Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-auth-server for
openSUSE:Factory checked in at 2022-08-23 14:25:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-auth-server (Old)
and /work/SRC/openSUSE:Factory/.yast2-auth-server.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-server"
Tue Aug 23 14:25:50 2022 rev:27 rq:991998 version:4.5.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-auth-server/yast2-auth-server.changes
2022-04-14 17:24:00.707161445 +0200
+++
/work/SRC/openSUSE:Factory/.yast2-auth-server.new.2083/yast2-auth-server.changes
2022-08-23 14:26:25.511196866 +0200
@@ -1,0 +2,6 @@
+Wed Jul 27 00:50:39 UTC 2022 - William Brown <william.br...@suse.com>
+
+- Remove kerberos ldap database support (gh#yast/yast-auth-server#73)
+- 4.5.1
+
+-------------------------------------------------------------------
Old:
----
yast2-auth-server-4.5.0.tar.bz2
New:
----
yast2-auth-server-4.5.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-auth-server.spec ++++++
--- /var/tmp/diff_new_pack.3UWMFf/_old 2022-08-23 14:26:25.935197800 +0200
+++ /var/tmp/diff_new_pack.3UWMFf/_new 2022-08-23 14:26:25.939197809 +0200
@@ -20,7 +20,7 @@
Summary: A tool for creating identity management server instances
License: GPL-2.0-or-later
Group: System/YaST
-Version: 4.5.0
+Version: 4.5.1
Release: 0
URL: https://github.com/yast/yast-auth-server
++++++ yast2-auth-server-4.5.0.tar.bz2 -> yast2-auth-server-4.5.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-auth-server-4.5.0/README.md
new/yast2-auth-server-4.5.1/README.md
--- old/yast2-auth-server-4.5.0/README.md 2022-04-12 13:32:46.000000000
+0200
+++ new/yast2-auth-server-4.5.1/README.md 2022-08-01 12:44:13.000000000
+0200
@@ -11,8 +11,6 @@
The features are:
* Create new directory server instance.
- * Create new Kerberos server instance.
- * Integrate Kerberos server with directory server.
## Install
To install the latest stable version on openSUSE or SLE, use zypper:
@@ -22,7 +20,7 @@
```
# Run
-Visit Yast control panel and launch "Create New Kerberos Server" or "Create
New Directory Server".
+Visit Yast control panel and launch "Create New Directory Server".
# Development
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.5.0/package/yast2-auth-server.changes
new/yast2-auth-server-4.5.1/package/yast2-auth-server.changes
--- old/yast2-auth-server-4.5.0/package/yast2-auth-server.changes
2022-04-12 13:32:46.000000000 +0200
+++ new/yast2-auth-server-4.5.1/package/yast2-auth-server.changes
2022-08-01 12:44:13.000000000 +0200
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Wed Jul 27 00:50:39 UTC 2022 - William Brown <william.br...@suse.com>
+
+- Remove kerberos ldap database support (gh#yast/yast-auth-server#73)
+- 4.5.1
+
+-------------------------------------------------------------------
Wed Apr 06 13:24:58 UTC 2022 - Ladislav Slez??k <lsle...@suse.cz>
- Bump version to 4.5.0 (bsc#1198109)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.5.0/package/yast2-auth-server.spec
new/yast2-auth-server-4.5.1/package/yast2-auth-server.spec
--- old/yast2-auth-server-4.5.0/package/yast2-auth-server.spec 2022-04-12
13:32:46.000000000 +0200
+++ new/yast2-auth-server-4.5.1/package/yast2-auth-server.spec 2022-08-01
12:44:13.000000000 +0200
@@ -18,7 +18,7 @@
Name: yast2-auth-server
Group: System/YaST
Summary: A tool for creating identity management server instances
-Version: 4.5.0
+Version: 4.5.1
Release: 0
License: GPL-2.0-or-later
Url: https://github.com/yast/yast-auth-server
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-auth-server-4.5.0/src/clients/krb-server.rb
new/yast2-auth-server-4.5.1/src/clients/krb-server.rb
--- old/yast2-auth-server-4.5.0/src/clients/krb-server.rb 2022-04-12
13:32:46.000000000 +0200
+++ new/yast2-auth-server-4.5.1/src/clients/krb-server.rb 1970-01-01
01:00:00.000000000 +0100
@@ -1,19 +0,0 @@
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE LINUX GmbH.
-
-# Authors: Howard Guo <h...@suse.com>
-
-require 'authserver/ui/new_krb_inst'
-require 'authserver/cli/auth-cli'
-if Yast::WFM.Args.empty?
