Hello community, here is the log from the commit of package yast2-auth-client for openSUSE:Factory checked in at 2017-09-04 12:39:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-auth-client (Old) and /work/SRC/openSUSE:Factory/.yast2-auth-client.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-client" Mon Sep 4 12:39:29 2017 rev:30 rq:520581 version:3.3.17 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-auth-client/yast2-auth-client.changes 2016-10-14 09:06:28.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-auth-client.new/yast2-auth-client.changes 2017-09-04 12:39:32.140388107 +0200 @@ -1,0 +2,35 @@ +Tue Aug 29 13:54:21 UTC 2017 - [email protected] + +- Bump to version 3.3.17 to fix two issues: + * Mistake in kerberos config file parser removes default_ccache_name + key (bsc#1054436). + * PAM configuration did not allow local user login if pam_unix2 is + in use (bsc#1056158). + +------------------------------------------------------------------- +Fri Jun 16 13:47:40 UTC 2017 - [email protected] + +- Bump to version 3.3.16 to fix minor issues across UI and backend: + * Fix misspelt kerberos option name "noaddresses". + * Improve UI captions, consistency. + * Introduce module name "auth" as an alias to "auth-client". + for bsc#1043211, bsc#1043184, bsc#1032733. + +------------------------------------------------------------------- +Tue May 23 13:00:19 UTC 2017 - [email protected] + +- Bump to version 3.3.15 to fix four issues: + * Correctly install sss name databases even in the presence of + special NSS database directives (bsc#1024841). + * Fix missing translation of "Leave Domain" button (bsc#1038291). + * Do AD's DNS lookup in lower case (bsc#1038720). + * Understand XML data exported by SLES 12 SP0 (bsc#1040393). + +------------------------------------------------------------------- +Fri May 19 11:41:59 UTC 2017 - [email protected] + +- Translation fix: Ruby gettext cannot extract translatable texts + from interpolated strings (bsc#1038077) +- 3.3.14 + +------------------------------------------------------------------- Old: ---- yast2-auth-client-3.3.13.tar.bz2 New: ---- yast2-auth-client-3.3.17.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-auth-client.spec ++++++ --- /var/tmp/diff_new_pack.bQKLIz/_old 2017-09-04 12:39:32.708308206 +0200 +++ /var/tmp/diff_new_pack.bQKLIz/_new 2017-09-04 12:39:32.724305956 +0200 @@ -1,7 +1,7 @@ # # spec file for package yast2-auth-client # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 3.3.13 +Version: 3.3.17 Release: 0 Url: https://github.com/yast/yast-auth-client Summary: YaST2 - Centralised System Authentication Configuration ++++++ yast2-auth-client-3.3.13.tar.bz2 -> yast2-auth-client-3.3.17.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/.travis.yml new/yast2-auth-client-3.3.17/.travis.yml --- old/yast2-auth-client-3.3.13/.travis.yml 2016-10-13 10:40:51.134014108 +0200 +++ new/yast2-auth-client-3.3.17/.travis.yml 2017-09-04 08:38:24.906690959 +0200 @@ -1,14 +1,11 @@ -language: cpp -compiler: - - gcc +sudo: required +language: bash +services: + - docker + before_install: - # disable rvm, use system Ruby - - rvm reset - - wget https://raw.githubusercontent.com/yast/yast-devtools/master/travis-tools/travis_setup.sh - - sh ./travis_setup.sh -p "rake yast2-devtools yast2-testsuite yast2 yast2-pam yast2-network" -g "rspec:3.3.0 yast-rake gettext" + - docker