Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur de Jong <arthur@arthurdejong.org>2011-03-25 17:08:03 +0100
committerArthur de Jong <arthur@arthurdejong.org>2011-03-25 17:08:03 +0100
commit3086d518412247138e743cc954d98ec834a4a0c4 (patch)
tree7a4bb21a4df7df6a00bf1bf0d4f9284d6dabf45a
parent72c4709eefbfac429eca3ed8fb66decd03ed098d (diff)
integrate patch by Daniel Dehennin to not loose debconf values of previously set options with dpkg-reconfigure
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1412 ef36b2f9-881f-0410-afb5-c4e39611909c
-rw-r--r--debian/nslcd.config62
-rw-r--r--debian/nslcd.postinst71
2 files changed, 69 insertions, 64 deletions
diff --git a/debian/nslcd.config b/debian/nslcd.config
index 933c5e3..d33d742 100644
--- a/debian/nslcd.config
+++ b/debian/nslcd.config
@@ -26,13 +26,11 @@ read_config()
{
debconf_param="$1"
cfg_param="$2"
- # get debconf value to ensure we don't overwrite an already set value
+ # overwrite debconf value if different from config file
db_get "$debconf_param"
- if [ -z "$RET" ]
- then
- value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
- [ -n "$value" ] && db_set "$debconf_param" "$value"
- fi
+ debconf_value="$RET"
+ cfgfile_value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
+ [ -n "$cfgfile_value" ] && [ "$debconf_value" != "$cfgfile_value" ] && db_set "$debconf_param" "$cfgfile_value"
# we're done
return 0
}
@@ -49,8 +47,6 @@ parsesys()
[ -z "$domain" ] && domain=`hostname --nis | grep '\.'` || true
[ -z "$domain" ] && domain=`hostname --fqdn | sed -n 's/^[^.]*\.//p'` || true
[ -z "$domain" ] && domain=`sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf | head -n 1` || true
- db_get nslcd/ldap-base
- searchbase="$RET"
# if the ldap-base value doesn't seem to be preseeded, try to use the
# domain name to build the default base
if [ -n "$domain" ]
@@ -147,18 +143,6 @@ parsecfg()
# and fall back to guessing the config from some other system files
if [ -f "$CONFFILE" ]
then
- # clear settings to pick up valus from configfile
- db_set nslcd/ldap-uris ""
- db_set nslcd/ldap-base ""
- db_set nslcd/ldap-binddn ""
- db_set nslcd/ldap-bindpw ""
- db_set nslcd/ldap-sasl-mech ""
- db_set nslcd/ldap-sasl-realm ""
- db_set nslcd/ldap-sasl-authcid ""
- db_set nslcd/ldap-sasl-authzid ""
- db_set nslcd/ldap-sasl-secprops ""
- db_set nslcd/ldap-starttls ""
- db_set nslcd/ldap-reqcert ""
# parse current configuration
parsecfg "$CONFFILE"
else
@@ -180,18 +164,22 @@ db_get nslcd/ldap-starttls
[ -z "$RET" ] && db_set nslcd/ldap-starttls "false"
# deduce auth-type from available information
-db_get nslcd/ldap-sasl-mech
-sasl_mech="$RET"
-db_get nslcd/ldap-binddn
-binddn="$RET"
-if [ -n "$sasl_mech" ]
+db_get nslcd/ldap-auth-type
+if [ -z "$RET" ]
then
- db_set nslcd/ldap-auth-type "SASL"
-elif [ -n "$binddn" ]
-then
- db_set nslcd/ldap-auth-type "simple"
-else
- db_set nslcd/ldap-auth-type "none"
+ db_get nslcd/ldap-sasl-mech
+ sasl_mech="$RET"
+ db_get nslcd/ldap-binddn
+ binddn="$RET"
+ if [ -n "$sasl_mech" ]
+ then
+ db_set nslcd/ldap-auth-type "SASL"
+ elif [ -n "$binddn" ]
+ then
+ db_set nslcd/ldap-auth-type "simple"
+ else
+ db_set nslcd/ldap-auth-type "none"
+ fi
fi
#
@@ -225,24 +213,19 @@ do
db_get nslcd/ldap-auth-type
case "$RET" in
none)
- # anonymous bind, nothing to ask (clear options)
- db_set nslcd/ldap-binddn ""
+ # anonymous bind, nothing to ask (clear password)
db_set nslcd/ldap-bindpw ""
- db_set nslcd/ldap-sasl-mech ""
state="starttls"
;;
simple)
# ask for binddn and bindpw
db_input medium nslcd/ldap-binddn || true
db_input medium nslcd/ldap-bindpw || true
- db_set nslcd/ldap-sasl-mech ""
state="starttls"
;;
SASL)
