Mailinglist Archive: opensuse-commit (1426 mails)

< Previous Next >
commit yast2-kerberos-client
  • From: root@xxxxxxxxxxxxxxx (h_root)
  • Date: Thu, 01 Mar 2007 21:36:06 +0100
  • Message-id: <20070301203606.B4DB2678182@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package yast2-kerberos-client
checked in at Thu Mar 1 21:36:06 CET 2007.

--------
--- yast2-kerberos-client/yast2-kerberos-client.changes 2007-02-20 13:28:39.000000000 +0100
+++ /mounts/work_src_done/NOARCH/yast2-kerberos-client/yast2-kerberos-client.changes 2007-02-27 10:10:31.478659000 +0100
@@ -1,0 +2,6 @@
+Tue Feb 27 09:00:31 CET 2007 - jsuchome@xxxxxxx
+
+- added option to "Ignore Unknown Principles" (#217369)
+- 2.15.4
+
+-------------------------------------------------------------------

Old:
----
yast2-kerberos-client-2.15.3.tar.bz2

New:
----
yast2-kerberos-client-2.15.4.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-kerberos-client.spec ++++++
--- /var/tmp/diff_new_pack.kh4280/_old 2007-03-01 21:35:46.000000000 +0100
+++ /var/tmp/diff_new_pack.kh4280/_new 2007-03-01 21:35:46.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-kerberos-client (Version 2.15.3)
+# spec file for package yast2-kerberos-client (Version 2.15.4)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,12 +11,12 @@
# norootforbuild

Name: yast2-kerberos-client
-Version: 2.15.3
+Version: 2.15.4
Release: 1
License: GNU General Public License (GPL)
Group: System/YaST
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-kerberos-client-2.15.3.tar.bz2
+Source0: yast2-kerberos-client-2.15.4.tar.bz2
prefix: /usr
BuildRequires: doxygen perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-pam yast2-testsuite
# new Pam.ycp API
@@ -35,7 +35,7 @@
Jiri Suchomel <jsuchome@xxxxxxx>

%prep
-%setup -n yast2-kerberos-client-2.15.3
+%setup -n yast2-kerberos-client-2.15.4

%build
%{prefix}/bin/y2tool y2autoconf
@@ -74,6 +74,9 @@
%doc %{prefix}/share/doc/packages/yast2-kerberos-client

%changelog
+* Tue Feb 27 2007 - jsuchome@xxxxxxx
+- added option to "Ignore Unknown Principles" (#217369)
+- 2.15.4
* Tue Feb 20 2007 - jsuchome@xxxxxxx
- support multiple values for KDC (#246241)
- 2.15.3

++++++ yast2-kerberos-client-2.15.3.tar.bz2 -> yast2-kerberos-client-2.15.4.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/agents/etc_krb5_conf.scr new/yast2-kerberos-client-2.15.4/agents/etc_krb5_conf.scr
--- old/yast2-kerberos-client-2.15.3/agents/etc_krb5_conf.scr 2007-02-19 16:39:30.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/agents/etc_krb5_conf.scr 2007-02-20 13:29:03.000000000 +0100
@@ -4,7 +4,7 @@
* Summary:
* SCR Agent for reading/writing /etc/krb5.conf using the ini-agent
*
- * $Id: etc_krb5_conf.scr 13007 2003-12-10 13:20:01Z jsuchome $
+ * $Id: etc_krb5_conf.scr 36303 2007-02-20 12:29:00Z jsuchome $
*
* Read/Sets the values defined in <tt>/etc/krb5.conf</tt>.
* Warning! The file has 2 type of sections!
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/src/dialogs.ycp new/yast2-kerberos-client-2.15.4/src/dialogs.ycp
--- old/yast2-kerberos-client-2.15.3/src/dialogs.ycp 2007-02-20 13:01:54.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/src/dialogs.ycp 2007-02-23 15:04:34.000000000 +0100
@@ -4,7 +4,7 @@
* Summary: Dialogs definitions
* Authors: Jiri Suchomel <jsuchome@xxxxxxx>
*
- * $Id: dialogs.ycp 36225 2007-02-16 15:13:34Z jsuchome $
+ * $Id: dialogs.ycp 36303 2007-02-20 12:29:00Z jsuchome $
*/

{
@@ -273,6 +273,9 @@
") +

// help text
+ _("<p>Check <b>Ignore Unknown Users</b> to have Kerberos ignore authentication attempts by users it does not know.</p>") +
+
+ // help text
_("<p>When the <b>Minimum UID</b> is greater than 0, authentication attempts by
users with UIDs below the specified number are ignored. This is useful for
disabling Kerberos authentication for the system administrator root.</p>
@@ -299,11 +302,11 @@
boolean prox = Kerberos::proxiable == "true";
boolean retain = Kerberos::retain_after_close == "true";
boolean ssh = Kerberos::ssh_support;
-
+ boolean ignore_unknown = Kerberos::ignore_unknown;
string clockskew = Kerberos::clockskew;

term con = `HBox (`HSpacing (3), `VBox (
- `VSpacing (1),
+ `VSpacing (0.8),
// frame label
`Frame (_("Ticket Attributes"), `HBox(`HSpacing (0.5), `VBox(
`VSpacing (0.5),
@@ -320,11 +323,15 @@
`Left(`CheckBox (`id (`retain), _("R&etained"), retain)),
`VSpacing (0.5)), `HSpacing (0.5)
)),
- `VSpacing (1),
+ `VSpacing (0.8),
`Left(`CheckBox (`id (`ssh),
// checkbox label
_("Kerberos Support for Open&SSH Client"), ssh)),
- `VSpacing (0.5),
+ `VSpacing (0.4),
+ `Left (`CheckBox (`id (`ignore_unknown),
+ // checkbox label
+ _("&Ignore Unknown Users"), ignore_unknown)),
+ `VSpacing (0.4),
// UID=User ID
`IntField (`id (`uid), _("Minimum &UID"), 0, 60000,
tointeger (uid)),
@@ -437,12 +444,17 @@
"true" : "false";
Kerberos::retain_after_close =
(boolean) UI::QueryWidget (`id(`retain), `Value) ? "true" : "false";
-
if (ssh != Kerberos::ssh_support)
{
Kerberos::ssh_modified = true;
Kerberos::ssh_support = ssh;
}
+ ignore_unknown = (boolean) UI::QueryWidget (`id(`ignore_unknown), `Value);
+ if (ignore_unknown != Kerberos::ignore_unknown)
+ {
+ Kerberos::pam_modified = true;
+ Kerberos::ignore_unknown = ignore_unknown;
+ }
}
return result;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/src/Kerberos.ycp new/yast2-kerberos-client-2.15.4/src/Kerberos.ycp
--- old/yast2-kerberos-client-2.15.3/src/Kerberos.ycp 2007-02-20 13:12:39.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/src/Kerberos.ycp 2007-02-27 09:57:35.000000000 +0100
@@ -4,7 +4,7 @@
* Summary: Data for configuration of kerberos-client, i/o functions.
* Authors: Jiri Suchomel <jsuchome@xxxxxxx>
*
- * $Id: Kerberos.ycp 35279 2007-01-12 12:38:56Z jsuchome $
+ * $Id: Kerberos.ycp 36303 2007-02-20 12:29:00Z jsuchome $
*
* Representation of the configuration of kerberos-client.
* Input and output routines.
@@ -65,6 +65,9 @@
global string use_shmem = "sshd";
global string mappings = "";

+// --krb5-ignore_unknown_principals for pam-config
+global boolean ignore_unknown = true;
+
// section in /etc/ssh/ssh_config file for storing krb support
string ssh_section = "*";

@@ -112,6 +115,7 @@
kdc = client["kdc_server"]:"";
clockskew = client["clockskew"]:clockskew;
ssh_support = client["ssh_support"]:false;
+ ignore_unknown = client["ignore_unknown"]:ignore_unknown;
ticket_lifetime = client["ticket_lifetime"]:"1d";
renew_lifetime = client["renew_lifetime"]:"1d";
minimum_uid = client["minimum_uid"]:minimum_uid;
@@ -143,6 +147,7 @@
"kdc_server" : kdc,
"clockskew" : clockskew,
"ssh_support" : ssh_support,
+ "ignore_unknown" : ignore_unknown,
"ticket_lifetime" : ticket_lifetime,
"renew_lifetime" : renew_lifetime,
"minimum_uid" : minimum_uid,
@@ -251,7 +256,10 @@
*/
global define boolean Read () ``{

- use_pam_krb = Pam::Enabled ("krb5");
+ map pam_query = Pam::Query ("krb5");
+ use_pam_krb = size (pam_query) > 0;
+ if (use_pam_krb) // if krb is not enabled, ignore_unknown is true by default
+ ignore_unknown = contains (pam_query["account"]:[], "ignore_unknown_principals");

// now read the settings from /etc/krb5.conf
if (FileUtils::Exists ("/etc/krb5.conf"))
@@ -395,7 +403,7 @@
list<string> to_install = [];
// check if packages are avialable...
foreach (string p, packages, ``{
- if (Package::Available (p))
+ if (Package::Available (p) == true)
to_install = add (to_install, p);
});
Package::DoInstallAndRemove (to_install, []);
@@ -411,6 +419,10 @@
if (use_pam_krb)
{
Pam::Add ("krb5");
+ if (ignore_unknown)
+ Pam::Add ("krb5-ignore_unknown_principals");
+ else
+ Pam::Remove ("krb5-ignore_unknown_principals");
}
else
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/ReadKrb5ConfValue.ycp new/yast2-kerberos-client-2.15.4/testsuite/tests/ReadKrb5ConfValue.ycp
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/ReadKrb5ConfValue.ycp 2007-02-20 13:10:50.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/ReadKrb5ConfValue.ycp 2007-02-20 13:29:03.000000000 +0100
@@ -2,7 +2,7 @@
* ReadKrb5ConfValue.ycp
* Test of Kerberos::ReadKrb5ConfValue function
* Author: Jiri Suchomel <jsuchome@xxxxxxx>
- * $Id: ReadKrb5ConfValue.ycp 21833 2005-02-22 13:51:43Z jsuchome $
+ * $Id: ReadKrb5ConfValue.ycp 36303 2007-02-20 12:29:00Z jsuchome $
*/

{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/Read.ycp new/yast2-kerberos-client-2.15.4/testsuite/tests/Read.ycp
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/Read.ycp 2007-02-20 13:05:47.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/Read.ycp 2007-02-20 13:29:03.000000000 +0100
@@ -2,7 +2,7 @@
* Read.ycp
* Test of Kerberos::Read function (whole read process, many config files)
* Author: Jiri Suchomel <jsuchome@xxxxxxx>
- * $Id: Read.ycp 32816 2006-09-12 11:49:16Z jsuchome $
+ * $Id: Read.ycp 36303 2007-02-20 12:29:00Z jsuchome $
*/

{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/WriteKrb5ConfValue.ycp new/yast2-kerberos-client-2.15.4/testsuite/tests/WriteKrb5ConfValue.ycp
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/WriteKrb5ConfValue.ycp 2007-02-20 13:15:25.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/WriteKrb5ConfValue.ycp 2007-02-20 13:29:03.000000000 +0100
@@ -2,7 +2,7 @@
* WriteKrb5ConfValue.ycp
* Test of Kerberos::WriteKrb5ConfValue function
* Author: Jiri Suchomel <jsuchome@xxxxxxx>
- * $Id: WriteKrb5ConfValue.ycp 27936 2006-02-13 20:01:14Z olh $
+ * $Id: WriteKrb5ConfValue.ycp 36303 2007-02-20 12:29:00Z jsuchome $
*/

{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/Write.out new/yast2-kerberos-client-2.15.4/testsuite/tests/Write.out
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/Write.out 2007-02-20 13:12:06.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/Write.out 2007-02-27 09:14:38.000000000 +0100
@@ -1,5 +1,9 @@
Dump ==== writing without any changes =================================
Return true
+Dump ==== pam enabled with krb5-ignore_unknown_principals=
+Execute .target.bash_output "pam-config -a --krb5" $["stdout":""]
+Execute .target.bash_output "pam-config -a --krb5-ignore_unknown_principals" $["stdout":""]
+Return true
Dump ==== ssh modified (enabled) ======================================
Write .etc.ssh.ssh_config.v."*"."GSSAPIAuthentication" "yes" true
Write .etc.ssh.ssh_config.v."*"."GSSAPIDelegateCredentials" "yes" true
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/testsuite/tests/Write.ycp new/yast2-kerberos-client-2.15.4/testsuite/tests/Write.ycp
--- old/yast2-kerberos-client-2.15.3/testsuite/tests/Write.ycp 2006-08-25 15:32:04.000000000 +0200
+++ new/yast2-kerberos-client-2.15.4/testsuite/tests/Write.ycp 2007-02-27 09:14:15.000000000 +0100
@@ -51,6 +51,17 @@

Testsuite::Test(``(Kerberos::Write ()), [ $[], WRITE, EX ], 0);

+ Testsuite::Dump ("==== pam enabled with krb5-ignore_unknown_principals=");
+
+ Kerberos::pam_modified = true;
+ Kerberos::use_pam_krb = true;
+ Kerberos::ignore_unknown = true;
+
+ Testsuite::Test(``(Kerberos::Write ()), [ READ, WRITE, EX ], 0);
+
+ Kerberos::pam_modified = false;
+ Kerberos::ignore_unknown = false;
+
Testsuite::Dump ("==== ssh modified (enabled) ======================================");

Kerberos::ssh_modified = true;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-kerberos-client-2.15.3/VERSION new/yast2-kerberos-client-2.15.4/VERSION
--- old/yast2-kerberos-client-2.15.3/VERSION 2007-02-20 13:16:22.000000000 +0100
+++ new/yast2-kerberos-client-2.15.4/VERSION 2007-02-27 09:02:27.000000000 +0100
@@ -1 +1 @@
-2.15.3
+2.15.4


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread