rpms
/
sssd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New upstream release 1.12.4 

- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4
This commit is contained in:
Lukas Slebodnik 2015-02-18 21:24:59 +01:00
parent 59bb05ded2
commit 5e6bda777e
12 changed files with 8 additions and 2177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -60,3 +60,4 @@ sssd-1.2.91.tar.gz
/sssd-1.12.1.tar.gz
/sssd-1.12.2.tar.gz
/sssd-1.12.3.tar.gz
/sssd-1.12.4.tar.gz

31
0001-logrotate-Fix-warning-file-size-changed-while-zippin.patch
View File

@ -1,31 +0,0 @@
From 60747736361479fb372ebf4e97477ce0bd6dbced Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Fri, 9 Jan 2015 10:50:59 +0100
Subject: [PATCH] logrotate: Fix warning file size changed while zipping
Postpone compression of the previous log file to the next rotation cycle.
This only has effect when used in combination with compress. We need to use it
because we cannot tell sssd to close log files and thus sssd processes might
continue writing to the previous log file for some time.
Resolves:
https://fedorahosted.org/sssd/ticket/2547
---
src/examples/logrotate | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/examples/logrotate b/src/examples/logrotate
index 9df721f2a989a3f64e20097de3117587288f5039..ecf0c6102873e08dede3c6e7909fcf2a6379d4cf 100644
--- a/src/examples/logrotate
+++ b/src/examples/logrotate
@@ -5,6 +5,7 @@
sharedscripts
rotate 2
compress
+ delaycompress
postrotate
/bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true
endscript
--
2.1.0

46
0002-MAN-dyndns_iface-supports-only-one-interface.patch
View File

@ -1,46 +0,0 @@
From 9d4de68e8160adad5506936d428908a950244c6b Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Wed, 14 Jan 2015 08:44:17 -0500
Subject: [PATCH 2/2] MAN: dyndns_iface supports only one interface
Resolves:
https://fedorahosted.org/sssd/ticket/2548
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 702176303382b5a385e90fe68ad2c32bd708ebf1)
---
src/man/sssd-ad.5.xml | 3 +++
src/man/sssd-ipa.5.xml | 3 +++
2 files changed, 6 insertions(+)
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index b721fb73b20837c9dc3abac25d3300649115c607..e4334139fdca6efcac0362ac87ca3e6e0e5f7642 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -720,6 +720,9 @@ FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)
should be used for dynamic DNS updates.
</para>
<para>
+ NOTE: This option currently supports only one interface.
+ </para>
+ <para>
Default: Use the IP address of the AD LDAP connection
</para>
</listitem>
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 2d8654a3cde76ab205766f8fdcb836aa1002cd43..9b05758f97e9547b1a9e1a2b318c64bff90c9d27 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -170,6 +170,9 @@
should be used for dynamic DNS updates.
</para>
<para>
+ NOTE: This option currently supports only one interface.
+ </para>
+ <para>
NOTE: While it is still possible to use the old
<emphasis>ipa_dyndns_iface</emphasis> option, users
should migrate to using <emphasis>dyndns_iface</emphasis>
--
2.1.0

303
0003-krb5-fix-entry-order-in-MEMORY-keytab.patch
View File

@ -1,303 +0,0 @@
From 116b7e1f36fab461f3242560b615a6b7af2e247f Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 15 Jan 2015 10:38:33 +0100
Subject: [PATCH 3/3] krb5: fix entry order in MEMORY keytab
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since krb5_kt_add_entry() adds new entries at the beginning of a MEMORY
type keytab and not at the end a simple copy into a MEMORY type keytab
will revert the order of the keytab entries. Since e.g. the sssd_krb5
man page give hints about where to add entries into keytab files to help
SSSD to find a right entry we have to keep the order when coping a
keytab into a MEMORY type keytab. This patch fixes this by doing a
second copy to retain the original order.
Resolves https://fedorahosted.org/sssd/ticket/2557
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 576ad637181b80d39a4e136c9afbf34c57f76156)
---
src/providers/krb5/krb5_keytab.c | 118 +++++++++++++++++++++++++++---------
src/tests/cmocka/test_copy_keytab.c | 82 +++++++++++++++++++++++++
2 files changed, 172 insertions(+), 28 deletions(-)
diff --git a/src/providers/krb5/krb5_keytab.c b/src/providers/krb5/krb5_keytab.c
index 0d6a85c0b8b02937fb2ee6b058174243b2e56114..e5af5de07b7983d408d6f678b50a12d219e2d8cd 100644
--- a/src/providers/krb5/krb5_keytab.c
+++ b/src/providers/krb5/krb5_keytab.c
@@ -25,20 +25,78 @@
#include "util/util.h"
#include "util/sss_krb5.h"
+static krb5_error_code do_keytab_copy(krb5_context kctx, krb5_keytab s_keytab,
+ krb5_keytab d_keytab)
+{
+ krb5_error_code kerr;
+ krb5_error_code kt_err;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry entry;
+
+ memset(&cursor, 0, sizeof(cursor));
+ kerr = krb5_kt_start_seq_get(kctx, s_keytab, &cursor);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab.\n");
+ return kerr;
+ }
+
+ memset(&entry, 0, sizeof(entry));
+ while ((kt_err = krb5_kt_next_entry(kctx, s_keytab, &entry,
+ &cursor)) == 0) {
+ kerr = krb5_kt_add_entry(kctx, d_keytab, &entry);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_OP_FAILURE, "krb5_kt_add_entry failed.\n");
+ kt_err = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
+ if (kt_err != 0) {
+ DEBUG(SSSDBG_TRACE_ALL,
+ "krb5_kt_end_seq_get failed with [%d], ignored.\n",
+ kt_err);
+ }
+ return kerr;
+ }
+
+ kerr = sss_krb5_free_keytab_entry_contents(kctx, &entry);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "Failed to free keytab entry.\n");
+ kt_err = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
+ if (kt_err != 0) {
+ DEBUG(SSSDBG_TRACE_ALL,
+ "krb5_kt_end_seq_get failed with [%d], ignored.\n",
+ kt_err);
+ }
+ return kerr;
+ }
+ memset(&entry, 0, sizeof(entry));
+ }
+
+ kerr = krb5_kt_end_seq_get(kctx, s_keytab, &cursor);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_end_seq_get failed.\n");
+ return kerr;
+ }
+
+ /* check if we got any errors from krb5_kt_next_entry */
+ if (kt_err != 0 && kt_err != KRB5_KT_END) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab.\n");
+ return kt_err;
+ }
+
+ return 0;
+}
+
krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
char *inp_keytab_file,
char **_mem_name,
krb5_keytab *_mem_keytab)
{
krb5_error_code kerr;
- krb5_error_code kt_err;
krb5_keytab keytab = NULL;
krb5_keytab mem_keytab = NULL;
- krb5_kt_cursor cursor;
- krb5_keytab_entry entry;
+ krb5_keytab tmp_mem_keytab = NULL;
char keytab_name[MAX_KEYTAB_NAME_LEN];
char *sep;
char *mem_name = NULL;
+ char *tmp_mem_name = NULL;
char *keytab_file;
char default_keytab_name[MAX_KEYTAB_NAME_LEN];
@@ -103,6 +161,13 @@ krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
goto done;
}
+ tmp_mem_name = talloc_asprintf(mem_ctx, "MEMORY:%s.tmp", sep + 1);
+ if (tmp_mem_name == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
+ kerr = KRB5KRB_ERR_GENERIC;
+ goto done;
+ }
+
kerr = krb5_kt_resolve(kctx, mem_name, &mem_keytab);
if (kerr != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "error resolving keytab [%s].\n",
@@ -110,38 +175,29 @@ krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
goto done;
}
- memset(&cursor, 0, sizeof(cursor));
- kerr = krb5_kt_start_seq_get(kctx, keytab, &cursor);
+ kerr = krb5_kt_resolve(kctx, tmp_mem_name, &tmp_mem_keytab);
if (kerr != 0) {
- DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab [%s].\n", keytab_file);
+ DEBUG(SSSDBG_CRIT_FAILURE, "error resolving keytab [%s].\n",
+ tmp_mem_name);
goto done;
}
- memset(&entry, 0, sizeof(entry));
- while ((kt_err = krb5_kt_next_entry(kctx, keytab, &entry, &cursor)) == 0) {
- kerr = krb5_kt_add_entry(kctx, mem_keytab, &entry);
- if (kerr != 0) {
- DEBUG(SSSDBG_OP_FAILURE, "krb5_kt_add_entry failed.\n");
- goto done;
- }
-
- kerr = sss_krb5_free_keytab_entry_contents(kctx, &entry);
