nss-pam-ldapd branch master updated. 0.9.7-31-g7920d85

[Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  7920d85ef806cda6a37db16aff75f895cc67a3e1 (commit)
       via  65695aa1d0fbc0a4aa5e7b1bb28c66fbb4879e01 (commit)
       via  419aab2656c8678840cd9dd7c3afc928cdd57d7f (commit)
      from  510317313cda849d41f4f7d498416dc978d2b842 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7920d85ef806cda6a37db16aff75f895cc67a3e1

commit 7920d85ef806cda6a37db16aff75f895cc67a3e1
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Jun 25 16:25:27 2017 +0200

    Ignore password hashes in consistent manner
    
    This changes the getent and getent.ldap tests to ignore password hashes
    that may be present in shadow lookups in a consistent manner.
    
    This also adds minor compatibility improvements.

diff --git a/tests/test_ldapcmds.sh b/tests/test_ldapcmds.sh
index 8485d2b..a9c2efb 100755
--- a/tests/test_ldapcmds.sh
+++ b/tests/test_ldapcmds.sh
@@ -37,7 +37,7 @@ export PYTHONPATH
 "$srcdir/testenv.sh" check_nslcd || exit 77
 
 # if Python is missing, ignore
-if ! ${python} --version > /dev/null 2> /dev/null
+if [ -z "${python}" ] || ! ${python} --version > /dev/null 2> /dev/null
 then
   echo "Python (${python}) not found"
   exit 77
@@ -472,13 +472,16 @@ EOM
 
 echo "test_ldapcmds.sh: testing shadow..."
 
-# NOTE: the output of this should depend on whether we are root or not
+# function to remove the password field from output
+rmpasswd() {
+  sed 's/^\([^:]*\):[^:]*:/\1:*:/'
+}
 
-check "getent.ldap shadow ecordas | sed 's/^\([^:]*\):[^:]*:/\1:*:/'" << EOM
+check "getent.ldap shadow ecordas | rmpasswd" << EOM
 ecordas:*::::7:2::0
 EOM
 
-check "getent.ldap shadow adishaw | sed 's/^\([^:]*\):[^:]*:/\1:*:/'" << EOM
+check "getent.ldap shadow adishaw | rmpasswd" << EOM
 adishaw:*:12302:::7:2::0
 EOM
 
diff --git a/tests/test_nsscmds.sh b/tests/test_nsscmds.sh
index 846ad43..ef489e2 100755
--- a/tests/test_nsscmds.sh
+++ b/tests/test_nsscmds.sh
@@ -490,13 +490,16 @@ if grep '^shadow.*ldap' /etc/nsswitch.conf > /dev/null 
2>&1
 then
 echo "test_nsscmds.sh: testing shadow..."
 
-# NOTE: the output of this should depend on whether we are root or not
+# function to remove the password field from output
+rmpasswd() {
+  sed 's/^\([^:]*\):[^:]*:/\1:*:/'
+}
 
-check "getent shadow ecordas" << EOM
+check "getent shadow ecordas | rmpasswd" << EOM
 ecordas:*::::7:2::0
 EOM
 
-check "getent shadow adishaw" << EOM
+check "getent shadow adishaw | rmpasswd" << EOM
 adishaw:*:12302:::7:2::0
 EOM
 

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=65695aa1d0fbc0a4aa5e7b1bb28c66fbb4879e01

commit 65695aa1d0fbc0a4aa5e7b1bb28c66fbb4879e01
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Jun 25 16:05:44 2017 +0200

    Create pidfile directory in pynslcd
    
    This ensures that /var/run/nslcd is created (when it does not exist)
    when starting pynslcd.

diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
index 2406cc2..dcbc8f7 100644
--- a/pynslcd/cfg.py
+++ b/pynslcd/cfg.py
@@ -334,3 +334,15 @@ def read(filename):
     for k, v in globals().items():
         if not k.startswith('_'):
             logging.debug('%s=%r', k, v)
+
+
+def get_usergid():
+    """Return user info and group id."""
+    import pwd
+    import grp
+    u = pwd.getpwnam(uid)
+    if gid is None:
+        g = u.pw_gid
+    else:
+        g = grp.getgrnam(gid).gr_gid
+    return u, g
diff --git a/pynslcd/mypidfile.py b/pynslcd/mypidfile.py
index e386f3e..2bf158f 100644
--- a/pynslcd/mypidfile.py
+++ b/pynslcd/mypidfile.py
@@ -1,7 +1,7 @@
 
