[23589] in Source-Commits

home help back first fref pref prev next nref lref last post

/svn/athena r23230 - trunk/debathena/config/pam-config/debian

daemon@ATHENA.MIT.EDU (price@MIT.EDU)
Sat Nov 1 06:17:43 2008

Date: Sat, 1 Nov 2008 06:17:32 -0400 (EDT)
From: price@MIT.EDU
Message-Id: <200811011017.GAA22096@drugstore.mit.edu>
To: source-commits@MIT.EDU
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Author: price
Date: 2008-11-01 06:17:31 -0400 (Sat, 01 Nov 2008)
New Revision: 23230

Added:
   trunk/debathena/config/pam-config/debian/athena-session-tmpdir-mktemp.pam-config
   trunk/debathena/config/pam-config/debian/debathena-pam-config.postinst
Modified:
   trunk/debathena/config/pam-config/debian/changelog
   trunk/debathena/config/pam-config/debian/control
   trunk/debathena/config/pam-config/debian/control.in
   trunk/debathena/config/pam-config/debian/rules
Log:
adapt debathena-pam-config to use pam-auth-update

Take advantage of pam-auth-update in libpam-runtime (>= 1.0.1-4ubuntu1),
which is in intrepid.  This means no munging of /etc/pam.d/common-*
directly, so users and other packages can make their own changes.
 * libpam-krb524, libpam-athena-locker, libpam-debathena-home-type
   now enable themselves
 * new libpam-krb5-config package configures libpam-krb5 the new way
 * add a file to apply mktemp to ATHENA_SESSION_TMPDIR the new way
 * on upgrade from older versions, if /etc/pam.d/common-* match what
   old debathena-pam-config versions supplied then replace them

If pam-auth-update is absent, behaves as before.

Added: trunk/debathena/config/pam-config/debian/athena-session-tmpdir-mktemp.pam-config
===================================================================
--- trunk/debathena/config/pam-config/debian/athena-session-tmpdir-mktemp.pam-config	2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/athena-session-tmpdir-mktemp.pam-config	2008-11-01 10:17:31 UTC (rev 23230)
@@ -0,0 +1,6 @@
+Name: Create ATHENA_SESSION_TMPDIR securely
+Default: yes
+Priority: 17
+Session-Type: Additional
+Session:
+	optional	pam_mktemp.so ATHENA_SESSION_TMPDIR prefix=/var/run/athena-sessions/session dir

Modified: trunk/debathena/config/pam-config/debian/changelog
===================================================================
--- trunk/debathena/config/pam-config/debian/changelog	2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/changelog	2008-11-01 10:17:31 UTC (rev 23230)
@@ -1,3 +1,17 @@
+debathena-pam-config (1.7) unstable; urgency=low
+
+  * Take advantage of pam-auth-update in libpam-runtime (>= 1.0.1-4ubuntu1),
+    which is in intrepid.  This means no munging of /etc/pam.d/common-*
+    directly, so users and other packages can make their own changes.
+    * libpam-krb524, libpam-athena-locker, libpam-debathena-home-type
+      now enable themselves
+    * new libpam-krb5-config package configures libpam-krb5 the new way
+    * add a file to apply mktemp to ATHENA_SESSION_TMPDIR the new way
+    * on upgrade from older versions, if /etc/pam.d/common-* match what
+      old debathena-pam-config versions supplied then replace them
+
+ -- Greg Price <price@mit.edu>  Sat,  1 Nov 2008 05:52:00 -0400
+
 debathena-pam-config (1.6) unstable; urgency=low
 
   * Check if common-* templates are available in /usr/share/pam/

Modified: trunk/debathena/config/pam-config/debian/control
===================================================================
--- trunk/debathena/config/pam-config/debian/control	2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/control	2008-11-01 10:17:31 UTC (rev 23230)
@@ -7,7 +7,7 @@
 
 Package: debathena-pam-config
 Architecture: all
-Depends: debathena-kerberos-config, libpam-runtime, libpam-krb5, libpam-krb524, libpam-athena-locker, ${misc:Depends}, libpam-debathena-home-type, debathena-dotfiles, debathena-nsswitch-config (>= 1.3~), libpam-mktemp
+Depends: debathena-kerberos-config, debathena-dotfiles, debathena-nsswitch-config (>= 1.3~), libpam-mktemp, ${misc:Depends}, ${debathena-pam-config-depends}
 Provides: ${diverted-files}
 Conflicts: ${diverted-files}
 Description: PAM configuration for Debian-Athena

Modified: trunk/debathena/config/pam-config/debian/control.in
===================================================================
--- trunk/debathena/config/pam-config/debian/control.in	2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/control.in	2008-11-01 10:17:31 UTC (rev 23230)
@@ -7,7 +7,7 @@
 
 Package: debathena-pam-config
 Architecture: all
-Depends: debathena-kerberos-config, libpam-runtime, libpam-krb5, libpam-krb524, libpam-athena-locker, ${misc:Depends}, libpam-debathena-home-type, debathena-dotfiles, debathena-nsswitch-config (>= 1.3~), libpam-mktemp
+Depends: debathena-kerberos-config, debathena-dotfiles, debathena-nsswitch-config (>= 1.3~), libpam-mktemp, ${misc:Depends}, ${debathena-pam-config-depends}
 Provides: ${diverted-files}
 Conflicts: ${diverted-files}
 Description: PAM configuration for Debian-Athena

