diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2011-09-03 17:57:25 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2011-09-03 17:57:25 +0200 |
| commit | 10b704853b5687b527d0db19802a7ca5315fe39c (patch) | |
| tree | 7bab6836e942753587d0c7d52f06e149fbae3c27 | |
| parent | 9e37fe65cfe2ceb0e7aba40be730c1ef02dbcdde (diff) | |
support spaces before and after database name while parsing /etc/nsswitch.conf and reduce the number of places where parsing is done
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1531 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | debian/libnss-ldapd.config | 11 | ||||
| -rw-r--r-- | debian/libnss-ldapd.postinst | 28 | ||||
| -rw-r--r-- | debian/libnss-ldapd.postrm | 35 | ||||
| -rw-r--r-- | debian/libpam-ldapd.postinst | 26 |
4 files changed, 76 insertions, 24 deletions
diff --git a/debian/libnss-ldapd.config b/debian/libnss-ldapd.config index d5331b7..4f8e2e7 100644 --- a/debian/libnss-ldapd.config +++ b/debian/libnss-ldapd.config @@ -13,10 +13,19 @@ db_version 2.0 # default. # +# find the names of services that are configured to use LDAP +# Note: this function is in libnss-ldapd.config and libnss-ldapd.postrm +nss_list_configured() +{ + sed -n \ + 's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' \ + /etc/nsswitch.conf +} + # parse /etc/nsswitch.conf and see which services have ldap specified db_get libnss-ldapd/nsswitch # find name services that currently use LDAP -configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf` +configured=`nss_list_configured` # separate by commas configured=`echo $configured | sed 's/ /, /g'` # store configured services either on first config or when ldap is already diff --git a/debian/libnss-ldapd.postinst b/debian/libnss-ldapd.postinst index 316a8e1..dc59e16 100644 --- a/debian/libnss-ldapd.postinst +++ b/debian/libnss-ldapd.postinst @@ -5,19 +5,29 @@ set -e # editing nsswitch.conf seems to be ok # http://lists.debian.org/debian-devel/2007/02/msg00076.html +# check whether the name is configure to do lookups through +# LDAP +# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm +# and libpam-ldapd.postinst +nss_is_enabled() +{ + name="$1" + grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf +} + # check to see if name is configured to do lookups through # LDAP and enable if not -# Note: this function is in both libnss-ldapd.postinst and libpam-ldapd.postinst +# Note: this function is in libnss-ldapd.postinst and libpam-ldapd.postinst nss_enable() { name="$1" - if ! grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf + if ! nss_is_enabled "$name" then echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2 - if grep -q '^'$name':' /etc/nsswitch.conf + if grep -q '^[[:space:]]*'$name'[[:space:]]*:' /etc/nsswitch.conf then # modify an existing entry by just adding ldap to the end - sed -i 's/^\('$name':.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' /etc/nsswitch.conf + sed -i 's/^\([[:space:]]*'$name'[[:space:]]*:.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' /etc/nsswitch.conf else # append a new line printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf @@ -30,23 +40,23 @@ nss_enable() } # remove NSS lookups though LDAP for the specified service -# Note: this function is in both libnss-ldapd.postinst and libnss-ldapd.postrm +# Note: this function is in libnss-ldapd.postinst and libnss-ldapd.postrm nss_disable() { name="$1" # these functions also remove the lookup result handling part # of the ldap entry (see nsswitch.conf(5)) - if grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf + if nss_is_enabled "$name" then echo "/etc/nsswitch.conf: disable LDAP lookups for $name" >&2 - if [ -n "`sed -n '/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p' /etc/nsswitch.conf`" ] + if [ -n "`sed -n '/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p' /etc/nsswitch.conf`" ] then # the name service only maps to ldap, remove the whole line - sed -i '/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d' /etc/nsswitch.conf + sed -i '/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d' /etc/nsswitch.conf else # remove ldap part from existing line, keeping other methods intact # TODO: remove trailing space - sed -i 's/^\('$name':.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/' /etc/nsswitch.conf + sed -i 's/^\([[:space:]]*'$name'[[:space:]]*:.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/' /etc/nsswitch.conf fi # invalidate nscd cache nscd -i "$name" > /dev/null 2>&1 || true diff --git a/debian/libnss-ldapd.postrm b/debian/libnss-ldapd.postrm index a4a95f2..cfa96ce 100644 --- a/debian/libnss-ldapd.postrm +++ b/debian/libnss-ldapd.postrm @@ -2,25 +2,46 @@ set -e +# find the names of services that are configured to use LDAP +# Note: this function is in libnss-ldapd.config and libnss-ldapd.postrm +nss_list_configured() +{ + sed -n \ + 's/^[[:space:]]*\([a-z]*\)[[:space:]]*:.