diff options
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | debian/changelog | 13 | ||||
| -rw-r--r-- | debian/copyright | 2 | ||||
| -rw-r--r-- | debian/libnss-mapuser.prerm | 7 | ||||
| -rw-r--r-- | debian/source/format | 3 | ||||
| -rw-r--r-- | map_common.c | 6 | ||||
| -rw-r--r-- | nss_mapuser.5 | 2 | ||||
| -rw-r--r-- | nss_mapuser.conf | 6 |
8 files changed, 31 insertions, 10 deletions
@@ -29,7 +29,7 @@ by the passed in username. The uid, gid, and shell fields are copied directly from the map_user account passwd dataa. For example, if the passed in username is 'olsonr', the result of running - getent -s mapname passwd olsonr + getent -s mapuser passwd olsonr will be something like this: olsonr:x:1017:1017:olsonr mapped user:/home/olsonr:/bin/bash if the map_user field is set to radius_user, and the radius_user entry in diff --git a/debian/changelog b/debian/changelog index d0ea75f..a5fee01 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +libnss-mapuser (1.1.0-cl3u3) RELEASED; urgency=medium + + * minor fixes + + -- dev-support <dev-support@cumulusnetworks.com> Mon, 29 Oct 2018 13:34:42 -0700 + +libnss-mapuser (1.1.0-cl3u2) RELEASED; urgency=low + + * Changed postinst to not create unneeded home directories for + radius_user and radius_priv_user when running adduser at install + + -- dev-support <dev-support@cumulusnetworks.com> Wed, 18 Apr 2018 18:18:16 -0700 + libnss-mapuser (1.1.0-cl3u1) RELEASED; urgency=low * Closes CM-19866 - Fixed exclude_users not skipped, and added diff --git a/debian/copyright b/debian/copyright index cc8f9f1..c5ddcdd 100644 --- a/debian/copyright +++ b/debian/copyright @@ -21,4 +21,4 @@ License: GPL-2+ Files: * License: GPL-2+ -Copyright: 2017 Cumulus Networks, Inc. All rights reserved., +Copyright: 2017, 2018 Cumulus Networks, Inc. All rights reserved. diff --git a/debian/libnss-mapuser.prerm b/debian/libnss-mapuser.prerm index c9bb6b1..c4f259f 100644 --- a/debian/libnss-mapuser.prerm +++ b/debian/libnss-mapuser.prerm @@ -4,6 +4,13 @@ set -e if [ "$1" = remove ]; then pam-auth-update --package --remove mapuser + # Undo the addition of the plugins + if [ -e "/etc/nsswitch.conf" ]; then + sed -i -e '/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//' \ + -e '/^passwd:.*[ \t]mapname/s/[ \t]mapname//' \ + -e '/^group:.*[ \t]mapname/s/[ \t]mapname//' \ + /etc/nsswitch.conf || true # don't prevent remove on error + fi fi #DEBHELPER# diff --git a/debian/source/format b/debian/source/format index af745b3..b9b0237 100644 --- a/debian/source/format +++ b/debian/source/format @@ -1 +1,2 @@ -3.0 (git) +1.0 + diff --git a/map_common.c b/map_common.c index 2f73a97..b6fe3bc 100644 --- a/map_common.c +++ b/map_common.c @@ -141,15 +141,15 @@ int nss_mapuser_config(int *errnop, const char *lname) } else if (!strncmp(lbuf, "mapped_priv_user=", 17)) { /* the user we are mapping to */ mapped_priv_user = strdup(lbuf + 17); - } else if (!strncmp(lbuf, "map_min_uid=", 12)) { + } else if (!strncmp(lbuf, "map_min_uid=", 8)) { /* * Don't lookup uids that are local, typically set to either * 0 or smallest always local user's uid */ unsigned long uid; char *valid; - uid = strtoul(lbuf + 12, &valid, 0); - if (valid > (lbuf + 12)) + uid = strtoul(lbuf + 8, &valid, 0); + if (valid > (lbuf + 8)) map_min_uid = (uid_t) uid; } else if (map_debug) /* ignore unrecognized lines, unless map_debug on */ syslog(LOG_WARNING, "%s: unrecognized parameter: %s", diff --git a/nss_mapuser.5 b/nss_mapuser.5 index d6ad836..92aff16 100644 --- a/nss_mapuser.5 +++ b/nss_mapuser.5 @@ -27,7 +27,7 @@ fields from the configuration file are always skipped, as are any names starting with .BR tacacs[0-9] . .TP -.I map_min_uid=NUMBER +.I min_uid=NUMBER UID's passed to the NSS mapuid plugin getpwuid() entry point that are below this value cause an immediate NOTFOUND status to be returned. This reduces overhead for the standard local user accounts. diff --git a/nss_mapuser.conf b/nss_mapuser.conf index cae505d..c59e35f 100644 --- a/nss_mapuser.conf +++ b/nss_mapuser.conf @@ -12,12 +12,12 @@ # if set, errors and other issues are logged with syslog # debug=1 -# map_min_uid is the minimum uid to lookup. Setting this to 0 +# min_uid is the minimum uid to lookup. Setting this to 0 # means uid 0 (root) is never looked up, good for robustness and performance # Cumulus Linux ships with it set to 1001, so we never lookup system # users, or the standard "cumulus" account. You may want to change this # to the value of the radius_user account. -#map_min_uid=1001 +min_uid=1000 # This is a comma separated list of usernames that are never mapped # because they are standard accounts. They cause an early not found @@ -28,7 +28,7 @@ # To avoid server round trip delays, or worse, unreachable server delays # on filename completion, we include "*" in the exclusion list. # User names starting with "tacacs[0-9]" are also ignored, in case the -# tacplus client packages are installed. User names matching +# tacplus client packages are installed. User names matching # the mapped_user and mapped_priv_user configuration fields are also ignored. exclude_users=root,daemon,nobody,cron,sshd,cumulus,quagga,frr,snmp,www-data,ntp,man,* |