rpms/authselect
6
0
Fork 0
Code Issues Pull Requests Releases Activity

new upstream release (1.0.1)

Browse Source
This commit is contained in:
Pavel Březina 2018-09-27 15:13:50 +02:00
parent 8faa552b6f
commit 54bca3b674
10 changed files with 18 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -6,3 +6,4 @@
/authselect-0.3.2.tar.gz
/authselect-0.4.tar.gz
/authselect-1.0.tar.gz
/authselect-1.0.1.tar.gz

29
0001-lib-fix-profile-origin-debug-message.patch
View File

@ -1,29 +0,0 @@
From 607235797f0503178f81b5a2074803fdddd84071 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 4 Sep 2018 12:33:21 +0200
Subject: [PATCH 1/7] lib: fix profile origin debug message
Previously, we failed to match the location and always print that
the selected profile is a default profile.
---
src/lib/profiles/read.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib/profiles/read.c b/src/lib/profiles/read.c
index 002329090cec29eee7969a5f04634ba1bb214a4c..a3a3e62788a3b3ae493a22a8b8e10170d572fc6f 100644
--- a/src/lib/profiles/read.c
+++ b/src/lib/profiles/read.c
@@ -125,9 +125,9 @@ authselect_profile_open(const char *id,
return ret;
}
- if (strcmp(location, DIR_CUSTOM_PROFILES) == 0) {
+ if (strcmp(locations[i], DIR_CUSTOM_PROFILES) == 0) {
INFO("Profile [%s] is a custom profile", id);
- } else if (strcmp(location, DIR_VENDOR_PROFILES) == 0) {
+ } else if (strcmp(locations[i], DIR_VENDOR_PROFILES) == 0) {
INFO("Profile [%s] is a vendor profile", id);
} else {
INFO("Profile [%s] is a default profile", id);
--
2.17.1

23
0002-man-remove-duplicate-of-with-pamaccess.patch
View File

@ -1,23 +0,0 @@
From 3b6ba3c895dfc7a3c6b3fa43d2c76070e45b0d94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 4 Sep 2018 12:39:16 +0200
Subject: [PATCH 2/7] man: remove duplicate of with-pamaccess
---
src/man/authselect-migration.7.adoc | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
index 47544a53efd70b55a75d68d5bcbf3c89f875d7e7..35ba484d576ab8a3d923a124f6b1577085deedd4 100644
--- a/src/man/authselect-migration.7.adoc
+++ b/src/man/authselect-migration.7.adoc
@@ -85,7 +85,6 @@ configuration file for required services.
|--enablefaillock |with-faillock
|--enablepamaccess |with-pamaccess
|--enablewinbindkrb5 |with-krb5
-|--enablepamaccess |with-pamaccess
|==================================================
.Examples
--
2.17.1

27
0003-spec-do-not-print-any-output-when-enabling-with-sudo.patch
View File

@ -1,27 +0,0 @@
From dd0b2a5b4293ac5a46c1ecf64b2716d210ade1ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 4 Sep 2018 14:13:49 +0200
Subject: [PATCH 3/7] spec: do not print any output when enabling with-sudo
---
rpm/authselect.spec.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index c1de3107b099bab05284f65a4f6712fac41297da..70af91e16c72478e5e5bba0b4f59df86b66fb99f 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -210,9 +210,9 @@ if [ $? -eq 0 ]; then
if [ $PROFILE == "sssd" ] ; then
if grep -E "services[[:blank:]]*=[[:blank:]]*.*sudo" /etc/sssd/sssd.conf &> /dev/null ; then
- %{_bindir}/authselect enable-feature with-sudo
+ %{_bindir}/authselect enable-feature with-sudo &> /dev/null
elif systemctl is-active sssd-sudo.service sssd-sudo.socket --quiet || systemctl is-enabled sssd-sudo.socket --quiet ; then
- %{_bindir}/authselect enable-feature with-sudo
+ %{_bindir}/authselect enable-feature with-sudo &> /dev/null
fi
fi
fi
--
2.17.1

49
0004-Don-t-write-options-without-value-to-pwquality-conf-.patch
View File

@ -1,49 +0,0 @@
From 748e7672134545c5c66fab180c983edbd8d7a106 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 28 Aug 2018 11:49:35 -0700
Subject: [PATCH 4/7] Don't write options without value to pwquality conf
(#1618865)
Per https://bugzilla.redhat.com/show_bug.cgi?id=1618865 , it is
incorrect to write lines like this in a pwquality config file:
minlen=
minclass=
maxrepeat=
maxclassrepeat=
There should either be an actual integer value, or the line
should be omitted entirely. Including the option with no value
is wrong and breaks pwquality. This should fix the problem by
only writing the lines if the option is actually set.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
src/compat/authcompat.py.in.in | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
index abe1e585954ccd5ac555339f23c175e941c76ea3..1b4f531b021c1e2e8fd99bd081094da365c0c64e 100755
--- a/src/compat/authcompat.py.in.in
+++ b/src/compat/authcompat.py.in.in
@@ -319,10 +319,13 @@ class Configuration:
def write(self):
config = EnvironmentFile(Path.System('pwquality.conf'))
- config.set("minlen", self.get("passminlen"))
- config.set("minclass", self.get("passminclass"))
- config.set("maxrepeat", self.get("passmaxrepeat"))
- config.set("maxclassrepeat", self.get("passmaxclassrepeat"))
+ # for each if these options, we want to write a line to the config
+ # *only if* it is set to an actual value, see
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1618865
+ for pwval in ["minlen", "minclass", "maxrepeat", "maxclassrepeat"]:
+ if self.isset("pass{0}".format(pwval)):
+ config.set(pwval, self.get("pass{0}".format(pwval)))
+
config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0))
config.set("ucredit", self.getBoolAsValue("requpper", -1, 0))
config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0))
--
2.17.1

71
0005-compat-write-only-options-set-on-command-line-to-pwq.patch
View File

@ -1,71 +0,0 @@
From 65c081520d2192602ecffb31a06f96e577ed3998 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 4 Sep 2018 11:36:43 +0200
Subject: [PATCH 5/7] compat: write only options set on command line to
pwquality.conf
This will not overwrite pwquality.conf if for exapmle "authconfig --update"
is called. Without this patch the values would get overriden with empty
values.
---
src/compat/authcompat.py.in.in | 36 ++++++++++++++++++++++------------
1 file changed, 24 insertions(+), 12 deletions(-)
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
index 1b4f531b021c1e2e8fd99bd081094da365c0c64e..4fa9a6afc1d62aa9dde41b525d473168e6dc2901 100755
--- a/src/compat/authcompat.py.in.in
+++ b/src/compat/authcompat.py.in.in
@@ -166,7 +166,10 @@ class Configuration:
def getBool(self, name):
return self.options.getBool(name)
- def getBoolAsValue(self, name, if_true, if_false):
+ def getBoolAsValue(self, name, if_true, if_false, AllowNone=False):
+ if AllowNone and not self.isset(name):
+ return None
+
value = self.getBool(name)
if value:
return if_true
@@ -318,19 +321,28 @@ class Configuration:
def write(self):
config = EnvironmentFile(Path.System('pwquality.conf'))
+ value_set = False
- # for each if these options, we want to write a line to the config
- # *only if* it is set to an actual value, see
- # https://bugzilla.redhat.com/show_bug.cgi?id=1618865
- for pwval in ["minlen", "minclass", "maxrepeat", "maxclassrepeat"]:
- if self.isset("pass{0}".format(pwval)):
- config.set(pwval, self.get("pass{0}".format(pwval)))
+ pwopts = {
+ "minlen" : self.get("passminlen"),
+ "minclass" : self.get("passminclass"),
+ "maxrepeat" : self.get("passmaxrepeat"),
+ "maxclassrepeat" : self.get("passmaxclassrepeat"),
+ "lcredit" : self.getBoolAsValue("reqlower", -1, 0, AllowNone=True),
+ "ucredit" : self.getBoolAsValue("requpper", -1, 0, AllowNone=True),
+ "dcredit" : self.getBoolAsValue("reqdigit", -1, 0, AllowNone=True),
+ "ocredit" : self.getBoolAsValue("reqother", -1, 0, AllowNone=True)
+ }
- config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0))
- config.set("ucredit", self.getBoolAsValue("requpper", -1, 0))
- config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0))
- config.set("ocredit", self.getBoolAsValue("reqother", -1, 0))
- config.write()
+ # Write options only if their are actually set
+ for opt, value in pwopts.items():
+ if value is not None:
+ print(opt + "=" + str(value))
+ config.set(opt, value)
+ value_set = True
+
+ if value_set:
+ config.write()
class MakeHomedir(Base):
def __init__(self, options):
--
2.17.1

30
0006-compat-fix-regular-expression-for-environment-files.patch
View File

@ -1,30 +0,0 @@
From 7c37960dbf378dc1041c1d635629d509c48bae20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 4 Sep 2018 11:38:38 +0200
Subject: [PATCH 6/7] compat: fix regular expression for environment files
Any word character (\w) was not enough as it does not accept e.g. '-'.
Therefore line like 'ocredit=-1' was incorrectly parse returning only
'1' as value instead of '-1'.
---
src/compat/authcompat_EnvironmentFile.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/compat/authcompat_EnvironmentFile.py b/src/compat/authcompat_EnvironmentFile.py
index 529497e61903b3fb89f560b8e0ac0bb38111b46a..5738c6cafaf75109a5c1dbb9d3f040686a4945e1 100644
--- a/src/compat/authcompat_EnvironmentFile.py
+++ b/src/compat/authcompat_EnvironmentFile.py
@@ -34,9 +34,9 @@ class EnvironmentFile:
self.environment = []
delimiter_re = delimiter_re if delimiter_re is not None else delimiter
- self.pattern = re.compile('^(\s*)(\S*)([^\n\w]*)(' +
+ self.pattern = re.compile('^(\s*)(\S*)([^\n\S]*)(' +
delimiter_re +
- ')([^\n\w]*)(.*)$',
+ ')([^\n\S]*)(.*)$',
re.MULTILINE)
self.read()
--
2.17.1

31
0007-spec-fix-invalid-options-in-pwquality.conf-generated.patch
View File

@ -1,31 +0,0 @@
From 81de5acd2ce27592b724ab564ed3ade6ed3d68eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 4 Sep 2018 11:51:20 +0200
Subject: [PATCH 7/7] spec: fix invalid options in pwquality.conf generated by
compat tool
---
rpm/authselect.spec.in | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index 70af91e16c72478e5e5bba0b4f59df86b66fb99f..6887d1d16724412de8abfd5b872e5ecfc93e5ba5 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -219,6 +219,14 @@ fi
exit 0
+%posttrans compat
+# Fix for RHBZ#1618865
+# Remove invalid lines from pwquality.conf generated by authconfig compat tool
+# - previous version could write some options without value, which is invalid
+# - we delete all options without value from existing file
+sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwquality.conf &> /dev/null
+exit 0
+
%changelog
* Thu Feb 22 2018 Pavel Březina <pbrezina@redhat.com> - @PACKAGE_VERSION@-@RELEASE_NUMBER@
- Do not use change log for rpm generated from source
--
2.17.1

32
authselect.spec
View File

@ -1,20 +1,12 @@
Name: authselect
Version: 1.0
Release: 3%{?dist}
Version: 1.0.1
Release: 1%{?dist}
Summary: Configures authentication and identity sources from supported profiles
URL: https://github.com/pbrezina/authselect
License: GPLv3+
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch0001: 0001-lib-fix-profile-origin-debug-message.patch
Patch0002: 0002-man-remove-duplicate-of-with-pamaccess.patch
Patch0003: 0003-spec-do-not-print-any-output-when-enabling-with-sudo.patch
Patch0004: 0004-Don-t-write-options-without-value-to-pwquality-conf-.patch
Patch0005: 0005-compat-write-only-options-set-on-command-line-to-pwq.patch
Patch0006: 0006-compat-fix-regular-expression-for-environment-files.patch
Patch0007: 0007-spec-fix-invalid-options-in-pwquality.conf-generated.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@ -43,6 +35,13 @@ supported by authselect.
%package libs
Summary: Utility library used by the authselect tool
# Required by scriptlets
Requires: coreutils
Requires: findutils
Requires: gawk
Requires: grep
Requires: sed
Requires: systemctl
%description libs
Common library files for authselect. This package is used by the authselect
@ -50,11 +49,7 @@ command line tool and any other potential front-ends.
%package compat
Summary: Tool to provide minimum backwards compatibility with authconfig
%if 0%{?fedora} && 0%{?fedora} <= 27
Conflicts: authconfig
%else
Obsoletes: authconfig < 7.0.1-6
%endif
Provides: authconfig
BuildRequires: python3-devel
Requires: authselect%{?_isa} = %{version}-%{release}
@ -62,6 +57,8 @@ Suggests: sssd
Suggests: realmd
Suggests: samba-winbind
Suggests: oddjob-mkhomedir
# Required by scriptlets
Requires: sed
%description compat
This package will replace %{_sbindir}/authconfig with a tool that will
@ -87,7 +84,7 @@ done
%build
autoreconf -if
%configure
%configure --with-pythonbin="%{__python3}"
%make_build
%check
@ -215,7 +212,7 @@ fi
%{_bindir}/authselect apply-changes &> /dev/null
# Enable with-sudo feature if sssd-sudo responder is enabled. RHBZ#1582111
CURRENT=`%{_bindir}/authselect current --raw`
CURRENT=`%{_bindir}/authselect current --raw 2> /dev/null`
if [ $? -eq 0 ]; then
PROFILE=`echo $CURRENT | awk '{print $1;}'`
@ -239,6 +236,9 @@ sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwq
exit 0
%changelog
* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-1
- Rebase to 1.0.1
* Fri Sep 14 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-3
- Scriptlets should no produce any error messages (RHBZ #1622272)
- Provide fix for pwquality configuration (RHBZ #1618865)

2
sources
View File

@ -1 +1 @@
SHA512 (authselect-1.0.tar.gz) = d5463a1b854d9c18bd687a43d3c2822302f872d4b35c16b671d22aec78131f99ab08c96184e50778cea322bb04a1991b59f845dba55bb408634cb333bfb2d2fc
SHA512 (authselect-1.0.1.tar.gz) = 571202ff45b712111415c5c874297e7700c255d965b7198ef245881e52a561d0f9abc1b8b1d53f40ebe15875fa6c4321264faacdb19f7ad5d0c600bdbc40bd40