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' \ + /etc/nsswitch.conf +} + +# check whether the name is configure to do lookups through +# LDAP +# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm +# and libpam-ldapd.postinst +nss_is_enabled() +{ + name="$1" + grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf +} + # remove NSS lookups though LDAP for the specified service -# Note: this function is in both libnss-ldapd.postinst and libnss-ldapd.postrm +# Note: this function is in libnss-ldapd.postinst and libnss-ldapd.postrm nss_disable() { name="$1" # these functions also remove the lookup result handling part # of the ldap entry (see nsswitch.conf(5)) - if grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf + if nss_is_enabled "$name" then echo "/etc/nsswitch.conf: disable LDAP lookups for $name" >&2 - if [ -n "`sed -n '/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p' /etc/nsswitch.conf`" ] + if [ -n "`sed -n '/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/p' /etc/nsswitch.conf`" ] then # the name service only maps to ldap, remove the whole line - sed -i '/^'$name':[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d' /etc/nsswitch.conf + sed -i '/^[[:space:]]*'$name'[[:space:]]*:[[:space:]]*ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*$/d' /etc/nsswitch.conf else # remove ldap part from existing line, keeping other methods intact # TODO: remove trailing space - sed -i 's/^\('$name':.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/' /etc/nsswitch.conf + sed -i 's/^\([[:space:]]*'$name'[[:space:]]*:.*\)ldap[[:space:]]*\(\[[^]]*\]\)*[[:space:]]*\(.*\)$/\1\3/' /etc/nsswitch.conf fi + # invalidate nscd cache + nscd -i "$name" > /dev/null 2>&1 || true fi # we're done return 0 @@ -30,7 +51,7 @@ nss_disable() if ( [ "$1" = "remove" ] || [ "$1" = "purge" ] ) then # check which naming services are configured - configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf` + configured=`nss_list_configured` if [ -n "$configured" ] then # if we have debconf, use debconf to ask, otherwise just shout @@ -54,7 +75,7 @@ then fi fi # re-check which services are left enabled - configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf` + configured=`nss_list_configured` fi # check if ldap is still configured if [ -n "$configured" ] diff --git a/debian/libpam-ldapd.postinst b/debian/libpam-ldapd.postinst index 9d62b4f..e74381f 100644 --- a/debian/libpam-ldapd.postinst +++ b/debian/libpam-ldapd.postinst @@ -10,23 +10,35 @@ db_version 2.0 pam-auth-update --package +# check whether the name is configure to do lookups through +# LDAP +# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm +# and libpam-ldapd.postinst +nss_is_enabled() +{ + name="$1" + grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf +} + # check to see if name is configured to do lookups through # LDAP and enable if not -# Note: this function is in both libnss-ldapd.postinst and libpam-ldapd.postinst +# Note: this function is in libnss-ldapd.postinst and libpam-ldapd.postinst nss_enable() { name="$1" - if ! grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf + if ! nss_is_enabled "$name" then echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2 - if grep -q '^'$name':' /etc/nsswitch.conf + if grep -q '^[[:space:]]*'$name'[[:space:]]*:' /etc/nsswitch.conf then # modify an existing entry by just adding ldap to the end - sed -i 's/^\('$name':.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' /etc/nsswitch.conf + sed -i 's/^\([[:space:]]*'$name'[[:space:]]*:.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' /etc/nsswitch.conf else # append a new line printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf fi + # invalidate nscd cache + nscd -i "$name" > /dev/null 2>&1 || true fi # we're done return 0 @@ -35,8 +47,8 @@ nss_enable() # if /etc/nsswitch.conf contains passwd: ..ldap but not shadow: ...ldap # warn the user that this will not work and offer to fix it # (only do this if it seems we have switched to pam-auth-update) -if grep -q '^passwd:.*ldap' /etc/nsswitch.conf && \ - ! grep -q '^shadow:.*ldap' /etc/nsswitch.conf && \ +if nss_is_enabled "passwd" && \ + ! nss_is_enabled "shadow" && \ grep -q pam-auth-update /etc/pam.d/common-auth then if db_input critical libpam-ldapd/enable_shadow @@ -45,7 +57,7 @@ then db_get libpam-ldapd/enable_shadow if [ "$RET" = "true" ] then - nss_enable shadow + nss_enable "shadow" fi fi fi |