[debian-edu-commits] [Git][debian-edu/debian-edu-config][personal/gber/testsuite-fixes] Disable the LDAP PAM module

Guido Berhörster (@gber) gitlab at salsa.debian.org
Fri Sep 15 10:38:40 BST 2023 


Guido Berhörster pushed to branch personal/gber/testsuite-fixes at Debian Edu / debian-edu-config


Commits:
cf9358de by Guido Berhoerster at 2023-09-15T11:37:06+02:00
Disable the LDAP PAM module

This contains a workaround for #1039873 which can be removed one the fix is
available on bookworm.

- - - - -


3 changed files:

- Makefile
- cf3/cf.ldapclient
- + libexec/debian-edu-edit-pam


Changes:

=====================================
Makefile
=====================================
@@ -22,6 +22,7 @@ SPROGS = \
 	$(NULL)
 
 LIBEXECPROGS = \
+	debian-edu-edit-pam \
 	debian-edu-cups-queue-autoflush-for-netgroup-hosts \
 	debian-edu-cups-queue-autoreenable-for-netgroup-hosts \
 	debian-edu-fsautoresize-for-netgroup-hosts \


=====================================
cf3/cf.ldapclient
=====================================
@@ -8,6 +8,14 @@ commands:
 
     "/usr/share/debian-edu-config/tools/setup-roaming"
       contain => in_shell;
+
+# remove PAM LDAP module
+  debian.!roaming.installation::
+
+# this can be replaced with /usr/sbin/pam-auth-update --disable ldap on the fix
+# for #1039873 is available on bookworm
+    "/usr/bin/env EDITOR=/usr/libexec/debian-edu-config/debian-edu-edit-pam DEBIAN_FRONTEND=editor /usr/sbin/pam-auth-update"
+      contain => in_shell;
 }
 
 bundle agent editline_ldapclient


=====================================
libexec/debian-edu-edit-pam
=====================================
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# This is a workaround for #1039873 and intended to be used with the debconf
+# editor frontend which is invoked by pam-auth-update. A temporary file with
+# the settings is passed as the first argument.
+#
+
+tmpfile="$(mktemp)"
+trap 'rm "${tmpfile}"' EXIT
+awk '
+/^libpam-runtime\/profiles=/ {
+    sep = ""
+    gsub(/^libpam-runtime\/profiles="|"$/, "")
+    len = split($0, names, /,/)
+    printf("libpam-runtime/profiles=\"")
+    for (i = 1; i <= len; i++) {
+        gsub(/^[ \t]*|[ \t]*$/, "", names[i])
+        if (names[i] != "LDAP Authentication") {
+            printf("%s%s", sep, names[i])
+            sep = ", "
+        }
+    }
+    printf("\"\n")
+    next
+}
+{ print }' "$1" > "${tmpfile}" && \
+    cat "${tmpfile}" > "$1"



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/cf9358de909037c8108303025262fb74e6d3fec0

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/cf9358de909037c8108303025262fb74e6d3fec0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230915/bd598dc1/attachment-0001.htm>

More information about the debian-edu-commits mailing list