diff --git a/0004-KCM-Don-t-error-out-if-creating-a-new-ID-as-the-firs.patch b/0004-KCM-Don-t-error-out-if-creating-a-new-ID-as-the-firs.patch new file mode 100644 index 0000000..15c17a9 --- /dev/null +++ b/0004-KCM-Don-t-error-out-if-creating-a-new-ID-as-the-firs.patch @@ -0,0 +1,39 @@ +From 81dce19792cf300950411722d16b72f8816aecb0 Mon Sep 17 00:00:00 2001 +From: Jakub Hrozek +Date: Tue, 28 Aug 2018 14:47:44 +0200 +Subject: [PATCH] KCM: Don't error out if creating a new ID as the first step +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We need to handle the case where the nextID operation is ran, but the +secdb is totally empty, otherwise logins with sssd's krb5_child would +fail. + +Resolves: +https://pagure.io/SSSD/sssd/issue/3815 + +Reviewed-by: Michal Židek +--- + src/responder/kcm/kcmsrv_ccache_secdb.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c +index 0f1c037..a61d7b1 100644 +--- a/src/responder/kcm/kcmsrv_ccache_secdb.c ++++ b/src/responder/kcm/kcmsrv_ccache_secdb.c +@@ -595,7 +595,10 @@ static struct tevent_req *ccdb_secdb_nextid_send(TALLOC_CTX *mem_ctx, + } + + ret = sss_sec_list(state, sreq, &keys, &nkeys); +- if (ret != EOK) { ++ if (ret == ENOENT) { ++ keys = NULL; ++ nkeys = 0; ++ } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Cannot list keys [%d]: %s\n", + ret, sss_strerror(ret)); +-- +2.9.5 + diff --git a/sssd.spec b/sssd.spec index dc9047f..8e456bc 100644 --- a/sssd.spec +++ b/sssd.spec @@ -36,7 +36,7 @@ Name: sssd Version: 2.0.0 -Release: 2%{?dist} +Release: 3%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -47,6 +47,7 @@ Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz Patch0001: 0001-BUILD-Fix-issue-with-installation-of-libsss_secrets.patch Patch0002: 0002-BUILD-Add-missing-deps-to-libsss_sbus-.so.patch Patch0003: 0003-BUILD-Reduce-compilation-of-unnecessary-files.patch +Patch0004: 0004-KCM-Don-t-error-out-if-creating-a-new-ID-as-the-firs.patch ### Downstream only patches ### Patch0502: 0502-SYSTEMD-Use-capabilities.patch @@ -1214,6 +1215,9 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog +* Wed Aug 29 2018 Michal Židek - 2.0.0-3 +- Resolves: rhbz#1622760 - Console login as FreeIPA domain user fails in current Fedora Rawhide / 29 + * Wed Aug 29 2018 Michal Židek - 2.0.0-2 - Fix linking issues