diff --git a/0001-tools-fix-ccache-handling-for-leave-operation.patch b/0001-tools-fix-ccache-handling-for-leave-operation.patch new file mode 100644 index 0000000..01a3a2a --- /dev/null +++ b/0001-tools-fix-ccache-handling-for-leave-operation.patch @@ -0,0 +1,69 @@ +From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 10 Jan 2024 09:18:20 +0100 +Subject: [PATCH] tools: fix ccache handling for leave operation + +krb5_cc_initialize() must be called before anything can be written into +a ccache. + +While checking the available credential types the order/preference was +not respected. + +Resolves: https://issues.redhat.com/browse/SSSD-6420 +--- + tools/realm-client.c | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git a/tools/realm-client.c b/tools/realm-client.c +index c386e64..06420ea 100644 +--- a/tools/realm-client.c ++++ b/tools/realm-client.c +@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported, + GVariantIter iter; + const gchar *type; + const gchar *owner; +- +- g_variant_iter_init (&iter, supported); +- while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { +- if (g_strcmp0 (credential_type_1, type) == 0 || +- g_strcmp0 (credential_type_2, type) == 0) { +- *ret_owner = owner; +- return type; ++ const gchar *list[] = {credential_type_1, credential_type_2, NULL}; ++ size_t c; ++ ++ for (c = 0; list[c] != NULL; c++) { ++ g_variant_iter_init (&iter, supported); ++ while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { ++ if (g_strcmp0 (list[c], type) == 0) { ++ *ret_owner = owner; ++ return type; ++ } + } + } + +@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5, + memset (&mcred, 0, sizeof (mcred)); + mcred.client = principal; + mcred.server = server; +- mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND; +- mcred.times.endtime = mcred.times.starttime; + + code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES, + &mcred, &creds); +@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5, + return FALSE; + } + ++ code = krb5_cc_initialize (krb5, ccache, creds.client); ++ if (code != 0) { ++ g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code)); ++ return FALSE; ++ } ++ + code = krb5_cc_store_cred (krb5, ccache, &creds); + krb5_free_cred_contents (krb5, &creds); + +-- +2.43.0 + diff --git a/realmd.spec b/realmd.spec index c39aa11..7d95d0f 100644 --- a/realmd.spec +++ b/realmd.spec @@ -1,6 +1,6 @@ Name: realmd Version: 0.17.1 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Kerberos realm enrollment service License: LGPL-2.1-or-later URL: https://gitlab.freedesktop.org/realmd/realmd @@ -10,6 +10,7 @@ Patch0001: 0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch Patch0002: 0002-service-fix-error-message-when-removing-host-from-AD.patch Patch0003: 0003-doc-fix-reference-in-realmd.conf-man-page.patch Patch0004: 0001-sssd-package-fix.patch +Patch0005: 0001-tools-fix-ccache-handling-for-leave-operation.patch BuildRequires: make BuildRequires: gcc @@ -96,6 +97,10 @@ make check %doc ChangeLog %changelog +* Fri Feb 09 2024 Sumit Bose - 0.17.1-9 +- fix ccache handling for leave operation + Resolves: jira#SSSD-6420 + * Mon Feb 05 2024 Sumit Bose - 0.17.1-8 - improve sssd package handling due to removed sssd meta package Resolves: rhbz#2255725