build -t yast-auth-client-image . script: - - rake check:syntax - - rake check:pot - - rake check:license - - rake test:unit - + # the "yast-travis-ruby" script is included in the base yastdevel/ruby image + # see https://github.com/yast/docker-yast-ruby/blob/master/yast-travis-ruby + - docker run -it -e TRAVIS=1 -e TRAVIS_JOB_ID="$TRAVIS_JOB_ID" yast-auth-client-image yast-travis-ruby diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/Dockerfile new/yast2-auth-client-3.3.17/Dockerfile --- old/yast2-auth-client-3.3.13/Dockerfile 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-auth-client-3.3.17/Dockerfile 2017-09-04 08:38:24.906690959 +0200 @@ -0,0 +1,3 @@ +FROM yastdevel/ruby +COPY . /usr/src/app + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/package/yast2-auth-client.changes new/yast2-auth-client-3.3.17/package/yast2-auth-client.changes --- old/yast2-auth-client-3.3.13/package/yast2-auth-client.changes 2016-10-13 10:40:51.134014108 +0200 +++ new/yast2-auth-client-3.3.17/package/yast2-auth-client.changes 2017-09-04 08:38:24.906690959 +0200 @@ -1,4 +1,39 @@ ------------------------------------------------------------------- +Tue Aug 29 13:54:21 UTC 2017 - [email protected] + +- Bump to version 3.3.17 to fix two issues: + * Mistake in kerberos config file parser removes default_ccache_name + key (bsc#1054436). + * PAM configuration did not allow local user login if pam_unix2 is + in use (bsc#1056158). + +------------------------------------------------------------------- +Fri Jun 16 13:47:40 UTC 2017 - [email protected] + +- Bump to version 3.3.16 to fix minor issues across UI and backend: + * Fix misspelt kerberos option name "noaddresses". + * Improve UI captions, consistency. + * Introduce module name "auth" as an alias to "auth-client". + for bsc#1043211, bsc#1043184, bsc#1032733. + +------------------------------------------------------------------- +Tue May 23 13:00:19 UTC 2017 - [email protected] + +- Bump to version 3.3.15 to fix four issues: + * Correctly install sss name databases even in the presence of + special NSS database directives (bsc#1024841). + * Fix missing translation of "Leave Domain" button (bsc#1038291). + * Do AD's DNS lookup in lower case (bsc#1038720). + * Understand XML data exported by SLES 12 SP0 (bsc#1040393). + +------------------------------------------------------------------- +Fri May 19 11:41:59 UTC 2017 - [email protected] + +- Translation fix: Ruby gettext cannot extract translatable texts + from interpolated strings (bsc#1038077) +- 3.3.14 + +------------------------------------------------------------------- Wed Oct 12 07:56:07 UTC 2016 - [email protected] - Add a missing nil check in network fact reader. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/package/yast2-auth-client.spec new/yast2-auth-client-3.3.17/package/yast2-auth-client.spec --- old/yast2-auth-client-3.3.13/package/yast2-auth-client.spec 2016-10-13 10:40:51.134014108 +0200 +++ new/yast2-auth-client-3.3.17/package/yast2-auth-client.spec 2017-09-04 08:38:24.906690959 +0200 @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 3.3.13 +Version: 3.3.17 Release: 0 Url: https://github.com/yast/yast-auth-client Summary: YaST2 - Centralised System Authentication Configuration diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/clients/auth.rb new/yast2-auth-client-3.3.17/src/clients/auth.rb --- old/yast2-auth-client-3.3.13/src/clients/auth.