commit yast2-kerberos-client

1 Mar 2007

Hello community,

here is the log from the commit of package yast2-kerberos-client
checked in at Thu Mar 1 21:36:06 CET 2007.

--------

--- yast2-kerberos-client/yast2-kerberos-client.changes	2007-02-20 13:28:39.000000000 +0100
+++ /mounts/work_src_done/NOARCH/yast2-kerberos-client/yast2-kerberos-client.changes	2007-02-27 10:10:31.478659000 +0100
@@ -1,0 +2,6 @@
+Tue Feb 27 09:00:31 CET 2007 - jsuchome@suse.cz
+
+- added option to "Ignore Unknown Principles" (#217369)
+- 2.15.4
+
+-------------------------------------------------------------------

Old:
----
  yast2-kerberos-client-2.15.3.tar.bz2

New:
----
  yast2-kerberos-client-2.15.4.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-kerberos-client.spec ++++++
--- /var/tmp/diff_new_pack.kh4280/_old	2007-03-01 21:35:46.000000000 +0100
+++ /var/tmp/diff_new_pack.kh4280/_new	2007-03-01 21:35:46.000000000 +0100
@@ -1,5 +1,5 @@
 #
-# spec file for package yast2-kerberos-client (Version 2.15.3)
+# spec file for package yast2-kerberos-client (Version 2.15.4)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -11,12 +11,12 @@
 # norootforbuild
 
 Name:           yast2-kerberos-client
-Version:        2.15.3
+Version:        2.15.4
 Release:        1
 License:        GNU General Public License (GPL)
 Group:          System/YaST
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source0:        yast2-kerberos-client-2.15.3.tar.bz2
+Source0:        yast2-kerberos-client-2.15.4.tar.bz2
 prefix:		/usr
 BuildRequires:  doxygen perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-pam yast2-testsuite
 # new Pam.ycp API
@@ -35,7 +35,7 @@
     Jiri Suchomel <jsuchome@suse.cz>
 
 %prep
-%setup -n yast2-kerberos-client-2.15.3
+%setup -n yast2-kerberos-client-2.15.4
 
 %build
 %{prefix}/bin/y2tool y2autoconf
@@ -74,6 +74,9 @@
 %doc %{prefix}/share/doc/packages/yast2-kerberos-client
 
 %changelog
+* Tue Feb 27 2007 - jsuchome@suse.cz
+- added option to "Ignore Unknown Principles" (#217369)
+- 2.15.4
 * Tue Feb 20 2007 - jsuchome@suse.cz
 - support multiple values for KDC (#246241)
 - 2.15.3

++++++ yast2-kerberos-client-2.15.3.tar.bz2 -> yast2-kerberos-client-2.15.4.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/agents/etc_krb5_conf.scr new/yast2-kerberos-client-2.15.4/agents/etc_krb5_conf.scr
--- old/yast2-kerberos-client-2.15.3/agents/etc_krb5_conf.scr	2007-02-19 16:39:30.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/agents/etc_krb5_conf.scr	2007-02-20 13:29:03.000000000 +0100
@@ -4,7 +4,7 @@
  * Summary:
  *   SCR Agent for reading/writing /etc/krb5.conf using the ini-agent
  *
- * $Id: etc_krb5_conf.scr 13007 2003-12-10 13:20:01Z jsuchome $
+ * $Id: etc_krb5_conf.scr 36303 2007-02-20 12:29:00Z jsuchome $
  *
  * Read/Sets the values defined in <tt>/etc/krb5.conf</tt>.
  * Warning! The file has 2 type of sections!
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/src/dialogs.ycp new/yast2-kerberos-client-2.15.4/src/dialogs.ycp
--- old/yast2-kerberos-client-2.15.3/src/dialogs.ycp	2007-02-20 13:01:54.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/src/dialogs.ycp	2007-02-23 15:04:34.000000000 +0100
@@ -4,7 +4,7 @@
  * Summary:	Dialogs definitions
  * Authors:	Jiri Suchomel <jsuchome@suse.cz>
  *
- * $Id: dialogs.ycp 36225 2007-02-16 15:13:34Z jsuchome $
+ * $Id: dialogs.ycp 36303 2007-02-20 12:29:00Z jsuchome $
  */
 
