Merge pull request #16 from jsuchome/master

- replace obsolete krb5_kdcip with krb5_server (bnc#851048)

VERSION

@@ -1 +1 @@
-3.1.1
+3.1.3

package/yast2-ldap-client.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Fri Nov 22 10:16:56 CET 2013 - jsuchome@suse.cz
+
+- revoked fix for bnc#708562: do not base sssd state on current
+  configuration when it should be default (bnc#847492)
+- 3.1.3
+
+-------------------------------------------------------------------
+Tue Nov 19 15:02:19 CET 2013 - jsuchome@suse.cz
+
+- replace obsolete krb5_kdcip key with krb5_server (bnc#851048)
+  (new autoYaST profile not usable for releases using the old key)
+- 3.1.2 
+
 -------------------------------------------------------------------
 Wed Oct 23 09:39:33 UTC 2013 - ckornacker@suse.de
 

src/autoyast-rnc/ldap_client.rnc

@@ -18,6 +18,12 @@ ldap = element ldap {
     pam_password? &
     start_autofs? &
     sssd? &
+    sssd_ldap_schema? &
+    sssd_enumerate? &
+    sssd_cache_credentials? &
+    sssd_with_krb? &
+    krb5_realm? &
+    krb5_server? &
     mkhomedir? &
     tls_cacertdir? &
     tls_cacertfile? &
@@ -42,4 +48,9 @@ create_ldap = element create_ldap { BOOLEAN }
 sssd = element sssd { BOOLEAN }
 mkhomedir = element mkhomedir { BOOLEAN }
 start_autofs = element start_autofs { BOOLEAN }
-
+sssd_ldap_schema = element sssd_ldap_schema { text }
+sssd_enumerate = element sssd_enumerate { BOOLEAN }
+sssd_cache_credentials = element sssd_cache_credentials { BOOLEAN }
+sssd_with_krb = element sssd_with_krb { BOOLEAN }
+krb5_realm = element krb5_realm { text }
+krb5_server = element krb5_server { text }

src/clients/ldap.rb

@@ -297,13 +297,13 @@ def LdapChangeConfiguration(options)
       end
       if Ops.get(options, "kdc", "") != ""
         kdc = Ops.get(options, "kdc", "")
-        if Ldap.krb5_kdcip != kdc
-          Ldap.krb5_kdcip = kdc
+        if Ldap.krb5_server != kdc
+          Ldap.krb5_server = kdc
           Ldap.modified = true
         end
       end
 
-      if Ldap.krb5_kdcip != "" && Ldap.krb5_realm != ""
+      if Ldap.krb5_server != "" && Ldap.krb5_realm != ""
         Ldap.sssd_with_krb = true
       end
 

src/include/ldap/ui.rb

@@ -941,7 +941,7 @@ def AdvancedConfigurationDialog
       append_base = bind_dn != "" && Builtins.issubstring(bind_dn, base_dn)
       pam_password = Ldap.pam_password
       krb5_realm = Ldap.krb5_realm
-      krb5_kdcip = Ldap.krb5_kdcip
+      krb5_server = Ldap.krb5_server
       sssd_with_krb = Ldap.sssd_with_krb
       sssd_ldap_schema = Ldap.sssd_ldap_schema
       sssd_enumerate = Ldap.sssd_enumerate
@@ -1110,7 +1110,7 @@ def AdvancedConfigurationDialog
                 # textentry label
                 TextEntry(Id(:krb5_realm), _("Default Real&m"), krb5_realm),
                 # textentry label
-                TextEntry(Id(:krb5_kdcip), _("&KDC Server Address"), krb5_kdcip)
+                TextEntry(Id(:krb5_server), _("&KDC Server Address"), krb5_server)
               ),
               VSpacing(),
               # combobox label
@@ -1170,7 +1170,7 @@ def AdvancedConfigurationDialog
         UI.ChangeWidget(Id(:tabs), :CurrentItem, :client) if has_tabs
         if Ldap.sssd
           UI.ChangeWidget(Id(:krb5_realm), :Enabled, sssd_with_krb)
-          UI.ChangeWidget(Id(:krb5_kdcip), :Enabled, sssd_with_krb)
+          UI.ChangeWidget(Id(:krb5_server), :Enabled, sssd_with_krb)
         end
 
