[SSSD] [sssd PR#26] KRB5: Fixing FQ name of user in krb5_setup() (-Changes requested)
celestian's pull request #26: "KRB5: Fixing FQ name of user in krb5_setup()" label *Changes requested* has been removed See the full pull-request at https://github.com/SSSD/sssd/pull/26 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] SPEC: Rename python packages using macro %python_provide
On (15/09/16 14:08), Lukas Slebodnik wrote: >On (05/07/16 13:39), Lukas Slebodnik wrote: >>ehlo, >> >>SSSD python packages were renamed in fedora few months ago. >> python-* -> python2-* >>But we didn't rename packages in upstream spec file and therefore >>upgrade from fedora 24 -> sssd master is not possible. >> >>Attached patch shoudl fix the issue. >> >>BTW here are provides and obsoletes for current master >> sh$ rpm -qp --provides python-libipa_hbac-1.13.92-0.fc24.x86_64.rpm >> libipa_hbac-python = 1.13.92-0.fc24 >> python-libipa_hbac = 1.13.92-0.fc24 >> python-libipa_hbac(x86-64) = 1.13.92-0.fc24 >> >> sh$ rpm -qp --obsoletes python-libipa_hbac-1.13.92-0.fc24.x86_64.rpm >> libipa_hbac-python < 1.12.90 >> >>and after renaming >> sh$ rpm -qp --provides python2-libipa_hbac-1.13.92-0.el6.x86_64.rpm >> libipa_hbac-python = 1.13.92-0.el6 >> python-libipa_hbac = 1.13.92-0.el6 >> python2-libipa_hbac = 1.13.92-0.el6 >> python2-libipa_hbac(x86-64) = 1.13.92-0.el6 >> >> sh$ rpm -qp --obsoletes python2-libipa_hbac-1.13.92-0.el6.x86_64.rpm >> libipa_hbac-python < 1.12.90 >> python-libipa_hbac < 1.13.92-0.el6 >> > >Attached is an updated patch. > >http://sssd-ci.duckdns.org/logs-test/job/4/51/summary.html > I sent wrong patch in previous mail. LS From 60f504d1123a3458a85797b7063cfee8202e5cf4 Mon Sep 17 00:00:00 2001 From: Lukas SlebodnikDate: Wed, 14 Sep 2016 14:31:29 +0200 Subject: [PATCH] SPEC: Rename python packages using macro %python_provide Fedora and epel contains macro %python_provide for simpler renaming of python packages. It will generate correct provides and obsoletes. --- contrib/sssd.spec.in | 90 1 file changed, 70 insertions(+), 20 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 1f79ca7cd0a56dc1ab9c951abe11dc216ef3ad03..a0937d54903002521f07fb012742eb11f2584c54 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -11,6 +11,46 @@ %{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %endif +%{!?python_provide: %global need_python_provide 1} +%if 0%{?need_python_provide} +%define python_provide() %{lua: +function string.starts(String, Start) +return string.sub(String, 1, string.len(Start)) == Start +end +package = rpm.expand("%{?1:%{1}}"); +vr = rpm.expand("%{?epoch:%{epoch}:}%{version}-%{release}") +if (string.starts(package, "python2-")) then +if (rpm.expand("%{?buildarch}") ~= "noarch") then +str = "Provides: python-" .. + string.sub(package, 9, string.len(package)) .. + "%{?_isa} = " .. vr; +print(rpm.expand(str)); +end +print("\\nProvides: python-"); +print(string.sub(package, 9, string.len(package))); +print(" = "); +print(vr); +--Obsoleting the previous default python package +if (rpm.expand("%{?buildarch}") ~= "noarch") then +str = "\\nObsoletes: python-" .. + string.sub(package, 9, string.len(package)) .. + "%{?_isa} < " .. vr; +print(rpm.expand(str)); +end +print("\\nObsoletes: python-"); +print(string.sub(package, 9, string.len(package))); +print(" < "); +print(vr); +elseif (string.starts(package, "python3-")) then +--No unversioned provides as python3 is not default +else +print("%python_provide: ERROR: "); +print(package); +print(" not recognized."); +end +} +%endif + # Fedora and RHEL 6+ # we don't want to provide private python extension libs %define __provides_exclude_from %{python2_sitearch}/.