- NewKrbInst.new.run
-else
- AuthServer::CLI.run("krb-server")
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.5.0/src/desktop/org.opensuse.yast.KrbServer.desktop
new/yast2-auth-server-4.5.1/src/desktop/org.opensuse.yast.KrbServer.desktop
--- old/yast2-auth-server-4.5.0/src/desktop/org.opensuse.yast.KrbServer.desktop
2022-04-12 13:32:46.000000000 +0200
+++ new/yast2-auth-server-4.5.1/src/desktop/org.opensuse.yast.KrbServer.desktop
1970-01-01 01:00:00.000000000 +0100
@@ -1,19 +0,0 @@
-[Desktop Entry]
-Type=Application
-Categories=Settings;System;Qt;X-SuSE-YaST;X-SuSE-YaST-Net_advanced;
-
-X-KDE-ModuleType=Library
-X-KDE-HasReadOnlyMode=true
-X-SuSE-YaST-Call=krb-server
-
-X-SuSE-YaST-Group=Net_advanced
-X-SuSE-YaST-RootOnly=true
-X-SuSE-YaST-Keywords=authentication,kerberos,krb,krb5
-
-Icon=yast-kerberos-server
-Exec=xdg-su -c "/sbin/yast2 krb-server"
-
-Name=YaST New Kerberos Server
-GenericName=New Kerberos Server
-Comment=Create a New Kerberos Server
-StartupNotify=true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.5.0/src/icons/hicolor/scalable/apps/yast-kerberos-server.svg
new/yast2-auth-server-4.5.1/src/icons/hicolor/scalable/apps/yast-kerberos-server.svg
---
old/yast2-auth-server-4.5.0/src/icons/hicolor/scalable/apps/yast-kerberos-server.svg
2022-04-12 13:32:46.000000000 +0200
+++
new/yast2-auth-server-4.5.1/src/icons/hicolor/scalable/apps/yast-kerberos-server.svg
1970-01-01 01:00:00.000000000 +0100
@@ -1,131 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg version="1.0" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg";>
-<defs>
-<linearGradient id="g" x1="64" x2="64" y1="276" y2="220"
gradientUnits="userSpaceOnUse">
-<stop stop-color="#f5c211" offset="0"/>
-<stop stop-color="#f6d32d" offset="1"/>
-</linearGradient>
-<linearGradient id="h" x1="24" x2="104" y1="272" y2="272"
gradientUnits="userSpaceOnUse">
-<stop stop-color="#e5a50a" offset="0"/>
-<stop stop-color="#f6d32d" offset=".025"/>
-<stop stop-color="#e5a50a" offset=".05"/>
-<stop stop-color="#e5a50a" offset=".95"/>
-<stop stop-color="#f6d32d" offset=".975"/>
-<stop stop-color="#e5a50a" offset="1"/>
-</linearGradient>
-<linearGradient id="a" x1="2" x2="30" y1="27" y2="27"
gradientTransform="translate(0,-1)" gradientUnits="userSpaceOnUse">
-<stop stop-color="#5e5c64" offset="0"/>
-<stop stop-color="#9a9996" offset=".035714"/>
-<stop stop-color="#5e5c64" offset=".071429"/>
-<stop stop-color="#5e5c64" offset=".92857"/>
-<stop stop-color="#9a9996" offset=".96429"/>
-<stop stop-color="#5e5c64" offset="1"/>
-</linearGradient>
-<radialGradient id="i" cx="64" cy="59.733" r="32" gradientTransform="matrix(1
0 0 1.25 0 -34.667)" gradientUnits="userSpaceOnUse">
-<stop stop-color="#deddda" offset="0"/>
-<stop stop-color="#c0bfbc" offset=".5"/>
-<stop stop-color="#f6f5f4" offset=".75"/>
-<stop stop-color="#deddda" offset="1"/>
-</radialGradient>
-<linearGradient id="f" x1="62" x2="70" y1="102" y2="50"
gradientUnits="userSpaceOnUse">
-<stop stop-color="#f8e45c" offset="0"/>
-<stop stop-color="#f9f06b" offset="1"/>
-</linearGradient>
-</defs>
-<g transform="matrix(4 0 0 4 2 0)">
-<rect x="2" y="6" width="28" height="6" ry="1" fill="#5e5c64"/>
-<rect x="2" y="12" width="28" height="6" ry="1" fill="#5e5c64"/>
-<rect x="2" y="18" width="28" height="6" ry="1.0587" fill="#5e5c64"/>
-<rect x="2" y="23" width="28" height="5" ry="1" fill="url(#a)"/>
-<rect x="2" y="3" width="28" height="5" ry="1" fill="#9a9996"/>
-<rect x="2" y="9" width="28" height="5" ry="1" fill="#9a9996"/>
-<rect x="2" y="15" width="28" height="5" ry="1" fill="#9a9996"/>
-<rect x="2" y="21" width="28" height="5" ry="1" fill="#9a9996"/>
-<rect x="14" y="4" width="15" height="3" ry="0" fill="#3d3846"/>
-<rect x="14" y="5" width="15" height="2" ry="0" fill="#5e5c64"/>
-<rect x="14" y="10" width="15" height="3" ry="0" fill="#3d3846"/>
-<rect x="14" y="11" width="15" height="2" ry="0" fill="#5e5c64"/>
-<rect x="14" y="16" width="15" height="3" ry="0" fill="#3d3846"/>
-<rect x="14" y="17" width="15" height="2" ry="0" fill="#5e5c64"/>
-<rect x="14" y="22" width="15" height="3" ry="0" fill="#3d3846"/>
-<rect x="14" y="23" width="15" height="2" ry="0" fill="#5e5c64"/>
-<rect x="4" y="4" width="1" height="2" ry=".5" fill="#5e5c64"/>
-<rect x="4" y="5" width="1" height="1" ry=".5" fill="#f6d32d"/>
-<rect x="6" y="4" width="1" height="2" ry=".5" fill="#5e5c64"/>
-<rect x="6" y="5" width="1" height="1" ry=".5" fill="#33d17a"/>
