Hello community,
here is the log from the commit of package yast2-auth-server for
openSUSE:Factory checked in at 2020-07-21 15:46:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-auth-server (Old)
and /work/SRC/openSUSE:Factory/.yast2-auth-server.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-server"
Tue Jul 21 15:46:09 2020 rev:23 rq:821054 version:4.2.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-auth-server/yast2-auth-server.changes
2019-08-27 10:16:32.347958937 +0200
+++
/work/SRC/openSUSE:Factory/.yast2-auth-server.new.3592/yast2-auth-server.changes
2020-07-21 15:48:03.892123162 +0200
@@ -1,0 +2,8 @@
+Mon Jul 13 11:39:36 UTC 2020 - José Iván López González <[email protected]>
+
+- Use available kdb5_ldap_util binary (either at /usr/lib/mit/sbin
+ or /usr/sbin).
+- Related to bsc#1174078.
+- 4.2.4
+
+-------------------------------------------------------------------
Old:
----
yast2-auth-server-4.2.3.tar.bz2
New:
----
yast2-auth-server-4.2.4.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-auth-server.spec ++++++
--- /var/tmp/diff_new_pack.iAhuHk/_old 2020-07-21 15:48:04.884124388 +0200
+++ /var/tmp/diff_new_pack.iAhuHk/_new 2020-07-21 15:48:04.888124394 +0200
@@ -1,7 +1,7 @@
#
# spec file for package yast2-auth-server
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
Summary: A tool for creating identity management server instances
License: GPL-2.0-or-later
Group: System/YaST
-Version: 4.2.3
+Version: 4.2.4
Release: 0
Url: https://github.com/yast/yast-auth-server
++++++ yast2-auth-server-4.2.3.tar.bz2 -> yast2-auth-server-4.2.4.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.2.3/package/yast2-auth-server.changes
new/yast2-auth-server-4.2.4/package/yast2-auth-server.changes
--- old/yast2-auth-server-4.2.3/package/yast2-auth-server.changes
2019-08-22 17:03:51.000000000 +0200
+++ new/yast2-auth-server-4.2.4/package/yast2-auth-server.changes
2020-07-15 10:28:11.000000000 +0200
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Mon Jul 13 11:39:36 UTC 2020 - José Iván López González <[email protected]>
+
+- Use available kdb5_ldap_util binary (either at /usr/lib/mit/sbin
+ or /usr/sbin).
+- Related to bsc#1174078.
+- 4.2.4
+
+-------------------------------------------------------------------
Thu Aug 22 16:16:07 CEST 2019 - [email protected]
- Using rb_default_ruby_abi tag in the spec file in order to
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.2.3/package/yast2-auth-server.spec
new/yast2-auth-server-4.2.4/package/yast2-auth-server.spec
--- old/yast2-auth-server-4.2.3/package/yast2-auth-server.spec 2019-08-22
17:03:51.000000000 +0200
+++ new/yast2-auth-server-4.2.4/package/yast2-auth-server.spec 2020-07-15
10:28:11.000000000 +0200
@@ -18,7 +18,7 @@
Name: yast2-auth-server
Group: System/YaST
Summary: A tool for creating identity management server instances
-Version: 4.2.3
+Version: 4.2.4
Release: 0
License: GPL-2.0-or-later
Url: https://github.com/yast/yast-auth-server
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-auth-server-4.2.3/src/lib/authserver/krb/mit.rb
new/yast2-auth-server-4.2.4/src/lib/authserver/krb/mit.rb
--- old/yast2-auth-server-4.2.3/src/lib/authserver/krb/mit.rb 2019-08-22
17:03:51.000000000 +0200
+++ new/yast2-auth-server-4.2.4/src/lib/authserver/krb/mit.rb 2020-07-15
10:28:11.000000000 +0200
@@ -18,6 +18,12 @@
include Yast
include Yast::Logger
+ # @see .kdb5_ldap_util_path
+ OLD_KDB5_LDAP_UTIL = "/usr/lib/mit/sbin/kdb5_ldap_util".freeze
+ KDB5_LDAP_UTIL = "/usr/sbin/kdb5_ldap_util".freeze
+
+ private_constant :OLD_KDB5_LDAP_UTIL, :KDB5_LDAP_UTIL
+
# install_pkgs installs software packages mandatory for setting up MIT
Kerberos server.
def self.install_pkgs
Yast.import 'Package'
@@ -92,7 +98,8 @@
# save_password_into_file saves a password into a password stash file for
KDC to consume.
