From 93fb037d8409d9d46606c31d8a240e3963b72651 Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Wed, 6 Feb 2019 13:47:01 +0100
Subject: [PATCH 1/3] Compile IPA modules with C11 extensions

- define __STDC_WANT_LIB_EXT1__ to get C11 extensions like memset_s() for
  Samba's ZERO_STRUCT() macro, see
  https://en.cppreference.com/w/c/string/byte/memset
- _DEFAULT_SOURCE enables features like htole16() from endian.h, see
  http://man7.org/linux/man-pages/man3/endian.3.html
- _POSIX_C_SOURCE >= 200809 enables features like strndup() from string.h,
  see http://man7.org/linux/man-pages/man3/strndup.3.html
- time_t is no longer implicitly defined, include time.h
- typeof() is only available as GNU extension. Use explicit types
  instead of generic __typeof__().

Fixes: https://pagure.io/freeipa/issue/7858
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 configure.ac                                  | 12 +++++++++---
 daemons/ipa-slapi-plugins/libotp/otp_config.c |  4 ++--
 util/ipa_krb5.h                               |  1 +
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index df8d063b1..7ef0f560c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,15 +18,21 @@ AC_CONFIG_HEADERS([config.h])
 AM_INIT_AUTOMAKE([foreign 1.9 tar-pax])
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
 
+dnl enable C11 extensions for features like memset_s()
+CFLAGS+=" -D__STDC_WANT_LIB_EXT1__=1"
+dnl enable features like htole16()
+CFLAGS+=" -D_DEFAULT_SOURCE=1"
+dnl Enable features like strndup()
+CFLAGS+=" -D_POSIX_C_SOURCE=200809L"
+dnl fail hard when includes statements are missing
+CFLAGS+=" -Werror=implicit-function-declaration"
+
 AC_PROG_CC_C99
 AC_DISABLE_STATIC
 LT_INIT
 
 AC_HEADER_STDC
 
-dnl fail hard when includes statements are missing
-CFLAGS+=" -Werror=implicit-function-declaration"
-
 PKG_PROG_PKG_CONFIG
 
 AC_ARG_ENABLE([server],
diff --git a/daemons/ipa-slapi-plugins/libotp/otp_config.c b/daemons/ipa-slapi-plugins/libotp/otp_config.c
index 685b2d9d2..949b9136c 100644
--- a/daemons/ipa-slapi-plugins/libotp/otp_config.c
+++ b/daemons/ipa-slapi-plugins/libotp/otp_config.c
@@ -217,7 +217,7 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
     void *node = NULL;
     int search_result = 0;
 
-    cfg = (typeof(cfg)) slapi_ch_calloc(1, sizeof(*cfg));
+    cfg = (struct otp_config *) slapi_ch_calloc(1, sizeof(*cfg));
     cfg->plugin_id = plugin_id;
 
     /* Build the config table. */
@@ -229,7 +229,7 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
             struct record *rec;
 
             /* Create the config entry. */
-            rec = (typeof(rec)) slapi_ch_calloc(1, sizeof(*rec));
+            rec = (struct record *) slapi_ch_calloc(1, sizeof(*rec));
             rec->spec = specs[i];
             rec->sdn = make_sdn(rec->spec->prefix, sfx);
 
diff --git a/util/ipa_krb5.h b/util/ipa_krb5.h
index 60a8ced5d..f64b39c69 100644
--- a/util/ipa_krb5.h
+++ b/util/ipa_krb5.h
@@ -1,5 +1,6 @@
 #pragma once
 
+#include <time.h>
 #include <lber.h>
 #include <krb5/krb5.h>
 #include <kdb.h>
-- 
2.20.1


From d4d0b8a04642fc21167342b6bee998846159e605 Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Thu, 7 Feb 2019 11:29:36 +0100
Subject: [PATCH 2/3] Update build requirements on twine

On Fedora >= 29 the command 'twine' is provied by the twine package. On
F28 it's in python3-twine. F30 no longer has python3-twine.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 freeipa.spec.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index ed1d6c167..14892965f 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -195,7 +195,11 @@ BuildRequires:  python3-six
 BuildRequires:  dbus-glib-devel
 BuildRequires:  libffi-devel
 BuildRequires:  python3-tox
+%if 0%{?fedora} <= 28
 BuildRequires:  python3-twine
+%else
+BuildRequires:  twine
+%endif
 BuildRequires:  python3-wheel
 %endif # with_wheels
 
-- 
2.20.1


From 272837f1c07729392cdbc88b99a221390d01e70d Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Thu, 7 Feb 2019 12:11:42 +0100
Subject: [PATCH 3/3] Remove ZERO_STRUCT() call

ipa_sam uses Samba's macro ZERO_STRUCT() to safely zero out a block in
memory. On F30 ZERO_STRUCT() is currently broken, because it uses the
undefined C11 function memset_s().

During investigation of the bug, it turned out that
ZERO_STRUCT(td->security_identifier) is not needed. The whole td struct
is allocated with talloc_zero(), so td->security_identifier is already
zeroed.

See: https://bugzilla.redhat.com/show_bug.cgi?id=1672231
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 daemons/ipa-sam/ipa_sam.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 675a511f0..b1e0294e3 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -2179,7 +2179,6 @@ static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx,
 	if (dummy == NULL) {
 		DEBUG(9, ("Attribute %s not present.\n",
 			  LDAP_ATTRIBUTE_TRUST_SID));
-		ZERO_STRUCT(td->security_identifier);
 	} else {
 		err = sss_idmap_sid_to_smb_sid(ipasam_state->idmap_ctx,
 					       dummy, &sid);
-- 
2.20.1