|
Tomas Mraz |
82fbb8 |
diff -up authconfig-7.0.1/authinfo.py.nss-update authconfig-7.0.1/authinfo.py
|
|
Tomas Mraz |
82fbb8 |
--- authconfig-7.0.1/authinfo.py.nss-update 2017-05-16 14:55:45.294736031 +0200
|
|
Tomas Mraz |
82fbb8 |
+++ authconfig-7.0.1/authinfo.py 2017-07-20 11:34:11.332143359 +0200
|
|
Tomas Mraz |
82fbb8 |
@@ -93,9 +93,7 @@ PATH_SEBOOL = "/usr/sbin/setsebool"
|
|
Tomas Mraz |
82fbb8 |
PATH_SCEVENTD = "/usr/bin/pkcs11_eventmgr"
|
|
Tomas Mraz |
82fbb8 |
PATH_SCSETUP = "/usr/bin/pkcs11_setup"
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
-PATH_LIBNSS_LDAP = "/usr" + LIBDIR + "/libnss_ldap.so.2"
|
|
Tomas Mraz |
82fbb8 |
-if not os.path.isfile(PATH_LIBNSS_LDAP):
|
|
Tomas Mraz |
82fbb8 |
- PATH_LIBNSS_LDAP = LIBDIR + "/libnss_ldap.so.2"
|
|
Tomas Mraz |
82fbb8 |
+PATH_LIBNSS_LDAP = LIBDIR + "/libnss_ldap.so.2"
|
|
Tomas Mraz |
82fbb8 |
PATH_LIBNSS_NIS = LIBDIR + "/libnss_nis.so.2"
|
|
Tomas Mraz |
82fbb8 |
PATH_LIBNSS_WINBIND = LIBDIR + "/libnss_winbind.so.2"
|
|
Tomas Mraz |
82fbb8 |
PATH_LIBNSS_SSS = LIBDIR + "/libnss_sss.so.2"
|
|
Tomas Mraz |
82fbb8 |
@@ -107,7 +105,7 @@ PATH_PAM_PKCS11 = AUTH_MODULE_DIR + "/pa
|
|
Tomas Mraz |
82fbb8 |
PATH_PAM_FPRINTD = AUTH_MODULE_DIR + "/pam_fprintd.so"
|
|
Tomas Mraz |
82fbb8 |
PATH_PAM_SSS = AUTH_MODULE_DIR + "/pam_sss.so"
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
-PATH_LIBSSS_AUTOFS = "/usr" + LIBDIR + "/sssd/modules/libsss_autofs.so"
|
|
Tomas Mraz |
82fbb8 |
+PATH_LIBSSS_AUTOFS = LIBDIR + "/sssd/modules/libsss_autofs.so"
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
PATH_WINBIND_NET = "/usr/bin/net"
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
@@ -213,10 +211,10 @@ def checkNSS(configuration, candidate):
|
|
Tomas Mraz |
82fbb8 |
start = configuration.find(candidate, start)
|
|
Tomas Mraz |
82fbb8 |
if start < 0:
|
|
Tomas Mraz |
82fbb8 |
return None
|
|
Tomas Mraz |
82fbb8 |
- if start > 0 and configuration[start-1].isalnum():
|
|
Tomas Mraz |
82fbb8 |
+ if start > 0 and not configuration[start-1].isspace():
|
|
Tomas Mraz |
82fbb8 |
start += clen
|
|
Tomas Mraz |
82fbb8 |
continue
|
|
Tomas Mraz |
82fbb8 |
- if start+clen < len(configuration) and configuration[start+clen].isalnum():
|
|
Tomas Mraz |
82fbb8 |
+ if start+clen < len(configuration) and not configuration[start+clen].isspace():
|
|
Tomas Mraz |
82fbb8 |
start += clen
|
|
Tomas Mraz |
82fbb8 |
continue
|
|
Tomas Mraz |
82fbb8 |
return start
|
|
Tomas Mraz |
82fbb8 |
@@ -1293,10 +1291,12 @@ class AuthInfo:
