URL: https://github.com/freeipa/freeipa/pull/1544 Author: tiran Title: #1544: [Backport][ipa-4-6] ipa-kdb: use magic value to check if ipadb is used Action: opened
PR body: """ Manual backport of PR #1537 The certauth plugin is configured in /etc/krb5.conf independently form the database module. As a result the IPA certauth plugin can be added to the configuration without the IPA DAL driver. Since the IPA certauth plugin depends on the presence of the IPA DAL driver this patch adds a magic value at the beginning of struct ipadb_context which can be checked to see if the IPA DAL driver is properly initialized. Resolves https://pagure.io/freeipa/issue/7261 Reviewed-By: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1544/head:pr1544 git checkout pr1544
From 8b8947831f394bedcb6fc2344166e623e937b707 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 7 Feb 2018 17:10:08 +0100 Subject: [PATCH] ipa-kdb: use magic value to check if ipadb is used The certauth plugin is configured in /etc/krb5.conf independently form the database module. As a result the IPA certauth plugin can be added to the configuration without the IPA DAL driver. Since the IPA certauth plugin depends on the presence of the IPA DAL driver this patch adds a magic value at the beginning of struct ipadb_context which can be checked to see if the IPA DAL driver is properly initialized. Resolves https://pagure.io/freeipa/issue/7261 Reviewed-By: Christian Heimes <chei...@redhat.com> --- daemons/ipa-kdb/ipa_kdb.c | 1 + daemons/ipa-kdb/ipa_kdb.h | 2 ++ daemons/ipa-kdb/ipa_kdb_certauth.c | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index c0f1e276ca..d547eb01b6 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -522,6 +522,7 @@ static krb5_error_code ipadb_init_module(krb5_context kcontext, if (!ipactx) { return ENOMEM; } + ipactx->magic = IPA_CONTEXT_MAGIC; /* only check for unsupported 'temporary' value for now */ for (i = 0; db_args != NULL && db_args[i] != NULL; i++) { diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index 72573a61ad..cffe330baa 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -101,7 +101,9 @@ struct ipadb_global_config { bool disable_preauth_for_spns; }; +#define IPA_CONTEXT_MAGIC 0x0c027ea7 struct ipadb_context { + int magic; char *uri; char *base; char *realm; diff --git a/daemons/ipa-kdb/ipa_kdb_certauth.c b/daemons/ipa-kdb/ipa_kdb_certauth.c index 66c2d08cbb..432379b333 100644 --- a/daemons/ipa-kdb/ipa_kdb_certauth.c +++ b/daemons/ipa-kdb/ipa_kdb_certauth.c @@ -131,7 +131,7 @@ static krb5_error_code ipa_get_init_data(krb5_context kcontext, krb5_klog_syslog(LOG_INFO, "Initializing IPA certauth plugin."); ipactx = ipadb_get_context(kcontext); - if (ipactx == NULL) { + if (ipactx == NULL || ipactx->magic != IPA_CONTEXT_MAGIC) { return KRB5_KDB_DBNOTINITED; }
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
