lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1531 - nss-pam-ldapd/debian

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1531 - nss-pam-ldapd/debian



Author: arthur
Date: Sat Sep  3 17:57:25 2011
New Revision: 1531
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1531

Log:
support spaces before and after database name while parsing /etc/nsswitch.conf 
and reduce the number of places where parsing is done

Modified:
   nss-pam-ldapd/debian/libnss-ldapd.config
   nss-pam-ldapd/debian/libnss-ldapd.postinst
   nss-pam-ldapd/debian/libnss-ldapd.postrm
   nss-pam-ldapd/debian/libpam-ldapd.postinst

Modified: nss-pam-ldapd/debian/libnss-ldapd.config
==============================================================================
--- nss-pam-ldapd/debian/libnss-ldapd.config    Tue Aug 30 20:58:11 2011        
(r1530)
+++ nss-pam-ldapd/debian/libnss-ldapd.config    Sat Sep  3 17:57:25 2011        
(r1531)
@@ -13,10 +13,19 @@
 # default.
 #
 
+# find the names of services that are configured to use LDAP
+# Note: this function is in libnss-ldapd.config and libnss-ldapd.postrm
+nss_list_configured()
+{
+  sed -n \
+      
's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p'
 \
+      /etc/nsswitch.conf
+}
+
 # parse /etc/nsswitch.conf and see which services have ldap specified
 db_get libnss-ldapd/nsswitch
 # find name services that currently use LDAP
-configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' 
/etc/nsswitch.conf`
+configured=`nss_list_configured`
 # separate by commas
 configured=`echo $configured | sed 's/ /, /g'`
 # store configured services either on first config or when ldap is already

Modified: nss-pam-ldapd/debian/libnss-ldapd.postinst
==============================================================================
--- nss-pam-ldapd/debian/libnss-ldapd.postinst  Tue Aug 30 20:58:11 2011        
(r1530)
+++ nss-pam-ldapd/debian/libnss-ldapd.postinst  Sat Sep  3 17:57:25 2011        
(r1531)
@@ -5,19 +5,29 @@
 # editing nsswitch.conf seems to be ok
 # http://lists.debian.org/debian-devel/2007/02/msg00076.html
 
+# check whether the name is configure to do lookups through
+# LDAP
+# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm
+#       and libpam-ldapd.postinst
+nss_is_enabled()
+{
+  name="$1"
+  grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf
+}
+
 # check to see if name is configured to do lookups through
 # LDAP and enable if not
-# Note: this function is in both libnss-ldapd.postinst and 
libpam-ldapd.postinst
+# Note: this function is in libnss-ldapd.postinst and libpam-ldapd.postinst
 nss_enable()
 {
   name="$1"
-  if ! grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+  if ! nss_is_enabled "$name"
   then
     echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2
-    if grep -q '^'$name':' /etc/nsswitch.conf
+    if grep -q '^[[:space:]]*'$name'[[:space:]]*:' /etc/nsswitch.conf
     then
       # modify an existing entry by just adding ldap to the end
-      sed -i 's/^\('$name':.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' 
/etc/nsswitch.conf
+      sed -i 
's/^\([[:space:]]*'$name'[[:space:]]*:.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' 
/etc/nsswitch.conf
     else
       # append a new line
       printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf
@@ -30,23 +40,23 @@
 }
 
 # remove NSS lookups though LDAP for the specified service
-# Note: this function is in both libnss-ldapd.postinst and libnss-ldapd.postrm
+# Note: this function is in libnss-ldapd.postinst and libnss-ldapd.postrm
 nss_disable()
 {
   name="$1"
   # these functions also remove the lookup result handling part
   # of the ldap entry (see nsswitch.conf(5))
-  if grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+  if nss_is_enabled "$name"
   then
     echo "/etc/nsswitch.conf: disable LDAP lookups for $name" >&2
-    if [ -n "`sed -n 
'/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p' 
/etc/nsswitch.conf`" ]
+    if [ -n "`sed -n 
'/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p'
 /etc/nsswitch.conf`" ]
     then
       # the name service only maps to ldap, remove the whole line
-      sed -i 
'/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d' 
/etc/nsswitch.conf
+      sed -i 
'/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d'
 /etc/nsswitch.conf
     else
       # remove ldap part from existing line, keeping other methods intact
       # TODO: remove trailing space
-      sed -i 
's/^\('$name':.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/' 
/etc/nsswitch.conf
+      sed -i 
's/^\([[:space:]]*'$name'[[:space:]]*:.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/'
 /etc/nsswitch.conf
     fi
     # invalidate nscd cache
     nscd -i "$name" > /dev/null 2>&1 || true