# ask about SASL mechanism (other SASL questions depend on this)
db_input medium nslcd/ldap-sasl-mech || true
- # RFC4313 if SASL, binddn should be disabled
- db_set nslcd/ldap-binddn ""
state="sasloptions"
;;
*)
@@ -261,9 +244,6 @@ do
then
db_input medium nslcd/ldap-sasl-authcid || true
db_input medium nslcd/ldap-bindpw || true
- else
- db_set nslcd/ldap-sasl-authcid ""
- db_set nslcd/ldap-bindpw ""
fi
db_input medium nslcd/ldap-sasl-authzid || true
db_input medium nslcd/ldap-sasl-secprops || true
@@ -273,8 +253,6 @@ do
db_get nslcd/ldap-sasl-krb5-ccname
[ -z "$RET" ] && db_set nslcd/ldap-sasl-krb5-ccname "/var/run/nslcd/nslcd.tkt"
db_input low nslcd/ldap-sasl-krb5-ccname || true
- else
- db_set nslcd/ldap-sasl-krb5-ccname ""
fi
# ask the question, go to the next question or back
state="starttls"
diff --git a/debian/nslcd.postinst b/debian/nslcd.postinst
index 53f54fc..7e2a551 100644
--- a/debian/nslcd.postinst
+++ b/debian/nslcd.postinst
@@ -41,22 +41,24 @@ cfg_set()
return 0
}
-# disable an option in the configuration file by commenting it out
+# disable options in the configuration file by commenting them out
cfg_disable()
{
- parameter="$1"
- # handle bindpw option specially by removing value from config first
- if [ "$parameter" = "bindpw" ] && grep -i -q "^bindpw " $CONFFILE
- then
- cfg_set bindpw "*removed*"
- fi
- # make matching of spaces better in parameter
- param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'`
- # lines to not match
- nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
- # comment out the option
- sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE"
- # we're done
+ for parameter in $@
+ do
+ # handle bindpw option specially by removing value from config first
+ if [ "$parameter" = "bindpw" ] && grep -i -q "^bindpw " $CONFFILE
+ then
+ cfg_set bindpw "*removed*"
+ fi
+ # make matching of spaces better in parameter
+ param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'`
+ # lines to not match
+ nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
+ # comment out the option
+ sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE"
+ # we're done
+ done
return 0
}
@@ -199,14 +201,39 @@ then
cfg_uris "$RET"
# update some options
update_config nslcd/ldap-base base
- update_config nslcd/ldap-binddn binddn
- update_config nslcd/ldap-bindpw bindpw
- update_config nslcd/ldap-sasl-mech sasl_mech
- update_config nslcd/ldap-sasl-realm sasl_realm
- update_config nslcd/ldap-sasl-authcid sasl_authcid
- update_config nslcd/ldap-sasl-authzid sasl_authzid
- update_config nslcd/ldap-sasl-secprops sasl_secprops
- update_config nslcd/ldap-sasl-krb5-ccname krb5_ccname
+ db_get nslcd/ldap-auth-type
+ authtype="$RET"
+ case "$authtype" in
+ simple)
+ update_config nslcd/ldap-binddn binddn
+ update_config nslcd/ldap-bindpw bindpw
+ cfg_disable sasl_mech sasl_realm sasl_authcid sasl_authzid sasl_secprops krb5_ccname
+ ;;
+ SASL)
+ update_config nslcd/ldap-sasl-mech sasl_mech
+ update_config nslcd/ldap-sasl-realm sasl_realm
+ # RFC4313 if SASL, binddn should be disabled
+ cfg_disable binddn
+ db_get nslcd/ldap-sasl-mech
+ saslmech="$RET"
+ case "$saslmech" in
+ GSSAPI)
+ update_config nslcd/ldap-sasl-krb5-ccname krb5_ccname
+ cfg_disable sasl_authcid
+ ;;
+ *)
+ update_config nslcd/ldap-sasl-authcid sasl_authcid
+ update_config nslcd/ldap-bindpw bindpw
+ cfg_disable krb5_ccname
+ ;;
+ esac
+ update_config nslcd/ldap-sasl-authzid sasl_authzid
+ update_config nslcd/ldap-sasl-secprops sasl_secprops
+ ;;
+ none)
+ cfg_disable binddn bindpw
+ cfg_disable sasl_mech sasl_realm sasl_authcid sasl_authzid sasl_secprops krb5_ccname
+ esac
update_config nslcd/ldap-reqcert tls_reqcert
# remove password from database
db_set nslcd/ldap-bindpw ""