 # mypidfile.py - functions for properly locking a PIDFile
 #
-# Copyright (C) 2010, 2011, 2012 Arthur de Jong
+# Copyright (C) 2010-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -22,6 +22,8 @@ import errno
 import fcntl
 import os
 
+import cfg
+
 
 class MyPIDLockFile(object):
     """Implementation of a PIDFile fit for use with the daemon module
@@ -32,6 +34,12 @@ class MyPIDLockFile(object):
 
     def __enter__(self):
         """Lock the PID file and write the process ID to the file."""
+        # create the directory for the pidfile if needed
+        piddir = os.path.dirname(self.path)
+        if not os.path.isdir(piddir):
+            os.mkdir(piddir)
+            u, gid = cfg.get_usergid()
+            os.chown(piddir, u.u.pw_uid, gid)
         fd = os.open(self.path, os.O_RDWR | os.O_CREAT, 0644)
         try:
             fcntl.lockf(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
diff --git a/pynslcd/pynslcd.py b/pynslcd/pynslcd.py
index 565b0aa..b7ff7f4 100755
--- a/pynslcd/pynslcd.py
+++ b/pynslcd/pynslcd.py
@@ -2,7 +2,7 @@
 
 # pynslcd.py - main daemon module
 #
-# Copyright (C) 2010-2016 Arthur de Jong
+# Copyright (C) 2010-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -339,13 +339,7 @@ if __name__ == '__main__':
             nslcd_serversocket = create_socket()
             # load supplementary groups
             if cfg.uid is not None:
-                import pwd
-                import grp
-                u = pwd.getpwnam(cfg.uid)
-                if cfg.gid is None:
-                    gid = u.pw_gid
-                else:
-                    gid = grp.getgrnam(cfg.gid).gr_gid
+                u, gid = cfg.get_usergid()
                 # set supplementary groups, gid and uid
                 os.initgroups(u.pw_name, gid)
                 os.setgid(gid)

https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=419aab2656c8678840cd9dd7c3afc928cdd57d7f

commit 419aab2656c8678840cd9dd7c3afc928cdd57d7f
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Sun Jun 25 14:00:46 2017 +0200

    Add nss_uid_offset and nss_gid_offset to pynslcd

diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
index 48ba4af..2406cc2 100644
--- a/pynslcd/cfg.py
+++ b/pynslcd/cfg.py
@@ -1,7 +1,7 @@
 
 # cfg.py - module for accessing configuration information
 #
-# Copyright (C) 2010-2015 Arthur de Jong
+# Copyright (C) 2010-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -81,6 +81,8 @@ tls_key = None
 pagesize = 0  # FIXME: add support
 nss_initgroups_ignoreusers = set()
 nss_min_uid = 0
+nss_uid_offset = 0
+nss_gid_offset = 0
 nss_nested_groups = False
 nss_getgrent_skipmembers = False
 nss_disable_enumeration = False
@@ -171,7 +173,7 @@ def read(filename):
         if re.match('(#.*)?$', line, re.IGNORECASE):
             continue
         # parse options with a single integer argument
-        m = 
re.match('(?P<keyword>threads|ldap_version|bind_timelimit|timelimit|idle_timelimit|reconnect_sleeptime|reconnect_retrytime|pagesize|nss_min_uid)\s+(?P<value>\d+)',
+        m = 
re.match('(?P<keyword>threads|ldap_version|bind_timelimit|timelimit|idle_timelimit|reconnect_sleeptime|reconnect_retrytime|pagesize|nss_min_uid|nss_uid_offset|nss_gid_offset)\s+(?P<value>\d+)',
                      line, re.IGNORECASE)
         if m:
             globals()[m.group('keyword').lower()] = int(m.group('value'))
diff --git a/pynslcd/group.py b/pynslcd/group.py
index bd26cf3..2280eaf 100644
--- a/pynslcd/group.py
+++ b/pynslcd/group.py
@@ -1,7 +1,7 @@
 