*\.so$ @@ -95,7 +135,7 @@ Requires: sssd-proxy = %{version}-%{release} %if (0%{?with_python3} == 1) Requires: python3-sssdconfig = %{version}-%{release} %else -Requires: python-sssdconfig = %{version}-%{release} +Requires: python2-sssdconfig = %{version}-%{release} %endif %global servicename sssd @@ -253,8 +293,8 @@ Requires: sssd-common = %{version}-%{release} Requires: python3-sss = %{version}-%{release} Requires: python3-sssdconfig = %{version}-%{release} %else -Requires: python-sss = %{version}-%{release} -Requires: python-sssdconfig = %{version}-%{release} +Requires: python2-sss = %{version}-%{release} +Requires: python2-sssdconfig = %{version}-%{release} %endif %description tools @@ -267,13 +307,14 @@ Also provides several other administrative tools: * sss_obfuscate for generating an obfuscated LDAP password * sssctl -- an sssd status and control utility -%package -n python-sssdconfig
[SSSD] [sssd PR#26] KRB5: Fixing FQ name of user in krb5_setup() (synchronize)
celestian's pull request #26: "KRB5: Fixing FQ name of user in krb5_setup()" was synchronize See the full pull-request at https://github.com/SSSD/sssd/pull/26 ... or pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/26/head:pr26 git checkout pr26 From 2e6684fb70896ab05ce34ff20463a38db9c2ce1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Thu, 15 Sep 2016 09:54:18 -0400 Subject: [PATCH 1/2] MAKEFILE: Fixing CFLAGS at ad_common_tests --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index f89af5a..d1d31de 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2468,6 +2468,7 @@ ad_common_tests_SOURCES = \ src/providers/ldap/sdap_async_initgroups_ad.c \ $(NULL) ad_common_tests_CFLAGS = \ +$(AM_CFLAGS) \ $(NDR_NBT_CFLAGS) \ $(NDR_KRB5PAC_CFLAGS) \ $(NULL) From 37f2cf253759f83c7bd42d577a2fd1a9c76100d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?= Date: Wed, 14 Sep 2016 09:00:06 -0400 Subject: [PATCH 2/2] KRB5: Fixing FQ name of user in krb5_setup() This patch fixes creation of FQ username if krb5_map_user option ise used. Resolves: https://fedorahosted.org/sssd/ticket/3188 --- src/providers/krb5/krb5_init_shared.c | 1 + src/providers/krb5/krb5_utils.c | 17 - src/providers/krb5/krb5_utils.h | 4 +++- src/tests/krb5_utils-tests.c | 33 - 4 files changed, 40 insertions(+), 15 deletions(-) diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c index 767291c..c8fd859 100644 --- a/src/providers/krb5/krb5_init_shared.c +++ b/src/providers/krb5/krb5_init_shared.c @@ -94,6 +94,7 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, ret = parse_krb5_map_user(krb5_auth_ctx, dp_opt_get_cstring(krb5_auth_ctx->opts, KRB5_MAP_USER), + bectx->domain->name, _auth_ctx->name_to_primary); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "parse_krb5_map_user failed: %s:[%d]\n", diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 0ac60da..1fc4f2b 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -521,7 +521,9 @@ fill_name_to_primary_map(TALLOC_CTX *mem_ctx, char **map, } errno_t -parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user, +parse_krb5_map_user(TALLOC_CTX *mem_ctx, +const char *krb5_map_user, +const char *dom_name, struct map_id_name_to_krb_primary **_name_to_primary) { int size; @@ -529,6 +531,7 @@ parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user, errno_t ret; TALLOC_CTX *tmp_ctx; struct map_id_name_to_krb_primary *name_to_primary; +char *fq_name; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -570,6 +573,18 @@ parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user, } } +/* conversion names to fully-qualified names */ +for (int i = 0; i < size; i++) { +fq_name = sss_create_internal_fqname(tmp_ctx, + name_to_primary[i].id_name, + dom_name); +name_to_primary[i].id_name = talloc_strdup(name_to_primary, fq_name); + +fq_name = sss_create_internal_fqname(tmp_ctx, + name_to_primary[i].krb_primary, + dom_name); +name_to_primary[i].krb_primary = talloc_strdup(name_to_primary, fq_name); +} ret = EOK; done: diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index 75b93c3..3051a99 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -51,7 +51,9 @@ errno_t get_domain_or_subdomain(struct be_ctx *be_ctx, struct sss_domain_info **dom); errno_t -parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user, +parse_krb5_map_user(TALLOC_CTX *mem_ctx, +const char *krb5_map_user, +const char *dom_name, struct map_id_name_to_krb_primary **_name_to_primary); #endif /* __KRB5_UTILS_H__ */ diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index 515a194..6d03a30 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -614,25 +614,25 @@ START_TEST(test_parse_krb5_map_user) /* empty input */ { check_leaks_push(mem_ctx); -ret = parse_krb5_map_user(mem_ctx, NULL, _to_primary); +ret = parse_krb5_map_user(mem_ctx, NULL, DOMAIN_NAME, _to_primary); fail_unless(ret == EOK);
[SSSD] [sssd PR#26] KRB5: Fixing FQ name of user in krb5_setup() (comment)
celestian commented on a pull request """ http://sssd-ci.duckdns.org/logs/job/53/43/summary.html So, it is problem with cflags in test. I will send patch soon. """ See the full comment at https://github.com/SSSD/sssd/pull/26#issuecomment-24735 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] Re: [PATCH] SPEC: Rename python packages using macro %python_provide
On (05/07/16 13:39), Lukas Slebodnik wrote: >ehlo, > >SSSD python packages were renamed in fedora few months ago. > python-* -> python2-* >But we didn't rename packages in upstream spec file and therefore >upgrade from fedora 24 -> sssd master is not possible. > >Attached patch shoudl fix the issue. > >BTW here are provides and obsoletes for current master > sh$ rpm -qp --provides python-libipa_hbac-1.13.92-0.fc24.x86_64.rpm > libipa_hbac-python = 1.13.92-0.fc24 > python-libipa_hbac = 1.13.92-0.fc24 > python-libipa_hbac(x86-64) = 1.13.92-0.fc24 > > sh$ rpm -qp --obsoletes python-libipa_hbac-1.13.92-0.fc24.x86_64.rpm > libipa_hbac-python < 1.12.90 > >and after renaming > sh$ rpm -qp --provides python2-libipa_hbac-1.13.92-0.el6.x86_64.rpm > libipa_hbac-python = 1.13.92-0.el6 > python-libipa_hbac = 1.13.92-0.el6 > python2-libipa_hbac = 1.13.92-0.el6 > python2-libipa_hbac(x86-64) = 1.13.92-0.el6 > > sh$ rpm -qp --obsoletes python2-libipa_hbac-1.13.92-0.el6.x86_64.rpm > libipa_hbac-python < 1.12.90 > python-libipa_hbac < 1.13.92-0.el6 > Attached is an updated patch. http://sssd-ci.duckdns.org/logs-test/job/4/51/summary.html LS From e6dc3ae717f88c6887bde75d4f1ed0097d78 Mon Sep 17 00:00:00 2001 From: Lukas SlebodnikDate: Wed, 14 Sep 2016 14:31:29 +0200 Subject: [PATCH] SPEC: Rename python packages using macro %python_provide Fedora and epel contains macro %python_provide for simpler renaming of python packages. It will generate correct provides and obsoletes. --- contrib/sssd.spec.in | 86 1 file changed, 66 insertions(+), 20 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 1f79ca7cd0a56dc1ab9c951abe11dc216ef3ad03..523416d20dd087fc30eb4d5d8b79bb1e6195c57c 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -11,6 +11,42 @@ %{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %endif +%{!?python_provide: %global need_python_provide 1} +%if 0%{?need_python_provide} +%define python_provide() %{lua:\ +function string.starts(String,Start)\ +return string.sub(String,1,string.len(Start))==Start\ +end\ +package = rpm.expand("%{?1:%{1}}");\ +vr = rpm.expand("%{?epoch:%{epoch}:}%{version}-%{release}") +if (string.starts(package, "python2-")) then\ +if (rpm.expand("%{?buildarch}") ~= "noarch") then\ +str = "Provides: python-" .. string.sub(package,9,string.len(package)) .. "%{?_isa} = " .. vr;\ +print(rpm.expand(str));\ +end\ +print("\\nProvides: python-");\ +print(string.sub(package,9,string.len(package)));\ +print(" = ");\ +print(vr);\ +--Obsoleting the previous default python package\ +if (rpm.expand("%{?buildarch}") ~= "noarch") then\ +str = "\\nObsoletes: python-" .. string.sub(package,9,string.len(package)) .. "%{?_isa} < " .. vr;\ +print(rpm.expand(str));\ +end\ +print("\\nObsoletes: python-");\ +print(string.sub(package,9,string.len(package)));\ +print(" < ");\ +print(vr);\ +elseif (string.starts(package, "python3-")) then\ +--No unversioned provides as python3 is not default\ +else\ +print("%python_provide: ERROR: ");\ +print(package);\ +print(" not recognized.");\ +end\ +} +%endif + # Fedora and RHEL 6+ # we don't want to provide private python extension libs %define __provides_exclude_from %{python2_sitearch}/.*\.so$ @@ -95,7 +131,7 @@ Requires: sssd-proxy = %{version}-%{release} %if (0%{?with_python3} == 1) Requires: python3-sssdconfig = %{version}-%{release} %else -Requires: python-sssdconfig = %{version}-%{release} +Requires: python2-sssdconfig = %{version}-%{release} %endif %global servicename sssd @@ -253,8 +289,8 @@ Requires: sssd-common = %{version}-%{release} Requires: python3-sss = %{version}-%{release} Requires: python3-sssdconfig = %{version}-%{release} %else -Requires: python-sss = %{version}-%{release} -Requires: python-sssdconfig = %{version}-%{release} +Requires: python2-sss = %{version}-%{release} +Requires: python2-sssdconfig = %{version}-%{release} %endif %description tools @@ -267,13 +303,14 @@ Also provides several other administrative tools: * sss_obfuscate for generating an obfuscated LDAP password * sssctl -- an sssd status and control utility -%package -n python-sssdconfig +%package -n python2-sssdconfig Summary: SSSD and IPA configuration file manipulation classes and functions Group: Applications/System License: GPLv3+ BuildArch: noarch +%{python_provide python2-sssdconfig}
[SSSD] [sssd PR#26] KRB5: Fixing FQ name of user in krb5_setup() (comment)
celestian commented on a pull request """ I pushed patch to our CI, we will see result soon. """ See the full comment at https://github.com/SSSD/sssd/pull/26#issuecomment-247304195 ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#26] KRB5: Fixing FQ name of user in krb5_setup() (synchronize)
celestian's pull request #26: "KRB5: Fixing FQ name of user in krb5_setup()" was synchronize See the full pull-request at https://github.com/SSSD/sssd/pull/26 ... or pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/26/head:pr26 git checkout pr26 From df941b967a035b0e9a653f11388f477d726446dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?=Date: Wed, 14 Sep 2016 09:00:06 -0400 Subject: [PATCH] KRB5: Fixing FQ name of user in krb5_setup() This patch fixes creation of FQ username if krb5_map_user option ise used. Resolves: https://fedorahosted.org/sssd/ticket/3188 --- src/providers/krb5/krb5_auth.c | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index f0f2280..38dacd1 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -182,6 +182,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, { struct krb5child_req *kr; const char *mapped_name; +char *short_user_name; TALLOC_CTX *tmp_ctx; errno_t ret; @@ -202,11 +203,22 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, kr->pd = pd; kr->krb5_ctx = krb5_ctx; -ret = get_krb_primary(krb5_ctx->name_to_primary, - pd->user, dom->case_sensitive, _name); +/* The internal username is qualified, but we are only interested in + * the name part in get_krb_primary() + */ +ret = sss_parse_internal_fqname(tmp_ctx, pd->user, _user_name, NULL); +if (ret != EOK) { +DEBUG(SSSDBG_OP_FAILURE, + "Could not parse [%s] into name and " + "domain components, login might fail\n", pd->user); +short_user_name = talloc_strdup(tmp_ctx, pd->user); +} + +ret = get_krb_primary(krb5_ctx->name_to_primary, short_user_name, + dom->case_sensitive, _name); if (ret == EOK) { DEBUG(SSSDBG_TRACE_FUNC, "Setting mapped name to: %s\n", mapped_name); -kr->user = mapped_name; +kr->user = sss_create_internal_fqname(kr, mapped_name, dom->name); kr->kuserok_user = mapped_name; } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_ALL, "No mapping for: %s\n", pd->user); ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org