packages/realmd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:585e637ffe90afcc9f04cd19082931a1ff0b58ae
Branches Tags
packages:main
...
compare: packages:6ead777b8ef34850a5e0b3db7baf434a1197361b
Branches Tags
packages:main

10 Commits
585e637ffe ... 6ead777b8e

Author SHA1 Message Date
openeuler-ci-bot
6ead777b8e
!24 20.03-LTS-SP3: delete duplicate file AUTHORS from help 
From: @hugel 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2022-06-17 09:12:20 +00:00
Hugel
ea282295d2 delete duplicate file AUTHORS from help 2022-06-17 15:45:27 +08:00
openeuler-ci-bot
e698394a91 !11 [sync] PR-9: fix test timeout 
From: @openeuler-sync-bot
Reviewed-by: @zhujianwei001,@zhujianwei001
Signed-off-by: @zhujianwei001,@zhujianwei001
 2021-02-07 16:13:17 +08:00
Liquor
c3fd8a9452 fix test timeout 
(cherry picked from commit c18d86f1f41b02d519ec3673f0b613cdbdbcfb05)
 2021-02-07 13:45:33 +08:00
openeuler-ci-bot
346965a259 !8 fix build error with python3 
Merge pull request !8 from yu_boyun/master
 2020-07-16 17:03:04 +08:00
yu_boyun
a86d3e4272 fix build error with python3 2020-06-24 16:09:57 +08:00
openeuler-ci-bot
58e54af1db !3 realmd: clean code 
Merge pull request !3 from guoxiaoqi/local
 2020-01-11 17:40:22 +08:00
openeuler_eason
d63791a983 realmd: clean code 2020-01-10 14:33:53 +08:00
惊奇脆片饼干
084934c44e !2 package init 
Merge pull request !2 from openeuler-basic/next
 2019-12-30 20:11:12 +08:00
openeuler-basic
12a730ddc1 correct patch 2019-12-30 20:08:17 +08:00
17 changed files with 406 additions and 1080 deletions
Show Stats Expand all files Collapse all files

168
0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
View File

@ -1,168 +0,0 @@
From b11d891a50c2f70e3c02b880e0199583b8df186c Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 31 May 2018 16:16:08 +0200
Subject: [PATCH] Find NetBIOS name in keytab while leaving
If realmd is used with Samba as membership software, i.e. Samba's net
utility, the NetBIOS name must be known when leaving a domain. The most
reliable way to find it is by searching the keytab for NAME$@REALM type
entries and use the NAME as the NetBIOS name.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1370457
---
service/realm-kerberos.c | 64 ++++++++++++++++++++++++++++++++++++
service/realm-kerberos.h | 2 ++
service/realm-samba-enroll.c | 17 ++++++++--
3 files changed, 80 insertions(+), 3 deletions(-)
diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c
index 54d1ed7..d6d109f 100644
--- a/service/realm-kerberos.c
+++ b/service/realm-kerberos.c
@@ -1130,3 +1130,67 @@ realm_kerberos_flush_keytab (const gchar *realm_name,
return ret;
}
+
+gchar *
+realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name)
+{
+ krb5_error_code code;
+ krb5_keytab keytab = NULL;
+ krb5_context ctx;
+ krb5_kt_cursor cursor = NULL;
+ krb5_keytab_entry entry;
+ krb5_principal realm_princ = NULL;
+ gchar *princ_name = NULL;
+ gchar *netbios_name = NULL;
+ krb5_data *name_data;
+
+ code = krb5_init_context (&ctx);
+ if (code != 0) {
+ return NULL;
+ }
+
+ princ_name = g_strdup_printf ("user@%s", realm_name);
+ code = krb5_parse_name (ctx, princ_name, &realm_princ);
+ g_free (princ_name);
+
+ if (code == 0) {
+ code = krb5_kt_default (ctx, &keytab);
+ }
+
+ if (code == 0) {
+ code = krb5_kt_start_seq_get (ctx, keytab, &cursor);
+ }
+
+ if (code == 0) {
+ while (!krb5_kt_next_entry (ctx, keytab, &entry, &cursor) && netbios_name == NULL) {
+ if (krb5_realm_compare (ctx, realm_princ, entry.principal)) {
+ name_data = krb5_princ_component (ctx, entry.principal, 0);
+ if (name_data != NULL
+ && name_data->length > 0
+ && name_data->data[name_data->length - 1] == '$') {
+ netbios_name = g_strndup (name_data->data, name_data->length - 1);
+ if (netbios_name == NULL) {
+ code = krb5_kt_free_entry (ctx, &entry);
+ warn_if_krb5_failed (ctx, code);
+ break;
+ }
+ }
+ }
+ code = krb5_kt_free_entry (ctx, &entry);
+ warn_if_krb5_failed (ctx, code);
+ }
+ }
+
+ code = krb5_kt_end_seq_get (ctx, keytab, &cursor);
+ warn_if_krb5_failed (ctx, code);
+
+ code = krb5_kt_close (ctx, keytab);
+ warn_if_krb5_failed (ctx, code);
+
+ krb5_free_principal (ctx, realm_princ);
+
+ krb5_free_context (ctx);
+
+ return netbios_name;
+
+}
diff --git a/service/realm-kerberos.h b/service/realm-kerberos.h
index 0447e4d..58cfe07 100644
--- a/service/realm-kerberos.h
+++ b/service/realm-kerberos.h
@@ -88,6 +88,8 @@ gchar * realm_kerberos_format_login (RealmKerberos *self,
gboolean realm_kerberos_flush_keytab (const gchar *realm_name,
GError **error);
+gchar * realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name);
+
const gchar * realm_kerberos_get_name (RealmKerberos *self);
const gchar * realm_kerberos_get_realm_name (RealmKerberos *self);
diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
index 76e7b79..f5edca3 100644
--- a/service/realm-samba-enroll.c
+++ b/service/realm-samba-enroll.c
@@ -85,7 +85,8 @@ static JoinClosure *
join_closure_init (GTask *task,
RealmDisco *disco,
GVariant *options,
- GDBusMethodInvocation *invocation)
+ GDBusMethodInvocation *invocation,
+ gboolean do_join)
{
JoinClosure *join;
gchar *workgroup;
@@ -93,6 +94,7 @@ join_closure_init (GTask *task,
int temp_fd;
const gchar *explicit_computer_name = NULL;
const gchar *authid = NULL;
+ gchar *name_from_keytab = NULL;
join = g_new0 (JoinClosure, 1);
join->disco = realm_disco_ref (disco);
@@ -106,6 +108,14 @@ join_closure_init (GTask *task,
else if (disco->explicit_netbios)
authid = disco->explicit_netbios;
+ /* try to get the NetBIOS name from the keytab while leaving the domain */
+ if (explicit_computer_name == NULL && !do_join) {
+ name_from_keytab = realm_kerberos_get_netbios_name_from_keytab(disco->kerberos_realm);
+ if (name_from_keytab != NULL) {
+ authid = name_from_keytab;
+ }
+ }
+
join->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_PRIVATE);
realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL,
"security", "ads",
@@ -151,6 +161,7 @@ join_closure_init (GTask *task,
g_warning ("Couldn't create temp file in: %s", g_get_tmp_dir ());
}
+ g_free (name_from_keytab);
return join;
}
@@ -393,7 +404,7 @@ realm_samba_enroll_join_async (RealmDisco *disco,
g_return_if_fail (cred != NULL);
task = g_task_new (NULL, NULL, callback, user_data);
- join = join_closure_init (task, disco, options, invocation);
+ join = join_closure_init (task, disco, options, invocation, TRUE);
explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
if (explicit_computer_name != NULL) {
realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",
@@ -462,7 +473,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,
JoinClosure *join;
task = g_task_new (NULL, NULL, callback, user_data);
- join = join_closure_init (task, disco, options, invocation);
+ join = join_closure_init (task, disco, options, invocation, FALSE);
switch (cred->type) {
case REALM_CREDENTIAL_PASSWORD:
--
2.17.1

42
0001-Fix-issues-found-by-Coverity.patch
View File

@ -1,42 +0,0 @@
From 1831748847715a13f0cc911a9a491eb8614d6682 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 14 Aug 2018 14:09:48 +0200
Subject: [PATCH 1/3] Fix issues found by Coverity
---
service/realm-kerberos.c | 5 ++++-
service/realm-packages.c | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c
index d6d109f..252e256 100644
--- a/service/realm-kerberos.c
+++ b/service/realm-kerberos.c
@@ -980,7 +980,10 @@ realm_kerberos_set_details (RealmKerberos *self,
if (name == NULL)
break;
value = va_arg (va, const gchar *);
- g_return_if_fail (value != NULL);
+ if (value == NULL) {
+ va_end (va);
+ g_return_if_reached ();
+ }
values[0] = g_variant_new_string (name);
values[1] = g_variant_new_string (value);
diff --git a/service/realm-packages.c b/service/realm-packages.c
index 9a6984c..5976439 100644
--- a/service/realm-packages.c
+++ b/service/realm-packages.c
@@ -567,7 +567,7 @@ lookup_required_files_and_packages (const gchar **package_sets,
g_ptr_array_add (packages, NULL);
*result_packages = (gchar **)g_ptr_array_free (packages, FALSE);
} else {
- g_ptr_array_free (files, TRUE);
+ g_ptr_array_free (packages, TRUE);
}
if (result_files) {
--
2.17.1

24
0001-Fix-man-page-reference-in-systemd-service-file.patch
View File

@ -1,24 +0,0 @@
From e8d9d5e9817627dcf208ac742debcc9dc320752d Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 27 Jul 2016 19:06:29 +0200
Subject: [PATCH] Fix man page reference in systemd service file
---
dbus/realmd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dbus/realmd.service.in b/dbus/realmd.service.in
index b3bcf7a..64c1090 100644
--- a/dbus/realmd.service.in
+++ b/dbus/realmd.service.in
@@ -1,6 +1,6 @@
[Unit]
Description=Realm and Domain Configuration
-Documentation=man:realmd(8)
+Documentation=man:realm(8)
[Service]
Type=dbus
--
2.7.4

62
0001-IPA-do-not-call-sssd-enable-logins.patch
View File

@ -1,62 +0,0 @@
From 373f2e03736dfd87d50f02208b99d462cf34d891 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 27 Sep 2018 13:04:47 +0200
Subject: [PATCH] IPA: do not call sssd-enable-logins
It is expected that ipa-client-install will do all PAM and NSS
configuration. To avoid changing IPA default realmd will not try to
update the related configuration.
---
service/realm-sssd-ipa.c | 24 +-----------------------
1 file changed, 1 insertion(+), 23 deletions(-)
diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
index 5029f6b..70f8b0e 100644
--- a/service/realm-sssd-ipa.c
+++ b/service/realm-sssd-ipa.c
@@ -109,41 +109,19 @@ enroll_closure_free (gpointer data)
g_free (enroll);
}
-static void
-on_enable_nss_done (GObject *source,
- GAsyncResult *result,
- gpointer user_data)
-{
- GTask *task = G_TASK (user_data);
- GError *error = NULL;
- gint status;
-
- status = realm_command_run_finish (result, NULL, &error);
- if (error == NULL && status != 0)
- g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
- _("Enabling SSSD in nsswitch.conf and PAM failed."));
- if (error != NULL)
- g_task_return_error (task, error);
- else
- g_task_return_boolean (task, TRUE);
- g_object_unref (task);
-}
-
static void
on_restart_done (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
GTask *task = G_TASK (user_data);
- EnrollClosure *enroll = g_task_get_task_data (task);
RealmSssd *sssd = g_task_get_source_object (task);
GError *error = NULL;
realm_service_enable_and_restart_finish (result, &error);
if (error == NULL) {
realm_sssd_update_properties (sssd);
- realm_command_run_known_async ("sssd-enable-logins", NULL, enroll->invocation,
- on_enable_nss_done, g_object_ref (task));
+ g_task_return_boolean (task, TRUE);
} else {
g_task_return_error (task, error);
}
--
2.17.1

112
0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
View File

@ -1,112 +0,0 @@
From 6f0aa79c3e8dd93e723f29bf46e1b8b14403254f Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 5 Dec 2016 18:25:44 +0100
Subject: [PATCH] Kerberos: fall back to tcp SRV lookup
---
service/realm-kerberos-provider.c | 48 +++++++++++++++++++++++++++++++--------
1 file changed, 39 insertions(+), 9 deletions(-)
diff --git a/service/realm-kerberos-provider.c b/service/realm-kerberos-provider.c
index 2b3a0f8..1477ae8 100644
--- a/service/realm-kerberos-provider.c
+++ b/service/realm-kerberos-provider.c
@@ -19,6 +19,7 @@
#include "realm-kerberos-provider.h"
#include <errno.h>
+#include <string.h>
struct _RealmKerberosProvider {
RealmProvider parent;
@@ -38,28 +39,54 @@ realm_kerberos_provider_init (RealmKerberosProvider *self)
}
+typedef struct {
+ gchar *name;
+ const char *prot;
+} NameProtPair;
+
+static void
+name_prot_pair_free (gpointer data)
+{
+ NameProtPair *name_prot_pair = data;
+ g_free (name_prot_pair->name);
+ g_free (name_prot_pair);
+}
+
static void
on_kerberos_discover (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
GTask *task = G_TASK (user_data);
- const gchar *domain = g_task_get_task_data (task);
+ NameProtPair *name_prot_pair = g_task_get_task_data (task);
GError *error = NULL;
RealmDisco *disco;
GList *targets;
+ GResolver *resolver;
targets = g_resolver_lookup_service_finish (G_RESOLVER (source), result, &error);
if (targets) {
g_list_free_full (targets, (GDestroyNotify)g_srv_target_free);
- disco = realm_disco_new (domain);
- disco->kerberos_realm = g_ascii_strup (domain, -1);
+ disco = realm_disco_new (name_prot_pair->name);
+ disco->kerberos_realm = g_ascii_strup (name_prot_pair->name, -1);
g_task_return_pointer (task, disco, realm_disco_unref);
} else if (error) {
- g_debug ("Resolving %s failed: %s", domain, error->message);
+ g_debug ("Resolving %s failed: %s", name_prot_pair->name, error->message);
g_error_free (error);
- g_task_return_pointer (task, NULL, NULL);
+
+ if (strcmp (name_prot_pair->prot, "tcp") == 0) {
+ g_task_return_pointer (task, NULL, NULL);
+ } else {
+ /* Try tcp */
+ name_prot_pair->prot = "tcp";
+ resolver = g_resolver_get_default ();
+ g_resolver_lookup_service_async (resolver, "kerberos", name_prot_pair->prot,
+ name_prot_pair->name,
+ g_task_get_cancellable (task),
+ on_kerberos_discover, g_object_ref (task));
+ g_object_unref (resolver);
+ }
}
g_object_unref (task);
@@ -76,7 +103,7 @@ realm_kerberos_provider_discover_async (RealmProvider *provider,
GTask *task;
const gchar *software;
GResolver *resolver;
- gchar *name;
+ NameProtPair *name_prot_pair;
task = g_task_new (provider, NULL, callback, user_data);
@@ -86,12 +113,15 @@ realm_kerberos_provider_discover_async (RealmProvider *provider,
g_task_return_pointer (task, NULL, NULL);
} else {
- name = g_hostname_to_ascii (string);
+ name_prot_pair = g_new0 (NameProtPair, 1);
+ name_prot_pair->name = g_hostname_to_ascii (string);
+ name_prot_pair->prot = "udp";
resolver = g_resolver_get_default ();
- g_resolver_lookup_service_async (resolver, "kerberos", "udp", name,
+ g_resolver_lookup_service_async (resolver, "kerberos", name_prot_pair->prot,
+ name_prot_pair->name,
realm_invocation_get_cancellable (invocation),
on_kerberos_discover, g_object_ref (task));
- g_task_set_task_data (task, name, g_free);
+ g_task_set_task_data (task, name_prot_pair, name_prot_pair_free);
g_object_unref (resolver);
}
--
2.9.3

41
0001-LDAP-don-t-close-LDAP-socket-twice.patch
View File

@ -1,41 +0,0 @@
From 895e5b37d14090541480cebcb297846cbd3662ce Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 25 Nov 2016 17:35:11 +0100
Subject: [PATCH] LDAP: don't close LDAP socket twice
ldap_destroy() will call close() on the LDAP socket so with an explicit
close() before the file descriptor will be closed twice. Even worse,
since the file descriptor can be reused after the explicit call of
close() by any other thread the close() called from ldap_destroy() might
close a file descriptor used by a different thread as seen e.g. in
https://bugzilla.redhat.com/show_bug.cgi?id=1398522.
Additionally the patch makes sure that the closed connection cannot be
used again.
https://bugzilla.redhat.com/show_bug.cgi?id=1398522
---
service/realm-ldap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/service/realm-ldap.c b/service/realm-ldap.c
index 061ed61..59817fb 100644
--- a/service/realm-ldap.c
+++ b/service/realm-ldap.c
@@ -159,10 +159,11 @@ ldap_source_finalize (GSource *source)
{
LdapSource *ls = (LdapSource *)source;
- /* Yeah, this is pretty rough, but we don't want blocking here */
- close (ls->sock);
ldap_destroy (ls->ldap);
+ ls->sock = -1;
+ ls->ldap = NULL;
+
if (ls->cancellable) {
g_cancellable_release_fd (ls->cancellable);
g_object_unref (ls->cancellable);
--
2.9.3

252
0001-Remove-support-for-deprecated-gtester-format.patch Normal file
View File

