Hello community, here is the log from the commit of package yast2-auth-client for openSUSE:Factory checked in at 2019-02-28 21:48:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-auth-client (Old) and /work/SRC/openSUSE:Factory/.yast2-auth-client.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-client" Thu Feb 28 21:48:59 2019 rev:34 rq:680193 version:4.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-auth-client/yast2-auth-client.changes 2018-12-31 09:40:21.754512594 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-auth-client.new.28833/yast2-auth-client.changes 2019-02-28 21:49:00.601381443 +0100 @@ -1,0 +2,6 @@ +Fri Feb 15 17:47:05 UTC 2019 - David Mulder <dmul...@suse.com> + +- yast auth-client and krb5.conf wrong domain_realm entry; (bsc#1122026) +- 4.1.1 + +------------------------------------------------------------------- Old: ---- yast2-auth-client-4.1.0.tar.bz2 New: ---- yast2-auth-client-4.1.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-auth-client.spec ++++++ --- /var/tmp/diff_new_pack.Ys6tb4/_old 2019-02-28 21:49:01.149381209 +0100 +++ /var/tmp/diff_new_pack.Ys6tb4/_new 2019-02-28 21:49:01.153381207 +0100 @@ -1,7 +1,7 @@ # # spec file for package yast2-auth-client # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 4.1.0 +Version: 4.1.1 Release: 0 Url: https://github.com/yast/yast-auth-client Summary: YaST2 - Centralised System Authentication Configuration ++++++ yast2-auth-client-4.1.0.tar.bz2 -> yast2-auth-client-4.1.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/package/yast2-auth-client.changes new/yast2-auth-client-4.1.1/package/yast2-auth-client.changes --- old/yast2-auth-client-4.1.0/package/yast2-auth-client.changes 2018-11-28 12:10:38.000000000 +0100 +++ new/yast2-auth-client-4.1.1/package/yast2-auth-client.changes 2019-02-28 18:57:28.000000000 +0100 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Fri Feb 15 17:47:05 UTC 2019 - David Mulder <dmul...@suse.com> + +- yast auth-client and krb5.conf wrong domain_realm entry; (bsc#1122026) +- 4.1.1 + +------------------------------------------------------------------- Fri Nov 23 21:46:44 UTC 2018 - Stasiek Michalski <hel...@mailbox.org> - Provide icon with module (boo#1109310) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/package/yast2-auth-client.spec new/yast2-auth-client-4.1.1/package/yast2-auth-client.spec --- old/yast2-auth-client-4.1.0/package/yast2-auth-client.spec 2018-11-28 12:10:38.000000000 +0100 +++ new/yast2-auth-client-4.1.1/package/yast2-auth-client.spec 2019-02-28 18:57:28.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 4.1.0 +Version: 4.1.1 Release: 0 Url: https://github.com/yast/yast-auth-client Summary: YaST2 - Centralised System Authentication Configuration diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/src/lib/auth/authconf.rb new/yast2-auth-client-4.1.1/src/lib/auth/authconf.rb --- old/yast2-auth-client-4.1.0/src/lib/auth/authconf.rb 2018-11-28 12:10:38.000000000 +0100 +++ new/yast2-auth-client-4.1.1/src/lib/auth/authconf.rb 2019-02-28 18:57:28.000000000 +0100 @@ -41,7 +41,7 @@ # Clear all configuration objects. def clear # Kerberos configuration - @krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realms' => {}, 'logging' => {}} + @krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realm' => {}, 'logging' => {}} @krb_pam = false # LDAP configuration (/etc/ldap.conf) @ldap_conf = {} @@ -524,14 +524,14 @@ end # Write LDAP config file and correct its permission and ownerships ldap_conf = File.new('/etc/ldap.conf', 'w') - ldap_conf.chmod(644) + ldap_conf.chmod(0644) ldap_conf.chown(0, 0) ldap_conf.write(ldap_make_conf) ldap_conf.close # If automount is enabled, overwrite openldap's ldap.conf as well. if @ldap_nss.include?