app-admin/mmc-core: Bump to new version
(Portage version: 2.1.10.7/svn/Linux x86_64, RepoMan options: --force) git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/mds@2992 6952d904-891a-0410-993b-d76249ca496b
This commit is contained in:
parent
fbf836d285
commit
283f7378da
@ -2,6 +2,12 @@
|
||||
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
|
||||
# $Header: $
|
||||
|
||||
*mmc-core-3.0.2 (30 Jul 2011)
|
||||
|
||||
30 Jul 2011; Mario Fetka <mario.fetka@gmail.com> +mmc-core-3.0.2.ebuild,
|
||||
+files/mmc-core-3.0.2-gentoo-1.patch, +files/mmc-core-3.0.2-kerberos-1.patch:
|
||||
Bump to new version
|
||||
|
||||
*mmc-core-3.0.1 (21 Jan 2011)
|
||||
|
||||
21 Jan 2011; Mario Fetka <mario.fetka@gmail.com> +mmc-core-3.0.1.ebuild,
|
||||
|
@ -9,6 +9,6 @@ DIST mmc-core-3.0.1.tar.gz 655442 RMD160 deebc610b6bd628b8cdeb4b211da572fb450596
|
||||
DIST mmc-core-3.0.2.tar.gz 1003526 RMD160 4e04ed7f7388b060dacd662dc837172f6ba29e15 SHA1 d6b0e8305b65b62f1d7e93ea547bf690684da7d3 SHA256 6ec685bb7247226e5973e40c6e1889674a5a453e97a584e39cf8b8e76a99266a
|
||||
EBUILD mmc-core-3.0.0.ebuild 1234 RMD160 d63bd5b2219df6402e7e7410ae37ea61a3685257 SHA1 dc334ba3e426e2021864d2d126ad753de42d1e1a SHA256 84c47e990f71860b50d8aa106a23811f9c2018a165b46d757c47e3e38955ec8d
|
||||
EBUILD mmc-core-3.0.1.ebuild 1234 RMD160 4c97c95f578f7f9714a764b81c9df9860f07184a SHA1 22bd0b06c73576df0ce2b7e682749032a85b6b5f SHA256 91e1cd0abfeac1f779ebe0e1ad184c595c574d38ba736aa54407324bd113d9ec
|
||||
EBUILD mmc-core-3.0.2.ebuild 1360 RMD160 6ca92f9e3ddd17a76ab6b5b1f23c903b5e3b8f6d SHA1 bf8b4b2dbfe37b1ee0af598f3d779f9ae506ea9c SHA256 c89acb55af2a368fa547f28106553662ce9e1cd65193e8051c1dadeb8ef7787d
|
||||
MISC ChangeLog 3328 RMD160 772283f0589057030836b8a2b53138a2ce804c0b SHA1 3d0fd4f0973b485143b63093f40fa5a1923f8e13 SHA256 f67da60b29076724ae16d538ae6ede2825fc16dd5f524a6dd3011fceaa911d6b
|
||||
EBUILD mmc-core-3.0.2.ebuild 1557 RMD160 5cec565c86af58cc691c6dd15602004057de10c3 SHA1 3ff9b1846e15d7292f6a9d6946c385b754495d8d SHA256 f8cdd3a898cf4f051fa74b82b65072f517fbd66de1ad5b3ae747a9231e982e91
|
||||
MISC ChangeLog 3537 RMD160 6f2dda1e3f5ffa3a0ddc95071aefbd8bded6ad84 SHA1 cff4a30f8419f237d31c55d6033c3aeb8895deb3 SHA256 5d8b1009ac5a9de5161c16d220271904e0e862053faf3b833c1dd44ca3b5ccc4
|
||||
MISC metadata.xml 226 RMD160 bebcbe7a5e3d2be83c25e006192f71ebf45abb14 SHA1 ec2b713fc2363b8c51e9c164d0802eeb59d9d296 SHA256 a9d3f7df2362a9a7ddcbe05c5d97d726eeb4bab135b21643508149a08bf6a2b2
|
||||
|
34
app-admin/mmc-core/files/mmc-core-3.0.2-gentoo-1.patch
Normal file
34
app-admin/mmc-core/files/mmc-core-3.0.2-gentoo-1.patch
Normal file
@ -0,0 +1,34 @@
|
||||
Submitted By: Mario Fetka (mario dot fetka at gmail dot com)
|
||||
Date: 2011-07-30
|
||||
Initial Package Version: 2.3.2
|
||||
Origin: me
|
||||
Upstream Status: gentoo specific
|
||||
Description: wrap mmc alias in define and disable php_flag
|
||||
|
||||
diff -uNr mmc-core-3.0.2.orig//web/confs/apache/mmc.conf.in mmc-core-3.0.2/web/confs/apache/mmc.conf.in
|
||||
--- mmc-core-3.0.2.orig//web/confs/apache/mmc.conf.in 2011-07-30 07:58:33.638000121 +0200
|
||||
+++ mmc-core-3.0.2/web/confs/apache/mmc.conf.in 2011-07-30 08:00:12.498000123 +0200
|
||||
@@ -1,11 +1,13 @@
|
||||
-### Add an alias /mmc on www server root
|
||||
-Alias /mmc @datadir@/mmc
|
||||
+<IfDefine MMC>
|
||||
+ ### Add an alias /mmc on www server root
|
||||
+ Alias /mmc @datadir@/mmc
|
||||
|
||||
-### Allow access to lmc web directory to everyone
|
||||