Added: trunk/debathena/config/pam-config/debian/debathena-pam-config.postinst
===================================================================
--- trunk/debathena/config/pam-config/debian/debathena-pam-config.postinst	2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/debathena-pam-config.postinst	2008-11-01 10:17:31 UTC (rev 23230)
@@ -0,0 +1,23 @@
+#!/bin/sh
+set -e
+# Upgrade logic copied from libpam-ldap v184-4ubuntu2.  Code improved.
+#
+# If we're upgrading across the pam-auth-update change, and the
+# files are unmodified from what the old debathena-pam-config
+# wrote, then it's safe to force the pam-auth-update.
+
+if hash pam-auth-update 2>/dev/null; then
+    force=
+    if dpkg --compare-versions "$2" lt-nl 1.7 \
+      && md5sum --status -c /dev/stdin <<EOF; then
+44cdd3fac614ee24f9aaccad459cb094  /etc/pam.d/common-account
+6734f92af34672ea4554964da6a56fb9  /etc/pam.d/common-auth
+926da8a781f7e7023689d6f36fa61f28  /etc/pam.d/common-password
+133fe5e5131ed14ee5bb9ec7339fbe35  /etc/pam.d/common-session
+EOF
+        force=--force
+    fi
+    pam-auth-update --package $force
+fi
+
+#DEBHELPER#

Modified: trunk/debathena/config/pam-config/debian/rules
===================================================================
--- trunk/debathena/config/pam-config/debian/rules	2008-11-01 10:00:22 UTC (rev 23229)
+++ trunk/debathena/config/pam-config/debian/rules	2008-11-01 10:17:31 UTC (rev 23230)
@@ -7,6 +7,20 @@
 DEB_AUTO_UPDATE_DEBIAN_CONTROL = 1
 DEB_DIVERT_EXTENSION = .debathena
 
+pam_auth_update = $(shell hash pam-auth-update 2>/dev/null && echo yes)
+
+ifeq ($(pam_auth_update),)
+    DEB_TRANSFORM_FILES_debathena-pam-config += \
+	$(patsubst %,/etc/pam.d/common-%.debathena,$(pam_types))
+
+    ifneq ($(wildcard /usr/share/pam/common-auth),)
+        DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-auth.debathena = /usr/share/pam/common-auth
+        DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-session.debathena = /usr/share/pam/common-session
+        DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-account.debathena = /usr/share/pam/common-account
+        DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-password.debathena = /usr/share/pam/common-password
+    endif
+endif
+
 ifneq ($(wildcard /etc/pam.d/sshd),)
     PAM_SSHD = /etc/pam.d/sshd.debathena
     DEB_TRANSFORM_SCRIPT_$(PAM_SSHD) = debian/transform_ssh.debathena
@@ -14,15 +28,7 @@
     PAM_SSHD = /etc/pam.d/ssh.debathena
 endif
 
-ifneq ($(wildcard /usr/share/pam/common-auth),)
-    DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-auth.debathena = /usr/share/pam/common-auth
-    DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-session.debathena = /usr/share/pam/common-session
-    DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-account.debathena = /usr/share/pam/common-account
-    DEB_CHECK_FILES_SOURCE_/etc/pam.d/common-password.debathena = /usr/share/pam/common-password
-endif
-
 DEB_TRANSFORM_FILES_debathena-pam-config += \
-	$(patsubst %,/etc/pam.d/common-%.debathena,$(pam_types)) \
 	/etc/pam.d/gdm.debathena \
 	$(PAM_SSHD) \
 	/etc/pam.d/login.debathena
@@ -33,6 +39,32 @@
 include /usr/share/cdbs/1/rules/debhelper.mk
 include /usr/share/cdbs/1/rules/config-package.mk
 
+ifneq ($(pam_auth_update),)
+install/debathena-pam-config::
+	install -D -m 644 debian/athena-session-tmpdir-mktemp.pam-config \
+	  $(DEB_DESTDIR)/usr/share/pam-configs/athena-session-tmpdir-mktemp
+debathena-pam-config-substvars:
+	( \
+	  echo -n "debathena-pam-config-depends="; \
+	  echo -n "libpam-runtime (>= 1.0.1-4ubuntu1),"; \
+	  echo -n "libpam-krb5-config,"; \
+	  echo -n "libpam-krb524 (>= 1.3-0debathena3),"; \
+	  echo -n "libpam-athena-locker (>= 2.1-0debathena3),"; \
+	  echo -n "libpam-debathena-home-type (>= 1.1-0debathena2),"; \
+	) >>debian/debathena-pam-config.substvars
+else
+debathena-pam-config-substvars:
+	( \
+	  echo -n "debathena-pam-config-depends="; \
+	  echo -n "libpam-krb5,"; \
+	  echo -n "libpam-krb524,"; \
+	  echo -n "libpam-athena-locker,"; \
+	  echo -n "libpam-debathena-home-type,"; \
+	) >>debian/debathena-pam-config.substvars
+endif
+
+binary-predeb/debathena-pam-config:: debathena-pam-config-substvars
+
 ifneq ($(wildcard /etc/pam.d/sshd),)
 debian-divert/debathena-pam-config::
 	(echo "if [ \"\$$1\" = configure ] && [ -n \"\$$2\" ]; then"; \


home help back first fref pref prev next nref lref last post