diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2009-08-31 17:11:53 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2009-08-31 17:11:53 +0200 |
| commit | 1a1a3a2a955a0dc188d2b352e6b9135b2dab4275 (patch) | |
| tree | 03c0133532ebcfb13f2d3278c427eb464461d961 /debian/libnss-ldapd.postinst | |
| parent | 19bf24fc48c1a207b97af3d290895aa059388cb7 (diff) | |
split into binary packages libnss-ldapd, libpam-ldapd and nslcd packages, using a patch for libpam-ldap by Steve Langasek <vorlon@debian.org> for the libpam-ldapd package
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@975 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'debian/libnss-ldapd.postinst')
| -rw-r--r-- | debian/libnss-ldapd.postinst | 211 |
1 files changed, 0 insertions, 211 deletions
diff --git a/debian/libnss-ldapd.postinst b/debian/libnss-ldapd.postinst index 766735f..34c55be 100644 --- a/debian/libnss-ldapd.postinst +++ b/debian/libnss-ldapd.postinst @@ -2,82 +2,6 @@ set -e -CONFFILE="/etc/nss-ldapd.conf" - -# set an option in the configuration file to the specified value -cfg_set() -{ - parameter="$1" - value="$2" - # make matching of spaces better in parameter - # this is complicated becase of the "base [map] dn" keyword - param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'` - # lines to not match - nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" - # check if the parameter is defined - line=`sed -n '/'"$nomatch_re"'/n;/^'"$param_re"'[[:space:]]/p' "$CONFFILE" | head -n 1` - if [ -z "$line" ] - then - # check if the parameter is commented out - param_re="#$param_re" - nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" - line=`sed -n '/'"$nomatch_re"'/n;/^'"$param_re"'[[:space:]]/p' "$CONFFILE" | head -n 1` - fi - # decide what to do - if [ -z "$line" ] - then - # just append a new line - echo "$parameter $value" >> $CONFFILE - else - # escape line to replace - replace=`echo "$line" | sed 's#\\\#\\\\\\\#g;s#\([.*+?^$|]\)#\\\\\1#g'` - # escape value (parameter doesn't have any special stuff) - value=`echo "$value" | sed 's#\\\#\\\\\\\#g;s#|#\\\|#g;s#&#\\\&#g'` - # replace the first occurrence of the line - sed -i '1,\|^'"$replace"'$| s|^'"$replace"'$|'"$parameter"' '"$value"'|i' "$CONFFILE" - fi - # we're done - return 0 -} - -# disable an option in the configuration file by commenting it out -cfg_disable() -{ - parameter="$1" - # make matching of spaces better in parameter - param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'` - # lines to not match - nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" - # comment out the option - sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE" - # we're done - return 0 -} - -# set the list of uris -cfg_uris() -{ - uris="$1" - # escape all uri directives - sed -i 's/^uri /_uri_ /i' $CONFFILE - # set the uri options - echo "$uris" | sed 's/ */\n/g' | while read uri - do - if grep -qi '^_uri_ ' $CONFFILE - then - # escape uri for use in regexp replacement - uri=`echo "$uri" | sed 's#\\\#\\\\\\\#g;s#|#\\\|#g;s#&#\\\&#g'` - # replace the first occurrence of _uri_ - sed -i '1,/^_uri_ / s|^_uri_ .*$|uri '"$uri"'|i' "$CONFFILE" - else - # append new uri - echo "uri $uri" >> $CONFFILE - fi - done - # comment out the remaining escaped uris - sed -i 's/^_uri_ /#uri /' $CONFFILE -} - # editing nsswitch.conf seems to be ok # http://lists.debian.org/debian-devel/2007/02/msg00076.html @@ -125,136 +49,11 @@ nss_disable() return 0 } -# create a default configuration file if nothing exists yet -create_config() -{ - if [ ! -e "$CONFFILE" ] - then - # create a simple configuration file from this template - cat > "$CONFFILE" << EOM -# $CONFFILE -# nss-ldapd configuration file. See nss-ldapd.conf(5) -# for details. - -# The user and group nslcd should run as. -uid nslcd -gid nslcd - -# The location at which the LDAP server(s) should be reachable. -uri ldap://localhost/ - -# The search base that will be used for all queries. -base dc=example,dc=net - -# The LDAP protocol version to use. -#ldap_version 3 - -# The DN to bind with for normal lookups. -#binddn cn=annonymous,dc=example,dc=net -#bindpw secret - -# SSL options -#ssl off -#tls_reqcert never - -# The search scope. -#scope sub - -EOM - # fix permissions - chmod 640 "$CONFFILE" - chown root:nslcd "$CONFFILE" - fi - # we're done - return 0 -} - # real functions begin here if [ "$1" = "configure" ] then # get configuration data from debconf . /usr/share/debconf/confmodule - # check if the nslcd user exists - if getent passwd nslcd >/dev/null - then - : - else - # create nslcd user and group - adduser --system --group --home /var/run/nslcd/ \ - --gecos "nss-ldapd name service LDAP connection daemon" \ - --no-create-home \ - nslcd - # add uid/gid options to the config file if it exists - # (this is when we're upgrading) - if [ -f "$CONFFILE" ] - then - echo "Adding uid and gid options to $CONFFILE..." >&2 - echo "# automatically added on upgrade of libnss-ldapd package" >> "$CONFFILE" - cfg_set uid nslcd - cfg_set gid nslcd - fi - fi - # create a default configuration - create_config - # set server uri - db_get libnss-ldapd/ldap-uris - cfg_uris "$RET" - # set search base - db_get libnss-ldapd/ldap-base - if [ -n "$RET" ] - then - cfg_set base "$RET" - else - cfg_disable base - fi - # set bind dn/pw - db_get libnss-ldapd/ldap-binddn - if [ -n "$RET" ] - then - cfg_set binddn "$RET" - db_get libnss-ldapd/ldap-bindpw - if [ -n "$RET" ] - then - cfg_set bindpw "$RET" - else - # no bindpw set - if grep -i -q "^bindpw " $CONFFILE - then - cfg_set bindpw "*removed*" - cfg_disable bindpw - fi - fi - else - # no binddn/pw, disable options - cfg_disable binddn - if grep -i -q "^bindpw " $CONFFILE - then - cfg_set bindpw "*removed*" - cfg_disable bindpw - fi - fi - # remove password from database - db_set libnss-ldapd/ldap-bindpw "" - # set ssl option - db_get libnss-ldapd/ldap-starttls - if [ "$RET" = "true" ] - then - cfg_set ssl "start_tls" - elif grep -qi '^ssl[[:space:]]*start_*tls' $CONFFILE - then - cfg_disable ssl - fi - # set tls_reqcert option - db_get libnss-ldapd/ldap-reqcert - if [ -n "$RET" ] - then - # rename any tls_checkpeer options - sed -i 's/^tls_checkpeer/tls_reqcert/i' "$CONFFILE" - # set tls_reqcert option - cfg_set tls_reqcert "$RET" - # clear debconf value so that this option is only set if the question is asked - db_set libnss-ldapd/ldap-reqcert "" - fi # modify /etc/nsswitch.conf db_get libnss-ldapd/nsswitch enablenss=`echo "$RET" | sed 's/,//g'` @@ -269,16 +68,6 @@ then done # we're done db_stop - # fix permissions of configfile if upgrading from an old version - if dpkg --compare-versions "$2" lt-nl "0.6.7.1" - then - echo "Fixing permissions of $CONFFILE" - chmod 640 "$CONFFILE" - chown root:nslcd "$CONFFILE" - fi - # TODO: create backups of /etc/nsswitch.conf and configfile - # (probably store orig in tmpfile and if diff install it - # as backup) # restart nscd to pick up changes in nsswitch.conf # (other processes will have to be restarted manually) if [ -x /etc/init.d/nscd ] && [ `pidof -s nscd` ] |