- if (kerr != 0) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Failed to free keytab entry.\n");
- }
- memset(&entry, 0, sizeof(entry));
- }
-
- kerr = krb5_kt_end_seq_get(kctx, keytab, &cursor);
+ kerr = do_keytab_copy(kctx, keytab, tmp_mem_keytab);
if (kerr != 0) {
- DEBUG(SSSDBG_CRIT_FAILURE, "krb5_kt_end_seq_get failed.\n");
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy keytab [%s] into [%s].\n",
+ keytab_file, tmp_mem_name);
goto done;
}
- /* check if we got any errors from krb5_kt_next_entry */
- if (kt_err != 0 && kt_err != KRB5_KT_END) {
- DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab [%s].\n", keytab_file);
- kerr = KRB5KRB_ERR_GENERIC;
+ /* krb5_kt_add_entry() adds new entries into MEMORY keytabs at the
+ * beginning and not at the end as for FILE keytabs. Since we want to keep
+ * the processing order we have to copy the MEMORY keytab again to retain
+ * the order from the FILE keytab. */
+
+ kerr = do_keytab_copy(kctx, tmp_mem_keytab, mem_keytab);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy keytab [%s] into [%s].\n",
+ tmp_mem_name, mem_name);
goto done;
}
@@ -153,12 +209,18 @@ krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
kerr = 0;
done:
+ talloc_free(tmp_mem_name);
+
if (kerr != 0) {
talloc_free(mem_name);
}
+ if (tmp_mem_keytab != NULL && krb5_kt_close(kctx, tmp_mem_keytab) != 0) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed.\n");
+ }
+
if (keytab != NULL && krb5_kt_close(kctx, keytab) != 0) {
- DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed");
+ DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed.\n");
}
return kerr;
diff --git a/src/tests/cmocka/test_copy_keytab.c b/src/tests/cmocka/test_copy_keytab.c
index f46e321950eaeda642459982e199c55da0727660..a9f2161a2b25e9cf67319399cc7c54487e687841 100644
--- a/src/tests/cmocka/test_copy_keytab.c
+++ b/src/tests/cmocka/test_copy_keytab.c
@@ -201,6 +201,86 @@ void test_sss_krb5_kt_have_content(void **state)
* create empty keytab files */
}
+static bool keytab_entries_equal(krb5_keytab_entry kent1,
+ krb5_keytab_entry kent2)
+{
+ if (kent1.vno != kent2.vno
+ || kent1.key.enctype != kent2.key.enctype
+ || kent1.key.length != kent2.key.length
+ || memcmp(kent1.key.contents, kent2.key.contents,
+ kent1.key.length) != 0 ) {
+ return false;
+ }
+
+ return true;
+}
+
+void test_copy_keytab_order(void **state)
+{
+ krb5_error_code kerr;
+ krb5_error_code kerr_mem;
+ char *mem_keytab_name;
+ krb5_keytab mem_keytab;
+ krb5_kt_cursor mem_cursor;
+ krb5_keytab_entry mem_kent;
+ krb5_keytab keytab;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry kent;
+ struct keytab_test_ctx *test_ctx = talloc_get_type(*state,
+ struct keytab_test_ctx);
+ assert_non_null(test_ctx);
+
+ kerr = copy_keytab_into_memory(test_ctx, test_ctx->kctx,
+ test_ctx->keytab_file_name,
+ &mem_keytab_name, &mem_keytab);
+ assert_int_equal(kerr, 0);
+ assert_non_null(mem_keytab_name);
+
+ kerr = krb5_kt_resolve(test_ctx->kctx, mem_keytab_name, &mem_keytab);
+ assert_int_equal(kerr, 0);
+
+ kerr = krb5_kt_resolve(test_ctx->kctx, test_ctx->keytab_file_name, &keytab);
+ assert_int_equal(kerr, 0);
+
+ kerr = krb5_kt_start_seq_get(test_ctx->kctx, mem_keytab, &mem_cursor);
+ assert_int_equal(kerr, 0);
+
+ kerr = krb5_kt_start_seq_get(test_ctx->kctx, keytab, &cursor);
+ assert_int_equal(kerr, 0);
+
+ while ((kerr = krb5_kt_next_entry(test_ctx->kctx, keytab, &kent,
+ &cursor)) == 0) {
+ kerr_mem = krb5_kt_next_entry(test_ctx->kctx, mem_keytab, &mem_kent,
+ &mem_cursor);
+ assert_int_equal(kerr_mem, 0);
+
+ assert_true(keytab_entries_equal(kent, mem_kent));
+
+ krb5_free_keytab_entry_contents(test_ctx->kctx, &kent);
+ krb5_free_keytab_entry_contents(test_ctx->kctx, &mem_kent);
+ }
+
+ assert_int_equal(kerr, KRB5_KT_END);
+
+ kerr_mem = krb5_kt_next_entry(test_ctx->kctx, mem_keytab, &mem_kent,
+ &mem_cursor);
+ assert_int_equal(kerr_mem, KRB5_KT_END);
+
+ kerr = krb5_kt_end_seq_get(test_ctx->kctx, mem_keytab, &mem_cursor);
+ assert_int_equal(kerr, 0);
+
+ kerr = krb5_kt_end_seq_get(test_ctx->kctx, keytab, &cursor);
+ assert_int_equal(kerr, 0);
+
+ talloc_free(mem_keytab_name);
+
+ kerr = krb5_kt_close(test_ctx->kctx, keytab);
+ assert_int_equal(kerr, 0);
+
+ kerr = krb5_kt_close(test_ctx->kctx, mem_keytab);
+ assert_int_equal(kerr, 0);
+}
+
int main(int argc, const char *argv[])
{
poptContext pc;
@@ -217,6 +297,8 @@ int main(int argc, const char *argv[])
setup_keytab, teardown_keytab),
unit_test_setup_teardown(test_sss_krb5_kt_have_content,
setup_keytab, teardown_keytab),
+ unit_test_setup_teardown(test_copy_keytab_order,
+ setup_keytab, teardown_keytab),
};
/* Set debug level to invalid value so we can deside if -d 0 was used. */
--
2.1.0

61
0004-MONITOR-Fix-double-free.patch
View File

@ -1,61 +0,0 @@
From 2aac87a3dfc12ba1187c7045635cac0647d397d9 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 12 Feb 2015 19:10:34 +0100
Subject: [PATCH 4/4] MONITOR: Fix double free
If kill timer was successfully executed then it will be released by libtevent.
So we should not released it in mt_svc_exit_handler for the second time.
[sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] terminated with signal [9]
[sssd] [talloc_log_fn] (0x0010): talloc: access after free error - first free
may be at ../tevent_timed.c:351
[sssd] [talloc_log_fn] (0x0010): Bad talloc magic value - access after free
==19129== Invalid read of size 4
==19129== at 0x50470CD: talloc_chunk_from_ptr (talloc.c:372)
==19129== by 0x50470CD: _talloc_free (talloc.c:1559)
==19129== by 0x11086C: mt_svc_exit_handler (monitor.c:2754)
==19129== by 0x8AF9B2F: sss_child_invoke_cb (child_common.c:181)
==19129== by 0x4E39823: tevent_common_loop_immediate (tevent_immediate.c:135)
==19129== by 0x4E3AF4D: poll_event_loop_once (tevent_poll.c:649)
==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530)
==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677)
==19129== by 0x84C4B02: server_loop (server.c:668)
==19129== by 0x10D9A6: main (monitor.c:3028)
==19129== Address 0xb8a06c0 is 64 bytes inside a block of size 176 free'd
==19129== at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==19129== by 0x50472F2: _talloc_free_internal (talloc.c:1057)
==19129== by 0x50472F2: _talloc_free (talloc.c:1581)
==19129== by 0x4E3D0A3: tevent_common_loop_timer_delay (tevent_timed.c:351)
==19129== by 0x4E3AF59: poll_event_loop_once (tevent_poll.c:653)
==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530)
==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677)
==19129== by 0x84C4B02: server_loop (server.c:668)
==19129== by 0x10D9A6: main (monitor.c:3028)
Resolves:
https://fedorahosted.org/sssd/ticket/2572
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit 373946b540eaa5d97c6efb39629195dbe2a1f015)
---
src/monitor/monitor.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index afefe7f11c15ad343e8a79dceeff5a89e2787add..f171c05acd2c770ab9ffad2429d92c5041bcdb59 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -646,6 +646,9 @@ static void mt_svc_sigkill(struct tevent_context *ev,
"[%s][%d] is not responding to SIGTERM. Sending SIGKILL.\n",
svc->name, svc->pid);
+ /* timer was succesfully executed and it will be released by tevent */
+ svc->kill_timer = NULL;
+
ret = kill(svc->pid, SIGKILL);
if (ret != EOK) {
ret = errno;
--
2.1.0

1200
0005-Python3-support-in-SSSD.patch
View File

File diff suppressed because it is too large Load Diff

55
0006-SSSDConfig-Remove-unused-exception-name.patch
View File

@ -1,55 +0,0 @@
From b4e68a8ca2db179f37988df043efe3c6a23d572c Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Mon, 9 Feb 2015 16:46:05 +0100
Subject: [PATCH 6/9] SSSDConfig: Remove unused exception name
"except ValueError, e:" was the syntax used for what is normally written
as "except ValueError as e:" in modern Python. The old syntax is still
supported in python2 for backwards compatibility.
This means "except ValueError, KeyError:" is not equivalent to
"except (ValueError, KeyError):" but to "except ValueError as KeyError:"
and variable with name "KeyError" was not used in exception handler.
Resolves:
https://fedorahosted.org/sssd/ticket/2017
Reviewed-by: Petr Viktorin <pviktori@redhat.com>
(cherry picked from commit 1ac368d0962ef8cc83dcd642c7fec8b3cba5b6fe)
---
src/config/SSSDConfig/__init__.py.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 500bd717fec7abcaafd5153ccca7847b91e208ad..e05c98b6a334893116747968b9ddfabce05fa981 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -525,7 +525,7 @@ class SSSDConfigSchema(SSSDChangeConf):
mandatory,
desc,
[subtype(split_option[DEFAULT])])
- except ValueError, KeyError:
+ except ValueError:
raise ParsingError
else:
try:
@@ -544,7 +544,7 @@ class SSSDConfigSchema(SSSDChangeConf):
mandatory,
desc,
primarytype(split_option[DEFAULT]))
- except ValueError, KeyError:
+ except ValueError:
raise ParsingError
elif optionlen > 4:
@@ -559,7 +559,7 @@ class SSSDConfigSchema(SSSDChangeConf):
else:
newvalue = subtype(x)
fixed_options.extend([newvalue])
- except ValueError, KeyError:
+ except ValueError:
raise ParsingError
else:
fixed_options.extend([x])
--
2.1.0

