diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2011-03-25 17:08:03 +0100 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2011-03-25 17:08:03 +0100 |
commit | 3086d518412247138e743cc954d98ec834a4a0c4 (patch) | |
tree | 7a4bb21a4df7df6a00bf1bf0d4f9284d6dabf45a | |
parent | 72c4709eefbfac429eca3ed8fb66decd03ed098d (diff) |
integrate patch by Daniel Dehennin to not loose debconf values of previously set options with dpkg-reconfigure
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1412 ef36b2f9-881f-0410-afb5-c4e39611909c
-rw-r--r-- | debian/nslcd.config | 62 | ||||
-rw-r--r-- | debian/nslcd.postinst | 71 |
2 files changed, 69 insertions, 64 deletions
diff --git a/debian/nslcd.config b/debian/nslcd.config index 933c5e3..d33d742 100644 --- a/debian/nslcd.config +++ b/debian/nslcd.config @@ -26,13 +26,11 @@ read_config() { debconf_param="$1" cfg_param="$2" - # get debconf value to ensure we don't overwrite an already set value + # overwrite debconf value if different from config file db_get "$debconf_param" - if [ -z "$RET" ] - then - value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1` - [ -n "$value" ] && db_set "$debconf_param" "$value" - fi + debconf_value="$RET" + cfgfile_value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1` + [ -n "$cfgfile_value" ] && [ "$debconf_value" != "$cfgfile_value" ] && db_set "$debconf_param" "$cfgfile_value" # we're done return 0 } @@ -49,8 +47,6 @@ parsesys() [ -z "$domain" ] && domain=`hostname --nis | grep '\.'` || true [ -z "$domain" ] && domain=`hostname --fqdn | sed -n 's/^[^.]*\.//p'` || true [ -z "$domain" ] && domain=`sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf | head -n 1` || true - db_get nslcd/ldap-base - searchbase="$RET" # if the ldap-base value doesn't seem to be preseeded, try to use the # domain name to build the default base if [ -n "$domain" ] @@ -147,18 +143,6 @@ parsecfg() # and fall back to guessing the config from some other system files if [ -f "$CONFFILE" ] then - # clear settings to pick up valus from configfile - db_set nslcd/ldap-uris "" - db_set nslcd/ldap-base "" - db_set nslcd/ldap-binddn "" - db_set nslcd/ldap-bindpw "" - db_set nslcd/ldap-sasl-mech "" - db_set nslcd/ldap-sasl-realm "" - db_set nslcd/ldap-sasl-authcid "" - db_set nslcd/ldap-sasl-authzid "" - db_set nslcd/ldap-sasl-secprops "" - db_set nslcd/ldap-starttls "" - db_set nslcd/ldap-reqcert "" # parse current configuration parsecfg "$CONFFILE" else @@ -180,18 +164,22 @@ db_get nslcd/ldap-starttls [ -z "$RET" ] && db_set nslcd/ldap-starttls "false" # deduce auth-type from available information -db_get nslcd/ldap-sasl-mech -sasl_mech="$RET" -db_get nslcd/ldap-binddn -binddn="$RET" -if [ -n "$sasl_mech" ] +db_get nslcd/ldap-auth-type +if [ -z "$RET" ] then - db_set nslcd/ldap-auth-type "SASL" -elif [ -n "$binddn" ] -then - db_set nslcd/ldap-auth-type "simple" -else - db_set nslcd/ldap-auth-type "none" + db_get nslcd/ldap-sasl-mech + sasl_mech="$RET" + db_get nslcd/ldap-binddn + binddn="$RET" + if [ -n "$sasl_mech" ] + then + db_set nslcd/ldap-auth-type "SASL" + elif [ -n "$binddn" ] + then + db_set nslcd/ldap-auth-type "simple" + else + db_set nslcd/ldap-auth-type "none" + fi fi # @@ -225,24 +213,19 @@ do db_get nslcd/ldap-auth-type case "$RET" in none) - # anonymous bind, nothing to ask (clear options) - db_set nslcd/ldap-binddn "" + # anonymous bind, nothing to ask (clear password) db_set nslcd/ldap-bindpw "" - db_set nslcd/ldap-sasl-mech "" state="starttls" ;; simple) # ask for binddn and bindpw db_input medium nslcd/ldap-binddn || true db_input medium nslcd/ldap-bindpw || true - db_set nslcd/ldap-sasl-mech "" state="starttls" ;; SASL) # ask about SASL mechanism (other