[debian-edu-commits] debian-edu/ 01/02: Improve kerberized NFS:
Wolfgang Schweer
schweer-guest at moszumanska.debian.org
Mon May 28 20:44:42 BST 2018
This is an automated email from the git hooks/post-receive script.
schweer-guest pushed a commit to branch master
in repository debian-edu-config.
commit e634350844111c8529930c3a2a915c7cea4734d2
Author: Wolfgang Schweer <wschweer at arcor.de>
Date: Mon May 28 21:35:09 2018 +0200
Improve kerberized NFS:
Adjust share/debian-edu-config/tools/gosa-create-host:
- Fix code to also generate Kerberos Principals for systems of type
netdevices.
- Use /root/keytabs as $fqdn.keytab file location.
Add new script share/debian-edu-config/tools/gosa-remove-host.
Add new script share/debian-edu-config/tools/gosa-modify-host.
ldap-bootstrap/sudo.ldif:
- Add 'gosa-create-remove' command.
- Add 'gosa-create-modify' command.
share/debian-edu-config/gosa.conf.template:
- Adjust postremove and postmodify hooks.
---
debian/changelog | 17 +++++++++++++++
ldap-bootstrap/sudo.ldif | 2 ++
share/debian-edu-config/gosa.conf.template | 16 +++++++-------
share/debian-edu-config/tools/gosa-create-host | 6 +++---
share/debian-edu-config/tools/gosa-modify-host | 14 +++++++++++++
share/debian-edu-config/tools/gosa-remove-host | 29 ++++++++++++++++++++++++++
6 files changed, 73 insertions(+), 11 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 0bcb7f5..c3fa105 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+debian-edu-config (2.10.28) UNRELEASED; urgency=medium
+
+ * Improve kerberized NFS:
+ - Adjust share/debian-edu-config/tools/gosa-create-host:
+ + Fix code to also generate Kerberos Principals for systems of type
+ netdevices.
+ + Use /root/keytabs as $fqdn.keytab file location.
+ - Add new script share/debian-edu-config/tools/gosa-remove-host
+ - Add new script share/debian-edu-config/tools/gosa-modify-host
+ - ldap-bootstrap/sudo.ldif:
+ - Add 'gosa-create-remove' command.
+ - Add 'gosa-create-modify' command.
+ - share/debian-edu-config/gosa.conf.template: Adjust postremove and
+ postmodify hooks.
+
+ -- Wolfgang Schweer <wschweer at arcor.de> Mon, 28 May 2018 21:22:30 +0200
+
debian-edu-config (2.10.27) unstable; urgency=medium
[ Wolfgang Schweer ]
diff --git a/ldap-bootstrap/sudo.ldif b/ldap-bootstrap/sudo.ldif
index d7cf10e..46f87f9 100644
--- a/ldap-bootstrap/sudo.ldif
+++ b/ldap-bootstrap/sudo.ldif
@@ -24,6 +24,8 @@ description: Propagate GOsa's changes to the system
sudoCommand: /usr/share/debian-edu-config/tools/gosa-sync
sudoCommand: /usr/share/debian-edu-config/tools/gosa-remove
sudoCommand: /usr/share/debian-edu-config/tools/gosa-create
+sudoCommand: /usr/share/debian-edu-config/tools/gosa-remove-host
+sudoCommand: /usr/share/debian-edu-config/tools/gosa-modify-host
sudoCommand: /usr/share/debian-edu-config/tools/gosa-create-host
sudoCommand: /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
sudoCommand: /usr/share/debian-edu-config/tools/gosa-lock-user
diff --git a/share/debian-edu-config/gosa.conf.template b/share/debian-edu-config/gosa.conf.template
index ada33fa..857d8ac 100644
--- a/share/debian-edu-config/gosa.conf.template
+++ b/share/debian-edu-config/gosa.conf.template
@@ -180,16 +180,16 @@
<termtabs>
<tab class="termgeneric" name="Generic"
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-create-host %cn"
- postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-remove-host %cn"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-modify-host %cn" />
<tab class="netgroupSystem" name="NIS Netgroup" />
</termtabs>
<servtabs>
<tab class="servgeneric" name="Generic"
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-create-host %cn"
- postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-remove-host %cn"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-modify-host %cn" />
<tab class="ServerService" name="Services" />
