nss-pam-ldapd commit: r1531 - nss-pam-ldapd/debian
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd commit: r1531 - nss-pam-ldapd/debian
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd commit: r1531 - nss-pam-ldapd/debian
- Date: Sat, 3 Sep 2011 17:57:26 +0200 (CEST)
Author: arthur
Date: Sat Sep 3 17:57:25 2011
New Revision: 1531
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1531
Log:
support spaces before and after database name while parsing /etc/nsswitch.conf
and reduce the number of places where parsing is done
Modified:
nss-pam-ldapd/debian/libnss-ldapd.config
nss-pam-ldapd/debian/libnss-ldapd.postinst
nss-pam-ldapd/debian/libnss-ldapd.postrm
nss-pam-ldapd/debian/libpam-ldapd.postinst
Modified: nss-pam-ldapd/debian/libnss-ldapd.config
==============================================================================
--- nss-pam-ldapd/debian/libnss-ldapd.config Tue Aug 30 20:58:11 2011
(r1530)
+++ nss-pam-ldapd/debian/libnss-ldapd.config Sat Sep 3 17:57:25 2011
(r1531)
@@ -13,10 +13,19 @@
# default.
#
+# find the names of services that are configured to use LDAP
+# Note: this function is in libnss-ldapd.config and libnss-ldapd.postrm
+nss_list_configured()
+{
+ sed -n \
+
's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p'
\
+ /etc/nsswitch.conf
+}
+
# parse /etc/nsswitch.conf and see which services have ldap specified
db_get libnss-ldapd/nsswitch
# find name services that currently use LDAP
-configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p'
/etc/nsswitch.conf`
+configured=`nss_list_configured`
# separate by commas
configured=`echo $configured | sed 's/ /, /g'`
# store configured services either on first config or when ldap is already
Modified: nss-pam-ldapd/debian/libnss-ldapd.postinst
==============================================================================
--- nss-pam-ldapd/debian/libnss-ldapd.postinst Tue Aug 30 20:58:11 2011
(r1530)
+++ nss-pam-ldapd/debian/libnss-ldapd.postinst Sat Sep 3 17:57:25 2011
(r1531)
@@ -5,19 +5,29 @@
# editing nsswitch.conf seems to be ok
# http://lists.debian.org/debian-devel/2007/02/msg00076.html
+# check whether the name is configure to do lookups through
+# LDAP
+# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm
+# and libpam-ldapd.postinst
+nss_is_enabled()
+{
+ name="$1"
+ grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf
+}
+
# check to see if name is configured to do lookups through
# LDAP and enable if not
-# Note: this function is in both libnss-ldapd.postinst and
libpam-ldapd.postinst
+# Note: this function is in libnss-ldapd.postinst and libpam-ldapd.postinst
nss_enable()
{
name="$1"
- if ! grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+ if ! nss_is_enabled "$name"
then
echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2
- if grep -q '^'$name':' /etc/nsswitch.conf
+ if grep -q '^[[:space:]]*'$name'[[:space:]]*:' /etc/nsswitch.conf
then
# modify an existing entry by just adding ldap to the end
- sed -i 's/^\('$name':.*[^[:space:]]\)[[:space:]]*$/\1 ldap/'
/etc/nsswitch.conf
+ sed -i
's/^\([[:space:]]*'$name'[[:space:]]*:.*[^[:space:]]\)[[:space:]]*$/\1 ldap/'
/etc/nsswitch.conf
else
# append a new line
printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf
@@ -30,23 +40,23 @@
}
# remove NSS lookups though LDAP for the specified service
-# Note: this function is in both libnss-ldapd.postinst and libnss-ldapd.postrm
+# Note: this function is in libnss-ldapd.postinst and libnss-ldapd.postrm
nss_disable()
{
name="$1"
# these functions also remove the lookup result handling part
# of the ldap entry (see nsswitch.conf(5))
- if grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+ if nss_is_enabled "$name"
then
echo "/etc/nsswitch.conf: disable LDAP lookups for $name" >&2
- if [ -n "`sed -n
'/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p'
/etc/nsswitch.conf`" ]
+ if [ -n "`sed -n
'/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p'
/etc/nsswitch.conf`" ]
then
# the name service only maps to ldap, remove the whole line
- sed -i
'/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d'
/etc/nsswitch.conf
+ sed -i
'/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d'
/etc/nsswitch.conf
else
# remove ldap part from existing line, keeping other methods intact
# TODO: remove trailing space
- sed -i
's/^\('$name':.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/'
/etc/nsswitch.conf
+ sed -i
's/^\([[:space:]]*'$name'[[:space:]]*:.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/'
/etc/nsswitch.conf
fi
# invalidate nscd cache
nscd -i "$name" > /dev/null 2>&1 || true
Modified: nss-pam-ldapd/debian/libnss-ldapd.postrm
==============================================================================
--- nss-pam-ldapd/debian/libnss-ldapd.postrm Tue Aug 30 20:58:11 2011
(r1530)
+++ nss-pam-ldapd/debian/libnss-ldapd.postrm Sat Sep 3 17:57:25 2011
