = ipadb_sign_authdata,
|
||||
- .check_transited_realms = ipadb_check_transited_realms,
|
||||
- .check_policy_as = ipadb_check_policy_as,
|
||||
- .audit_as_req = ipadb_audit_as_req,
|
||||
- .check_allowed_to_delegate = ipadb_check_allowed_to_delegate
|
||||
-};
|
||||
-#endif
|
||||
-
|
||||
#if (KRB5_KDB_DAL_MAJOR_VERSION == 6) && !defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
|
||||
kdb_vftabl kdb_function_table = {
|
||||
.maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
|
||||
@@ -809,8 +763,7 @@ kdb_vftabl kdb_function_table = {
|
||||
};
|
||||
#endif
|
||||
|
||||
-#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && \
|
||||
- (KRB5_KDB_DAL_MAJOR_VERSION != 6) && \
|
||||
+#if (KRB5_KDB_DAL_MAJOR_VERSION != 6) && \
|
||||
(KRB5_KDB_DAL_MAJOR_VERSION != 7) && \
|
||||
(KRB5_KDB_DAL_MAJOR_VERSION != 8)
|
||||
#error unsupported DAL major version
|
||||
--
|
||||
2.24.1
|
||||
|
Loading…
Reference in New Issue
Block a user