Attachment #10499 for bug #30036

View | Details | Raw Unified | Return to bug 30036
Collapse All | Expand All






@!@
METHODS = [
    ('krb5', 'pam_krb5.so minimum_uid=%s' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)),
    ('ldap', 'pam_ldap.so'),
    ('winbind', 'pam_winbind.so'),
]
methods = set(configRegistry['auth/methods'].split())
stmts = [stmt for (method, stmt) in METHODS if method in methods]
for i, stmt in enumerate(stmts):
    action = "[success=%d new_authtok_reqd=done default=ignore]" % (len(stmts) - i,)
    print("account  %s  %s" % (action, stmt))
	return template.replace('<action>', action)

methods = set(configRegistry['auth/methods'].split(' ')) & {'krb5', 'ldap', 'winbind'}
index = len(methods)

if 'krb5' in methods:
	print(pam_section(pam_krb5, index))
	index -= 1
if 'ldap' in methods:
	print(pam_section(pam_ldap, index))
	index -= 1
if 'winbind' in methods:
	print(pam_section(pam_winbind, index))
@!@
account  requisite                       pam_deny.so
account  required                        pam_permit.so






@!@
METHODS = [
    ('krb5', 'pam_krb5.so use_first_pass minimum_uid=%d' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)),
    ('ldap', 'pam_ldap.so use_first_pass'),
    ('winbind', 'pam_winbind.so use_first_pass'),
]
methods = set(configRegistry['auth/methods'].split())
stmts = [stmt for (method, stmt) in METHODS if method in methods]
for i, stmt in enumerate(stmts):
    action = "[success=%d default=ignore]" % (len(stmts) - i,)
    print("auth  %s  %s" % (action, stmt))
if 'krb5' in methods:
	print(pam_krb5)
if 'ldap' in methods:
	print(pam_ldap)
if 'winbind' in methods:
	print(pam_winbind)
@!@
auth  requisite                       pam_deny.so
auth  required                        pam_permit.so

auth     required                           pam_env.so




@!@
METHODS = [
    ('krb5', 'pam_krb5.so use_first_pass minimum_uid=%d' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)),
    ('ldap', 'pam_ldap.so use_first_pass'),
    ('winbind', 'pam_winbind.so use_first_pass'),
]
methods = set(configRegistry['auth/methods'].split())
stmts = [stmt for (method, stmt) in METHODS if method in methods]
auth     [success=<succ> new_authtok_reqd=ok \
         user_unknown=<unknown> \
         service_err=<unavail> authinfo_unavail=<unavail> \
         default=<unknown>]                         pam_ldap.so use_first_pass'''
pam_winbind = '''
auth     [success=<succ> new_authtok_reqd=ok \
         user_unknown=<unknown> \
         service_err=<unavail> authinfo_unavail=<unavail> \
         default=<unknown>]                         pam_winbind.so use_first_pass'''


if not stmts:
	succ='done'
	unavail='die'
	fail='die'
	unknown = 'die' if last else 'ignore'

	return template.replace('<succ>', succ).replace('<unavail>', unavail).replace('<fail>', fail).replace('<unknown>', unknown)

methods = [x for x in configRegistry['auth/methods'].split(' ') if x in ['krb5', 'ldap', 'winbind']]


if not methods:
	print('''
auth     required                         pam_unix.so''')
else:




for i, stmt in enumerate(stmts):
    action = "[success=%d new_authtok_reqd=ok user_unknown=ignore service_err=die authinfo_unavail=die default=ignore]" % (len(stmts) - i,)
    print("auth  %s  %s" % (action, stmt))
if 'ldap' in methods:
	last = 'winbind' not in methods
	print(pam_section(pam_ldap, last))
if 'winbind' in methods:
	print(pam_section(pam_winbind, true))
@!@
auth  requisite                       pam_deny.so
auth  required                        pam_permit.so

Return to bug 30036

Lines 11-37 account [success=done new_authtok_reqd=done acct_expired=bad default=ignore] Link Here

(-)a/base/univention-pam/conffiles/etc/pam.d/common-account (-23 / +12 lines)
11		11
12		12
13	@!@	13	@!@
14	minimum_uid = int(configRegistry.get('pam/krb5/minimum_uid', 1000))	14	METHODS = [
15	pam_krb5='''	15	('krb5', 'pam_krb5.so minimum_uid=%s' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)),
16	account <action> pam_krb5.so minimum_uid=%d''' % (minimum_uid,)	16	('ldap', 'pam_ldap.so'),
17	pam_ldap='''	17	('winbind', 'pam_winbind.so'),
18	account <action> pam_ldap.so'''	18	]
19	pam_winbind='''	19	methods = set(configRegistry['auth/methods'].split())
20	account <action> pam_winbind.so'''	20	stmts = [stmt for (method, stmt) in METHODS if method in methods]
21		21	for i, stmt in enumerate(stmts):
22	def pam_section(template, index):	22	action = "[success=%d new_authtok_reqd=done default=ignore]" % (len(stmts) - i,)
23	action = 'required ' if index <= 1 else 'sufficient'	23	print("account %s %s" % (action, stmt))
24	return template.replace('<action>', action)
25
26	methods = set(configRegistry['auth/methods'].split(' ')) & {'krb5', 'ldap', 'winbind'}
27	index = len(methods)
28
29	if 'krb5' in methods:
30	print(pam_section(pam_krb5, index))
31	index -= 1
32	if 'ldap' in methods:
33	print(pam_section(pam_ldap, index))
34	index -= 1
35	if 'winbind' in methods:
36	print(pam_section(pam_winbind, index))
37	@!@	24	@!@
		25	account requisite pam_deny.so
		26	account required pam_permit.so