('automount') ldap_conf = File.new('/etc/openldap/ldap.conf', 'w') - ldap_conf.chmod(644) + ldap_conf.chmod(0644) ldap_conf.chown(0, 0) ldap_conf.write(ldap_make_conf) ldap_conf.close @@ -674,7 +674,7 @@ # Make sure the Kerberos configuration has all the necessary keys. def krb_lint_conf - ['libdefaults', 'realms', 'domain_realms', 'logging'].each { |key| + ['libdefaults', 'realms', 'domain_realm', 'logging'].each { |key| @krb_conf[key] = {} if @krb_conf[key].nil? } @krb_conf['include'] = [] if @krb_conf['include'].nil? @@ -794,10 +794,10 @@ end @krb_conf['realms'][realm_name].merge!("kdc" => kdc_addr, "admin_server" => admin_addr) if make_domain_realms - @krb_conf['domain_realms'].merge!(".#{realm_name.downcase}" => realm_name, "#{realm_name.downcase}" => realm_name) + @krb_conf['domain_realm'].merge!(".#{realm_name.downcase}" => realm_name, "#{realm_name.downcase}" => realm_name) else - @krb_conf['domain_realms'].delete(".#{realm_name.downcase}") - @krb_conf['domain_realms'].delete("#{realm_name.downcase}") + @krb_conf['domain_realm'].delete(".#{realm_name.downcase}") + @krb_conf['domain_realm'].delete("#{realm_name.downcase}") end if make_default || @krb_conf['libdefaults']['default_realm'].to_s == '' @krb_conf['libdefaults']['default_realm'] = realm_name diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/src/lib/auth/krbparse.rb new/yast2-auth-client-4.1.1/src/lib/auth/krbparse.rb --- old/yast2-auth-client-4.1.0/src/lib/auth/krbparse.rb 2018-11-28 12:10:38.000000000 +0100 +++ new/yast2-auth-client-4.1.1/src/lib/auth/krbparse.rb 2019-02-28 18:57:28.000000000 +0100 @@ -26,7 +26,7 @@ long_attr1 = '' long_attr2 = '' sect = '' - new_krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realms' => {}, 'logging' => {}} + new_krb_conf = {'include' => [], 'libdefaults' => {}, 'realms' => {}, 'domain_realm' => {}, 'logging' => {}} # Break down sections and key-value pairs krb_conf_text.split(/\n/).each{ |line| # Throw away comment @@ -45,6 +45,16 @@ if sect_match # remember current section sect = sect_match[1] + # Bug 1122026: krb5.conf sections can have a variable amount + # of characters appended to the name, and still be valid. + # domain_realm for example could have an 's' appended, but + # is not the documented section title. + new_krb_conf.each { |k, v| + if sect_match[1].start_with?(k) + sect = k + break + end + } next end # Remember expanded attribute diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/src/lib/authui/ldapkrb/edit_realm_dialog.rb new/yast2-auth-client-4.1.1/src/lib/authui/ldapkrb/edit_realm_dialog.rb --- old/yast2-auth-client-4.1.0/src/lib/authui/ldapkrb/edit_realm_dialog.rb 2018-11-28 12:10:38.000000000 +0100 +++ new/yast2-auth-client-4.1.1/src/lib/authui/ldapkrb/edit_realm_dialog.rb 2019-02-28 18:57:28.000000000 +0100 @@ -51,9 +51,9 @@ VBox( InputField(Id(:realm_name), Opt(:hstretch), _('Realm name'), @realm_name.to_s), CheckBox(Id(:map_domain), Opt(:hstretch), _('Map Domain Name to the Realm (example.com -> EXAMPLE.COM)'), - !@realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realms', @realm_name.downcase], nil).nil?), + !@realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realm', @realm_name.downcase], nil).nil?), CheckBox(Id(:map_wildcard_domain), Opt(:hstretch), _('Map Wild Card Domain Name to the Realm (*.example.com -> EXAMPLE.COM)'), - !@realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realms', ".#{@realm_name.downcase}"], nil).nil?), + !@realm_name.nil? && !AuthConfInst.krb_conf_get(['domain_realm', ".#{@realm_name.downcase}"], nil).nil?), VSpacing(1.0), InputField(Id(:admin_server), Opt(:hstretch), _('Host Name of Administration Server (Optional)'), AuthConfInst.krb_conf_get(['realms', @realm_name, 'admin_server'], '')), @@ -142,9 +142,9 @@ if AuthConfInst.krb_conf['libdefaults']['default_realm'] == @realm_name AuthConfInst.krb_conf['libdefaults']['default_realm'] = input_realm_name end - domains = AuthConfInst.krb_conf['domain_realms'].select{ |_, realm| realm == @realm_name}.keys - domains.each {|domain| AuthConfInst.krb_conf['domain_realms'].delete(domain)} - domains.each {|domain| AuthConfInst.krb_conf['domain_realms'][domain] = input_realm_name} + domains = AuthConfInst.krb_conf['domain_realm'].select{ |_, realm| realm == @realm_name}.keys + domains.each {|domain| AuthConfInst.krb_conf['domain_realm'].delete(domain)} + domains.each {|domain| AuthConfInst.krb_conf['domain_realm'][domain] = input_realm_name} end # Create new realm if !AuthConfInst.krb_conf['realms'].include?(input_realm_name) @@ -156,14 +156,14 @@ realm_conf['master_kdc'] = UI.QueryWidget(Id(:master_kdc), :Value) realm_conf['kdc'] = UI.QueryWidget(Id(:kdc), :Items).map{|item| item[1]} if UI.QueryWidget(Id(:map_domain), :Value) - AuthConfInst.krb_conf['domain_realms'][input_realm_name.downcase] = input_realm_name + AuthConfInst.krb_conf['domain_realm'][input_realm_name.downcase] = input_realm_name else - AuthConfInst.krb_conf['domain_realms'].delete(input_realm_name.downcase) + AuthConfInst.krb_conf['domain_realm'].delete(input_realm_name.downcase) end if UI.QueryWidget(Id(:map_wildcard_domain), :Value) - AuthConfInst.krb_conf['domain_realms'][".#{input_realm_name.downcase}"] = input_realm_name + AuthConfInst.krb_conf['domain_realm'][".#{input_realm_name.downcase}"] = input_realm_name else - AuthConfInst.krb_conf['domain_realms'].delete(".#{input_realm_name.downcase}") + AuthConfInst.krb_conf['domain_realm'].delete(".#{input_realm_name.downcase}") end realm_conf['auth_to_local'] = UI.QueryWidget(Id(:auth_to_local), :Items).map{|item| item[1]} realm_conf['auth_to_local_names'] = Hash[*UI.QueryWidget(Id(:auth_to_local_names), :Items).map{|item| [item[1], item[2]]}.flatten] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/src/lib/authui/ldapkrb/main_dialog.rb new/yast2-auth-client-4.1.1/src/lib/authui/ldapkrb/main_dialog.rb --- old/yast2-auth-client-4.1.0/src/lib/authui/ldapkrb/main_dialog.rb 2018-11-28 12:10:38.000000000 +0100 +++ new/yast2-auth-client-4.1.1/src/lib/authui/ldapkrb/main_dialog.rb 2019-02-28 18:57:28.000000000 +0100 @@ -200,7 +200,7 @@ redo end if Popup.YesNo(_('Are you sure to delete realm %s?') % [realm_name]) - AuthConfInst.krb_conf['domain_realms'].delete_if{ |_, domain_realm| domain_realm == realm_name} + AuthConfInst.krb_conf['domain_realm'].delete_if{ |_, domain_realm| domain_realm == realm_name} if UI.QueryWidget(Id(:krb_default_realm), :Value) == realm_name UI.ChangeWidget(Id(:krb_default_realm), :Value, _('(not specified)')) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-4.1.0/test/authconf_test.rb new/yast2-auth-client-4.1.1/test/authconf_test.rb --- old/yast2-auth-client-4.1.0/test/authconf_test.rb 2018-11-28 12:10:38.000000000 +0100 +++ new/yast2-auth-client-4.1.1/test/authconf_test.rb 2019-02-28 18:57:28.000000000 +0100 @@ -183,9 +183,33 @@ "auth_to_local"=>["RULE:[2:$1](johndoe)s/^.