|
|
Tomas Mraz |
82fbb8 |
self.enableMDNS = None
|
|
Tomas Mraz |
82fbb8 |
self.enableMyhostname = None
|
|
Tomas Mraz |
82fbb8 |
self.preferDNSinHosts = None
|
|
Tomas Mraz |
82fbb8 |
+ self.preferSSSinNsswitch = True
|
|
Tomas Mraz |
82fbb8 |
self.enableSSSD = None
|
|
Tomas Mraz |
82fbb8 |
- # This one we don't have a config entry, we just
|
|
Tomas Mraz |
82fbb8 |
+ # For these we don't have a config entry, we just
|
|
Tomas Mraz |
82fbb8 |
# preserve the entry if we see it.
|
|
Tomas Mraz |
82fbb8 |
self.enableAltfiles = None
|
|
Tomas Mraz |
82fbb8 |
+ self.enableSystemd = None
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
# Authentication setup.
|
|
Tomas Mraz |
82fbb8 |
self.enableNullOk = True
|
|
Tomas Mraz |
82fbb8 |
@@ -1394,8 +1394,9 @@ class AuthInfo:
|
|
Tomas Mraz |
82fbb8 |
("winbindSeparator", "c"), ("winbindTemplateHomedir", "c"), ("winbindTemplateShell", "c"),
|
|
Tomas Mraz |
82fbb8 |
("winbindUseDefaultDomain", "b"), ("winbindOffline", "b"), ("winbindKrb5", "b")]),
|
|
Tomas Mraz |
82fbb8 |
SaveGroup(self.writeNSS, None, [("enableWinbind", "b"), ("enableNIS", "b"), ("enableNIS3", "b"),
|
|
Tomas Mraz |
82fbb8 |
- ("enableLDAP", "b"), ("enableMDNS", "b"), ("enableMyhostname", "b"),
|
|
Tomas Mraz |
82fbb8 |
- ("enableSSSD", "b"), ("preferDNSinHosts", "b"), ("implicitSSSD", "b")]),
|
|
Tomas Mraz |
82fbb8 |
+ ("enableLDAP", "b"), ("enableMDNS", "b"), ("enableMyhostname", "b"), ("enableSystemd", "b"),
|
|
Tomas Mraz |
82fbb8 |
+ ("enableAltfiles", "b"), ("enableSSSD", "b"), ("preferDNSinHosts", "b"), ("implicitSSSD", "b"),
|
|
Tomas Mraz |
82fbb8 |
+ ("preferSSSinNsswitch", "b")]),
|
|
Tomas Mraz |
82fbb8 |
SaveGroup(self.writePAM, None, [("pwqualityArgs", "c"), ("passwdqcArgs", "c"),
|
|
Tomas Mraz |
82fbb8 |
("faillockArgs", "c"), ("enableFaillock", "b"),
|
|
Tomas Mraz |
82fbb8 |
("localuserArgs", "c"), ("pamAccessArgs", "c"), ("enablePAMAccess", "b"),
|
|
Tomas Mraz |
82fbb8 |
@@ -1984,9 +1985,9 @@ class AuthInfo:
|
|
Tomas Mraz |
82fbb8 |
# some modules can be found in hosts only
|
|
Tomas Mraz |
82fbb8 |
value = matchKey(line, "hosts:")
|
|
Tomas Mraz |
82fbb8 |
if value:
|
|
Tomas Mraz |
82fbb8 |
- if checkNSS(value, "mdns4_minimal [NOTFOUND=return]"):
|
|
Tomas Mraz |
82fbb8 |
+ if checkNSS(value, "mdns4_minimal [NOTFOUND=return]") != None:
|
|
Tomas Mraz |
82fbb8 |
self.setParam("enableMDNS", True, ref)
|
|
Tomas Mraz |
82fbb8 |
- if checkNSS(value, "myhostname"):
|
|
Tomas Mraz |
82fbb8 |
+ if checkNSS(value, "myhostname") != None:
|
|
Tomas Mraz |
82fbb8 |
self.setParam("enableMyhostname", True, ref)
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
nispos = checkNSS(value, "nis")
|
|
Tomas Mraz |
82fbb8 |
@@ -1996,12 +1997,14 @@ class AuthInfo:
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
if nssconfig:
|
|
Tomas Mraz |
82fbb8 |
nssmap = (('LDAP', 'ldap'), ('NIS', 'nis'), ('Altfiles', 'altfiles'),
|
|
Tomas Mraz |
82fbb8 |
- ('NIS3', 'nisplus'), ('Winbind', 'winbind'))