Modified: nss-pam-ldapd/debian/libnss-ldapd.postrm
==============================================================================
--- nss-pam-ldapd/debian/libnss-ldapd.postrm    Tue Aug 30 20:58:11 2011        
(r1530)
+++ nss-pam-ldapd/debian/libnss-ldapd.postrm    Sat Sep  3 17:57:25 2011        
(r1531)
@@ -2,25 +2,46 @@
 
 set -e
 
+# find the names of services that are configured to use LDAP
+# Note: this function is in libnss-ldapd.config and libnss-ldapd.postrm
+nss_list_configured()
+{
+  sed -n \
+      
's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p'
 \
+      /etc/nsswitch.conf
+}
+
+# check whether the name is configure to do lookups through
+# LDAP
+# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm
+#       and libpam-ldapd.postinst
+nss_is_enabled()
+{
+  name="$1"
+  grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf
+}
+
 # remove NSS lookups though LDAP for the specified service
-# Note: this function is in both libnss-ldapd.postinst and libnss-ldapd.postrm
+# Note: this function is in libnss-ldapd.postinst and libnss-ldapd.postrm
 nss_disable()
 {
   name="$1"
   # these functions also remove the lookup result handling part
   # of the ldap entry (see nsswitch.conf(5))
-  if grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+  if nss_is_enabled "$name"
   then
     echo "/etc/nsswitch.conf: disable LDAP lookups for $name" >&2
-    if [ -n "`sed -n 
'/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p' 
/etc/nsswitch.conf`" ]
+    if [ -n "`sed -n 
'/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p'
 /etc/nsswitch.conf`" ]
     then
       # the name service only maps to ldap, remove the whole line
-      sed -i 
'/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d' 
/etc/nsswitch.conf
+      sed -i 
'/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d'
 /etc/nsswitch.conf
     else
       # remove ldap part from existing line, keeping other methods intact
       # TODO: remove trailing space
-      sed -i 
's/^\('$name':.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/' 
/etc/nsswitch.conf
+      sed -i 
's/^\([[:space:]]*'$name'[[:space:]]*:.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/'
 /etc/nsswitch.conf
     fi
+    # invalidate nscd cache
+    nscd -i "$name" > /dev/null 2>&1 || true
   fi
   # we're done
   return 0
@@ -30,7 +51,7 @@
 if ( [ "$1" = "remove" ] || [ "$1" = "purge" ] )
 then
   # check which naming services are configured
-  configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' 
/etc/nsswitch.conf`
+  configured=`nss_list_configured`
   if [ -n "$configured" ]
   then
     # if we have debconf, use debconf to ask, otherwise just shout
@@ -54,7 +75,7 @@
         fi
       fi
       # re-check which services are left enabled
-      configured=`sed -n 
's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf`
+      configured=`nss_list_configured`
     fi
     # check if ldap is still configured
     if [ -n "$configured" ]

Modified: nss-pam-ldapd/debian/libpam-ldapd.postinst
==============================================================================
--- nss-pam-ldapd/debian/libpam-ldapd.postinst  Tue Aug 30 20:58:11 2011        
(r1530)
+++ nss-pam-ldapd/debian/libpam-ldapd.postinst  Sat Sep  3 17:57:25 2011        
(r1531)
@@ -10,23 +10,35 @@
 
 pam-auth-update --package
 
+# check whether the name is configure to do lookups through
+# LDAP
+# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm
+#       and libpam-ldapd.postinst
+nss_is_enabled()
+{
+  name="$1"
+  grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf
+}
+
 # check to see if name is configured to do lookups through
 # LDAP and enable if not
-# Note: this function is in both libnss-ldapd.postinst and 
libpam-ldapd.postinst
+# Note: this function is in libnss-ldapd.postinst and libpam-ldapd.postinst
 nss_enable()
 {
   name="$1"
-  if ! grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
+  if ! nss_is_enabled "$name"
   then
     echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2
-    if grep -q '^'$name':' /etc/nsswitch.conf
+    if grep -q '^[[:space:]]*'$name'[[:space:]]*:' /etc/nsswitch.conf
     then
       # modify an existing entry by just adding ldap to the end
-      sed -i 's/^\('$name':.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' 
/etc/nsswitch.conf
+      sed -i 
's/^\([[:space:]]*'$name'[[:space:]]*:.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' 
/etc/nsswitch.conf
     else
       # append a new line
       printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf
     fi
+    # invalidate nscd cache
+    nscd -i "$name" > /dev/null 2>&1 || true
   fi
   # we're done
   return 0
@@ -35,8 +47,8 @@
 # if /etc/nsswitch.conf contains passwd: ..ldap but not shadow: ...ldap
 # warn the user that this will not work and offer to fix it
 # (only do this if it seems we have switched to pam-auth-update)
-if grep -q '^passwd:.*ldap' /etc/nsswitch.conf && \
-   ! grep -q '^shadow:.*ldap' /etc/nsswitch.conf && \
+if nss_is_enabled "passwd" && \
+   ! nss_is_enabled "shadow" && \
    grep -q pam-auth-update /etc/pam.d/common-auth
 then
   if db_input critical libpam-ldapd/enable_shadow
@@ -45,7 +57,7 @@
     db_get libpam-ldapd/enable_shadow
     if [ "$RET" = "true" ]
     then
-      nss_enable shadow
+      nss_enable "shadow"
     fi
   fi
 fi
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits