import sssd-2.5.2-2.el8_5.4

This commit is contained in:
CentOS Sources 2022-02-01 15:14:45 -05:00 committed by Stepan Oksanichenko
parent 584a059982
commit 4d5a159fd8
2 changed files with 50 additions and 1 deletions

View File

@ -0,0 +1,42 @@
From bf6059eb55c8caa3111ef718db1676c96a67c084 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 16 Dec 2021 11:14:18 +0100
Subject: [PATCH] ad: add required 'cn' attribute to subdomain object
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If the forest root is not part of the return trusted domain objects
from the local domain controller we generate an object for further
processing. During this processing it is expected that the 'cn'
attribute is set and contains the name of the forest root. So far this
attribute was missing and it is now added by this patch.
Resolves: https://github.com/SSSD/sssd/issues/5926
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/providers/ad/ad_subdomains.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 0353de76f..0c3f8ac31 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -1646,6 +1646,13 @@ static void ad_check_root_domain_done(struct tevent_req *subreq)
goto done;
}
+ ret = sysdb_attrs_add_string(state->reply[0], AD_AT_DOMAIN_NAME,
+ state->forest);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
+ goto done;
+ }
+
err = sss_idmap_sid_to_bin_sid(state->idmap_ctx->map, id,
&id_val.data, &id_val.length);
if (err != IDMAP_SUCCESS) {
--
2.26.3

View File

@ -19,7 +19,7 @@
Name: sssd
Version: 2.5.2
Release: 2%{?dist}.3
Release: 2%{?dist}.4
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@ -35,6 +35,7 @@ Patch0005: 0005-MONITOR-reduce-logs-severity-around-signalling-and-t.patch
Patch0006: 0006-DEBUG-avoid-backtrace-dups.patch
Patch0007: 0007-cache_req-cache_first-fix-for-fully-qualified-names.patch
Patch0008: 0008-utils-ignore-systemd-and-sd-pam-process-in-get_activ.patch
Patch0009: 0009-ad-add-required-cn-attribute-to-subdomain-object.patch
### Downstream Patches ###
@ -87,6 +88,7 @@ BuildRequires: libxslt
BuildRequires: libxml2
BuildRequires: docbook-style-xsl
BuildRequires: krb5-devel
BuildRequires: krb5-libs >= 1.18.2-11
BuildRequires: c-ares-devel
BuildRequires: python3-devel
BuildRequires: check-devel
@ -535,6 +537,7 @@ Summary: An implementation of a Kerberos KCM server
Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
Requires: krb5-libs >= 1.18.2-11
%{?systemd_requires}
%description kcm
@ -1151,6 +1154,10 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
* Mon Jan 17 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2.4
- Resolves: rhbz#2030651 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries [rhel-8.5.0.z]
- Resolves: rhbz#2035285 - AD Domain in the AD Forest Missing after sssd latest update [rhel-8.5.0.z]
* Tue Dec 07 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2.3
- Resolves: rhbz#2028828 - pam responder does not call initgroups to refresh the user entry [rhel-8.5.0.z]