rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0042-ipa-lockout-do-not-fail-when-default-realm-cannot-be.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   69f9f3454df6eac56e77a3041fbfc161d92d4f66
  2.   SOURCES
  3.   0042-ipa-lockout-do-not-fail-when-default-realm-cannot-be.patch
Blob History Raw
9991ea 
From c41034f5ab587023d9941409618bdf5dc9046fae Mon Sep 17 00:00:00 2001
9991ea 
From: Martin Kosek <mkosek@redhat.com>
9991ea 
Date: Tue, 4 Feb 2014 11:02:34 +0100
9991ea 
Subject: [PATCH] ipa-lockout: do not fail when default realm cannot be read
9991ea
9991ea 
When ipa-lockout plugin is started during FreeIPA server installation,
9991ea 
the default realm may not be available and plugin should then not end
9991ea 
with failure.
9991ea
9991ea 
Similarly to other plugins, start in degraded mode in this situation.
9991ea 
Operation is fully restored during the final services restart.
9991ea
9991ea 
https://fedorahosted.org/freeipa/ticket/4085
9991ea 
---
9991ea 
 .../ipa-slapi-plugins/ipa-lockout/ipa_lockout.c    | 34 +++++++++++-----------
9991ea 
 1 file changed, 17 insertions(+), 17 deletions(-)
9991ea
9991ea 
diff --git a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
9991ea 
index 5a24359d319aaea28773daa01d268d2d46583270..265c2701c36fe78486a2bdd4a66366b0b05472a0 100644
9991ea 
--- a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
9991ea 
+++ b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
9991ea 
@@ -176,23 +176,23 @@ ipalockout_get_global_config(struct ipa_context *ipactx)
9991ea 
     krberr = krb5_init_context(&krbctx);
9991ea 
     if (krberr) {
9991ea 
         LOG_FATAL("krb5_init_context failed (%d)\n", krberr);
9991ea 
-        ret = LDAP_OPERATIONS_ERROR;
9991ea 
-        goto done;
9991ea 
-    }
9991ea 
-
9991ea 
-    krberr = krb5_get_default_realm(krbctx, &realm;;
9991ea 
-    if (krberr) {
9991ea 
-        LOG_FATAL("Failed to get default realm (%d)\n", krberr);
9991ea 
-        ret = LDAP_OPERATIONS_ERROR;
9991ea 
-        goto done;
9991ea 
-    }
9991ea 
-
9991ea 
-    ipa_global_policy = slapi_ch_smprintf("cn=global_policy,cn=%s,cn=kerberos,%s",
9991ea 
-                                          realm, basedn);
9991ea 
-    if (!ipa_global_policy) {
9991ea 
-        LOG_OOM();
9991ea 
-        ret = LDAP_OPERATIONS_ERROR;
9991ea 
-        goto done;
9991ea 
+        /* Yes, we failed, but it is because /etc/krb5.conf doesn't exist
9991ea 
+         * or is misconfigured. Start up in a degraded mode.
9991ea 
+         */
9991ea 
+    } else {
9991ea 
+        krberr = krb5_get_default_realm(krbctx, &realm;;
9991ea 
+        if (krberr) {
9991ea 
+            LOG_FATAL("Failed to get default realm (%d)\n", krberr);
9991ea 
+        } else {
9991ea 
+            ipa_global_policy =
9991ea 
+                slapi_ch_smprintf("cn=global_policy,cn=%s,cn=kerberos,%s",
9991ea 
+                                  realm, basedn);
9991ea 
+            if (!ipa_global_policy) {
9991ea 
+                LOG_OOM();
9991ea 
+                ret = LDAP_OPERATIONS_ERROR;
9991ea 
+                goto done;
9991ea 
+            }
9991ea 
+        }
9991ea 
     }
9991ea
9991ea 
     ret = asprintf(&dn, "cn=ipaConfig,cn=etc,%s", basedn);
9991ea 
--
9991ea 
1.8.5.3
9991ea

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation