Hello community, here is the log from the commit of package yast2-network for openSUSE:Factory checked in at 2013-07-01 16:01:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-network (Old) and /work/SRC/openSUSE:Factory/.yast2-network.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-network" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-network/yast2-network.changes 2013-06-17 10:26:32.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-network.new/yast2-network.changes 2013-07-01 16:01:37.000000000 +0200 @@ -1,0 +2,11 @@ +Thu Jun 20 06:49:08 UTC 2013 - [email protected] + +- bnc#808490 + - set securitytypes=none for Xvnc when remote administration + is allowed. Required due to different default value in currently + used Xvnc implementation (TigerVNC). + - Remote Administration module opens ports in firewall when + requested by user +- 2.25.5 + +------------------------------------------------------------------- Old: ---- yast2-network-2.25.4.tar.bz2 New: ---- yast2-network-2.25.5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-network.spec ++++++ --- /var/tmp/diff_new_pack.yoRN68/_old 2013-07-01 16:01:38.000000000 +0200 +++ /var/tmp/diff_new_pack.yoRN68/_new 2013-07-01 16:01:38.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-network -Version: 2.25.4 +Version: 2.25.5 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-network-2.25.4.tar.bz2 -> yast2-network-2.25.5.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/VERSION new/yast2-network-2.25.5/VERSION --- old/yast2-network-2.25.4/VERSION 2013-05-30 11:06:38.000000000 +0200 +++ new/yast2-network-2.25.5/VERSION 2013-06-28 15:40:58.000000000 +0200 @@ -1 +1 @@ -2.25.4 +2.25.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/configure new/yast2-network-2.25.5/configure --- old/yast2-network-2.25.4/configure 2013-06-14 14:39:01.000000000 +0200 +++ new/yast2-network-2.25.5/configure 2013-06-28 17:01:18.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for yast2-network 2.25.4. +# Generated by GNU Autoconf 2.69 for yast2-network 2.25.5. # # Report bugs to <http://bugs.opensuse.org/>. # @@ -579,8 +579,8 @@ # Identity of this package. PACKAGE_NAME='yast2-network' PACKAGE_TARNAME='yast2-network' -PACKAGE_VERSION='2.25.4' -PACKAGE_STRING='yast2-network 2.25.4' +PACKAGE_VERSION='2.25.5' +PACKAGE_STRING='yast2-network 2.25.5' PACKAGE_BUGREPORT='http://bugs.opensuse.org/' PACKAGE_URL='' @@ -1247,7 +1247,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures yast2-network 2.25.4 to adapt to many kinds of systems. +\`configure' configures yast2-network 2.25.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1318,7 +1318,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of yast2-network 2.25.4:";; + short | recursive ) echo "Configuration of yast2-network 2.25.5:";; esac cat <<\_ACEOF @@ -1398,7 +1398,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -yast2-network configure 2.25.4 +yast2-network configure 2.25.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1415,7 +1415,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by yast2-network $as_me 2.25.4, which was +It was created by yast2-network $as_me 2.25.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2354,7 +2354,7 @@ # Define the identity of the package. PACKAGE='yast2-network' - VERSION='2.25.4' + VERSION='2.25.5' cat >>confdefs.h <<_ACEOF @@ -2477,7 +2477,7 @@ -VERSION="2.25.4" +VERSION="2.25.5" RPMNAME="yast2-network" MAINTAINER="Michal Filka <[email protected]>" @@ -3403,7 +3403,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by yast2-network $as_me 2.25.4, which was +This file was extended by yast2-network $as_me 2.25.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -3456,7 +3456,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -yast2-network config.status 2.25.4 +yast2-network config.status 2.25.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/configure.in new/yast2-network-2.25.5/configure.in --- old/yast2-network-2.25.4/configure.in 2013-06-14 14:38:57.000000000 +0200 +++ new/yast2-network-2.25.5/configure.in 2013-06-28 17:01:14.000000000 +0200 @@ -1,9 +1,9 @@ dnl configure.in for yast2-network dnl -dnl -- This file is generated by y2autoconf 2.24.0 - DO NOT EDIT! -- +dnl -- This file is generated by y2autoconf 2.24.1 - DO NOT EDIT! -- dnl (edit configure.in.in instead) -AC_INIT(yast2-network, 2.25.4, http://bugs.opensuse.org/, yast2-network) +AC_INIT(yast2-network, 2.25.5, http://bugs.opensuse.org/, yast2-network) dnl Check for presence of file 'RPMNAME' AC_CONFIG_SRCDIR([RPMNAME]) @@ -18,7 +18,7 @@ AM_INIT_AUTOMAKE(tar-ustar -Wno-portability) dnl Important YaST2 variables -VERSION="2.25.4" +VERSION="2.25.5" RPMNAME="yast2-network" MAINTAINER="Michal Filka <[email protected]>" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/src/clients/remote.ycp new/yast2-network-2.25.5/src/clients/remote.ycp --- old/yast2-network-2.25.4/src/clients/remote.ycp 2013-01-22 11:31:22.000000000 +0100 +++ new/yast2-network-2.25.5/src/clients/remote.ycp 2013-06-28 15:40:58.000000000 +0200 @@ -94,7 +94,14 @@ } y2milestone("Setting AllowRemoteAdministration to '%1'", allow_ra); - Remote::allow_administration = (allow_ra == "yes" ? true : false); + if(allow_ra == "yes") + { + Remote::Enable(); + } + else + { + Remote::Disable(); + } return true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/src/modules/Remote.ycp new/yast2-network-2.25.5/src/modules/Remote.ycp --- old/yast2-network-2.25.4/src/modules/Remote.ycp 2013-03-01 13:16:35.000000000 +0100 +++ new/yast2-network-2.25.5/src/modules/Remote.ycp 2013-06-28 15:40:58.000000000 +0200 @@ -41,13 +41,29 @@ import "SuSEFirewall"; import "Progress"; import "Linuxrc"; +import "String"; +import "FileUtils"; include "network/routines.ycp"; +// security types supported by Xvnc +global const string SEC_NONE = "none"; +global const string SEC_VNCAUTH = "vncauth"; + +global list<string> SEC_TYPES = [ + SEC_NONE, + SEC_VNCAUTH, +]; + +global const string SEC_OPT_SECURITYTYPE = "securitytypes"; + +// Currently, all attributes (enablement of remote access) +// are applied on vnc1 even vnchttpd1 configuration + /** * Allow remote administration */ -global boolean allow_administration = false; +boolean allow_administration = false; /** * Default display manager @@ -61,6 +77,38 @@ boolean already_proposed = false; /** + * Checks if remote administration is currently allowed + */ +global boolean IsEnabled() +{ + return allow_administration; +} + +/** + * Checks if remote administration is currently disallowed + */ +global boolean IsDisabled() +{ + return !IsEnabled(); +} + +/** + * Enables remote administration. + */ +global void Enable() +{ + allow_administration = true; +} + +/** + * Disables remote administration. + */ +global void Disable() +{ + allow_administration = false; +} + +/** * Reset all module data. */ global void Reset() { @@ -84,6 +132,80 @@ } /** + * Removes all options <option> (and its value) from <server_args> + * + * Note: server_args has to be valid. In case of incorrect input (e.g. -opt1= -opt2) + * is result undefined. + * + * @param server_args list of options as provided by server_args attribute in + * /etc/xinet.d/vnc + * @param option option name. Typically alphanumeric string. If a regexp special + * characters are used behavior is undefined. + * @param has_value if true then option is expected to be followed by a value + * + * @return modified server_args string in case of success unchanged + * server_args otherwise + */ +string ServerArgsRemoveOpt( string server_args, string option, boolean has_value) +{ + if( IsEmptyString( server_args) || IsEmptyString( option)) + { + return server_args; + } + + // Note: value (e.g. filename in -passwdfile) cannot be quoted (a bug in Xvnc ?). + // valid forms are: + // e.g. -file=path_to_file or + // e.g. -file path_to_file + const string value_pattern_nquote = "[=[:space:]][^[:space:]]+"; + const string pattern = sformat( "[[:space:]]*[-]{0,2}%1%2", option, ( has_value ? value_pattern_nquote : "") ); + + // Xvnc: + // - is case insensitive to option names. + // - option can be prefixed by 0 or up to 2 dashes + // - option and value can be separated by space or = + string new_server_args = tolower( server_args); + + new_server_args = String::CutRegexMatch( new_server_args, pattern, true); + + return new_server_args; +} + +/** + * Add given option and its value to server_args. + * + * If option is present already then all occurences of option are removed. + * New option value pair is added subsequently. + */ +string SetServerArgsOpt( string server_args, string option, string value) +{ + string new_server_args = ServerArgsRemoveOpt( server_args, option, !IsEmptyString( value)); + new_server_args = sformat( "%1 -%2 %3", new_server_args, option, value); + + return String::CutBlanks( new_server_args); +} + +/** + * Appends option for particular security type. + * + * @param server_args string with server options as written in xinetd cfg file + * @param sec_type a security type supported by Xvnc (see man xvnc) + * + * @return server_args with appended option for particular sec_type + * if sec_type is valid. Unchanged server_args otherwise. + */ +string SetSecurityType( string server_args, string sec_type) +{ + // validate sec_type + if( !contains( SEC_TYPES, sec_type)) + { + return server_args; + } + + return SetServerArgsOpt( server_args, SEC_OPT_SECURITYTYPE, sec_type); +} + +/** * Read the current status * @return true on success */ @@ -97,7 +219,8 @@ list<map> xinetd_conf = (list<map>) SCR::Read(.etc.xinetd_conf.services); list<map> vnc_conf = filter (map m, xinetd_conf, { string s = m["service"]:""; - return s == "vnc1" || s == "vnchttpd1"; + + return s == "vnc1" || s == "vnchttpd1"; }); boolean vnc = size (vnc_conf) == 2 && vnc_conf[0, "enabled"]:false && @@ -124,6 +247,48 @@ y2milestone("SaX2 returned: %1", SCR::Execute(.target.bash_output, command)); } +boolean WriteXinetd() +{ + // Enable/disable vnc1 and vnchttpd1 in xinetd.d/vnc + // If the port is changed, change also the help in remote/dialogs.ycp + // The agent is in yast2-inetd.rpm + list<map> xinetd = (list<map>) SCR::Read(.etc.xinetd_conf.services); + + xinetd = maplist (map m, xinetd, + { + string s = m["service"]:""; + + if( !(s == "vnc1" || s == "vnchttpd1") ) + { + return m; + } + + m["changed"] = true; + m["enabled"] = allow_administration; + + string server_args = m[ "server_args"]:""; + + if( allow_administration) + { + // use none authentication, xdm will take care of it + m[ "server_args"] = SetSecurityType( server_args, SEC_NONE); + } + else + { + // switch back to default when remote administration is disallowed. + m[ "server_args"] = ServerArgsRemoveOpt( server_args, SEC_OPT_SECURITYTYPE, true); + } + + y2milestone("Updated xinet cfg: %1", m); + + return m; + }); + + SCR::Write(.etc.xinetd_conf.services, xinetd); + + return true; +} + /** * Update the SCR according to network settings * @return true on success @@ -203,22 +368,11 @@ boolean have_xinetd = Package::Installed("xinetd"); //Do this only if package xinetd is installed (#256385) - if (have_xinetd) { - // Enable/disable vnc1 and vnchttpd1 in xinetd.d/vnc - // If the port is changed, change also the help in remote/dialogs.ycp - // The agent is in yast2-inetd.rpm - list<map> xinetd = (list<map>) SCR::Read(.etc.xinetd_conf.services); - xinetd = maplist (map m, xinetd, { - string s = m["service"]:""; - if (s == "vnc1" || s == "vnchttpd1") { - m["changed"] = true; - m["enabled"] = allow_administration; - } - return m; - }); - SCR::Write(.etc.xinetd_conf.services, xinetd); - } - sleep(sl); + if (have_xinetd && !WriteXinetd() ) + { + return false; + } + sleep(sl); if(Mode::normal ()) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/src/remote/dialogs.ycp new/yast2-network-2.25.5/src/remote/dialogs.ycp --- old/yast2-network-2.25.4/src/remote/dialogs.ycp 2013-01-22 11:31:22.000000000 +0100 +++ new/yast2-network-2.25.5/src/remote/dialogs.ycp 2013-06-28 15:40:58.000000000 +0200 @@ -35,12 +35,25 @@ import "Remote"; import "Wizard"; import "CWMFirewallInterfaces"; +import "Popup"; + +boolean DialogDone( any event) +{ + symbol action = (symbol) event; + + if( action == `next || action == `back) + return true; + if( action == `abort || action == `cancel) + return true; + + return false; +} /** * Remote administration dialog * @return dialog result */ -define symbol RemoteMainDialog() { +symbol RemoteMainDialog() { /* Ramote Administration dialog caption */ string caption = _("Remote Administration"); @@ -48,15 +61,14 @@ term allow_buttons = `RadioButtonGroup( `VBox ( /* RadioButton label */ - `Left(`RadioButton(`id(`allow), _("&Allow Remote Administration"), false)), + `Left(`RadioButton(`id(`allow), _("&Allow Remote Administration"), Remote::IsEnabled() )), /* RadioButton label */ - `Left(`RadioButton(`id(`disallow), _("&Do Not Allow Remote Administration"), false)) + `Left(`RadioButton(`id(`disallow), _("&Do Not Allow Remote Administration"), Remote::IsDisabled() )) ) ); map<string,any> firewall_widget = CWMFirewallInterfaces::CreateOpenFirewallWidget ($[ - //Service vnc renamed to service:xorg-x11-server (#431971) - "services" : [ "service:xorg-x11-server" ], + "services" : [ "service:xorg-x11-Xvnc" ], "display_details" : true, ]); term firewall_layout = firewall_widget["custom_widget"]:`VBox (); @@ -80,14 +92,10 @@ `Frame ( /* Dialog frame title */ _("Remote Administration Settings"), - allow_buttons + allow_buttons ), - `VSpacing (1), - `Frame ( - /* Dialog frame title */ - _("Firewall Settings"), - firewall_layout - ) + `VSpacing( 1), + firewall_layout ), `HStretch() ); @@ -98,9 +106,6 @@ Wizard::SetAbortButton(`abort, Label::CancelButton()); Wizard::HideBackButton(); - UI::ChangeWidget(`id(`allow), `Value, Remote::allow_administration); - UI::ChangeWidget(`id(`disallow), `Value, !Remote::allow_administration); - CWMFirewallInterfaces::OpenFirewallInit (firewall_widget, ""); any ret = nil; @@ -112,25 +117,27 @@ CWMFirewallInterfaces::OpenFirewallHandle (firewall_widget, "", event); - if(ret == `abort) - { - break; - } - else if(ret == `help) + if(ret == `help) { Wizard::ShowHelp(help); } - else if(ret == `cancel) - { - break; - } - } until( ret == `next || ret == `back ); + } until( DialogDone( ret) ); if(ret == `next) { - CWMFirewallInterfaces::OpenFirewallStore (firewall_widget, "", event); - Remote::allow_administration = (boolean) UI::QueryWidget(`id(`allow), `Value); + CWMFirewallInterfaces::OpenFirewallStore (firewall_widget, "", event); + + boolean allowed = (boolean) UI::QueryWidget( `id( `allow), `Value); + + if( allowed) + { + Remote::Enable(); + } + else + { + Remote::Disable(); + } } return (symbol) ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/testsuite/tests/remote.out new/yast2-network-2.25.5/testsuite/tests/remote.out --- old/yast2-network-2.25.4/testsuite/tests/remote.out 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-network-2.25.5/testsuite/tests/remote.out 2013-06-28 15:40:58.000000000 +0200 @@ -0,0 +1,2 @@ +Read .target.tmpdir nil +Log Failed to set temporary directory: nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-network-2.25.4/testsuite/tests/remote.ycp new/yast2-network-2.25.5/testsuite/tests/remote.ycp --- old/yast2-network-2.25.4/testsuite/tests/remote.ycp 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-network-2.25.5/testsuite/tests/remote.ycp 2013-06-28 15:40:58.000000000 +0200 @@ -0,0 +1,56 @@ +{ + +import "Assert"; +import "Testsuite"; + +map READ = $[ + + "probe" : $[ + "architecture" : "i386", + ], + "sysconfig" : $[ + "console" : $[ + "CONSOLE_ENCODING" : "UTF-8", + ], + ], +]; + +map EXEC = $[ + "target": $[ + "bash_output": $[ + "exit": 0, + "stdout": "charset=UTF-8", + "stderr":"", + ], + ], +]; + +import "Remote"; + +// currently used default server_args from Xvnc package +const string default_server_args = "-noreset -inetd -once -query localhost -geometry 1024x768 -depth 16"; +const string none_result = sformat( "-securitytypes %1", Remote::SEC_NONE); + +// empty args +string server_args_empty = ""; +// default args from Xvnc +string server_args_0 = default_server_args; +// two dashes, upper case in option value +string server_args_1 = "--securityTypes=VNCAUTH"; +// securitytypes present twice, camel case in option name. +string server_args_2 = "securityTypes=VNCAUTH -rfbauth /var/lib/nobody/.vnc/passwd -securitytypes=vncauth"; +// space separated option and value +string server_args_3 = "-securitytypes none " + default_server_args; + +// ********** Remote::SetSecurityType ********** // + +Assert::Equal( none_result, Remote::SetSecurityType( server_args_empty, Remote::SEC_NONE) ); +Assert::Equal( sformat( "%1 %2", default_server_args, none_result), Remote::SetSecurityType( server_args_0, Remote::SEC_NONE) ); +Assert::Equal( none_result, Remote::SetSecurityType( server_args_1, Remote::SEC_NONE) ); +Assert::Equal( sformat( "-rfbauth /var/lib/nobody/.vnc/passwd %1", none_result), Remote::SetSecurityType( server_args_2, Remote::SEC_NONE) ); +Assert::Equal( sformat( "%1 %2", default_server_args, none_result), Remote::SetSecurityType( server_args_3, Remote::SEC_NONE) ); + +Assert::Equal( server_args_empty, Remote::SetSecurityType( server_args_empty, "INVALID") ); +Assert::Equal( default_server_args, Remote::SetSecurityType( default_server_args, "INVALID") ); + +} /* EOF */ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
