[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 3 commits: share/debian-edu-config/tools/gosa-sync: From password TMPFILE, strip newline...

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Thu Jul 25 08:48:11 BST 2024 


Mike Gabriel pushed to branch master at Debian Edu / debian-edu-config


Commits:
a3832476 by Mike Gabriel at 2024-07-25T09:20:30+02:00
share/debian-edu-config/tools/gosa-sync: From password TMPFILE, strip newline character from end-of-file.

 The LDAP whoami call for verifying the correctness of the passed-in
 user password requires a password file without trailing newline
 to succeed.

- - - - -
71f6b389 by Mike Gabriel at 2024-07-25T09:41:20+02:00
share/debian-edu-config/gosa.conf.template: Various white-space fixes.

- - - - -
94e83f4a by Mike Gabriel at 2024-07-25T09:47:40+02:00
Don't (single-)quote placeholders in plugin hooks. GOsa² will add single- quotes around placeholder variables when generating hook commands. Esp. when using single quotes around placeholders, they will be duplicated and thus eliminate eacher other. This problem occurred for users with space characters in their DN while changing the user's password. (The hook would only operate on a partial DN string, split at first space char occurrence in the DN string).

- - - - -


3 changed files:

- debian/changelog
- share/debian-edu-config/gosa.conf.template
- share/debian-edu-config/tools/gosa-sync


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,22 @@
+debian-edu-config (2.12.45) UNRELEASED; urgency=medium
+
+  * share/debian-edu-config/tools/gosa-sync:
+    + From password TMPFILE, strip newline character from end-of-file.
+      The LDAP whoami call for verifying the correctness of the passed-in
+      user password requires a password file without trailing newline
+      to succeed.
+  * share/debian-edu-config/gosa.conf.template:
+    + Various white-space fixes.
+    + Don't (single-)quote placeholders in plugin hooks. GOsa² will add single-
+      quotes around placeholder variables when generating hook commands. Esp.
+      when using single quotes around placeholders, they will be duplicated
+      and thus eliminate eacher other. This problem occurred for users
+      with space characters in their DN while changing the user's password.
+      (The hook would only operate on a partial DN string, split at first
+      space char occurrence in the DN string).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Thu, 25 Jul 2024 09:16:39 +0200
+
 debian-edu-config (2.12.44) unstable; urgency=medium
 
   * share/debian-edu-config/tools/wpad-extract:


=====================================
share/debian-edu-config/gosa.conf.template
=====================================
@@ -41,7 +41,7 @@
               class="userManagement" />
       <plugin acl="groups" class="groupManagement" />
       <plugin acl="roles" class="roleManagement" />
-      <plugin acl="acl"  class="aclManagement" />
+      <plugin acl="acl" class="aclManagement" />
       <plugin acl="ogroups" class="ogroupManagement" />
       <plugin acl="sudo" class="sudoManagement" />
       <plugin acl="netgroup" class="netgroupManagement" />
@@ -56,14 +56,14 @@
 
     <!-- Section to enable addon plugins -->
     <section name="Addons">
-      <plugin acl="all/all"  class="propertyEditor" />
+      <plugin acl="all/all" class="propertyEditor" />
       <plugin acl="server/rSyslogServer" class="rsyslog" />
 <!--      <plugin acl="mailqueue" class="mailqueue" />-->
       <plugin acl="users/viewFaxEntries:self,users/viewFaxEntries" class="faxreport" />
       <plugin acl="users/viewFonEntries:self,users/viewFonEntries" class="fonreport" />
       <plugin acl="ldapmanager" class="ldif" />
       <plugin acl="schoolmanager" class="schoolmgr" />
-      <plugin acl="pwreset" class="pwreset"/>
+      <plugin acl="pwreset" class="pwreset" />
     </section>
   </menu>
 
@@ -76,9 +76,9 @@
   <pathMenu>
       <plugin acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/phpscheduleitAccount:self,users/oxchangeAccount:self,users/proxyAccount:self,users/connectivity:self,users/pureftpdAccount:self,users/phpgwAccount:self,users/opengwAccount:self,users/pptpAccount:self,users/intranetAccount:self, users/webdavAccount:self,users/nagiosAccount:self,users/mailAccount:self,users/groupware, users/user:self,users/scalixAccount:self,users/gofaxAccount:self,users/phoneAccount:self,users/Groupware:self" class="MyAccount" />
       <plugin acl="users/password:self" class="password"
-              postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync '%dn'"
-              postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user '%dn'"
-              postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user '%dn'" />
+              postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync %dn"
+              postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user %dn"
+              postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user %dn" />
   </pathMenu>
 
 
@@ -279,7 +279,7 @@
 
   <!-- Connectivity plugins -->
   <connectivity>
-    <tab class='kolabAccount' />
+    <tab class="kolabAccount" />
     <tab class="proxyAccount" />
     <tab class="pureftpdAccount" />
     <tab class="webdavAccount" />


=====================================
share/debian-edu-config/tools/gosa-sync
=====================================
@@ -36,6 +36,8 @@ trap "rm -f $TMPFILE" ERR SIGHUP SIGINT SIGTERM
 base64 -d - <<EOF > "$TMPFILE"
 $USERPASSWORD
 EOF
+# strip newline from EOF
+perl -i -pe 'chomp if eof' "$TMPFILE"
 
 # check the password in $TMPfile against LDAP...
 IAM=`ldapwhoami -x -Z -y "$TMPFILE" -D "$USERDN" 2>/dev/null || true`



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/a673e678d0eb0056520aa9db6395a04caaaabf51...94e83f4aa27f05a4cf0a902cabaaa28f301aa103

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/a673e678d0eb0056520aa9db6395a04caaaabf51...94e83f4aa27f05a4cf0a902cabaaa28f301aa103
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20240725/826b8b92/attachment-0001.htm>

More information about the debian-edu-commits mailing list