@ -0,0 +1,252 @@
From 5ae42c176e7bb550fc6cf10f29e75f58c733ae4f Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 2 Aug 2019 12:10:43 +0200
Subject: [PATCH] Remove support for deprecated gtester format
Support for the already deprecated gtester format was remove from recent
versions of glib2 but the test still call the tab-gtester conversion
tool.
This patch removes tab-gtester and the tab format is used directly.
Related to https://gitlab.freedesktop.org/realmd/realmd/issues/21
---
Makefile.am | 3 +-
build/tap-gtester | 204 ----------------------------------------------
2 files changed, 1 insertion(+), 206 deletions(-)
delete mode 100755 build/tap-gtester
diff --git a/Makefile.am b/Makefile.am
index 27e3494..4ffd5b4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -161,7 +161,7 @@ endif
#
LOG_DRIVER = $(top_srcdir)/build/tap-driver
-LOG_COMPILER = $(top_srcdir)/build/tap-gtester
+LOG_COMPILER = sh -c '"$$0" "$$@" --tap'
VALGRIND_ARGS = --trace-children=no --quiet --error-exitcode=33 \
--suppressions=valgrind-suppressions --gen-suppressions=all \
@@ -183,7 +183,6 @@ recheck-memory: valgrind-suppressions
EXTRA_DIST += \
$(LOG_DRIVER) \
- $(LOG_COMPILER) \
$(VALGRIND_SUPPRESSIONS) \
$(NULL)
diff --git a/build/tap-gtester b/build/tap-gtester
deleted file mode 100755
index bbda266..0000000
--- a/build/tap-gtester
+++ /dev/null
@@ -1,204 +0,0 @@
-#!/usr/bin/python3
-# This can also be run with Python 2.
-
-# Copyright (C) 2014 Red Hat, Inc.
-#
-# Cockpit is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-#
-# Cockpit is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
-
-#
-# This is a test output compiler which produces TAP from GTest output
-# if GTest output is detected.
-#
-# Versions of glib later than 2.38.x output TAP natively when tests are
-# run with the --tap option. However we can't depend on such a recent
-# version of glib for our purposes.
-#
-# This implements the Test Anything Protocol (ie: TAP)
-# https://metacpan.org/pod/release/PETDANCE/Test-Harness-2.64/lib/Test/Harness/TAP.pod
-#
-
-import argparse
-import os
-import select
-import signal
-import subprocess
-import sys
-
-# Yes, it's dumb, but strsignal is not exposed in python
-# In addition signal numbers varify heavily from arch to arch
-def strsignal(sig):
- for name in dir(signal):
- if name.startswith("SIG") and sig == getattr(signal, name):
- return name
- return str(sig)
-
-
-class NullCompiler:
- def __init__(self, command):
- self.command = command
-
- def input(self, line):
- sys.stdout.write(line)
-
- def process(self, proc):
- while True:
- line = proc.stdout.readline()
- if not line:
- break
- self.input(line)
- proc.wait()
- return proc.returncode
-
- def run(self, proc, line=None):
- if line:
- self.input(line)
- return self.process(proc)
-
-
-class GTestCompiler(NullCompiler):
- def __init__(self, filename):
- NullCompiler.__init__(self, filename)
- self.test_num = 0
- self.test_name = None
- self.test_remaining = []
-
- def input(self, line):
- line = line.strip()
- if line.startswith("GTest: "):
- (cmd, unused, data) = line[7:].partition(": ")
- cmd = cmd.strip()
- data = data.strip()
- if cmd == "run":
- self.test_name = data
- assert self.test_name in self.test_remaining, "%s %s" % (self.test_name, repr(self.test_remaining))
- self.test_remaining.remove(self.test_name)
- self.test_num += 1
- elif cmd == "result":
- if self.test_name:
- if data == "OK":
- print("ok %d %s" % (self.test_num, self.test_name))
- if data == "FAIL":
- print("not ok %d %s" % (self.test_num, self.test_name))
- self.test_name = None
- elif cmd == "skipping":
- if "/subprocess" not in data:
- print("ok %d # skip -- %s" % (self.test_num, data))
- self.test_name = None
- elif data:
- print("# %s: %s" % (cmd, data))
- else:
- print("# %s" % cmd)
- elif line.startswith("(MSG: "):
- print("# %s" % line[6:-1])
- elif line:
- print("# %s" % line)
- sys.stdout.flush()
-
- def run(self, proc, output=""):
- # Complete retrieval of the list of tests
- output += proc.stdout.read()
- proc.wait()
- if proc.returncode:
- sys.stderr.write("tap-gtester: listing GTest tests failed: %d\n" % proc.returncode)
- return proc.returncode
- self.test_remaining = []
- for line in output.split("\n"):
- if line.startswith("/"):
- self.test_remaining.append(line.strip())
- if not self.test_remaining:
- print("Bail out! No tests found in GTest: %s" % self.command[0])
- return 0
-
- print("1..%d" % len(self.test_remaining))
-
- # First try to run all the tests in a batch
- proc = subprocess.Popen(self.command + ["--verbose" ], close_fds=True,
- stdout=subprocess.PIPE, universal_newlines=True)
- result = self.process(proc)
- if result == 0:
- return 0
-
- if result < 0:
- sys.stderr.write("%s terminated with %s\n" % (self.command[0], strsignal(-result)))
-
- # Now pick up any stragglers due to failures
- while True:
- # Assume that the last test failed
- if self.test_name:
- print("not ok %d %s" % (self.test_num, self.test_name))
- self.test_name = None
-
- # Run any tests which didn't get run
- if not self.test_remaining:
- break
-
- proc = subprocess.Popen(self.command + ["--verbose", "-p", self.test_remaining[0]],
- close_fds=True, stdout=subprocess.PIPE,
- universal_newlines=True)
- result = self.process(proc)
-
- # The various exit codes and signals we continue for
- if result not in [ 0, 1, -4, -5, -6, -7, -8, -11, 33 ]:
- break
-
- return result
-
-def main(argv):
- parser = argparse.ArgumentParser(description='Automake TAP compiler',
- usage="tap-gtester [--format FORMAT] command ...")
- parser.add_argument('--format', metavar='FORMAT', choices=[ "auto", "gtest", "tap" ],
- default="auto", help='The input format to compile')
- parser.add_argument('--verbose', action='store_true',
- default=True, help='Verbose mode (ignored)')
- parser.add_argument('command', nargs=argparse.REMAINDER, help="A test command to run")
- args = parser.parse_args(argv[1:])
-
- output = None
- format = args.format
- cmd = args.command
- if not cmd:
- sys.stderr.write("tap-gtester: specify a command to run\n")
- return 2
- if cmd[0] == '--':
- cmd.pop(0)
-
- proc = None
-
- os.environ['HARNESS_ACTIVE'] = '1'
-
- if format in ["auto", "gtest"]:
- list_cmd = cmd + ["-l", "--verbose"]
- proc = subprocess.Popen(list_cmd, close_fds=True, stdout=subprocess.PIPE,
- universal_newlines=True)
- output = proc.stdout.readline()
- # Smell whether we're dealing with GTest list output from first line
- if "random seed" in output or "GTest" in output or output.startswith("/"):
- format = "gtest"
- else:
- format = "tap"
- else:
- proc = subprocess.Popen(cmd, close_fds=True, stdout=subprocess.PIPE,
- universal_newlines=True)
-
- if format == "gtest":
- compiler = GTestCompiler(cmd)
- elif format == "tap":
- compiler = NullCompiler(cmd)
- else:
- assert False, "not reached"
-
- return compiler.run(proc, output)
-
-if __name__ == "__main__":
- sys.exit(main(sys.argv))
--
2.21.0

