Hello community,
here is the log from the commit of package yast2-network for openSUSE:Factory checked in at 2013-07-01 16:01:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-network (Old)
and /work/SRC/openSUSE:Factory/.yast2-network.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-network"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-network/yast2-network.changes 2013-06-17 10:26:32.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-network.new/yast2-network.changes 2013-07-01 16:01:37.000000000 +0200
@@ -1,0 +2,11 @@
+Thu Jun 20 06:49:08 UTC 2013 - mfilka@suse.com
+
+- bnc#808490
+ - set securitytypes=none for Xvnc when remote administration
+ is allowed. Required due to different default value in currently
+ used Xvnc implementation (TigerVNC).
+ - Remote Administration module opens ports in firewall when
+ requested by user
+- 2.25.5
+
+-------------------------------------------------------------------
Old:
----
yast2-network-2.25.4.tar.bz2
New:
----
yast2-network-2.25.5.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-network.spec ++++++
--- /var/tmp/diff_new_pack.yoRN68/_old 2013-07-01 16:01:38.000000000 +0200
+++ /var/tmp/diff_new_pack.yoRN68/_new 2013-07-01 16:01:38.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-network
-Version: 2.25.4
+Version: 2.25.5
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-network-2.25.4.tar.bz2 -> yast2-network-2.25.5.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/VERSION new/yast2-network-2.25.5/VERSION
--- old/yast2-network-2.25.4/VERSION 2013-05-30 11:06:38.000000000 +0200
+++ new/yast2-network-2.25.5/VERSION 2013-06-28 15:40:58.000000000 +0200
@@ -1 +1 @@
-2.25.4
+2.25.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/configure new/yast2-network-2.25.5/configure
--- old/yast2-network-2.25.4/configure 2013-06-14 14:39:01.000000000 +0200
+++ new/yast2-network-2.25.5/configure 2013-06-28 17:01:18.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for yast2-network 2.25.4.
+# Generated by GNU Autoconf 2.69 for yast2-network 2.25.5.
#
# Report bugs to http://bugs.opensuse.org/.
#
@@ -579,8 +579,8 @@
# Identity of this package.
PACKAGE_NAME='yast2-network'
PACKAGE_TARNAME='yast2-network'
-PACKAGE_VERSION='2.25.4'
-PACKAGE_STRING='yast2-network 2.25.4'
+PACKAGE_VERSION='2.25.5'
+PACKAGE_STRING='yast2-network 2.25.5'
PACKAGE_BUGREPORT='http://bugs.opensuse.org/'
PACKAGE_URL=''
@@ -1247,7 +1247,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures yast2-network 2.25.4 to adapt to many kinds of systems.
+\`configure' configures yast2-network 2.25.5 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1318,7 +1318,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of yast2-network 2.25.4:";;
+ short | recursive ) echo "Configuration of yast2-network 2.25.5:";;
esac
cat <<\_ACEOF
@@ -1398,7 +1398,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-yast2-network configure 2.25.4
+yast2-network configure 2.25.5
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1415,7 +1415,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by yast2-network $as_me 2.25.4, which was
+It was created by yast2-network $as_me 2.25.5, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2354,7 +2354,7 @@