(r1531)
@@ -2,25 +2,46 @@
set -e
+# find the names of services that are configured to use LDAP
+# Note: this function is in libnss-ldapd.config and libnss-ldapd.postrm
+nss_list_configured()
+{
+ sed -n \
+
's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p'
\
+ /etc/nsswitch.conf
+}
+
+# check whether the name is configure to do lookups through
+# LDAP
+# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm
+# and libpam-ldapd.postinst
+nss_is_enabled()
+{
+ name="$1"
+ grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf
+}
+
# remove NSS lookups though LDAP for the specified service
-# Note: this function is in both libnss-ldapd.postinst and libnss-ldapd.postrm
+# Note: this function is in libnss-ldapd.postinst and libnss-ldapd.postrm
nss_disable()
{
name="$1"
# these functions also remove the lookup result handling part
# of the ldap entry (see nsswitch.conf(5))
- if grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+ if nss_is_enabled "$name"
then
echo "/etc/nsswitch.conf: disable LDAP lookups for $name" >&2
- if [ -n "`sed -n
'/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p'
/etc/nsswitch.conf`" ]
+ if [ -n "`sed -n
'/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p'
/etc/nsswitch.conf`" ]
then
# the name service only maps to ldap, remove the whole line
- sed -i
'/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d'
/etc/nsswitch.conf
+ sed -i
'/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d'
/etc/nsswitch.conf
else
# remove ldap part from existing line, keeping other methods intact
# TODO: remove trailing space
- sed -i
's/^\('$name':.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/'
/etc/nsswitch.conf
+ sed -i
's/^\([[:space:]]*'$name'[[:space:]]*:.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/'
/etc/nsswitch.conf
fi
+ # invalidate nscd cache
+ nscd -i "$name" > /dev/null 2>&1 || true
fi
# we're done
return 0
@@ -30,7 +51,7 @@
if ( [ "$1" = "remove" ] || [ "$1" = "purge" ] )
then
# check which naming services are configured
- configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p'
/etc/nsswitch.conf`
+ configured=`nss_list_configured`
if [ -n "$configured" ]
then
# if we have debconf, use debconf to ask, otherwise just shout
@@ -54,7 +75,7 @@
fi
fi
# re-check which services are left enabled
- configured=`sed -n
's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf`
+ configured=`nss_list_configured`
fi
# check if ldap is still configured
if [ -n "$configured" ]
Modified: nss-pam-ldapd/debian/libpam-ldapd.postinst
==============================================================================
--- nss-pam-ldapd/debian/libpam-ldapd.postinst Tue Aug 30 20:58:11 2011
(r1530)
+++ nss-pam-ldapd/debian/libpam-ldapd.postinst Sat Sep 3 17:57:25 2011
(r1531)
@@ -10,23 +10,35 @@
pam-auth-update --package
+# check whether the name is configure to do lookups through
+# LDAP
+# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm
+# and libpam-ldapd.postinst
+nss_is_enabled()
+{
+ name="$1"
+ grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf
+}
+
# check to see if name is configured to do lookups through
# LDAP and enable if not
-# Note: this function is in both libnss-ldapd.postinst and
libpam-ldapd.postinst
+# Note: this function is in libnss-ldapd.postinst and libpam-ldapd.postinst
nss_enable()
{
name="$1"
- if ! grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+ if ! nss_is_enabled "$name"
then
echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2
- if grep -q '^'$name':' /etc/nsswitch.conf
+ if grep -q '^[[:space:]]*'$name'[[:space:]]*:' /etc/nsswitch.conf
then
# modify an existing entry by just adding ldap to the end
- sed -i 's/^\('$name':.*[^[:space:]]\)[[:space:]]*$/\1 ldap/'
/etc/nsswitch.conf
+ sed -i
's/^\([[:space:]]*'$name'[[:space:]]*:.*[^[:space:]]\)[[:space:]]*$/\1 ldap/'
/etc/nsswitch.conf
else
# append a new line
printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf
fi
+ # invalidate nscd cache
+ nscd -i "$name" > /dev/null 2>&1 || true
fi
# we're done
return 0
@@ -35,8 +47,8 @@
# if /etc/nsswitch.conf contains passwd: ..ldap but not shadow: ...ldap
# warn the user that this will not work and offer to fix it
# (only do this if it seems we have switched to pam-auth-update)
-if grep -q '^passwd:.*ldap' /etc/nsswitch.conf && \
- ! grep -q '^shadow:.*ldap' /etc/nsswitch.conf && \
+if nss_is_enabled "passwd" && \
+ ! nss_is_enabled "shadow" && \
grep -q pam-auth-update /etc/pam.d/common-auth
then
if db_input critical libpam-ldapd/enable_shadow
@@ -45,7 +57,7 @@
db_get libpam-ldapd/enable_shadow
if [ "$RET" = "true" ]
then
- nss_enable shadow
+ nss_enable "shadow"
fi
fi
fi
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits
- nss-pam-ldapd commit: r1531 - nss-pam-ldapd/debian,
Commits of the nss-pam-ldapd project