Univention Bugzilla – Attachment 10499 Details for
Bug 30036
univention-pam: Code cleanup
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Cleanup
30036-pam-cleanup.diff (text/plain), 5.89 KB, created by
Philipp Hahn
on 2020-09-18 16:18 CEST
(
hide
)
Description:
Cleanup
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2020-09-18 16:18 CEST
Size:
5.89 KB
patch
obsolete
>diff --git a/base/univention-pam/conffiles/etc/pam.d/common-account b/base/univention-pam/conffiles/etc/pam.d/common-account >index 825991c2bd..0e6f25cc43 100644 >--- a/base/univention-pam/conffiles/etc/pam.d/common-account >+++ b/base/univention-pam/conffiles/etc/pam.d/common-account >@@ -11,27 +11,16 @@ account [success=done new_authtok_reqd=done acct_expired=bad default=ignore] > > > @!@ >-minimum_uid = int(configRegistry.get('pam/krb5/minimum_uid', 1000)) >-pam_krb5=''' >-account <action> pam_krb5.so minimum_uid=%d''' % (minimum_uid,) >-pam_ldap=''' >-account <action> pam_ldap.so''' >-pam_winbind=''' >-account <action> pam_winbind.so''' >- >-def pam_section(template, index): >- action = 'required ' if index <= 1 else 'sufficient' >- return template.replace('<action>', action) >- >-methods = set(configRegistry['auth/methods'].split(' ')) & {'krb5', 'ldap', 'winbind'} >-index = len(methods) >- >-if 'krb5' in methods: >- print(pam_section(pam_krb5, index)) >- index -= 1 >-if 'ldap' in methods: >- print(pam_section(pam_ldap, index)) >- index -= 1 >-if 'winbind' in methods: >- print(pam_section(pam_winbind, index)) >+METHODS = [ >+ ('krb5', 'pam_krb5.so minimum_uid=%s' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)), >+ ('ldap', 'pam_ldap.so'), >+ ('winbind', 'pam_winbind.so'), >+] >+methods = set(configRegistry['auth/methods'].split()) >+stmts = [stmt for (method, stmt) in METHODS if method in methods] >+for i, stmt in enumerate(stmts): >+ action = "[success=%d new_authtok_reqd=done default=ignore]" % (len(stmts) - i,) >+ print("account %s %s" % (action, stmt)) > @!@ >+account requisite pam_deny.so >+account required pam_permit.so >diff --git a/base/univention-pam/conffiles/etc/pam.d/common-auth-nowrite b/base/univention-pam/conffiles/etc/pam.d/common-auth-nowrite >index 95a4eb8e6a..d71431bacc 100644 >--- a/base/univention-pam/conffiles/etc/pam.d/common-auth-nowrite >+++ b/base/univention-pam/conffiles/etc/pam.d/common-auth-nowrite >@@ -21,22 +21,18 @@ auth sufficient pam_unix.so > > > @!@ >-minimum_uid = int(configRegistry.get('pam/krb5/minimum_uid', 1000)) >-pam_krb5=''' >-auth sufficient pam_krb5.so use_first_pass minimum_uid=%d''' % (minimum_uid,) >-pam_ldap=''' >-auth sufficient pam_ldap.so use_first_pass''' >-pam_winbind=''' >-auth sufficient pam_winbind.so use_first_pass''' >- >-methods = set(configRegistry['auth/methods'].split(' ')) & {'krb5', 'ldap', 'winbind'} >- >-if 'krb5' in methods: >- print(pam_krb5) >-if 'ldap' in methods: >- print(pam_ldap) >-if 'winbind' in methods: >- print(pam_winbind) >+METHODS = [ >+ ('krb5', 'pam_krb5.so use_first_pass minimum_uid=%d' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)), >+ ('ldap', 'pam_ldap.so use_first_pass'), >+ ('winbind', 'pam_winbind.so use_first_pass'), >+] >+methods = set(configRegistry['auth/methods'].split()) >+stmts = [stmt for (method, stmt) in METHODS if method in methods] >+for i, stmt in enumerate(stmts): >+ action = "[success=%d default=ignore]" % (len(stmts) - i,) >+ print("auth %s %s" % (action, stmt)) > @!@ >+auth requisite pam_deny.so >+auth required pam_permit.so > > auth required pam_env.so >diff --git a/base/univention-pam/conffiles/etc/pam.d/common-auth.d/50univention-pam_general b/base/univention-pam/conffiles/etc/pam.d/common-auth.d/50univention-pam_general >index 450f4b5a7c..6d3aae16cc 100644 >--- a/base/univention-pam/conffiles/etc/pam.d/common-auth.d/50univention-pam_general >+++ b/base/univention-pam/conffiles/etc/pam.d/common-auth.d/50univention-pam_general >@@ -1,34 +1,14 @@ > @!@ >-minimum_uid = int(configRegistry.get('pam/krb5/minimum_uid', 1000)) >-pam_krb5 = ''' >-auth [success=<succ> new_authtok_reqd=ok \ >- user_unknown=<unknown> \ >- service_err=<unavail> authinfo_unavail=<unavail> \ >- default=<unknown>] pam_krb5.so use_first_pass minimum_uid=%d''' % (minimum_uid,) >-pam_ldap = ''' >-auth [success=<succ> new_authtok_reqd=ok \ >- user_unknown=<unknown> \ >- service_err=<unavail> authinfo_unavail=<unavail> \ >- default=<unknown>] pam_ldap.so use_first_pass''' >-pam_winbind = ''' >-auth [success=<succ> new_authtok_reqd=ok \ >- user_unknown=<unknown> \ >- service_err=<unavail> authinfo_unavail=<unavail> \ >- default=<unknown>] pam_winbind.so use_first_pass''' >+METHODS = [ >+ ('krb5', 'pam_krb5.so use_first_pass minimum_uid=%d' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)), >+ ('ldap', 'pam_ldap.so use_first_pass'), >+ ('winbind', 'pam_winbind.so use_first_pass'), >+] >+methods = set(configRegistry['auth/methods'].split()) >+stmts = [stmt for (method, stmt) in METHODS if method in methods] > > >-def pam_section(template, last): >- succ='done' >- unavail='die' >- fail='die' >- unknown = 'die' if last else 'ignore' >- >- return template.replace('<succ>', succ).replace('<unavail>', unavail).replace('<fail>', fail).replace('<unknown>', unknown) >- >-methods = [x for x in configRegistry['auth/methods'].split(' ') if x in ['krb5', 'ldap', 'winbind']] >- >- >-if not methods: >+if not stmts: > print(''' > auth required pam_unix.so''') > else: >@@ -39,12 +19,9 @@ print(''' > > > >-if 'krb5' in methods: >- last = 'ldap' not in methods and 'winbind' not in methods >- print(pam_section(pam_krb5, last)) >-if 'ldap' in methods: >- last = 'winbind' not in methods >- print(pam_section(pam_ldap, last)) >-if 'winbind' in methods: >- print(pam_section(pam_winbind, true)) >+for i, stmt in enumerate(stmts): >+ action = "[success=%d new_authtok_reqd=ok user_unknown=ignore service_err=die authinfo_unavail=die default=ignore]" % (len(stmts) - i,) >+ print("auth %s %s" % (action, stmt)) > @!@ >+auth requisite pam_deny.so >+auth required pam_permit.so
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10499">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 30036
: 10499