tmraz pushed to authconfig (f22). "set default tls_cacertdir when no ldap.conf is present"
notifications at fedoraproject.org
notifications at fedoraproject.org
Tue Mar 31 08:56:22 UTC 2015
>From 38472812ca7c0e1ee7638bb1b2603d6b3c4b6e42 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz at fedoraproject.org>
Date: Tue, 31 Mar 2015 10:56:08 +0200
Subject: set default tls_cacertdir when no ldap.conf is present
diff --git a/authconfig-6.2.10-cacertdir.patch b/authconfig-6.2.10-cacertdir.patch
index c6dd030..b109ed1 100644
--- a/authconfig-6.2.10-cacertdir.patch
+++ b/authconfig-6.2.10-cacertdir.patch
@@ -1,15 +1,7 @@
-# HG changeset patch
-# User Tomas Mraz <tmraz at redhat.com>
-# Date 1427468671 -3600
-# Fri Mar 27 16:04:31 2015 +0100
-# Node ID 8dd359bfc32e9473251571486ef0a29d1c4167a4
-# Parent 1686f4a66f7cd306bd827274970de09a892bfd9e
-Make the ldapCacertDir follow the openldap default.
-
-diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
---- a/authinfo.py Tue Mar 03 10:24:52 2015 +0100
-+++ b/authinfo.py Fri Mar 27 16:04:31 2015 +0100
-@@ -116,7 +116,7 @@
+diff -up authconfig-6.2.10/authinfo.py.cacertdir authconfig-6.2.10/authinfo.py
+--- authconfig-6.2.10/authinfo.py.cacertdir 2015-03-31 10:40:43.321241910 +0200
++++ authconfig-6.2.10/authinfo.py 2015-03-31 10:52:44.420811832 +0200
+@@ -116,7 +116,7 @@ PATH_LIBSSS_AUTOFS = "/usr" + LIBDIR + "
PATH_WINBIND_NET = "/usr/bin/net"
PATH_IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
@@ -18,7 +10,21 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
LDAP_CACERT_DOWNLOADED = "authconfig_downloaded.pem"
PATH_CONFIG_BACKUPS = "/var/lib/authconfig"
-@@ -1627,7 +1627,6 @@
+@@ -155,6 +155,13 @@ def matchKey(line, key):
+ else:
+ return False
+
++def matchKeyI(line, key):
++ if line.lower().startswith(key.lower()):
++ # Skip intervening whitespace.
++ return line[len(key):].lstrip()
++ else:
++ return False
++
+ def matchKeyEquals(line, key):
+ if line.startswith(key):
+ # Skip intervening whitespace.
+@@ -1627,7 +1634,6 @@ class AuthInfo:
# Read LDAP setup from /etc/ldap.conf.
def readLDAP(self, ref):
@@ -26,11 +32,50 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
# Open the file. Bail if it's not there or there's some problem
# reading it.
try:
-@@ -1675,10 +1674,16 @@
+@@ -1642,43 +1648,50 @@ class AuthInfo:
+ try:
+ f = open(all_configs[CFG_LDAP].origPath, "r")
+ except IOError:
++ self.ldapCacertDir = PATH_LDAP_CACERTS
+ return False
+
+ for line in f:
+ line = line.strip()
+
+ # Is it a "base" statement?
+- value = matchKey(line, "base")
++ value = matchKeyI(line, "base")
+ if value and checkDN(value):
+ # Save the base DN.
+ self.setParam("ldapBaseDN", value, ref)
+ continue
+ # Is it a "host" statement?
+- value = matchKey(line, "host")
++ value = matchKeyI(line, "host")
+ if value:
+ # Save the host name or IP.
+ self.setParam("ldapServer", value, ref)
+ continue
+ # Is it a "uri" statement?
+- value = matchKey(line, "uri")
++ value = matchKeyI(line, "uri")
+ if value:
+ # Save the host name or IP.
+ self.setParam("ldapServer", value, ref)
+ continue
+ # Is it a "ssl" statement?
+- value = matchKey(line, "ssl")
++ value = matchKeyI(line, "ssl")
+ if value:
+ self.setParam("enableLDAPS", matchLine(value, "start_tls"), ref)
+ continue
+ # Is it a "nss_schema" statement?
+- value = matchKey(line, "nss_schema")
++ value = matchKeyI(line, "nss_schema")
if value:
self.setParam("ldapSchema", value, ref)
continue
-+ value = matchKey(line, "tls_cacertdir")
++ value = matchKeyI(line, "tls_cacertdir")
+ if value:
+ self.setParam("ldapCacertDir", value, ref)
+ continue
@@ -43,7 +88,7 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
f.close()
return True
-@@ -4444,7 +4449,7 @@
+@@ -4443,7 +4456,7 @@ class AuthInfo:
self.uninstallIPA()
def testLDAPCACerts(self):
@@ -52,7 +97,7 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
try:
os.stat(self.ldapCacertDir)
except OSError as err:
-@@ -4456,7 +4461,7 @@
+@@ -4455,7 +4468,7 @@ class AuthInfo:
def rehashLDAPCACerts(self):
if ((self.enableLDAP or self.enableLDAPAuth) and
diff --git a/authconfig.spec b/authconfig.spec
index f94d69b..effb720 100644
--- a/authconfig.spec
+++ b/authconfig.spec
@@ -1,7 +1,7 @@
Summary: Command line tool for setting up authentication from network services
Name: authconfig
Version: 6.2.10
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
ExclusiveOS: Linux
Group: System Environment/Base
@@ -125,6 +125,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_datadir}/icons/hicolor/256x256/apps/system-config-authentication.*
%changelog
+* Tue Mar 31 2015 Tomáš Mráz <tmraz at redhat.com> - 6.2.10-5
+- set default tls_cacertdir when no ldap.conf is present
+
* Fri Mar 27 2015 Tomáš Mráz <tmraz at redhat.com> - 6.2.10-4
- make the cacertdir setup more sane (#1203024)
- support sssd prompting non-local users for password (#1195817)
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/authconfig.git/commit/?h=f22&id=38472812ca7c0e1ee7638bb1b2603d6b3c4b6e42
More information about the scm-commits
mailing list