From 4a3f2ca5b2a4e542c3391b79f4976db2b353a67a Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Jan 17 2014 14:41:49 +0000 Subject: avoid traceback when switching LDAP off in GUI - restart only services with changed configuration --- diff --git a/authconfig-6.2.8-norestart.patch b/authconfig-6.2.8-norestart.patch new file mode 100644 index 0000000..f49b8d9 --- /dev/null +++ b/authconfig-6.2.8-norestart.patch @@ -0,0 +1,349 @@ +diff -up authconfig-6.2.8/authinfo.py.norestart authconfig-6.2.8/authinfo.py +--- authconfig-6.2.8/authinfo.py.norestart 2014-01-17 15:35:09.000000000 +0100 ++++ authconfig-6.2.8/authinfo.py 2014-01-17 15:37:45.085207188 +0100 +@@ -80,11 +80,6 @@ PATH_PWCONV = "/usr/sbin/pwconv" + PATH_RPCBIND = "/sbin/rpcbind" + PATH_NSCD = "/usr/sbin/nscd" + PATH_NSLCD = "/usr/sbin/nslcd" +-PATH_DBBIND = "/usr/sbin/dbbind" +-PATH_DBIBIND = "/usr/sbin/dbibind" +-PATH_HESIODBIND = "/usr/sbin/hesiodbind" +-PATH_LDAPBIND = "/usr/sbin/ldapbind" +-PATH_ODBCBIND = "/usr/sbin/odbcbind" + PATH_WINBIND = "/usr/sbin/winbindd" + PATH_SSSD = "/usr/sbin/sssd" + PATH_YPBIND = "/usr/sbin/ypbind" +@@ -848,77 +843,13 @@ try: + except OSError: + Service = SysVInitService() + +-def toggleCachingService(enableCaching, nostart, onlystart): +- if not nostart: +- if enableCaching: +- if not onlystart: +- Service.stop("nscd") +- Service.start("nscd") +- else: +- try: +- Service.stop("nscd") +- except OSError: +- pass +- return True +- +-def toggleNisService(enableNis, nisDomain, nostart, onlystart): +- if enableNis and nisDomain: +- if not nostart: +- os.system("/bin/domainname " + nisDomain) +- try: +- os.system("[[ $(getsebool allow_ypbind) == *off* ]] && setsebool -P allow_ypbind 1") +- os.stat(PATH_RPCBIND) +- Service.enable("rpcbind") +- if not nostart: +- Service.start("rpcbind") +- except OSError: +- pass +- try: +- os.stat(PATH_YPBIND) +- Service.enable("ypbind") +- if not nostart: +- if not onlystart: +- Service.stop("ypbind") +- Service.start("ypbind") +- except OSError: +- pass +- else: +- if not nostart: +- os.system("/bin/domainname \"(none)\"") +- try: +- os.system("[[ $(getsebool allow_ypbind) == *on* ]] && setsebool -P allow_ypbind 0") +- os.stat(PATH_YPBIND) +- if not nostart: +- try: +- Service.stop("ypbind") +- except OSError: +- pass +- Service.disable("ypbind") +- except OSError: +- pass +- return True +- +-def toggleLDAPService(enableLDAP): +- if enableLDAP: +- try: +- os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *off* ]] && setsebool -P authlogin_nsswitch_use_ldap 1") +- except OSError: +- pass +- else: +- try: +- os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *on* ]] && setsebool -P authlogin_nsswitch_use_ldap 0") +- except OSError: +- pass +- return True +- +-def toggleSplatbindService(enable, path, name, nostart, onlystart): ++def toggleSplatbindService(enable, path, name, nostart): + if enable: + try: + os.stat(path) + Service.enable(name) + if not nostart: +- if not onlystart: +- Service.stop(name) ++ Service.stop(name) + Service.start(name) + except OSError: + pass +@@ -1055,8 +986,9 @@ def read(msgcb): + return info + + class SaveGroup: +- def __init__(self, savefunc, attrlist): ++ def __init__(self, savefunc, togglefunc, attrlist): + self.saveFunction = savefunc ++ self.toggleFunction = togglefunc + self.attrlist = attrlist + + def attrsDiffer(self, a, b): +@@ -1429,49 +1361,49 @@ class AuthInfo: + self.sssdConfig = None + self.sssdDomain = None + self.forceSSSDUpdate = None +- self.confChanged = False + if SSSDConfig: + try: + self.sssdConfig = SSSDConfig.SSSDConfig() + self.sssdConfig.new_config() + except IOError: + pass ++ self.toggleFunctions = set() + self.save_groups = [ +- SaveGroup(self.writeCache, [("enableCache", "b"), ("implicitSSSD", "b")]), +- SaveGroup(self.writeHesiod, [("hesiodLHS", "i"), ("hesiodRHS", "i")]), +- SaveGroup(self.writeNIS, [("nisDomain", "c"), ("nisLocalDomain", "c"), ("nisServer", "c")]), +- SaveGroup(self.writeLDAP, [("ldapServer", "i"), ("ldapBaseDN", "c"), ("enableLDAPS", "b"), ++ SaveGroup(self.writeCache, self.toggleCachingService, [("enableCache", "b"), ("implicitSSSD", "b")]), ++ SaveGroup(self.writeHesiod, None, [("hesiodLHS", "i"), ("hesiodRHS", "i")]), ++ SaveGroup(self.writeNIS, self.toggleNisService, [("nisDomain", "c"), ("nisLocalDomain", "c"), ("nisServer", "c")]), ++ SaveGroup(self.writeLDAP, None, [("ldapServer", "i"), ("ldapBaseDN", "c"), ("enableLDAPS", "b"), + ("ldapSchema", "c"), ("ldapCacertDir", "c"), ("passwordAlgorithm", "i")]), +- SaveGroup(self.writeLibuser, [("passwordAlgorithm", "i")]), +- SaveGroup(self.writeLogindefs, [("passwordAlgorithm", "i")]), # for now we do not rewrite uidMin +- SaveGroup(self.writePWQuality, [("passMinLen", "c"), ("passMinClass", "c"), ++ SaveGroup(self.writeLibuser, None, [("passwordAlgorithm", "i")]), ++ SaveGroup(self.writeLogindefs, None, [("passwordAlgorithm", "i")]), # for now we do not rewrite uidMin ++ SaveGroup(self.writePWQuality, None, [("passMinLen", "c"), ("passMinClass", "c"), + ("passMaxRepeat", "c"), ("passMaxClassRepeat", "c"), ("passReqLower", "b"), + ("passReqUpper", "b"), ("passReqDigit", "b"), ("passReqOther", "b")]), +- SaveGroup(self.writeKerberos, [("kerberosRealm", "c"), ("kerberosKDC", "i"), ++ SaveGroup(self.writeKerberos, None, [("kerberosRealm", "c"), ("kerberosKDC", "i"), + ("smbSecurity", "i"), ("smbRealm", "c"), ("smbServers", "i"), + ("kerberosAdminServer", "i"), ("kerberosRealmviaDNS", "b"), + ("kerberosKDCviaDNS", "b")]), +- SaveGroup(self.writeSSSD, [("ldapServer", "i"), ("ldapBaseDN", "c"), ("enableLDAPS", "b"), ++ SaveGroup(self.writeSSSD, self.toggleSSSDService, [("ldapServer", "i"), ("ldapBaseDN", "c"), ("enableLDAPS", "b"), + ("ldapSchema", "c"), ("ldapCacertDir", "c"), ("enableCacheCreds", "b"), + ("kerberosRealm", "c"), ("kerberosKDC", "i"), ("kerberosAdminServer", "i"), + ("forceSSSDUpdate", "b"), ("enableLDAP", "b"), ("enableKerberos", "b"), + ("enableLDAPAuth", "b"), ("enableIPAv2", "b")]), +- SaveGroup(self.writeSmartcard, [("smartcardAction", "i"), ("smartcardModule", "c")]), +- SaveGroup(self.writeDConf, [("smartcardAction", "i"), ("smartcardModule", "c"), ++ SaveGroup(self.writeSmartcard, None, [("smartcardAction", "i"), ("smartcardModule", "c")]), ++ SaveGroup(self.writeDConf, None, [("smartcardAction", "i"), ("smartcardModule", "c"), + ("enableFprintd", "b"), ("enableSmartcard", "b"), ("forceSmartcard", "b")]), +- SaveGroup(self.writeWinbind, [("smbWorkgroup", "i"), ("smbServers", "i"), ++ SaveGroup(self.writeWinbind, self.toggleWinbindService, [("smbWorkgroup", "i"), ("smbServers", "i"), + ("smbRealm", "c"), ("smbSecurity", "i"), ("smbIdmapRange", "i"), + ("winbindSeparator", "c"), ("winbindTemplateHomedir", "c"), + ("winbindTemplatePrimaryGroup", "c"), ("winbindTemplateShell", "c"), + ("winbindUseDefaultDomain", "b"), ("winbindOffline", "b"), ("winbindKrb5", "b")]), +- SaveGroup(self.writeNSS, [("enableDB", "b"), ("enableDirectories", "b"), ("enableWinbind", "b"), ++ SaveGroup(self.writeNSS, None, [("enableDB", "b"), ("enableDirectories", "b"), ("enableWinbind", "b"), + ("enableOdbcbind", "b"), ("enableNIS3", "b"), ("enableNIS", "b"), + ("enableLDAPbind", "b"), ("enableLDAP", "b"), ("enableHesiodbind", "b"), + ("enableHesiod", "b"), ("enableDBIbind", "b"), ("enableDBbind", "b"), + ("enableCompat", "b"), ("enableWINS", "b"), ("enableMDNS", "b"), + ("enableNIS3", "b"), ("enableNIS", "b"), ("enableIPAv2", "b"), + ("enableSSSD", "b"), ("preferDNSinHosts", "b"), ("implicitSSSD", "b")]), +- SaveGroup(self.writePAM, [("pwqualityArgs", "c"), ("passwdqcArgs", "c"), ++ SaveGroup(self.writePAM, None, [("pwqualityArgs", "c"), ("passwdqcArgs", "c"), + ("localuserArgs", "c"), ("pamAccessArgs", "c"), ("enablePAMAccess", "b"), + ("mkhomedirArgs", "c"), ("enableMkHomeDir", "b"), ("algoRounds", "c"), + ("passwordAlgorithm", "i"), ("enableShadow", "b"), ("enableNIS", "b"), +@@ -1484,7 +1416,7 @@ class AuthInfo: + ("winbindOffline", "b"), ("winbindKrb5", "b"), + ("enableSSSDAuth", "b"), ("enableFprintd", "b"), ("pamLinked", "b"), + ("implicitSSSDAuth", "b"), ("systemdArgs", "c"), ("uidMin", "i"), ("enableIPAv2", "b")]), +- SaveGroup(self.writeSysconfig, [("passwordAlgorithm", "i"), ("enableShadow", "b"), ("enableNIS", "b"), ++ SaveGroup(self.writeSysconfig, None, [("passwordAlgorithm", "i"), ("enableShadow", "b"), ("enableNIS", "b"), + ("enableLDAP", "b"), ("enableLDAPAuth", "b"), ("enableKerberos", "b"), + ("enableEcryptfs", "b"), ("enableSmartcard", "b"), ("forceSmartcard", "b"), + ("enableWinbindAuth", "b"), ("enableWinbind", "b"), ("winbindKrb5", "b"), ("enableDB", "b"), +@@ -1494,8 +1426,14 @@ class AuthInfo: + ("enableSSSD", "b"), ("enableSSSDAuth", "b"), ("enableForceLegacy", "b"), + ("ipav2Server", "i"), ("ipav2Domain", "i"), ("ipav2Realm", "c"), + ("enableIPAv2", "b"), ("ipaDomainJoined", "b"), ("ipav2NoNTP", "b")]), +- SaveGroup(self.writeNetwork, [("nisDomain", "c")]), +- SaveGroup(self.toggleShadow, [("enableShadow", "b")])] ++ SaveGroup(self.writeNetwork, None, [("nisDomain", "c")]), ++ SaveGroup(self.toggleShadow, None, [("enableShadow", "b")]), ++ SaveGroup(None, self.toggleNisService, [("enableNIS", "b")]), ++ SaveGroup(None, self.toggleOddjobService, [("enableMkHomeDir", "b")]), ++ SaveGroup(None, self.toggleLDAPService, [("enableLDAP", "b"), ("enableLDAPAuth", "b")]), ++ SaveGroup(None, self.toggleSSSDService, [("implicitSSSD", "b"), ("implicitSSSDAuth", "b"), ++ ("enableIPAv2", "b"), ("enableSSSD", "b"), ("enableSSSDAuth", "b")]), ++ SaveGroup(None, self.toggleWinbindService, [("enableWinbind", "b"), ("enableWinbindAuth", "b")])] + + def setParam(self, attr, value, ref): + oldval = getattr(self, attr) +@@ -4049,7 +3987,6 @@ class AuthInfo: + self.update() + self.prewriteUpdate() + self.setupBackup(PATH_CONFIG_BACKUPS + "/last") +- self.confChanged = True + try: + ret = self.writeLibuser() + ret = ret and self.writeLogindefs() +@@ -4080,6 +4017,9 @@ class AuthInfo: + except (OSError, IOError): + sys.stderr.write(str(sys.exc_info()[1]) + "\n") + return False ++ for group in self.save_groups: ++ if group.toggleFunction: ++ self.toggleFunctions.add(group.toggleFunction) + return ret + + def writeChanged(self, ref): +@@ -4091,8 +4031,10 @@ class AuthInfo: + try: + for group in self.save_groups: + if group.attrsDiffer(self, ref): +- self.confChanged = True +- ret = ret and group.saveFunction() ++ if group.saveFunction: ++ ret = ret and group.saveFunction() ++ if group.toggleFunction: ++ self.toggleFunctions.add(group.toggleFunction) + except (OSError, IOError): + sys.stderr.write(str(sys.exc_info()[1]) + "\n") + return False +@@ -4326,44 +4268,93 @@ class AuthInfo: + cmd = PATH_IPA_CLIENT_INSTALL + " --uninstall --noac" + os.system(cmd) + +- def post(self, nostart): +- onlystart = not self.confChanged +- toggleNisService(self.enableNIS, self.nisDomain, nostart, onlystart) +- toggleLDAPService(self.enableLDAP or self.enableLDAPAuth) ++ def toggleCachingService(self, nostart): ++ if not nostart: ++ if self.enableCache: ++ Service.stop("nscd") ++ Service.start("nscd") ++ else: ++ try: ++ Service.stop("nscd") ++ except OSError: ++ pass ++ return True ++ def toggleNisService(self, nostart): ++ if self.enableNis and self.nisDomain: ++ if not nostart: ++ os.system("/bin/domainname " + self.nisDomain) ++ try: ++ os.system("[[ $(getsebool allow_ypbind) == *off* ]] && setsebool -P allow_ypbind 1") ++ os.stat(PATH_RPCBIND) ++ Service.enable("rpcbind") ++ if not nostart: ++ Service.start("rpcbind") ++ except OSError: ++ pass ++ try: ++ os.stat(PATH_YPBIND) ++ Service.enable("ypbind") ++ if not nostart: ++ Service.stop("ypbind") ++ Service.start("ypbind") ++ except OSError: ++ pass ++ else: ++ if not nostart: ++ os.system("/bin/domainname \"(none)\"") ++ try: ++ os.system("[[ $(getsebool allow_ypbind) == *on* ]] && setsebool -P allow_ypbind 0") ++ os.stat(PATH_YPBIND) ++ if not nostart: ++ try: ++ Service.stop("ypbind") ++ except OSError: ++ pass ++ Service.disable("ypbind") ++ except OSError: ++ pass ++ return True ++ ++ def toggleLDAPService(self, nostart): ++ toggleSplatbindService((self.enableLDAP or self.enableLDAPAuth) and ++ not self.implicitSSSD, ++ PATH_NSLCD, ++ "nslcd", nostart) ++ if self.enableLDAP: ++ try: ++ os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *off* ]] && setsebool -P authlogin_nsswitch_use_ldap 1") ++ except OSError: ++ pass ++ else: ++ try: ++ os.system("[[ $(getsebool authlogin_nsswitch_use_ldap) == *on* ]] && setsebool -P authlogin_nsswitch_use_ldap 0") ++ except OSError: ++ pass ++ return True ++ ++ def toggleWinbindService(self, nostart): + toggleSplatbindService(self.enableWinbind or self.enableWinbindAuth, + PATH_WINBIND, +- "winbind", nostart, onlystart) ++ "winbind", nostart) ++ ++ def toggleSSSDService(self, nostart): + toggleSplatbindService(self.implicitSSSD or self.implicitSSSDAuth or + self.enableIPAv2 or self.enableSSSD or self.enableSSSDAuth, + PATH_SSSD, + "sssd", nostart or not (self.implicitSSSD or self.implicitSSSDAuth +- or self.enableIPAv2), onlystart) +- toggleSplatbindService((self.enableLDAP or self.enableLDAPAuth) and +- not self.implicitSSSD, +- PATH_NSLCD, +- "nslcd", nostart, onlystart) +- toggleSplatbindService(self.enableDBbind, +- PATH_DBBIND, +- "dbbind", nostart, onlystart) +- toggleSplatbindService(self.enableDBIbind, +- PATH_DBIBIND, +- "dbibind", nostart, onlystart) +- toggleSplatbindService(self.enableHesiodbind, +- PATH_HESIODBIND, +- "hesiodbind", nostart, onlystart) +- toggleSplatbindService(self.enableLDAPbind, +- PATH_LDAPBIND, +- "ldapbind", nostart, onlystart) +- toggleSplatbindService(self.enableOdbcbind, +- PATH_ODBCBIND, +- "odbcbind", nostart, onlystart) ++ or self.enableIPAv2)) ++ ++ def toggleOddjobService(self, nostart): + if self.enableMkHomeDir and os.access("%s/pam_%s.so" + % (AUTH_MODULE_DIR, "oddjob_mkhomedir"), os.X_OK): + # only switch on and only if pam_oddjob_mkhomedir exists + toggleSplatbindService(True, + PATH_ODDJOBD, +- "oddjobd", nostart, onlystart) +- toggleCachingService(self.enableCache, nostart, onlystart) ++ "oddjobd", nostart) ++ ++ def post(self, nostart): ++ for togglefunc in self.toggleFunctions: ++ togglefunc(nostart) + if self.ipaUninstall: + self.uninstallIPA() + diff --git a/authconfig-6.2.8-notraceback.patch b/authconfig-6.2.8-notraceback.patch new file mode 100644 index 0000000..465e094 --- /dev/null +++ b/authconfig-6.2.8-notraceback.patch @@ -0,0 +1,12 @@ +diff -up authconfig-6.2.8/authconfig-gtk.py.notraceback authconfig-6.2.8/authconfig-gtk.py +--- authconfig-6.2.8/authconfig-gtk.py.notraceback 2014-01-17 15:35:09.000000000 +0100 ++++ authconfig-6.2.8/authconfig-gtk.py 2014-01-17 15:38:57.205408031 +0100 +@@ -511,6 +511,8 @@ class Authconfig: + + def is_ldap_URI_valid(self, xml): + ldapserver = xml.get_widget('ldapserver') ++ if not ldapserver: ++ return True + uritovalidate = ldapserver.get_text() + return self.info.validateLDAPURI(uritovalidate) + diff --git a/authconfig.spec b/authconfig.spec index 136b590..9b5c353 100644 --- a/authconfig.spec +++ b/authconfig.spec @@ -1,7 +1,7 @@ Summary: Command line tool for setting up authentication from network services Name: authconfig Version: 6.2.8 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ ExclusiveOS: Linux Group: System Environment/Base @@ -11,6 +11,8 @@ Patch1: authconfig-6.2.6-gdm-nolastlog.patch Patch2: authconfig-6.2.8-no-gnome-screensaver.patch Patch3: authconfig-6.2.8-wait-for-card.patch Patch4: authconfig-6.2.8-translation-updates.patch +Patch5: authconfig-6.2.8-norestart.patch +Patch6: authconfig-6.2.8-notraceback.patch Requires: newt-python, pam >= 0.99.10.0, python, libpwquality > 0.9 Conflicts: pam_krb5 < 1.49, samba-common < 3.0, samba-client < 3.0 Conflicts: nss_ldap < 254, sssd < 0.99.1 @@ -43,6 +45,8 @@ authentication schemes. %patch2 -p1 -b .no-gnome-screensaver %patch3 -p1 -b .card %patch4 -p1 -b .translations +%patch5 -p1 -b .norestart +%patch6 -p1 -b .notraceback %build %configure @@ -125,6 +129,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %{_datadir}/icons/hicolor/256x256/apps/system-config-authentication.* %changelog +* Fri Jan 17 2014 Tomáš Mráz - 6.2.8-4 +- avoid traceback when switching LDAP off in GUI +- restart only services with changed configuration + * Thu Dec 5 2013 Tomáš Mráz - 6.2.8-3 - updated translations - make pam_pkcs11 not ignore the wait_for_card option