Hello community,
here is the log from the commit of package yast2-auth-client for openSUSE:Factory checked in at 2019-02-28 21:48:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-auth-client (Old)
and /work/SRC/openSUSE:Factory/.yast2-auth-client.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-client"
Thu Feb 28 21:48:59 2019 rev:34 rq:680193 version:4.1.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-auth-client/yast2-auth-client.changes 2018-12-31 09:40:21.754512594 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-auth-client.new.28833/yast2-auth-client.changes 2019-02-28 21:49:00.601381443 +0100
@@ -1,0 +2,6 @@
+Fri Feb 15 17:47:05 UTC 2019 - David Mulder
+
+- yast auth-client and krb5.conf wrong domain_realm entry; (bsc#1122026)
+- 4.1.1
+
+-------------------------------------------------------------------
Old:
----
yast2-auth-client-4.1.0.tar.bz2
New:
----
yast2-auth-client-4.1.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-auth-client.spec ++++++
--- /var/tmp/diff_new_pack.Ys6tb4/_old 2019-02-28 21:49:01.149381209 +0100
+++ /var/tmp/diff_new_pack.Ys6tb4/_new 2019-02-28 21:49:01.153381207 +0100
@@ -1,7 +1,7 @@
#
# spec file for package yast2-auth-client
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: yast2-auth-client
-Version: 4.1.0
+Version: 4.1.1
Release: 0
Url: https://github.com/yast/yast-auth-client
Summary: YaST2 - Centralised System Authentication Configuration
++++++ yast2-auth-client-4.1.0.tar.bz2 -> yast2-auth-client-4.1.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/package/yast2-auth-client.changes new/yast2-auth-client-4.1.1/package/yast2-auth-client.changes
--- old/yast2-auth-client-4.1.0/package/yast2-auth-client.changes 2018-11-28 12:10:38.000000000 +0100
+++ new/yast2-auth-client-4.1.1/package/yast2-auth-client.changes 2019-02-28 18:57:28.000000000 +0100
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Fri Feb 15 17:47:05 UTC 2019 - David Mulder
+
+- yast auth-client and krb5.conf wrong domain_realm entry; (bsc#1122026)
+- 4.1.1
+
+-------------------------------------------------------------------
Fri Nov 23 21:46:44 UTC 2018 - Stasiek Michalski
- Provide icon with module (boo#1109310)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/package/yast2-auth-client.spec new/yast2-auth-client-4.1.1/package/yast2-auth-client.spec
--- old/yast2-auth-client-4.1.0/package/yast2-auth-client.spec 2018-11-28 12:10:38.000000000 +0100
+++ new/yast2-auth-client-4.1.1/package/yast2-auth-client.spec 2019-02-28 18:57:28.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-auth-client
-Version: 4.1.0
+Version: 4.1.1
Release: 0
Url: https://github.com/yast/yast-auth-client
Summary: YaST2 - Centralised System Authentication Configuration
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/src/lib/auth/authconf.rb new/yast2-auth-client-4.1.1/src/lib/auth/authconf.rb
--- old/yast2-auth-client-4.1.0/src/lib/auth/authconf.rb 2018-11-28 12:10:38.000000000 +0100
+++ new/yast2-auth-client-4.1.1/src/lib/auth/authconf.rb 2019-02-28 18:57:28.000000000 +0100
@@ -41,7 +41,7 @@
# Clear all configuration objects.
def clear
# Kerberos configuration
- @krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realms' => {}, 'logging' => {}}
+ @krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realm' => {}, 'logging' => {}}
@krb_pam = false
# LDAP configuration (/etc/ldap.conf)
@ldap_conf = {}
@@ -524,14 +524,14 @@
end
# Write LDAP config file and correct its permission and ownerships
ldap_conf = File.new('/etc/ldap.conf', 'w')
- ldap_conf.chmod(644)
+ ldap_conf.chmod(0644)
ldap_conf.chown(0, 0)
ldap_conf.write(ldap_make_conf)
ldap_conf.close
# If automount is enabled, overwrite openldap's ldap.conf as well.
if @ldap_nss.include?('automount')
ldap_conf = File.new('/etc/openldap/ldap.conf', 'w')
- ldap_conf.chmod(644)
+ ldap_conf.chmod(0644)
ldap_conf.chown(0, 0)
ldap_conf.write(ldap_make_conf)
ldap_conf.close
@@ -674,7 +674,7 @@
# Make sure the Kerberos configuration has all the necessary keys.
def krb_lint_conf
- ['libdefaults', 'realms', 'domain_realms', 'logging'].each { |key|
+ ['libdefaults', 'realms', 'domain_realm', 'logging'].each { |key|
@krb_conf[key] = {} if @krb_conf[key].nil?