 {
@@ -273,6 +273,9 @@
 ") +
 
     // help text
+    _("<p>Check <b>Ignore Unknown Users</b> to have Kerberos ignore authentication attempts by users it does not know.</p>") +
+
+    // help text
     _("<p>When the <b>Minimum UID</b> is greater than 0, authentication attempts by
 users with UIDs below the specified number are ignored. This is useful for
 disabling Kerberos authentication for the system administrator root.</p>
@@ -299,11 +302,11 @@
     boolean prox	= Kerberos::proxiable == "true";
     boolean retain	= Kerberos::retain_after_close == "true";
     boolean ssh		= Kerberos::ssh_support;
-
+    boolean ignore_unknown	= Kerberos::ignore_unknown;
     string clockskew	= Kerberos::clockskew;
 
     term con = `HBox (`HSpacing (3), `VBox (
-        `VSpacing (1),
+        `VSpacing (0.8),
 	// frame label
 	`Frame (_("Ticket Attributes"), `HBox(`HSpacing (0.5), `VBox(
 	    `VSpacing (0.5),
@@ -320,11 +323,15 @@
 	    `Left(`CheckBox (`id (`retain), _("R&etained"), retain)),
 	    `VSpacing (0.5)), `HSpacing (0.5)
 	)),
-        `VSpacing (1),
+        `VSpacing (0.8),
 	`Left(`CheckBox (`id (`ssh),
 	    // checkbox label
 	    _("Kerberos Support for Open&SSH Client"), ssh)),
-        `VSpacing (0.5),
+        `VSpacing (0.4),
+	`Left (`CheckBox (`id (`ignore_unknown),
+	    // checkbox label
+	    _("&Ignore Unknown Users"), ignore_unknown)),
+        `VSpacing (0.4),
         // UID=User ID
         `IntField (`id (`uid), _("Minimum &UID"), 0, 60000,
 	    tointeger (uid)),
@@ -437,12 +444,17 @@
 	    "true" : "false";
 	Kerberos::retain_after_close =
 	    (boolean) UI::QueryWidget (`id(`retain), `Value) ? "true" : "false";
-
 	if (ssh != Kerberos::ssh_support)
 	{
 	    Kerberos::ssh_modified = true;
 	    Kerberos::ssh_support = ssh;
 	}
+	ignore_unknown	= (boolean) UI::QueryWidget (`id(`ignore_unknown), `Value);
+        if (ignore_unknown != Kerberos::ignore_unknown)
+        {
+            Kerberos::pam_modified	= true;
+	    Kerberos::ignore_unknown	= ignore_unknown;
+	}
     }
     return result;
 }
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/src/Kerberos.ycp new/yast2-kerberos-client-2.15.4/src/Kerberos.ycp
--- old/yast2-kerberos-client-2.15.3/src/Kerberos.ycp	2007-02-20 13:12:39.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/src/Kerberos.ycp	2007-02-27 09:57:35.000000000 +0100
@@ -4,7 +4,7 @@
  * Summary:	Data for configuration of kerberos-client, i/o functions.
  * Authors:	Jiri Suchomel <jsuchome@suse.cz>
  *
- * $Id: Kerberos.ycp 35279 2007-01-12 12:38:56Z jsuchome $
+ * $Id: Kerberos.ycp 36303 2007-02-20 12:29:00Z jsuchome $
  *
  * Representation of the configuration of kerberos-client.
  * Input and output routines.
@@ -65,6 +65,9 @@
 global string use_shmem	= "sshd";
 global string mappings	= "";
 
+// --krb5-ignore_unknown_principals for pam-config
+global boolean ignore_unknown	= true;
+
 // section in /etc/ssh/ssh_config file for storing krb support
 string ssh_section = "*";
 
@@ -112,6 +115,7 @@
     kdc			= client["kdc_server"]:"";
     clockskew		= client["clockskew"]:clockskew;
     ssh_support		= client["ssh_support"]:false;
+    ignore_unknown	= client["ignore_unknown"]:ignore_unknown;
     ticket_lifetime	= client["ticket_lifetime"]:"1d";
     renew_lifetime	= client["renew_lifetime"]:"1d";
     minimum_uid		= client["minimum_uid"]:minimum_uid;
@@ -143,6 +147,7 @@
 		"kdc_server"		: kdc,
 		"clockskew"		: clockskew,
 		"ssh_support"		: ssh_support,
+		"ignore_unknown"	: ignore_unknown,
 		"ticket_lifetime"	: ticket_lifetime,
                 "renew_lifetime"	: renew_lifetime,
                 "minimum_uid"		: minimum_uid,
@@ -251,7 +256,10 @@
  */
 global define boolean Read () ``{
 
-    use_pam_krb	= Pam::Enabled ("krb5");
+    map pam_query	= Pam::Query ("krb5");
+    use_pam_krb		= size (pam_query) > 0;
+    if (use_pam_krb) // if krb is not enabled, ignore_unknown is true by default
+	ignore_unknown	= contains (pam_query["account"]:[], "ignore_unknown_principals");
 
     // now read the settings from /etc/krb5.conf
     if (FileUtils::Exists ("/etc/krb5.conf"))
@@ -395,7 +403,7 @@
 	list<string> to_install = [];
 	// check if packages are avialable...
 	foreach (string p, packages, ``{
-	    if (Package::Available (p))
+	    if (Package::Available (p) == true)
 		to_install = add (to_install, p);
 	});
 	Package::DoInstallAndRemove (to_install, []);
@@ -411,6 +419,10 @@
         if (use_pam_krb)
         {
 	    Pam::Add ("krb5");
+	    if (ignore_unknown)
+		Pam::Add ("krb5-ignore_unknown_principals");
+	    else
+		Pam::Remove ("krb5-ignore_unknown_principals");
         }
         else
         {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/ReadKrb5ConfValue.ycp new/yast2-kerberos-client-2.15.4/testsuite/tests/ReadKrb5ConfValue.ycp
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/ReadKrb5ConfValue.ycp	2007-02-20 13:10:50.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/ReadKrb5ConfValue.ycp	2007-02-20 13:29:03.000000000 +0100
@@ -2,7 +2,7 @@
  *  ReadKrb5ConfValue.ycp
  *  Test of Kerberos::ReadKrb5ConfValue function
  *  Author:	Jiri Suchomel <jsuchome@suse.cz>
- *  $Id: ReadKrb5ConfValue.ycp 21833 2005-02-22 13:51:43Z jsuchome $
+ *  $Id: ReadKrb5ConfValue.ycp 36303 2007-02-20 12:29:00Z jsuchome $
  */
 
 {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/Read.ycp new/yast2-kerberos-client-2.15.4/testsuite/tests/Read.ycp
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/Read.ycp	2007-02-20 13:05:47.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/Read.ycp	2007-02-20 13:29:03.000000000 +0100
@@ -2,7 +2,7 @@
  *  Read.ycp
  *  Test of Kerberos::Read function (whole read process, many config files)
  *  Author:	Jiri Suchomel <jsuchome@suse.cz>
- *  $Id: Read.ycp 32816 2006-09-12 11:49:16Z jsuchome $
+ *  $Id: Read.ycp 36303 2007-02-20 12:29:00Z jsuchome $
  */
 
 {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/WriteKrb5ConfValue.ycp new/yast2-kerberos-client-2.15.4/testsuite/tests/WriteKrb5ConfValue.ycp
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/WriteKrb5ConfValue.ycp	2007-02-20 13:15:25.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/WriteKrb5ConfValue.ycp	2007-02-20 13:29:03.000000000 +0100
@@ -2,7 +2,7 @@
  *  WriteKrb5ConfValue.ycp
  *  Test of Kerberos::WriteKrb5ConfValue function
  *  Author:	Jiri Suchomel <jsuchome@suse.cz>
- *  $Id: WriteKrb5ConfValue.ycp 27936 2006-02-13 20:01:14Z olh $
+ *  $Id: WriteKrb5ConfValue.ycp 36303 2007-02-20 12:29:00Z jsuchome $
  */
 
 {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/Write.out new/yast2-kerberos-client-2.15.4/testsuite/tests/Write.out
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/Write.out	2007-02-20 13:12:06.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/Write.out	2007-02-27 09:14:38.000000000 +0100
@@ -1,5 +1,9 @@
 Dump	==== writing without any changes =================================
 Return	true
+Dump	==== pam enabled with krb5-ignore_unknown_principals=
+Execute	.target.bash_output "pam-config -a --krb5" $["stdout":""]
+Execute	.target.bash_output "pam-config -a --krb5-ignore_unknown_principals" $["stdout":""]
+Return	true
 Dump	==== ssh modified (enabled) ======================================
 Write	.etc.ssh.ssh_config.v."*"."GSSAPIAuthentication" "yes" true
 Write	.etc.ssh.ssh_config.v."*"."GSSAPIDelegateCredentials" "yes" true
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/Write.ycp new/yast2-kerberos-client-2.15.4/testsuite/tests/Write.ycp
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/Write.ycp	2006-08-25 15:32:04.000000000 +0200
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/Write.ycp	2007-02-27 09:14:15.000000000 +0100
@@ -51,6 +51,17 @@
 
     Testsuite::Test(``(Kerberos::Write ()), [ $[], WRITE, EX ], 0);
 
+    Testsuite::Dump ("==== pam enabled with krb5-ignore_unknown_principals=");
+
+    Kerberos::pam_modified	= true;
+    Kerberos::use_pam_krb	= true;
+    Kerberos::ignore_unknown	= true;
+
+    Testsuite::Test(``(Kerberos::Write ()), [ READ, WRITE, EX ], 0);
+
+    Kerberos::pam_modified	= false;
+    Kerberos::ignore_unknown	= false;
+
     Testsuite::Dump ("==== ssh modified (enabled) ======================================");
 
     Kerberos::ssh_modified = true;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/VERSION new/yast2-kerberos-client-2.15.4/VERSION
--- old/yast2-kerberos-client-2.15.3/VERSION	2007-02-20 13:16:22.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/VERSION	2007-02-27 09:02:27.000000000 +0100
@@ -1 +1 @@
-2.15.3
+2.15.4


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

root＠Hilbert.suse.de

tags

participants (1)