276
0007-SSSDConfig-Port-missing-parts-to-python3.patch
View File

@ -1,276 +0,0 @@
From d71ad29db423b6d164b346ea3c1baab29d8d8d49 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 29 Jan 2015 09:46:27 +0100
Subject: [PATCH 7/9] SSSDConfig: Port missing parts to python3
* fix incompatible imports
* fix translation.[u]?gettext
* fix dict method has_key
* fix octal literals PEP 3127
* long is not defined in python3
Resolves:
https://fedorahosted.org/sssd/ticket/2017
Reviewed-by: Petr Viktorin <pviktori@redhat.com>
(cherry picked from commit a71004c112cd5d61d3a9e37a4cfc5760dc9a1cec)
---
src/config/SSSDConfig/__init__.py.in | 41 +++++++++++++++++++-----------------
src/config/SSSDConfigTest.py | 24 ++++++++++-----------
2 files changed, 34 insertions(+), 31 deletions(-)
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index e05c98b6a334893116747968b9ddfabce05fa981..95b3f0ca190a84ede0ba26ce6dd60262431bb9fa 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -6,9 +6,9 @@ Created on Sep 18, 2009
import os
import gettext
-import exceptions
import re
-from ipachangeconf import SSSDChangeConf
+import sys
+from .ipachangeconf import SSSDChangeConf
# Exceptions
class SSSDConfigException(Exception): pass
@@ -32,7 +32,10 @@ PACKAGE = 'sss_daemon'
LOCALEDIR = '/usr/share/locale'
translation = gettext.translation(PACKAGE, LOCALEDIR, fallback=True)
-_ = translation.ugettext
+if sys.version_info[0] > 2:
+ _ = translation.gettext
+else:
+ _ = translation.ugettext
# TODO: This needs to be made external
option_strings = {
@@ -444,7 +447,7 @@ class SSSDConfigSchema(SSSDChangeConf):
self.type_lookup = {
'bool' : bool,
'int' : int,
- 'long' : long,
+ 'long' : long if sys.version_info[0] == 2 else int,
'float': float,
'str' : str,
'list' : list,
@@ -479,7 +482,7 @@ class SSSDConfigSchema(SSSDChangeConf):
subtype = self.type_lookup[split_option[SUBTYPE]]
mandatory = self.bool_lookup[split_option[MANDATORY]]
- if option_strings.has_key(option['name']):
+ if option['name'] in option_strings:
desc = option_strings[option['name']]
else:
desc = None
@@ -608,7 +611,7 @@ class SSSDConfigSchema(SSSDChangeConf):
splitsection = section['name'].split('/')
if (splitsection[0] == 'provider'):
if(len(splitsection) == 3):
- if not providers.has_key(splitsection[1]):
+ if splitsection[1] not in providers:
providers[splitsection[1]] = []
providers[splitsection[1]].extend([splitsection[2]])
for key in providers.keys():
@@ -672,7 +675,7 @@ class SSSDConfigObject(object):
=== Errors ===
No errors
"""
- if self.options.has_key(optionname):
+ if optionname in self.options:
del self.options[optionname]
class SSSDService(SSSDConfigObject):
@@ -1307,12 +1310,12 @@ class SSSDDomain(SSSDConfigObject):
# We should now have a list of options used only by this
# provider. So we remove them.
for option in options:
- if self.options.has_key(option):
+ if option in self.options:
del self.options[option]
# Remove this provider from the option list
option = '%s_provider' % provider_type
- if self.options.has_key(option):
+ if option in self.options:
del self.options[option]
self.providers.remove((provider, provider_type))
@@ -1450,9 +1453,9 @@ class SSSDConfig(SSSDChangeConf):
outputfile = self.configfile
# open() will raise IOError if it fails
- old_umask = os.umask(0177)
+ old_umask = os.umask(0o177)
of = open(outputfile, "wb")
- output = self.dump(self.opts)
+ output = self.dump(self.opts).encode('utf-8')
of.write(output)
of.close()
os.umask(old_umask)
@@ -1475,7 +1478,7 @@ class SSSDConfig(SSSDChangeConf):
if (self.has_option('sssd', 'services')):
active_services = striplist(self.get('sssd', 'services').split(','))
service_dict = dict.fromkeys(active_services)
- if service_dict.has_key(''):
+ if '' in service_dict:
del service_dict['']
# Remove any entries in this list that don't
@@ -1631,7 +1634,7 @@ class SSSDConfig(SSSDChangeConf):
# This guarantees uniqueness and makes it easy
# to add a new value
service_dict = dict.fromkeys(striplist(item['value'].split(',')))
- if service_dict.has_key(''):
+ if '' in service_dict:
del service_dict['']
# Add a new key for the service being activated
@@ -1672,11 +1675,11 @@ class SSSDConfig(SSSDChangeConf):
# This guarantees uniqueness and makes it easy
# to remove the one unwanted value.
service_dict = dict.fromkeys(striplist(item['value'].split(',')))
- if service_dict.has_key(''):
+ if '' in service_dict:
del service_dict['']
# Remove the unwanted service from the lest
- if service_dict.has_key(name):
+ if name in service_dict:
del service_dict[name]
# Write out the joined keys
@@ -1758,7 +1761,7 @@ class SSSDConfig(SSSDChangeConf):
if (self.has_option('sssd', 'domains')):
active_domains = striplist(self.get('sssd', 'domains').split(','))
domain_dict = dict.fromkeys(active_domains)
- if domain_dict.has_key(''):
+ if '' in domain_dict:
del domain_dict['']
# Remove any entries in this list that don't
@@ -1953,7 +1956,7 @@ class SSSDConfig(SSSDChangeConf):
# This guarantees uniqueness and makes it easy
# to add a new value
domain_dict = dict.fromkeys(striplist(item['value'].split(',')))
- if domain_dict.has_key(''):
+ if '' in domain_dict:
del domain_dict['']
# Add a new key for the domain being activated
@@ -1994,11 +1997,11 @@ class SSSDConfig(SSSDChangeConf):
# This guarantees uniqueness and makes it easy
# to remove the one unwanted value.
domain_dict = dict.fromkeys(striplist(item['value'].split(',')))
- if domain_dict.has_key(''):
+ if '' in domain_dict:
del domain_dict['']
# Remove the unwanted domain from the lest
- if domain_dict.has_key(name):
+ if name in domain_dict:
del domain_dict[name]
# Write out the joined keys
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index bdca8517dedd793af88fdcc0712f7ab620feb228..865079fea295d1ecc89f2c4927f54b7aba0f7567 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -748,12 +748,12 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
# Ensure that all of the expected defaults are there
for provider in control_provider_dict.keys():
for ptype in control_provider_dict[provider]:
- self.assertTrue(providers.has_key(provider))
+ self.assertTrue(provider in providers)
self.assertTrue(ptype in providers[provider])
for provider in providers.keys():
for ptype in providers[provider]:
- self.assertTrue(control_provider_dict.has_key(provider))
+ self.assertTrue(provider in control_provider_dict)
self.assertTrue(ptype in control_provider_dict[provider])
def testListProviderOptions(self):
@@ -1003,7 +1003,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
# Remove the local ID provider and add an LDAP one
# LDAP ID providers can also use the krb5_realm
domain.remove_provider('id')
- self.assertFalse(domain.options.has_key('id_provider'))
+ self.assertFalse('id_provider' in domain.options)
domain.add_provider('ldap', 'id')
@@ -1020,7 +1020,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
domain.remove_provider('id')
self.assertEquals(domain.get_option('krb5_realm'),
'EXAMPLE.COM')
- self.assertFalse(domain.options.has_key('ldap_uri'))
+ self.assertFalse('ldap_uri' in domain.options)
# Put the LOCAL provider back
domain.add_provider('local', 'id')
@@ -1028,7 +1028,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
# Remove the auth domain and verify that the options
# revert to the backup_list
domain.remove_provider('auth')
- self.assertFalse(domain.options.has_key('auth_provider'))
+ self.assertFalse('auth_provider' in domain.options)
options = domain.list_options()
self.assertTrue(type(options) == dict,
@@ -1047,21 +1047,21 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
option)
# Ensure that the krb5_realm option is now gone
- self.assertFalse(domain.options.has_key('krb5_realm'))
+ self.assertFalse('krb5_realm' in domain.options)
# Test removing nonexistent provider - Real
domain.remove_provider('id')
- self.assertFalse(domain.options.has_key('id_provider'))
+ self.assertFalse('id_provider' in domain.options)
# Test removing nonexistent provider - Bad backend type
# Should pass without complaint
domain.remove_provider('id')
- self.assertFalse(domain.options.has_key('id_provider'))
+ self.assertFalse('id_provider' in domain.options)
# Test removing nonexistent provider - Bad provider type
# Should pass without complaint
domain.remove_provider('nosuchprovider')
- self.assertFalse(domain.options.has_key('nosuchprovider_provider'))
+ self.assertFalse('nosuchprovider_provider' in domain.options)
def testGetOption(self):
domain = SSSDConfig.SSSDDomain('sssd', self.schema)
@@ -1367,7 +1367,7 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
# Positive test - Service with invalid option loads
# but ignores the invalid option
service = sssdconfig.get_service('pam')
- self.assertFalse(service.options.has_key('nosuchoption'))
+ self.assertFalse('nosuchoption' in service.options)
def testNewService(self):
sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
@@ -1598,13 +1598,13 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase):
# Expected result: Domain is imported, but does not contain the
# unknown provider entry
domain = sssdconfig.get_domain('INVALIDPROVIDER')
- self.assertFalse(domain.options.has_key('chpass_provider'))
+ self.assertFalse('chpass_provider' in domain.options)
# Positive Test - Domain with unknown option
# Expected result: Domain is imported, but does not contain the
# unknown option entry
domain = sssdconfig.get_domain('INVALIDOPTION')
- self.assertFalse(domain.options.has_key('nosuchoption'))
+ self.assertFalse('nosuchoption' in domain.options)
def testNewDomain(self):
sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf",
--
2.1.0