 # group.py - group entry lookup routines
 #
-# Copyright (C) 2010-2015 Arthur de Jong
+# Copyright (C) 2010-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -73,6 +73,8 @@ class Search(search.LDAPSearch):
                         attmap['memberUid'], escape_filter_chars(memberuid),
                         attmap['member'], escape_filter_chars(entry[0])
                     )
+        if 'gidNumber' in self.parameters:
+            self.parameters['gidNumber'] -= cfg.nss_gid_offset
         return super(Search, self).mk_filter()
 
 
@@ -151,7 +153,7 @@ class GroupRequest(common.Request):
         if not passwd or self.calleruid != 0:
             passwd = '*'
         # get group id(s)
-        gids = [int(x) for x in attributes['gidNumber']]
+        gids = [int(x) + cfg.nss_gid_offset for x in attributes['gidNumber']]
         # build member list
         members = set()
         subgroups = []
diff --git a/pynslcd/passwd.py b/pynslcd/passwd.py
index c16d390..6c3f289 100644
--- a/pynslcd/passwd.py
+++ b/pynslcd/passwd.py
@@ -1,7 +1,7 @@
 
 # passwd.py - lookup functions for user account information
 #
-# Copyright (C) 2010, 2011, 2012, 2013 Arthur de Jong
+# Copyright (C) 2010-2017 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -45,6 +45,11 @@ class Search(search.LDAPSearch):
     required = ('uid', 'uidNumber', 'gidNumber', 'gecos', 'homeDirectory',
                 'loginShell')
 
+    def mk_filter(self):
+        if 'uidNumber' in self.parameters:
+            self.parameters['uidNumber'] -= cfg.nss_uid_offset
+        return super(Search, self).mk_filter()
+
 
 class Cache(cache.Cache):
 
@@ -83,8 +88,8 @@ class PasswdRequest(common.Request):
                 passwd = None
             if not passwd or self.calleruid != 0:
                 passwd = '*'
-        uids = [int(x) for x in attributes['uidNumber']]
-        gid = int(attributes['gidNumber'][0])
+        uids = [int(x) + cfg.nss_uid_offset for x in attributes['uidNumber']]
+        gid = int(attributes['gidNumber'][0]) + cfg.nss_gid_offset
         gecos = attributes['gecos'][0]
         home = attributes['homeDirectory'][0]
         shell = attributes['loginShell'][0]
@@ -135,7 +140,7 @@ def uid2entry(conn, uid):
     """Look up the user by uid and return the LDAP entry or None if the user
     was not found."""
     for dn, attributes in Search(conn, parameters=dict(uid=uid)):
-        if any(int(x) >= cfg.nss_min_uid for x in attributes['uidNumber']):
+        if any((int(x) + cfg.nss_uid_offset) >= cfg.nss_min_uid for x in 
attributes['uidNumber']):
             return dn, attributes
 
 
@@ -146,5 +151,5 @@ def dn2uid(conn, dn):
     """Look up the user by dn and return a uid or None if the user was
     not found."""
     for dn, attributes in Search(conn, base=dn):
-        if any(int(x) >= cfg.nss_min_uid for x in attributes['uidNumber']):
+        if any((int(x) + cfg.nss_uid_offset) >= cfg.nss_min_uid for x in 
attributes['uidNumber']):
             return attributes['uid'][0]

-----------------------------------------------------------------------

Summary of changes:
 pynslcd/cfg.py         | 18 ++++++++++++++++--
 pynslcd/group.py       |  6 ++++--
 pynslcd/mypidfile.py   | 10 +++++++++-
 pynslcd/passwd.py      | 15 ++++++++++-----
 pynslcd/pynslcd.py     | 10 ++--------
 tests/test_ldapcmds.sh | 11 +++++++----
 tests/test_nsscmds.sh  |  9 ++++++---
 7 files changed, 54 insertions(+), 25 deletions(-)


hooks/post-receive
-- 
nss-pam-ldapd
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-commits/