nss-pam-ldapd commit: r1171 - in nss-pam-ldapd: . debian
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd commit: r1171 - in nss-pam-ldapd: . debian
- From: "Commits of the nss-pam-ldapd project." <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd commit: r1171 - in nss-pam-ldapd: . debian
- Date: Sat, 14 Aug 2010 16:33:53 +0200 (CEST)
Author: arthur
Date: Sat Aug 14 16:33:51 2010
New Revision: 1171
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1171
Log:
offer to add ldap to shadow in nsswitch.conf if a potential broken
configuration is found
Added:
nss-pam-ldapd/debian/libpam-ldapd.lintian-overrides
nss-pam-ldapd/debian/libpam-ldapd.templates
Modified:
nss-pam-ldapd/Makefile.am
nss-pam-ldapd/debian/libnss-ldapd.postinst
nss-pam-ldapd/debian/libnss-ldapd.postrm
nss-pam-ldapd/debian/libpam-ldapd.postinst
Modified: nss-pam-ldapd/Makefile.am
==============================================================================
--- nss-pam-ldapd/Makefile.am Sat Aug 14 15:29:02 2010 (r1170)
+++ nss-pam-ldapd/Makefile.am Sat Aug 14 16:33:51 2010 (r1171)
@@ -52,10 +52,12 @@
debian/libnss-ldapd.postrm \
debian/libnss-ldapd.templates \
debian/libpam-ldapd.install \
+ debian/libpam-ldapd.lintian-overrides \
debian/libpam-ldapd.manpages \
debian/libpam-ldapd.pam-auth-update \
debian/libpam-ldapd.postinst \
debian/libpam-ldapd.prerm \
+ debian/libpam-ldapd.templates \
debian/po/POTFILES.in debian/po/templates.pot \
$(wildcard debian/po/*.po)
Modified: nss-pam-ldapd/debian/libnss-ldapd.postinst
==============================================================================
--- nss-pam-ldapd/debian/libnss-ldapd.postinst Sat Aug 14 15:29:02 2010
(r1170)
+++ nss-pam-ldapd/debian/libnss-ldapd.postinst Sat Aug 14 16:33:51 2010
(r1171)
@@ -7,6 +7,7 @@
# check to see if name is configured to do lookups through
# LDAP and enable if not
+# Note: this function is in both libnss-ldapd.postinst and
libpam-ldapd.postinst
nss_enable()
{
name="$1"
@@ -27,6 +28,7 @@
}
# remove NSS lookups though LDAP for the specified service
+# Note: this function is in both libnss-ldapd.postinst and libnss-ldapd.postrm
nss_disable()
{
name="$1"
Modified: nss-pam-ldapd/debian/libnss-ldapd.postrm
==============================================================================
--- nss-pam-ldapd/debian/libnss-ldapd.postrm Sat Aug 14 15:29:02 2010
(r1170)
+++ nss-pam-ldapd/debian/libnss-ldapd.postrm Sat Aug 14 16:33:51 2010
(r1171)
@@ -3,6 +3,7 @@
set -e
# remove NSS lookups though LDAP for the specified service
+# Note: this function is in both libnss-ldapd.postinst and libnss-ldapd.postrm
nss_disable()
{
name="$1"
Added: nss-pam-ldapd/debian/libpam-ldapd.lintian-overrides
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ nss-pam-ldapd/debian/libpam-ldapd.lintian-overrides Sat Aug 14 16:33:51
2010 (r1171)
@@ -0,0 +1,6 @@
+# we prompt in postinst instead of config because we can only
+# reliably detect the actual configuration in postinst and are
+# only doing this if we detect that there is something wrong
+# with the actual config
+libpam-ldapd: no-debconf-config
+libpam-ldapd: postinst-uses-db-input
Modified: nss-pam-ldapd/debian/libpam-ldapd.postinst
==============================================================================
--- nss-pam-ldapd/debian/libpam-ldapd.postinst Sat Aug 14 15:29:02 2010
(r1170)
+++ nss-pam-ldapd/debian/libpam-ldapd.postinst Sat Aug 14 16:33:51 2010
(r1171)
@@ -2,6 +2,48 @@
set -e
+# source debconf library.
+. /usr/share/debconf/confmodule
+db_version 2.0
+
#DEBHELPER#
pam-auth-update --package
+
+# check to see if name is configured to do lookups through
+# LDAP and enable if not
+# Note: this function is in both libnss-ldapd.postinst and
libpam-ldapd.postinst
+nss_enable()
+{
+ name="$1"
+ if ! grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+ then
+ echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2
+ if grep -q '^'$name':' /etc/nsswitch.conf
+ then
+ # modify an existing entry by just adding ldap to the end
+ sed -i 's/^\('$name':.*[^[:space:]]\)[[:space:]]*$/\1 ldap/'
/etc/nsswitch.conf
+ else
+ # append a new line
+ printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf
+ fi
+ fi
+ # we're done
+ return 0
+}
+
+# if /etc/nsswitch.conf contains passwd: ..ldap but not shadow: ...ldap
+# warn the user that this will not work and offer to fix it
+if grep -q '^passwd:.*ldap' /etc/nsswitch.conf && \
+ ! grep -q '^shadow:.*ldap' /etc/nsswitch.conf
+then
+ if db_input critical libpam-ldapd/enable_shadow
+ then
+ db_go
+ db_get libpam-ldapd/enable_shadow
+ if [ "$RET" = "true" ]
+ then
+ nss_enable shadow
+ fi
+ fi
+fi
Added: nss-pam-ldapd/debian/libpam-ldapd.templates
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ nss-pam-ldapd/debian/libpam-ldapd.templates Sat Aug 14 16:33:51 2010
(r1171)
@@ -0,0 +1,15 @@
+Template: libpam-ldapd/enable_shadow
+Type: boolean
+Default: true
+_Description: Enable shadow lookups through NSS?
+ For the proper operation of the PAM stack the NSS module should return
+ shadow information for LDAP users, otherwise these users will not be able
+ to log in. Note that the shadow entries themselves may be empty (i.e. it
+ is not needed to expose password hashes).
+ .
+ More background information on this requirement can be found here:
+ http://bugs.debian.org/583492
+ .
+ You can edit /etc/nsswitch.conf by hand or choose to add the entry
+ automatically now. Be sure to review the changes to /etc/nsswitch.conf if
+ you choose to add the entry now.
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits
- nss-pam-ldapd commit: r1171 - in nss-pam-ldapd: . debian,
Commits of the nss-pam-ldapd project.
