From 46e06cd5680020c5515b81fa2f4e940108703234 Mon Sep 17 00:00:00 2001 From: "Cameron (Kamran) Mashayekhi" Date: Fri, 17 Feb 2006 23:14:27 +0000 Subject: [PATCH] Corrections to spec file and scripts and update to the micasad. --- CASA.changes | 5 ++ c_micasad/startup/casacfgpam | 29 ++--------- c_micasad/startup/micasad | 45 ++++++++--------- doc/Readme.txt | 94 +++++++++++++++++++++++++++++++++--- shsrc/lshsrc/CASA.spec | 8 +-- shsrc/lshsrc/CASA_dbg.spec | 6 +-- 6 files changed, 120 insertions(+), 67 deletions(-) diff --git a/CASA.changes b/CASA.changes index d922a812..f93320fe 100644 --- a/CASA.changes +++ b/CASA.changes @@ -12,6 +12,11 @@ Fri Feb 17 21:31:10 IST 2006 - smanojna@novell.com - System > Configuration > Novell CASA Manager - Utilities > Security > Novell CASA Manager - Internet > Administration > Novell CASA Manager +------------------------------------------------------------------- +Thu Feb 16 16:45:27 MST 2006 - cmashayekhi@novell.com + +- Spec file was correct to eliminate the neededforbuild directive + ------------------------------------------------------------------- Thu Feb 16 11:43:36 MST 2006 - jnorman@novell.com diff --git a/c_micasad/startup/casacfgpam b/c_micasad/startup/casacfgpam index 5776b73c..05a91619 100755 --- a/c_micasad/startup/casacfgpam +++ b/c_micasad/startup/casacfgpam @@ -6,40 +6,17 @@ do sed -i '/pam_micasa/d' $file var=`grep pam_unix2.so $file` entry=`echo -e "auth\t required\tpam_micasa.so"` - entry2=`echo -e "session\t required\tpam_micasa.so"` - cnt=0 if [ "$var" != "" ] then sed -i "/^auth.*required.*pam_unix2.so/a$entry" $file - sed -i "/^session.*required.*pam_unix2.so/a$entry2" $file - - else - let ' cnt = cnt + 1' + continue fi var2=`grep common-auth $file` if [ "$var2" != "" ] then sed -i "/^auth.*include.*common-auth/a$entry" $file - sed -i "/^session.*include.*common-session/a$entry2" $file - else - let ' cnt = cnt + 1' - fi - if [ $cnt -eq 2 ] - then - awk ' - /auth/ { authSeen++; } - /account/ { - if (!acctSeen && authSeen) - { - print "auth\trequired\tpam_micasa.so\n";} - acctSeen++; - } - /session/ { sesSeen++; } - // {print $0; } - END { if (sesSeen) - print "session\trequired\tpam_micasa.so\n"; } - ' $file > $file.sav - mv $file.sav $file + continue fi + sed -i "0,/^auth/s/^\(auth.*\)/\1\n$entry/" $file fi done \ No newline at end of file diff --git a/c_micasad/startup/micasad b/c_micasad/startup/micasad index beb93073..f46f715d 100644 --- a/c_micasad/startup/micasad +++ b/c_micasad/startup/micasad @@ -31,7 +31,7 @@ rc_reset case "$1" in start) echo "Starting miCASA daemon" - startproc -f $MICASAD_BIN + /sbin/startproc -f $MICASAD_BIN # Remember status and be verbose rc_status -v ;; @@ -39,57 +39,58 @@ case "$1" in stop) echo "Shutting miCASA daemon down" #killproc -TERM $MICASAD_BIN - pid=`cat /var/run/micasad.pid` > /dev/null 2>&1 - kill -s TERM $pid > /dev/null 2>&1 + pid=`cat /var/run/micasad.pid` >/dev/null 2>&1 + kill -s TERM $pid >/dev/null 2>&1 # Remember status and be verbose rc_status -v ;; - try-restart|condrestart) -# $0 status >/dev/null && $0 restart - $0 restart + try-restart|condrestart) + $0 status >/dev/null && $0 restart rc_status ;; restart) - ## Stop the service and regardless of whether it was - ## running or not, start it again. + ## Stop the service and regardless of whether it was + ## running or not, start it again. echo "Restarting miCASA daemon" - $0 stop - $0 start + $0 stop + $0 start - # Remember status and be quiet - rc_status - ;; + # Remember status and be quiet + rc_status + ;; - status) + status) echo "Checking for service micasad ..." - checkproc micasad - if [ $? == 0 ] + /sbin/checkproc micasad + $res=$? + if [ $res == 0 ] then echo -n "0 - service up and running" - elif [ $? == 1 ] + elif [ $res == 1 ] then echo -n "1 - service dead, but /var/run/pid file exists" - elif [ $? == 2 ] + elif [ $res == 2 ] then echo -n "2 - service dead, but /var/lock/lock file exists" - elif [ $? == 3 ] + elif [ $res == 3 ] then echo -n "3 - service not running (unused)" - elif [ $? == 4 ] + elif [ $res == 4 ] then echo -n "4 - service status unknown" else echo -n "5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)" fi - rc_status -v + rc_status >/dev/null 2>&1 + ;; *) - echo "Usage: $0 {start|stop|restart|try-restart|status}" + echo "Usage: $0 {start|stop|restart|try-restart|status}" exit 1 ;; esac diff --git a/doc/Readme.txt b/doc/Readme.txt index b7db9994..3eafc463 100755 --- a/doc/Readme.txt +++ b/doc/Readme.txt @@ -41,7 +41,7 @@ Common Authentication Service Adapter (CASA) process that makes the IDK API calls. The credentials, which are stored by applications in miCASAd, are maintained in memory and written to - disk for this release. Session-based secrets implies + disk for this release. Session-based secrets implies secrets that are stored in an in-memory cache, are available only as long as the user is in session on the desktop, and are destroyed when miCASA daemon @@ -57,7 +57,7 @@ Common Authentication Service Adapter (CASA) placed as the last module in the auth and session stacks of