<tab class="netgroupSystem" name="NIS Netgroup" />
<!-- <tab class="glpiAccount" name="Inventory" /> -->
@@ -198,8 +198,8 @@
<worktabs>
<tab class="workgeneric" name="Generic"
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-create-host %cn"
- postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-remove-host %cn"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-modify-host %cn" />
<tab class="netgroupSystem" name="NIS Netgroup" />
</worktabs>
@@ -210,8 +210,8 @@
<componenttabs>
<tab class="componentGeneric" name="Generic"
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-create-host %cn"
- postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-remove-host %cn"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-modify-host %cn" />
<tab class="netgroupSystem" name="NIS Netgroup" />
</componenttabs>
diff --git a/share/debian-edu-config/tools/gosa-create-host b/share/debian-edu-config/tools/gosa-create-host
index f7973be..710eaec 100755
--- a/share/debian-edu-config/tools/gosa-create-host
+++ b/share/debian-edu-config/tools/gosa-create-host
@@ -34,7 +34,7 @@ find_fqdn() {
}
## lookup user and create home directory and principal:
-ldapsearch -xLLL "(&(cn=$HOSTNAME)(|(objectClass=GOHard)(objectClass=ipHost)))" \
+ldapsearch -xLLL "(&(cn=$HOSTNAME)(|(objectClass=GOHard)(|(objectClass=ipHost))))" \
cn ipHostNumber macAddress 2>/dev/null | perl -p00e 's/\r?\n //g' | \
while read KEY VALUE ; do
case "$KEY" in
@@ -49,8 +49,8 @@ while read KEY VALUE ; do
logger -t gosa-create-host -p notice Krb5 principal \'host/$FQDN\' created.
kadmin.local -q "add_principal -policy hosts -randkey nfs/$FQDN"
logger -t gosa-create-host -p notice Krb5 principal \'nfs/$FQDN\' created.
- kadmin.local -q "ktadd -k /etc/$FQDN.keytab host/$FQDN"
- kadmin.local -q "ktadd -k /etc/$FQDN.keytab nfs/$FQDN"
+ kadmin.local -q "ktadd -k /root/keytabs/$FQDN.keytab host/$FQDN"
+ kadmin.local -q "ktadd -k /root/keytabs/$FQDN.keytab nfs/$FQDN"
logger -t gosa-create-host -p notice Krb5 keytab file for \'$FQDN\' created.
fi
;;
diff --git a/share/debian-edu-config/tools/gosa-modify-host b/share/debian-edu-config/tools/gosa-modify-host
new file mode 100755
index 0000000..a4a4336
--- /dev/null
+++ b/share/debian-edu-config/tools/gosa-modify-host
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -ex
+
+## This script is run by www-data using sudo. Keep that in mind!
+## Make sure that malicious execution cannot hurt.##
+
+HOST="$1"
+
+/usr/share/debian-edu-config/tools/gosa-create-host $HOST
+# update services:
+/usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
+
+exit 0
diff --git a/share/debian-edu-config/tools/gosa-remove-host b/share/debian-edu-config/tools/gosa-remove-host
new file mode 100755
index 0000000..4bade73
--- /dev/null
+++ b/share/debian-edu-config/tools/gosa-remove-host
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -ex
+
+## This script is run by www-data using sudo. Keep that in mind!
+## Make sure that malicious execution cannot hurt.
+##
+## This script removes the host and nfs principals for hosts removed with gosa.
+## It also removes the host specific keytab file (tjener:/etc/$fqdn.keytab).
+
+
+HOST="$1"
+
+## delete host's nfs principal and keytab file;
+## the host principal is already removed, no need doing it here again:
+#kadmin.local delprinc nfs/$HOST.intern
+#logger -t gosa-remove-host -p notice Krb5 principal \'nfs/$HOST.intern\' removed.
+#rm /etc/$HOST.intern.keytab
+#logger -t gosa-remove-host -p notice Krb5 keytab file for \'$HOST.intern\' removed.
+for i in $(kadmin.local listprincs | grep $HOST) ; do
+ kadmin.local delprinc $i
+ done
+rm /etc/$(ls -l /etc | grep $HOST | awk '{print $9}')
+#
+
+# update services:
+/usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
+
+exit 0
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list