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-auth-client-3.3.17/src/clients/auth.rb 2017-09-04 08:38:24.906690959 +0200 @@ -0,0 +1,28 @@ +# encoding: utf-8 + +# ------------------------------------------------------------------------------ +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of version 2 of the GNU General Public License as published by the +# Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, contact SUSE Linux GmbH. +# +# ------------------------------------------------------------------------------ + +# Module: Configure system-wide authentication mechanisms via SSSD +# Summary: Invoke main dialog and allow configuring SSSD, this is an alias of +# less appropriately named "auth-client". +# Authors: Howard Guo <[email protected]> + +require 'auth/authconf' +require 'authui/main_dialog' + +Auth::AuthConfInst.read_all +Auth::MainDialog.new(:sssd).run diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/auth/authconf.rb new/yast2-auth-client-3.3.17/src/lib/auth/authconf.rb --- old/yast2-auth-client-3.3.13/src/lib/auth/authconf.rb 2016-10-13 10:40:51.134014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/auth/authconf.rb 2017-09-04 08:38:24.910690959 +0200 @@ -121,9 +121,22 @@ # Enable the specified NSS database. def nss_enable_module(db_name, module_name) - names = Yast::Nsswitch.ReadDb(db_name) - return if names.include?(module_name) - Yast::Nsswitch.WriteDb(db_name, names + [module_name]) + existing_names = Yast::Nsswitch.ReadDb(db_name) + return if existing_names.include?(module_name) + # Place new module in front of first conditional module + new_names = [] + new_module_is_placed = false + existing_names.each { |name| + if name[0] == '[' + new_names << module_name + new_module_is_placed = true + end + new_names << name + } + if !new_module_is_placed + new_names << module_name + end + Yast::Nsswitch.WriteDb(db_name, new_names) Yast::Nsswitch.Write end @@ -156,7 +169,7 @@ # Be extra careful with making changes. # Return replacement lines after adjustments. def pam_fix_auth(original_lines) - sufficient_auth = ['pam_unix.so', 'pam_sss.so', 'pam_ldap.so', 'pam_krb5.so'] + sufficient_auth = ['pam_unix.so', 'pam_unix2.so', 'pam_sss.so', 'pam_ldap.so', 'pam_krb5.so'] ret = [] original_lines.each { |line| line.strip! @@ -196,7 +209,7 @@ line.strip! columns = line.split(/\s+/) if !/\s*#/.match(line) && columns.length >= 3 - if columns[2] == 'pam_unix.so' + if columns[2] == 'pam_unix.so' || columns[2] == 'pam_unix2.so' ret.push(columns.join(' ')) ret.push('account sufficient pam_localuser.so') elsif columns[2] != 'pam_localuser.so' @@ -571,7 +584,7 @@ if exitstatus == 0 return '' end - return "#{_('ERROR: ')} #{out}\n#{errout}" + return _("ERROR: ") + "#{out}\n#{errout}" end # Parse and set Kerberos configuration @@ -986,7 +999,7 @@ # Return the PDC host name of the given AD domain via DNS lookup. If it cannot be found, return an empty string. def ad_find_pdc(ad_domain_name) begin - return Resolv::DNS.new.getresource("_ldap._tcp.pdc._msdcs.#{ad_domain_name}", Resolv::DNS::Resource::IN::SRV).target.to_s + return Resolv::DNS.new.getresource("_ldap._tcp.pdc._msdcs.#{ad_domain_name}".downcase, Resolv::DNS::Resource::IN::SRV).target.to_s rescue Resolv::ResolvError return '' end @@ -996,7 +1009,7 @@ # Return the KDC host name of the given AD domain via DNS lookup. If it cannot be found, return an empty string. def ad_find_kdc(ad_domain_name) begin - return Resolv::DNS.new.getresource("_kerberos._tcp.dc._msdcs.#{ad_domain_name}", Resolv::DNS::Resource::IN::SRV).target.to_s + return Resolv::DNS.new.getresource("_kerberos._tcp.dc._msdcs.#{ad_domain_name}".downcase, Resolv::DNS::Resource::IN::SRV).target.to_s rescue Resolv::ResolvError return '' end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/auth/krbparse.rb new/yast2-auth-client-3.3.17/src/lib/auth/krbparse.rb --- old/yast2-auth-client-3.3.13/src/lib/auth/krbparse.rb 2016-10-13 10:40:51.134014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/auth/krbparse.rb 2017-09-04 08:38:24.910690959 +0200 @@ -78,7 +78,7 @@ next end # Note down key-value pairs in the current section - kv_match = /^\s*([.a-zA-Z0-9_-]+)\s*=\s*([^{}]+)\s*$/.match(line) + kv_match = /^\s*([.a-zA-Z0-9_-]+)\s*=\s*(.+)\s*$/.match(line) if kv_match if !new_krb_conf[sect] new_krb_conf[sect] = {} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/authui/autoclient.rb new/yast2-auth-client-3.3.17/src/lib/authui/autoclient.rb --- old/yast2-auth-client-3.3.13/src/lib/authui/autoclient.rb 2016-10-13 10:40:51.134014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/authui/autoclient.rb 2017-09-04 08:38:24.910690959 +0200 @@ -42,9 +42,13 @@ def import(exported) if exported.has_key?('sssd') # Import legacy XML configuration from SLE 12 SP0 or SP1 - enabled = exported.fetch('sssd', nil) - daemon = exported.fetch('sssd_conf', {}).fetch('sssd', nil) - domain = exported.fetch('sssd_conf', {}).fetch('auth_domains', {}).fetch('domain', {}) + sssd = exported['sssd'] + if sssd.has_key?('listentry') + sssd = sssd['listentry'] + end + enabled = sssd.fetch('sssd', nil) + daemon = sssd.fetch('sssd_conf', {}).fetch('sssd', nil) + domain = sssd.fetch('sssd_conf', {}).fetch('auth_domains', {}).fetch('domain', {}) domain_name = domain.fetch('domain_name', nil) if enabled != 'yes' || daemon.nil? || domain_name.nil? log.info('legacy configuration is empty or disabled') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/authui/ldapkrb/edit_realm_dialog.rb new/yast2-auth-client-3.3.17/src/lib/authui/ldapkrb/edit_realm_dialog.rb --- old/yast2-auth-client-3.3.13/src/lib/authui/ldapkrb/edit_realm_dialog.rb 2016-10-13 10:40:51.138014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/authui/ldapkrb/edit_realm_dialog.rb 2017-09-04 08:38:24.910690959 +0200 @@ -57,9 +57,9 @@ VSpacing(1.0), InputField(Id(:admin_server), Opt(:hstretch), _('Host Name of Administration Server (Optional)'), AuthConfInst.krb_conf_get(['realms', @realm_name, 'admin_server'], '')), - InputField(Id(:master_kdc), Opt(:hstretch), _('Host Name of Master Key Distribution Server (Optional)'), + InputField(Id(:master_kdc), Opt(:hstretch), _('Host Name of Master Key Distribution Center (Optional)'), AuthConfInst.krb_conf_get(['realms', @realm_name, 'master_kdc'], '')), - SelectionBox(Id(:kdc), Opt(:hstretch), _('Key Distribution Centres (Optional If Auto-Discovery via DNS is Enabled)'), + SelectionBox(Id(:kdc), Opt(:hstretch), _('Key Distribution Centers (Optional If Auto-Discovery via DNS is Enabled)'), AuthConfInst.krb_conf_get(['realms', @realm_name, 'kdc'], [])), Left(HBox(PushButton(Id(:kdc_add), Label.AddButton), PushButton(Id(:kdc_remove), Label.DeleteButton))), VSpacing(1.0), @@ -99,7 +99,7 @@ # Add an auth_to_local def a2l_add_handler - new_a2l = GenericInputDialog.new(_('Please type in the auth_to_local rule:'), '').run + new_a2l = GenericInputDialog.new(_('Please type the new rule string (e.g. "RULE:[2:$1](johndoe)s/^.