[debian-edu-commits] [Git][debian-edu/debian-edu-config][bookworm] 10 commits: share/debian-edu-config/tools/gosa-sync: From password TMPFILE, strip newline...

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Mon Jun 2 09:31:53 BST 2025



Mike Gabriel pushed to branch bookworm at Debian Edu / debian-edu-config


Commits:
a3832476 by Mike Gabriel at 2024-07-25T09:20:30+02:00
share/debian-edu-config/tools/gosa-sync: From password TMPFILE, strip newline character from end-of-file.

 The LDAP whoami call for verifying the correctness of the passed-in
 user password requires a password file without trailing newline
 to succeed.

- - - - -
71f6b389 by Mike Gabriel at 2024-07-25T09:41:20+02:00
share/debian-edu-config/gosa.conf.template: Various white-space fixes.

- - - - -
94e83f4a by Mike Gabriel at 2024-07-25T09:47:40+02:00
Don't (single-)quote placeholders in plugin hooks. GOsa² will add single- quotes around placeholder variables when generating hook commands. Esp. when using single quotes around placeholders, they will be duplicated and thus eliminate eacher other. This problem occurred for users with space characters in their DN while changing the user's password. (The hook would only operate on a partial DN string, split at first space char occurrence in the DN string).

- - - - -
ed9e2e94 by Mike Gabriel at 2024-07-25T09:54:15+02:00
release 2.12.45

Signed-off-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>

- - - - -
9978c9c8 by Frans Spiesschaert at 2024-12-21T12:38:09+01:00
remove unnecessary article

- - - - -
963af5c4 by Frans Spiesschaert at 2024-12-21T14:07:23+01:00
no longer give exim4 a reason to complain about "tainted search query is not properly quoted"

- - - - -
b4618325 by Frans Spiesschaert at 2024-12-21T14:17:32+01:00
remove extra space

- - - - -
fc0f918d by Holger Levsen at 2025-03-05T13:06:57+01:00
Remove myself from uploaders. It was a pleasure and an honor!

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
498829f1 by Holger Levsen at 2025-03-05T13:10:30+01:00
release as 2.12.46

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
fa3ef1de by Mike Gabriel at 2025-06-02T10:31:35+02:00
Merge tag '2.12.46' into bookworm

released as 2.12.46

- - - - -


6 changed files:

- debian/changelog
- debian/control
- etc/exim4/exim-ldap-server-v4.conf
- sbin/debian-edu-pxeinstall
- share/debian-edu-config/gosa.conf.template
- share/debian-edu-config/tools/gosa-sync


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,38 @@
+debian-edu-config (2.12.46) unstable; urgency=medium
+
+  [ Holger Levsen ]
+  * Team upload.
+  * Remove myself from uploaders as discussed during FOSDEM. It was a pleasure
+    and an honor!
+
+  [ Frans Spiesschaert ]
+  * sbin/debian-edu-pxeinstall:
+    - remove unnecessary article.
+    - remove extra space.
+  * etc/exim4/exim-ldap-server-v4.conf: no longer give exim4 a reason to
+    complain about "tainted search query is not properly quoted".
+
+ -- Holger Levsen <holger at debian.org>  Wed, 05 Mar 2025 13:08:19 +0100
+
+debian-edu-config (2.12.45) unstable; urgency=medium
+
+  * share/debian-edu-config/tools/gosa-sync:
+    + From password TMPFILE, strip newline character from end-of-file.
+      The LDAP whoami call for verifying the correctness of the passed-in
+      user password requires a password file without trailing newline
+      to succeed.
+  * share/debian-edu-config/gosa.conf.template:
+    + Various white-space fixes.
+    + Don't (single-)quote placeholders in plugin hooks. GOsa² will add single-
+      quotes around placeholder variables when generating hook commands. Esp.
+      when using single quotes around placeholders, they will be duplicated
+      and thus eliminate eacher other. This problem occurred for users
+      with space characters in their DN while changing the user's password.
+      (The hook would only operate on a partial DN string, split at first
+      space char occurrence in the DN string).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Thu, 25 Jul 2024 09:52:14 +0200
+
 debian-edu-config (2.12.44~deb12u1) bookworm; urgency=medium
 
   * Upload to bookworm.


=====================================
debian/control
=====================================
@@ -3,7 +3,6 @@ Section: misc
 Priority: optional
 Maintainer: Debian Edu Developers <debian-edu at lists.debian.org>
 Uploaders: Petter Reinholdtsen <pere at debian.org>,
-           Holger Levsen <holger at debian.org>,
            Mike Gabriel <sunweaver at debian.org>,
            Dominik George <natureshadow at debian.org>,
 Standards-Version: 4.6.2


=====================================
etc/exim4/exim-ldap-server-v4.conf
=====================================
@@ -316,7 +316,7 @@ root:
 ldapuser:
   driver = accept
   check_local_user
-  condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/LDAPBASE?uid?sub?(uid=${local_part})}}}{no}{yes}}
+  condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/LDAPBASE?uid?sub?(uid=${quote_ldap_dn:${local_part}})}}}{no}{yes}}
   cannot_route_message = Recipent ${local_part} unknown.
   retry_use_local_part
   transport = ldap_delivery


=====================================
sbin/debian-edu-pxeinstall
=====================================
@@ -342,7 +342,7 @@ config
 goto start
 
 :shell
-echo Type 'exit' to get the back to the menu
+echo Type 'exit' to get back to the menu
 shell
 goto start
 


=====================================
share/debian-edu-config/gosa.conf.template
=====================================
@@ -41,7 +41,7 @@
               class="userManagement" />
       <plugin acl="groups" class="groupManagement" />
       <plugin acl="roles" class="roleManagement" />
-      <plugin acl="acl"  class="aclManagement" />
+      <plugin acl="acl" class="aclManagement" />
       <plugin acl="ogroups" class="ogroupManagement" />
       <plugin acl="sudo" class="sudoManagement" />
       <plugin acl="netgroup" class="netgroupManagement" />
@@ -56,14 +56,14 @@
 
     <!-- Section to enable addon plugins -->
     <section name="Addons">
-      <plugin acl="all/all"  class="propertyEditor" />
+      <plugin acl="all/all" class="propertyEditor" />
       <plugin acl="server/rSyslogServer" class="rsyslog" />
 <!--      <plugin acl="mailqueue" class="mailqueue" />-->
       <plugin acl="users/viewFaxEntries:self,users/viewFaxEntries" class="faxreport" />
       <plugin acl="users/viewFonEntries:self,users/viewFonEntries" class="fonreport" />
       <plugin acl="ldapmanager" class="ldif" />
       <plugin acl="schoolmanager" class="schoolmgr" />
-      <plugin acl="pwreset" class="pwreset"/>
+      <plugin acl="pwreset" class="pwreset" />
     </section>
   </menu>
 
@@ -76,9 +76,9 @@
   <pathMenu>
       <plugin acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/phpscheduleitAccount:self,users/oxchangeAccount:self,users/proxyAccount:self,users/connectivity:self,users/pureftpdAccount:self,users/phpgwAccount:self,users/opengwAccount:self,users/pptpAccount:self,users/intranetAccount:self, users/webdavAccount:self,users/nagiosAccount:self,users/mailAccount:self,users/groupware, users/user:self,users/scalixAccount:self,users/gofaxAccount:self,users/phoneAccount:self,users/Groupware:self" class="MyAccount" />
       <plugin acl="users/password:self" class="password"
-              postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync '%dn'"
-              postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user '%dn'"
-              postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user '%dn'" />
+              postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync %dn"
+              postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user %dn"
+              postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user %dn" />
   </pathMenu>
 
 
@@ -279,7 +279,7 @@
 
   <!-- Connectivity plugins -->
   <connectivity>
-    <tab class='kolabAccount' />
+    <tab class="kolabAccount" />
     <tab class="proxyAccount" />
     <tab class="pureftpdAccount" />
     <tab class="webdavAccount" />


=====================================
share/debian-edu-config/tools/gosa-sync
=====================================
@@ -36,6 +36,8 @@ trap "rm -f $TMPFILE" ERR SIGHUP SIGINT SIGTERM
 base64 -d - <<EOF > "$TMPFILE"
 $USERPASSWORD
 EOF
+# strip newline from EOF
+perl -i -pe 'chomp if eof' "$TMPFILE"
 
 # check the password in $TMPfile against LDAP...
 IAM=`ldapwhoami -x -Z -y "$TMPFILE" -D "$USERDN" 2>/dev/null || true`



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/443c99b58489da5a876327985ff5b71bdc0236de...fa3ef1de5dcb23fe878a3ffb9027bd363df64825

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/443c99b58489da5a876327985ff5b71bdc0236de...fa3ef1de5dcb23fe878a3ffb9027bd363df64825
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20250602/28aaf0bb/attachment-0001.htm>


More information about the debian-edu-commits mailing list