From c08e64289bf77615dfcf42feab9d51129b8a8f1b Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Mon, 19 Oct 2015 15:04:51 +0200
Subject: [PATCH] python-sssdconfig: Fix parssing sssd.conf without
 config_file_version

- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
---
 ...t-raise-exception-if-config_file_ver.patch |  58 +++++++
 ...SSSDConfigTest-Try-load-saved-config.patch |  60 +++++++
 ...est-real-config-without-config_file_.patch | 151 ++++++++++++++++++
 sssd.spec                                     |   9 +-
 4 files changed, 277 insertions(+), 1 deletion(-)
 create mode 100644 0004-SSSDConfig-Do-not-raise-exception-if-config_file_ver.patch
 create mode 100644 0005-SSSDConfigTest-Try-load-saved-config.patch
 create mode 100644 0006-SSSDConfigTest-Test-real-config-without-config_file_.patch

diff --git a/0004-SSSDConfig-Do-not-raise-exception-if-config_file_ver.patch b/0004-SSSDConfig-Do-not-raise-exception-if-config_file_ver.patch
new file mode 100644
index 0000000..5da1626
--- /dev/null
+++ b/0004-SSSDConfig-Do-not-raise-exception-if-config_file_ver.patch
@@ -0,0 +1,58 @@
+From c540338b798a15b736770a51f87eb13606faa544 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
+Date: Thu, 15 Oct 2015 18:53:37 +0200
+Subject: [PATCH 4/6] SSSDConfig: Do not raise exception if config_file_version
+ is missing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ticket:
+https://fedorahosted.org/sssd/ticket/2837
+
+Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
+(cherry picked from commit 6a044fa43d53638c1d0b874d43f58c0428820362)
+(cherry picked from commit a2363aa5984a707b8834816ea8538fe7de250a63)
+---
+ src/config/SSSDConfig/__init__.py.in | 8 ++++----
+ src/config/SSSDConfigTest.py         | 5 -----
+ 2 files changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
+index 038de16d55423a73c0bed6a0e27d99e1ab46a90f..bf61c402796122050fa43cf41128faec4771c5d2 100644
+--- a/src/config/SSSDConfig/__init__.py.in
++++ b/src/config/SSSDConfig/__init__.py.in
+@@ -1405,10 +1405,10 @@ class SSSDConfig(SSSDChangeConf):
+         try:
+             if int(self.get('sssd', 'config_file_version')) != self.API_VERSION:
+                 raise ParsingError("Wrong config_file_version")
+-        except:
+-            # Either the 'sssd' section or the 'config_file_version' was not
+-            # present in the config file
+-            raise ParsingError("File contains no config_file_version")
++        except TypeError:
++            # This happens when config_file_version is missing. We
++            # can assume it is the default version and continue.
++            pass
+ 
+     def new_config(self):
+         """
+diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
+index 5047bd7237188be4df83f76054afe6b43ceeec1d..a850b8d2c5933c4c08b5b0e8f4db79f3c88fc5ee 100755
+--- a/src/config/SSSDConfigTest.py
++++ b/src/config/SSSDConfigTest.py
+@@ -1226,11 +1226,6 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
+                                            srcdir + "/etc/sssd.api.d")
+         self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-badversion.conf")
+ 
+-        # Negative Test - No config file version
+-        sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
+-                                           srcdir + "/etc/sssd.api.d")
+-        self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-noversion.conf")
+-
+         # Negative Test - Already initialized
+         sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
+                                            srcdir + "/etc/sssd.api.d")
+-- 
+2.5.0
+
diff --git a/0005-SSSDConfigTest-Try-load-saved-config.patch b/0005-SSSDConfigTest-Try-load-saved-config.patch
new file mode 100644
index 0000000..e7f7373
--- /dev/null
+++ b/0005-SSSDConfigTest-Try-load-saved-config.patch
@@ -0,0 +1,60 @@
+From dab0d1655f5e2451fc8ded804763ac4549ffd978 Mon Sep 17 00:00:00 2001
+From: Lukas Slebodnik <lslebodn@redhat.com>
+Date: Thu, 15 Oct 2015 10:32:09 +0200
+Subject: [PATCH 5/6] SSSDConfigTest: Try load saved config
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Python module SSSDConfig should be able to save configuration file
+and later load the same configuration file without problem.
+
+Unit test for:
+https://fedorahosted.org/sssd/ticket/2837
+
+Reviewed-by: Michal Židek <mzidek@redhat.com>
+(cherry picked from commit 87ef67286b64af98d32a3a5abcd28a9c2886f751)
+(cherry picked from commit 69612bc5d0a9219ecccf3e8c6410059322aeecc6)
+---
+ src/config/SSSDConfigTest.py | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
+index a850b8d2c5933c4c08b5b0e8f4db79f3c88fc5ee..8a4a2b30a8a5b2422075fd614626d14e6f803a18 100755
+--- a/src/config/SSSDConfigTest.py
++++ b/src/config/SSSDConfigTest.py
+@@ -157,10 +157,14 @@ class SSSDConfigTestValid(unittest.TestCase):
+         #non-owners, and should not be executable by anyone
+         self.assertFalse(S_IMODE(mode) & 0o177)
+ 
++        # try to import saved configuration file
++        config = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
++                                       srcdir + "/etc/sssd.api.d")
++        config.import_config(configfile=of)
++
+         #Remove the output file
+         os.unlink(of)
+ 
+-
+     def testCreateNewLDAPConfig(self):
+         sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
+                                 srcdir + "/etc/sssd.api.d")
+@@ -191,9 +195,15 @@ class SSSDConfigTestValid(unittest.TestCase):
+         #non-owners, and should not be executable by anyone
+         self.assertFalse(S_IMODE(mode) & 0o177)
+ 
++        # try to import saved configuration file
++        config = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
++                                       srcdir + "/etc/sssd.api.d")
++        config.import_config(configfile=of)
++
+         #Remove the output file
+         os.unlink(of)
+ 
++
+     def testModifyExistingConfig(self):
+         sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
+                                 srcdir + "/etc/sssd.api.d")
+-- 
+2.5.0
+
diff --git a/0006-SSSDConfigTest-Test-real-config-without-config_file_.patch b/0006-SSSDConfigTest-Test-real-config-without-config_file_.patch
new file mode 100644
index 0000000..1cbd0f7
--- /dev/null
+++ b/0006-SSSDConfigTest-Test-real-config-without-config_file_.patch
@@ -0,0 +1,151 @@
+From abbb16532a5336cf5c75228c2adc56601c828f9a Mon Sep 17 00:00:00 2001
+From: Lukas Slebodnik <lslebodn@redhat.com>
+Date: Thu, 15 Oct 2015 11:04:06 +0200
+Subject: [PATCH 6/6] SSSDConfigTest: Test real config without
+ config_file_version
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+src/config/testconfigs/sssd-valid.conf explicitly contains
+config_file_version. Recently we changed the default value to 2
+and therefore it needn't be listed in configuration file.
+This patch test real sssd.conf without config_file_version.
+
+Reviewed-by: Michal Židek <mzidek@redhat.com>
+(cherry picked from commit 7388fc91bd6c22705e60632346ec815f4a4963f1)
+(cherry picked from commit b1c6767617c082de2521976175bc2f499ec295e9)
+---
+ src/config/SSSDConfigTest.py               | 85 ++++++++++++++++++++++++++++++
+ src/config/testconfigs/sssd-noversion.conf | 22 ++++++++
+ 2 files changed, 107 insertions(+)
+
+diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
+index 8a4a2b30a8a5b2422075fd614626d14e6f803a18..45562214da5d227b45914abbcb298e043048adf5 100755
+--- a/src/config/SSSDConfigTest.py
++++ b/src/config/SSSDConfigTest.py
+@@ -1243,6 +1243,91 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
+         self.assertRaises(SSSDConfig.AlreadyInitializedError,
+                           sssdconfig.import_config, srcdir + "/testconfigs/sssd-valid.conf")
+ 
++    def testImportConfigNoVersion(self):
++        # Positive Test
++        sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
++                                           srcdir + "/etc/sssd.api.d")
++        sssdconfig.import_config(
++            srcdir + "/testconfigs/sssd-noversion.conf"
++        )
++
++        # Validate services
++        services = sssdconfig.list_services()
++        self.assertTrue('sssd' in services)
++        self.assertTrue('nss' in services)
++        self.assertTrue('pam' in services)
++        self.assertTrue('dp' in services)
++
++        #Verify service attributes
++        sssd_service = sssdconfig.get_service('sssd')
++        service_opts = sssd_service.list_options()
++
++        self.assertTrue('services' in service_opts.keys())
++        service_list = sssd_service.get_option('services')
++        self.assertTrue('nss' in service_list)
++        self.assertTrue('pam' in service_list)
++        self.assertTrue('reconnection_retries' in service_opts)
++
++        #Validate domain list
++        domains = sssdconfig.list_domains()
++        self.assertTrue('LOCAL' in domains)
++        self.assertTrue('LDAP' in domains)
++        self.assertTrue('PROXY' in domains)
++        self.assertTrue('IPA' in domains)
++
++        # Verify domain attributes
