authselect-1.4.0-1: rebase to 1.4.0
This commit is contained in:
parent
a7d4a1ef58
commit
eb39ec3181
|
@ -16,3 +16,4 @@
|
|||
/authselect-1.2.3.tar.gz
|
||||
/authselect-1.2.4.tar.gz
|
||||
/authselect-1.3.0.tar.gz
|
||||
/authselect-1.4.0.tar.gz
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
From 46386b75fb90ce91ede80093ce73e99fde53ba3b Mon Sep 17 00:00:00 2001
|
||||
From: Colin Walters <walters@verbum.org>
|
||||
Date: Tue, 4 Jan 2022 18:33:30 -0500
|
||||
Subject: [PATCH 01/11] main: Drop an unnecessary `NULL` check before `free()`
|
||||
|
||||
From `man free()`:
|
||||
|
||||
```
|
||||
The free() function frees the memory space pointed to by ptr ... If ptr is NULL, no operation is performed.
|
||||
```
|
||||
|
||||
Obviously there are *tons* of these in the codebase; just doing
|
||||
this one as a preliminary PR; if accepted I may do some more, or
|
||||
others can. Or we could try a coccinelle semantic patch.
|
||||
---
|
||||
src/cli/main.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/cli/main.c b/src/cli/main.c
|
||||
index 4b8ab8573470c55891d35f50fc9c20d7459776ba..575e56f00edfc35ab4b5368ee40a497016d68cc3 100644
|
||||
--- a/src/cli/main.c
|
||||
+++ b/src/cli/main.c
|
||||
@@ -231,9 +231,7 @@ done:
|
||||
free(requirements);
|
||||
authselect_array_free(maps);
|
||||
authselect_profile_free(profile);
|
||||
- if (features != NULL) {
|
||||
- free(features);
|
||||
- }
|
||||
+ free(features);
|
||||
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,376 +0,0 @@
|
|||
From 4c4730ea760ddfed94de55769682356c7f95fd21 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 11:30:23 +0100
|
||||
Subject: [PATCH 02/11] lib: drop strict change detection
|
||||
|
||||
One of the main authselect features is to refuse to overwrite user
|
||||
changes to the configuration. To do so, it used to validate files and
|
||||
directory structure and also files contents.
|
||||
|
||||
This however allowed to have a mixed configuration on the system, that
|
||||
was created by authselect but then modified by user. This is no longer
|
||||
possible and the behavior has changed in a way that any user changes
|
||||
made to configuration created by authselect are overwritten without
|
||||
requiring the *--force* parameter (files contents are no longer
|
||||
validated).
|
||||
|
||||
This will make the configuration consistent - users either use
|
||||
authselect or not, nothing in between. It also makes authselect work
|
||||
on ostree server side, where it is not possible to write to /var.
|
||||
---
|
||||
Makefile.am | 2 --
|
||||
rpm/authselect.spec.in | 8 -----
|
||||
src/conf_macros.m4 | 4 ---
|
||||
src/lib/Makefile.am | 2 --
|
||||
src/lib/authselect.c | 27 ++++-----------
|
||||
src/lib/files/config.c | 1 -
|
||||
src/lib/files/system.c | 62 ++-------------------------------
|
||||
src/lib/paths.h | 78 ++++++++++++++++++------------------------
|
||||
8 files changed, 41 insertions(+), 143 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 0277c6ef6d43e60ea330c465535a88ae405c8630..1c9b88d47f809cb218d19887734769f12b944bb4 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -35,7 +35,6 @@ authselect_custom_dir=@AUTHSELECT_CUSTOM_DIR@
|
||||
authselect_dconf_dir=@AUTHSELECT_DCONF_DIR@
|
||||
authselect_pam_dir=@AUTHSELECT_PAM_DIR@
|
||||
authselect_backup_dir=@AUTHSELECT_BACKUP_DIR@
|
||||
-authselect_state_dir=@AUTHSELECT_STATE_DIR@
|
||||
|
||||
install-exec-hook:
|
||||
$(MKDIR_P) $(DESTDIR)$/$(authselect_config_dir)
|
||||
@@ -45,7 +44,6 @@ install-exec-hook:
|
||||
$(MKDIR_P) $(DESTDIR)$/$(authselect_dconf_dir)/locks
|
||||
$(MKDIR_P) $(DESTDIR)$/$(authselect_pam_dir)
|
||||
$(MKDIR_P) $(DESTDIR)$/$(authselect_backup_dir)
|
||||
- $(MKDIR_P) $(DESTDIR)$/$(authselect_state_dir)
|
||||
|
||||
# Build RPMs
|
||||
RPMBUILD ?= $(PWD)/rpmbuild
|
||||
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
|
||||
index c05c010c916ac095ba021adf87dd6b985c9661a6..9f36d0dcf001f953b8384d54f60af25d71ef0321 100644
|
||||
--- a/rpm/authselect.spec.in
|
||||
+++ b/rpm/authselect.spec.in
|
||||
@@ -184,14 +184,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
||||
%endif
|
||||
%dir %{_localstatedir}/lib/authselect
|
||||
%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/
|
||||
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-db
|
||||
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-locks
|
||||
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/fingerprint-auth
|
||||
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/nsswitch.conf
|
||||
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/password-auth
|
||||
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/postlogin
|
||||
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/smartcard-auth
|
||||
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/system-auth
|
||||
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created
|
||||
%dir %{_datadir}/authselect
|
||||
%dir %{_datadir}/authselect/vendor
|
||||
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
|
||||
index 68d8885c0c2d637ae8aaa02e4bd15fab70af5841..17c1629723066b0c4e354051366ce209428af6c1 100644
|
||||
--- a/src/conf_macros.m4
|
||||
+++ b/src/conf_macros.m4
|
||||
@@ -58,10 +58,6 @@ CONFIGURABLE_VALUE(backup-dir, backup_dir, AUTHSELECT_BACKUP_DIR, DIR,
|
||||
[Directory where configuration backups should be stored],
|
||||
$localstatedir/lib/authselect/backups)
|
||||
|
||||
-CONFIGURABLE_VALUE(state-dir, state_dir, AUTHSELECT_STATE_DIR, DIR,
|
||||
- [Directory where authselect state should be stored],
|
||||
- $localstatedir/lib/authselect)
|
||||
-
|
||||
CONFIGURABLE_VALUE(pythonbin, pythonbin, PYTHON_BIN, PATH,
|
||||
[Path to the python interpreter],
|
||||
$bindir/python3)
|
||||
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
|
||||
index c0bc1cc1439c64c2e096e03020f4464496992878..88411ac51bd8d7c219c3097542e16fa99e0a38a2 100644
|
||||