112
0008-Remove-strict-requirements-of-python2.patch
View File

@ -1,112 +0,0 @@
From 3d992dd766b49a185147b4daa7f919d40f72ac6e Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Wed, 28 Jan 2015 16:10:12 +0100
Subject: [PATCH 8/9] Remove strict requirements of python2
* fix hashbangs
* remove strict requirements of python2 in build system
Resolves:
https://fedorahosted.org/sssd/ticket/2017
Reviewed-by: Petr Viktorin <pviktori@redhat.com>
(cherry picked from commit e8058322725ba050014777ee2484f7e833ab1e3a)
Fedora:
Fix patching missing file in tarball
The text leading up to this was:
--------------------------
|diff --git a/src/tests/python-test.py b/src/tests/python-test.py
|index 81e09c4bb96fb710e9e5fbcca051fc2c0581fc60..9c1dd3fca0cceba601aa37b07a9c8a4ca48e0441 100644
|--- a/src/tests/python-test.py
|+++ b/src/tests/python-test.py
--------------------------
---
configure.ac | 1 -
src/config/SSSDConfigTest.py | 2 +-
src/external/python.m4 | 2 +-
src/sbus/sbus_codegen | 2 +-
src/tests/pyhbac-test.py | 2 +-
src/tests/pysss_murmur-test.py | 2 +-
src/tools/sss_obfuscate | 2 +-
7 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/configure.ac b/configure.ac
index e5ec204ad9671d15deb1830c60168e066a66f198..580add9c90a3abbaaa58762cc0dbde99f47cfc4d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -248,7 +248,6 @@ AM_CONDITIONAL([HAVE_MANPAGES], [test "x$HAVE_MANPAGES" != "x"])
AM_CONDITIONAL([HAVE_PO4A], [test "x$PO4A" != "xno"])
if test x$HAVE_PYTHON_BINDINGS != x; then
- PYTHON=python2
AM_PATH_PYTHON([2.4])
AM_CHECK_PYTHON_HEADERS([],
AC_MSG_ERROR([Could not find python headers]))
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 865079fea295d1ecc89f2c4927f54b7aba0f7567..3a5312ea945b5247c69e97b73565b7061e037b69 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python2
+#!/usr/bin/env python
'''
Created on Sep 18, 2009
diff --git a/src/external/python.m4 b/src/external/python.m4
index 25fc7f3972a0f3e13b78160af20a7bde32ab9aec..a1bd87a0ee3a56ddd25c4aba7687ffc7540b4ec2 100644
--- a/src/external/python.m4
+++ b/src/external/python.m4
@@ -9,7 +9,7 @@ AC_DEFUN([AM_PYTHON_CONFIG],
dnl We need to check for python build flags using distutils.sysconfig
dnl We cannot use python-config, as it was not available on older
dnl versions of python
- AC_PATH_PROG(PYTHON, python2)
+ AC_PATH_PROG(PYTHON, python)
AC_MSG_CHECKING([for working python])
if test -x "$PYTHON"; then
PYTHON_CFLAGS="`$PYTHON -c \"from distutils import sysconfig; \
diff --git a/src/sbus/sbus_codegen b/src/sbus/sbus_codegen
index b4e63f33e6e5ef9fb56646142a29c97d35ca3ebf..6a96c40f5c2fdc95c9ed1238f53d0f9b9349fb98 100755
--- a/src/sbus/sbus_codegen
+++ b/src/sbus/sbus_codegen
@@ -1,4 +1,4 @@
-#!/usr/bin/python2
+#!/usr/bin/env python
#
# Authors:
diff --git a/src/tests/pyhbac-test.py b/src/tests/pyhbac-test.py
index b7f27026b6d1ca12a0759c09e31e1f2c2a2c484c..0abc5703dedb2466b4d99718b5b524951b8af95c 100755
--- a/src/tests/pyhbac-test.py
+++ b/src/tests/pyhbac-test.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python2
+#!/usr/bin/env python
from __future__ import print_function
import unittest
diff --git a/src/tests/pysss_murmur-test.py b/src/tests/pysss_murmur-test.py
index 41cb350f7b1fe1d82a5977eb66233ea2b38441ec..0b28f45e67cb4b033516a585867085dba7b412e6 100755
--- a/src/tests/pysss_murmur-test.py
+++ b/src/tests/pysss_murmur-test.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python2
+#!/usr/bin/env python
# SSSD
#
# Unit tests for pysss_murmur
diff --git a/src/tools/sss_obfuscate b/src/tools/sss_obfuscate
index 86e7daa1f626c76bdd54f5a4a37bde35b32eba1f..fbea1213d8f7e99ab3b1a6d7d24accf8a6194094 100644
--- a/src/tools/sss_obfuscate
+++ b/src/tools/sss_obfuscate
@@ -1,4 +1,4 @@
-#!/usr/bin/python2
+#!/usr/bin/python
import sys
from optparse import OptionParser
--
2.1.0

