View | Details | Raw Unified | Return to bug 37995 | Differences between
and this patch

Collapse All | Expand All

(-)a/branches/ucs-4.1/ucs-4.1-0/base/univention-dvd/debian/changelog (+6 lines)
 Lines 1-3    Link Here 
1
univention-dvd (1.0.0-20) unstable; urgency=low
2
3
  * Bug #37995: Add univention-sudo
4
5
 -- Philipp Hahn <hahn@univention.de>  Tue, 08 Dec 2015 10:43:11 +0100
6
1
univention-dvd (1.0.0-19) unstable; urgency=low
7
univention-dvd (1.0.0-19) unstable; urgency=low
2
8
3
  * Bug #37006 : add univention-nagios-s4-connector 
9
  * Bug #37006 : add univention-nagios-s4-connector 
(-)a/branches/ucs-4.1/ucs-4.1-0/base/univention-dvd/tasks/ucs410/task-ucs410 (+1 lines)
 Lines 62-67   openssh-blacklist Link Here 
62
python-univention-license
62
python-univention-license
63
univention-nagios-client
63
univention-nagios-client
64
univention-saml
64
univention-saml
65
univention-sudo
65
screen
66
screen
66
67
67
univention-management-console-module-quota
68
univention-management-console-module-quota
(-)a/branches/ucs-4.1/ucs-4.1-0/base/univention-pam/debian/changelog (+6 lines)
 Lines 1-3    Link Here 
1
univention-pam (9.0.0-3) unstable; urgency=low
2
3
  * Bug #37995: Add sudo support
4
5
 -- Philipp Hahn <hahn@univention.de>  Tue, 08 Dec 2015 10:34:13 +0100
6
1
univention-pam (9.0.0-2) unstable; urgency=low
7
univention-pam (9.0.0-2) unstable; urgency=low
2
8
3
  * Bug #24840: add dependency on german wordlist for cracklib
9
  * Bug #24840: add dependency on german wordlist for cracklib
(-)a/branches/ucs-4.1/ucs-4.1-0/base/univention-pam/debian/control (-1 / +2 lines)
 Lines 22-28   Depends: ${misc:Depends}, Link Here 
22
 python-univention-lib (>= 3.0.26-14),
22
 python-univention-lib (>= 3.0.26-14),
23
 libnss-extrausers
23
 libnss-extrausers
24
Recommends:
24
Recommends:
25
 univention-home-mounter
25
 univention-home-mounter,
26
 univention-sudo,
26
Description: UCS - login configuration
27
Description: UCS - login configuration
27
 This package contains the configuration for the pluggable
28
 This package contains the configuration for the pluggable
28
 authentication modules (PAM) and the network name switch
29
 authentication modules (PAM) and the network name switch
(-)a/branches/ucs-4.1/ucs-4.1-0/base/univention-pam/debian/univention-pam.postinst (-27 / +4 lines)
 Lines 39-56   ln -sf /etc/machine.secret /etc/libnss-ldap.secret Link Here 
39
# /etc/pam_ldap.secret is required for rootbinddn in /etc/pam_ldap.conf
39
# /etc/pam_ldap.secret is required for rootbinddn in /etc/pam_ldap.conf
40
ln -sf /etc/machine.secret /etc/pam_ldap.secret
40
ln -sf /etc/machine.secret /etc/pam_ldap.secret
41
41
42
# Update to UCS 3.0, increase nscd cache sizes if pre 3.0 default values
43
# are used. Bug #21358
44
if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 5.0.15-1; then
45
	if [ "$nscd_passwd_size" = "3001" -a "$nscd_group_size" = "3001" -a "$nscd_hosts_size" = "3001" ]; then
46
		univention-config-registry set \
47
			nscd/passwd/size=6007 \
48
			nscd/group/size=56003 \
49
			nscd/hosts/size=6007 \
50
			nscd/group/maxdbsize=62914560
51
	fi
52
fi
53
54
univention-config-registry set \
42
univention-config-registry set \
55
	nscd/passwd/size?6007 \
43
	nscd/passwd/size?6007 \
56
	nscd/group/size?56003 \
44