--- a/src/lib/Makefile.am
|
||||
+++ b/src/lib/Makefile.am
|
||||
@@ -43,7 +43,6 @@ authselect_dconf_dir=@AUTHSELECT_DCONF_DIR@
|
||||
authselect_dconf_file=@AUTHSELECT_DCONF_FILE@
|
||||
authselect_dconf_bin=@AUTHSELECT_DCONF_BIN@
|
||||
authselect_backup_dir=@AUTHSELECT_BACKUP_DIR@
|
||||
-authselect_state_dir=@AUTHSELECT_STATE_DIR@
|
||||
|
||||
libauthselect_la_SOURCES = \
|
||||
authselect.c \
|
||||
@@ -84,7 +83,6 @@ libauthselect_la_CFLAGS = \
|
||||
-DAUTHSELECT_DCONF_FILE=\"$(authselect_dconf_file)\" \
|
||||
-DAUTHSELECT_DCONF_BIN=\"$(authselect_dconf_bin)\" \
|
||||
-DAUTHSELECT_BACKUP_DIR=\"$(authselect_backup_dir)\" \
|
||||
- -DAUTHSELECT_STATE_DIR=\"$(authselect_state_dir)\" \
|
||||
$(NULL)
|
||||
libauthselect_la_LDFLAGS = \
|
||||
-Wl,--version-script=$(srcdir)/authselect.exports \
|
||||
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
|
||||
index a901e02719713bd13d5a4fab606ee713b3d6ddca..b84aa73351448dc5caf802ae7282ebd9aa1c27d7 100644
|
||||
--- a/src/lib/authselect.c
|
||||
+++ b/src/lib/authselect.c
|
||||
@@ -103,32 +103,17 @@ authselect_activate(const char *profile_id,
|
||||
goto done;
|
||||
}
|
||||
|
||||
- /* First, check that current configuration is valid. */
|
||||
+ /* Require force if authselect.conf is missing or invalid but otherwise
|
||||
+ * ignore user changes. */
|
||||
ret = authselect_validate_configuration(&is_valid);
|
||||
- if (ret != EOK && ret != ENOENT) {
|
||||
- ERROR("Unable to check configuration [%d]: %s", ret, strerror(ret));
|
||||
- goto done;
|
||||
- }
|
||||
-
|
||||
- if (!is_valid) {
|
||||
- ERROR("Unexpected changes to the configuration were detected.");
|
||||
- ERROR("Refusing to activate profile unless those changes are removed "
|
||||
- "or overwrite is requested.");
|
||||
+ if (ret != EOK) {
|
||||
+ ERROR("%s is missing or unreadable, system was not properly configured "
|
||||
+ "by authselect.", PATH_CONFIG_FILE);
|
||||
+ ERROR("Refusing to activate profile unless overwrite is requested.");
|
||||
ret = EEXIST;
|
||||
goto done;
|
||||
}
|
||||
|
||||
- /* If no configuration is present, check for existing files. */
|
||||
- if (ret == ENOENT) {
|
||||
- if (!authselect_symlinks_location_available()) {
|
||||
- ERROR("File that needs to be overwritten was found");
|
||||
- ERROR("Refusing to activate profile unless this file is removed "
|
||||
- "or overwrite is requested.");
|
||||
- ret = EEXIST;
|
||||
- goto done;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
ret = authselect_profile_activate(profile, features);
|
||||
|
||||
done:
|
||||
diff --git a/src/lib/files/config.c b/src/lib/files/config.c
|
||||
index 2d95a1223220888a71e103fa0face84fd1c89dbb..8a10ef8c4c4ccd1a047b39b3ff6399fe31d17c73 100644
|
||||
--- a/src/lib/files/config.c
|
||||
+++ b/src/lib/files/config.c
|
||||
@@ -142,7 +142,6 @@ authselect_config_locations_writable()
|
||||
{
|
||||
struct authselect_symlink files[] = {
|
||||
{PATH_CONFIG_FILE, NULL, false},
|
||||
- {PATH_COPY_SYSTEM, NULL, false},
|
||||
SYMLINK_FILES
|
||||
};
|
||||
bool result = true;
|
||||
diff --git a/src/lib/files/system.c b/src/lib/files/system.c
|
||||
index b121fc4aa5f0e1482bbbb46055274298c0d6447e..e830942c629f462b3b187a7591a1b9b2c248d9da 100644
|
||||
--- a/src/lib/files/system.c
|
||||
+++ b/src/lib/files/system.c
|
||||
@@ -213,19 +213,11 @@ authselect_system_write(const char **features,
|
||||
|
||||
struct authselect_generated generated[] = GENERATED_FILES(files);
|
||||
char *tmp_files[sizeof(generated)/sizeof(struct authselect_generated)] = {NULL};
|
||||
- char *tmp_copies[sizeof(generated)/sizeof(struct authselect_generated)] = {NULL};
|
||||
|
||||
/* First, write content into temporary files, so we can safely fail
|
||||
* on error. */
|
||||
now = time(NULL);
|
||||
for (i = 0; generated[i].path != NULL; i++) {
|
||||
- ret = authselect_system_write_temp(generated[i].copy_path,
|
||||
- generated[i].content,
|
||||
- now, &tmp_copies[i]);
|
||||
- if (ret != EOK) {
|
||||
- goto done;
|
||||
- }
|
||||
-
|
||||
ret = authselect_system_write_temp(generated[i].path,
|
||||
generated[i].content,
|
||||
now, &tmp_files[i]);
|
||||
@@ -241,14 +233,6 @@ authselect_system_write(const char **features,
|
||||
* can fail is EIO which we can not do anything about and we can not
|
||||
* even recover from it.
|
||||
*/
|
||||
- for (i = 0; generated[i].copy_path != NULL; i++) {
|
||||
- ret = authselect_system_rename_temp(&tmp_copies[i],
|
||||
- generated[i].copy_path);
|
||||
- if (ret != EOK) {
|
||||
- goto done;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
for (i = 0; generated[i].path != NULL; i++) {
|
||||
ret = authselect_system_rename_temp(&tmp_files[i], generated[i].path);
|
||||
if (ret != EOK) {
|
||||
@@ -261,12 +245,6 @@ authselect_system_write(const char **features,
|
||||
done:
|
||||
if (ret != EOK) {
|
||||
for (i = 0; generated[i].path != NULL; i++) {
|
||||
- if (tmp_copies[i] != NULL) {
|
||||
- unlink(tmp_copies[i]);
|
||||
- free(tmp_copies[i]);
|
||||
- tmp_copies[i] = NULL;
|
||||
- }
|
||||
-
|
||||
if (tmp_files[i] != NULL) {
|
||||
unlink(tmp_files[i]);
|
||||
free(tmp_files[i]);
|
||||
@@ -280,46 +258,12 @@ done:
|
||||
}
|
||||
|
||||
static bool
|
||||
-authselect_system_validate_file(const char *path,
|
||||
- const char *copy_path,
|
||||
- const char *expected)
|
||||
+authselect_system_validate_file(const char *path)
|
||||
{
|
||||
- char *content;
|
||||
- char *copy_content;
|
||||
errno_t ret;
|
||||
bool bret;
|
||||
|
||||
INFO("Validating file [%s]", path);
|
||||
- expected = expected == NULL ? "" : expected;
|
||||
-
|
||||
- ret = textfile_read(path, AUTHSELECT_FILE_SIZE_LIMIT, &content);
|
||||
- if (ret == ENOENT) {
|
||||
- ERROR("[%s] does not exist!", path);
|
||||
- return false;
|
||||
- } else if (ret == EACCES) {
|
||||
- ERROR("Unable to read [%s] [%d]: %s", path, ret, strerror(ret));
|
||||
- return false;
|
||||
- } else if (ret != EOK) {
|
||||
- ERROR("Unable to validate file [%s] [%d]: %s", path, ret, strerror(ret));
|
||||
- return false;
|
||||
- }
|
||||
-
|
||||
- ret = textfile_read(copy_path, AUTHSELECT_FILE_SIZE_LIMIT, ©_content);
|
||||
- if (ret == EOK) {
|
||||
- /* Compare against copy of the originally generated files. */
|
||||
- INFO("Comparing content against [%s]", copy_path);
|
||||
- bret = strcmp(content, copy_content) == 0;
|
||||
- free(copy_content);
|
||||
- } else {
|
||||
- INFO("Comparing content against current profile");
|
||||
- bret = template_validate_written_content(content, expected);
|
||||
- }
|
||||
-
|
||||
- free(content);
|
||||
- if (!bret) {
|
||||
- ERROR("[%s] has unexpected content!", path);
|
||||
- return false;
|
||||
- }
|
||||
|
||||
ret = file_is_regular(path, AUTHSELECT_UID, AUTHSELECT_GID,
|
||||
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, &bret);
|
||||
@@ -341,9 +285,7 @@ authselect_system_validate(struct authselect_files *files)
|
||||
int i;
|
||||
|
||||
for (i = 0; generated[i].path != NULL; i++) {
|
||||
- bret = authselect_system_validate_file(generated[i].path,
|
||||
- generated[i].copy_path,
|
||||
- generated[i].content);
|
||||
+ bret = authselect_system_validate_file(generated[i].path);
|
||||
result &= bret;
|
||||
if (!bret) {
|
||||
WARN("File [%s] was modified outside authselect!",
|
||||
diff --git a/src/lib/paths.h b/src/lib/paths.h
|
||||
index e6f7b32013a901d35d9d385a3a50dc4868b80d70..ca30b784f8bc63150f46ef08a26ec2bc5bcb3d67 100644
|
||||
--- a/src/lib/paths.h
|
||||
+++ b/src/lib/paths.h
|
||||
@@ -56,17 +56,6 @@
|
||||
/* Path to files that can be modified by user. */
|
||||
#define PATH_USER_NSSWITCH AUTHSELECT_CONFIG_DIR "/user-nsswitch.conf"
|
||||
|
||||
-/* Paths to copy generated system files. Used to check changes
|
||||
- * in configuration. */
|
||||
-#define PATH_COPY_SYSTEM AUTHSELECT_STATE_DIR "/" FILE_SYSTEM
|
||||
-#define PATH_COPY_PASSWORD AUTHSELECT_STATE_DIR "/" FILE_PASSWORD
|
||||
-#define PATH_COPY_FINGERPRINT AUTHSELECT_STATE_DIR "/" FILE_FINGERPRINT
|
||||
-#define PATH_COPY_SMARTCARD AUTHSELECT_STATE_DIR "/" FILE_SMARTCARD
|
||||
-#define PATH_COPY_POSTLOGIN AUTHSELECT_STATE_DIR "/" FILE_POSTLOGIN
|
||||
-#define PATH_COPY_NSSWITCH AUTHSELECT_STATE_DIR "/" FILE_NSSWITCH
|
||||
-#define PATH_COPY_DCONF_DB AUTHSELECT_STATE_DIR "/" FILE_DCONF_DB
|
||||
-#define PATH_COPY_DCONF_LOCK AUTHSELECT_STATE_DIR "/" FILE_DCONF_LOCK
|
||||
-
|
||||
/* Names of symbolic links that points to generated files. */
|
||||
#define PATH_SYMLINK_SYSTEM AUTHSELECT_PAM_DIR "/" FILE_SYSTEM
|
||||
#define PATH_SYMLINK_PASSWORD AUTHSELECT_PAM_DIR "/" FILE_PASSWORD
|
||||
@@ -86,47 +75,46 @@
|
||||
* @see GENERATED_FILES, GENERATED_FILES_PATHS */
|
||||
struct authselect_generated {
|
||||
const char *path;
|
||||
- const char *copy_path;
|
||||
const char *content;
|
||||
};
|
||||
|
||||
-#define GENERATED_FILES(files) \
|
||||
-{ \
|
||||
- {PATH_SYSTEM, PATH_COPY_SYSTEM, (files)->systemauth}, \
|
||||
- {PATH_PASSWORD, PATH_COPY_PASSWORD, (files)->passwordauth}, \
|
||||
- {PATH_FINGERPRINT, PATH_COPY_FINGERPRINT, (files)->fingerprintauth}, \
|
||||
- {PATH_SMARTCARD, PATH_COPY_SMARTCARD, (files)->smartcardauth}, \
|
||||
- {PATH_POSTLOGIN, PATH_COPY_POSTLOGIN, (files)->postlogin}, \
|
||||
- {PATH_NSSWITCH, PATH_COPY_NSSWITCH, (files)->nsswitch}, \
|
||||
- {PATH_DCONF_DB, PATH_COPY_DCONF_DB, (files)->dconfdb}, \
|
||||
- {PATH_DCONF_LOCK, PATH_COPY_DCONF_LOCK, (files)->dconflock}, \
|
||||
- {NULL, NULL, NULL} \
|
||||
+#define GENERATED_FILES(files) \
|
||||
+{ \
|
||||
+ {PATH_SYSTEM, (files)->systemauth}, \
|
||||
+ {PATH_PASSWORD, (files)->passwordauth}, \
|
||||
+ {PATH_FINGERPRINT, (files)->fingerprintauth}, \
|
||||
+ {PATH_SMARTCARD, (files)->smartcardauth}, \
|
||||
+ {PATH_POSTLOGIN, (files)->postlogin}, \
|
||||
+ {PATH_NSSWITCH, (files)->nsswitch}, \
|
||||
+ {PATH_DCONF_DB, (files)->dconfdb}, \
|
||||
+ {PATH_DCONF_LOCK, (files)->dconflock}, \
|
||||
+ {NULL, NULL} \
|
||||
}
|
||||
|
||||
-#define GENERATED_FILES_PATHS \
|
||||
-{ \
|
||||
- {PATH_SYSTEM, NULL, NULL}, \
|
||||
- {PATH_PASSWORD, NULL, NULL}, \
|
||||
- {PATH_FINGERPRINT, NULL, NULL}, \
|
||||
- {PATH_SMARTCARD, NULL, NULL}, \
|
||||
- {PATH_POSTLOGIN, NULL, NULL}, \
|
||||
- {PATH_NSSWITCH, NULL, NULL}, \
|
||||
- {PATH_DCONF_DB, NULL, NULL}, \
|
||||
- {PATH_DCONF_LOCK, NULL, NULL}, \
|
||||
- {NULL, NULL, NULL} \
|
||||
+#define GENERATED_FILES_PATHS \
|
||||
+{ \
|
||||
+ {PATH_SYSTEM, NULL}, \
|
||||
+ {PATH_PASSWORD, NULL}, \
|
||||
+ {PATH_FINGERPRINT, NULL}, \
|
||||
+ {PATH_SMARTCARD, NULL}, \
|
||||
+ {PATH_POSTLOGIN, NULL}, \
|
||||
+ {PATH_NSSWITCH, NULL}, \
|
||||
+ {PATH_DCONF_DB, NULL}, \
|
||||
+ {PATH_DCONF_LOCK, NULL}, \
|
||||
+ {NULL, NULL} \
|
||||
}
|
||||
|
||||
-#define PROFILE_FILES(files) \
|
||||
-{ \
|
||||
- {FILE_SYSTEM, NULL, (files)->systemauth}, \
|
||||
- {FILE_PASSWORD, NULL, (files)->passwordauth}, \
|
||||
- {FILE_FINGERPRINT, NULL, (files)->fingerprintauth}, \
|
||||
- {FILE_SMARTCARD, NULL, (files)->smartcardauth}, \
|
||||
- {FILE_POSTLOGIN, NULL, (files)->postlogin}, \
|
||||
- {FILE_NSSWITCH, NULL, (files)->nsswitch}, \
|
||||
- {FILE_DCONF_DB, NULL, (files)->dconfdb}, \
|
||||
- {FILE_DCONF_LOCK, NULL, (files)->dconflock}, \
|
||||
- {NULL, NULL, NULL} \
|
||||
+#define PROFILE_FILES(files) \
|
||||
+{ \
|
||||
+ {FILE_SYSTEM, (files)->systemauth}, \
|
||||
+ {FILE_PASSWORD, (files)->passwordauth}, \
|
||||
+ {FILE_FINGERPRINT, (files)->fingerprintauth}, \
|
||||
+ {FILE_SMARTCARD, (files)->smartcardauth}, \
|
||||
+ {FILE_POSTLOGIN, (files)->postlogin}, \
|
||||
+ {FILE_NSSWITCH, (files)->nsswitch}, \
|
||||
+ {FILE_DCONF_DB, (files)->dconfdb}, \
|
||||
+ {FILE_DCONF_LOCK, (files)->dconflock}, \
|
||||
+ {NULL, NULL} \
|
||||
}
|
||||
|
||||
/* Structure to hold information about symbolic link names and destinations.
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,92 +0,0 @@
|
|||
From 87a19680be527ebc8035afc850078ca10000ba7b Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 11:58:57 +0100
|
||||
Subject: [PATCH 03/11] lib: let authselect_uninstall delete files from
|
||||
/etc/authselect
|
||||
|
||||
This is to ensure that there are no left overs.
|
||||
---
|
||||
src/lib/authselect.c | 10 ++++++++++
|
||||
src/lib/files/files.h | 6 ++++++
|
||||
src/lib/files/system.c | 30 ++++++++++++++++++++++++++++++
|
||||
3 files changed, 46 insertions(+)
|
||||
|
||||
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
|
||||
index b84aa73351448dc5caf802ae7282ebd9aa1c27d7..62a0fde47d122cea21f3738e7badc2fdb6a7c78b 100644
|
||||
--- a/src/lib/authselect.c
|
||||
+++ b/src/lib/authselect.c
|
||||
@@ -142,6 +142,16 @@ authselect_uninstall(void)
|
||||
|
||||
INFO("Symbolic links were successfully removed");
|
||||
|
||||
+ /* Remove files from /etc/authselect */
|
||||
+ ret = authselect_files_uninstall();
|
||||
+ if (ret != EOK) {
|
||||
+ ERROR("Unable to remove authselect configuration [%d]: %s",
|
||||
+ ret, strerror(ret));
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ INFO("Authselect configuration was successfully removed");
|
||||
+
|
||||
return EOK;
|
||||
}
|
||||
|
||||
diff --git a/src/lib/files/files.h b/src/lib/files/files.h
|
||||
index d91e80e176ebead21fa24acea5eccc97838bb2a5..9a551b3c0c3da3b241cdd9bd88ed550e1e60c72a 100644
|
||||
--- a/src/lib/files/files.h
|
||||
+++ b/src/lib/files/files.h
|
||||
@@ -229,6 +229,12 @@ authselect_symlinks_location_available(void);
|
||||
errno_t
|
||||
authselect_symlinks_uninstall();
|
||||
|
||||
+/**
|
||||
+ * Remove files from authselect directory.
|
||||
+ */
|
||||
+errno_t
|
||||
+authselect_files_uninstall(void);
|
||||
+
|
||||
/**
|
||||
* List all profile directories in a sorted NULL-terminated string array.
|
||||
*
|
||||
diff --git a/src/lib/files/system.c b/src/lib/files/system.c
|
||||
index e830942c629f462b3b187a7591a1b9b2c248d9da..0cbe2d0a495a98ec24f822b0bd64b7538887f047 100644
|
||||
--- a/src/lib/files/system.c
|
||||
+++ b/src/lib/files/system.c
|
||||
@@ -319,3 +319,33 @@ authselect_system_validate_missing()
|
||||
|
||||
return result;
|
||||
}
|
||||
+
|
||||
+errno_t
|
||||
+authselect_files_uninstall()
|
||||
+{
|
||||
+ struct authselect_generated generated[] = GENERATED_FILES_PATHS;
|
||||
+ errno_t ret;
|
||||
+ int iret;
|
||||
+ int i;
|
||||
+
|
||||
+ errno = 0;
|
||||
+ iret = unlink(PATH_CONFIG_FILE);
|
||||
+ if (iret != 0 && errno != ENOENT) {
|
||||
+ ret = errno;
|
||||
+ ERROR("Unable to delete [%s] [%d]: %s", PATH_CONFIG_FILE,
|
||||
+ ret, strerror(ret));
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; generated[i].path != NULL; i++) {
|
||||
+ /* We can ignore errors here. */
|
||||
+ iret = unlink(generated[i].path);
|
||||
+ if (iret != 0 && errno != ENOENT) {
|
||||
+ ret = errno;
|
||||
+ WARN("Unable to delete [%s] [%d]: %s", generated[i].path,
|
||||
+ ret, strerror(ret));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return EOK;
|
||||
+}
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,107 +0,0 @@
|
|||
From f337c17c359c7264395804e6d15e1c294e458dbe Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 12:00:00 +0100
|
||||
Subject: [PATCH 04/11] cli: add opt-out command
|
||||
|
||||
To opt-out from authselect managed configuration.
|
||||
---
|
||||
rpm/authselect.spec.in | 2 +-
|
||||
src/cli/authselect-completion.sh | 2 +-
|
||||
src/cli/main.c | 4 +++-
|
||||
src/lib/authselect.c | 6 ++++++
|
||||
src/man/authselect.8.adoc | 14 ++++++++++++++
|
||||
5 files changed, 25 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
|
||||
index 9f36d0dcf001f953b8384d54f60af25d71ef0321..6e178b88bc2f19cb17692b029430e3eca13dfbef 100644
|
||||
--- a/rpm/authselect.spec.in
|
||||
+++ b/rpm/authselect.spec.in
|
||||
@@ -264,7 +264,7 @@ if [ $1 == 0 ] ; then
|
||||
# deleted safely. If this fail, the uninstallation must fail to avoid
|
||||
# breaking the system by removing PAM files. However, the command can
|
||||
# only fail if it can not write to the file system.
|
||||
- %{_bindir}/authselect uninstall
|
||||
+ %{_bindir}/authselect opt-out
|
||||
fi
|
||||
|
||||
%pre libs
|
||||
diff --git a/src/cli/authselect-completion.sh b/src/cli/authselect-completion.sh
|
||||
index 84a63c9ec9278417720f6bde270c498a700ca48d..8f03aee850a088cdf77bf3dda3a2cf017e257709 100644
|
||||
--- a/src/cli/authselect-completion.sh
|
||||
+++ b/src/cli/authselect-completion.sh
|
||||
@@ -191,7 +191,7 @@ _authselect_completions()
|
||||
|
||||
COMMANDS=(select apply-changes list list-features show requirements current
|
||||
check test enable-feature disable-feature create-profile
|
||||
- backup-list backup-remove backup-restore)
|
||||
+ backup-list backup-remove backup-restore opt-out)
|
||||
|
||||
possibleopts="$(get_option_params)"
|
||||
if [[ "$possibleopts" != "" ]]; then
|
||||
diff --git a/src/cli/main.c b/src/cli/main.c
|
||||
index 575e56f00edfc35ab4b5368ee40a497016d68cc3..db5f6dc2de6f4f58273f0719f8bb77122edfafe5 100644
|
||||
--- a/src/cli/main.c
|
||||
+++ b/src/cli/main.c
|
||||
@@ -967,7 +967,9 @@ int main(int argc, const char **argv)
|
||||
CLI_TOOL_COMMAND("backup-list", "List available backups", CLI_CMD_NONE, backup_list),
|
||||
CLI_TOOL_COMMAND("backup-remove", "Remove backup", CLI_CMD_REQUIRE_ROOT, backup_remove),
|
||||
CLI_TOOL_COMMAND("backup-restore", "Restore from backup", CLI_CMD_REQUIRE_ROOT, backup_restore),
|
||||
- CLI_TOOL_COMMAND("uninstall", "Uninstall authselect configuration", CLI_CMD_REQUIRE_ROOT | CLI_CMD_HIDDEN, uninstall),
|
||||
+ CLI_TOOL_DELIMITER("Other:"),
|
||||
+ CLI_TOOL_COMMAND("opt-out", "Opt-out from authselect managed configuration", CLI_CMD_REQUIRE_ROOT, uninstall),
|
||||
+ /* Hidden commands */
|
||||
CLI_TOOL_COMMAND("version", "Print authselect version", CLI_CMD_HIDDEN, version),
|
||||
CLI_TOOL_LAST
|
||||
};
|
||||
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
|
||||
index 62a0fde47d122cea21f3738e7badc2fdb6a7c78b..6b8edf32a50a06fdaa583146c1b8a549ba17130a 100644
|
||||
--- a/src/lib/authselect.c
|
||||
+++ b/src/lib/authselect.c
|
||||
@@ -114,6 +114,12 @@ authselect_activate(const char *profile_id,
|
||||
goto done;
|
||||
}
|
||||
|
||||
+ if (!is_valid) {
|
||||
+ ERROR("Changes to the authselect configuration were detected. "
|
||||
+ "These changes will be overwritten. Please call "
|
||||
+ "'authselect opt-out' in order to keep them.");
|
||||
+ }
|
||||
+
|
||||
ret = authselect_profile_activate(profile, features);
|
||||
|
||||
done:
|
||||
diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc
|
||||
index ff6dc1e234580061e059316451a1ed293cd1502e..47e04106543825a4c0995a22c336bd7d2d1f9c81 100644
|
||||
--- a/src/man/authselect.8.adoc
|
||||
+++ b/src/man/authselect.8.adoc
|
||||
@@ -37,6 +37,12 @@ automatically generate a backup of your current configuration so if you wish
|
||||
to go back you can restore it with *authselect backup-restore* command
|
||||
(see description below).
|
||||
|
||||
+OPT-OUT FROM AUTHSELECT
|
||||
+-----------------------
|
||||
+To stop authselect from managing your configuration, run *authselect opt-out*.
|
||||
+This will remove all authselect configuration from your system and you can then
|
||||
+modify your configuration manually.
|
||||
+
|
||||
AVAILABLE COMMANDS
|
||||
------------------
|
||||
To list all available commands run *authselect* without any parameters.
|
||||
@@ -232,6 +238,14 @@ These commands can be used to manage backed up configurations.
|
||||
Restore configuration from backup named _BACKUP_. *Note:* this will
|
||||
overwrite current configuration.
|
||||
|
||||
+OTHER COMMANDS
|
||||
+--------------
|
||||
+
|
||||
+*opt-out*::
|
||||
+ Remove authselect configuration. This will restore nsswitch and PAM
|
||||
+ configuration under its system location and authselect will no longer
|
||||
+ manage it. Run *authselect select* to opt-in again.
|
||||
+
|
||||
COMMON OPTIONS
|
||||
--------------
|
||||
These options are available with all commands.
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
From 4f6f91cf8098053dd855d6b8a1c20fcb8815a90c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 12:00:29 +0100
|
||||
Subject: [PATCH 05/11] lib: make preambule more descriptive
|
||||
|
||||
---
|
||||
src/lib/util/template.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/util/template.c b/src/lib/util/template.c
|
||||
index 17513dc733016e8b59df5d33fc25794122677211..8ecb0428634ea487e3f6454ec243ebffc7d0fec2 100644
|
||||
--- a/src/lib/util/template.c
|
||||
+++ b/src/lib/util/template.c
|
||||
@@ -567,7 +567,9 @@ template_generate_preamble(time_t timestamp)
|
||||
}
|
||||
|
||||
preamble = format("# Generated by authselect on %s\n"
|
||||
- "# Do not modify this file manually.\n\n",
|
||||
+ "# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.\n"
|
||||
+ "# You can stop authselect from managing your configuration by calling 'authselect opt-out'.\n"
|
||||
+ "# See authselect(8) for more details.\n\n",
|
||||
trimmed);
|
||||
free(trimmed);
|
||||
if (preamble == NULL) {
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
From 4c08cf7b01ea2c219de30f944b08f50663974104 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 12:15:35 +0100
|
||||
Subject: [PATCH 06/11] spec: own user-nsswitch-created only if
|
||||
with_user_nsswitch
|
||||
|
||||
---
|
||||
rpm/authselect.spec.in | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
|
||||
index 6e178b88bc2f19cb17692b029430e3eca13dfbef..781d0193c02c9c4c9fa18596caeebe7e02a25a12 100644
|
||||
--- a/rpm/authselect.spec.in
|
||||
+++ b/rpm/authselect.spec.in
|
||||
@@ -179,12 +179,12 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
||||
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/smartcard-auth
|
||||
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/system-auth
|
||||
%endif
|
||||
-%if %{with_user_nsswitch}
|
||||
-%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf
|
||||
-%endif
|
||||
%dir %{_localstatedir}/lib/authselect
|
||||
%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/
|
||||
+%if %{with_user_nsswitch}
|
||||
+%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf
|
||||
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created
|
||||
+%endif
|
||||
%dir %{_datadir}/authselect
|
||||
%dir %{_datadir}/authselect/vendor
|
||||
%dir %{_datadir}/authselect/default
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,256 +0,0 @@
|
|||
From 3a3df3b409d599682de3936374fc6de9c7163373 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 12:37:37 +0100
|
||||
Subject: [PATCH 07/11] cli: check command return 6 if no configuration is
|
||||
detected
|
||||
|
||||
If no configuration is detected at all (no files in /etc/authselect
|
||||
and no system configuration is present either) the check command now
|
||||
returns 6. This can be used to detect fresh installation.
|
||||
---
|
||||
include/authselect.h | 5 +++--
|
||||
src/cli/cli_tool.c | 2 ++
|
||||
src/cli/main.c | 10 ++++++++--
|
||||
src/lib/authselect.c | 13 ++++++++----
|
||||
src/lib/files/config.c | 36 ++++++++++++++++++++++++++++++---
|
||||
src/lib/files/files.h | 42 +++++++++++++++++++++++++--------------
|
||||
src/man/authselect.8.adoc | 1 +
|
||||
7 files changed, 83 insertions(+), 26 deletions(-)
|
||||
|
||||
diff --git a/include/authselect.h b/include/authselect.h
|
||||
index 5b6cad122257e3ae9509d5799a02668c6705e978..bf04aace4607f765a5b46185a4e9ef70867f73f6 100644
|
||||
--- a/include/authselect.h
|
||||
+++ b/include/authselect.h
|
||||
@@ -192,8 +192,9 @@ authselect_feature_disable(const char *feature);
|
||||
* @return
|
||||
* - 0 if there is an existing authselect configuration, the result of
|
||||
* validation is returned in @_is_valid output variable.