81
0009-sbus_codegen-Port-to-python3.patch
View File

@ -1,81 +0,0 @@
From 4613c38c5a0fda122380074cade3aa700a6367f2 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 29 Jan 2015 10:32:23 +0100
Subject: [PATCH 9/9] sbus_codegen: Port to python3
Resolves:
https://fedorahosted.org/sssd/ticket/2017
Reviewed-by: Petr Viktorin <pviktori@redhat.com>
---
src/sbus/sbus_codegen | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/src/sbus/sbus_codegen b/src/sbus/sbus_codegen
index 6a96c40f5c2fdc95c9ed1238f53d0f9b9349fb98..d12b07d09923e3f5482178077ded9df11036c91c 100755
--- a/src/sbus/sbus_codegen
+++ b/src/sbus/sbus_codegen
@@ -60,14 +60,19 @@
# to generate for a given interface or method. By default the codegen will
# build up a symbol name from the DBus name.
#
+from __future__ import print_function
import optparse
import os
import re
-import StringIO
import sys
import xml.parsers.expat
+if sys.version_info[0] > 2:
+ import io as StringIO
+else:
+ import StringIO
+
# -----------------------------------------------------------------------------
# Objects
@@ -765,13 +770,13 @@ class DBusXMLParser:
self.arg_count = 0
try:
- with open(filename, "r") as f:
+ with open(filename, "rb") as f:
parser.ParseFile(f)
- except DBusXmlException, ex:
+ except DBusXmlException as ex:
ex.line = parser.CurrentLineNumber
ex.file = filename
raise
- except xml.parsers.expat.ExpatError, ex:
+ except xml.parsers.expat.ExpatError as ex:
exc = DBusXmlException(str(ex))
exc.line = ex.lineno
exc.file = filename
@@ -895,11 +900,11 @@ def parse_options():
(options, args) = parser.parse_args()
if not args:
- print >> sys.stderr, "sbus_codegen: no input file specified"
+ print("sbus_codegen: no input file specified", file=sys.stderr)
sys.exit(2)
if options.mode not in ["header", "source"]:
- print >> sys.stderr, "sbus_codegen: specify --mode=header or --mode=source"
+ print("sbus_codegen: specify --mode=header or --mode=source", file=sys.stderr)
return options, args
@@ -928,6 +933,6 @@ def main():
if __name__ == "__main__":
try:
main()
- except DBusXmlException, ex:
- print >> sys.stderr, str(ex)
+ except DBusXmlException as ex:
+ print(str(ex), file=sys.stderr)
sys.exit(1)
--
2.1.0

2
sources
View File

@ -1 +1 @@
b891c263819a1dde062d7065448a4d58 sssd-1.12.3.tar.gz
a1781ad23a6e14196639127088bce785 sssd-1.12.4.tar.gz

17
sssd.spec
View File

@ -26,8 +26,8 @@
%endif
Name: sssd
Version: 1.12.3
Release: 7%{?dist}
Version: 1.12.4
Release: 1%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@ -36,15 +36,6 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ###
Patch0001: 0001-logrotate-Fix-warning-file-size-changed-while-zippin.patch
Patch0002: 0002-MAN-dyndns_iface-supports-only-one-interface.patch
Patch0003: 0003-krb5-fix-entry-order-in-MEMORY-keytab.patch
Patch0004: 0004-MONITOR-Fix-double-free.patch
Patch0005: 0005-Python3-support-in-SSSD.patch
Patch0006: 0006-SSSDConfig-Remove-unused-exception-name.patch
Patch0007: 0007-SSSDConfig-Port-missing-parts-to-python3.patch
Patch0008: 0008-Remove-strict-requirements-of-python2.patch
Patch0009: 0009-sbus_codegen-Port-to-python3.patch
### Dependencies ###
Requires: sssd-common = %{version}-%{release}
@ -892,6 +883,10 @@ if [ $1 -eq 0 ]; then
fi
%changelog
* Wed Feb 18 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-1
- New upstream release 1.12.4
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4
* Sat Feb 14 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-7
- Backport patches with Python3 support from upstream