	nscd/group/size?56003 \
 Lines 114-126   if [ -e /etc/univention/templates/files/etc/pam.d/common-auth ]; then Link Here 
114
    rm /etc/univention/templates/files/etc/pam.d/common-auth
102
    rm /etc/univention/templates/files/etc/pam.d/common-auth
115
fi
103
fi
116
104
117
if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 6.0.2-1; then
118
	if is_ucr_true nss/group/cachefile; then
119
		/usr/lib/univention-pam/ldap-group-to-file.py
120
		univention-config-registry set	nscd/group/invalidate_cache_on_changes="false"
121
	fi
122
fi
123
124
# Restart listener
105
# Restart listener
125
if [ -x "/etc/init.d/univention-directory-listener" ] ; then
106
if [ -x "/etc/init.d/univention-directory-listener" ] ; then
126
	/etc/init.d/univention-directory-listener crestart
107
	/etc/init.d/univention-directory-listener crestart
 Lines 138-151   univention-config-registry set \ Link Here 
138
	'security/limits/default/user/hard/nofile?32768' \
119
	'security/limits/default/user/hard/nofile?32768' \
139
	'security/limits/group/Domain Users/hard/nproc?1000'
120
	'security/limits/group/Domain Users/hard/nproc?1000'
140
121
141
# Bug #32415, can be removed after 4.0-0
122
# Bug #37995: Enable sudo only on new UCS-4.1 installs
142
if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 8.0.1-2; then
123
if [ "$1" = configure ] && [ -n "$2" ]
143
	if [ -n "$security_limits_user_default_user_soft_nofile" ]; then
124
then
144
		ucr unset security/limits/user/default/user/soft/nofile
125
	univention-config-registry set auth/sudo?yes
145
	fi
146
	if [ -n "$security_limits_user_default_user_hard_nofile" ]; then
147
		ucr unset security/limits/user/default/user/hard/nofile
148
	fi
149
fi
126
fi
150
127
151
call_joinscript 11univention-pam.inst
128
call_joinscript 11univention-pam.inst
(-)a/branches/ucs-4.1/ucs-4.1-0/base/univention-sudo/conffiles/etc/sudoers.d/univention (-1 / +1 lines)
 Lines 4-10    Link Here 
4
@!@
4
@!@
5
import re
5
import re
6
group = configRegistry.get("groups/default/domainadmins", "Domain Admins")
6
group = configRegistry.get("groups/default/domainadmins", "Domain Admins")
7
if group:
7
if group and configRegistry.is_true('auth/sudo'):
8
	da = re.sub(r'([ !=:,()\\])', r'\\\1', group)
8
	da = re.sub(r'([ !=:,()\\])', r'\\\1', group)
9
	print "%{} ALL=(ALL:ALL) ALL".format(da)
9
	print "%{} ALL=(ALL:ALL) ALL".format(da)
10
@!@
10
@!@
(-)a/branches/ucs-4.1/ucs-4.1-0/base/univention-sudo/debian/changelog (+6 lines)
 Lines 1-3    Link Here 
1
univention-sudo (1.0.0-3) unstable; urgency=low
2
3
  * Bug #37995: Only enable for new installs
4
5
 -- Philipp Hahn <hahn@univention.de>  Tue, 08 Dec 2015 10:43:36 +0100
6
1
univention-sudo (1.0.0-2) unstable; urgency=low
7
univention-sudo (1.0.0-2) unstable; urgency=low
2
8
3
  * move file permission from postinst to ucr conf, escape all forbidden
9
  * move file permission from postinst to ucr conf, escape all forbidden
(-)a/branches/ucs-4.1/ucs-4.1-0/base/univention-sudo/debian/univention-sudo.univention-config-registry-variables (-1 / +5 lines)
Line 0    Link Here 
0
- 
1
[auth/sudo]
2
Description[de]=Erlaubt die sudo Regeln für Domänenadministratoren.
3
Description[en]=Permits the sudo rules for domain administrators.
4
Type=bool
5
Categories=system-base

Return to bug 37995