From 88d44adcc38a660274ee84f2f1c697a88b5ea0d1 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mar 15 2017 22:32:35 +0000 Subject: Fix empty lines in nsswitch.conf (#1432582) --- diff --git a/0001-Fix-writeNSS-passwd-shadow-and-group-lines.patch b/0001-Fix-writeNSS-passwd-shadow-and-group-lines.patch new file mode 100644 index 0000000..b2ffeb1 --- /dev/null +++ b/0001-Fix-writeNSS-passwd-shadow-and-group-lines.patch @@ -0,0 +1,96 @@ +From 62e7587eb106a3a99f646aeb056b0bca1140d771 Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Wed, 15 Mar 2017 15:21:30 -0700 +Subject: [PATCH] Fix writeNSS passwd, shadow, and group lines + +Between 6.2.10 and 7.0.0, changes to `writeNSS` prevented the +`users` variable being set to anything other than "", so the +`passwd`, `shadow` and `group` lines written by authconfig would +always have no values. + +This fixes that, and rejigs the code a little to be clearer and +avoid needless initialization of variables to the empty string +and leading spaces. +--- + authinfo.py | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/authinfo.py b/authinfo.py +index 3700f79..7109ed9 100644 +--- a/authinfo.py ++++ b/authinfo.py +@@ -3384,9 +3384,6 @@ class AuthInfo: + + # Write NSS setup to /etc/nsswitch.conf. + def writeNSS(self): +- users = "" +- normal = "" +- hosts = "" + wrotepasswd = False + wrotegroup = False + wroteshadow = False +@@ -3402,10 +3399,13 @@ class AuthInfo: + f = SafeFile(all_configs[CFG_NSSWITCH].origPath, 0o644) + + # Determine what we want in that file for most of the databases. +- normal += " files" ++ normal = "files" + if self.enableAltfiles: + normal += " altfiles" ++ ++ # That's all that goes into services. + services = normal ++ + if self.enableNIS3: + normal += " nisplus" + if self.enableNIS: +@@ -3416,20 +3416,25 @@ class AuthInfo: + if self.enableLDAP and not self.implicitSSSD: + normal += " ldap" + ++ # Netgroup is done now. + netgroup = normal + ++ # Adjust users from normal. ++ users = normal + if self.enableWinbind: + users += " winbind" + ++ # Adjust automount from normal. ++ automount = normal + if not os.access(PATH_LIBSSS_AUTOFS, os.R_OK): + # No support for automount in sssd + if self.enableLDAP and self.implicitSSSD: +- normal = normal.replace("sss", "ldap") ++ automount = automount.replace("sss", "ldap") + else: +- normal = normal.replace(" sss", "") ++ automount = automount.replace(" sss", "") + + # Hostnames we treat specially. +- hosts += " files" ++ hosts = "files" + if self.enableMDNS: + hosts += " mdns4_minimal [NOTFOUND=return]" + if self.preferDNSinHosts: +@@ -3487,7 +3492,7 @@ class AuthInfo: + elif matchLine(ls, "automount:"): + if not wroteautomount: + output += "automount: " +- output += normal ++ output += automount + output += "\n" + wroteautomount = True + # If it's a 'hosts' line, insert ours instead. +@@ -3527,7 +3532,7 @@ class AuthInfo: + output += "\n" + if not wroteautomount: + output += "automount: " +- output += normal ++ output += automount + output += "\n" + if not wrotehosts: + output += "hosts: " +-- +2.12.0 + diff --git a/authconfig.spec b/authconfig.spec index 75761e6..6d268a3 100644 --- a/authconfig.spec +++ b/authconfig.spec @@ -1,13 +1,16 @@ Summary: Command line tool for setting up authentication from network services Name: authconfig Version: 7.0.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ ExclusiveOS: Linux Group: System Environment/Base URL: https://pagure.io/authconfig Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2 Patch1: authconfig-6.2.6-gdm-nolastlog.patch +# https://pagure.io/authconfig/pull-request/7 +# Don't write empty lines to nsswitch.conf +Patch2: 0001-Fix-writeNSS-passwd-shadow-and-group-lines.patch Requires: pam >= 0.99.10.0, python3, libpwquality > 0.9 Requires: python3-sssdconfig Conflicts: pam_krb5 < 1.49, samba-common < 3.0, samba-client < 3.0 @@ -28,8 +31,7 @@ system to be a client for certain networked user information and authentication schemes. %prep -%setup -q -n %{name}-%{version} -%patch1 -p1 -b .nolastlog +%autosetup -n %{name}-%{version} -p1 %build %configure --with-python-rev=3 @@ -69,6 +71,9 @@ sed -i 's/pam_mkhomedir.so/pam_oddjob_mkhomedir.so/g' /etc/pam.d/*-auth-ac &>/de %attr(700,root,root) %dir %{_localstatedir}/lib/%{name} %changelog +* Wed Mar 15 2017 Adam Williamson - 7.0.0-2 +- Fix empty passwd, shadow and group lines in nsswitch.conf (#1432582) + * Mon Feb 27 2017 Tomáš Mráz - 7.0.0-1 - dropped authconfig-gtk (system-config-authentication) (no GTK3 support) - dropped authconfig-tui (deprecated long ago)