*$/guest/"] }, }, - "domain_realms"=>{}, "logging"=>{} + "domain_realm"=>{}, "logging"=>{} }, "pam"=>false) - # The second example is very comprehensive + # The second tests for cruft in the section names + authconf.krb_parse_set(' +[libdefaultsXXXXXXXXX] + default_realm = ABC.ZZZ + +[realmsYYYZZZZXXXXX] + ABC.ZZZ = { + kdc = howie.suse.de + admin_server = howie.suse.de + auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/ + } +') + expect(authconf.krb_export).to eq("conf"=>{ + "include"=>[], + "libdefaults"=>{"default_realm"=>"ABC.ZZZ"}, + "realms"=>{ + "ABC.ZZZ"=>{ + "kdc"=>["howie.suse.de"], + "admin_server"=>"howie.suse.de", + "auth_to_local"=>["RULE:[2:$1](johndoe)s/^.*$/guest/"] + }, + }, + "domain_realm"=>{}, "logging"=>{} + }, "pam"=>false) + # The third example is very comprehensive authconf.krb_parse_set('include a/b/c.d includedir e/f/g.h module i/j/k.l:RESIDUAL @@ -223,7 +247,7 @@ EMPTY.NET = { } -[domain_realms] +[domain_realm] .suse.de = ABC.ZZZ suse.de = ABC.ZZZ @@ -263,7 +287,7 @@ }, "EMPTY.NET"=> {}, }, - "domain_realms"=>{".suse.de"=>"ABC.ZZZ", "suse.de"=>"ABC.ZZZ"}, + "domain_realm"=>{".suse.de"=>"ABC.ZZZ", "suse.de"=>"ABC.ZZZ"}, "logging"=>{"kdc"=>"FILE:/var/log/krb5/krb5kdc.log", "admin_server"=>"FILE:/var/log/krb5/kadmind.log", "default"=>"SYSLOG:NOTICE:DAEMON"}, "dbmodules"=>{ "openldap_ldapconf"=>{ @@ -289,7 +313,7 @@ forwardable = true default_ccache_name = FILE:/tmp/krb5cc_%{uid} -[domain_realms] +[domain_realm] .suse.de = ABC.ZZZ suse.de = ABC.ZZZ @@ -338,7 +362,7 @@ {"ABC.ZZZ"=>{"kdc"=>["howie.suse.de"], "admin_server"=>"howie.suse.de"}, "ABD.ZZZ"=>{"kdc"=>["howie2.suse.de"], "admin_server"=>"howie2.suse.de"}}, "libdefaults"=>{"default_realm"=>"ABC.ZZZ", "forwardable"=>"true"}, - "domain_realms"=>{".suse.de"=>"ABC.ZZZ", "suse.de"=>"ABC.ZZZ"}, + "domain_realm"=>{".suse.de"=>"ABC.ZZZ", "suse.de"=>"ABC.ZZZ"}, "logging"=> {"kdc"=>"FILE:/var/log/krb5/krb5kdc.log", "admin_server"=>"FILE:/var/log/krb5/kadmind.log", @@ -351,7 +375,7 @@ conf = {"conf"=> {"realms"=>{}, "libdefaults"=>{}, - "domain_realms"=>{}, + "domain_realm"=>{}, "logging"=> {"kdc"=>"FILE:/var/log/krb5/krb5kdc.log", "admin_server"=>"FILE:/var/log/krb5/kadmind.log", @@ -363,7 +387,7 @@ {"realms"=> {"ABC.ZZZ"=>{"kdc"=>"howie.suse.de", "admin_server"=>"howie2.suse.de"}}, "libdefaults"=>{"default_realm"=>"ABC.ZZZ"}, - "domain_realms"=>{".abc.zzz"=>"ABC.ZZZ", "abc.zzz"=>"ABC.ZZZ"}, + "domain_realm"=>{".abc.zzz"=>"ABC.ZZZ", "abc.zzz"=>"ABC.ZZZ"}, "logging"=> {"kdc"=>"FILE:/var/log/krb5/krb5kdc.log", "admin_server"=>"FILE:/var/log/krb5/kadmind.log", @@ -374,7 +398,7 @@ {"realms"=> {"ABC.ZZZ"=>{"kdc"=>"3.suse.de", "admin_server"=>"4.suse.de"}}, "libdefaults"=>{"default_realm"=>"ABC.ZZZ"}, - "domain_realms"=>{}, + "domain_realm"=>{}, "logging"=> {"kdc"=>"FILE:/var/log/krb5/krb5kdc.log", "admin_server"=>"FILE:/var/log/krb5/kadmind.log",