         nil
@@ -1273,8 +1273,8 @@ def AdvancedConfigurationDialog
           krb5_realm = Convert.to_string(
             UI.QueryWidget(Id(:krb5_realm), :Value)
           )
-          krb5_kdcip = Convert.to_string(
-            UI.QueryWidget(Id(:krb5_kdcip), :Value)
+          krb5_server = Convert.to_string(
+            UI.QueryWidget(Id(:krb5_server), :Value)
           )
           sssd_cache_credentials = Convert.to_boolean(
             UI.QueryWidget(Id(:sssd_cache_credentials), :Value)
@@ -1354,7 +1354,7 @@ def AdvancedConfigurationDialog
             UI.QueryWidget(Id(:sssd_with_krb), :Value)
           )
           UI.ChangeWidget(Id(:krb5_realm), :Enabled, sssd_with_krb)
-          UI.ChangeWidget(Id(:krb5_kdcip), :Enabled, sssd_with_krb)
+          UI.ChangeWidget(Id(:krb5_server), :Enabled, sssd_with_krb)
         end
 
         if result == :next || result == :configure
@@ -1371,7 +1371,7 @@ def AdvancedConfigurationDialog
             UI.SetFocus(Id(:base_config_dn))
             next
           end
-          if krb5_realm == "" || krb5_kdcip == "" || !Ldap.sssd
+          if krb5_realm == "" || krb5_server == "" || !Ldap.sssd
             sssd_with_krb = false
           end
 
@@ -1383,7 +1383,7 @@ def AdvancedConfigurationDialog
               Ldap.nss_base_group != nss_base_group ||
               Ldap.nss_base_automount != nss_base_automount ||
               Ldap.krb5_realm != krb5_realm ||
-              Ldap.krb5_kdcip != krb5_kdcip ||
+              Ldap.krb5_server != krb5_server ||
               Ldap.sssd_cache_credentials != sssd_cache_credentials ||
               Ldap.sssd_enumerate != sssd_enumerate ||
               Ldap.sssd_ldap_schema != sssd_ldap_schema
@@ -1396,7 +1396,7 @@ def AdvancedConfigurationDialog
             Ldap.nss_base_group = nss_base_group
             Ldap.nss_base_automount = nss_base_automount
             Ldap.krb5_realm = krb5_realm
-            Ldap.krb5_kdcip = krb5_kdcip
+            Ldap.krb5_server = krb5_server
             Ldap.sssd_with_krb = sssd_with_krb
             Ldap.sssd_cache_credentials = sssd_cache_credentials
             Ldap.sssd_enumerate = sssd_enumerate

src/modules/Ldap.rb

@@ -297,7 +297,7 @@ def main
       @krb5_realm = ""
 
       # adress of KDC (key distribution centre) server for default realm
-      @krb5_kdcip = ""
+      @krb5_server = ""
 
       # ldap_schema argument of /etc/sssd/sssd.conf
       @sssd_ldap_schema = "rfc2307bis"
@@ -405,64 +405,46 @@ def AutoPackages
     # Only set variables, without checking anything
     # @return [void]
     def Set(settings)
-      settings = deep_copy(settings)
-      @start = Ops.get_boolean(settings, "start_ldap", false)
-      @server = Ops.get_string(settings, "ldap_server", "")
-      # leaving "ldap_domain" for backward compatibility
-      @base_dn = Ops.get_string(settings, "ldap_domain", "")
-      @ldap_tls = Ops.get_boolean(settings, "ldap_tls", false)
-      @pam_password = Ops.get_string(settings, "pam_password", "exop")
-      @bind_dn = Ops.get_string(settings, "bind_dn", "")
-      @file_server = Ops.get_boolean(settings, "file_server", false)
-      @base_config_dn = Ops.get_string(settings, "base_config_dn", "")
-      @nss_base_passwd = Ops.get_string(settings, "nss_base_passwd", "")
-      @nss_base_shadow = Ops.get_string(settings, "nss_base_passwd", "")
-      @nss_base_group = Ops.get_string(settings, "nss_base_group", "")
-      @nss_base_automount = Ops.get_string(settings, "nss_base_automount", "")
-      @member_attribute = Ops.get_string(settings, "member_attribute", "member")
-      @create_ldap = Ops.get_boolean(settings, "create_ldap", false)
-      @login_enabled = Ops.get_boolean(settings, "login_enabled", true)
-      @_start_autofs = Ops.get_boolean(settings, "start_autofs", false)
-      @tls_cacertdir = Ops.get_string(settings, "tls_cacertdir", "")
-      @tls_cacertfile = Ops.get_string(settings, "tls_cacertfile", "")
-      @tls_checkpeer = Ops.get_string(settings, "tls_checkpeer", "yes")
-      @mkhomedir = Ops.get_boolean(settings, "mkhomedir", @mkhomedir)
-      @sssd = Ops.get_boolean(settings, "sssd", @sssd)
-      @sssd_ldap_schema = Ops.get_string(
-        settings,
-        "sssd_ldap_schema",
-        @sssd_ldap_schema
-      )
-      @sssd_enumerate = Ops.get_boolean(
-        settings,
-        "sssd_enumerate",
-        @sssd_enumerate
-      )
-      @sssd_cache_credentials = Ops.get_boolean(
-        settings,
-        "sssd_cache_credentials",
-        @sssd_cache_credentials
-      )
-      @sssd_with_krb = Ops.get_boolean(
-        settings,
-        "sssd_with_krb",
-        @sssd_with_krb
-      )
-      @krb5_realm = Ops.get_string(settings, "krb5_realm", @krb5_realm)
-      @krb5_kdcip = Ops.get_string(settings, "krb5_kdcip", @krb5_kdcip)
-      if @_start_autofs
-        @required_packages = Convert.convert(
-          Builtins.union(@required_packages, ["autofs"]),
-          :from => "list",
-          :to   => "list <string>"
-        )
-      end
 
-      @old_base_dn = @base_dn
-      @old_server = @server
-      @old_member_attribute = @member_attribute
-      @modified = true
-      @openldap_modified = true
+      @start            = settings.fetch("start_ldap", false)
+      @ldap_tls         = settings.fetch("ldap_tls", false)
+      @login_enabled    = settings.fetch("login_enabled", true)
+      @_start_autofs    = settings.fetch("start_autofs", false)
+      @file_server      = settings.fetch("file_server", false)
+      @create_ldap      = settings.fetch("create_ldap", false)
+      @mkhomedir        = settings.fetch("mkhomedir", @mkhomedir)
+      @sssd             = settings.fetch("sssd", @sssd)
+      @sssd_enumerate   = settings.fetch("sssd_enumerate", @sssd_enumerate)
+      @sssd_cache_credentials = settings.fetch("sssd_cache_credentials", @sssd_cache_credentials)
+      @sssd_with_krb    = settings.fetch("sssd_with_krb", @sssd_with_krb)
+
+      @server           = settings["ldap_server"] || ""
+      # leaving "ldap_domain" for backward compatibility
+      @base_dn          = settings["ldap_domain"] || ""
+      @pam_password     = settings["pam_password"] || "exop"
+      @bind_dn          = settings["bind_dn"] || ""
+      @base_config_dn   = settings["base_config_dn"] || ""
+      @nss_base_passwd  = settings["nss_base_passwd"] || ""
+      @nss_base_shadow  = settings["nss_base_shadow"] || ""
+      @nss_base_group   = settings["nss_base_group"] || ""
+      @nss_base_automount = settings["nss_base_automount"] || ""
+      @member_attribute = settings["member_attribute"] || "member"
+      @tls_cacertdir    = settings["tls_cacertdir"] || ""
+      @tls_cacertfile   = settings["tls_cacertfile"] || ""
+      @tls_checkpeer    = settings["tls_checkpeer"] || "yes"
+      @sssd_ldap_schema = settings["sssd_ldap_schema"] || @sssd_ldap_schema
+      @krb5_realm       = settings["krb5_realm"] || @krb5_realm
+
+      # krb5_kdcip is obsoleted key - check for it if the profile is not new enough
+      @krb5_server      = settings["krb5_server"] || settings["krb5_kdcip"] || @krb5_server
+
+      @required_packages.push("autofs") if @_start_autofs
+
+      @old_base_dn              = @base_dn
+      @old_server               = @server
+      @old_member_attribute     = @member_attribute
+      @modified                 = true
+      @openldap_modified        = true
       nil
     end
 
@@ -513,7 +495,7 @@ def Export
       end
       Ops.set(e, "start_autofs", @_start_autofs) if @_autofs_allowed
       Ops.set(e, "krb5_realm", @krb5_realm) if @krb5_realm != ""
-      Ops.set(e, "krb5_kdcip", @krb5_kdcip) if @krb5_kdcip != ""
+      Ops.set(e, "krb5_server", @krb5_server) if @krb5_server != ""
       if @sssd_ldap_schema != "rfc2307bis"
         Ops.set(e, "sssd_ldap_schema", @sssd_ldap_schema)
       end
@@ -642,7 +624,7 @@ def ReadKrb5Conf
         :to   => "list <string>"
       )
       kdcs = [] if kdcs == nil
-      @krb5_kdcip = Builtins.mergestring(kdcs, ",")
+      @krb5_server = Builtins.mergestring(kdcs, ",")
 
       true
     end
@@ -799,8 +781,7 @@ def Read
         @sssd = false
       else
         # ... or as 'sssd'
-        @sssd = Builtins.contains(Ops.get_list(@nsswitch, "passwd", []), "sss")
-        @start = @sssd
+        @start  = Builtins.contains(Ops.get_list(@nsswitch, "passwd", []), "sss")
       end
 
       # nothing is configured, but some packages are installed
@@ -984,8 +965,8 @@ def Read
         domain = Builtins.add(path(".etc.sssd_conf.v"), "domain/default")
         realm = Convert.to_string(SCR.Read(Builtins.add(domain, "krb5_realm")))
         @krb5_realm = realm if realm != nil
-        kdc = Convert.to_string(SCR.Read(Builtins.add(domain, "krb5_kdcip")))
-        @krb5_kdcip = kdc if kdc != nil
+        kdc = Convert.to_string(SCR.Read(Builtins.add(domain, "krb5_server")))
+        @krb5_server = kdc if kdc != nil
         schema = Convert.to_string(
           SCR.Read(Builtins.add(domain, "ldap_schema"))
         )
@@ -1026,7 +1007,7 @@ def Read
         )
         @nss_base_automount = autofs_base if autofs_base != nil
       end
-      @sssd_with_krb = true if @krb5_realm != "" && @krb5_kdcip != ""
+      @sssd_with_krb = true if @krb5_realm != "" && @krb5_server != ""
 
       # Now check if previous configuration of LDAP server didn't proposed
       # some better values:
@@ -2429,7 +2410,7 @@ def WriteSSSDConfig
         SCR.Write(Builtins.add(domain, "chpass_provider"), "krb5")
 
         SCR.Write(Builtins.add(domain, "krb5_realm"), @krb5_realm)
-        SCR.Write(Builtins.add(domain, "krb5_kdcip"), @krb5_kdcip)
+        SCR.Write(Builtins.add(domain, "krb5_server"), @krb5_server)
       else
         SCR.Write(Builtins.add(domain, "chpass_provider"), "ldap")
         SCR.Write(Builtins.add(domain, "auth_provider"), "ldap")
@@ -3438,7 +3419,7 @@ def RestartSSHD(restart)
     publish :variable => :sssd_cache_credentials, :type => "boolean"
     publish :variable => :sssd_with_krb, :type => "boolean"
     publish :variable => :krb5_realm, :type => "string"
-    publish :variable => :krb5_kdcip, :type => "string"
+    publish :variable => :krb5_server, :type => "string"
     publish :variable => :sssd_ldap_schema, :type => "string"
     publish :variable => :sssd_enumerate, :type => "boolean"
     publish :variable => :ldap_error_hints, :type => "map"

testsuite/tests/Export.out

@@ -21,4 +21,4 @@ Read	.etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"]
 Read	.etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"]
 Return	true
 Dump	============================================
-Return	$["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":false, "sssd_with_krb":true, "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
+Return	$["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":false, "sssd_with_krb":true, "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]

testsuite/tests/Export2.out

@@ -19,7 +19,7 @@ Read	.passwd.passwd.pluslines ["+"]
 Read	.etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"]
 Read	.etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"]
 Read	.etc.sssd_conf.v."domain/default"."krb5_realm" "SUSE.CZ"
-Read	.etc.sssd_conf.v."domain/default"."krb5_kdcip" "kdc.suse.cz"
+Read	.etc.sssd_conf.v."domain/default"."krb5_server" "kdc.suse.cz"
 Read	.etc.sssd_conf.v."domain/default"."ldap_schema" "rfc2307"
 Read	.etc.sssd_conf.v."domain/default"."cache_credentials" "true"
 Read	.etc.sssd_conf.v."domain/default"."enumerate" "true"
@@ -28,4 +28,4 @@ Read	.etc.sssd_conf.v."domain/default"."ldap_user_search_base" "ou=users,dc=suse
 Read	.etc.sssd_conf.v."domain/default"."ldap_group_search_base" nil
 Read	.etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil
 Return	true
-Return	$["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":true, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "nss_base_passwd":"ou=users,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
+Return	$["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":true, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "nss_base_passwd":"ou=users,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]

testsuite/tests/Export2.rb

@@ -52,7 +52,7 @@ def main
             "v" => {
               "domain/default" => {
                 "krb5_realm"             => "SUSE.CZ",
-                "krb5_kdcip"             => "kdc.suse.cz",
+                "krb5_server"             => "kdc.suse.cz",
                 "ldap_schema"            => "rfc2307",
                 "cache_credentials"      => "true",
                 "enumerate"              => "true",

testsuite/tests/Export3.out

@@ -19,7 +19,7 @@ Read	.passwd.passwd.pluslines ["+"]
 Read	.etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"]
 Read	.etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz", "kdc.suse.de"]
 Read	.etc.sssd_conf.v."domain/default"."krb5_realm" "SUSE.CZ"
-Read	.etc.sssd_conf.v."domain/default"."krb5_kdcip" nil
+Read	.etc.sssd_conf.v."domain/default"."krb5_server" nil
 Read	.etc.sssd_conf.v."domain/default"."ldap_schema" "rfc2307"
 Read	.etc.sssd_conf.v."domain/default"."cache_credentials" "true"
 Read	.etc.sssd_conf.v."domain/default"."enumerate" "true"
@@ -28,4 +28,4 @@ Read	.etc.sssd_conf.v."domain/default"."ldap_user_search_base" nil
 Read	.etc.sssd_conf.v."domain/default"."ldap_group_search_base" "ou=group,dc=suse,dc=cz"
 Read	.etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil
 Return	true
-Return	$["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz,kdc.suse.de", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
+Return	$["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz,kdc.suse.de", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]

testsuite/tests/Export3.rb

@@ -53,7 +53,7 @@ def main
               "domain/default" => {
                 "krb5_realm"             => "SUSE.CZ",
                 # this ensures kdc is read from krb5.conf
-                "krb5_kdcip"             => nil,
+                "krb5_server"             => nil,
                 "ldap_schema"            => "rfc2307",
                 "cache_credentials"      => "true",
                 "enumerate"              => "true",