*$/guest/")'), '').run if !new_a2l.nil? UI.ChangeWidget(Id(:auth_to_local), :Items, UI.QueryWidget(Id(:auth_to_local), :Items) + [new_a2l]) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/authui/ldapkrb/krb_extended_opts_dialog.rb new/yast2-auth-client-3.3.17/src/lib/authui/ldapkrb/krb_extended_opts_dialog.rb --- old/yast2-auth-client-3.3.13/src/lib/authui/ldapkrb/krb_extended_opts_dialog.rb 2016-10-13 10:40:51.138014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/authui/ldapkrb/krb_extended_opts_dialog.rb 2017-09-04 08:38:24.910690959 +0200 @@ -56,7 +56,7 @@ InputField(Id(:extra_addresses), Opt(:hstretch), _('Additional Addresses to be put in Ticket (Comma separated)'), AuthConfInst.krb_conf_get(['libdefaults', 'extra_addresses'], '')), VSpacing(1.0), - HBox(PushButton(Id(:reset), _('Reset')), PushButton(Id(:finish), Label.FinishButton)), + HBox(PushButton(Id(:reset), _('Reset')), PushButton(Id(:finish), Label.OKButton)), )) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/authui/ldapkrb/ldap_extended_opts_dialog.rb new/yast2-auth-client-3.3.17/src/lib/authui/ldapkrb/ldap_extended_opts_dialog.rb --- old/yast2-auth-client-3.3.13/src/lib/authui/ldapkrb/ldap_extended_opts_dialog.rb 2016-10-13 10:40:51.138014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/authui/ldapkrb/ldap_extended_opts_dialog.rb 2017-09-04 08:38:24.910690959 +0200 @@ -51,7 +51,7 @@ IntField(Id(:ldap_timelimit), Opt(:hstretch), _('Timeout for Search Operations in Seconds'), 1, 600, (AuthConfInst.ldap_conf['timelimit'].to_s == '' ? '30' : AuthConfInst.ldap_conf['timelimit']).to_i), VSpacing(1.0), - PushButton(Id(:finish), Label.FinishButton) + PushButton(Id(:finish), Label.OKButton) )) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/authui/ldapkrb/main_dialog.rb new/yast2-auth-client-3.3.17/src/lib/authui/ldapkrb/main_dialog.rb --- old/yast2-auth-client-3.3.13/src/lib/authui/ldapkrb/main_dialog.rb 2016-10-13 10:40:51.138014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/authui/ldapkrb/main_dialog.rb 2017-09-04 08:38:24.910690959 +0200 @@ -320,7 +320,7 @@ end AuthConfInst.krb_conf['libdefaults']['forwardable'] = UI.QueryWidget(Id(:krb_forwardable), :Value) AuthConfInst.krb_conf['libdefaults']['proxiable'] = UI.QueryWidget(Id(:krb_proxiable), :Value) - AuthConfInst.krb_conf['libdefaults']['noaddress'] = UI.QueryWidget(Id(:krb_noaddress), :Value) + AuthConfInst.krb_conf['libdefaults']['noaddresses'] = UI.QueryWidget(Id(:krb_noaddresses), :Value) AuthConfInst.krb_conf['libdefaults']['dns_lookup_realm'] = UI.QueryWidget(Id(:krb_dns_lookup_realm), :Value) AuthConfInst.krb_conf['libdefaults']['dns_lookup_kdc'] = UI.QueryWidget(Id(:krb_dns_lookup_kdc), :Value) AuthConfInst.krb_conf['libdefaults']['allow_weak_crypto'] = UI.QueryWidget(Id(:krb_allow_weak_crypto), :Value) @@ -413,7 +413,7 @@ Top(VBox( Left(CheckBox(Id(:krb_dns_lookup_realm), _('Use DNS TXT Record to Discover Realms'), AuthConfInst.krb_conf_get_bool(['libdefaults', 'dns_lookup_realm'], false))), - Left(CheckBox(Id(:krb_dns_lookup_kdc), _('Use DNS SVC record to Discover KDC servers'), + Left(CheckBox(Id(:krb_dns_lookup_kdc), _('Use DNS SRV record to Discover KDC servers'), AuthConfInst.krb_conf_get_bool(['libdefaults', 