nss-pam-ldapd commit: r1412 - nss-pam-ldapd/debian

[Date Prev][Date Next] [Thread Prev][Thread Next]
From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd commit: r1412 - nss-pam-ldapd/debian
Date: Fri, 25 Mar 2011 17:08:05 +0100 (CET)
Author: arthur
Date: Fri Mar 25 17:08:03 2011
New Revision: 1412
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1412

Log:
integrate patch by Daniel Dehennin to not loose debconf values of previously 
set options with dpkg-reconfigure

Modified:
   nss-pam-ldapd/debian/nslcd.config
   nss-pam-ldapd/debian/nslcd.postinst

Modified: nss-pam-ldapd/debian/nslcd.config
==============================================================================
--- nss-pam-ldapd/debian/nslcd.config   Fri Mar 25 14:30:46 2011        (r1411)
+++ nss-pam-ldapd/debian/nslcd.config   Fri Mar 25 17:08:03 2011        (r1412)
@@ -26,13 +26,11 @@
 {
   debconf_param="$1"
   cfg_param="$2"
-  # get debconf value to ensure we don't overwrite an already set value
+  # overwrite debconf value if different from config file
   db_get "$debconf_param"
-  if [ -z "$RET" ]
-  then
-    value=`sed -n 
's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip'
 "$cfgfile" | tail -n 1`
-    [ -n "$value" ] && db_set "$debconf_param" "$value"
-  fi
+  debconf_value="$RET"
+  cfgfile_value=`sed -n 
's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip'
 "$cfgfile" | tail -n 1`
+  [ -n "$cfgfile_value" ] && [ "$debconf_value" != "$cfgfile_value" ] && 
db_set "$debconf_param" "$cfgfile_value"
   # we're done
   return 0
 }
@@ -49,8 +47,6 @@
     [ -z "$domain" ] && domain=`hostname --nis | grep '\.'` || true
     [ -z "$domain" ] && domain=`hostname --fqdn | sed -n 's/^[^.]*\.//p'` || 
true
     [ -z "$domain" ] && domain=`sed -n 's/^ *\(domain\|search\) *\([^ ]*\) 
*$/\2/p' /etc/resolv.conf | head -n 1` || true
-    db_get nslcd/ldap-base
-    searchbase="$RET"
     # if the ldap-base value doesn't seem to be preseeded, try to use the
     # domain name to build the default base
     if [ -n "$domain" ]
@@ -147,18 +143,6 @@
 # and fall back to guessing the config from some other system files
 if [ -f "$CONFFILE" ]
 then
-  # clear settings to pick up valus from configfile
-  db_set nslcd/ldap-uris ""
-  db_set nslcd/ldap-base ""
-  db_set nslcd/ldap-binddn ""
-  db_set nslcd/ldap-bindpw ""
-  db_set nslcd/ldap-sasl-mech ""
-  db_set nslcd/ldap-sasl-realm ""
-  db_set nslcd/ldap-sasl-authcid ""
-  db_set nslcd/ldap-sasl-authzid ""
-  db_set nslcd/ldap-sasl-secprops ""
-  db_set nslcd/ldap-starttls ""
-  db_set nslcd/ldap-reqcert ""
   # parse current configuration
   parsecfg "$CONFFILE"
 else
@@ -180,18 +164,22 @@
 [ -z "$RET" ] && db_set nslcd/ldap-starttls "false"
 
 # deduce auth-type from available information
-db_get nslcd/ldap-sasl-mech
-sasl_mech="$RET"
-db_get nslcd/ldap-binddn
-binddn="$RET"
-if [ -n "$sasl_mech" ]
-then
-  db_set nslcd/ldap-auth-type "SASL"
-elif [ -n "$binddn" ]
+db_get nslcd/ldap-auth-type
+if [ -z "$RET" ]
 then
-  db_set nslcd/ldap-auth-type "simple"
-else
-  db_set nslcd/ldap-auth-type "none"
+  db_get nslcd/ldap-sasl-mech
+  sasl_mech="$RET"
+  db_get nslcd/ldap-binddn
+  binddn="$RET"
+  if [ -n "$sasl_mech" ]
+  then
+    db_set nslcd/ldap-auth-type "SASL"
+  elif [ -n "$binddn" ]
+  then
+    db_set nslcd/ldap-auth-type "simple"
+  else
+    db_set nslcd/ldap-auth-type "none"
+  fi
 fi
 