}
@krb_conf['include'] = [] if @krb_conf['include'].nil?
@@ -794,10 +794,10 @@
end
@krb_conf['realms'][realm_name].merge!("kdc" => kdc_addr, "admin_server" => admin_addr)
if make_domain_realms
- @krb_conf['domain_realms'].merge!(".#{realm_name.downcase}" => realm_name, "#{realm_name.downcase}" => realm_name)
+ @krb_conf['domain_realm'].merge!(".#{realm_name.downcase}" => realm_name, "#{realm_name.downcase}" => realm_name)
else
- @krb_conf['domain_realms'].delete(".#{realm_name.downcase}")
- @krb_conf['domain_realms'].delete("#{realm_name.downcase}")
+ @krb_conf['domain_realm'].delete(".#{realm_name.downcase}")
+ @krb_conf['domain_realm'].delete("#{realm_name.downcase}")
end
if make_default || @krb_conf['libdefaults']['default_realm'].to_s == ''
@krb_conf['libdefaults']['default_realm'] = realm_name
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/src/lib/auth/krbparse.rb new/yast2-auth-client-4.1.1/src/lib/auth/krbparse.rb
--- old/yast2-auth-client-4.1.0/src/lib/auth/krbparse.rb 2018-11-28 12:10:38.000000000 +0100
+++ new/yast2-auth-client-4.1.1/src/lib/auth/krbparse.rb 2019-02-28 18:57:28.000000000 +0100
@@ -26,7 +26,7 @@
long_attr1 = ''
long_attr2 = ''
sect = ''
- new_krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realms' => {}, 'logging' => {}}
+ new_krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realm' => {}, 'logging' => {}}
# Break down sections and key-value pairs
krb_conf_text.split(/\n/).each{ |line|
# Throw away comment
@@ -45,6 +45,16 @@
if sect_match
# remember current section
sect = sect_match[1]
+ # Bug 1122026: krb5.conf sections can have a variable amount
+ # of characters appended to the name, and still be valid.
+ # domain_realm for example could have an 's' appended, but
+ # is not the documented section title.
+ new_krb_conf.each { |k, v|
+ if sect_match[1].start_with?(k)
+ sect = k
+ break
+ end
+ }
next
end
# Remember expanded attribute
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/src/lib/authui/ldapkrb/edit_realm_dialog.rb new/yast2-auth-client-4.1.1/src/lib/authui/ldapkrb/edit_realm_dialog.rb
--- old/yast2-auth-client-4.1.0/src/lib/authui/ldapkrb/edit_realm_dialog.rb 2018-11-28 12:10:38.000000000 +0100
+++ new/yast2-auth-client-4.1.1/src/lib/authui/ldapkrb/edit_realm_dialog.rb 2019-02-28 18:57:28.000000000 +0100
@@ -51,9 +51,9 @@
VBox(
InputField(Id(:realm_name), Opt(:hstretch), _('Realm name'), @realm_name.to_s),
CheckBox(Id(:map_domain), Opt(:hstretch), _('Map Domain Name to the Realm (example.com -> EXAMPLE.COM)'),
- !@realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realms', @realm_name.downcase], nil).nil?),
+ !@realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realm', @realm_name.downcase], nil).nil?),
CheckBox(Id(:map_wildcard_domain), Opt(:hstretch), _('Map Wild Card Domain Name to the Realm (*.example.com -> EXAMPLE.COM)'),
- !@realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realms', ".#{@realm_name.downcase}"], nil).nil?),
+ !@realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realm', ".#{@realm_name.downcase}"], nil).nil?),
VSpacing(1.0),
InputField(Id(:admin_server), Opt(:hstretch), _('Host Name of Administration Server (Optional)'),
AuthConfInst.krb_conf_get(['realms', @realm_name, 'admin_server'], '')),
@@ -142,9 +142,9 @@
if AuthConfInst.krb_conf['libdefaults']['default_realm'] == @realm_name
AuthConfInst.krb_conf['libdefaults']['default_realm'] = input_realm_name
end
- domains = AuthConfInst.krb_conf['domain_realms'].select{ |_, realm| realm == @realm_name}.keys
- domains.each {|domain| AuthConfInst.krb_conf['domain_realms'].delete(domain)}
- domains.each {|domain| AuthConfInst.krb_conf['domain_realms'][domain] = input_realm_name}
+ domains = AuthConfInst.krb_conf['domain_realm'].select{ |_, realm| realm == @realm_name}.keys
+ domains.each {|domain| AuthConfInst.krb_conf['domain_realm'].delete(domain)}
+ domains.each {|domain| AuthConfInst.krb_conf['domain_realm'][domain] = input_realm_name}
end
# Create new realm
if !AuthConfInst.krb_conf['realms'].include?(input_realm_name)
@@ -156,14 +156,14 @@
realm_conf['master_kdc'] = UI.QueryWidget(Id(:master_kdc), :Value)
realm_conf['kdc'] = UI.QueryWidget(Id(:kdc), :Items).map{|item| item[1]}
if UI.QueryWidget(Id(:map_domain), :Value)
- AuthConfInst.krb_conf['domain_realms'][input_realm_name.downcase] = input_realm_name
+ AuthConfInst.krb_conf['domain_realm'][input_realm_name.downcase] = input_realm_name
else
- AuthConfInst.krb_conf['domain_realms'].delete(input_realm_name.downcase)
+ AuthConfInst.krb_conf['domain_realm'].delete(input_realm_name.downcase)
end
if UI.QueryWidget(Id(:map_wildcard_domain), :Value)
- AuthConfInst.krb_conf['domain_realms'][".#{input_realm_name.downcase}"] = input_realm_name
+ AuthConfInst.krb_conf['domain_realm'][".#{input_realm_name.downcase}"] = input_realm_name
else
- AuthConfInst.krb_conf['domain_realms'].delete(".#{input_realm_name.downcase}")
+ AuthConfInst.krb_conf['domain_realm'].delete(".#{input_realm_name.downcase}")
end
realm_conf['auth_to_local'] = UI.QueryWidget(Id(:auth_to_local), :Items).map{|item| item[1]}
realm_conf['auth_to_local_names'] = Hash[*UI.QueryWidget(Id(:auth_to_local_names), :Items).map{|item| [item[1], item[2]]}.flatten]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/src/lib/authui/ldapkrb/main_dialog.rb new/yast2-auth-client-4.1.1/src/lib/authui/ldapkrb/main_dialog.rb
--- old/yast2-auth-client-4.1.0/src/lib/authui/ldapkrb/main_dialog.rb 2018-11-28 12:10:38.000000000 +0100
+++ new/yast2-auth-client-4.1.1/src/lib/authui/ldapkrb/main_dialog.rb 2019-02-28 18:57:28.000000000 +0100
@@ -200,7 +200,7 @@
redo
end
if Popup.YesNo(_('Are you sure to delete realm %s?') % [realm_name])
- AuthConfInst.krb_conf['domain_realms'].delete_if{ |_, domain_realm| domain_realm == realm_name}
+ AuthConfInst.krb_conf['domain_realm'].delete_if{ |_, domain_realm| domain_realm == realm_name}
if UI.QueryWidget(Id(:krb_default_realm), :Value) == realm_name
UI.ChangeWidget(Id(:krb_default_realm), :Value, _('(not specified)'))
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/test/authconf_test.rb new/yast2-auth-client-4.1.1/test/authconf_test.rb