'dns_lookup_kdc'], false))), VSpacing(1.0), Left(CheckBox(Id(:krb_allow_weak_crypto), _('Allow Insecure Encryption (Windows NT)'), @@ -422,8 +422,8 @@ AuthConfInst.krb_conf_get_bool(['libdefaults', 'forwardable'], false))), Left(CheckBox(Id(:krb_proxiable), _('Allow Kerberos-Enabled Services to Take on The Identity Of a User'), AuthConfInst.krb_conf_get_bool(['libdefaults', 'proxiable'], false))), - Left(CheckBox(Id(:krb_noaddress), _('Issue Address-Less Tickets for Computers Behind NAT'), - AuthConfInst.krb_conf_get_bool(['libdefaults', 'noaddress'], false))), + Left(CheckBox(Id(:krb_noaddresses), _('Issue Address-Less Tickets for Computers Behind NAT'), + AuthConfInst.krb_conf_get_bool(['libdefaults', 'noaddresses'], false))), VSpacing(1.0), Left(PushButton(Id(:krb_extended_opts), _('Extended Options'))), )), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/authui/main_dialog.rb new/yast2-auth-client-3.3.17/src/lib/authui/main_dialog.rb --- old/yast2-auth-client-3.3.13/src/lib/authui/main_dialog.rb 2016-10-13 10:40:51.138014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/authui/main_dialog.rb 2017-09-04 08:38:24.910690959 +0200 @@ -60,13 +60,13 @@ end def dialog_content - conf_buttons = [PushButton(Id(:change_settings), _('Change Settings')), PushButton(Id(:finish), Label.FinishButton)] + conf_buttons = [PushButton(Id(:change_settings), _('Change Settings')), PushButton(Id(:finish), Label.OKButton)] if @entry_point == :auto # Allow entering both SSSD and ldapkrb settings conf_buttons = [ PushButton(Id(:change_sssd_settings), _('User Logon Configuration')), PushButton(Id(:change_ldapkrb_settings), _('LDAP/Kerberos Configuration')), - PushButton(Id(:finish), Label.FinishButton) + PushButton(Id(:finish), Label.OKButton) ] end VBox( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/src/lib/authui/sssd/main_dialog.rb new/yast2-auth-client-3.3.17/src/lib/authui/sssd/main_dialog.rb --- old/yast2-auth-client-3.3.13/src/lib/authui/sssd/main_dialog.rb 2016-10-13 10:40:51.138014108 +0200 +++ new/yast2-auth-client-3.3.17/src/lib/authui/sssd/main_dialog.rb 2017-09-04 08:38:24.910690959 +0200 @@ -88,7 +88,7 @@ VSpacing(0.2), Tree(Id(:section_tree), Opt(:immediate), "", []), Left(HBox( - PushButton(Id(:new_domain), _("Join Domain")), + PushButton(Id(:new_domain), _("Add Domain")), PushButton(Id(:del_domain), _("Leave Domain")), PushButton(Id(:clear_cache), _("Clear Domain Cache")) )), @@ -217,7 +217,7 @@ Popup.Error(_("Please select a domain among the list.")) redo end - if !Popup.YesNo(_("Do you really wish to erase configuration for domain %s?" % sect_name)) + if !Popup.YesNo(_("Do you really wish to erase configuration for domain %s?") % sect_name) redo end AuthConfInst.sssd_conf.delete(sect_name) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/test/authconf_test.rb new/yast2-auth-client-3.3.17/test/authconf_test.rb --- old/yast2-auth-client-3.3.13/test/authconf_test.rb 2016-10-13 10:40:51.142014108 +0200 +++ new/yast2-auth-client-3.3.17/test/authconf_test.rb 2017-09-04 08:38:24.926690959 +0200 @@ -25,17 +25,14 @@ require 'pp' require 'auth/authconf' -include Yast -include Auth - -describe AuthConf do +describe Auth::AuthConf do before(:all) do change_scr_root(File.expand_path('../authconf_chroot', __FILE__)) end after(:all) do reset_scr_root end - authconf = AuthConfInst + authconf = Auth::AuthConfInst describe 'SSSD' do it 'Read, lint, and export SSSD configuration' do @@ -197,6 +194,7 @@ # default_realm = EXAMPLE.COM default_realm = ABC.ZZZ forwardable = true + default_ccache_name = FILE:/tmp/krb5cc_%{uid} [realms] # EXAMPLE.COM = { @@ -252,7 +250,7 @@ ') expect(authconf.krb_export).to eq("conf"=>{ "include"=>["include a/b/c.d", "includedir e/f/g.h", "module i/j/k.l:RESIDUAL"], - "libdefaults"=>{"default_realm"=>"ABC.ZZZ", "forwardable"=>"true"}, + "libdefaults"=>{"default_realm"=>"ABC.ZZZ", "forwardable"=>"true", "default_ccache_name"=>"FILE:/tmp/krb5cc_%{uid}"}, "realms"=>{ "ABC.ZZZ"=>{ "kdc"=>["howie.suse.de", "backup.howie.suse.de"], @@ -289,6 +287,7 @@ [libdefaults] default_realm = ABC.ZZZ forwardable = true + default_ccache_name = FILE:/tmp/krb5cc_%{uid} [domain_realms] .suse.de = ABC.ZZZ @@ -398,7 +397,7 @@ describe 'Network facts' do it 'Read host name and network facts' do - facts = AuthConf.get_net_facts + facts = Auth::AuthConf.get_net_facts # No value can be nil expect(facts.any?{ |_k, v| v.nil? }).to eq(false) # There has to be at least one value that is present @@ -428,6 +427,29 @@ "auth required pam_deny.so" ] end + + it 'Fix pam authentication configuration (unix2)' do + expect(authconf.pam_fix_auth(" +# comment +auth required pam_env.so +auth optional pam_gnome_keyring.so +auth sufficient pam_unix2.so try_first_pass +auth sufficient pam_krb5.so use_first_pass +auth sufficient pam_sss.so use_first_pass +auth required pam_ldap.so use_first_pass +".split("\n"))).to eq [ + "", + "# comment", + "auth required pam_env.so", + "auth optional pam_gnome_keyring.so", + "auth sufficient pam_unix2.so try_first_pass", + "auth sufficient pam_krb5.so use_first_pass", + "auth sufficient pam_sss.so use_first_pass", + "auth sufficient pam_ldap.so use_first_pass", + "auth required pam_deny.so" + ] + end + it 'Fix pam account configuration' do expect(authconf.pam_fix_account(" # comment @@ -443,6 +465,25 @@ "account sufficient pam_localuser.so", "account required pam_krb5.so use_first_pass", "account sufficient pam_sss.so use_first_pass", + "account required pam_ldap.so use_first_pass" + ] + end + + it 'Fix pam account configuration (unix2)' do + expect(authconf.pam_fix_account(" +# comment +account requisite pam_unix2.so try_first_pass +account required pam_krb5.so use_first_pass +account sufficient pam_localuser.so +account sufficient pam_sss.so use_first_pass +account required pam_ldap.so use_first_pass +".split("\n"))).to eq [ + "", + "# comment", + "account requisite pam_unix2.so try_first_pass", + "account sufficient pam_localuser.so", + "account required pam_krb5.so use_first_pass", + "account sufficient pam_sss.so use_first_pass", "account required pam_ldap.so use_first_pass" ] end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.3.13/test/sssd_uidata_test.rb new/yast2-auth-client-3.3.17/test/sssd_uidata_test.rb --- old/yast2-auth-client-3.3.13/test/sssd_uidata_test.rb 2016-10-13 10:40:51.142014108 +0200 +++ new/yast2-auth-client-3.3.17/test/sssd_uidata_test.rb 2017-09-04 08:38:24.926690959 +0200 @@ -28,7 +28,7 @@ 'extra_svcs'=>[], 'enabled'=>false} # AuthConfInst is the backbone of uidata - AuthConf::AuthConfInst.sssd_import(preload_conf) + Auth::AuthConfInst.sssd_import(preload_conf) it "Retrieve global options from section sssd that does not yet have parameters " do # Section configuration is a list of ["name", "value", "desc"]