xdm, gdm, kdm, login and sshd PAM configuration files. The functionality of this - module is to store the credentials in miCASAd. + module is to store the credentials in miCASAd. Any PAM module that uses the IDK APIs must set its effective user id temporarily to that of the user @@ -88,8 +88,8 @@ Common Authentication Service Adapter (CASA) 3.0 Known issues - Secrets with IDs using reserved characters may fail. - These will be fixed in a future release. Reserved - characters are + These will be fixed in a future release. Reserved + characters are : \ @@ -100,11 +100,89 @@ Common Authentication Service Adapter (CASA) (1.1.9 or later) available for download at http://www.mono-project.com/Downloads. - - CASA install rpm that is intended for 32 bit architecture - should not be installed on 64 bit architecture because - it can cause runtime problems. - + - CASA install rpm that is intended for 32 bit architecture + should not be installed on 64 bit architecture because + it can cause runtime problems. + - Since CASA is tied to the Linux login process via PAM, + events that cause the system to become inconsistent or + unstable may cause a user to be unable to login to the + workstation. Some possible causes of inconsistency or + instability are: + + - Installing 32 bit CASA RPMs on a 64 bit OS + - Performing a hard reset on the machine + + Following the steps below will restore the ability to + login. + + 1) Reboot machine + 2) When boot loader menu appears, type "init=/bin/bash" + (without quotes) on the options line and then Enter. + This will cause the machine to boot into a command + shell with root privileges. + 3) At the command prompt type "chkconfig micasad off" + (without quotes). This will prevent the CASA daemon + from being loaded during bootup. + 4) With a console based text editor (i.e. vi, emacs) + remove all lines referencing the pam_micasa module in + the following pam configuration files (some files may + not exist depending on what desktop managers have + been installed: + + - /etc/pam.d/gdm + - /etc/pam.d/xdm + - /etc/pam.d/kdm + - /etc/pam.d/sshd + - /etc/pam.d/login + + 5) At the command prompt type "init 5" (without quotes) + to boot into runlevel 5. This will provide you with a + graphical login prompt. You should be able to login + at this point. + + After you have restored login capabilities, you will need + to resolve the inconsistency that prevented login in the + first place. If you had installed a 32 bit CASA package + on a 64 bit OS, you will need to uninstall the 32 bit + package and install a CASA package built for 64 bit + architectures. If you are recovering from a hard reset + no further action should be needed. + + To make it so CASA will run at boot time, open a shell and + at the prompt type "chkconfig micasad 1235" (without + quotes). This will cause micasad to be run at runlevels + 1, 2, 3, and 5. + + - When logged in to a KDE session, the gnome-keyring-daemon + does not run by default. Therefore, all apps that access + the daemon, including our CASAManager will not be able to + manage/access the gnome-keyring. + + You can manually start the daemon by running the following + command from a shell prompt: + + gnome-keyring-daemon + + When the gnome-keyring-daemon starts, it prints the + GNOME_KEYRING_SOCKET environment variable and its value to + the terminal. In Gnome, the daemon is started and the + environment variable is loaded into your X session + environment by default, but in KDE, you will + have to manually load it. + + To load this environment variable, run a command similar to + the following command from a shell prompt (replacing the + value of the environment variable with what the daemon + output to the screen when you started it): + + export GNOME_KEYRING_SOCKET=/tmp/keyring-oaTsPs/socket + + Then you can run CASAManager GUI (from the same terminal + you exported the variable from) and you will be able to + manage and use the gnome-keyring in KDE just like you + could if you were logged into Gnome. + 4.0 Legal Notices Novell, Inc. makes no representations or warranties diff --git a/shsrc/lshsrc/CASA.spec b/shsrc/lshsrc/CASA.spec index ba7610d7..3dc4d6e2 100644 --- a/shsrc/lshsrc/CASA.spec +++ b/shsrc/lshsrc/CASA.spec @@ -21,7 +21,7 @@ License: LGPL Group: Productivity/Other Autoreqprov: on %define bldno 1.1.1 -Version: 1.6.000 +Version: 1.6.311 Release: 0 Summary: Novell Common Authentication Service Adapter (CASA) Source: %{name}-%{version}.tar.bz2 @@ -153,11 +153,7 @@ echo "/usr/%{_lib}/" >> %{buildroot}/etc/ld.so.conf.d/CASA.conf %post %{fillup_and_insserv -y micasad} -if [ $1 -eq 1 ] || [ $1 -eq 2 ] -then - casacfgpam -fi - +casacfgpam /sbin/ldconfig %post gui diff --git a/shsrc/lshsrc/CASA_dbg.spec b/shsrc/lshsrc/CASA_dbg.spec index 4cefa574..3d1f1fc2 100644 --- a/shsrc/lshsrc/CASA_dbg.spec +++ b/shsrc/lshsrc/CASA_dbg.spec @@ -153,11 +153,7 @@ echo "/usr/%{_lib}/" >> %{buildroot}/etc/ld.so.conf.d/CASA.conf %post %{fillup_and_insserv -y micasad} -if [ $1 -eq 1 ] || [ $1 -eq 2 ] -then - casacfgpam -fi - +casacfgpam /sbin/ldconfig %post gui