|
|
Tomas Mraz |
82fbb8 |
+ ('NIS3', 'nisplus'), ('Winbind', 'winbind'), ('Systemd', 'systemd'))
|
|
Tomas Mraz |
82fbb8 |
for attr, nssentry in nssmap:
|
|
Tomas Mraz |
82fbb8 |
- if checkNSS(nssconfig, nssentry):
|
|
Tomas Mraz |
82fbb8 |
+ if checkNSS(nssconfig, nssentry) != None:
|
|
Tomas Mraz |
82fbb8 |
self.setParam('enable' + attr, True, ref)
|
|
Tomas Mraz |
82fbb8 |
-
|
|
Tomas Mraz |
82fbb8 |
- self.setParam("implicitSSSD", bool(checkNSS(nssconfig, "sss")), ref)
|
|
Tomas Mraz |
82fbb8 |
+ ssspos = checkNSS(nssconfig, "sss")
|
|
Tomas Mraz |
82fbb8 |
+ self.setParam("implicitSSSD", ssspos != None, ref)
|
|
Tomas Mraz |
82fbb8 |
+ if ssspos != None:
|
|
Tomas Mraz |
82fbb8 |
+ self.setParam("preferSSSinNsswitch", ssspos == 0, ref)
|
|
Tomas Mraz |
82fbb8 |
f.close()
|
|
Tomas Mraz |
82fbb8 |
return True
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
@@ -3504,8 +3507,12 @@ class AuthInfo:
|
|
Tomas Mraz |
82fbb8 |
if self.enableNIS:
|
|
Tomas Mraz |
82fbb8 |
normal += " nis"
|
|
Tomas Mraz |
82fbb8 |
if self.enableSSSD or self.implicitSSSD:
|
|
Tomas Mraz |
82fbb8 |
- normal += " sss"
|
|
Tomas Mraz |
82fbb8 |
- services += " sss"
|
|
Tomas Mraz |
82fbb8 |
+ if self.preferSSSinNsswitch:
|
|
Tomas Mraz |
82fbb8 |
+ normal = "sss " + normal
|
|
Tomas Mraz |
82fbb8 |
+ services = "sss " + services
|
|
Tomas Mraz |
82fbb8 |
+ else:
|
|
Tomas Mraz |
82fbb8 |
+ normal += " sss"
|
|
Tomas Mraz |
82fbb8 |
+ services += " sss"
|
|
Tomas Mraz |
82fbb8 |
if self.enableLDAP and not self.implicitSSSD:
|
|
Tomas Mraz |
82fbb8 |
normal += " ldap"
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
@@ -3516,6 +3523,9 @@ class AuthInfo:
|
|
Tomas Mraz |
82fbb8 |
users = normal
|
|
Tomas Mraz |
82fbb8 |
if self.enableWinbind:
|
|
Tomas Mraz |
82fbb8 |
users += " winbind"
|
|
Tomas Mraz |
82fbb8 |
+ shadow = normal
|
|
Tomas Mraz |
82fbb8 |
+ if self.enableSystemd:
|
|
Tomas Mraz |
82fbb8 |
+ users += " systemd"
|
|
Tomas Mraz |
82fbb8 |
|
|
Tomas Mraz |
82fbb8 |
# Adjust automount from normal.
|
|
Tomas Mraz |
82fbb8 |
automount = normal
|
|
Tomas Mraz |
82fbb8 |
@@ -3558,7 +3568,7 @@ class AuthInfo:
|
|
Tomas Mraz |
82fbb8 |
elif matchLine(ls, "shadow:"):
|
|
Tomas Mraz |
82fbb8 |
if not wroteshadow:
|
|
Tomas Mraz |
82fbb8 |
output += "shadow: "
|
|
Tomas Mraz |
82fbb8 |
- output += users
|
|
Tomas Mraz |
82fbb8 |
+ output += shadow
|
|
Tomas Mraz |
82fbb8 |
output += "\n"
|
|
Tomas Mraz |
82fbb8 |
wroteshadow = True
|
|
Tomas Mraz |
82fbb8 |
# If it's a 'group' line, insert ours instead.
|
|
Tomas Mraz |
82fbb8 |
@@ -3613,7 +3623,7 @@ class AuthInfo:
|
|
Tomas Mraz |
82fbb8 |
output += "\n"
|
|
Tomas Mraz |
82fbb8 |
if not wroteshadow:
|
|
Tomas Mraz |
82fbb8 |
output += "shadow: "
|
|
Tomas Mraz |
82fbb8 |
- output += users
|
|
Tomas Mraz |
82fbb8 |
+ output += shadow
|
|
Tomas Mraz |
82fbb8 |
output += "\n"
|
|
Tomas Mraz |
82fbb8 |
if not wrotegroup:
|
|
Tomas Mraz |
82fbb8 |
output += "group: "
|