rpms / augeas

Clone
Source Code
GIT

Blame SOURCES/0005-Krb5-improve-dbmodules-and-includes-630.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   0005-Krb5-improve-dbmodules-and-includes-630.patch
Blob History Raw
0dacba 
From 1b4d6a9918b8bcbc06af4ce99a48cd66fed97196 Mon Sep 17 00:00:00 2001
16ec84 
From: Pino Toscano <ptoscano@redhat.com>
16ec84 
Date: Tue, 4 Feb 2020 17:54:22 +0100
0dacba 
Subject: [PATCH 5/9] Krb5: improve [dbmodules] and includes (#630)
16ec84
16ec84 
* Krb5: fix/revamp parsing of [dbmodules] subsection
16ec84
16ec84 
The [dbmodules] subsection so far was parsed much like the [dbdefaults]
16ec84 
one, and thus it did not handle realms.
16ec84
16ec84 
Revamp it a bit to handle realms, and specify the only keyword not in
16ec84 
realm subsections.
16ec84
16ec84 
* Krb5: allow include/includedir directives everywhere
16ec84
16ec84 
MIT Kerberos allows this, so do not restrict them only before any other
16ec84 
section.
16ec84 
---
16ec84 
 lenses/krb5.aug            | 27 +++++++++++++++++++--------
16ec84 
 lenses/tests/test_krb5.aug | 36 +++++++++++++++++++++++++++++++++++-
16ec84 
 2 files changed, 54 insertions(+), 9 deletions(-)
16ec84
16ec84 
diff --git a/lenses/krb5.aug b/lenses/krb5.aug
16ec84 
index 46c22656..6b509c42 100644
16ec84 
--- a/lenses/krb5.aug
16ec84 
+++ b/lenses/krb5.aug
16ec84 
@@ -21,10 +21,11 @@ let closebr = del /[ \t]*\}/ "}"
16ec84 
    and realms in the [appdefaults] section.
16ec84 
 *)
16ec84
16ec84 
+let include_re = /include(dir)?/
16ec84 
 let realm_re = /[A-Z0-9][.a-zA-Z0-9-]*/
16ec84 
 let realm_anycase_re = /[A-Za-z0-9][.a-zA-Z0-9-]*/
16ec84 
 let app_re = /[a-z][a-zA-Z0-9_]*/
16ec84 
-let name_re = /[.a-zA-Z0-9_-]+/
16ec84 
+let name_re = /[.a-zA-Z0-9_-]+/ - include_re
16ec84
16ec84 
 let value_br = store /[^;# \t\r\n{}]+/
16ec84 
 let value = store /[^;# \t\r\n]+/
16ec84 
@@ -130,10 +131,19 @@ let dbdefaults =
16ec84 
     simple_section "dbdefaults" keys
16ec84
16ec84 
 let dbmodules =
16ec84 
-  let keys = /db_library|ldap_kerberos_container_dn|ldap_kdc_dn/
16ec84 
-    |/ldap_kadmind_dn|ldap_service_password_file|ldap_servers/
16ec84 
-    |/ldap_conns_per_server/ in
16ec84 
-    simple_section "dbmodules" keys
16ec84 
+  let subsec_key = /database_name|db_library|disable_last_success/
16ec84 
+    |/disable_lockout|ldap_conns_per_server|ldap_(kdc|kadmind)_dn/
16ec84 
+    |/ldap_(kdc|kadmind)_sasl_mech|ldap_(kdc|kadmind)_sasl_authcid/
16ec84 
+    |/ldap_(kdc|kadmind)_sasl_authzid|ldap_(kdc|kadmind)_sasl_realm/
16ec84 
+    |/ldap_kerberos_container_dn|ldap_servers/
16ec84 
+    |/ldap_service_password_file|mapsize|max_readers|nosync/
16ec84 
+    |/unlockiter/ in
16ec84 
+  let subsec_option = subsec_entry subsec_key eq comment in
16ec84 
+  let key = /db_module_dir/ in
16ec84 
+  let option = entry key eq value comment in
16ec84 
+  let realm = [ indent . label "realm" . store realm_re .
