On Fri, 05 Aug 2016, Lukas Slebodnik wrote:
ehlo,

attached patches fix a build of freeipa on fedora 25 and fedora rawhide.
IMHO, this change in krb5pac.h is an ABI change and samba guys should
also bump a SONAME to related (private?) libraries. I could not see it;
but maybe I overlooked it.
It an interesting question which you might raise upstream. krb5pac.h is
auto-generated from krb5pac.idl, the same happens for all IDL-based
definitions. They are not versioned, though.

As for the patch, ACK. The change came with 
4406cf792a599724f55777a45efb6367a9bd92b2,
'krb5pac.idl: introduce PAC_DOMAIN_GROUP_MEMBERSHIP to handle the resource 
groups'
which landed upstream in May 2016.


LS

From 02db5adc82c36592f8aef5fd4d5e2f2e27f15b11 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Fri, 5 Aug 2016 08:29:27 +0200
Subject: [PATCH 1/2] ipa-kdb: Allow to build with samba 4.5

daemons/ipa-kdb/ipa_kdb_mspac.c: In function 'filter_logon_info':
daemons/ipa-kdb/ipa_kdb_mspac.c:1536:19: error: 'struct PAC_LOGON_INFO'
 has no member named 'res_group_dom_sid'
    if (info->info->res_group_dom_sid != NULL &&
                  ^~
daemons/ipa-kdb/ipa_kdb_mspac.c:1537:19: error: 'struct PAC_LOGON_INFO'
 has no member named 'res_groups'; did you mean 'resource_groups'?
        info->info->res_groups.count != 0) {
                  ^~
mv -f .deps/ipa_kdb_delegation.Tpo .deps/ipa_kdb_delegation.Plo
Makefile:806: recipe for target 'ipa_kdb_mspac.lo' failed
make[3]: *** [ipa_kdb_mspac.lo] Error 1
make[3]: *** Waiting for unfinished jobs....

Related change in samba
https://github.com/samba-team/samba/commit/4406cf792a599724f55777a45efb6367a9bd92b2

Resolves:
https://fedorahosted.org/freeipa/ticket/6173
---
daemons/configure.ac            | 12 ++++++++++++
daemons/ipa-kdb/ipa_kdb_mspac.c |  9 +++++++++
2 files changed, 21 insertions(+)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 
94d66d813728fe4e32f9e3c0eef920d8e2395d8f..5c5a1046397aa97ba18cafc1b81dc2a6fb2dfd34
 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -170,6 +170,18 @@ PKG_CHECK_MODULES([SAMBAUTIL], [samba-util])
SAMBA40EXTRA_LIBPATH="-L`$PKG_CONFIG --variable=libdir samba-util`/samba 
-Wl,-rpath=`$PKG_CONFIG --variable=libdir samba-util`/samba"
AC_SUBST(SAMBA40EXTRA_LIBPATH)

+bck_cflags="$CFLAGS"
+CFLAGS="$NDRPAC_CFLAGS"
+AC_CHECK_MEMBER(
+    [struct PAC_DOMAIN_GROUP_MEMBERSHIP.domain_sid],
+    [AC_DEFINE([HAVE_STRUCT_PAC_DOMAIN_GROUP_MEMBERSHIP], [1],
+               [struct PAC_DOMAIN_GROUP_MEMBERSHIP is available.])],
+    [AC_MSG_NOTICE([struct PAC_DOMAIN_GROUP_MEMBERSHIP is not available])],
+                 [[#include <ndr.h>
+                   #include <gen_ndr/krb5pac.h>]])
+
+CFLAGS="$bck_cflags"
+
LIBPDB_NAME=""
AC_CHECK_LIB([samba-passdb],
             [make_pdb_method],
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 
80e7055fd6cd7b962eeffbccc675a73d73700793..65cc03565dc06d1052c6acd0c0d6ee7265b37b36
 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -20,6 +20,8 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

+#include "config.h"
+
#include "ipa_kdb.h"
#include "ipa_mspac.h"
#include <talloc.h>
@@ -1533,10 +1535,17 @@ krb5_error_code filter_logon_info(krb5_context context,

    /* According to MS-KILE, ResourceGroups must be zero, so check
     * that it is the case here */
+#ifdef HAVE_STRUCT_PAC_DOMAIN_GROUP_MEMBERSHIP
+    if (info->info->resource_groups.domain_sid != NULL &&
+        info->info->resource_groups.groups.count != 0) {
+        return EINVAL;
+    }
+#else
    if (info->info->res_group_dom_sid != NULL &&
        info->info->res_groups.count != 0) {
        return EINVAL;
    }
+#endif

    return 0;
}
--
2.9.2


From 7d064bc2dda88552f597c1e8dfa2cf176a89ac77 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Fri, 5 Aug 2016 08:34:23 +0200
Subject: [PATCH 2/2] ipa-kdb: Fix unit test after packaging changes in krb5

Resolves:
https://fedorahosted.org/freeipa/ticket/6173
---
freeipa.spec.in | 2 ++
1 file changed, 2 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 
135e9c980011c6c2730c6c29a3c22098e48270d5..7b5bb906ea541da10e0a9f5f9970f5937728ee11
 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -108,6 +108,8 @@ BuildRequires:  python-netifaces >= 0.10.4
# Build dependencies for unit tests
BuildRequires:  libcmocka-devel
BuildRequires:  nss_wrapper
+# Required by ipa_kdb_tests
+BuildRequires:  %{_libdir}/krb5/plugins/kdb/db2.so

%if 0%{?with_python3}
BuildRequires:  python3-devel
--
2.9.2


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to