Adopt to Samba changes in malformed SID processing
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
f81c02d7c7
commit
eb660edcd1
80
freeipa-4.11-samba-changes.patch
Normal file
80
freeipa-4.11-samba-changes.patch
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
From d50624dce932d02ea03a00d3ac2ec1be69e8d3b6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florence Blanc-Renaud <flo@redhat.com>
|
||||||
|
Date: Thu, 19 Oct 2023 12:47:03 +0200
|
||||||
|
Subject: [PATCH 1/2] group-add-member fails with an external member
|
||||||
|
|
||||||
|
The command ipa group-add-member --external aduser@addomain.test
|
||||||
|
fails with an internal error when used with samba 4.19.
|
||||||
|
|
||||||
|
The command internally calls samba.security.dom_sid(sid) which
|
||||||
|
used to raise a TypeError but now raises a ValueError
|
||||||
|
(commit 9abdd67 on https://github.com/samba-team/samba).
|
||||||
|
|
||||||
|
IPA source code needs to handle properly both exception types.
|
||||||
|
|
||||||
|
Fixes: https://pagure.io/freeipa/issue/9466
|
||||||
|
|
||||||
|
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
||||||
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
---
|
||||||
|
ipaserver/dcerpc.py | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
|
||||||
|
index 741f0608f..7e585c876 100644
|
||||||
|
--- a/ipaserver/dcerpc.py
|
||||||
|
+++ b/ipaserver/dcerpc.py
|
||||||
|
@@ -303,7 +303,7 @@ class DomainValidator:
|
||||||
|
# Parse sid string to see if it is really in a SID format
|
||||||
|
try:
|
||||||
|
test_sid = security.dom_sid(sid)
|
||||||
|
- except TypeError:
|
||||||
|
+ except (TypeError, ValueError):
|
||||||
|
raise errors.ValidationError(name='sid',
|
||||||
|
error=_('SID is not valid'))
|
||||||
|
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
|
From ed6fa6029d863aed1522b449d3360e6c4028e066 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florence Blanc-Renaud <flo@redhat.com>
|
||||||
|
Date: Fri, 20 Oct 2023 10:20:57 +0200
|
||||||
|
Subject: [PATCH 2/2] Handle samba changes in samba.security.dom_sid()
|
||||||
|
|
||||||
|
samba.security.dom_sid() in 4.19 now raises ValueError instead of
|
||||||
|
TypeError. Fix the expected exception.
|
||||||
|
|
||||||
|
Related: https://pagure.io/freeipa/issue/9466
|
||||||
|
|
||||||
|
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
||||||
|
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
||||||
|
---
|
||||||
|
ipaserver/dcerpc.py | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
|
||||||
|
index 7e585c876..675572c03 100644
|
||||||
|
--- a/ipaserver/dcerpc.py
|
||||||
|
+++ b/ipaserver/dcerpc.py
|
||||||
|
@@ -97,7 +97,7 @@ logger = logging.getLogger(__name__)
|
||||||
|
def is_sid_valid(sid):
|
||||||
|
try:
|
||||||
|
security.dom_sid(sid)
|
||||||
|
- except TypeError:
|
||||||
|
+ except (TypeError, ValueError):
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
return True
|
||||||
|
@@ -457,7 +457,7 @@ class DomainValidator:
|
||||||
|
try:
|
||||||
|
test_sid = security.dom_sid(sid)
|
||||||
|
return unicode(test_sid)
|
||||||
|
- except TypeError:
|
||||||
|
+ except (TypeError, ValueError):
|
||||||
|
raise errors.ValidationError(name=_('trusted domain object'),
|
||||||
|
error=_('Trusted domain did not '
|
||||||
|
'return a valid SID for '
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -201,7 +201,7 @@
|
|||||||
|
|
||||||
Name: %{package_name}
|
Name: %{package_name}
|
||||||
Version: %{IPA_VERSION}
|
Version: %{IPA_VERSION}
|
||||||
Release: 5%{?rc_version:.%rc_version}%{?dist}
|
Release: 6%{?rc_version:.%rc_version}%{?dist}
|
||||||
Summary: The Identity, Policy and Audit system
|
Summary: The Identity, Policy and Audit system
|
||||||
|
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
@ -220,6 +220,8 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{version}%{?rc_vers
|
|||||||
Source2: gpgkey-0E63D716D76AC080A4A33513F40800B6298EB963.asc
|
Source2: gpgkey-0E63D716D76AC080A4A33513F40800B6298EB963.asc
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
Patch0001: freeipa-4.11-samba-changes.patch
|
||||||
|
|
||||||
# RHEL spec file only: START: Change branding to IPA and Identity Management
|
# RHEL spec file only: START: Change branding to IPA and Identity Management
|
||||||
# Moved branding logos and background to redhat-logos-ipa-80.4:
|
# Moved branding logos and background to redhat-logos-ipa-80.4:
|
||||||
# header-logo.png, login-screen-background.jpg, login-screen-logo.png,
|
# header-logo.png, login-screen-background.jpg, login-screen-logo.png,
|
||||||
@ -1739,6 +1741,9 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 23 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-6
|
||||||
|
- Adopt trust to AD code to Samba changes in case SIDs are malformed
|
||||||
|
|
||||||
* Tue Oct 03 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-5
|
* Tue Oct 03 2023 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.0-5
|
||||||
- FreeIPA 4.11.0 release
|
- FreeIPA 4.11.0 release
|
||||||
- Simplify Fedora spec file
|
- Simplify Fedora spec file
|
||||||
|
Loading…
Reference in New Issue
Block a user