[debian-edu-commits] [Git][debian-edu/debian-edu-config][bullseye] 4 commits: share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service...

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Sun Jan 30 20:41:06 GMT 2022 


Mike Gabriel pushed to branch bullseye at Debian Edu / debian-edu-config


Commits:
71074906 by Mike Gabriel at 2022-01-14T22:22:14+01:00
share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service principals if they don't yet exist. (Closes: #1002014).

- - - - -
f093a35e by Mike Gabriel at 2022-01-14T22:22:31+01:00
share/d-e-c/tools/gosa-create-host: Fix copy+paste flaw in comment.

- - - - -
4c9a9087 by Mike Gabriel at 2022-01-14T22:34:50+01:00
etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal network sent to root@<mynetwork-names>. (Closes: #1003727).

- - - - -
bb669429 by Mike Gabriel at 2022-01-14T22:52:27+01:00
share/debian-edu-config/tools/setup-freeradius-server: Fix integer comparison in run-by-root check. Script was not executable fully (not even as root).

- - - - -


5 changed files:

- debian/changelog
- etc/exim4/exim-ldap-server-v4.conf
- share/debian-edu-config/tools/gosa-create-host
- share/debian-edu-config/tools/gosa-modify-host
- share/debian-edu-config/tools/setup-freeradius-server


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,19 @@
+debian-edu-config (2.11.56+deb11u3) UNRELEASED; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal
+    network sent to root@<mynetwork-names>. (Closes: #1003727).
+
+  [ Mike Gabriel ]
+  * share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service
+    principals if they don't yet exist. (Closes: #1002014).
+  * share/d-e-c/tools/gosa-create-host: Fix copy+paste flaw in comment.
+  * share/debian-edu-config/tools/setup-freeradius-server: Fix integer
+    comparison in run-by-root check. Script was not executable fully (not even
+    as root).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Fri, 14 Dec 2021 22:21:50 +0100
+
 debian-edu-config (2.11.56+deb11u2) bullseye; urgency=medium
 
   [ Mike Gabriel ]


=====================================
etc/exim4/exim-ldap-server-v4.conf
=====================================
@@ -204,6 +204,7 @@ begin acl
 # ACL that is used after the RCPT command
 acl_check_rcpt:
   accept local_parts = postmaster
+  accept local_parts = root
   # Exim 3 had no checking on -bs messages, so for compatibility
   # we accept if the source is local SMTP (i.e. not over TCP/IP).
   # We do this by testing for an empty sending host field.


=====================================
share/debian-edu-config/tools/gosa-create-host
=====================================
@@ -33,7 +33,7 @@ find_fqdn() {
 	}
 }
 
-## lookup user and create home directory and principal:
+## lookup host and create host/<host> and nfs/<host> Krb5 principals:
 ldapsearch -xLLL "(&(cn=$HOSTNAME)(|(objectClass=GOHard)(|(objectClass=ipHost))))" \
            cn ipHostNumber macAddress 2>/dev/null  | perl -p00e 's/\r?\n //g' | \
 while read KEY VALUE ; do


=====================================
share/debian-edu-config/tools/gosa-modify-host
=====================================
@@ -7,11 +7,19 @@ set -ex
 
 HOST="$1"
 
-kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
-kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
-kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
-kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
-logger -t gosa-modify-host -p notice Krb5 principals and keytab file for host \'$HOST\' created.
+# This is only for kerberizing host entries in LDAP stemming from earlier installations
+# of Debian Edu... Normally, host and service principals should have been created
+# by the gosa-host-create hook script.
+if ! LANG=C kadmin.local -q "get_principal host/$HOST.intern" 2>/dev/null  | grep -q "^Principal: host/$HOST.intern at .*"; then
+	kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
+	kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
+	logger -t gosa-modify-host -p notice Krb5 host principal \'host/$HOST.intern\' created and added to host-specific keytab file.
+fi
+if ! LANG=C kadmin.local -q "get_principal nfs/$HOST.intern" 2>/dev/null  | grep -q "^Principal: nfs/$HOST.intern at .*"; then
+	kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
+	kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
+	logger -t gosa-modify-host -p notice Krb5 service principal \'nfs/$HOST.intern\' created and added to host-specific keytab file.
+fi
 
 # update services:
 /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs


=====================================
share/debian-edu-config/tools/setup-freeradius-server
=====================================
@@ -28,7 +28,7 @@ echo "-------------------------------------------------------------------------"
 fi
 
 # Check execute permission.
-if [ ! -d $DIRNAME ] && [ $(id -u) > 0 ]; then
+if [ ! -d $DIRNAME ] && [ $(id -u) -gt 0 ]; then
 	echo "Please run $0 as root or use sudo, exiting."
 	exit 0
 fi



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/cb54f387c0ad043fbce8e612e46e3b5c2f2b1d6f...bb669429dc3c803a64adeae3b1496f869dca7f38

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/cb54f387c0ad043fbce8e612e46e3b5c2f2b1d6f...bb669429dc3c803a64adeae3b1496f869dca7f38
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220130/e84045c7/attachment-0001.htm>

More information about the debian-edu-commits mailing list