Initial version of libnss-mapuser package

See README for details

12 files changed, 159 insertions, 0 deletions

diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000..d19f825
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,10 @@
+libnss-mapuser for Debian
+-------------------------
+Build this package with:
+$ debian/rules binary
+or
+$ DEB_BUILD_PROG_OPTS="-S" debian/rules arch-build
+
+
+ -- Dave Olson <olson@cumulusnetworks.com>  Tue, 3 Nov 2015 15:58:30 -0700
+
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..93d0996
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,8 @@
+libnss-mapuser (1.0.0) unstable; urgency=low
+
+  * Initial version to do successful NSS lookups on any username,
+    and matching uid lookups back to the original name.
+    Used for RADIUS users, so they do not need to be in local files
+    (or LDAP, etc.)
+
+ -- dev-support <dev-support@cumulusnetworks.com>  Thu, 25 May 2017 20:59:49 -0700
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..b727069
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,16 @@
+Source: libnss-mapuser
+Priority: optional
+Maintainer: dev-support <dev-support@cumulusnetworks.com>
+Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1), git
+Section: libs
+Standards-Version: 3.9.6
+Homepage: http://www.cumulusnetworks.com
+
+Package: libnss-mapuser
+Architecture: any
+Depends: ${shlibs:Depends}, adduser
+Description: NSS modules to map any requested username to a local account
+ Performs getpwname and getpwuid lookups via NSS for systems like RADIUS
+ where it is not possible to do a username lookup without authentication
+ (with a password or similar).   Used to allow ssh and other login
+ mechanisms via RADIUS without having a local account.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..cc8f9f1
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,24 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libnss-mapuser
+Source: http://www.cumulusnetworks.com
+
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+Files: *
+License: GPL-2+
+Copyright: 2017 Cumulus Networks, Inc.  All rights reserved.,
diff --git a/debian/libnss-mapuser.lintian-overrides b/debian/libnss-mapuser.lintian-overrides
new file mode 100644
index 0000000..5217b23
--- /dev/null
+++ b/debian/libnss-mapuser.lintian-overrides
@@ -0,0 +1,10 @@
+libnss-mapuser: native-package-with-dash-version
+libnss-mapuser: package-name-doesnt-match-sonames libnss-mapname2 libnss-mapuid2
+libnss-mapuser: new-package-should-close-itp-bug
+# messages say "source", but using "source" causes "malformed" warning.
+# So these don't actually work, but leaving them here to document the intent
+libnss-mapuser binary: diff-contains-git-control-dir .git
+libnss-mapuser binary: unsupported-source-format 3.0 (git)
+# we don't use misc-depends, and adding it produces a build warning
+# about it not being needed
+libnss-mapuser binary: debhelper-but-no-misc-depends libnss-mapuser
diff --git a/debian/libnss-mapuser.postinst b/debian/libnss-mapuser.postinst
new file mode 100644
index 0000000..b46e66d
--- /dev/null
+++ b/debian/libnss-mapuser.postinst
@@ -0,0 +1,45 @@
+#!/bin/sh
+# postinst script for libnss-mapuser
+#
+# see: dh_installdeb(1)
+
+set -e
+
+case "$1" in
+    configure)
+		# Add mapname and user to /etc/nsswitch.conf, since it's necessary
+		# for this package.  uid must be first, and mapname must be last
+		# so uids for mapped users return the mapped name, and on the name,
+		# we only want to map if no other matches were found
+		( set +e;
+		rgroup=radius_users
+		if [ -e "/etc/nsswitch.conf" ]; then
+			sed -i -e '/ mapname/b' \
+				-e '/^passwd/s/[ \t][ \t]*/&mapuid /' \
+				-e '/^passwd.*#/s/#.*/ mapname &/' \
+				-e '/^passwd[^#]*$/s/$/ mapname &/' \
+				/etc/nsswitch.conf
+		fi
+		addgroup --quiet $rgroup 2>&1 | grep -v 'already exists'
+		adduser --quiet --firstuid 1000 --disabled-login --ingroup $rgroup \
+		    --gecos "radius user" radius_user 2>&1 | grep -v 'already exists'
+		exit 0
+		)
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# needed for install, upgrade, remove, and purge, including aborts
+pam-auth-update --package
+
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/libnss-mapuser.prerm b/debian/libnss-mapuser.prerm
new file mode 100644
index 0000000..c9bb6b1
--- /dev/null
+++ b/debian/libnss-mapuser.prerm
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = remove ]; then
+	pam-auth-update --package --remove mapuser
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-mapuser.symbols b/debian/libnss-mapuser.symbols
new file mode 100644
index 0000000..2254c2e
--- /dev/null
+++ b/debian/libnss-mapuser.symbols
@@ -0,0 +1,5 @@
+libnss_mapname.so.2 libnss-mapuser #MINVER#
+ _nss_mapname_getpwnam_r@Base 1.0.0
+
+libnss_mapuid.so.2 libnss-mapuser #MINVER#
+ _nss_mapuid_getpwuid_r@Base 1.0.0
diff --git a/debian/mapuser b/debian/mapuser
new file mode 100644
index 0000000..69d2137
--- /dev/null
+++ b/debian/mapuser
@@ -0,0 +1,6 @@
+Name: libnss-mapuser uses this to maintain the session uid => user mapping
+Default: yes
+Priority: 257
+Session-Type: Additional
+Session:
+	optional pam_script.so dir=/usr/share/mapuser
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..ed7dbc0
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,24 @@
+#!/usr/bin/make -f
+# See debhelper(7) (uncomment to enable)
+# output every command that modifies files on the build system.
+DH_VERBOSE = 1
+
+# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/default.mk
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+	dh $@
+
+# No configuration needed
+override_dh_auto_configure:
+
+override_dh_install:
+	dh_installdirs /usr/share/pam-configs /usr/share/mapuser
+	install -p -m 755 pam_script_ses* debian/libnss-mapuser/usr/share/mapuser
+	install -p -m 444 debian/mapuser \
+			debian/libnss-mapuser/usr/share/pam-configs/
+	dh_install
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..af745b3
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (git)