ipsilon

Clone
Source Code
GIT

#105 Initial patchset for EL6 support
Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk.
puiterwijk/ipsilon el6-support  into  master

file modified
+25 -21 
@@ -14,13 +14,15 @@ 
 

  	which openssl
 

  	which slapd
 

  	# Now, python libraries
 

+ 	python -c 'import argparse'
 

+ 	python -c 'import requests_kerberos'
 

  	python -c 'import openid'
 

  	python -c 'import openid_teams'
 

  	python -c 'import openid_cla'
 

  	python -c 'import cherrypy'
 

  	python -c 'import M2Crypto'
 

  	python -c 'import lasso'
 

- 	python -c 'import sqlalchemy'
 

+ 	python -c '__requires__ = ["sqlalchemy >= 0.8"]; import pkg_resources; import sqlalchemy'
 

  	python -c 'import ldap'
 

  	python -c 'import pam'
 

  	python -c 'import fedora'
 
@@ -28,9 +30,9 @@ 
 

  	python -c 'import jinja2'
 

  	python -c 'import psycopg2'
 

  	# And now everything else
 

- 	ls /usr/share/doc/sssd
 

- 	ls /usr/lib64/libsss_simpleifp.so.0
 

- 	ls /usr/lib64/httpd/modules/mod_wsgi.so
 

+ 	ls /usr/lib*/security/pam_sss.so
 

+ 	ls /usr/lib*/libsss_simpleifp.so.0
 

+ 	ls /usr/lib*/httpd/modules/mod_wsgi.so
 

  	ls /usr/libexec/mod_auth_mellon
 

  

  lint:
 
@@ -83,7 +85,7 @@ 
 

  		   --ignored-classes=cherrypy \
 

  		   --disable=star-args \
 

  		   ./tests
 

- 	pep8 tests
 

+ 	pep8 --ignore=E121,E123,E126,E226,E24,E704,E402 tests
 

  

  wrappers:
 

  	#rm -fr wrapdir
 
@@ -92,23 +94,25 @@ 
 

  	#SOCKET_WRAPPER_DIR=wrapdir
 

  	#SOCKET_WRAPPER_DEFAULT_IFACE=9
 

  

+ TESTDIR := $(shell mktemp --directory /tmp/ipsilon-testdir.XXXXXXXX)
 

+ 

  tests: wrappers
 

- 	rm -rf testdir
 

- 	PYTHONPATH=./ ./tests/tests.py --test=test1
 

- 	PYTHONPATH=./ ./tests/tests.py --test=testlogout
 

- 	PYTHONPATH=./ ./tests/tests.py --test=testnameid
 

- 	PYTHONPATH=./ ./tests/tests.py --test=testrest
 

- 	PYTHONPATH=./ ./tests/tests.py --test=testmapping
 

- 	PYTHONPATH=./ ./tests/tests.py --test=testgssapi
 

- 	PYTHONPATH=./ ./tests/tests.py --test=attrs
 

- 	PYTHONPATH=./ ./tests/tests.py --test=trans
 

- 	PYTHONPATH=./ ./tests/tests.py --test=pgdb
 

- 	PYTHONPATH=./ ./tests/tests.py --test=fconf
 

- 	PYTHONPATH=./ ./tests/tests.py --test=ldap
 

- 	PYTHONPATH=./ ./tests/tests.py --test=ldapdown
 

- 	PYTHONPATH=./ ./tests/tests.py --test=openid
 

- 	PYTHONPATH=./ ./tests/tests.py --test=openidc
 

- 	PYTHONPATH=./ ./tests/tests.py --test=dbupgrades
 

+ 	echo "Testdir: $(TESTDIR)"
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=test1
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=testlogout
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=testnameid
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=testrest
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=testmapping
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=testgssapi
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=attrs
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=trans
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=pgdb
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=fconf
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=ldap
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=ldapdown
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=openid
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=openidc
 

+ 	PYTHONPATH=./ ./tests/tests.py --path=$(TESTDIR) --test=dbupgrades
 

  

  test: lp-test unittests tests

file modified
+3 
@@ -2,6 +2,9 @@ 
 

  #
 

  # Copyright (C) 2015 Ipsilon project Contributors, for license see COPYING
 

  

+ __requires__ = ['sqlalchemy >= 0.8']
 

+ import pkg_resources  # pylint: disable=unused-import
 

+ 

  import argparse
 

  import cherrypy
 

  from ConfigParser import RawConfigParser

file modified
+5 -2 
@@ -1,6 +1,9 @@ 
 

  #!/usr/bin/python
 

  # Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
 

  

+ __requires__ = ['sqlalchemy >= 0.8']
 

+ import pkg_resources  # pylint: disable=unused-import
 

+ 

  from ipsilon.login.common import LoginMgrsInstall
 

  from ipsilon.info.common import InfoProviderInstall
 

  from ipsilon.providers.common import ProvidersInstall
 
@@ -132,7 +135,7 @@ 
 

      if WSGI_SOCKET_PREFIX:
 

          confopts['wsgi_socket'] = 'WSGISocketPrefix %s' % WSGI_SOCKET_PREFIX
 

      else:
 

-         confopts['wsgi_socket'] = ''
 

+         confopts['wsgi_socket'] = 'WSGISocketPrefix run/wsgi'

This is needed on Apache 2.2. I checked and confirmed that this is the default on Apache 2.4.

 
      files.write_from_template(ipsilon_conf,
 

                                os.path.join(TEMPLATES, 'ipsilon.conf'),
 

                                confopts)
 
@@ -229,7 +232,7 @@ 
 

      files.fix_user_dirs(instance_conf, opts['system_user'])
 

      files.fix_user_dirs(args['data_dir'], opts['system_user'])
 

      try:
 

-         subprocess.call(['/usr/sbin/restorecon', '-R', args['data_dir']])
 

+         subprocess.call(['/sbin/restorecon', '-R', args['data_dir']])
 

      except Exception:  # pylint: disable=broad-except
 

          pass

file modified
+3 
@@ -2,6 +2,9 @@ 
 

  #
 

  # Copyright (C) 2015 Ipsilon project Contributors, for license see COPYING
 

  

+ __requires__ = ['sqlalchemy >= 0.8']
 

+ import pkg_resources  # pylint: disable=unused-import
 

+ 

  import sys
 

  from ipsilon import find_config
 

  from ipsilon.tools import dbupgrade

file modified
+6 
@@ -2,6 +2,12 @@ 
 

  #
 

  # Copyright (C) 2013 Ipsilon project Contributors, for license see COPYING
 

  

+ # These lines make sure that we have at least a minimum version of some
 

+ # packages, since we depend on features provided by them.
 

+ import __main__
 

+ __main__.__requires__ = ['sqlalchemy >= 0.8', 'jinja2 >= 2.4']
 

+ import pkg_resources  # pylint: disable=unused-import
 

+ 

  import sys
 

  sys.stdout = sys.stderr
 

  import glob

file modified
+14 -7 
@@ -25,7 +25,7 @@ 
 

          # If we can get here, we must be authenticated and remote_user
 

          # was set. Check the session has a user set already or error.
 

          us = UserSession()
 

-         us.remote_login()
 

+         us.remote_login(is_krb=True)
 

          self.user = us.get_user()
 

          if not self.user.is_anonymous:
 

              principal = cherrypy.request.wsgi_environ.get('GSS_NAME', None)
 
@@ -87,11 +87,19 @@ 
 

  CONF_TEMPLATE = """
 

  

  <Location /${instance}/login/gssapi/negotiate>
 

-   AuthType GSSAPI
 

    AuthName "GSSAPI Single Sign On Login"
 