# Returns tuple of command output and boolean (success or not).
def self.save_password_into_file(dn, pass, file_path)
- stdin, stdouterr, result =
Open3.popen2e('/usr/lib/mit/sbin/kdb5_ldap_util', 'stashsrvpw', '-f',
file_path, '-w', pass, dn)
+ stdin, stdouterr, result = kdb5_ldap_util('stashsrvpw', '-f', file_path,
'-w', pass, dn)
+
# The utility asks for password input and repeat to verify
stdin.puts(pass)
stdin.puts(pass)
@@ -108,9 +115,13 @@
# init_dir uses kerberos LDAP utility to prepare a directory server for
kerberos operation.
# Returns tuple of command output and boolean (success or not).
def self.init_dir(ldaps_addr, dir_admin_dn, dir_admin_pass, realm_name,
container_dn, master_pass)
- log.info( ['/usr/lib/mit/sbin/kdb5_ldap_util', '-H',
'ldaps://'+ldaps_addr, '-D', dir_admin_dn, '-w', '********', 'create', '-r',
realm_name, '-subtrees', container_dn, '-s', '-P', '********'].join(' '))
- stdin, stdouterr, result =
Open3.popen2e('/usr/lib/mit/sbin/kdb5_ldap_util', '-H', 'ldaps://'+ldaps_addr,
'-D', dir_admin_dn, '-w', dir_admin_pass, 'create', '-r', realm_name,
'-subtrees', container_dn, '-s', '-P', master_pass)
+ log_args = init_dir_args(ldaps_addr, dir_admin_dn, "********", realm_name,
container_dn, "********")
+ log.info(kdb5_ldap_util_path + " " + log_args.join(" "))
+
+ args = init_dir_args(ldaps_addr, dir_admin_dn, dir_admin_pass, realm_name,
container_dn, master_pass)
+ stdin, stdouterr, result = kdb5_ldap_util(*args)
stdin.close
+
return [stdouterr.readlines.join('\n'), result.value.exitstatus == 0]
end
@@ -130,4 +141,47 @@
def self.append_to_log(content)
log.info(content)
end
+
+ private
+
+ # Runs kdb5_ldap_util with the given arguments
+ #
+ # @params args [Array<String>] list of arguments passed to kdb5_ldap_util
binary
+ # @return [Array(IO, IO, Process::Waiter)] i.e., [stdin, stdouterr, result]
+ def self.kdb5_ldap_util(*args)
+ Open3.popen2e(kdb5_ldap_util_path, *args)
+ end
+
+ # Path to the kdb5_ldap_util binary
+ #
+ # Note that the lastest kbr5 package provides the kdb5_ldap_util binary at
/usr/sbin, but older kbr5
+ # uses the /usr/lib/mit/sbin path. This method checks which one is available
in the system.
+ #
+ # @return [String]
+ def self.kdb5_ldap_util_path
+ File.exist?(KDB5_LDAP_UTIL) ? KDB5_LDAP_UTIL : OLD_KDB5_LDAP_UTIL
+ end
+
+ # Arguments to use when initializing a dir
+ #
+ # @see .init_dir
+ #
+ # @param ldaps_addr [String]
+ # @param dir_admin_dn [String]
+ # @param dir_admin_pass [String]
+ # @param realm_name [String]
+ # @param container_dn [String]
+ # @param master_pass [String]
+ #
+ # @return [Array<String>] list of arguments
+ def self.init_dir_args(ldaps_addr, dir_admin_dn, dir_admin_pass, realm_name,
container_dn, master_pass)
+ [
+ '-H', 'ldaps://'+ldaps_addr,
+ '-D', dir_admin_dn,
+ '-w', dir_admin_pass,
+ 'create', '-r', realm_name,
+ '-subtrees', container_dn,
+ '-s', '-P', master_pass
+ ]
+ end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-auth-server-4.2.3/test/krb_test.rb
new/yast2-auth-server-4.2.4/test/krb_test.rb
--- old/yast2-auth-server-4.2.3/test/krb_test.rb 2019-08-22
17:03:51.000000000 +0200
+++ new/yast2-auth-server-4.2.4/test/krb_test.rb 2020-07-15
10:28:11.000000000 +0200
@@ -75,4 +75,108 @@
'
expect(MITKerberos.gen_kdc_conf('EXAMPLE.COM', 'cn=kdc', 'cn=adm',
'cn=container', '/pass', 'dir.example.net')).to eq(match)
end
-end
\ No newline at end of file
+
+ shared_context "kdb5_ldap_util mock" do
+ before do
+ allow(File).to receive(:exist?).and_call_original
+ allow(File).to
receive(:exist?).with("/usr/lib/mit/sbin/kdb5_ldap_util").and_return(old_path)
+ allow(File).to
receive(:exist?).with("/usr/sbin/kdb5_ldap_util").and_return(!old_path)
+
+ allow(File).to receive(:chmod)
+
+ allow(Open3).to receive(:popen2e).and_return([stdin, stdouterr, waiter])
+ end
+
+ let(:stdin) { instance_double(IO, puts: true, close: true) }
+
+ let(:stdouterr) { instance_double(IO, readlines: outerr) }
+
+ let(:waiter) { instance_double(Process::Waiter, value: status) }
+
+ let(:status) { instance_double(Process::Status, exitstatus: exitstatus) }
+
+ let(:outerr) { [] }
+
+ let(:exitstatus) { 0 }
+
+ let(:old_path) { false }
+ end
+
+ shared_examples "kdb5_ldap_util" do |method, *args|
+ context "when the kdb5_ldap_util is found in /usr/sbin" do
+ let(:old_path) { false }
+
+ it "calls kdb5_ldap_util from /usr/sbin" do
+ expect(Open3).to receive(:popen2e).with("/usr/sbin/kdb5_ldap_util",
any_args)
+
+ MITKerberos.send(method, *args)
+ end
+ end
+
+ context "when the kdb5_ldap_util is not found in /usr/sbin" do
+ let(:old_path) { true }
+
+ it "calls kdb5_ldap_util from /usr/lib/mit/sbin" do
+ expect(Open3).to
receive(:popen2e).with("/usr/lib/mit/sbin/kdb5_ldap_util", any_args)
+
+ MITKerberos.send(method, *args)
+ end
+ end
+
+ context "on success" do
+ let(:outerr) { ["message1", "error1"] }
+
+ let(:exitstatus) { 0 }
+
+ it "returns stdouterr and true" do
+ result = MITKerberos.send(method, *args)
+
+ expect(result).to eq(["message1\\nerror1", true])
+ end
+ end
+
+ context "on failure" do
+ let(:outerr) { ["message1", "error1"] }
+
+ let(:exitstatus) { 1 }
+
+ it "returns stdouterr and false" do
+ result = MITKerberos.send(method, *args)
+
+ expect(result).to eq(["message1\\nerror1", false])
+ end
+ end
+ end
+
+ describe ".save_password_into_file" do
+ include_context "kdb5_ldap_util mock"
+
+ it "calls kdb5_ldap_util with correct arguments" do
+ expect(Open3).to receive(:popen2e)
+ .with(/kdb5_ldap_util/, "stashsrvpw", "-f", "path/to/file", "-w",
"pass", "example")
+
+ MITKerberos.save_password_into_file("example", "pass", "path/to/file")
+ end
+
+ include_examples "kdb5_ldap_util", :save_password_into_file, "example",
"pass", "path/to/file"
+ end
+
+ describe ".init_dir" do
+ include_context "kdb5_ldap_util mock"
+
+ it "calls kdb5_ldap_util with correct arguments" do
+ expect(Open3).to receive(:popen2e)
+ .with(/kdb5_ldap_util/,
+ "-H", "ldaps://addr",
+ "-D", "dn",
+ "-w", "a_pass",
+ "create", "-r", "name",
+ "-subtrees", "c_dn",
+ "-s", "-P", "m_pass")
+
+ MITKerberos.init_dir("addr", "dn", "a_pass", "name", "c_dn", "m_pass")
+ end
+
+ include_examples "kdb5_ldap_util", :init_dir, "addr", "dn", "a_pass",
"name", "c_dn", "m_pass"
+ end
+end
