[Freeipa-devel] [freeipa PR#1440][opened] [Backport][ipa-4-6] ipa-kdb: support KDB DAL version 7.0

Sun, 07 Jan 2018 07:53:49 -0800 

   URL: https://github.com/freeipa/freeipa/pull/1440
Author: tiran
 Title: #1440: [Backport][ipa-4-6] ipa-kdb: support KDB DAL version 7.0
Action: opened

PR body:
"""
krb5-1.16 includes DAL version 7, which changes the signature of
audit_as_req to include local and remote address parameters.

This patch just enables building against the new DAL version and bumps
the minimum in freeipa.spec.in, but doesn't use the new information
for anything.

Reviewed-By: Tomas Krizek <tkri...@redhat.com>
Reviewed-By: Alexander Bokovoy <aboko...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1440/head:pr1440
git checkout pr1440

From 084b5b907a400c538aad33ebe57fea93a03d8009 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharw...@redhat.com>
Date: Mon, 9 Oct 2017 11:39:09 -0400
Subject: [PATCH] ipa-kdb: support KDB DAL version 7.0

krb5-1.16 includes DAL version 7, which changes the signature of
audit_as_req to include local and remote address parameters.

This patch just enables building against the new DAL version and bumps
the minimum in freeipa.spec.in, but doesn't use the new information
for anything.

Reviewed-By: Tomas Krizek <tkri...@redhat.com>
Reviewed-By: Alexander Bokovoy <aboko...@redhat.com>
---
 daemons/ipa-kdb/ipa_kdb.c          | 9 ++++++---
 daemons/ipa-kdb/ipa_kdb.h          | 4 ++++
 daemons/ipa-kdb/ipa_kdb_audit_as.c | 4 ++++
 freeipa.spec.in                    | 4 ++++
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index c0f1e276ca..b11153eccd 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -709,7 +709,9 @@ kdb_vftabl kdb_function_table = {
 };
 #endif
 
-#if (KRB5_KDB_DAL_MAJOR_VERSION == 6) && defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
+#if ((KRB5_KDB_DAL_MAJOR_VERSION == 6) || \
+     (KRB5_KDB_DAL_MAJOR_VERSION == 7)) && \
+    defined(HAVE_KDB_FREEPRINCIPAL_EDATA)
 kdb_vftabl kdb_function_table = {
     .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
     .min_ver = 1,
@@ -742,7 +744,8 @@ kdb_vftabl kdb_function_table = {
 };
 #endif
 
-#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && (KRB5_KDB_DAL_MAJOR_VERSION != 6)
+#if (KRB5_KDB_DAL_MAJOR_VERSION != 5) && \
+    (KRB5_KDB_DAL_MAJOR_VERSION != 6) && \
+    (KRB5_KDB_DAL_MAJOR_VERSION != 7)
 #error unsupported DAL major version
 #endif
-
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 72573a61ad..be2f457522 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -326,6 +326,10 @@ krb5_error_code ipadb_check_allowed_to_delegate(krb5_context kcontext,
 
 void ipadb_audit_as_req(krb5_context kcontext,
                         krb5_kdc_req *request,
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 7)
+                        const krb5_address *local_addr,
+                        const krb5_address *remote_addr,
+#endif
                         krb5_db_entry *client,
                         krb5_db_entry *server,
                         krb5_timestamp authtime,
diff --git a/daemons/ipa-kdb/ipa_kdb_audit_as.c b/daemons/ipa-kdb/ipa_kdb_audit_as.c
index 5f59bf33a7..c68a67aa2a 100644
--- a/daemons/ipa-kdb/ipa_kdb_audit_as.c
+++ b/daemons/ipa-kdb/ipa_kdb_audit_as.c
@@ -26,6 +26,10 @@
 
 void ipadb_audit_as_req(krb5_context kcontext,
                         krb5_kdc_req *request,
+#if (KRB5_KDB_DAL_MAJOR_VERSION == 7)
+                        const krb5_address *local_addr,
+                        const krb5_address *remote_addr,
+#endif
                         krb5_db_entry *client,
                         krb5_db_entry *server,
                         krb5_timestamp authtime,
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 688756e428..e9ad5695d8 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -95,9 +95,13 @@ BuildRequires:  openldap-devel
 # For KDB DAL version, make explicit dependency so that increase of version
 # will cause the build to fail due to unsatisfied dependencies.
 # DAL version change may cause code crash or memory leaks, it is better to fail early.
+%if 0%{?fedora} > 27
+BuildRequires: krb5-kdb-version = 7.0
+%else
 %if 0%{?fedora} > 25
 BuildRequires: krb5-kdb-version = 6.1
 %endif
+%endif
 BuildRequires:  krb5-devel >= %{krb5_version}
 # 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation
 BuildRequires:  xmlrpc-c-devel >= 1.27.4

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to