|
||||
- * - ENOENT if there is no existing authselect configuration, the result of
|
||||
- * validation is returned in @_is_valid output variable.
|
||||
+ * - ENOENT if there is no existing configuration
|
||||
+ * - EEXIST if there is existing configuration, not created by authselect,
|
||||
+ * the result of validation is returned in @_is_valid output variable.
|
||||
* - Other errno code on generic error.
|
||||
*/
|
||||
int
|
||||
diff --git a/src/cli/cli_tool.c b/src/cli/cli_tool.c
|
||||
index 64807af3cb0c3aeb70ff652962dca62a3b99c431..83bc1ef339bdc5e610c930ccb605946f0096fb1a 100644
|
||||
--- a/src/cli/cli_tool.c
|
||||
+++ b/src/cli/cli_tool.c
|
||||
@@ -445,6 +445,8 @@ int cli_tool_main(int argc, const char **argv,
|
||||
return 4;
|
||||
case EACCES:
|
||||
return 5;
|
||||
+ case ENODEV:
|
||||
+ return 6;
|
||||
}
|
||||
|
||||
/* Generic error. */
|
||||
diff --git a/src/cli/main.c b/src/cli/main.c
|
||||
index db5f6dc2de6f4f58273f0719f8bb77122edfafe5..afe10097612a06b78f0aa45738dc4f9cc3a4f9c9 100644
|
||||
--- a/src/cli/main.c
|
||||
+++ b/src/cli/main.c
|
||||
@@ -349,7 +349,7 @@ static errno_t check(struct cli_cmdline *cmdline)
|
||||
}
|
||||
|
||||
ret = authselect_validate_configuration(&is_valid);
|
||||
- if (ret != EOK && ret != ENOENT) {
|
||||
+ if (ret != EOK && ret != ENOENT && ret != EEXIST) {
|
||||
ERROR("Unable to test current configuration [%d]: %s",
|
||||
ret, strerror(ret));
|
||||
|
||||
@@ -367,12 +367,18 @@ static errno_t check(struct cli_cmdline *cmdline)
|
||||
puts(_("Current configuration is valid."));
|
||||
break;
|
||||
case ENOENT:
|
||||
+ puts(_("No configuration detected."));
|
||||
+ ret = ENODEV;
|
||||
+ break;
|
||||
+ case EEXIST:
|
||||
puts(_("System was not configured with authselect."));
|
||||
+ ret = ENOENT; /* for backwards compatibility */
|
||||
break;
|
||||
}
|
||||
|
||||
/* EOK = existing configuration is valid,
|
||||
- * ENOENT = non-existing configuration is valid */
|
||||
+ * ENODEV = no configuration detected,
|
||||
+ * ENOENT = non-authselet configuration is valid */
|
||||
return ret;
|
||||
}
|
||||
|
||||
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
|
||||
index 6b8edf32a50a06fdaa583146c1b8a549ba17130a..bcb53f03c67c6b822480ad3557919ca75f045949 100644
|
||||
--- a/src/lib/authselect.c
|
||||
+++ b/src/lib/authselect.c
|
||||
@@ -271,14 +271,19 @@ authselect_validate_configuration(bool *_is_valid)
|
||||
|
||||
ret = authselect_config_read(&profile_id, &features);
|
||||
if (ret == ENOENT) {
|
||||
- *_is_valid = authselect_config_validate_non_existing();
|
||||
- return ENOENT;
|
||||
+ *_is_valid = authselect_config_validate_user();
|
||||
+
|
||||
+ if (*_is_valid && authselect_config_validate_missing()) {
|
||||
+ return ENOENT;
|
||||
+ }
|
||||
+
|
||||
+ return EEXIST;
|
||||
} if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
- *_is_valid = authselect_config_validate_existing(profile_id,
|
||||
- (const char **)features);
|
||||
+ *_is_valid = authselect_config_validate_authselect(profile_id,
|
||||
+ (const char **)features);
|
||||
|
||||
free(profile_id);
|
||||
string_array_free(features);
|
||||
diff --git a/src/lib/files/config.c b/src/lib/files/config.c
|
||||
index 8a10ef8c4c4ccd1a047b39b3ff6399fe31d17c73..c841860e347d08bcfb14ca51c0630b453d186d00 100644
|
||||
--- a/src/lib/files/config.c
|
||||
+++ b/src/lib/files/config.c
|
||||
@@ -183,8 +183,8 @@ authselect_config_locations_writable()
|
||||
}
|
||||
|
||||
bool
|
||||
-authselect_config_validate_existing(const char *profile_id,
|
||||
- const char **features)
|
||||
+authselect_config_validate_authselect(const char *profile_id,
|
||||
+ const char **features)
|
||||
{
|
||||
struct authselect_files *files;
|
||||
bool result = true;
|
||||
@@ -209,7 +209,7 @@ authselect_config_validate_existing(const char *profile_id,
|
||||
}
|
||||
|
||||
bool
|
||||
-authselect_config_validate_non_existing()
|
||||
+authselect_config_validate_user()
|
||||
{
|
||||
bool result = true;
|
||||
|
||||
@@ -218,3 +218,33 @@ authselect_config_validate_non_existing()
|
||||
|
||||
return result;
|
||||
}
|
||||
+
|
||||
+bool
|
||||
+authselect_config_validate_missing()
|
||||
+{
|
||||
+ struct authselect_generated generated[] = GENERATED_FILES_PATHS;
|
||||
+ struct authselect_symlink symlinks[] = {SYMLINK_FILES};
|
||||
+ errno_t ret;
|
||||
+ int i;
|
||||
+
|
||||
+ ret = file_exists(PATH_CONFIG_FILE);
|
||||
+ if (ret != ENOENT) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; generated[i].path != NULL; i++) {
|
||||
+ ret = file_exists(generated[i].path);
|
||||
+ if (ret != ENOENT) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; symlinks[i].name != NULL; i++) {
|
||||
+ ret = file_exists(symlinks[i].name);
|
||||
+ if (ret != ENOENT) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
diff --git a/src/lib/files/files.h b/src/lib/files/files.h
|
||||
index 9a551b3c0c3da3b241cdd9bd88ed550e1e60c72a..5eeca3ebf58e730c586d6bf6bf18e22a67218067 100644
|
||||
--- a/src/lib/files/files.h
|
||||
+++ b/src/lib/files/files.h
|
||||
@@ -71,7 +71,7 @@ bool
|
||||
authselect_config_locations_writable(void);
|
||||
|
||||
/**
|
||||
- * Validate existing configuration.
|
||||
+ * Validate existing authselect configuration.
|
||||
*
|
||||
* Check that all files are created, readable and with correct content
|
||||
* and that all symbolic links exist.
|
||||
@@ -79,8 +79,31 @@ authselect_config_locations_writable(void);
|
||||
* @return True if the configuration is valid, false otherwise.
|
||||
*/
|
||||
bool
|
||||
-authselect_config_validate_existing(const char *profile_id,
|
||||
- const char **features);
|
||||
+authselect_config_validate_authselect(const char *profile_id,
|
||||
+ const char **features);
|
||||
+
|
||||
+/**
|
||||
+ * Validate existing non-authselect configuration.
|
||||
+ *
|
||||
+ * Check that there are no left overs from previous authselect configuration.
|
||||
+ * All generated files must be removed and all symbolic links must either not
|
||||
+ * exists, point to different location or must be other file or directory.
|
||||
+ *
|
||||
+ * @return True if the are no left overs, false otherwise.
|
||||
+ */
|
||||
+bool
|
||||
+authselect_config_validate_user(void);
|
||||
+
|
||||
+/**
|
||||
+ * Validate missing configuration.
|
||||
+ *
|
||||
+ * Check that there is no configuration at all (there are no authselect and
|
||||
+ * no system files present).
|
||||
+ *
|
||||
+ * @return True if there is no configuration, false otherwise.
|
||||
+ */
|
||||
+bool
|
||||
+authselect_config_validate_missing(void);
|
||||
|
||||
/**
|
||||
* Generate contents of nsswitch.conf.
|
||||
@@ -108,18 +131,6 @@ errno_t
|
||||
authselect_nsswitch_find_maps(char *content,
|
||||
char ***_maps);
|
||||
|
||||
-/**
|
||||
- * Validate non-existing configuration.
|
||||
- *
|
||||
- * Check that there are no left overs from previous authselect configuration.
|
||||
- * All generated files must be removed and all symbolic links must either not
|
||||
- * exists, point to different location or must be other file or directory.
|
||||
- *
|
||||
- * @return True if the are no left overs, false otherwise.
|
||||
- */
|
||||
-bool
|
||||
-authselect_config_validate_non_existing();
|
||||
-
|
||||
/**
|
||||
* Read system files templates and return them in files structure.
|
||||
*
|
||||
@@ -235,6 +246,7 @@ authselect_symlinks_uninstall();
|
||||
errno_t
|
||||
authselect_files_uninstall(void);
|
||||
|
||||
+
|
||||
/**
|
||||
* List all profile directories in a sorted NULL-terminated string array.
|
||||
*
|
||||
diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc
|
||||
index 47e04106543825a4c0995a22c336bd7d2d1f9c81..9295701619332f23db74c8560b8ac2003a0b6c4d 100644
|
||||
--- a/src/man/authselect.8.adoc
|
||||
+++ b/src/man/authselect.8.adoc
|
||||
@@ -363,6 +363,7 @@ The *authselect* can return these exit codes:
|
||||
* 3: Current configuration is not valid, it was edited without authselect.
|
||||
* 4: System configuration must be overwritten to activate an authselect profile, --force parameter is needed.
|
||||
* 5: Executed command must be run as root.
|
||||
+* 6: No configuration was detected.
|
||||
|
||||
GENERATED FILES
|
||||
---------------
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
From 919ffffe831d361c1575899ac17c30a428536714 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 12:43:28 +0100
|
||||
Subject: [PATCH 08/11] spec: do not backup non-existing configuration on fresh
|
||||
install
|
||||
|
||||
Freshly installed system does not have any configuration files to
|
||||
backup.
|
||||
---
|
||||
rpm/authselect.spec.in | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
|
||||
index 781d0193c02c9c4c9fa18596caeebe7e02a25a12..dc21389fdc91db3d115699f1db16eb8dc906ac8c 100644
|
||||
--- a/rpm/authselect.spec.in
|
||||
+++ b/rpm/authselect.spec.in
|
||||
@@ -312,10 +312,15 @@ if %__grep "OSTREE_VERSION=" /etc/os-release &> /dev/null; then
|
||||
done
|
||||
fi
|
||||
|
||||
+%{_bindir}/authselect check &> /dev/null
|
||||
+if [ $? -eq 6 ]; then
|
||||
+ NOBACKUP="--nobackup"
|
||||
+fi
|
||||
+
|
||||
# If we are upgrading from pre authselect-1.3.0 or this is a new installation
|
||||
# select the default configuration.
|
||||
if [ -f %{forcefile} ]; then
|
||||
- %{_bindir}/authselect select %{default_profile} --force &> /dev/null
|
||||
+ %{_bindir}/authselect select %{default_profile} --force $NOBACKUP &> /dev/null
|
||||
%__rm -f %{forcefile}
|
||||
fi
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
From 66e06017494ff092e56373c88787e728ade3d361 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Mon, 31 Jan 2022 12:58:55 +0100
|
||||
Subject: [PATCH 09/11] lib: bump soname version to 4:3:1
|
||||
|
||||
Algorithm used:
|
||||
https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
|
||||
---
|
||||
src/lib/Makefile.am | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
|
||||
index 88411ac51bd8d7c219c3097542e16fa99e0a38a2..365da957a3ee8cd2e5abebc2a5190844f47d4879 100644
|
||||
--- a/src/lib/Makefile.am
|
||||
+++ b/src/lib/Makefile.am
|
||||
@@ -86,7 +86,7 @@ libauthselect_la_CFLAGS = \
|
||||
$(NULL)
|
||||
libauthselect_la_LDFLAGS = \
|
||||
-Wl,--version-script=$(srcdir)/authselect.exports \
|
||||
- -version-info 4:2:1
|
||||
+ -version-info 4:3:1
|
||||
|
||||
pkgconfigdir = $(libdir)/pkgconfig
|
||||
pkgconfig_DATA = \
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
From e12f91ecaf437315c02d74aef9d08a5def140d6c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Tue, 1 Feb 2022 09:57:01 +0100
|
||||
Subject: [PATCH 10/11] spec: fix detection of ostree system
|
||||
|
||||
The information in /etc/os-release may not be available if the system
|
||||
has not yet been mutated into ostree. This may happen during initial
|
||||
compose.
|
||||
---
|
||||
rpm/authselect.spec.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
|
||||
index dc21389fdc91db3d115699f1db16eb8dc906ac8c..fa01d4508b34023ad36d7bbfc6ffb05c517a9198 100644
|
||||
--- a/rpm/authselect.spec.in
|
||||
+++ b/rpm/authselect.spec.in
|
||||
@@ -301,7 +301,7 @@ fi
|
||||
|
||||
# Keep nss-altfiles for all rpm-ostree based systems.
|
||||
# See https://github.com/authselect/authselect/issues/48
|
||||
-if %__grep "OSTREE_VERSION=" /etc/os-release &> /dev/null; then
|
||||
+if test -e /run/ostree-booted; then
|
||||
for PROFILE in `ls %{_datadir}/authselect/default`; do
|
||||
%{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null
|
||||
%if %{with_user_nsswitch}
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
From 33230db31309b08a4e332fc5ee49f440871b7ee8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Tue, 1 Feb 2022 09:58:29 +0100
|
||||
Subject: [PATCH 11/11] spec: remove unnecessary dependencies
|
||||
|
||||
- gawk, findutils and grep are no longer needed in scriptlets
|
||||
- systemd does not have to be required
|
||||
|
||||
PAM and nsswitch.conf from shipped profiles references several
|
||||
systemd modules. However if those modules are not installed,
|
||||
they are simply ignored, therefore this dependency can be
|
||||
omitted.
|
||||
|
||||
systemd is usually installed anyway, but it is not necessary to
|
||||
pull it in on cases when it is not desired, such as in containers.
|
||||
---
|
||||
rpm/authselect.spec.in | 5 +----
|
||||
1 file changed, 1 insertion(+), 4 deletions(-)
|
||||
|
||||
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
|
||||
index fa01d4508b34023ad36d7bbfc6ffb05c517a9198..c11dfa510307e951ec6f9aa15dfe2dd4b19cd2f9 100644
|
||||
--- a/rpm/authselect.spec.in
|
||||
+++ b/rpm/authselect.spec.in
|
||||
@@ -72,11 +72,8 @@ supported by authselect.
|
||||
Summary: Utility library used by the authselect tool
|
||||
# Required by scriptlets
|
||||
Requires: coreutils
|
||||
-Requires: findutils
|
||||
-Requires: gawk
|
||||
-Requires: grep
|
||||
Requires: sed
|
||||
-Requires: systemd
|
||||
+Suggests: systemd
|
||||
%if %{enforce_authselect}
|
||||
# authselect now owns nsswitch.conf (glibc) and pam files
|
||||
Conflicts: pam < 1.5.2-8
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -1,69 +0,0 @@
|
|||
From b9cbd670c2993dd2c6c8c107712c68f8c874ac16 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Thu, 10 Feb 2022 12:40:45 +0100
|
||||
Subject: [PATCH] profile: fix mdns support
|
||||
|
||||
Resolves:
|
||||
https://github.com/authselect/authselect/issues/293
|
||||
---
|
||||
profiles/minimal/nsswitch.conf | 2 +-
|
||||
profiles/nis/nsswitch.conf | 2 +-
|
||||
profiles/sssd/nsswitch.conf | 2 +-
|
||||
profiles/winbind/nsswitch.conf | 2 +-
|
||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/profiles/minimal/nsswitch.conf b/profiles/minimal/nsswitch.conf
|
||||
index 6c3c355b523226a694d64276ffe907cec175022b..563ba030d4c1291023ba36d33eb9f225f10cfa9b 100644
|
||||
--- a/profiles/minimal/nsswitch.conf
|
||||
+++ b/profiles/minimal/nsswitch.conf
|
||||
@@ -2,7 +2,7 @@
|
||||
passwd: files {if "with-altfiles":altfiles }systemd
|
||||
shadow: files
|
||||
group: files {if "with-altfiles":altfiles }systemd
|
||||
-hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
|
||||
+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
|
||||
services: files
|
||||
netgroup: files
|
||||
automount: files
|
||||
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
|
||||
index e60eeaacf68728d7355647c068fff9bbb1916b4a..49b91eaaa1395ea2fcbe402bc29bd7fb24c4a0c9 100644
|
||||
--- a/profiles/nis/nsswitch.conf
|
||||
+++ b/profiles/nis/nsswitch.conf
|
||||
@@ -2,7 +2,7 @@
|
||||
passwd: files {if "with-altfiles":altfiles }nis systemd
|
||||
shadow: files nis
|
||||
group: files {if "with-altfiles":altfiles }nis systemd
|
||||
-hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] nis myhostname dns
|
||||
+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns
|
||||
services: files nis
|
||||
netgroup: files nis
|
||||
automount: files nis
|
||||
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
|
||||
index 526cbaeeecee7649e2b3071c8706ce35ec7ed388..699fac909dd66bec06dcf372a99b487be2d85059 100644
|
||||
--- a/profiles/sssd/nsswitch.conf
|
||||
+++ b/profiles/sssd/nsswitch.conf
|
||||
@@ -2,7 +2,7 @@
|
||||
passwd: {if "with-files-domain":sss }files {if "with-altfiles":altfiles }{if not "with-files-domain":sss }systemd
|
||||
shadow: files
|
||||
group: {if "with-files-domain":sss }files {if "with-altfiles":altfiles }{if not "with-files-domain":sss }systemd
|
||||
-hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
|
||||
+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
|
||||
services: files sss
|
||||
netgroup: files sss
|
||||
sudoers: files sss {include if "with-sudo"}
|
||||
diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
|
||||
index b3ea72d94bc3795113d76178ed070ff8f928e137..835800e50f94256baca99bd31e09ef1488e5eeb1 100644
|
||||
--- a/profiles/winbind/nsswitch.conf
|
||||
+++ b/profiles/winbind/nsswitch.conf
|
||||
@@ -2,7 +2,7 @@
|
||||
passwd: files {if "with-altfiles":altfiles }winbind systemd
|
||||
shadow: files
|
||||
group: files {if "with-altfiles":altfiles }winbind systemd
|
||||
-hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
|
||||
+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
|
||||
services: files
|
||||
netgroup: files
|
||||
automount: files
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
# Whitelist known warnings that can not be fixed
|
||||
addFilter("authselect.*: W: spelling-error %description -l en_US authconfig -> configuration");
|
||||
addFilter("authselect.*: W: non-conffile-in-etc /etc/bash_completion.d/authselect-completion.sh")
|
||||
addFilter("authselect-compat.*: W: self-obsoletion authconfig < 7.0.1-6 obsoletes authconfig")
|
||||
addFilter("authselect-compat.*: W: no-documentation")
|
||||
addFilter("authselect-compat.*: W: no-manual-page-for-binary authconfig")
|
||||
addFilter("authselect-devel.*: W: no-documentation")
|
||||
addFilter("authselect-libs.*: W: dangerous-command-in-%pre rm")
|
||||
addFilter("authselect-libs.*: W: dangerous-command-in-%posttrans cp")
|
|
@ -2,27 +2,14 @@
|
|||
%define _empty_manifest_terminate_build 0
|
||||
|
||||
Name: authselect
|
||||
Version: 1.3.0
|
||||
Release: 10%{?dist}
|
||||
Version: 1.4.0
|
||||
Release: 1%{?dist}
|
||||
Summary: Configures authentication and identity sources from supported profiles
|
||||
URL: https://github.com/authselect/authselect
|
||||
|
||||
License: GPLv3+
|
||||
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
|
||||
|
||||
Patch0001: 0001-main-Drop-an-unnecessary-NULL-check-before-free.patch
|
||||
Patch0002: 0002-lib-drop-strict-change-detection.patch
|
||||
Patch0003: 0003-lib-let-authselect_uninstall-delete-files-from-etc-a.patch
|
||||
Patch0004: 0004-cli-add-opt-out-command.patch
|
||||
Patch0005: 0005-lib-make-preambule-more-descriptive.patch
|
||||
Patch0006: 0006-spec-own-user-nsswitch-created-only-if-with_user_nss.patch
|
||||
Patch0007: 0007-cli-check-command-return-6-if-no-configuration-is-de.patch
|
||||
Patch0008: 0008-spec-do-not-backup-non-existing-configuration-on-fre.patch
|
||||
Patch0009: 0009-lib-bump-soname-version-to-4-3-1.patch
|
||||
Patch0010: 0010-spec-fix-detection-of-ostree-system.patch
|
||||
Patch0011: 0011-spec-remove-unnecessary-dependencies.patch
|
||||
Patch0012: 0012-profile-fix-mdns-support.patch
|
||||
|
||||
%global makedir %{_builddir}/%{name}-%{version}
|
||||
|
||||
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 10
|
||||
|
@ -354,6 +341,9 @@ fi
|
|||
exit 0
|
||||
|
||||
%changelog
|
||||
* Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.0-1
|
||||
- Rebase to 1.3.0
|
||||
|
||||
* Thu Feb 10 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-10
|
||||
- Fix mdns support (#2052269)
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (authselect-1.3.0.tar.gz) = bebccbd0a3a189812c1e2dc85ab4e4514f56f99728b4c4214862b850ddf259918d7e0ee00acd538045d2a71149b761176ecd2d4744a6ff3f19bccda57445351d
|
||||
SHA512 (authselect-1.4.0.tar.gz) = 878603fddcff5f9df07e86f01c1486f331535b455ca4f11bec90e86c8c923137b4cf67a2856bd9f2a5b3f11f1a22f7691a6b1cc702c53291f83ccdadcb70d957
|
||||
|
|
Loading…
Reference in New Issue