-   $keytab
 

-   GssapiSSLonly $gssapisslonly
 

-   GssapiLocalName on
 

+   <IfModule mod_auth_gssapi.c>
 

+     GssapiCredStore keytab:$keytab
 

+     AuthType GSSAPI
 

+     GssapiSSLonly $gssapisslonly
 

+     GssapiLocalName on
 

+   </IfModule>
 

+   <IfModule mod_auth_kerb.c>
 

+     Krb5KeyTab $keytab
 

+     AuthType Kerberos
 

+     KrbMethodNegotiate On
 

+     KrbMethodK5Passwd Off
 

+   </IfModule>
 

    Require valid-user
 

  

    ErrorDocument 401 /${instance}/login/gssapi/unauthorized
 
@@ -121,8 +129,7 @@ 
 

          confopts = {'instance': opts['instance']}
 

  

          if os.path.exists(opts['gssapi_httpd_keytab']):
 

-             confopts['keytab'] = 'GssapiCredStore keytab:%s' % (
 

-                 opts['gssapi_httpd_keytab'])
 

+             confopts['keytab'] = opts['gssapi_httpd_keytab']
 

          else:
 

              raise Exception('Keytab not found')

file modified
+5 
@@ -56,6 +56,11 @@ 
 

              auth_type = cherrypy.request.wsgi_environ.get('AUTH_TYPE')
 

              if auth_type:
 

                  auth_type = 'external:%s' % (auth_type.lower())
 

+                 if auth_type == 'external:negotiate' and '@' in username:
 

+                     # This was likely mod_auth_kerb. Let's be compatible with
 

+                     # gssapi
 

+                     cherrypy.request.wsgi_environ['GSS_NAME'] = username
 

+                     username = username[:username.find('@')]
 

  

          self.debug("get_external_auth_info: username=%s auth_type=%s" % (
 

              username, auth_type))

file modified
+6 -2 
@@ -99,9 +99,13 @@ 
 

      def get_user(self):
 

          return User(self.user)
 

  

-     def remote_login(self):
 

+     def remote_login(self, is_krb=False):
 

          if cherrypy.request.login:
 

-             self.login(cherrypy.request.login)
 

+             username = cherrypy.request.login
 

+             if is_krb and '@' in username:
 

+                 cherrypy.request.wsgi_environ['GSS_NAME'] = username
 

+                 username = username[:username.find('@')]
 

+             self.login(username)
 

          else:
 

              self.nuke_data('user')

file modified
+2 -2 
@@ -59,13 +59,13 @@ 
 

      text = t.substitute({'workdir': workdir})
 

      with open(sql, 'w+') as f:
 

          f.write(text)
 

-     subprocess.call(['sqlite3', '-init', sql, admin_db, '.quit'])
 

+     subprocess.call(['/usr/bin/sqlite3', '-init', sql, admin_db, '.quit'])
 

  

      users_db = os.path.join(workdir, 'userprefs.sqlite')
 

      sql = os.path.join(workdir, 'users.sql')
 

      with open(sql, 'w+') as f:
 

          f.write(USERS_TEMPLATE)
 

-     subprocess.call(['sqlite3', '-init', sql, users_db, '.quit'])
 

+     subprocess.call(['/usr/bin/sqlite3', '-init', sql, users_db, '.quit'])
 

  

      trans_db = os.path.join(workdir, 'transactions.sqlite')
 

      cachedir = os.path.join(workdir, 'cache')

file modified
+25 -2 
@@ -23,15 +23,33 @@ 
 

  </Location>
 

  

  <Directory ${ipsilondir}>
 

+   <IfModule mod_authz_core.c>
 

      Require all granted
 

+   </IfModule>
 

+   <IfModule !mod_authz_core.c>
 

+     Order Allow,Deny
 

+     Allow from All
 

+   </IfModule>
 

  </Directory>
 

  

  <Directory ${staticdir}>
 

+   <IfModule mod_authz_core.c>
 

      Require all granted
 

+   </IfModule>
 

+   <IfModule !mod_authz_core.c>
 

+     Order Allow,Deny
 

+     Allow from All
 

+   </IfModule>
 

  </Directory>
 

  

  <Directory ${wellknowndir}>
 

+   <IfModule mod_authz_core.c>
 

      Require all granted
 

+   </IfModule>
 

+   <IfModule !mod_authz_core.c>
 

+     Order Allow,Deny
 

+     Allow from All
 

+   </IfModule>
 

  </Directory>
 

  <Location /.well-known/browserid>
 

      ForceType application/json
 
@@ -40,6 +58,11 @@ 
 

  <Directory "/var/cache/ipsilon">
 

    SetHandler None
 

    AllowOverride None
 

-   Satisfy Any
 

-   Allow from all
 

+   <IfModule mod_authz_core.c>
 

+     Require all granted
 

+   </IfModule>
 

+   <IfModule !mod_authz_core.c>
 

+     Order Allow,Deny
 

+     Allow from All
 

+   </IfModule>
 

  </Directory>

file modified
+6 
@@ -35,7 +35,13 @@ 
 

  ${sp}    <IfModule !mod_nss.c>
 

  ${sp}        SSLRequireSSL
 

  ${sp}    </IfModule>
 

+ ${sp}  <IfModule mod_authz_core.c>
 

  ${sp}    Require all granted
 

+ ${sp}  </IfModule>
 

+ ${sp}  <IfModule !mod_authz_core.c>
 

+ ${sp}    Order Allow,Deny
 

+ ${sp}    Allow from All
 

+ ${sp}  </IfModule>
 

  ${sp}</Directory>
 

  

  # Redirect requests to the secure port

file modified
+7 -1 
@@ -58,7 +58,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

      Options +Includes
 

  </Directory>
 

  """

file modified
+3 -3 
@@ -64,7 +64,7 @@ 
 

                  db_in = os.path.join(db_indir, '%s.sqlite.dump' % database)
 

                  db_out = os.path.join(db_outdir, '%s.sqlite' % database)
 

                  os.unlink(db_out)
 

-                 cmd = ['/bin/sqlite3', db_out, '.read %s' % db_in]
 

+                 cmd = ['/usr/bin/sqlite3', db_out, '.read %s' % db_in]
 

                  subprocess.check_call(cmd)
 

  

              # Upgrade that database
 
@@ -80,7 +80,7 @@ 
 

              # Check all features in a newly created database
 

              # Let's verify if at least one index was created
 

              test_db = os.path.join(db_outdir, 'adminconfig.sqlite')
 

-             p = subprocess.Popen(['/bin/sqlite3', test_db, '.dump'],
 

+             p = subprocess.Popen(['/usr/bin/sqlite3', test_db, '.dump'],
 

                                   stdout=subprocess.PIPE)
 

              output, _ = p.communicate()
 

              if p.returncode:
 
@@ -95,7 +95,7 @@ 
 

              # In 1 -> 2, we added indexes and primary keys
 

              # Let's verify if at least one index was created
 

              test_db = os.path.join(db_outdir, 'adminconfig.sqlite')
 

-             p = subprocess.Popen(['/bin/sqlite3', test_db, '.dump'],
 

+             p = subprocess.Popen(['/usr/bin/sqlite3', test_db, '.dump'],
 

                                   stdout=subprocess.PIPE)
 

              output, _ = p.communicate()
 

              if p.returncode:

file modified
+7 -1 
@@ -77,7 +77,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

  </Directory>
 

  """
 

      index = """WORKS!"""

file modified
+4 -4 
@@ -32,7 +32,7 @@ 
 

  

  [realms]
 

    ${TESTREALM} = {
 

-     kdc =${WRAP_HOSTNAME}
 

+     kdc =${WRAP_HOSTNAME}:8888

Port wasn't there before and is now?

Correct.
Before, it was using the default port 88.
Now we're explicitly using a different port to stay outside of the privileged range of ports.