185
0001-Use-current-idmap-options-for-smb.conf.patch
View File

@ -1,185 +0,0 @@
From e683fb573bc09893ec541be29751560cea30ce3f Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 30 May 2018 13:10:57 +0200
Subject: [PATCH] Use current idmap options for smb.conf
Samba change some time ago the way how to configure id-mapping. With
this patch realmd will use the current supported options when creating
smb.conf.
A new option --legacy-samba-config is added to use the old options if
realmd is used with Samba 3.5 or earlier.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1484072
---
dbus/realm-dbus-constants.h | 1 +
doc/manual/realmd.conf.xml | 17 ++++++++++++
service/realm-samba-enroll.c | 2 +-
service/realm-samba-enroll.h | 3 +++
service/realm-samba-winbind.c | 63 ++++++++++++++++++++++++++++++++++---------
5 files changed, 72 insertions(+), 14 deletions(-)
diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
index 9cd30ef..40ffa2d 100644
--- a/dbus/realm-dbus-constants.h
+++ b/dbus/realm-dbus-constants.h
@@ -69,6 +69,7 @@ G_BEGIN_DECLS
#define REALM_DBUS_OPTION_COMPUTER_NAME "computer-name"
#define REALM_DBUS_OPTION_OS_NAME "os-name"
#define REALM_DBUS_OPTION_OS_VERSION "os-version"
+#define REALM_DBUS_OPTION_LEGACY_SMB_CONF "legacy-samba-config"
#define REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY "active-directory"
#define REALM_DBUS_IDENTIFIER_WINBIND "winbind"
diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
index 7853230..a2b577c 100644
--- a/doc/manual/realmd.conf.xml
+++ b/doc/manual/realmd.conf.xml
@@ -192,6 +192,23 @@ automatic-install = no
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>legacy-samba-config</option></term>
+ <listitem>
+ <para>Set this to <parameter>yes</parameter> to create a Samba
+ configuration file with id-mapping options used by Samba-3.5
+ and earlier version.</para>
+
+ <informalexample>
+<programlisting language="js">
+[service]
+legacy-samba-config = no
+# legacy-samba-config = yes
+</programlisting>
+ </informalexample>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
index c81aed2..76e7b79 100644
--- a/service/realm-samba-enroll.c
+++ b/service/realm-samba-enroll.c
@@ -69,7 +69,7 @@ join_closure_free (gpointer data)
g_free (join);
}
-static gchar *
+gchar *
fallback_workgroup (const gchar *realm)
{
const gchar *pos;
diff --git a/service/realm-samba-enroll.h b/service/realm-samba-enroll.h
index 84e8b2f..310ec65 100644
--- a/service/realm-samba-enroll.h
+++ b/service/realm-samba-enroll.h
@@ -46,6 +46,9 @@ void realm_samba_enroll_leave_async (RealmDisco *disco,
gboolean realm_samba_enroll_leave_finish (GAsyncResult *result,
GError **error);
+gchar *
+fallback_workgroup (const gchar *realm);
+
G_END_DECLS
#endif /* __REALM_SAMBA_ENROLL_H__ */
diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
index a7ddec3..9335e26 100644
--- a/service/realm-samba-winbind.c
+++ b/service/realm-samba-winbind.c
@@ -21,8 +21,10 @@
#include "realm-options.h"
#include "realm-samba-config.h"
#include "realm-samba-winbind.h"
+#include "realm-samba-enroll.h"
#include "realm-settings.h"
#include "realm-service.h"
+#include "dbus/realm-dbus-constants.h"
#include <glib/gstdio.h>
@@ -80,6 +82,10 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
RealmIniConfig *pwc;
GTask *task;
GError *error = NULL;
+ gchar *workgroup = NULL;
+ gchar *idmap_config_backend = NULL;
+ gchar *idmap_config_range = NULL;
+ gchar *idmap_config_schema_mode = NULL;
g_return_if_fail (config != NULL);
g_return_if_fail (invocation != NULL || G_IS_DBUS_METHOD_INVOCATION (invocation));
@@ -100,23 +106,54 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
"template shell", realm_settings_string ("users", "default-shell"),
NULL);
- if (realm_options_automatic_mapping (options, domain_name)) {
- realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
- "idmap uid", "10000-2000000",
- "idmap gid", "10000-2000000",
- "idmap backend", "tdb",
- "idmap schema", NULL,
- NULL);
+ if (realm_settings_boolean ("service", REALM_DBUS_OPTION_LEGACY_SMB_CONF, FALSE)) {
+ if (realm_options_automatic_mapping (options, domain_name)) {
+ realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
+ "idmap uid", "10000-2000000",
+ "idmap gid", "10000-2000000",
+ "idmap backend", "tdb",
+ "idmap schema", NULL,
+ NULL);
+ } else {
+ realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
+ "idmap uid", "500-4294967296",
+ "idmap gid", "500-4294967296",
+ "idmap backend", "ad",
+ "idmap schema", "rfc2307",
+ NULL);
+ }
} else {
- realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
- "idmap uid", "500-4294967296",
- "idmap gid", "500-4294967296",
- "idmap backend", "ad",
- "idmap schema", "rfc2307",
- NULL);
+ workgroup = realm_ini_config_get (config, REALM_SAMBA_CONFIG_GLOBAL, "workgroup");
+ if (workgroup == NULL) {
+ workgroup = fallback_workgroup (domain_name);
+ }
+ idmap_config_backend = g_strdup_printf ("idmap config %s : backend", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
+ idmap_config_range = g_strdup_printf ("idmap config %s : range", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
+ idmap_config_schema_mode = g_strdup_printf ("idmap config %s : schema_mode", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
+ g_free (workgroup);
+
+ if (realm_options_automatic_mapping (options, domain_name)) {
+ realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
+ "idmap config * : backend", "tdb",
+ "idmap config * : range", "10000-999999",
+ idmap_config_backend != NULL ? idmap_config_backend : "idmap config PLEASE_REPLACE : backend", "rid",
+ idmap_config_range != NULL ? idmap_config_range: "idmap config PLEASE_REPLACE : range", "2000000-2999999",
+ idmap_config_schema_mode != NULL ? idmap_config_schema_mode: "idmap config PLEASE_REPLACE : schema_mode", NULL,
+ NULL);
+ } else {
+ realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
+ "idmap config * : backend", "tdb",
+ "idmap config * : range", "10000000-10999999",
+ idmap_config_backend != NULL ? idmap_config_backend : "idmap config PLEASE_REPLACE : backend", "ad",
+ idmap_config_range != NULL ? idmap_config_range: "idmap config PLEASE_REPLACE : range", "500-999999",
+ idmap_config_schema_mode != NULL ? idmap_config_schema_mode: "idmap config PLEASE_REPLACE : schema_mode", "rfc2307",
+ NULL);
+ }
}
realm_ini_config_finish_change (config, &error);
+ g_free (idmap_config_backend);
+ g_free (idmap_config_range);
}
/* Setup pam_winbind.conf with decent defaults matching our expectations */
--
2.14.4

96
0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
View File

@ -1,96 +0,0 @@
From 402cbab6e8267fcd959bcfa84a47f4871b59944d Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@redhat.com>
Date: Fri, 28 Oct 2016 20:27:48 +0200
Subject: [PATCH] service: Add nss and pam sssd.conf services after joining
After adding a domain to sssd.conf add the nss and pam services
to the [sssd] block.
https://bugs.freedesktop.org/show_bug.cgi?id=98479
---
service/realm-sssd-ad.c | 3 +++
service/realm-sssd-config.c | 2 --
service/realm-sssd-ipa.c | 3 +++
tests/test-sssd-config.c | 4 ++--
4 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
index 5ed384d..5fa81ce 100644
--- a/service/realm-sssd-ad.c
+++ b/service/realm-sssd-ad.c
@@ -160,6 +160,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
gboolean use_adcli,
GError **error)
{
+ const gchar *services[] = { "nss", "pam", NULL };
GString *realmd_tags;
const gchar *access_provider;
const gchar *shell;
@@ -206,6 +207,8 @@ configure_sssd_for_domain (RealmIniConfig *config,
"ldap_sasl_authid", authid,
NULL);
+ realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
+
g_free (authid);
g_string_free (realmd_tags, TRUE);
diff --git a/service/realm-sssd-config.c b/service/realm-sssd-config.c
index 2096afd..d4398b9 100644
--- a/service/realm-sssd-config.c
+++ b/service/realm-sssd-config.c
@@ -154,8 +154,6 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
g_strfreev (already);
/* Setup a default sssd section */
- if (!realm_ini_config_have (config, "section", "services"))
- realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL);
if (!realm_ini_config_have (config, "sssd", "config_file_version"))
realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);
diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
index b12136e..001870d 100644
--- a/service/realm-sssd-ipa.c
+++ b/service/realm-sssd-ipa.c
@@ -156,6 +156,7 @@ on_ipa_client_do_restart (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
+ const gchar *services[] = { "nss", "pam", NULL };
GTask *task = G_TASK (user_data);
EnrollClosure *enroll = g_task_get_task_data (task);
RealmSssd *sssd = g_task_get_source_object (task);
@@ -207,6 +208,8 @@ on_ipa_client_do_restart (GObject *source,
"realmd_tags", realmd_tags,
NULL);
+ realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
+
g_free (home);
}
diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
index 59eab75..892b9d5 100644
--- a/tests/test-sssd-config.c
+++ b/tests/test-sssd-config.c
@@ -90,7 +90,7 @@ test_add_domain (Test *test,
gconstpointer unused)
{
const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
- const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
+ const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
GError *error = NULL;
gchar *output;
gboolean ret;
@@ -140,7 +140,7 @@ static void
test_add_domain_only (Test *test,
gconstpointer unused)
{
- const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
+ const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
GError *error = NULL;
gchar *output;
gboolean ret;
--
2.9.3

98
0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
View File

@ -1,98 +0,0 @@
From 9d5b6f5c88df582fb94edcf5cc05a8cfaa63cf6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Tue, 25 Apr 2017 07:20:17 +0200
Subject: [PATCH] service: Add "pam" and "nss" services in
realm_sssd_config_add_domain()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
realm_sssd_config_add_domain() must setup the services line in sssd.conf
otherwise SSSD won't be able to start any of its services.
It's a regression caused by 402cbab which leaves SSSD with no services
line when joining to an ad client doing "realm join ad.example".
https://bugs.freedesktop.org/show_bug.cgi?id=98479
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
---
service/realm-sssd-ad.c | 3 ++-
service/realm-sssd-config.c | 2 ++
service/realm-sssd-ipa.c | 3 ++-
tests/test-sssd-config.c | 4 ++--
4 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
index 5fa81ce..8543ca8 100644
--- a/service/realm-sssd-ad.c
+++ b/service/realm-sssd-ad.c
@@ -207,7 +207,8 @@ configure_sssd_for_domain (RealmIniConfig *config,
"ldap_sasl_authid", authid,
NULL);
- realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
+ if (ret)
+ ret = realm_ini_config_change_list (config, "sssd", "services", ", ", services, NULL, error);
g_free (authid);
g_string_free (realmd_tags, TRUE);
diff --git a/service/realm-sssd-config.c b/service/realm-sssd-config.c
index d4398b9..140d7dc 100644
--- a/service/realm-sssd-config.c
+++ b/service/realm-sssd-config.c
@@ -130,6 +130,7 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
gchar **already;
gboolean ret;
gchar *section;
+ const gchar *services[] = { "nss", "pam", NULL };
va_list va;
gint i;
@@ -154,6 +155,7 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
g_strfreev (already);
/* Setup a default sssd section */
+ realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
if (!realm_ini_config_have (config, "sssd", "config_file_version"))
realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);
diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
index 001870d..ff1dc8a 100644
--- a/service/realm-sssd-ipa.c
+++ b/service/realm-sssd-ipa.c
@@ -208,7 +208,8 @@ on_ipa_client_do_restart (GObject *source,
"realmd_tags", realmd_tags,
NULL);
- realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
+ if (error == NULL)
+ realm_ini_config_change_list (config, "sssd", "services", ", ", services, NULL, &error);
g_free (home);
}
diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
index 892b9d5..59eab75 100644
--- a/tests/test-sssd-config.c
+++ b/tests/test-sssd-config.c
@@ -90,7 +90,7 @@ test_add_domain (Test *test,
gconstpointer unused)
{
const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
- const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
+ const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
GError *error = NULL;
gchar *output;
gboolean ret;
@@ -140,7 +140,7 @@ static void
test_add_domain_only (Test *test,
gconstpointer unused)
{
- const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
+ const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
GError *error = NULL;
gchar *output;
gboolean ret;
--
2.9.3

36
0001-switch-to-authselect.patch
View File

@ -1,36 +0,0 @@
From 32645f2fc1ddfb2eed7069fd749602619f26ed37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 19 Feb 2018 11:51:06 +0100
Subject: [PATCH] switch to authselect
---
service/realmd-redhat.conf | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
index e39fad525c716d1ed99715280cd5d497b9039427..26cf6147f352e1b48c3261fa42707d816428f879 100644
--- a/service/realmd-redhat.conf
+++ b/service/realmd-redhat.conf
@@ -23,15 +23,15 @@ adcli = /usr/sbin/adcli
freeipa-client = /usr/sbin/ipa-client-install
[commands]
-winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
-winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart
+winbind-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
+winbind-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
winbind-enable-service = /usr/bin/systemctl enable winbind.service
winbind-disable-service = /usr/bin/systemctl disable winbind.service
winbind-restart-service = /usr/bin/systemctl restart winbind.service
winbind-stop-service = /usr/bin/systemctl stop winbind.service
-sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
-sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart
+sssd-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select sssd with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
+sssd-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
sssd-enable-service = /usr/bin/systemctl enable sssd.service
sssd-disable-service = /usr/bin/systemctl disable sssd.service
sssd-restart-service = /usr/bin/systemctl restart sssd.service
--
2.9.3

82
0001-tests-ignore-order-in-test_update_domain.patch Normal file
View File

@ -0,0 +1,82 @@
From b6753bd048b4012b11d60c094d1ab6ca181ee50d Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 21 Feb 2019 21:16:26 +0100
Subject: [PATCH] tests: ignore order in test_update_domain
Individual options of a domain or in general for a section in an ini
file are stored by realmd in a hash table. When writing out the ini file
the options can show up in any order and the unit tests should be aware
of it.
Resolves: https://gitlab.freedesktop.org/realmd/realmd/issues/19
---
tests/test-sssd-config.c | 41 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 39 insertions(+), 2 deletions(-)
diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
index 59eab75..8f3fec5 100644
--- a/tests/test-sssd-config.c
+++ b/tests/test-sssd-config.c
@@ -163,12 +163,49 @@ test_add_domain_only (Test *test,
g_free (output);
}
+static void check_for_test_update_domain (char *new)
+{
+ char *token;
+ char *saveptr;
+ size_t c;
+ int result = 0;
+
+ token = strtok_r (new, "\n", &saveptr);
+ g_assert_nonnull (token);
+ g_assert_cmpstr (token, ==, "[domain/one]");
+
+ for (c = 0; c < 3; c++) {
+ token = strtok_r (NULL, "\n", &saveptr);
+ g_assert_nonnull (token);
+ if (strcmp (token, "val=1") == 0) {
+ result += 1;
+ } else if (strcmp (token, "uno = 1") == 0) {
+ result += 2;
+ } else if (strcmp (token, "eins = one") == 0) {
+ result += 4;
+ } else {
+ g_assert_not_reached ();
+ }
+ }
+ g_assert_cmpint (result, ==, 7);
+
+ token = strtok_r (NULL, "\n", &saveptr);
+ g_assert_nonnull (token);
+ g_assert_cmpstr (token, ==, "[sssd]");
+
+ token = strtok_r (NULL, "\n", &saveptr);
+ g_assert_nonnull (token);
+ g_assert_cmpstr (token, ==, "domains=one");
+
+ token = strtok_r (NULL, "\n", &saveptr);
+ g_assert_null (token);
+}
+
static void
test_update_domain (Test *test,
gconstpointer unused)
{
const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
- const gchar *check = "[domain/one]\nval=1\nuno = 1\neins = one\n[sssd]\ndomains=one";
GError *error = NULL;
gchar *output;
gboolean ret;
@@ -190,7 +227,7 @@ test_update_domain (Test *test,
g_assert_no_error (error);
g_assert (ret == TRUE);
- g_assert_cmpstr (check, ==, output);
+ check_for_test_update_domain (output);
g_free (output);
}
--
2.20.1

113
0002-Change-qualified-names-default-for-IPA.patch
View File

@ -1,113 +0,0 @@
From 21ab1fdd127d242a9b4e95c3c90dd2bf3159d149 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 14 Aug 2018 16:44:39 +0200
Subject: [PATCH 2/3] Change qualified names default for IPA
In a FreeIPA domain it is typically expected that the IPA accounts use
sort names while accounts from trusted domains have fully qualified
names. This is automatically done by SSSD's IPA provider so there is no
need to force fully qualified names in the SSSD configuration.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1575538
---
service/realm-options.c | 9 +++++----
service/realm-options.h | 3 ++-
service/realm-samba-winbind.c | 2 +-
service/realm-sssd-ad.c | 2 +-
service/realm-sssd-ipa.c | 2 +-
5 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/service/realm-options.c b/service/realm-options.c
index bd804ea..34a209f 100644
--- a/service/realm-options.c
+++ b/service/realm-options.c
@@ -98,7 +98,7 @@ realm_options_automatic_mapping (GVariant *options,
if (realm_name && !option) {
section = g_utf8_casefold (realm_name, -1);
- mapping = realm_settings_boolean (realm_name, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
+ mapping = realm_settings_boolean (section, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
g_free (section);
}
@@ -112,20 +112,21 @@ realm_options_automatic_join (const gchar *realm_name)
gboolean mapping;
section = g_utf8_casefold (realm_name, -1);
- mapping = realm_settings_boolean (realm_name, "automatic-join", FALSE);
+ mapping = realm_settings_boolean (section, "automatic-join", FALSE);
g_free (section);
return mapping;
}
gboolean
-realm_options_qualify_names (const gchar *realm_name)
+realm_options_qualify_names (const gchar *realm_name,
+ gboolean def)
{
gchar *section;
gboolean qualify;
section = g_utf8_casefold (realm_name, -1);
- qualify = realm_settings_boolean (realm_name, "fully-qualified-names", TRUE);
+ qualify = realm_settings_boolean (section, "fully-qualified-names", def);
g_free (section);
return qualify;
diff --git a/service/realm-options.h b/service/realm-options.h
index 7a1355e..b71d219 100644
--- a/service/realm-options.h
+++ b/service/realm-options.h
@@ -37,7 +37,8 @@ const gchar * realm_options_user_principal (GVariant *options,
gboolean realm_options_automatic_mapping (GVariant *options,
const gchar *realm_name);
-gboolean realm_options_qualify_names (const gchar *realm_name);
+gboolean realm_options_qualify_names (const gchar *realm_name,
+ gboolean def);
gboolean realm_options_check_domain_name (const gchar *domain_name);
diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
index 9335e26..61988eb 100644
--- a/service/realm-samba-winbind.c
+++ b/service/realm-samba-winbind.c
@@ -102,7 +102,7 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
"winbind enum groups", "no",
"winbind offline logon", "yes",
"winbind refresh tickets", "yes",
- "winbind use default domain", realm_options_qualify_names (domain_name )? "no" : "yes",
+ "winbind use default domain", realm_options_qualify_names (domain_name, TRUE )? "no" : "yes",
"template shell", realm_settings_string ("users", "default-shell"),
NULL);
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
index 8543ca8..de7ce30 100644
--- a/service/realm-sssd-ad.c
+++ b/service/realm-sssd-ad.c
@@ -172,7 +172,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
gchar *home;
home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
- qualify = realm_options_qualify_names (disco->domain_name);
+ qualify = realm_options_qualify_names (disco->domain_name, TRUE);
shell = realm_settings_string ("users", "default-shell");
explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
realmd_tags = g_string_new ("");
diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
index ff1dc8a..5029f6b 100644
--- a/service/realm-sssd-ipa.c
+++ b/service/realm-sssd-ipa.c
@@ -201,7 +201,7 @@ on_ipa_client_do_restart (GObject *source,
realm_sssd_config_update_domain (config, domain, &error,
"cache_credentials", "True",
- "use_fully_qualified_names", realm_options_qualify_names (domain) ? "True" : "False",
+ "use_fully_qualified_names", realm_options_qualify_names (domain, FALSE) ? "True" : "False",
"krb5_store_password_if_offline", "True",
"default_shell", shell,
"fallback_homedir", home,
--
2.17.1

76
0003-discover-try-to-get-domain-name-from-hostname.patch
View File

@ -1,76 +0,0 @@
From 5e28cf702ad338e399f8fff0b3fa18736a297318 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 21 Aug 2018 13:09:20 +0200
Subject: [PATCH 3/3] discover: try to get domain name from hostname
If there is no domain name returned by DHCP check if the hostname
contains a domain part and use this to discover a realm.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1619162
---
service/realm-provider.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/service/realm-provider.c b/service/realm-provider.c
index d647c7a..258e8e1 100644
--- a/service/realm-provider.c
+++ b/service/realm-provider.c
@@ -28,6 +28,8 @@
#include <glib/gi18n.h>
#include <gio/gio.h>
+#include <errno.h>
+
#define TIMEOUT_SECONDS 15
G_DEFINE_TYPE (RealmProvider, realm_provider, G_TYPE_DBUS_OBJECT_SKELETON);
@@ -181,6 +183,25 @@ on_discover_complete (GObject *source,
return_discover_result (method, realms, relevance, error);
}
+static gchar *
+get_domain_from_hostname (void)
+{
+ gchar hostname[HOST_NAME_MAX + 1];
+ gchar *dot;
+
+ if (gethostname (hostname, sizeof (hostname)) < 0) {
+ g_warning ("Couldn't get the computer host name: %s", g_strerror (errno));
+ return NULL;
+ }
+
+ dot = strchr (hostname, '.');
+ if (dot != NULL) {
+ return g_strdup (dot + 1);
+ }
+
+ return NULL;
+}
+
static void
on_discover_default (GObject *source,
GAsyncResult *result,
@@ -195,6 +216,10 @@ on_discover_default (GObject *source,
g_clear_error (&error);
}
+ if (method->string == NULL) {
+ method->string = get_domain_from_hostname ();
+ }
+
if (method->string) {
g_strstrip (method->string);
if (g_str_equal (method->string, "")) {
@@ -210,7 +235,8 @@ on_discover_default (GObject *source,
on_discover_complete, method);
} else {
- realm_diagnostics_info (method->invocation, "No default domain received via DHCP");
+ realm_diagnostics_info (method->invocation,
+ "No default domain received via DHCP or given by hostname");
return_discover_result (method, NULL, 0, NULL);
}
}
--
2.17.1

32
backport-Fix-for-ini-config-test-issue.patch Normal file
View File

@ -0,0 +1,32 @@
From f2162c30155eb0d9f7475f583856a2675ad2c881 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 3 Jul 2020 17:18:13 +0200
Subject: [PATCH] Fix for ini-config test issue
Recently I came across some issues with the ini-config tests where the
test run into a deadlock and didn't finish. It looks it happens
somewhere in the glib inotify code and might be a timing issues because
I never saw the issue when running the tests with strace.
To get around the issue I added REALM_INI_NO_WATCH to not use the
inotify code for testing.
---
tests/test-ini-config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test-ini-config.c b/tests/test-ini-config.c
index 7799e13..854df88 100644
--- a/tests/test-ini-config.c
+++ b/tests/test-ini-config.c
@@ -29,7 +29,7 @@ static void
setup (Test *test,
gconstpointer unused)
{
- test->config = realm_ini_config_new (REALM_INI_LINE_CONTINUATIONS);
+ test->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_LINE_CONTINUATIONS);
}
static void
--
2.27.0

26
fix-build-bug-with-distro-of-openeuler.patch
View File

@ -1,6 +1,6 @@
From 5e075a20eea48103ca42c659ddf6db0ff89cdd35 Mon Sep 17 00:00:00 2001
From f677aa5b35a1ed7c414982ad3da682d79d642c23 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Sun, 29 Dec 2019 06:28:28 -0500
Date: Mon, 30 Dec 2019 20:02:48 +0800
Subject: [PATCH] fix build bug with distro of openeuler
Signed-off-by: rpm-build <rpm-build>
@ -18,7 +18,7 @@ index 6949252..b298e88 100755
@@ -3222,6 +3222,25 @@ if test "x$ac_cv_file__etc_SuSE_release" = xyes; then :
DISTRO="suse"
fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/openEuler-release" >&5
+$as_echo_n "checking for /etc/openEuler-release... " >&6; }
+if ${ac_cv_file__etc_openEuler_release+:} false; then :
@ -38,21 +38,21 @@ index 6949252..b298e88 100755
+ DISTRO="openeuler"
+fi
+
# Not customized for these yet
# Not customized for these yet
diff --git a/configure.ac b/configure.ac
index 5c0a8e7..0170662 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,6 +37,7 @@ if test -z $DISTRO; then
AC_CHECK_FILE(/etc/redhat-release, [DISTRO="redhat"])
AC_CHECK_FILE(/etc/debian_version, [DISTRO="debian"])
AC_CHECK_FILE(/etc/SuSE-release, [DISTRO="suse"])
AC_CHECK_FILE(/etc/redhat-release, [DISTRO="redhat"])
AC_CHECK_FILE(/etc/debian_version, [DISTRO="debian"])
AC_CHECK_FILE(/etc/SuSE-release, [DISTRO="suse"])
+ AC_CHECK_FILE(/etc/openEuler-release, [DISTRO="openeuler"])
# Not customized for these yet
dnl AC_CHECK_FILE(/etc/gentoo-release, [DISTRO="gentoo"])
# Not customized for these yet
dnl AC_CHECK_FILE(/etc/gentoo-release, [DISTRO="gentoo"])
diff --git a/service/realmd-openeuler.conf b/service/realmd-openeuler.conf
new file mode 100644
index 0000000..12ca2d0
@ -99,6 +99,6 @@ index 0000000..12ca2d0
+sssd-caches-flush = /usr/sbin/sss_cache --users --groups --netgroups --services --autofs-maps
+
+name-caches-flush =
--
--
1.8.3.1

41
realmd.spec
View File

@ -1,25 +1,16 @@
%define _hardened_build 1
Name: realmd
Version: 0.16.3
Release: 20
Release: 24
Summary: AD integration detection
License: LGPLv2+
URL: https://cgit.freedesktop.org/realmd/realmd/
Source0: https://www.freedesktop.org/software/realmd/releases/realmd-%{version}.tar.gz
Patch1: 0001-LDAP-don-t-close-LDAP-socket-twice.patch
Patch2: 0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
Patch3: 0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
Patch4: 0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
Patch5: 0001-switch-to-authselect.patch
Patch6: 0001-Fix-man-page-reference-in-systemd-service-file.patch
Patch7: 0001-Use-current-idmap-options-for-smb.conf.patch
Patch8: 0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
Patch9: 0001-tests-run-tests-with-python3.patch
Patch10: 0001-Fix-issues-found-by-Coverity.patch
Patch11: 0002-Change-qualified-names-default-for-IPA.patch
Patch12: 0003-discover-try-to-get-domain-name-from-hostname.patch
Patch13: 0001-IPA-do-not-call-sssd-enable-logins.patch
Patch1: 0001-tests-run-tests-with-python3.patch
Patch2: 0001-tests-ignore-order-in-test_update_domain.patch
Patch3: 0001-Remove-support-for-deprecated-gtester-format.patch
Patch4: backport-Fix-for-ini-config-test-issue.patch
Patch9000: fix-build-bug-with-distro-of-openeuler.patch
@ -65,10 +56,32 @@ make check
%defattr(-,root,root)
%doc ChangeLog NEWS README
%doc %{_datadir}/doc/realmd/
%exclude %{_datadir}/doc/realmd/AUTHORS
%{_mandir}/man8/*
%{_mandir}/man5/*
%changelog
* Fri Jun 17 2022 Hugel <gengqihu1@h-partners.com> - 0.16.3-24
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:delete duplicate file AUTHORS from help
* Sun Feb 7 2021 lirui <lirui130@huawei.com> - 0.16.3-23
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:fix test timeout
* Wed Jul 24 2020 yu_boyun <yuboyun@huawei.com> - 0.16.3-22
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:fix build error with python3
* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.16.3-21
- clean code
* Sun Dec 29 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.16.3-20
- Modify patch information