# Define the identity of the package.
PACKAGE='yast2-network'
- VERSION='2.25.4'
+ VERSION='2.25.5'
cat >>confdefs.h <<_ACEOF
@@ -2477,7 +2477,7 @@
-VERSION="2.25.4"
+VERSION="2.25.5"
RPMNAME="yast2-network"
MAINTAINER="Michal Filka "
@@ -3403,7 +3403,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by yast2-network $as_me 2.25.4, which was
+This file was extended by yast2-network $as_me 2.25.5, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -3456,7 +3456,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-yast2-network config.status 2.25.4
+yast2-network config.status 2.25.5
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/configure.in new/yast2-network-2.25.5/configure.in
--- old/yast2-network-2.25.4/configure.in 2013-06-14 14:38:57.000000000 +0200
+++ new/yast2-network-2.25.5/configure.in 2013-06-28 17:01:14.000000000 +0200
@@ -1,9 +1,9 @@
dnl configure.in for yast2-network
dnl
-dnl -- This file is generated by y2autoconf 2.24.0 - DO NOT EDIT! --
+dnl -- This file is generated by y2autoconf 2.24.1 - DO NOT EDIT! --
dnl (edit configure.in.in instead)
-AC_INIT(yast2-network, 2.25.4, http://bugs.opensuse.org/, yast2-network)
+AC_INIT(yast2-network, 2.25.5, http://bugs.opensuse.org/, yast2-network)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])
@@ -18,7 +18,7 @@
AM_INIT_AUTOMAKE(tar-ustar -Wno-portability)
dnl Important YaST2 variables
-VERSION="2.25.4"
+VERSION="2.25.5"
RPMNAME="yast2-network"
MAINTAINER="Michal Filka "
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/src/clients/remote.ycp new/yast2-network-2.25.5/src/clients/remote.ycp
--- old/yast2-network-2.25.4/src/clients/remote.ycp 2013-01-22 11:31:22.000000000 +0100
+++ new/yast2-network-2.25.5/src/clients/remote.ycp 2013-06-28 15:40:58.000000000 +0200
@@ -94,7 +94,14 @@
}
y2milestone("Setting AllowRemoteAdministration to '%1'", allow_ra);
- Remote::allow_administration = (allow_ra == "yes" ? true : false);
+ if(allow_ra == "yes")
+ {
+ Remote::Enable();
+ }
+ else
+ {
+ Remote::Disable();
+ }
return true;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/src/modules/Remote.ycp new/yast2-network-2.25.5/src/modules/Remote.ycp
--- old/yast2-network-2.25.4/src/modules/Remote.ycp 2013-03-01 13:16:35.000000000 +0100
+++ new/yast2-network-2.25.5/src/modules/Remote.ycp 2013-06-28 15:40:58.000000000 +0200
@@ -41,13 +41,29 @@
import "SuSEFirewall";
import "Progress";
import "Linuxrc";
+import "String";
+import "FileUtils";
include "network/routines.ycp";
+// security types supported by Xvnc
+global const string SEC_NONE = "none";
+global const string SEC_VNCAUTH = "vncauth";
+
+global list<string> SEC_TYPES = [
+ SEC_NONE,
+ SEC_VNCAUTH,
+];
+
+global const string SEC_OPT_SECURITYTYPE = "securitytypes";
+
+// Currently, all attributes (enablement of remote access)
+// are applied on vnc1 even vnchttpd1 configuration
+
/**
* Allow remote administration
*/
-global boolean allow_administration = false;
+boolean allow_administration = false;
/**
* Default display manager
@@ -61,6 +77,38 @@
boolean already_proposed = false;
/**
+ * Checks if remote administration is currently allowed
+ */
+global boolean IsEnabled()
+{
+ return allow_administration;
+}
+
+/**
+ * Checks if remote administration is currently disallowed
+ */
+global boolean IsDisabled()
+{
+ return !IsEnabled();
+}
+
+/**
+ * Enables remote administration.
+ */
+global void Enable()
+{
+ allow_administration = true;
+}
+
+/**
+ * Disables remote administration.
+ */
+global void Disable()
+{
+ allow_administration = false;
+}
+
+/**
* Reset all module data.
*/
global void Reset() {
@@ -84,6 +132,80 @@
}
/**
+ * Removes all options <option> (and its value) from
+ *
+ * Note: server_args has to be valid. In case of incorrect input (e.g. -opt1= -opt2)
+ * is result undefined.
+ *
+ * @param server_args list of options as provided by server_args attribute in
+ * /etc/xinet.d/vnc
+ * @param option option name. Typically alphanumeric string. If a regexp special
+ * characters are used behavior is undefined.