16ec84 
+                  eq_openbr . (subsec_option)* . closebr . eol ] in
16ec84 
+    record "dbmodules" (option|realm)
16ec84
16ec84 
 (* This section is not documented in the krb5.conf manpage,
16ec84 
    but the Fermi example uses it. *)
16ec84 
@@ -152,11 +162,12 @@ let kdc =
16ec84 
 let pam =
16ec84 
   simple_section "pam" name_re
16ec84
16ec84 
-let includes = Build.key_value_line /include(dir)?/ Sep.space (store Rx.fspath)
16ec84 
+let includes = Build.key_value_line include_re Sep.space (store Rx.fspath)
16ec84 
+let include_lines = includes . (comment|empty)*
16ec84
16ec84 
-let lns = (comment|empty|includes)* .
16ec84 
+let lns = (comment|empty)* .
16ec84 
   (libdefaults|login|appdefaults|realms|domain_realm
16ec84 
-  |logging|capaths|dbdefaults|dbmodules|instance_mapping|kdc|pam)*
16ec84 
+  |logging|capaths|dbdefaults|dbmodules|instance_mapping|kdc|pam|include_lines)*
16ec84
16ec84 
 let filter = (incl "/etc/krb5.conf.d/*.conf")
16ec84 
            . (incl "/etc/krb5.conf")
16ec84 
diff --git a/lenses/tests/test_krb5.aug b/lenses/tests/test_krb5.aug
16ec84 
index f746543b..10b87605 100644
16ec84 
--- a/lenses/tests/test_krb5.aug
16ec84 
+++ b/lenses/tests/test_krb5.aug
16ec84 
@@ -1029,7 +1029,7 @@ default_ccache_name = KEYRING:persistent:%{uid}\n" =
16ec84 
     {  }
16ec84 
     { "default_ccache_name" = "KEYRING:persistent:%{uid}" } }
16ec84
16ec84 
-(* Include(dir) test *)
16ec84 
+(* Include(dir) tests *)
16ec84 
 let include_test = "include /etc/krb5.other_conf.d/other.conf
16ec84 
 includedir /etc/krb5.conf.d/
16ec84 
 "
16ec84 
@@ -1037,3 +1037,37 @@ includedir /etc/krb5.conf.d/
16ec84 
 test Krb5.lns get include_test =
16ec84 
   { "include" = "/etc/krb5.other_conf.d/other.conf" }
16ec84 
   { "includedir" = "/etc/krb5.conf.d/" }
16ec84 
+
16ec84 
+let include2_test = "[logging]
16ec84 
+ default = FILE:/var/log/krb5libs.log
16ec84 
+
16ec84 
+include /etc/krb5.other_conf.d/other.conf
16ec84 
+
16ec84 
+includedir /etc/krb5.conf.d/
16ec84 
+"
16ec84 
+
16ec84 
+test Krb5.lns get include2_test =
16ec84 
+  { "logging"
16ec84 
+    { "default"
16ec84 
+      { "file" = "/var/log/krb5libs.log" } }
16ec84 
+    {  }
16ec84 
+  }
16ec84 
+  { "include" = "/etc/krb5.other_conf.d/other.conf" }
16ec84 
+  {  }
16ec84 
+  { "includedir" = "/etc/krb5.conf.d/" }
16ec84 
+
16ec84 
+(* [dbmodules] test *)
16ec84 
+let dbmodules_test = "[dbmodules]
16ec84 
+    ATHENA.MIT.EDU = {
16ec84 
+        disable_last_success = true
16ec84 
+    }
16ec84 
+    db_module_dir = /some/path
16ec84 
+"
16ec84 
+
16ec84 
+test Krb5.lns get dbmodules_test =
16ec84 
+  { "dbmodules"
16ec84 
+    { "realm" = "ATHENA.MIT.EDU"
16ec84 
+      { "disable_last_success" = "true" }
16ec84 
+    }
16ec84 
+    { "db_module_dir" = "/some/path" }
16ec84 
+  }
16ec84 
--
0dacba 
2.31.1
16ec84

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation