[23589] in Source-Commits
/svn/athena r23230 - trunk/debathena/config/pam-config/debian
daemon@ATHENA.MIT.EDU (price@MIT.EDU)
Sat Nov 1 06:17:43 2008
Date: Sat, 1 Nov 2008 06:17:32 -0400 (EDT)
From: price@MIT.EDU
Message-Id: <200811011017.GAA22096@drugstore.mit.edu>
To: source-commits@MIT.EDU
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: price
Date: 2008-11-01 06:17:31 -0400 (Sat, 01 Nov 2008)
New Revision: 23230
Added:
trunk/debathena/config/pam-config/debian/athena-session-tmpdir-mktemp.pam-config
trunk/debathena/config/pam-config/debian/debathena-pam-config.postinst
Modified:
trunk/debathena/config/pam-config/debian/changelog
trunk/debathena/config/pam-config/debian/control
trunk/debathena/config/pam-config/debian/control.in
trunk/debathena/config/pam-config/debian/rules
Log:
adapt debathena-pam-config to use pam-auth-update
Take advantage of pam-auth-update in libpam-runtime (>= 1.0.1-4ubuntu1),
which is in intrepid. This means no munging of /etc/pam.d/common-*
directly, so users and other packages can make their own changes.
* libpam-krb524, libpam-athena-locker, libpam-debathena-home-type
now enable themselves
* new libpam-krb5-config package configures libpam-krb5 the new way
* add a file to apply mktemp to ATHENA_SESSION_TMPDIR the new way
* on upgrade from older versions, if /etc/pam.d/common-* match what
old debathena-pam-config versions supplied then replace them
If pam-auth-update is absent, behaves as before.
Added: trunk/debathena/config/pam-config/debian/athena-session-tmpdir-mktemp.pam-config
===================================================================
--- trunk/debathena/config/pam-config/debian/athena-session-tmpdir-mktemp.pam-config 2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/athena-session-tmpdir-mktemp.pam-config 2008-11-01 10:17:31 UTC (rev 23230)
@@ -0,0 +1,6 @@
+Name: Create ATHENA_SESSION_TMPDIR securely
+Default: yes
+Priority: 17
+Session-Type: Additional
+Session:
+ optional pam_mktemp.so ATHENA_SESSION_TMPDIR prefix=/var/run/athena-sessions/session dir
Modified: trunk/debathena/config/pam-config/debian/changelog
===================================================================
--- trunk/debathena/config/pam-config/debian/changelog 2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/changelog 2008-11-01 10:17:31 UTC (rev 23230)
@@ -1,3 +1,17 @@
+debathena-pam-config (1.7) unstable; urgency=low
+
+ * Take advantage of pam-auth-update in libpam-runtime (>= 1.0.1-4ubuntu1),
+ which is in intrepid. This means no munging of /etc/pam.d/common-*
+ directly, so users and other packages can make their own changes.
+ * libpam-krb524, libpam-athena-locker, libpam-debathena-home-type
+ now enable themselves
+ * new libpam-krb5-config package configures libpam-krb5 the new way
+ * add a file to apply mktemp to ATHENA_SESSION_TMPDIR the new way
+ * on upgrade from older versions, if /etc/pam.d/common-* match what
+ old debathena-pam-config versions supplied then replace them
+
+ -- Greg Price <price@mit.edu> Sat, 1 Nov 2008 05:52:00 -0400
+
debathena-pam-config (1.6) unstable; urgency=low
* Check if common-* templates are available in /usr/share/pam/
Modified: trunk/debathena/config/pam-config/debian/control
===================================================================
--- trunk/debathena/config/pam-config/debian/control 2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/control 2008-11-01 10:17:31 UTC (rev 23230)
@@ -7,7 +7,7 @@
Package: debathena-pam-config
Architecture: all
-Depends: debathena-kerberos-config, libpam-runtime, libpam-krb5, libpam-krb524, libpam-athena-locker, ${misc:Depends}, libpam-debathena-home-type, debathena-dotfiles, debathena-nsswitch-config (>= 1.3~), libpam-mktemp
+Depends: debathena-kerberos-config, debathena-dotfiles, debathena-nsswitch-config (>= 1.3~), libpam-mktemp, ${misc:Depends}, ${debathena-pam-config-depends}
Provides: ${diverted-files}
Conflicts: ${diverted-files}
Description: PAM configuration for Debian-Athena
Modified: trunk/debathena/config/pam-config/debian/control.in
===================================================================
--- trunk/debathena/config/pam-config/debian/control.in 2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/control.in 2008-11-01 10:17:31 UTC (rev 23230)
@@ -7,7 +7,7 @@
Package: debathena-pam-config
Architecture: all
-Depends: debathena-kerberos-config, libpam-runtime, libpam-krb5, libpam-krb524, libpam-athena-locker, ${misc:Depends}, libpam-debathena-home-type, debathena-dotfiles, debathena-nsswitch-config (>= 1.3~), libpam-mktemp
+Depends: debathena-kerberos-config, debathena-dotfiles, debathena-nsswitch-config (>= 1.3~), libpam-mktemp, ${misc:Depends}, ${debathena-pam-config-depends}
Provides: ${diverted-files}
Conflicts: ${diverted-files}
Description: PAM configuration for Debian-Athena
Added: trunk/debathena/config/pam-config/debian/debathena-pam-config.postinst
===================================================================
--- trunk/debathena/config/pam-config/debian/debathena-pam-config.postinst 2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/debathena-pam-config.postinst 2008-11-01 10:17:31 UTC (rev 23230)
@@ -0,0 +1,23 @@
+#!/bin/sh
+set -e
+# Upgrade logic copied from libpam-ldap v184-4ubuntu2. Code improved.
+#
+# If we're upgrading across the pam-auth-update change, and the
+# files are unmodified from what the old debathena-pam-config
+# wrote, then it's safe to force the pam-auth-update.
+
+if hash pam-auth-update 2>/dev/null; then
+ force=
+ if dpkg --compare-versions "$2" lt-nl 1.7 \
+ && md5sum --status -c /dev/stdin <<EOF; then
+44cdd3fac614ee24f9aaccad459cb094 /etc/pam.d/common-account
+6734f92af34672ea4554964da6a56fb9 /etc/pam.d/common-auth
+926da8a781f7e7023689d6f36fa61f28 /etc/pam.d/common-password
+133fe5e5131ed14ee5bb9ec7339fbe35 /etc/pam.d/common-session
+EOF
+ force=--force
+ fi
+ pam-auth-update --package $force
+fi
+
+#DEBHELPER#
Modified: trunk/debathena/config/pam-config/debian/rules
===================================================================
--- trunk/debathena/config/pam-config/debian/rules 2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/rules 2008-11-01 10:17:31 UTC (rev 23230)
@@ -7,6 +7,20 @@
DEB_AUTO_UPDATE_DEBIAN_CONTROL = 1
DEB_DIVERT_EXTENSION = .debathena
+pam_auth_update = $(shell hash pam-auth-update 2>/dev/null && echo yes)
+
+ifeq ($(pam_auth_update),)
+ DEB_TRANSFORM_FILES_debathena-pam-config += \
+ $(patsubst %,/etc/pam.d/common-%.debathena,$(pam_types))
+
+ ifneq ($(wildcard /usr/share/pam/common-auth),)
+ DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-auth.debathena = /usr/share/pam/common-auth
+ DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-session.debathena = /usr/share/pam/common-session
+ DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-account.debathena = /usr/share/pam/common-account
+ DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-password.debathena = /usr/share/pam/common-password
+ endif
+endif
+
ifneq ($(wildcard /etc/pam.d/sshd),)
PAM_SSHD = /etc/pam.d/sshd.debathena
DEB_TRANSFORM_SCRIPT_$(PAM_SSHD) = debian/transform_ssh.debathena
@@ -14,15 +28,7 @@
PAM_SSHD = /etc/pam.d/ssh.debathena
endif
-ifneq ($(wildcard /usr/share/pam/common-auth),)
- DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-auth.debathena = /usr/share/pam/common-auth
- DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-session.debathena = /usr/share/pam/common-session
- DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-account.debathena = /usr/share/pam/common-account
- DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-password.debathena = /usr/share/pam/common-password
-endif
-
DEB_TRANSFORM_FILES_debathena-pam-config += \
- $(patsubst %,/etc/pam.d/common-%.debathena,$(pam_types)) \
/etc/pam.d/gdm.debathena \
$(PAM_SSHD) \
/etc/pam.d/login.debathena
@@ -33,6 +39,32 @@
include /usr/share/cdbs/1/rules/debhelper.mk
include /usr/share/cdbs/1/rules/config-package.mk
+ifneq ($(pam_auth_update),)
+install/debathena-pam-config::
+ install -D -m 644 debian/athena-session-tmpdir-mktemp.pam-config \
+ $(DEB_DESTDIR)/usr/share/pam-configs/athena-session-tmpdir-mktemp
+debathena-pam-config-substvars:
+ ( \
+ echo -n "debathena-pam-config-depends="; \
+ echo -n "libpam-runtime (>= 1.0.1-4ubuntu1),"; \
+ echo -n "libpam-krb5-config,"; \
+ echo -n "libpam-krb524 (>= 1.3-0debathena3),"; \
+ echo -n "libpam-athena-locker (>= 2.1-0debathena3),"; \
+ echo -n "libpam-debathena-home-type (>= 1.1-0debathena2),"; \
+ ) >>debian/debathena-pam-config.substvars
+else
+debathena-pam-config-substvars:
+ ( \
+ echo -n "debathena-pam-config-depends="; \
+ echo -n "libpam-krb5,"; \
+ echo -n "libpam-krb524,"; \
+ echo -n "libpam-athena-locker,"; \
+ echo -n "libpam-debathena-home-type,"; \
+ ) >>debian/debathena-pam-config.substvars
+endif
+
+binary-predeb/debathena-pam-config:: debathena-pam-config-substvars
+
ifneq ($(wildcard /etc/pam.d/sshd),)
debian-divert/debathena-pam-config::
(echo "if [ \"\$$1\" = configure ] && [ -n \"\$$2\" ]; then"; \