+ * @param has_value if true then option is expected to be followed by a value
+ *
+ * @return modified server_args string in case of success unchanged
+ * server_args otherwise
+ */
+string ServerArgsRemoveOpt( string server_args, string option, boolean has_value)
+{
+ if( IsEmptyString( server_args) || IsEmptyString( option))
+ {
+ return server_args;
+ }
+
+ // Note: value (e.g. filename in -passwdfile) cannot be quoted (a bug in Xvnc ?).
+ // valid forms are:
+ // e.g. -file=path_to_file or
+ // e.g. -file path_to_file
+ const string value_pattern_nquote = "[=[:space:]][^[:space:]]+";
+ const string pattern = sformat( "[[:space:]]*[-]{0,2}%1%2", option, ( has_value ? value_pattern_nquote : "") );
+
+ // Xvnc:
+ // - is case insensitive to option names.
+ // - option can be prefixed by 0 or up to 2 dashes
+ // - option and value can be separated by space or =
+ string new_server_args = tolower( server_args);
+
+ new_server_args = String::CutRegexMatch( new_server_args, pattern, true);
+
+ return new_server_args;
+}
+
+/**
+ * Add given option and its value to server_args.
+ *
+ * If option is present already then all occurences of option are removed.
+ * New option value pair is added subsequently.
+ */
+string SetServerArgsOpt( string server_args, string option, string value)
+{
+ string new_server_args = ServerArgsRemoveOpt( server_args, option, !IsEmptyString( value));
+ new_server_args = sformat( "%1 -%2 %3", new_server_args, option, value);
+
+ return String::CutBlanks( new_server_args);
+}
+
+/**
+ * Appends option for particular security type.
+ *
+ * @param server_args string with server options as written in xinetd cfg file
+ * @param sec_type a security type supported by Xvnc (see man xvnc)
+ *
+ * @return server_args with appended option for particular sec_type
+ * if sec_type is valid. Unchanged server_args otherwise.
+ */
+string SetSecurityType( string server_args, string sec_type)
+{
+ // validate sec_type
+ if( !contains( SEC_TYPES, sec_type))
+ {
+ return server_args;
+ }
+
+ return SetServerArgsOpt( server_args, SEC_OPT_SECURITYTYPE, sec_type);
+}
+
+/**
* Read the current status
* @return true on success
*/
@@ -97,7 +219,8 @@
list<map> xinetd_conf = (list<map>) SCR::Read(.etc.xinetd_conf.services);
list<map> vnc_conf = filter (map m, xinetd_conf, {
string s = m["service"]:"";
- return s == "vnc1" || s == "vnchttpd1";
+
+ return s == "vnc1" || s == "vnchttpd1";
});
boolean vnc = size (vnc_conf) == 2 &&
vnc_conf[0, "enabled"]:false &&
@@ -124,6 +247,48 @@
y2milestone("SaX2 returned: %1", SCR::Execute(.target.bash_output, command));
}
+boolean WriteXinetd()
+{
+ // Enable/disable vnc1 and vnchttpd1 in xinetd.d/vnc
+ // If the port is changed, change also the help in remote/dialogs.ycp
+ // The agent is in yast2-inetd.rpm
+ list<map> xinetd = (list<map>) SCR::Read(.etc.xinetd_conf.services);
+
+ xinetd = maplist (map m, xinetd,
+ {
+ string s = m["service"]:"";
+
+ if( !(s == "vnc1" || s == "vnchttpd1") )
+ {
+ return m;
+ }
+
+ m["changed"] = true;
+ m["enabled"] = allow_administration;
+
+ string server_args = m[ "server_args"]:"";
+
+ if( allow_administration)
+ {
+ // use none authentication, xdm will take care of it
+ m[ "server_args"] = SetSecurityType( server_args, SEC_NONE);
+ }
+ else
+ {
+ // switch back to default when remote administration is disallowed.
+ m[ "server_args"] = ServerArgsRemoveOpt( server_args, SEC_OPT_SECURITYTYPE, true);
+ }
+
+ y2milestone("Updated xinet cfg: %1", m);
+
+ return m;
+ });
+
+ SCR::Write(.etc.xinetd_conf.services, xinetd);
+
+ return true;
+}
+
/**
* Update the SCR according to network settings
* @return true on success
@@ -203,22 +368,11 @@
boolean have_xinetd = Package::Installed("xinetd");
//Do this only if package xinetd is installed (#256385)
- if (have_xinetd) {
- // Enable/disable vnc1 and vnchttpd1 in xinetd.d/vnc
- // If the port is changed, change also the help in remote/dialogs.ycp
- // The agent is in yast2-inetd.rpm
- list<map> xinetd = (list<map>) SCR::Read(.etc.xinetd_conf.services);
- xinetd = maplist (map m, xinetd, {
- string s = m["service"]:"";
- if (s == "vnc1" || s == "vnchttpd1") {
- m["changed"] = true;
- m["enabled"] = allow_administration;
- }
- return m;
- });
- SCR::Write(.etc.xinetd_conf.services, xinetd);
- }
- sleep(sl);
+ if (have_xinetd && !WriteXinetd() )
+ {
+ return false;
+ }
+ sleep(sl);
if(Mode::normal ()) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/src/remote/dialogs.ycp new/yast2-network-2.25.5/src/remote/dialogs.ycp
--- old/yast2-network-2.25.4/src/remote/dialogs.ycp 2013-01-22 11:31:22.000000000 +0100
+++ new/yast2-network-2.25.5/src/remote/dialogs.ycp 2013-06-28 15:40:58.000000000 +0200
@@ -35,12 +35,25 @@
import "Remote";
import "Wizard";
import "CWMFirewallInterfaces";
+import "Popup";
+
+boolean DialogDone( any event)
+{
+ symbol action = (symbol) event;
+
+ if( action == `next || action == `back)
+ return true;
+ if( action == `abort || action == `cancel)
+ return true;
+
+ return false;
+}
/**
* Remote administration dialog
* @return dialog result
*/
-define symbol RemoteMainDialog() {
+symbol RemoteMainDialog() {
/* Ramote Administration dialog caption */
string caption = _("Remote Administration");
@@ -48,15 +61,14 @@
term allow_buttons = `RadioButtonGroup(
`VBox (
/* RadioButton label */
- `Left(`RadioButton(`id(`allow), _("&Allow Remote Administration"), false)),
+ `Left(`RadioButton(`id(`allow), _("&Allow Remote Administration"), Remote::IsEnabled() )),
/* RadioButton label */
- `Left(`RadioButton(`id(`disallow), _("&Do Not Allow Remote Administration"), false))
+ `Left(`RadioButton(`id(`disallow), _("&Do Not Allow Remote Administration"), Remote::IsDisabled() ))
)
);
map firewall_widget = CWMFirewallInterfaces::CreateOpenFirewallWidget ($[
- //Service vnc renamed to service:xorg-x11-server (#431971)
- "services" : [ "service:xorg-x11-server" ],
+ "services" : [ "service:xorg-x11-Xvnc" ],
"display_details" : true,
]);
term firewall_layout = firewall_widget["custom_widget"]:`VBox ();
@@ -80,14 +92,10 @@
`Frame (
/* Dialog frame title */
_("Remote Administration Settings"),
- allow_buttons
+ allow_buttons
),
- `VSpacing (1),
- `Frame (
- /* Dialog frame title */
- _("Firewall Settings"),
- firewall_layout
- )
+ `VSpacing( 1),
+ firewall_layout
),
`HStretch()
);
@@ -98,9 +106,6 @@
Wizard::SetAbortButton(`abort, Label::CancelButton());
Wizard::HideBackButton();
- UI::ChangeWidget(`id(`allow), `Value, Remote::allow_administration);
- UI::ChangeWidget(`id(`disallow), `Value, !Remote::allow_administration);
-
CWMFirewallInterfaces::OpenFirewallInit (firewall_widget, "");
any ret = nil;
@@ -112,25 +117,27 @@
CWMFirewallInterfaces::OpenFirewallHandle (firewall_widget, "", event);
