diff options
| author | Dave Olson <olson@cumulusnetworks.com> | 2018-04-13 01:04:39 -0700 |
|---|---|---|
| committer | Dave Olson <olson@cumulusnetworks.com> | 2018-04-13 16:25:19 -0700 |
| commit | 613f1949208809a116bd1b3737e39a1599bf7d43 (patch) | |
| tree | c18889e7c9be4a8480bd26dc7d5c3b7662312fe5 /debian | |
| parent | 4b24261d4a28ed1cd994939d6fa658b44c30a0ac (diff) | |
| download | libnss-mapuser-613f1949208809a116bd1b3737e39a1599bf7d43.tar.gz libnss-mapuser-613f1949208809a116bd1b3737e39a1599bf7d43.zip | |
Changes and cleanups around the privileged user.
Ticket: CM-19457
Reviewed By: nobody
Testing Done: lots of logins, and login combinations
Validate that the mapuser database files are valid by using kill 0 on
the pids. If not valid, try to unlink, and if we do, report it as a
DEBUG. If we can't unlink (not root) report that we are skipping at INFO.
As part of that, don't count valid fields and read entire file.
Document in man page and config file that the mapped_priv_user account
is known to libpam-radius-auth as well, and must be updated in both
places if it changes.
Updated the public symbols (the getgr additions) from previous commit
Fixed some white space and line length issues.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/libnss-mapuser.postinst | 7 | ||||
| -rw-r--r-- | debian/libnss-mapuser.symbols | 5 |
3 files changed, 11 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 190d66d..d0ea75f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,7 +8,7 @@ libnss-mapuser (1.1.0-cl3u1) RELEASED; urgency=low have radius_user and/or radius_priv_user, to give that that user account more privileges, similar to tacplus client privilege 15. - -- dev-support <dev-support@cumulusnetworks.com> Fri, 06 Apr 2018 15:46:56 -0700 + -- dev-support <dev-support@cumulusnetworks.com> Fri, 13 Apr 2018 16:19:08 -0700 libnss-mapuser (1.0.0-cl3u2) RELEASED; urgency=low diff --git a/debian/libnss-mapuser.postinst b/debian/libnss-mapuser.postinst index 13bf0d0..54c661b 100644 --- a/debian/libnss-mapuser.postinst +++ b/debian/libnss-mapuser.postinst @@ -24,10 +24,13 @@ case "$1" in /etc/nsswitch.conf fi addgroup --quiet $rgroup 2>&1 | grep -v 'already exists' + ourshell=/bin/bash # not radius_shell, has pkg ordering issues. adduser --quiet --firstuid 1000 --disabled-login --ingroup $rgroup \ - --gecos "radius user" radius_user 2>&1 | grep -v 'already exists' + --gecos "radius user" --shell $ourshell radius_user 2>&1 | + grep -v 'already exists' adduser --quiet --firstuid 1000 --disabled-login --ingroup $rgroup \ - --gecos "radius privileged user" radius_priv_user 2>&1 | grep -v 'already exists' + --gecos "radius privileged user" --shell $ourshell radius_priv_user 2>&1 | + grep -v 'already exists' # regular radius logins can run net show commands adduser --quiet radius_user netshow # privileged radius logins can run net config commands, as well as show diff --git a/debian/libnss-mapuser.symbols b/debian/libnss-mapuser.symbols index 2254c2e..c5a3ed0 100644 --- a/debian/libnss-mapuser.symbols +++ b/debian/libnss-mapuser.symbols @@ -1,4 +1,9 @@ libnss_mapname.so.2 libnss-mapuser #MINVER# + _nss_mapname_setgrent@Base 1.1.0-cl3u1 + _nss_mapname_endgrent@Base 1.1.0-cl3u1 + _nss_mapname_getgrent_r@Base 1.1.0-cl3u1 + _nss_mapname_getgrgid_r@Base 1.1.0-cl3u1 + _nss_mapname_getgrnam_r@Base 1.1.0 _nss_mapname_getpwnam_r@Base 1.0.0 libnss_mapuid.so.2 libnss-mapuser #MINVER# |