--- old/yast2-auth-client-4.1.0/test/authconf_test.rb 2018-11-28 12:10:38.000000000 +0100
+++ new/yast2-auth-client-4.1.1/test/authconf_test.rb 2019-02-28 18:57:28.000000000 +0100
@@ -183,9 +183,33 @@
"auth_to_local"=>["RULE:[2:$1](johndoe)s/^.*$/guest/"]
},
},
- "domain_realms"=>{}, "logging"=>{}
+ "domain_realm"=>{}, "logging"=>{}
}, "pam"=>false)
- # The second example is very comprehensive
+ # The second tests for cruft in the section names
+ authconf.krb_parse_set('
+[libdefaultsXXXXXXXXX]
+ default_realm = ABC.ZZZ
+
+[realmsYYYZZZZXXXXX]
+ ABC.ZZZ = {
+ kdc = howie.suse.de
+ admin_server = howie.suse.de
+ auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/
+ }
+')
+ expect(authconf.krb_export).to eq("conf"=>{
+ "include"=>[],
+ "libdefaults"=>{"default_realm"=>"ABC.ZZZ"},
+ "realms"=>{
+ "ABC.ZZZ"=>{
+ "kdc"=>["howie.suse.de"],
+ "admin_server"=>"howie.suse.de",
+ "auth_to_local"=>["RULE:[2:$1](johndoe)s/^.*$/guest/"]
+ },
+ },
+ "domain_realm"=>{}, "logging"=>{}
+ }, "pam"=>false)
+ # The third example is very comprehensive
authconf.krb_parse_set('include a/b/c.d
includedir e/f/g.h
module i/j/k.l:RESIDUAL
@@ -223,7 +247,7 @@
EMPTY.NET = {
}
-[domain_realms]
+[domain_realm]
.suse.de = ABC.ZZZ
suse.de = ABC.ZZZ
@@ -263,7 +287,7 @@
},
"EMPTY.NET"=> {},
},
- "domain_realms"=>{".suse.de"=>"ABC.ZZZ", "suse.de"=>"ABC.ZZZ"},
+ "domain_realm"=>{".suse.de"=>"ABC.ZZZ", "suse.de"=>"ABC.ZZZ"},
"logging"=>{"kdc"=>"FILE:/var/log/krb5/krb5kdc.log", "admin_server"=>"FILE:/var/log/krb5/kadmind.log", "default"=>"SYSLOG:NOTICE:DAEMON"},
"dbmodules"=>{
"openldap_ldapconf"=>{
@@ -289,7 +313,7 @@
forwardable = true
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
-[domain_realms]
+[domain_realm]
.suse.de = ABC.ZZZ
suse.de = ABC.ZZZ
@@ -338,7 +362,7 @@
{"ABC.ZZZ"=>{"kdc"=>["howie.suse.de"], "admin_server"=>"howie.suse.de"},
"ABD.ZZZ"=>{"kdc"=>["howie2.suse.de"], "admin_server"=>"howie2.suse.de"}},
"libdefaults"=>{"default_realm"=>"ABC.ZZZ", "forwardable"=>"true"},
- "domain_realms"=>{".suse.de"=>"ABC.ZZZ", "suse.de"=>"ABC.ZZZ"},
+ "domain_realm"=>{".suse.de"=>"ABC.ZZZ", "suse.de"=>"ABC.ZZZ"},
"logging"=>
{"kdc"=>"FILE:/var/log/krb5/krb5kdc.log",
"admin_server"=>"FILE:/var/log/krb5/kadmind.log",
@@ -351,7 +375,7 @@
conf = {"conf"=>
{"realms"=>{},
"libdefaults"=>{},
- "domain_realms"=>{},
+ "domain_realm"=>{},
"logging"=>
{"kdc"=>"FILE:/var/log/krb5/krb5kdc.log",
"admin_server"=>"FILE:/var/log/krb5/kadmind.log",
@@ -363,7 +387,7 @@
{"realms"=>
{"ABC.ZZZ"=>{"kdc"=>"howie.suse.de", "admin_server"=>"howie2.suse.de"}},
"libdefaults"=>{"default_realm"=>"ABC.ZZZ"},
- "domain_realms"=>{".abc.zzz"=>"ABC.ZZZ", "abc.zzz"=>"ABC.ZZZ"},
+ "domain_realm"=>{".abc.zzz"=>"ABC.ZZZ", "abc.zzz"=>"ABC.ZZZ"},
"logging"=>
{"kdc"=>"FILE:/var/log/krb5/krb5kdc.log",
"admin_server"=>"FILE:/var/log/krb5/kadmind.log",
@@ -374,7 +398,7 @@
{"realms"=>
{"ABC.ZZZ"=>{"kdc"=>"3.suse.de", "admin_server"=>"4.suse.de"}},
"libdefaults"=>{"default_realm"=>"ABC.ZZZ"},
- "domain_realms"=>{},
+ "domain_realm"=>{},
"logging"=>
{"kdc"=>"FILE:/var/log/krb5/krb5kdc.log",
"admin_server"=>"FILE:/var/log/krb5/kadmind.log",