-<rect x="4" y="10" width="1" height="2" ry=".5" fill="#5e5c64"/>
-<rect x="4" y="11" width="1" height="1" ry=".5" fill="#33d17a"/>
-<rect x="6" y="10" width="1" height="2" ry=".5" fill="#5e5c64"/>
-<rect x="6" y="11" width="1" height="1" ry=".5" fill="#e01b24"/>
-<rect x="4" y="16" width="1" height="2" ry=".5" fill="#5e5c64"/>
-<rect x="4" y="17" width="1" height="1" ry=".5" fill="#e01b24"/>
-<rect x="6" y="16" width="1" height="2" ry=".5" fill="#5e5c64"/>
-<rect x="6" y="17" width="1" height="1" ry=".5" fill="#f6d32d"/>
-<rect x="4" y="22" width="1" height="2" ry=".5" fill="#5e5c64"/>
-<rect x="4" y="23" width="1" height="1" ry=".5" fill="#f6d32d"/>
-<rect x="6" y="22" width="1" height="2" ry=".5" fill="#5e5c64"/>
-<rect x="6" y="23" width="1" height="1" ry=".5" fill="#33d17a"/>
-<rect x="15" y="11" width="1" height="2" fill="#3d3846"/>
-<rect x="15" y="10" width="1" height="1" fill="#241f31"/>
-<rect x="17" y="11" width="1" height="2" fill="#3d3846"/>
-<rect x="17" y="10" width="1" height="1" fill="#241f31"/>
-<rect x="19" y="11" width="1" height="2" fill="#3d3846"/>
-<rect x="19" y="10" width="1" height="1" fill="#241f31"/>
-<rect x="21" y="11" width="1" height="2" fill="#3d3846"/>
-<rect x="21" y="10" width="1" height="1" fill="#241f31"/>
-<rect x="23" y="11" width="1" height="2" fill="#3d3846"/>
-<rect x="23" y="10" width="1" height="1" fill="#241f31"/>
-<rect x="25" y="11" width="1" height="2" fill="#3d3846"/>
-<rect x="25" y="10" width="1" height="1" fill="#241f31"/>
-<rect x="27" y="11" width="1" height="2" fill="#3d3846"/>
-<rect x="27" y="10" width="1" height="1" fill="#241f31"/>
-<rect x="15" y="5" width="1" height="2" fill="#3d3846"/>
-<rect x="15" y="4" width="1" height="1" fill="#241f31"/>
-<rect x="17" y="5" width="1" height="2" fill="#3d3846"/>
-<rect x="17" y="4" width="1" height="1" fill="#241f31"/>
-<rect x="19" y="5" width="1" height="2" fill="#3d3846"/>
-<rect x="19" y="4" width="1" height="1" fill="#241f31"/>
-<rect x="21" y="5" width="1" height="2" fill="#3d3846"/>
-<rect x="21" y="4" width="1" height="1" fill="#241f31"/>
-<rect x="23" y="5" width="1" height="2" fill="#3d3846"/>
-<rect x="23" y="4" width="1" height="1" fill="#241f31"/>
-<rect x="25" y="5" width="1" height="2" fill="#3d3846"/>
-<rect x="25" y="4" width="1" height="1" fill="#241f31"/>
-<rect x="27" y="5" width="1" height="2" fill="#3d3846"/>
-<rect x="27" y="4" width="1" height="1" fill="#241f31"/>
-<rect x="15" y="17" width="1" height="2" fill="#3d3846"/>
-<rect x="15" y="16" width="1" height="1" fill="#241f31"/>
-<rect x="17" y="17" width="1" height="2" fill="#3d3846"/>
-<rect x="17" y="16" width="1" height="1" fill="#241f31"/>
-<rect x="19" y="17" width="1" height="2" fill="#3d3846"/>
-<rect x="19" y="16" width="1" height="1" fill="#241f31"/>
-<rect x="21" y="17" width="1" height="2" fill="#3d3846"/>
-<rect x="21" y="16" width="1" height="1" fill="#241f31"/>
-<rect x="23" y="17" width="1" height="2" fill="#3d3846"/>
-<rect x="23" y="16" width="1" height="1" fill="#241f31"/>
-<rect x="25" y="17" width="1" height="2" fill="#3d3846"/>
-<rect x="25" y="16" width="1" height="1" fill="#241f31"/>
-<rect x="27" y="17" width="1" height="2" fill="#3d3846"/>
-<rect x="27" y="16" width="1" height="1" fill="#241f31"/>
-<rect x="15" y="23" width="1" height="2" fill="#3d3846"/>
-<rect x="15" y="22" width="1" height="1" fill="#241f31"/>
-<rect x="17" y="23" width="1" height="2" fill="#3d3846"/>
-<rect x="17" y="22" width="1" height="1" fill="#241f31"/>
-<rect x="19" y="23" width="1" height="2" fill="#3d3846"/>
-<rect x="19" y="22" width="1" height="1" fill="#241f31"/>
-<rect x="21" y="23" width="1" height="2" fill="#3d3846"/>
-<rect x="21" y="22" width="1" height="1" fill="#241f31"/>
-<rect x="23" y="23" width="1" height="2" fill="#3d3846"/>
-<rect x="23" y="22" width="1" height="1" fill="#241f31"/>
-<rect x="25" y="23" width="1" height="2" fill="#3d3846"/>
-<rect x="25" y="22" width="1" height="1" fill="#241f31"/>
-<rect x="27" y="23" width="1" height="2" fill="#3d3846"/>
-<rect x="27" y="22" width="1" height="1" fill="#241f31"/>
-</g>
-<g transform="translate(0,-172)">
-<rect x="24" y="260" width="80" height="24" ry="4" fill="url(#h)"/>
-<rect x="24" y="220" width="80" height="56" ry="4" fill="url(#g)"/>
-<path transform="translate(0,172)" d="m64 8c-17.728 0-32 14.272-32
32v8h16v-8c0-8.864 7.136-16 16-16s16 7.136 16
