diff options
| author | Dave Olson <olson@cumulusnetworks.com> | 2016-06-23 13:39:25 -0700 |
|---|---|---|
| committer | Dave Olson <olson@cumulusnetworks.com> | 2016-06-28 15:45:47 -0700 |
| commit | ab9634da79286d2f04f40011331f2feee208e513 (patch) | |
| tree | 362d6273d27fea44671edf2aab38e0b2b3d27cda /debian | |
| download | libnss-tacplus-ab9634da79286d2f04f40011331f2feee208e513.tar.gz libnss-tacplus-ab9634da79286d2f04f40011331f2feee208e513.zip | |
Provide getpwnam_r entry point to lookup mapped TACACS+ users
Initial version with NSS lookups for tacacs users using mapping
Works with modified libpam-tacplus to authenticate TACACS+ users
without local passwd entries, mapping them to tacacs0..15 based on
TACACS privilege level.
When the /etc/tacplus_servers tacacs config file is mode 600 (normally
the case since it has the server "secret" key), lookups will only work
for tacacs users that are logged in, via the local mapping. For root,
getpwnam lookups will work for any TACACS user known to the servers.
Most syslog's enabled only if debug is set in the config file.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/README.source | 10 | ||||
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/compat | 1 | ||||
| -rw-r--r-- | debian/control | 14 | ||||
| -rw-r--r-- | debian/copyright | 22 | ||||
| -rw-r--r-- | debian/libnss-tacplus.lintian-overrides | 8 | ||||
| -rw-r--r-- | debian/libnss-tacplus.postinst | 32 | ||||
| -rw-r--r-- | debian/libnss-tacplus.symbols | 3 | ||||
| -rw-r--r-- | debian/lintian-overrides | 2 | ||||
| -rwxr-xr-x | debian/rules | 20 | ||||
| -rw-r--r-- | debian/source/format | 1 |
11 files changed, 121 insertions, 0 deletions
diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..a509abf --- /dev/null +++ b/debian/README.source @@ -0,0 +1,10 @@ +libnss-tacplus for Debian +------------------------- +Build this package with: +$ debian/rules binary +or +$ DEB_BUILD_PROG_OPTS="-S" debian/rules arch-build + + + -- Dave Olson <olson@cumulusnetworks.com> Tue, 3 Nov 2015 15:58:30 -0700 + diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..a9b433b --- /dev/null +++ b/debian/changelog @@ -0,0 +1,8 @@ +libnss-tacplus (1.0.1-1) unstable; urgency=low + + * Initial version with NSS lookups for tacacs users using mapping + Works with modified libpam-tacplus to authenticate TACACS+ users + without local passwd entries, mapping them to tacacs0..15 based on + TACACS privilege level. + + -- Dave Olson <olson@cumulusnetworks.com> Thu, 23 Jun 2016 13:31:01 -0700 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..abad701 --- /dev/null +++ b/debian/control @@ -0,0 +1,14 @@ +Source: libnss-tacplus +Priority: optional +Maintainer: devsupport <devsupport@cumulusnetworks.com> +Build-Depends: debhelper (>= 9), autotools-dev, libtac-dev, libtacplus-map-dev, libaudit-dev, autoconf, libpam-tacplus-dev, dpkg-dev (>= 1.16.1) +Section: libs +Standards-Version: 3.9.6 +Homepage: http://www.cumulusnetworks.com + +Package: libnss-tacplus +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libtac2, libtacplus-map1, libaudit1 +Description: NSS module for TACACS+ authentication without local passwd entry + Performs getpwname and getpwuid lookups via NSS for users logged in via + tacacs authentication, and mapping done with libtacplus_map diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..6c70b2e --- /dev/null +++ b/debian/copyright @@ -0,0 +1,22 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libnss-tacplus +Homepage: http://cumulusnetworks.com + +Files: * +Copyright: 2015, 2016 Cumulus Networks, Inc +License: GPL-2+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/> + . + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". diff --git a/debian/libnss-tacplus.lintian-overrides b/debian/libnss-tacplus.lintian-overrides new file mode 100644 index 0000000..4ac1cba --- /dev/null +++ b/debian/libnss-tacplus.lintian-overrides @@ -0,0 +1,8 @@ +libnss-tacplus binary package-name-doesnt-match-sonames libnss-tacplus2 +libnss-tacplus package-name-doesnt-match-sonames libnss-tacplus2 +libnss-tacplus source native-package-with-dash-version +libnss-tacplus source diff-contains-git-control-dir .git +libnss-tacplus source unsupported-source-format 3.0 (git) +libnss-tacplus source changelog-should-mention-nmu +libnss-tacplus source source-nmu-has-incorrect-version-number 1.0.1-1 +libnss-tacplus new-package-should-close-itp-bu diff --git a/debian/libnss-tacplus.postinst b/debian/libnss-tacplus.postinst new file mode 100644 index 0000000..9541608 --- /dev/null +++ b/debian/libnss-tacplus.postinst @@ -0,0 +1,32 @@ +#!/bin/sh +# postinst script for libnss-tacplus +# +# see: dh_installdeb(1) + +set -e + +case "$1" in + configure) + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# Add tacplus to /etc/nsswitch.conf, since it's necessary +# for this package, and won't break anything else. Do nothing +# if tacplus is already present in the passwd line +if [ -e "/etc/nsswitch.conf" ]; then + sed -i -e '/tacplus/b' \ + -e '/^passwd/s/compat/tacplus &/' /etc/nsswitch.conf +fi + + +#DEBHELPER# + +exit 0 diff --git a/debian/libnss-tacplus.symbols b/debian/libnss-tacplus.symbols new file mode 100644 index 0000000..2bf9b88 --- /dev/null +++ b/debian/libnss-tacplus.symbols @@ -0,0 +1,3 @@ +libnss_tacplus.so.2 libnss-tacplus #MINVER# + _nss_tacplus_getpwnam_r@Base 1.0.1 + _nss_tacplus_getpwuid_r@Base 1.0.1 diff --git a/debian/lintian-overrides b/debian/lintian-overrides new file mode 100644 index 0000000..c2a52cc --- /dev/null +++ b/debian/lintian-overrides @@ -0,0 +1,2 @@ +libnss-tacplus binary package-name-doesnt-match-sonames libnss-tacplus2 +libnss-tacplus package-name-doesnt-match-sonames libnss-tacplus2 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..b37d726 --- /dev/null +++ b/debian/rules @@ -0,0 +1,20 @@ +#!/usr/bin/make -f +# See debhelper(7) (uncomment to enable) +# output every command that modifies files on the build system. +DH_VERBOSE = 1 + +# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/* +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/default.mk + +# see FEATURE AREAS in dpkg-buildflags(1) +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# main packaging script based on dh7 syntax +%: + dh $@ --with autotools-dev + +# this library installs into /lib, not /usr/lib; I don't see any other +# way to do this, although there must be a way... +override_dh_auto_configure: + dh_auto_configure -- --prefix="" diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..af745b3 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (git) |