[Freeipa-devel] [PATCH] ipa-kdb: Allow to build with samba 4.5

Lukas Slebodnik lslebodn at redhat.com
Fri Aug 5 07:01:26 UTC 2016 

ehlo,

attached patches fix a build of freeipa on fedora 25 and fedora rawhide.
IMHO, this change in krb5pac.h is an ABI change and samba guys should
also bump a SONAME to related (private?) libraries. I could not see it;
but maybe I overlooked it.

LS
-------------- next part --------------
>From 02db5adc82c36592f8aef5fd4d5e2f2e27f15b11 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn at redhat.com>
Date: Fri, 5 Aug 2016 08:29:27 +0200
Subject: [PATCH 1/2] ipa-kdb: Allow to build with samba 4.5

daemons/ipa-kdb/ipa_kdb_mspac.c: In function 'filter_logon_info':
daemons/ipa-kdb/ipa_kdb_mspac.c:1536:19: error: 'struct PAC_LOGON_INFO'
  has no member named 'res_group_dom_sid'
     if (info->info->res_group_dom_sid != NULL &&
                   ^~
daemons/ipa-kdb/ipa_kdb_mspac.c:1537:19: error: 'struct PAC_LOGON_INFO'
  has no member named 'res_groups'; did you mean 'resource_groups'?
         info->info->res_groups.count != 0) {
                   ^~
mv -f .deps/ipa_kdb_delegation.Tpo .deps/ipa_kdb_delegation.Plo
Makefile:806: recipe for target 'ipa_kdb_mspac.lo' failed
make[3]: *** [ipa_kdb_mspac.lo] Error 1
make[3]: *** Waiting for unfinished jobs....

Related change in samba
https://github.com/samba-team/samba/commit/4406cf792a599724f55777a45efb6367a9bd92b2

Resolves:
https://fedorahosted.org/freeipa/ticket/6173
---
 daemons/configure.ac            | 12 ++++++++++++
 daemons/ipa-kdb/ipa_kdb_mspac.c |  9 +++++++++
 2 files changed, 21 insertions(+)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 94d66d813728fe4e32f9e3c0eef920d8e2395d8f..5c5a1046397aa97ba18cafc1b81dc2a6fb2dfd34 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -170,6 +170,18 @@ PKG_CHECK_MODULES([SAMBAUTIL], [samba-util])
 SAMBA40EXTRA_LIBPATH="-L`$PKG_CONFIG --variable=libdir samba-util`/samba -Wl,-rpath=`$PKG_CONFIG --variable=libdir samba-util`/samba"
 AC_SUBST(SAMBA40EXTRA_LIBPATH)
 
+bck_cflags="$CFLAGS"
+CFLAGS="$NDRPAC_CFLAGS"
+AC_CHECK_MEMBER(
+    [struct PAC_DOMAIN_GROUP_MEMBERSHIP.domain_sid],
+    [AC_DEFINE([HAVE_STRUCT_PAC_DOMAIN_GROUP_MEMBERSHIP], [1],
+               [struct PAC_DOMAIN_GROUP_MEMBERSHIP is available.])],
+    [AC_MSG_NOTICE([struct PAC_DOMAIN_GROUP_MEMBERSHIP is not available])],
+                 [[#include <ndr.h>
+                   #include <gen_ndr/krb5pac.h>]])
+
+CFLAGS="$bck_cflags"
+
 LIBPDB_NAME=""
 AC_CHECK_LIB([samba-passdb],
              [make_pdb_method],
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 80e7055fd6cd7b962eeffbccc675a73d73700793..65cc03565dc06d1052c6acd0c0d6ee7265b37b36 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -20,6 +20,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "config.h"
+
 #include "ipa_kdb.h"
 #include "ipa_mspac.h"
 #include <talloc.h>
@@ -1533,10 +1535,17 @@ krb5_error_code filter_logon_info(krb5_context context,
 
     /* According to MS-KILE, ResourceGroups must be zero, so check
      * that it is the case here */
+#ifdef HAVE_STRUCT_PAC_DOMAIN_GROUP_MEMBERSHIP
+    if (info->info->resource_groups.domain_sid != NULL &&
+        info->info->resource_groups.groups.count != 0) {
+        return EINVAL;
+    }
+#else
     if (info->info->res_group_dom_sid != NULL &&
         info->info->res_groups.count != 0) {
         return EINVAL;
     }
+#endif
 
     return 0;
 }
-- 
2.9.2

-------------- next part --------------
>From 7d064bc2dda88552f597c1e8dfa2cf176a89ac77 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn at redhat.com>
Date: Fri, 5 Aug 2016 08:34:23 +0200
Subject: [PATCH 2/2] ipa-kdb: Fix unit test after packaging changes in krb5

Resolves:
https://fedorahosted.org/freeipa/ticket/6173
---
 freeipa.spec.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 135e9c980011c6c2730c6c29a3c22098e48270d5..7b5bb906ea541da10e0a9f5f9970f5937728ee11 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -108,6 +108,8 @@ BuildRequires:  python-netifaces >= 0.10.4
 # Build dependencies for unit tests
 BuildRequires:  libcmocka-devel
 BuildRequires:  nss_wrapper
+# Required by ipa_kdb_tests
+BuildRequires:  %{_libdir}/krb5/plugins/kdb/db2.so
 
 %if 0%{?with_python3}
 BuildRequires:  python3-devel
-- 
2.9.2

More information about the Freeipa-devel mailing list