Lines 21-42 auth sufficient pam_unix.so Link Here

(-)a/base/univention-pam/conffiles/etc/pam.d/common-auth-nowrite (-16 / +12 lines)
21		21
22		22
23	@!@	23	@!@
24	minimum_uid = int(configRegistry.get('pam/krb5/minimum_uid', 1000))	24	METHODS = [
25	pam_krb5='''	25	('krb5', 'pam_krb5.so use_first_pass minimum_uid=%d' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)),
26	auth sufficient pam_krb5.so use_first_pass minimum_uid=%d''' % (minimum_uid,)	26	('ldap', 'pam_ldap.so use_first_pass'),
27	pam_ldap='''	27	('winbind', 'pam_winbind.so use_first_pass'),
28	auth sufficient pam_ldap.so use_first_pass'''	28	]
29	pam_winbind='''	29	methods = set(configRegistry['auth/methods'].split())
30	auth sufficient pam_winbind.so use_first_pass'''	30	stmts = [stmt for (method, stmt) in METHODS if method in methods]
31		31	for i, stmt in enumerate(stmts):
32	methods = set(configRegistry['auth/methods'].split(' ')) & {'krb5', 'ldap', 'winbind'}	32	action = "[success=%d default=ignore]" % (len(stmts) - i,)
33		33	print("auth %s %s" % (action, stmt))
34	if 'krb5' in methods:
35	print(pam_krb5)
36	if 'ldap' in methods:
37	print(pam_ldap)
38	if 'winbind' in methods:
39	print(pam_winbind)
40	@!@	34	@!@
		35	auth requisite pam_deny.so
		36	auth required pam_permit.so
41		37
42	auth required pam_env.so	38	auth required pam_env.so

Lines 1-34 Link Here

(-)a/base/univention-pam/conffiles/etc/pam.d/common-auth.d/50univention-pam_general (-36 / +13 lines)
1	@!@	1	@!@
2	minimum_uid = int(configRegistry.get('pam/krb5/minimum_uid', 1000))	2	METHODS = [
3	pam_krb5 = '''	3	('krb5', 'pam_krb5.so use_first_pass minimum_uid=%d' % (configRegistry.get('pam/krb5/minimum_uid', 1000),)),
4	auth [success=<succ> new_authtok_reqd=ok \	4	('ldap', 'pam_ldap.so use_first_pass'),
5	user_unknown=<unknown> \	5	('winbind', 'pam_winbind.so use_first_pass'),
6	service_err=<unavail> authinfo_unavail=<unavail> \	6	]
7	default=<unknown>] pam_krb5.so use_first_pass minimum_uid=%d''' % (minimum_uid,)	7	methods = set(configRegistry['auth/methods'].split())
8	pam_ldap = '''	8	stmts = [stmt for (method, stmt) in METHODS if method in methods]
9	auth [success=<succ> new_authtok_reqd=ok \
10	user_unknown=<unknown> \
11	service_err=<unavail> authinfo_unavail=<unavail> \
12	default=<unknown>] pam_ldap.so use_first_pass'''
13	pam_winbind = '''
14	auth [success=<succ> new_authtok_reqd=ok \
15	user_unknown=<unknown> \
16	service_err=<unavail> authinfo_unavail=<unavail> \
17	default=<unknown>] pam_winbind.so use_first_pass'''
18		9
19		10
20	def pam_section(template, last):	11	if not stmts:
21	succ='done'
22	unavail='die'
23	fail='die'
24	unknown = 'die' if last else 'ignore'
25
26	return template.replace('<succ>', succ).replace('<unavail>', unavail).replace('<fail>', fail).replace('<unknown>', unknown)
27
28	methods = [x for x in configRegistry['auth/methods'].split(' ') if x in ['krb5', 'ldap', 'winbind']]
29
30
31	if not methods:
32	print('''	12	print('''
33	auth required pam_unix.so''')	13	auth required pam_unix.so''')
34	else:	14	else:
Lines 39-50 print(''' Link Here
39		19
40		20
41		21
42	if 'krb5' in methods:	22	for i, stmt in enumerate(stmts):
43	last = 'ldap' not in methods and 'winbind' not in methods	23	action = "[success=%d new_authtok_reqd=ok user_unknown=ignore service_err=die authinfo_unavail=die default=ignore]" % (len(stmts) - i,)
44	print(pam_section(pam_krb5, last))	24	print("auth %s %s" % (action, stmt))
45	if 'ldap' in methods:
46	last = 'winbind' not in methods
47	print(pam_section(pam_ldap, last))
48	if 'winbind' in methods:
49	print(pam_section(pam_winbind, true))
50	@!@	25	@!@
		26	auth requisite pam_deny.so
		27	auth required pam_permit.so