SASL questions depend on this) db_input medium nslcd/ldap-sasl-mech || true - # RFC4313 if SASL, binddn should be disabled - db_set nslcd/ldap-binddn "" state="sasloptions" ;; *) @@ -261,9 +244,6 @@ do then db_input medium nslcd/ldap-sasl-authcid || true db_input medium nslcd/ldap-bindpw || true - else - db_set nslcd/ldap-sasl-authcid "" - db_set nslcd/ldap-bindpw "" fi db_input medium nslcd/ldap-sasl-authzid || true db_input medium nslcd/ldap-sasl-secprops || true @@ -273,8 +253,6 @@ do db_get nslcd/ldap-sasl-krb5-ccname [ -z "$RET" ] && db_set nslcd/ldap-sasl-krb5-ccname "/var/run/nslcd/nslcd.tkt" db_input low nslcd/ldap-sasl-krb5-ccname || true - else - db_set nslcd/ldap-sasl-krb5-ccname "" fi # ask the question, go to the next question or back state="starttls" diff --git a/debian/nslcd.postinst b/debian/nslcd.postinst index 53f54fc..7e2a551 100644 --- a/debian/nslcd.postinst +++ b/debian/nslcd.postinst @@ -41,22 +41,24 @@ cfg_set() return 0 } -# disable an option in the configuration file by commenting it out +# disable options in the configuration file by commenting them out cfg_disable() { - parameter="$1" - # handle bindpw option specially by removing value from config first - if [ "$parameter" = "bindpw" ] && grep -i -q "^bindpw " $CONFFILE - then - cfg_set bindpw "*removed*" - fi - # make matching of spaces better in parameter - param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'` - # lines to not match - nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" - # comment out the option - sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE" - # we're done + for parameter in $@ + do + # handle bindpw option specially by removing value from config first + if [ "$parameter" = "bindpw" ] && grep -i -q "^bindpw " $CONFFILE + then + cfg_set bindpw "*removed*" + fi + # make matching of spaces better in parameter + param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'` + # lines to not match + nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" + # comment out the option + sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE" + # we're done + done return 0 } @@ -199,14 +201,39 @@ then cfg_uris "$RET" # update some options update_config nslcd/ldap-base base - update_config nslcd/ldap-binddn binddn - update_config nslcd/ldap-bindpw bindpw - update_config nslcd/ldap-sasl-mech sasl_mech - update_config nslcd/ldap-sasl-realm sasl_realm - update_config nslcd/ldap-sasl-authcid sasl_authcid - update_config nslcd/ldap-sasl-authzid sasl_authzid - update_config nslcd/ldap-sasl-secprops sasl_secprops - update_config nslcd/ldap-sasl-krb5-ccname krb5_ccname + db_get nslcd/ldap-auth-type + authtype="$RET" + case "$authtype" in + simple) + update_config nslcd/ldap-binddn binddn + update_config nslcd/ldap-bindpw bindpw + cfg_disable sasl_mech sasl_realm sasl_authcid sasl_authzid sasl_secprops krb5_ccname + ;; + SASL) + update_config nslcd/ldap-sasl-mech sasl_mech + update_config nslcd/ldap-sasl-realm sasl_realm + # RFC4313 if SASL, binddn should be disabled + cfg_disable binddn + db_get nslcd/ldap-sasl-mech + saslmech="$RET" + case "$saslmech" in + GSSAPI) + update_config nslcd/ldap-sasl-krb5-ccname krb5_ccname + cfg_disable sasl_authcid + ;; + *) + update_config nslcd/ldap-sasl-authcid sasl_authcid + update_config nslcd/ldap-bindpw bindpw + cfg_disable krb5_ccname + ;; + esac + update_config nslcd/ldap-sasl-authzid sasl_authzid + update_config nslcd/ldap-sasl-secprops sasl_secprops + ;; + none) + cfg_disable binddn bindpw + cfg_disable sasl_mech sasl_realm sasl_authcid sasl_authzid sasl_secprops krb5_ccname + esac update_config nslcd/ldap-reqcert tls_reqcert # remove password from database db_set nslcd/ldap-bindpw "" |