++        ipa_domain = sssdconfig.get_domain('IPA')
++        domain_opts = ipa_domain.list_options()
++        self.assertTrue('debug_level' in domain_opts.keys())
++        self.assertTrue('id_provider' in domain_opts.keys())
++        self.assertTrue('auth_provider' in domain_opts.keys())
++
++        # Verify domain attributes
++        proxy_domain = sssdconfig.get_domain('PROXY')
++        domain_opts = proxy_domain.list_options()
++        self.assertTrue('debug_level' in domain_opts.keys())
++        self.assertTrue('id_provider' in domain_opts.keys())
++        self.assertTrue('auth_provider' in domain_opts.keys())
++
++        # Verify domain attributes
++        local_domain = sssdconfig.get_domain('LOCAL')
++        domain_opts = local_domain.list_options()
++        self.assertTrue('debug_level' in domain_opts.keys())
++        self.assertTrue('id_provider' in domain_opts.keys())
++        self.assertTrue('auth_provider' in domain_opts.keys())
++
++        # Verify domain attributes
++        ldap_domain = sssdconfig.get_domain('LDAP')
++        domain_opts = ldap_domain.list_options()
++        self.assertTrue('debug_level' in domain_opts.keys())
++        self.assertTrue('id_provider' in domain_opts.keys())
++        self.assertTrue('auth_provider' in domain_opts.keys())
++
++        domain_control_list = [
++            'cache_credentials',
++            'id_provider',
++            'auth_provider',
++            'access_provider',
++            'default_shell',
++            'fallback_homedir',
++            'cache_credentials',
++            'use_fully_qualified_names',
++        ]
++
++        ad_domain = sssdconfig.get_domain("ad.example.com")
++
++        for option in ad_domain.get_all_options():
++            self.assertTrue(option in domain_control_list)
++
++        negative_domain_control_list = [
++            'ad_server',
++            'ldap_id_mapping',
++            'ldap_sasl_authid',
++        ]
++
++        for option in ad_domain.get_all_options():
++            self.assertFalse(option in negative_domain_control_list)
++
+     def testNewConfig(self):
+         # Positive Test
+         sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
+diff --git a/src/config/testconfigs/sssd-noversion.conf b/src/config/testconfigs/sssd-noversion.conf
+index 71af85cc07e87ab96372fb91ea52ce36faf21a1e..d5f524d268dd43825364a4b464909cf1b9441646 100644
+--- a/src/config/testconfigs/sssd-noversion.conf
++++ b/src/config/testconfigs/sssd-noversion.conf
+@@ -39,3 +39,25 @@ debug_level = 0
+ [dp]
+ debug_level = 0
+ 
++[domain/ad.example.com]
++cache_credentials = true
++
++id_provider = ad
++auth_provider = ad
++access_provider = ad
++
++# Uncomment if service discovery is not working
++# ad_server = server.ad.example.com
++
++# Uncomment if you want to use POSIX UIDs and GIDs set on the AD side
++# ldap_id_mapping = False
++
++# Comment out if the users have the shell and home dir set on the AD side
++default_shell = /bin/bash
++fallback_homedir = /home/%d/%u
++
++# Uncomment and adjust if the default principal SHORTNAME$@REALM is not available
++# ldap_sasl_authid = host/client.ad.example.com@AD.EXAMPLE.COM
++
++# Comment out if you prefer to user shortnames.
++use_fully_qualified_names = True
+-- 
+2.5.0
+
diff --git a/sssd.spec b/sssd.spec
index d5c8511..ad00c6f 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -29,7 +29,7 @@
 
 Name: sssd
 Version: 1.13.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -41,6 +41,9 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Patch0001: 0001-PAM-only-allow-missing-user-name-for-certificate-aut.patch
 Patch0002: 0002-AD-Provide-common-connection-list-construction-funct.patch
 Patch0003: 0003-AD-Consolidate-connection-list-construction-on-ad_co.patch
+Patch0004: 0004-SSSDConfig-Do-not-raise-exception-if-config_file_ver.patch
+Patch0005: 0005-SSSDConfigTest-Try-load-saved-config.patch
+Patch0006: 0006-SSSDConfigTest-Test-real-config-without-config_file_.patch
 
 ### Dependencies ###
 Requires: sssd-common = %{version}-%{release}
@@ -1012,6 +1015,10 @@ fi
                                 %{_libdir}/%{name}/modules/libwbclient.so
 
 %changelog
+* Mon Oct 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-3
+- python-sssdconfig: Fix parssing sssd.conf without config_file_version
+- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
+
 * Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2
 - Fix few segfaults
 - Resolves: upstream #2811 - PAM responder crashed if user was not set