 #
@@ -225,24 +213,19 @@
     db_get nslcd/ldap-auth-type
     case "$RET" in
     none)
-      # anonymous bind, nothing to ask (clear options)
-      db_set nslcd/ldap-binddn ""
+      # anonymous bind, nothing to ask (clear password)
       db_set nslcd/ldap-bindpw ""
-      db_set nslcd/ldap-sasl-mech ""
       state="starttls"
       ;;
     simple)
       # ask for binddn and bindpw
       db_input medium nslcd/ldap-binddn || true
       db_input medium nslcd/ldap-bindpw || true
-      db_set nslcd/ldap-sasl-mech ""
       state="starttls"
       ;;
     SASL)
       # ask about SASL mechanism (other SASL questions depend on this)
       db_input medium nslcd/ldap-sasl-mech || true
-      # RFC4313 if SASL, binddn should be disabled
-      db_set nslcd/ldap-binddn ""
       state="sasloptions"
       ;;
     *)
@@ -261,9 +244,6 @@
     then
       db_input medium nslcd/ldap-sasl-authcid || true
       db_input medium nslcd/ldap-bindpw || true
-    else
-      db_set nslcd/ldap-sasl-authcid ""
-      db_set nslcd/ldap-bindpw ""
     fi
     db_input medium nslcd/ldap-sasl-authzid || true
     db_input medium nslcd/ldap-sasl-secprops || true
@@ -273,8 +253,6 @@
       db_get nslcd/ldap-sasl-krb5-ccname
       [ -z "$RET" ] && db_set nslcd/ldap-sasl-krb5-ccname 
"/var/run/nslcd/nslcd.tkt"
       db_input low nslcd/ldap-sasl-krb5-ccname || true
-    else
-      db_set nslcd/ldap-sasl-krb5-ccname ""
     fi
     # ask the question, go to the next question or back
     state="starttls"

Modified: nss-pam-ldapd/debian/nslcd.postinst
==============================================================================
--- nss-pam-ldapd/debian/nslcd.postinst Fri Mar 25 14:30:46 2011        (r1411)
+++ nss-pam-ldapd/debian/nslcd.postinst Fri Mar 25 17:08:03 2011        (r1412)
@@ -41,22 +41,24 @@
   return 0
 }
 
-# disable an option in the configuration file by commenting it out
+# disable options in the configuration file by commenting them out
 cfg_disable()
 {
-  parameter="$1"
-  # handle bindpw option specially by removing value from config first
-  if [ "$parameter" = "bindpw" ] && grep -i -q "^bindpw " $CONFFILE
-  then
-    cfg_set bindpw "*removed*"
-  fi
-  # make matching of spaces better in parameter
-  param_re=`echo "$parameter" | sed 
's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'`
-  # lines to not match
-  
nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
-  # comment out the option
-  sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE"
-  # we're done
+  for parameter in $@
+  do
+    # handle bindpw option specially by removing value from config first
+    if [ "$parameter" = "bindpw" ] && grep -i -q "^bindpw " $CONFFILE
+    then
+      cfg_set bindpw "*removed*"
+    fi
+    # make matching of spaces better in parameter
+    param_re=`echo "$parameter" | sed 
's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'`
+    # lines to not match
+    
nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
+    # comment out the option
+    sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE"
+    # we're done
+  done
   return 0
 }
 
@@ -199,14 +201,39 @@
   cfg_uris "$RET"
   # update some options
   update_config nslcd/ldap-base base
-  update_config nslcd/ldap-binddn binddn
-  update_config nslcd/ldap-bindpw bindpw
-  update_config nslcd/ldap-sasl-mech sasl_mech
-  update_config nslcd/ldap-sasl-realm sasl_realm
-  update_config nslcd/ldap-sasl-authcid sasl_authcid
-  update_config nslcd/ldap-sasl-authzid sasl_authzid
-  update_config nslcd/ldap-sasl-secprops sasl_secprops
-  update_config nslcd/ldap-sasl-krb5-ccname krb5_ccname
+  db_get nslcd/ldap-auth-type
+  authtype="$RET"
+  case "$authtype" in
+  simple)
+    update_config nslcd/ldap-binddn binddn
+    update_config nslcd/ldap-bindpw bindpw
+    cfg_disable sasl_mech sasl_realm sasl_authcid sasl_authzid sasl_secprops 
krb5_ccname
+    ;;
+  SASL)
+    update_config nslcd/ldap-sasl-mech sasl_mech
+    update_config nslcd/ldap-sasl-realm sasl_realm
+    # RFC4313 if SASL, binddn should be disabled
+    cfg_disable binddn
+    db_get nslcd/ldap-sasl-mech
+    saslmech="$RET"
+    case "$saslmech" in
+    GSSAPI)
+      update_config nslcd/ldap-sasl-krb5-ccname krb5_ccname
+      cfg_disable sasl_authcid
+      ;;
+    *)
+      update_config nslcd/ldap-sasl-authcid sasl_authcid
+      update_config nslcd/ldap-bindpw bindpw
+      cfg_disable krb5_ccname
+      ;;
+    esac
+    update_config nslcd/ldap-sasl-authzid sasl_authzid
+    update_config nslcd/ldap-sasl-secprops sasl_secprops
+    ;;
+  none)
+    cfg_disable binddn bindpw
+    cfg_disable sasl_mech sasl_realm sasl_authcid sasl_authzid sasl_secprops 
krb5_ccname
+  esac
   update_config nslcd/ldap-reqcert tls_reqcert
   # remove password from database
   db_set nslcd/ldap-bindpw ""
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits
nss-pam-ldapd commit: r1412 - nss-pam-ldapd/debian, Commits of the nss-pam-ldapd project
Prev by Date: nss-pam-ldapd commit: r1411 - in nss-pam-ldapd: . man nslcd tests
Next by Date: nss-pam-ldapd commit: r1413 - nss-pam-ldapd/tests
Previous by thread: nss-pam-ldapd commit: r1411 - in nss-pam-ldapd: . man nslcd tests
Next by thread: nss-pam-ldapd commit: r1413 - nss-pam-ldapd/tests