16v8h16v-8c0-17.728-14.272-32-32-32z" fill="url(#i)"/>
-</g>
-<path d="m70 50l-4 4v12l24 4v4l4-4v-4l-24-4v-12zm-8 8l-4 4v12l24
4v4l4-4v-4l-24-4v-12zm-8 8l-8 8-8 24 24 4v-8h8l8-8v-4l-24-4v-12z"
fill="url(#f)"/>
-</svg>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.5.0/src/icons/hicolor/symbolic/apps/yast-kerberos-server-symbolic.svg
new/yast2-auth-server-4.5.1/src/icons/hicolor/symbolic/apps/yast-kerberos-server-symbolic.svg
---
old/yast2-auth-server-4.5.0/src/icons/hicolor/symbolic/apps/yast-kerberos-server-symbolic.svg
2022-04-12 13:32:46.000000000 +0200
+++
new/yast2-auth-server-4.5.1/src/icons/hicolor/symbolic/apps/yast-kerberos-server-symbolic.svg
1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg"; width="16" height="16">
- <path d="M 2 0 C 0.892 0 0 0.892 0 2 L 0 3 L 0 11 L 0 14 C 0 15.108 0.892 16
2 16 L 10 16 L 10 14 L 2 14 L 2 11 L 4 11 L 4 10 L 2 10 L 2 8 L 4 8 L 4 7 L 2 7
L 2 5 L 5 5 L 5 4 L 2 4 L 2 3 L 2 2 L 14 2 L 14 4 L 11 4 L 11 5 L 14 5 L 14 7 L
12 7 L 12 8 L 14 8 L 14 10 L 16 10 L 16 5 L 16 2 C 16 0.892 15.108 0 14 0 L 2 0
z M 8 3 C 6.892 3 6 3.892 6 5 L 6 6 L 5.5 6 C 5.223 6 5 6.223 5 6.5 L 5 9.5 C 5
9.777 5.223 10 5.5 10 L 10.5 10 C 10.777 10 11 9.777 11 9.5 L 11 6.5 C 11 6.223
10.777 6 10.5 6 L 10 6 L 10 5 C 10 3.892 9.108 3 8 3 z M 8 4 C 8.554 4 9 4.446
9 5 L 9 6 L 7 6 L 7 5 C 7 4.446 7.446 4 8 4 z M 11 11 L 11 16 L 16 16 L 16 11 L
11 11 z M 3.5 12 C 3.223 12 3 12.223 3 12.5 C 3 12.777 3.223 13 3.5 13 C 3.777
13 4 12.777 4 12.5 C 4 12.223 3.777 12 3.5 12 z M 5.5 12 C 5.223 12 5 12.223 5
12.5 C 5 12.777 5.223 13 5.5 13 C 5.777 13 6 12.777 6 12.5 C 6 12.223 5.777 12
5.5 12 z M 7.5 12 C 7.223 12 7 12.223 7 12.5 C 7 12.777 7.223 13 7.5 13 L 9.5
13 C 9.777 13 10 12.777 10 12.5 C 10 12.223
9.777 12 9.5 12 L 7.5 12 z M 12 12 L 13 12 L 13 13 L 14 13 L 14 12 L 15 12 L
15 14 L 14 14 L 14 15 L 13 15 L 13 14 L 12 14 L 12 12 z " fill="#c0bfbc" />
-</svg>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.5.0/src/lib/authserver/krb/mit.rb
new/yast2-auth-server-4.5.1/src/lib/authserver/krb/mit.rb
--- old/yast2-auth-server-4.5.0/src/lib/authserver/krb/mit.rb 2022-04-12
13:32:46.000000000 +0200
+++ new/yast2-auth-server-4.5.1/src/lib/authserver/krb/mit.rb 1970-01-01
01:00:00.000000000 +0100
@@ -1,187 +0,0 @@
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE LINUX GmbH.
-
-# Authors: Howard Guo <h...@suse.com>
-
-require 'yast'
-require 'open3'
-
-# MITKerberos serves utility functions for setting up a new directory
connected KDC.
-class MITKerberos
- include Yast
- include Yast::Logger
-
- # @see .kdb5_ldap_util_path
- OLD_KDB5_LDAP_UTIL = "/usr/lib/mit/sbin/kdb5_ldap_util".freeze
- KDB5_LDAP_UTIL = "/usr/sbin/kdb5_ldap_util".freeze
-
- private_constant :OLD_KDB5_LDAP_UTIL, :KDB5_LDAP_UTIL
-
- # install_pkgs installs software packages mandatory for setting up MIT
Kerberos server.
- def self.install_pkgs
- Yast.import 'Package'
- # DoInstall never fails
- Package.DoInstall(['krb5-client', 'krb5-server',
'krb5-plugin-kdb-ldap'].delete_if{|name| Package.Installed(name)})
- end
-
- # is_configured returns true only if there kerberos configuration has been
altered.
- def self.is_configured
- # If manual changes were made in config files, RPM verification will see
them.
- _, _, result = Open3.popen2e('rpm', '-V', 'krb5-server')
- return result.value.exitstatus == 0
- end
-
- # gen_client_conf generates /etc/krb5.conf content for setting up a new KDC.
- def self.gen_common_conf(realm_name, fqdn)
- return "[libdefaults]
- # \"dns_canonicalize_hostname\" and \"rdns\" are better set to false
for improved security.
- # If set to true, the canonicalization mechanism performed by Kerberos
client may
- # allow service impersonification, the consequence is similar to
conducting TLS certificate
- # verification without checking host name.
- # If left unspecified, the two parameters will have default value
true, which is less secure.
- dns_canonicalize_hostname = false
- rdns = false
- default_realm = #{realm_name}
-
-[realms]
- #{realm_name} = {
- kdc = #{fqdn}
- admin_server = #{fqdn}
- }
-
-[domain_realm]
- .#{realm_name.downcase} = #{realm_name}
- #{realm_name.downcase} = #{realm_name}
-
-[logging]
- kdc = FILE:/var/log/krb5/krb5kdc.log
- admin_server = FILE:/var/log/krb5/kadmind.log
- default = SYSLOG:NOTICE:DAEMON
-"
- end
-
- # gen_kdc_conf generates /var/lib/kerberos/krb5kdc/kdc.conf content for
setting up a new KDC.
- def self.gen_kdc_conf(realm_name, kdc_dn, admin_dn, container_dn,
pass_file_path, ldaps_addr)
- return "[kdcdefaults]
- kdc_ports = 750,88
-
-[realms]
- #{realm_name} = {
- database_module = contact_ldap
- }
-
-[dbdefaults]
-
-[dbmodules]
- contact_ldap = {
- db_library = kldap
- ldap_kdc_dn = \"#{kdc_dn}\"
- ldap_kadmind_dn = \"#{admin_dn}\"
- ldap_kerberos_container_dn = \"#{container_dn}\"
- ldap_service_password_file = #{pass_file_path}
- ldap_servers = ldaps://#{ldaps_addr}
- }
-
-[logging]
- kdc = FILE:/var/log/krb5/krb5kdc.log
- admin_server = FILE:/var/log/krb5/kadmind.log
-"
- end
-
- # save_password_into_file saves a password into a password stash file for
KDC to consume.
- # Returns tuple of command output and boolean (success or not).
- def self.save_password_into_file(dn, pass, file_path)
- stdin, stdouterr, result = kdb5_ldap_util('stashsrvpw', '-f', file_path,
'-w', pass, dn)
-
- # The utility asks for password input and repeat to verify
- stdin.puts(pass)
- stdin.puts(pass)
- stdin.close
- succeeded = result.value.exitstatus == 0
- if !succeeded
- return [stdouterr.readlines.join('\n'), false]
- end
- File.chmod(0600, file_path)
- return [stdouterr.readlines.join('\n'), true]
- end
-
- # init_dir uses kerberos LDAP utility to prepare a directory server for
kerberos operation.
- # Returns tuple of command output and boolean (success or not).
- def self.init_dir(ldaps_addr, dir_admin_dn, dir_admin_pass, realm_name,
container_dn, master_pass)
- log_args = init_dir_args(ldaps_addr, dir_admin_dn, "********", realm_name,
container_dn, "********")
- log.info(kdb5_ldap_util_path + " " + log_args.join(" "))
-
- args = init_dir_args(ldaps_addr, dir_admin_dn, dir_admin_pass, realm_name,
container_dn, master_pass)
- stdin, stdouterr, result = kdb5_ldap_util(*args)
- stdin.close
-
- return [stdouterr.readlines.join('\n'), result.value.exitstatus == 0]
- end
-
- # restart_kdc restarts KDC system service. Returns true only on success.
- def self.restart_kdc
- _, _, result = Open3.popen2e('/usr/bin/systemctl', 'restart', 'krb5kdc')
- return result.value.exitstatus == 0
- end
-
- # restart_kadmind restarts kerberos administration service. Returns true
only on success.
- def self.restart_kadmind
- _, _, result = Open3.popen2e('/usr/bin/systemctl', 'restart', 'kadmind')
- return result.value.exitstatus == 0
- end
-
- # append_to_log appends current time and content into log file placed under
/root/.
- def self.append_to_log(content)
- log.info(content)
- end
-
- private
-
- # Runs kdb5_ldap_util with the given arguments
- #
- # @params args [Array<String>] list of arguments passed to kdb5_ldap_util
binary
- # @return [Array(IO, IO, Process::Waiter)] i.e., [stdin, stdouterr, result]
- def self.kdb5_ldap_util(*args)
- Open3.popen2e(kdb5_ldap_util_path, *args)
- end
-
- # Path to the kdb5_ldap_util binary
- #
- # Note that the lastest kbr5 package provides the kdb5_ldap_util binary at
/usr/sbin, but older kbr5
- # uses the /usr/lib/mit/sbin path. This method checks which one is available
in the system.
- #
- # @return [String]
- def self.kdb5_ldap_util_path
- File.exist?(KDB5_LDAP_UTIL) ? KDB5_LDAP_UTIL : OLD_KDB5_LDAP_UTIL
- end
-
- # Arguments to use when initializing a dir
- #
- # @see .init_dir
- #
- # @param ldaps_addr [String]
- # @param dir_admin_dn [String]
- # @param dir_admin_pass [String]
- # @param realm_name [String]
- # @param container_dn [String]
- # @param master_pass [String]
- #
- # @return [Array<String>] list of arguments
- def self.init_dir_args(ldaps_addr, dir_admin_dn, dir_admin_pass, realm_name,
container_dn, master_pass)
- [
- '-H', 'ldaps://'+ldaps_addr,
- '-D', dir_admin_dn,
- '-w', dir_admin_pass,
- 'create', '-r', realm_name,
- '-subtrees', container_dn,
- '-s', '-P', master_pass
- ]
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.5.0/src/lib/authserver/ui/new_dir_inst.rb
new/yast2-auth-server-4.5.1/src/lib/authserver/ui/new_dir_inst.rb
--- old/yast2-auth-server-4.5.0/src/lib/authserver/ui/new_dir_inst.rb
2022-04-12 13:32:46.000000000 +0200
+++ new/yast2-auth-server-4.5.1/src/lib/authserver/ui/new_dir_inst.rb
2022-08-01 12:44:13.000000000 +0200
@@ -20,6 +20,10 @@
Yast.import 'Label'
Yast.import 'Popup'
+def y2log
+ "/var/log/YaST2/y2log"
+end
+
# NewDirInst dialog collects setup details as input and eventually creates a
new directory server instance.
class NewDirInst < UI::Dialog
include Yast
@@ -120,7 +124,7 @@
# Always remove the ini file
DS389.remove_setup_ini
if !ok
- Popup.Error(_('Failed to set up new instance! Log output may be found in
/var/log/YaST/y2log'))
+ Popup.Error(format(_('Failed to set up new instance! Log output may be
found in %{y2log}'), y2log: y2log))
UI.ReplaceWidget(Id(:busy), Empty())
return
end
@@ -129,7 +133,7 @@
UI.ReplaceWidget(Id(:busy), Label(_('Configuring instance TLS ...')))
# Turn on TLS
if !DS389.install_tls_in_nss(instance_name, tls_ca, tls_p12)
- Popup.Error(_('Failed to set up new instance! Log output may be found
in /var/log/YaST/y2log'))
+ Popup.Error(format(_('Failed to set up new instance! Log output may be
found in %{y2log}'), y2log: y2log))
UI.ReplaceWidget(Id(:busy), Empty())
return
end
@@ -142,7 +146,7 @@
end
UI.ReplaceWidget(Id(:busy), Empty())
- Popup.Message(_('New instance has been set up! Log output may be found in
/var/log/YaST/y2log'))
+ Popup.Message(format(_('New instance has been set up! Log output may be
found in %{y2log}'), y2log: y2log))
finish_dialog(:next)
UI.ReplaceWidget(Id(:busy), Empty())
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.5.0/src/lib/authserver/ui/new_krb_inst.rb
new/yast2-auth-server-4.5.1/src/lib/authserver/ui/new_krb_inst.rb
--- old/yast2-auth-server-4.5.0/src/lib/authserver/ui/new_krb_inst.rb
2022-04-12 13:32:46.000000000 +0200
+++ new/yast2-auth-server-4.5.1/src/lib/authserver/ui/new_krb_inst.rb
1970-01-01 01:00:00.000000000 +0100
@@ -1,255 +0,0 @@
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE LINUX GmbH.
-
-# Authors: Howard Guo <h...@suse.com>
-
-require 'yast'
-require 'ui/dialog'
-require 'authserver/dir/ds389'
-require 'authserver/dir/client'
-require 'authserver/krb/mit'
-Yast.import 'UI'
-Yast.import 'Icon'
-Yast.import 'Label'
-Yast.import 'Popup'
-
-# NewKrbInst dialog collects setup details as input and eventually
creates/replaces a new Kerberos server instance.
-class NewKrbInst < UI::Dialog
- include Yast
- include UIShortcuts
- include I18n
- include Logger
-
- def initialize
- super
- textdomain 'authserver'
- end
-
- def dialog_options
- Opt(:decorated)
- end
-
- def finish_handler
- finish_dialog(:next)
- end
-
- def dialog_content
- VBox(
- Left(Heading(_('Create New Kerberos Instance'))),
- HBox(
- VBox(
- Frame(_('General options (mandatory)'),
- VBox(
- InputField(Id(:fqdn), Opt(:hstretch), _('Fully
qualified domain name (e.g. krb.example.net)'), ''),
- InputField(Id(:realm), Opt(:hstretch), _('Realm name
(e.g. EXAMPLE.NET)'), ''),
- ),
- ),
- Frame(_('389 directory server connectivity (mandatory)'),
- VBox(
- InputField(Id(:dir_addr), Opt(:hstretch), _('Fully
qualified domain name (e.g. dir.example.net)'), ''),
- InputField(Id(:dir_suffix), Opt(:hstretch),
_('Directory suffix (e.g. dc=example,dc=net)'), ''),
- Password(Id(:dm_pass), Opt(:hstretch),
_('"cn=Directory Manager" password'), ''),
- ),
- ),
- ),
- Frame(_('Security options (mandatory)'),
- VBox(
- Password(Id(:master_pass), Opt(:hstretch), _('Kerberos
database master password'), ''),
- Password(Id(:master_pass_repeat), Opt(:hstretch),
_('Repeat master password'), ''),
- InputField(Id(:kdc_dn), Opt(:hstretch), _('KDC account
to create (e.g. cn=krbkdc)'), ''),
- Password(Id(:kdc_pass), Opt(:hstretch), _('Password of
KDC account'), ''),
- Password(Id(:kdc_pass_repeat), Opt(:hstretch), _('Repeat
password of KDC account'), ''),
- InputField(Id(:admin_dn), Opt(:hstretch), _('Admin
account to create (e.g. cn=krbadm)'), ''),
- Password(Id(:admin_pass), Opt(:hstretch), _('Password of
admin account'), ''),
- Password(Id(:admin_pass_repeat), Opt(:hstretch),
_('Repeat password of admin account'), ''),
- InputField(Id(:container_dn), Opt(:hstretch), _('KDC
container DN (e.g. cn=kdc)'), ''),
- ),
- ),
- ),
- HBox(
- PushButton(Id(:help), Label.HelpButton),
- PushButton(Id(:ok), Label.OKButton),
- PushButton(Id(:finish), Label.CancelButton),
- ),
- ReplacePoint(Id(:busy), Empty()),
- )
- end
-
- def help_handler
- Popup.LongMessage(_('Kerberos is a popular technology for providing
authentication services to internal network.
-Before setting up Kerberos, please make sure that you have administration
rights in a 389 directory server.
-You may set one up using "New Directory Instance" program.'))
- end
-
- def ok_handler
- fqdn = UI.QueryWidget(Id(:fqdn), :Value)
- realm = UI.QueryWidget(Id(:realm), :Value)
-
- dir_addr = UI.QueryWidget(Id(:dir_addr), :Value)
- dir_suffix = UI.QueryWidget(Id(:dir_suffix), :Value)
- container_dn = UI.QueryWidget(Id(:container_dn), :Value) + ',' + dir_suffix
- dm_dn = 'cn=Directory Manager'
- dm_pass = UI.QueryWidget(Id(:dm_pass), :Value)
-
- master_pass = UI.QueryWidget(Id(:master_pass), :Value)
- master_pass_repeat = UI.QueryWidget(Id(:master_pass_repeat), :Value)
- kdc_dn_prefix = UI.QueryWidget(Id(:kdc_dn), :Value)
- kdc_pass = UI.QueryWidget(Id(:kdc_pass), :Value)
- kdc_pass_repeat = UI.QueryWidget(Id(:kdc_pass_repeat), :Value)
- admin_dn_prefix = UI.QueryWidget(Id(:admin_dn), :Value)
- admin_pass = UI.QueryWidget(Id(:admin_pass), :Value)
- admin_pass_repeat = UI.QueryWidget(Id(:admin_pass_repeat), :Value)
-
- # Validate input
- if fqdn == '' || realm == '' ||
- dir_addr == '' || dir_suffix == '' || container_dn == '' ||
- master_pass == '' || master_pass_repeat == '' ||
- dm_dn == '' || dm_pass == '' ||
- kdc_dn_prefix == '' || kdc_pass == '' || kdc_pass_repeat == '' ||
- admin_dn_prefix == '' || admin_pass == '' || admin_pass_repeat == ''
- Popup.Error(_('Please complete setup details. All input fields are
mandatory.'))
- return
- end
- if kdc_pass != kdc_pass_repeat
- Popup.Error(_('Two KDC password entries do not match.'))
- return
- end
- if admin_pass != admin_pass_repeat
- Popup.Error(_('Two admin password entries do not match.'))
- return
- end
- if master_pass != master_pass_repeat
- Popup.Error(_('Two master password entries do not match.'))
- return
- end
- if MITKerberos.is_configured
- if !Popup.YesNo(_('You appear to have altered Kerberos configuration.
-Continue to use this software will completely overwrite your configuration.
-Do you still wish to continue?'))
- return
- end
- end
-
- UI.ReplaceWidget(Id(:busy), Label(_('Installing new instance, this may
take a minute or two.')))
-
- MITKerberos.install_pkgs
- # Enable kerberos schema on 389
- # By default 389-ds ships with this schema enabled today.
-
- # Create kerberos users and give them password in LDAP
- kdc_dn = kdc_dn_prefix+','+dir_suffix
- MITKerberos.append_to_log(kdc_dn)
- admin_dn = admin_dn_prefix+','+dir_suffix
- MITKerberos.append_to_log(admin_dn)
- ldap = LDAPClient.new('ldaps://'+dir_addr, dm_dn, dm_pass)
- MITKerberos.append_to_log('Created ldap client')
- out, ok = ldap.create_person(kdc_dn_prefix, 'Kerberos KDC Connection',
dir_suffix)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Failed to create Kerberos KDC connection user! Log output
may be found in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
- out, ok = ldap.change_password(kdc_dn,kdc_pass)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Failed to create Kerberos KDC connection user! Log output
may be found in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
- out, ok = ldap.create_person(admin_dn_prefix, 'Kerberos Administration
Connection', dir_suffix)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Failed to create Kerberos administration user! Log output
may be found in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
- out, ok = ldap.change_password(admin_dn,admin_pass)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Failed to create Kerberos KDC administration user! Log
output may be found in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
-
- # Make common and KDC configuration files
- # This has to occur the PW files else the default realm is not known
- # to the pwstash command below.
- pass_file_path = '/var/lib/kerberos/krb5kdc/ldap.creds'
-
- MITKerberos.append_to_log('Generating /etc/krb5.conf')
- open('/etc/krb5.conf', 'w') {|fh|
- fh.puts(MITKerberos.gen_common_conf(realm, fqdn))
- }
- MITKerberos.append_to_log('Generating /var/lib/kerberos/krb5kdc/kdc.conf')
- open('/var/lib/kerberos/krb5kdc/kdc.conf', 'w') {|fh|
- fh.puts(MITKerberos.gen_kdc_conf(realm, kdc_dn, admin_dn, container_dn,
pass_file_path, dir_addr))
- }
-
- # Create password file for KDC
- MITKerberos.append_to_log('Generating KRBADM/KDC Passwords to %s' %
pass_file_path)
- out, ok = MITKerberos.save_password_into_file(kdc_dn, kdc_pass,
pass_file_path)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Failed to create password file! Log output may be found
in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
- out, ok = MITKerberos.save_password_into_file(admin_dn, admin_pass,
pass_file_path)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Failed to create password file! Log output may be found
in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
-
- # Let kerberos do its initialisation sequence
- out, ok = MITKerberos.init_dir(dir_addr, dm_dn, dm_pass, realm,
container_dn, master_pass)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Kerberos initialisation failure! Log output may be found
in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
-
- # Give kerberos rights to modify directory, relies on the kdc container
existing
- out, ok = ldap.aci_allow_modify(container_dn, 'kerberos-admin', admin_dn)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Failed to modify directory permission! Log output may be
found in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
- out, ok = ldap.aci_allow_modify(container_dn, 'kerberos-kdc', kdc_dn)
- MITKerberos.append_to_log('%s' % out)
- if !ok
- Popup.Error(_('Failed to modify directory permission! Log output may be
found in /var/log/YaST/y2log'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
-
- # Kerberos may finally start
- if !MITKerberos.restart_kdc
- Popup.Error(_('Failed to start KDC, please inspect the journal of
krb5kdc.service'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
- if !MITKerberos.restart_kadmind
- Popup.Error(_('Failed to start kadmind, please inspect the journal of
kadmind.service'))
- UI.ReplaceWidget(Id(:busy), Empty())
- return
- end
-
- UI.ReplaceWidget(Id(:busy), Empty())
- Popup.Message(_('New instance has been set up! Log output may be found in
/var/log/YaST/y2log'))
- finish_dialog(:next)
- UI.ReplaceWidget(Id(:busy), Empty())
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-auth-server-4.5.0/test/krb_test.rb
new/yast2-auth-server-4.5.1/test/krb_test.rb
--- old/yast2-auth-server-4.5.0/test/krb_test.rb 2022-04-12
13:32:46.000000000 +0200
+++ new/yast2-auth-server-4.5.1/test/krb_test.rb 1970-01-01
01:00:00.000000000 +0100
@@ -1,180 +0,0 @@
-#!/usr/bin/env rspec
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, contact SUSE LINUX GmbH.
-
-# Authors: Howard Guo <h...@suse.com>
-
-require_relative "test_helper.rb"
-
-require 'pp'
-require 'authserver/krb/mit'
-
-describe MITKerberos do
- it 'gen_common_conf' do
- match = '[libdefaults]
- # "dns_canonicalize_hostname" and "rdns" are better set to false for
improved security.
- # If set to true, the canonicalization mechanism performed by Kerberos
client may
- # allow service impersonification, the consequence is similar to
conducting TLS certificate
- # verification without checking host name.
- # If left unspecified, the two parameters will have default value
true, which is less secure.
- dns_canonicalize_hostname = false
- rdns = false
- default_realm = EXAMPLE.COM
-
-[realms]
- EXAMPLE.COM = {
- kdc = krb.example.com
- admin_server = krb.example.com
- }
-
-[domain_realm]
- .example.com = EXAMPLE.COM
- example.com = EXAMPLE.COM
-
-[logging]
- kdc = FILE:/var/log/krb5/krb5kdc.log
- admin_server = FILE:/var/log/krb5/kadmind.log
- default = SYSLOG:NOTICE:DAEMON
-'
- expect(MITKerberos.gen_common_conf('EXAMPLE.COM', 'krb.example.com')).to
eq(match)
- end
-
- it 'gen_kdc_comf' do
- match = '[kdcdefaults]
- kdc_ports = 750,88
-
-[realms]
- EXAMPLE.COM = {
- database_module = contact_ldap
- }
-
-[dbdefaults]
-
-[dbmodules]
- contact_ldap = {
- db_library = kldap
- ldap_kdc_dn = "cn=kdc"
- ldap_kadmind_dn = "cn=adm"
- ldap_kerberos_container_dn = "cn=container"
- ldap_service_password_file = /pass
- ldap_servers = ldaps://dir.example.net
- }
-
-[logging]
- kdc = FILE:/var/log/krb5/krb5kdc.log
- admin_server = FILE:/var/log/krb5/kadmind.log
-'
- expect(MITKerberos.gen_kdc_conf('EXAMPLE.COM', 'cn=kdc', 'cn=adm',
'cn=container', '/pass', 'dir.example.net')).to eq(match)
- end
-
- shared_context "kdb5_ldap_util mock" do
- before do
- allow(File).to receive(:exist?).and_call_original
- allow(File).to
receive(:exist?).with("/usr/lib/mit/sbin/kdb5_ldap_util").and_return(old_path)
- allow(File).to
receive(:exist?).with("/usr/sbin/kdb5_ldap_util").and_return(!old_path)
-
- allow(File).to receive(:chmod)
-
- allow(Open3).to receive(:popen2e).and_return([stdin, stdouterr, waiter])
- end
-
- let(:stdin) { instance_double(IO, puts: true, close: true) }
-
- let(:stdouterr) { instance_double(IO, readlines: outerr) }
-
- let(:waiter) { instance_double(Process::Waiter, value: status) }
-
- let(:status) { instance_double(Process::Status, exitstatus: exitstatus) }
-
- let(:outerr) { [] }
-
- let(:exitstatus) { 0 }
-
- let(:old_path) { false }
- end
-
- shared_examples "kdb5_ldap_util" do |method, *args|
- context "when the kdb5_ldap_util is found in /usr/sbin" do
- let(:old_path) { false }
-
- it "calls kdb5_ldap_util from /usr/sbin" do
- expect(Open3).to receive(:popen2e).with("/usr/sbin/kdb5_ldap_util",
any_args)
-
- MITKerberos.send(method, *args)
- end
- end
-
- context "when the kdb5_ldap_util is not found in /usr/sbin" do
- let(:old_path) { true }
-
- it "calls kdb5_ldap_util from /usr/lib/mit/sbin" do
- expect(Open3).to
receive(:popen2e).with("/usr/lib/mit/sbin/kdb5_ldap_util", any_args)
-
- MITKerberos.send(method, *args)
- end
- end
-
- context "on success" do
- let(:outerr) { ["message1", "error1"] }
-
- let(:exitstatus) { 0 }
-
- it "returns stdouterr and true" do
- result = MITKerberos.send(method, *args)
-
- expect(result).to eq(["message1\\nerror1", true])
- end
- end
-
- context "on failure" do
- let(:outerr) { ["message1", "error1"] }
-
- let(:exitstatus) { 1 }
-
- it "returns stdouterr and false" do
- result = MITKerberos.send(method, *args)
-
- expect(result).to eq(["message1\\nerror1", false])
- end
- end
- end
-
- describe ".save_password_into_file" do
- include_context "kdb5_ldap_util mock"
-
- it "calls kdb5_ldap_util with correct arguments" do
- expect(Open3).to receive(:popen2e)
- .with(/kdb5_ldap_util/, "stashsrvpw", "-f", "path/to/file", "-w",
"pass", "example")
-
- MITKerberos.save_password_into_file("example", "pass", "path/to/file")
- end
-
- include_examples "kdb5_ldap_util", :save_password_into_file, "example",
"pass", "path/to/file"
- end
-
- describe ".init_dir" do
- include_context "kdb5_ldap_util mock"
-
- it "calls kdb5_ldap_util with correct arguments" do
- expect(Open3).to receive(:popen2e)
- .with(/kdb5_ldap_util/,
- "-H", "ldaps://addr",
- "-D", "dn",
- "-w", "a_pass",
- "create", "-r", "name",
- "-subtrees", "c_dn",
- "-s", "-P", "m_pass")
-
- MITKerberos.init_dir("addr", "dn", "a_pass", "name", "c_dn", "m_pass")
- end
-
- include_examples "kdb5_ldap_util", :init_dir, "addr", "dn", "a_pass",
"name", "c_dn", "m_pass"
- end
-end