 
    }
 

  

  [domain_realm]
 
@@ -47,8 +47,8 @@ 
 

  

  KDC_CONF_TEMPLATE = '''
 

  [kdcdefaults]
 

-  kdc_ports = 88
 

-  kdc_tcp_ports = 88
 

+  kdc_ports = 8888
 

+  kdc_tcp_ports = 8888
 

   restrict_anonymous_to_tgt = true
 

  

  [realms]
 
@@ -250,7 +250,7 @@ 
 

  

      def start_pgdb_server(self, datadir, rundir, log, addr, port, env):
 

          p = subprocess.Popen(['/usr/bin/pg_ctl', 'start', '-D', datadir, '-o',
 

-                               '-c unix_socket_directories=%s -c port=%s -c \
 

+                               '-k %s -c port=%s -c \
 

                                 listen_addresses=%s' % (rundir, port, addr),
 

                                '-l', log, '-w'],
 

                               env=env, preexec_fn=os.setsid)

file modified
+51 -59 
@@ -1,94 +1,80 @@ 
 

  ServerRoot "${HTTPROOT}"
 

  ServerName ${NAME}.ipsilon.dev
 

  

- LoadModule access_compat_module modules/mod_access_compat.so
 

- LoadModule actions_module modules/mod_actions.so
 

- LoadModule alias_module modules/mod_alias.so
 

- LoadModule allowmethods_module modules/mod_allowmethods.so
 

- LoadModule auth_basic_module modules/mod_auth_basic.so
 

- #LoadModule auth_digest_module modules/mod_auth_digest.so
 

- LoadModule authn_anon_module modules/mod_authn_anon.so
 

- LoadModule authn_core_module modules/mod_authn_core.so
 

- LoadModule authn_dbd_module modules/mod_authn_dbd.so
 

- LoadModule authn_dbm_module modules/mod_authn_dbm.so
 

  LoadModule authn_file_module modules/mod_authn_file.so
 

- LoadModule authn_socache_module modules/mod_authn_socache.so
 

- LoadModule authz_core_module modules/mod_authz_core.so
 

- LoadModule authz_dbd_module modules/mod_authz_dbd.so
 

- LoadModule authz_dbm_module modules/mod_authz_dbm.so
 

- LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
 

- LoadModule authz_host_module modules/mod_authz_host.so
 

- LoadModule authz_owner_module modules/mod_authz_owner.so
 

+ LoadModule authn_anon_module modules/mod_authn_anon.so
 

  LoadModule authz_user_module modules/mod_authz_user.so
 

- LoadModule autoindex_module modules/mod_autoindex.so
 

- LoadModule cache_module modules/mod_cache.so
 

- LoadModule cache_disk_module modules/mod_cache_disk.so
 

- LoadModule data_module modules/mod_data.so
 

- LoadModule dbd_module modules/mod_dbd.so
 

- LoadModule deflate_module modules/mod_deflate.so
 

- LoadModule dir_module modules/mod_dir.so
 

- LoadModule dumpio_module modules/mod_dumpio.so
 

- LoadModule echo_module modules/mod_echo.so
 

+ LoadModule authz_host_module modules/mod_authz_host.so
 

+ LoadModule include_module modules/mod_include.so
 

+ LoadModule log_config_module modules/mod_log_config.so
 

  LoadModule env_module modules/mod_env.so
 

- LoadModule expires_module modules/mod_expires.so
 

  LoadModule ext_filter_module modules/mod_ext_filter.so
 

- LoadModule filter_module modules/mod_filter.so
 

+ LoadModule expires_module modules/mod_expires.so
 

  LoadModule headers_module modules/mod_headers.so
 

- LoadModule include_module modules/mod_include.so
 

- LoadModule info_module modules/mod_info.so
 

- LoadModule log_config_module modules/mod_log_config.so
 

- LoadModule logio_module modules/mod_logio.so
 

- LoadModule macro_module modules/mod_macro.so
 

- LoadModule mime_magic_module modules/mod_mime_magic.so
 

  LoadModule mime_module modules/mod_mime.so
 

- LoadModule negotiation_module modules/mod_negotiation.so
 

- LoadModule remoteip_module modules/mod_remoteip.so
 

- LoadModule reqtimeout_module modules/mod_reqtimeout.so
 

- LoadModule rewrite_module modules/mod_rewrite.so
 

- LoadModule setenvif_module modules/mod_setenvif.so
 

- LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
 

- LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
 

- LoadModule socache_dbm_module modules/mod_socache_dbm.so
 

- LoadModule socache_memcache_module modules/mod_socache_memcache.so
 

- LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 

  LoadModule status_module modules/mod_status.so
 

+ LoadModule negotiation_module modules/mod_negotiation.so
 

+ LoadModule dir_module modules/mod_dir.so
 

  LoadModule ssl_module modules/mod_ssl.so
 

- LoadModule substitute_module modules/mod_substitute.so
 

- LoadModule suexec_module modules/mod_suexec.so
 

- LoadModule unique_id_module modules/mod_unique_id.so
 

- LoadModule unixd_module modules/mod_unixd.so
 

- LoadModule userdir_module modules/mod_userdir.so
 

+ LoadModule alias_module modules/mod_alias.so
 

+ LoadModule rewrite_module modules/mod_rewrite.so
 

  LoadModule version_module modules/mod_version.so
 

- LoadModule vhost_alias_module modules/mod_vhost_alias.so
 

- 

- LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
 

  LoadModule wsgi_module modules/mod_wsgi.so
 

- LoadModule auth_gssapi_module modules/mod_auth_gssapi.so
 

  # openidc needs to be before mellon: https://bugzilla.redhat.com/show_bug.cgi?id=1332729
 

  LoadModule auth_openidc_module modules/mod_auth_openidc.so
 

- LoadModule auth_mellon_module modules/mod_auth_mellon.so
 

  

  Listen ${HTTPADDR}:${HTTPPORT} https
 

  SSLCertificateFile "${CERTROOT}/${NAME}.pem"
 

  SSLCertificateKeyFile "${CERTROOT}/${NAME}.key"
 

  SSLEngine on
 

  

+ <IfVersion < 2.4>
 

+     LoadModule auth_kerb_module modules/mod_auth_kerb.so
 

+ </IfVersion>
 

+ <IfVersion >= 2.4>
 

+     LoadModule authn_core_module modules/mod_authn_core.so
 

+     LoadModule authz_core_module modules/mod_authz_core.so
 

+     LoadModule unixd_module modules/mod_unixd.so
 

+     LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
 

+     LoadModule auth_gssapi_module modules/mod_auth_gssapi.so
 

+ </IfVersion>
 

+ 

+ # This needs to be loaded last
 

+ LoadModule auth_mellon_module modules/mod_auth_mellon.so
 

  

  <Directory />
 

      AllowOverride none
 

-     Require all denied
 

+     <IfModule mod_authz_core.c>
 

+       Require all denied
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+       Order Allow,Deny
 

+       Deny from All
 

+     </IfModule>
 

  </Directory>
 

  

  DocumentRoot "${HTTPROOT}/html"
 

  <Directory "${HTTPROOT}">
 

      AllowOverride None
 

      # Allow open access:
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+       Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+       Order Allow,Deny
 

+       Allow from All
 

+     </IfModule>
 

  </Directory>
 

  <Directory "${HTTPROOT}/html">
 

      Options Indexes FollowSymLinks
 

      AllowOverride None
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+       Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+       Order Allow,Deny
 

+       Allow from All
 

+     </IfModule>
 

  </Directory>
 

  

  <IfModule dir_module>
 
@@ -96,7 +82,13 @@ 
 

  </IfModule>
 

  

  <Files ".ht*">
 

-     Require all denied
 

+     <IfModule mod_authz_core.c>
 

+       Require all denied
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+       Order Allow,Deny
 

+       Deny from All
 

+     </IfModule>
 

  </Files>
 

  

  PidFile "${HTTPROOT}/logs/httpd.pid"
 
@@ -119,6 +111,6 @@ 
 

  

  AddDefaultCharset UTF-8
 

  

- IncludeOptional conf.d/*.conf
 

+ Include conf.d/*.conf
 

  

  CoreDumpDirectory /tmp

file modified
+10 -4 
@@ -62,7 +62,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

      Options +Includes
 

  </Directory>
 

  """
 
@@ -124,7 +130,7 @@ 
 

      sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'tuser')
 

      sess.add_server(spname, 'https://127.0.0.11:45081')
 

  

-     print "test1: Authenticate to IDP ...",
 

+     print "ldap: Authenticate to IDP ...",
 

      try:
 

          sess.auth_to_idp(idpname)
 

      except Exception, e:  # pylint: disable=broad-except
 
@@ -132,7 +138,7 @@ 
 

          sys.exit(1)
 

      print " SUCCESS"
 

  

-     print "test1: Add SP Metadata to IDP ...",
 

+     print "ldap: Add SP Metadata to IDP ...",
 

      try:
 

          sess.add_sp_metadata(idpname, spname)
 

      except Exception, e:  # pylint: disable=broad-except
 
@@ -140,7 +146,7 @@ 
 

          sys.exit(1)
 

      print " SUCCESS"
 

  

-     print "test1: Access SP Protected Area ...",
 

+     print "ldap: Access SP Protected Area ...",
 

      try:
 

          page = sess.fetch_page(idpname,
 

                                 'https://127.0.0.11:45081/sp/index.shtml')

file modified
+7 -1 
@@ -64,7 +64,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

      Options +Includes
 

  </Directory>
 

  """

file modified
+7 -1 
@@ -39,7 +39,13 @@ 
 

  WSGIScriptAlias / ${TESTDIR}/blobs/openid_app.py
 

  

  <Directory ${TESTDIR}/blobs>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

  </Directory>
 

  """
 

      t = Template(client_wsgi)

file modified
+7 -1 
@@ -55,7 +55,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

  </Directory>
 

  

  Alias /open ${HTTPDIR}/open

file modified
+7 -1 
@@ -76,7 +76,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

  </Directory>
 

  """
 

      index = """WORKS!"""

file modified
+7 -1 
@@ -64,7 +64,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

  </Directory>
 

  """
 

      index = """WORKS!"""

file modified
+7 -1 
@@ -86,7 +86,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

  </Directory>
 

  

  Alias /open ${HTTPDIR}/open

file modified
+7 -1 
@@ -103,7 +103,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

      Options +Includes
 

  </Directory>

file modified
+7 -1 
@@ -88,7 +88,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

      Options +Includes
 

  </Directory>
 

  """

file modified
+7 -1 
@@ -72,7 +72,13 @@ 
 

  Alias /${ALIAS} ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/${ALIAS}>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

  </Directory>
 

  """
 

      index = """WORKS!"""

file modified
+3 
@@ -2,6 +2,9 @@ 
 

  #
 

  # Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
 

  

+ __requires__ = ['sqlalchemy >= 0.8']
 

+ import pkg_resources  # pylint: disable=unused-import

This seems to be the only place where we silent pylint for this error/warning, should we add it elsewhere?

 
+ 

  import argparse
 

  import inspect
 

  from ipsilon.util import plugin

file modified
+7 -1 
@@ -49,7 +49,13 @@ 
 

  Alias /sp ${HTTPDIR}/sp
 

  

  <Directory ${HTTPDIR}/sp>
 

-     Require all granted
 

+     <IfModule mod_authz_core.c>
 

+         Require all granted
 

+     </IfModule>
 

+     <IfModule !mod_authz_core.c>
 

+         Order Allow,Deny
 

+         Allow from All
 

+     </IfModule>
 

  </Directory>
 

  """
 

      index = """WORKS!"""

This contains a restructuring of much of the PR#38 changes.
This might leave some things left to be fixed for older OS'es, but should merge most of it.

9 new commits added

  • Move the KDC port outside of the privileged range
  • Use version-independent way to pass socket dir to postgres
  • Resolve identity problem in ldap test
  • Support mod_auth_kerb
  • Use new sqlalchemy and jinja2
  • Use temporary testdir
  • Make apache configs compatible with pre-2.3
  • Use more specific paths to binaries for pre-usrmove compatibility
  • Test for some more dependencies that we also use
7 years ago

9 new commits added

  • Move the KDC port outside of the privileged range
  • Use version-independent way to pass socket dir to postgres
  • Resolve identity problem in ldap test
  • Support mod_auth_kerb
  • Use new sqlalchemy and jinja2
  • Use temporary testdir
  • Make apache configs compatible with pre-2.3
  • Use more specific paths to binaries for pre-usrmove compatibility
  • Test for some more dependencies that we also use
7 years ago

Should it precise what is True (ie is_krb=True)?

Port wasn't there before and is now?

This seems to be the only place where we silent pylint for this error/warning, should we add it elsewhere?

Correct.
Before, it was using the default port 88.
Now we're explicitly using a different port to stay outside of the privileged range of ports.

9 new commits added

  • Move the KDC port outside of the privileged range
  • Use version-independent way to pass socket dir to postgres
  • Resolve identity problem in ldap test
  • Support mod_auth_kerb
  • Use new sqlalchemy and jinja2
  • Use temporary testdir
  • Make apache configs compatible with pre-2.3
  • Use more specific paths to binaries for pre-usrmove compatibility
  • Test for some more dependencies that we also use
7 years ago

Looks fine to me

9 new commits added

  • Move the KDC port outside of the privileged range
  • Use version-independent way to pass socket dir to postgres
  • Resolve identity problem in ldap test
  • Support mod_auth_kerb
  • Use new sqlalchemy and jinja2
  • Use temporary testdir
  • Make apache configs compatible with pre-2.3
  • Use more specific paths to binaries for pre-usrmove compatibility
  • Test for some more dependencies that we also use
7 years ago

Still :thumbsup: for me :)

1 new commit added

  • Explicitly default to WSGI Socket Prefix run/wsgi
7 years ago

rebased
7 years ago

This is needed on Apache 2.2. I checked and confirmed that this is the default on Apache 2.4.

Looking good to me.

Thanks, this has been merged.

Pull-Request has been closed by puiterwijk
7 years ago
Metadata
None
No Tags
Changes Summary 28
+25 -21
file changed
Makefile
+3 -0
file changed
ipsilon/install/ipsilon-db2conf
+5 -2
file changed
ipsilon/install/ipsilon-server-install
+3 -0
file changed
ipsilon/install/ipsilon-upgrade-database
+6 -0
file changed
ipsilon/ipsilon
+14 -7
file changed
ipsilon/login/authgssapi.py
+5 -0
file changed
ipsilon/login/common.py
+6 -2
file changed
ipsilon/util/user.py
+2 -2
file changed
quickrun.py
+25 -2
file changed
templates/install/idp.conf
+6 -0
file changed
templates/install/saml2/sp.conf
+7 -1
file changed
tests/attrs.py
+3 -3
file changed
tests/dbupgrades.py
+7 -1
file changed
tests/fconf.py
+4 -4
file changed
tests/helpers/common.py
+51 -59
file changed
tests/httpd.conf
+10 -4
file changed
tests/ldap.py
+7 -1
file changed
tests/ldapdown.py
+7 -1
file changed
tests/openid.py
+7 -1
file changed
tests/pgdb.py
+7 -1
file changed
tests/test1.py
+7 -1
file changed
tests/testgssapi.py
+7 -1
file changed
tests/testlogout.py
+7 -1
file changed
tests/testmapping.py
+7 -1
file changed
tests/testnameid.py
+7 -1
file changed
tests/testrest.py
+3 -0
file changed
tests/tests.py
+7 -1
file changed
tests/trans.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.