diff --git a/authconfig-6.2.10-cacertdir.patch b/authconfig-6.2.10-cacertdir.patch index c6dd030..b109ed1 100644 --- a/authconfig-6.2.10-cacertdir.patch +++ b/authconfig-6.2.10-cacertdir.patch @@ -1,15 +1,7 @@ -# HG changeset patch -# User Tomas Mraz -# Date 1427468671 -3600 -# Fri Mar 27 16:04:31 2015 +0100 -# Node ID 8dd359bfc32e9473251571486ef0a29d1c4167a4 -# Parent 1686f4a66f7cd306bd827274970de09a892bfd9e -Make the ldapCacertDir follow the openldap default. - -diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py ---- a/authinfo.py Tue Mar 03 10:24:52 2015 +0100 -+++ b/authinfo.py Fri Mar 27 16:04:31 2015 +0100 -@@ -116,7 +116,7 @@ +diff -up authconfig-6.2.10/authinfo.py.cacertdir authconfig-6.2.10/authinfo.py +--- authconfig-6.2.10/authinfo.py.cacertdir 2015-03-31 10:40:43.321241910 +0200 ++++ authconfig-6.2.10/authinfo.py 2015-03-31 10:52:44.420811832 +0200 +@@ -116,7 +116,7 @@ PATH_LIBSSS_AUTOFS = "/usr" + LIBDIR + " PATH_WINBIND_NET = "/usr/bin/net" PATH_IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install" @@ -18,7 +10,21 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py LDAP_CACERT_DOWNLOADED = "authconfig_downloaded.pem" PATH_CONFIG_BACKUPS = "/var/lib/authconfig" -@@ -1627,7 +1627,6 @@ +@@ -155,6 +155,13 @@ def matchKey(line, key): + else: + return False + ++def matchKeyI(line, key): ++ if line.lower().startswith(key.lower()): ++ # Skip intervening whitespace. ++ return line[len(key):].lstrip() ++ else: ++ return False ++ + def matchKeyEquals(line, key): + if line.startswith(key): + # Skip intervening whitespace. +@@ -1627,7 +1634,6 @@ class AuthInfo: # Read LDAP setup from /etc/ldap.conf. def readLDAP(self, ref): @@ -26,11 +32,50 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py # Open the file. Bail if it's not there or there's some problem # reading it. try: -@@ -1675,10 +1674,16 @@ +@@ -1642,43 +1648,50 @@ class AuthInfo: + try: + f = open(all_configs[CFG_LDAP].origPath, "r") + except IOError: ++ self.ldapCacertDir = PATH_LDAP_CACERTS + return False + + for line in f: + line = line.strip() + + # Is it a "base" statement? +- value = matchKey(line, "base") ++ value = matchKeyI(line, "base") + if value and checkDN(value): + # Save the base DN. + self.setParam("ldapBaseDN", value, ref) + continue + # Is it a "host" statement? +- value = matchKey(line, "host") ++ value = matchKeyI(line, "host") + if value: + # Save the host name or IP. + self.setParam("ldapServer", value, ref) + continue + # Is it a "uri" statement? +- value = matchKey(line, "uri") ++ value = matchKeyI(line, "uri") + if value: + # Save the host name or IP. + self.setParam("ldapServer", value, ref) + continue + # Is it a "ssl" statement? +- value = matchKey(line, "ssl") ++ value = matchKeyI(line, "ssl") + if value: + self.setParam("enableLDAPS", matchLine(value, "start_tls"), ref) + continue + # Is it a "nss_schema" statement? +- value = matchKey(line, "nss_schema") ++ value = matchKeyI(line, "nss_schema") if value: self.setParam("ldapSchema", value, ref) continue -+ value = matchKey(line, "tls_cacertdir") ++ value = matchKeyI(line, "tls_cacertdir") + if value: + self.setParam("ldapCacertDir", value, ref) + continue @@ -43,7 +88,7 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py f.close() return True -@@ -4444,7 +4449,7 @@ +@@ -4443,7 +4456,7 @@ class AuthInfo: self.uninstallIPA() def testLDAPCACerts(self): @@ -52,7 +97,7 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py try: os.stat(self.ldapCacertDir) except OSError as err: -@@ -4456,7 +4461,7 @@ +@@ -4455,7 +4468,7 @@ class AuthInfo: def rehashLDAPCACerts(self): if ((self.enableLDAP or self.enableLDAPAuth) and diff --git a/authconfig.spec b/authconfig.spec index f94d69b..effb720 100644 --- a/authconfig.spec +++ b/authconfig.spec @@ -1,7 +1,7 @@ Summary: Command line tool for setting up authentication from network services Name: authconfig Version: 6.2.10 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ ExclusiveOS: Linux Group: System Environment/Base @@ -125,6 +125,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %{_datadir}/icons/hicolor/256x256/apps/system-config-authentication.* %changelog +* Tue Mar 31 2015 Tomáš Mráz - 6.2.10-5 +- set default tls_cacertdir when no ldap.conf is present + * Fri Mar 27 2015 Tomáš Mráz - 6.2.10-4 - make the cacertdir setup more sane (#1203024) - support sssd prompting non-local users for password (#1195817)