- if(ret == `abort)
- {
- break;
- }
- else if(ret == `help)
+ if(ret == `help)
{
Wizard::ShowHelp(help);
}
- else if(ret == `cancel)
- {
- break;
- }
- } until( ret == `next || ret == `back );
+ } until( DialogDone( ret) );
if(ret == `next)
{
- CWMFirewallInterfaces::OpenFirewallStore (firewall_widget, "", event);
- Remote::allow_administration = (boolean) UI::QueryWidget(`id(`allow), `Value);
+ CWMFirewallInterfaces::OpenFirewallStore (firewall_widget, "", event);
+
+ boolean allowed = (boolean) UI::QueryWidget( `id( `allow), `Value);
+
+ if( allowed)
+ {
+ Remote::Enable();
+ }
+ else
+ {
+ Remote::Disable();
+ }
}
return (symbol) ret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/testsuite/tests/remote.out new/yast2-network-2.25.5/testsuite/tests/remote.out
--- old/yast2-network-2.25.4/testsuite/tests/remote.out 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-network-2.25.5/testsuite/tests/remote.out 2013-06-28 15:40:58.000000000 +0200
@@ -0,0 +1,2 @@
+Read .target.tmpdir nil
+Log Failed to set temporary directory: nil
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/testsuite/tests/remote.ycp new/yast2-network-2.25.5/testsuite/tests/remote.ycp
--- old/yast2-network-2.25.4/testsuite/tests/remote.ycp 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-network-2.25.5/testsuite/tests/remote.ycp 2013-06-28 15:40:58.000000000 +0200
@@ -0,0 +1,56 @@
+{
+
+import "Assert";
+import "Testsuite";
+
+map READ = $[
+
+ "probe" : $[
+ "architecture" : "i386",
+ ],
+ "sysconfig" : $[
+ "console" : $[
+ "CONSOLE_ENCODING" : "UTF-8",
+ ],
+ ],
+];
+
+map EXEC = $[
+ "target": $[
+ "bash_output": $[
+ "exit": 0,
+ "stdout": "charset=UTF-8",
+ "stderr":"",
+ ],
+ ],
+];
+
+import "Remote";
+
+// currently used default server_args from Xvnc package
+const string default_server_args = "-noreset -inetd -once -query localhost -geometry 1024x768 -depth 16";
+const string none_result = sformat( "-securitytypes %1", Remote::SEC_NONE);
+
+// empty args
+string server_args_empty = "";
+// default args from Xvnc
+string server_args_0 = default_server_args;
+// two dashes, upper case in option value
+string server_args_1 = "--securityTypes=VNCAUTH";
+// securitytypes present twice, camel case in option name.
+string server_args_2 = "securityTypes=VNCAUTH -rfbauth /var/lib/nobody/.vnc/passwd -securitytypes=vncauth";
+// space separated option and value
+string server_args_3 = "-securitytypes none " + default_server_args;
+
+// ********** Remote::SetSecurityType ********** //
+
+Assert::Equal( none_result, Remote::SetSecurityType( server_args_empty, Remote::SEC_NONE) );
+Assert::Equal( sformat( "%1 %2", default_server_args, none_result), Remote::SetSecurityType( server_args_0, Remote::SEC_NONE) );
+Assert::Equal( none_result, Remote::SetSecurityType( server_args_1, Remote::SEC_NONE) );
+Assert::Equal( sformat( "-rfbauth /var/lib/nobody/.vnc/passwd %1", none_result), Remote::SetSecurityType( server_args_2, Remote::SEC_NONE) );
+Assert::Equal( sformat( "%1 %2", default_server_args, none_result), Remote::SetSecurityType( server_args_3, Remote::SEC_NONE) );
+
+Assert::Equal( server_args_empty, Remote::SetSecurityType( server_args_empty, "INVALID") );
+Assert::Equal( default_server_args, Remote::SetSecurityType( default_server_args, "INVALID") );
+
+} /* EOF */
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org