[28815] in Source-Commits
pam-config commit: Check that users and groups in the default access.conf exist
daemon@ATHENA.MIT.EDU (Lizhou Sha)
Sun Nov 12 03:26:55 2017
Date: Sun, 12 Nov 2017 03:26:40 -0500
From: Lizhou Sha <slz@mit.edu>
Message-Id: <201711120826.vAC8QeTf012620@drugstore.mit.edu>
To: source-commits@mit.edu
https://github.com/mit-athena/pam-config/commit/1e6fe8d93abad113fd8655420761a293931fbf2d
commit 1e6fe8d93abad113fd8655420761a293931fbf2d
Author: Anders Kaseorg <andersk@mit.edu>
Date: Sat Nov 11 22:10:17 2017 -0500
Check that users and groups in the default access.conf exist
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
debian/changelog | 4 +++-
debian/control | 2 +-
debian/rules | 6 ++++++
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index dfc9d1e..0889a5d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,9 @@
-debathena-pam-config (1.27) UNRELEASED; urgency=medium
+debathena-pam-config (1.27) unstable; urgency=medium
* Remove the admin group from the default access.conf, as it is no
longer present on Ubuntu either.
+ * Check at build time that users and groups in the default access.conf
+ exist.
-- Anders Kaseorg <andersk@mit.edu> Sat, 11 Nov 2017 21:58:08 -0500
diff --git a/debian/control b/debian/control
index 9978824..d23f03e 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: debathena-pam-config
Section: debathena-config/net
Priority: extra
Maintainer: Debathena Project <debathena@mit.edu>
-Build-Depends: cdbs, debhelper, config-package-dev (>= 5.0~), libpam-runtime, gdm3 | gdm, openssh-server (>= 1:4.3) | ssh-krb5
+Build-Depends: cdbs, debhelper, config-package-dev (>= 5.0~), libpam-runtime, gdm3 | gdm, openssh-server (>= 1:4.3) | ssh-krb5, base-passwd
Standards-Version: 3.9.3
Package: debathena-pam-config
diff --git a/debian/rules b/debian/rules
index 0f127fd..e3705d8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -96,6 +96,12 @@ endif
common-build-indep:: debian/access.conf.debathena
debian/access.conf.debathena: $(call debian_check_files,/etc/security/access.conf)
+ set -eux; for user in $$(awk -F: '/^[^#]/ {print $$2}' debian/access.conf.append); do \
+ case "$$user" in \
+ ALL|EXCEPT|nss-local-users) ;; \
+ *) cut -d: -f1 /usr/share/base-passwd/passwd.master /usr/share/base-passwd/group.master | grep -Fxe "$$user";; \
+ esac; \
+ done
cat $< debian/access.conf.append > $@
clean::
