Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 217271 Details for
Bug 250147
add optional support for gnome-keyring to passwd pam stack
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
authconfig patch for skipping to end on success
authconfig-keyring.patch (text/plain), 5.84 KB, created by
Alexander Larsson
on 2007-10-05 12:10:36 UTC
(
hide
)
Description:
authconfig patch for skipping to end on success
Filename:
MIME Type:
Creator:
Alexander Larsson
Created:
2007-10-05 12:10:36 UTC
Size:
5.84 KB
patch
obsolete
>--- authinfo.py.keyring 2007-10-05 15:30:22.000000000 +0200 >+++ authinfo.py 2007-10-05 16:00:40.000000000 +0200 >@@ -100,6 +100,7 @@ > LOGIC_FORCE_PKCS11_KRB5 = "[success=ok ignore=2 default=die]" > LOGIC_SKIPNEXT = "[success=1 default=ignore]" > LOGIC_SKIPNEXT3 = "[success=3 default=ignore]" >+LOGIC_SKIPTOEND = "<skiptoend>" # Replaced in formatPAMModule > > # Snip off line terminators and final whitespace from a passed-in string. > def snipString(s): >@@ -359,30 +360,33 @@ > "pkcs11", argv_pkcs11_auth], > [False, AUTH, LOGIC_OPTIONAL, > "krb5", argv_krb5_sc_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "permit", []], >- [True, AUTH, LOGIC_SUFFICIENT, >+ [True, AUTH, LOGIC_SKIPTOEND, > "unix", argv_unix_auth], > [False, AUTH, LOGIC_REQUISITE, > "succeed_if", argv_succeed_if_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "afs", argv_afs_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "afs.krb", argv_afs_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "eps_auth", argv_eps_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "krb5", argv_krb5_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "ldap", argv_ldap_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "otp", argv_otp_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "smb_auth", argv_smb_auth], >- [False, AUTH, LOGIC_SUFFICIENT, >+ [False, AUTH, LOGIC_SKIPTOEND, > "winbind", argv_winbind_auth], >- [True, AUTH, LOGIC_REQUIRED, >+ [True, AUTH, LOGIC_REQUISITE, > "deny", []], >+ # This is were SKIPTOEND jumps >+ [True, AUTH, LOGIC_REQUIRED, >+ "permit", []], > > # Account management is tricky. Because we've implicitly committed to > # getting it "right" for any combination of nss and pam, we have to be >@@ -2443,12 +2447,14 @@ > pass > return True > >- def formatPAMModule(self, module): >+ def formatPAMModule(self, module, lines_left_in_stack): > stack = pam_stacks[module[STACK]] > logic = module[LOGIC] > output = "" > if stack and logic: > args = "" >+ if logic == LOGIC_SKIPTOEND: >+ logic = "[success=%d new_authtok_reqd=done default=ignore]"%(lines_left_in_stack-1) > if module[NAME] == "pkcs11" and stack == "auth": > if self.forceSmartcard: > if self.enableKerberos: >@@ -2523,6 +2529,31 @@ > os.symlink(src, dest) > except OSError: > pass >+ >+ def moduleEnabled(self, module): >+ return (module[MANDATORY] or >+ (self.enableAFS and module[NAME] == "afs") or >+ (self.enableAFSKerberos and module[NAME] == "afs.krb") or >+ (self.enableCracklib and module[NAME] == "cracklib") or >+ (self.enableEPS and module[NAME] == "eps") or >+ (self.enableKerberos and module[NAME] == "krb5" and >+ not module[ARGV] == argv_krb5_sc_auth) or >+ (self.enableKerberos and self.enableSmartcard and >+ ((module[NAME] == "krb5" and module[ARGV] == argv_krb5_sc_auth) or >+ (module[NAME] == "permit" and module[STACK] == AUTH))) or >+ (self.enableLDAPAuth and module[NAME] == "ldap") or >+ (self.enableSmartcard and module[STACK] == AUTH and >+ module[NAME] == "succeed_if" and module[LOGIC] == LOGIC_SKIPNEXT) or >+ (self.enableSmartcard and module[NAME] == "pkcs11") or >+ (self.enableOTP and module[NAME] == "otp") or >+ (self.enablePasswdQC and module[NAME] == "passwdqc") or >+ (self.enableSMB and module[NAME] == "smb_auth") or >+ (self.enableWinbindAuth and module[NAME] == "winbind") or >+ (self.enableLocAuthorize and module[NAME] == "localuser") or >+ (self.enablePAMAccess and module[NAME] == "access") or >+ (not self.enableSysNetAuth and module[STACK] == AUTH and >+ module[NAME] == "succeed_if" and module[LOGIC] == LOGIC_REQUISITE)) >+ > > # Write PAM setup to the control file. > def writePAM(self): >@@ -2538,33 +2569,21 @@ > output += "authconfig is run.\n" > > prevmodule = [] >- for module in standard_pam_modules: >+ for i in range(len(standard_pam_modules)): >+ module = standard_pam_modules[i] > if prevmodule and module[STACK] != prevmodule[STACK]: > output += "\n" > prevmodule = module >- if (module[MANDATORY] or >- (self.enableAFS and module[NAME] == "afs") or >- (self.enableAFSKerberos and module[NAME] == "afs.krb") or >- (self.enableCracklib and module[NAME] == "cracklib") or >- (self.enableEPS and module[NAME] == "eps") or >- (self.enableKerberos and module[NAME] == "krb5" and >- not module[ARGV] == argv_krb5_sc_auth) or >- (self.enableKerberos and self.enableSmartcard and >- ((module[NAME] == "krb5" and module[ARGV] == argv_krb5_sc_auth) or >- (module[NAME] == "permit" and module[STACK] == AUTH))) or >- (self.enableLDAPAuth and module[NAME] == "ldap") or >- (self.enableSmartcard and module[STACK] == AUTH and >- module[NAME] == "succeed_if" and module[LOGIC] == LOGIC_SKIPNEXT) or >- (self.enableSmartcard and module[NAME] == "pkcs11") or >- (self.enableOTP and module[NAME] == "otp") or >- (self.enablePasswdQC and module[NAME] == "passwdqc") or >- (self.enableSMB and module[NAME] == "smb_auth") or >- (self.enableWinbindAuth and module[NAME] == "winbind") or >- (self.enableLocAuthorize and module[NAME] == "localuser") or >- (self.enablePAMAccess and module[NAME] == "access") or >- (not self.enableSysNetAuth and module[STACK] == AUTH and >- module[NAME] == "succeed_if" and module[LOGIC] == LOGIC_REQUISITE)): >- output += self.formatPAMModule(module) >+ if self.moduleEnabled(module): >+ lines_left = 0; >+ for j in range(i + 1, len(standard_pam_modules)): >+ nextmodule = standard_pam_modules[j] >+ if nextmodule[STACK] != module[STACK]: >+ break >+ if self.moduleEnabled(nextmodule): >+ lines_left += 1 >+ >+ output += self.formatPAMModule(module, lines_left) > > # Write it out and close it. > f.seek(0)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=217271">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 250147
: 217271