-<Directory @datadir@/mmc>
|
||||
- AllowOverride None
|
||||
- Order allow,deny
|
||||
- allow from all
|
||||
- php_flag short_open_tag on
|
||||
- php_flag magic_quotes_gpc on
|
||||
-</Directory>
|
||||
+ ### Allow access to lmc web directory to everyone
|
||||
+ <Directory @datadir@/mmc>
|
||||
+ AllowOverride None
|
||||
+ Order allow,deny
|
||||
+ allow from all
|
||||
+ # php_flag short_open_tag on
|
||||
+ # php_flag magic_quotes_gpc on
|
||||
+ </Directory>
|
||||
+</IfDefine>
|
423
app-admin/mmc-core/files/mmc-core-3.0.2-kerberos-1.patch
Normal file
423
app-admin/mmc-core/files/mmc-core-3.0.2-kerberos-1.patch
Normal file
@ -0,0 +1,423 @@
|
||||
Submitted By: Mario Fetka (geos_one) (mario dot fetka at gmail dot com)
|
||||
Date: 2011-07-30
|
||||
Initial Package Version: 2.3.1
|
||||
Origin: http://mds.mandriva.org/ticket/144
|
||||
Upstream Status: unknown
|
||||
Description: add support for kerberos attributes
|
||||
|
||||
diff -uNr mmc-core-3.0.2.orig//agent/conf/Makefile.am mmc-core-3.0.2/agent/conf/Makefile.am
|
||||
--- mmc-core-3.0.2.orig//agent/conf/Makefile.am 2011-07-30 07:38:43.327000122 +0200
|
||||
+++ mmc-core-3.0.2/agent/conf/Makefile.am 2011-07-30 07:43:17.272000123 +0200
|
||||
@@ -21,7 +21,7 @@
|
||||
# Jean Parpaillon <jparpaillon@mandriva.com>
|
||||
#
|
||||
mmcconfdir = $(sysconfdir)/mmc
|
||||
-nobase_dist_mmcconf_DATA = plugins/ppolicy.ini \
|
||||
+nobase_dist_mmcconf_DATA = plugins/ppolicy.ini plugins/kerberos.ini \
|
||||
agent/keys/cacert.pem agent/keys/localcert.pem
|
||||
nobase_nodist_mmcconf_DATA = agent/config.ini plugins/base.ini
|
||||
|
||||
diff -uNr mmc-core-3.0.2.orig//agent/conf/plugins/kerberos.ini mmc-core-3.0.2/agent/conf/plugins/kerberos.ini
|
||||
--- mmc-core-3.0.2.orig//agent/conf/plugins/kerberos.ini 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ mmc-core-3.0.2/agent/conf/plugins/kerberos.ini 2011-07-30 07:39:59.350000124 +0200
|
||||
@@ -0,0 +1,5 @@
|
||||
+[main]
|
||||
+disable = 0
|
||||
+
|
||||
+[kerberos]
|
||||
+realm = EXAMPLE.COM
|
||||
diff -uNr mmc-core-3.0.2.orig//agent/contrib/ldap/Makefile.am mmc-core-3.0.2/agent/contrib/ldap/Makefile.am
|
||||
--- mmc-core-3.0.2.orig//agent/contrib/ldap/Makefile.am 2011-07-30 07:38:43.342000122 +0200
|
||||
+++ mmc-core-3.0.2/agent/contrib/ldap/Makefile.am 2011-07-30 07:45:43.795000123 +0200
|
||||
@@ -23,4 +23,4 @@
|
||||
ldapcontribdir = $(datarootdir)/doc/python-mmc-base/contrib/ldap
|
||||
dist_ldapcontrib_DATA = dhcp.schema mail.schema nsswitch.conf pam_ldap.conf quota.schema slapd.conf \
|
||||
slapd.conf.samba dnszone.schema mmc.schema printer.schema samba.schema slapd.conf.mmc-samba-ox \
|
||||
- slapd.conf.userquota zarafa.schema ppolicy.schema openssh-lpk.schema
|
||||
+ slapd.conf.userquota zarafa.schema ppolicy.schema openssh-lpk.schema krb5-kdc.schema
|
||||
diff -uNr mmc-core-3.0.2.orig//agent/contrib/ldap/krb5-kdc.schema mmc-core-3.0.2/agent/contrib/ldap/krb5-kdc.schema
|
||||
--- mmc-core-3.0.2.orig//agent/contrib/ldap/krb5-kdc.schema 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ mmc-core-3.0.2/agent/contrib/ldap/krb5-kdc.schema 2011-07-30 07:39:59.351000123 +0200
|
||||
@@ -0,0 +1,136 @@
|
||||
+# $Id: krb5-kdc.schema,v 1.1 2004-03-22 17:25:05 quanah Exp $
|
||||
+# Definitions for a Kerberos V KDC schema
|
||||
+
|
||||
+# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
|
||||
+#
|
||||
+# Syntaxes are under 1.3.6.1.4.1.5322.10.0
|
||||
+# Attributes types are under 1.3.6.1.4.1.5322.10.1
|
||||
+# Object classes are under 1.3.6.1.4.1.5322.10.2
|
||||
+
|
||||
+# Syntax definitions
|
||||
+
|
||||
+#krb5KDCFlagsSyntax SYNTAX ::= {
|
||||
+# WITH SYNTAX INTEGER
|
||||
+#-- initial(0), -- require as-req
|
||||
+#-- forwardable(1), -- may issue forwardable
|
||||
+#-- proxiable(2), -- may issue proxiable
|
||||
+#-- renewable(3), -- may issue renewable
|
||||
+#-- postdate(4), -- may issue postdatable
|
||||
+#-- server(5), -- may be server
|
||||
+#-- client(6), -- may be client
|
||||
+#-- invalid(7), -- entry is invalid
|
||||
+#-- require-preauth(8), -- must use preauth
|
||||
+#-- change-pw(9), -- change password service
|
||||
+#-- require-hwauth(10), -- must use hwauth
|
||||
+#-- ok-as-delegate(11), -- as in TicketFlags
|
||||
+#-- user-to-user(12), -- may use user-to-user auth
|
||||
+#-- immutable(13) -- may not be deleted
|
||||
+# ID { 1.3.6.1.4.1.5322.10.0.1 }
|
||||
+#}
|
||||
+
|
||||
+#krb5PrincipalNameSyntax SYNTAX ::= {
|
||||
+# WITH SYNTAX OCTET STRING
|
||||
+#-- String representations of distinguished names as per RFC1510
|
||||
+# ID { 1.3.6.1.4.1.5322.10.0.2 }
|
||||
+#}
|
||||
+
|
||||
+# Attribute type definitions
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.1
|
||||
+ NAME 'krb5PrincipalName'
|
||||
+ DESC 'The unparsed Kerberos principal name'
|
||||
+ EQUALITY caseExactIA5Match
|
||||
+ SINGLE-VALUE
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.2
|
||||
+ NAME 'krb5KeyVersionNumber'
|
||||
+ EQUALITY integerMatch
|
||||
+ SINGLE-VALUE
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.3
|
||||
+ NAME 'krb5MaxLife'
|
||||
+ EQUALITY integerMatch
|
||||
+ SINGLE-VALUE
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.4
|
||||
+ NAME 'krb5MaxRenew'
|
||||
+ EQUALITY integerMatch
|
||||
+ SINGLE-VALUE
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.5
|
||||
+ NAME 'krb5KDCFlags'
|
||||
+ EQUALITY integerMatch
|
||||
+ SINGLE-VALUE
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.6
|
||||
+ NAME 'krb5EncryptionType'
|
||||
+ EQUALITY integerMatch
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.7
|
||||
+ NAME 'krb5ValidStart'
|
||||
+ EQUALITY generalizedTimeMatch
|
||||
+ ORDERING generalizedTimeOrderingMatch
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
|
||||
+ SINGLE-VALUE )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.8
|
||||
+ NAME 'krb5ValidEnd'
|
||||
+ EQUALITY generalizedTimeMatch
|
||||
+ ORDERING generalizedTimeOrderingMatch
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
|
||||
+ SINGLE-VALUE )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.9
|
||||
+ NAME 'krb5PasswordEnd'
|
||||
+ EQUALITY generalizedTimeMatch
|
||||
+ ORDERING generalizedTimeOrderingMatch
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
|
||||
+ SINGLE-VALUE )
|
||||
+
|
||||
+# this is temporary; keys will eventually
|
||||
+# be child entries or compound attributes.
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.10
|
||||
+ NAME 'krb5Key'
|
||||
+ DESC 'Encoded ASN1 Key as an octet string'
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.11
|
||||
+ NAME 'krb5PrincipalRealm'
|
||||
+ DESC 'Distinguished name of krb5Realm entry'
|
||||
+ SUP distinguishedName )
|
||||
+
|
||||
+attributetype ( 1.3.6.1.4.1.5322.10.1.12
|
||||
+ NAME 'krb5RealmName'
|
||||
+ EQUALITY octetStringMatch
|
||||
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
|
||||
+
|
||||
+# Object class definitions
|
||||
+
|
||||
+objectclass ( 1.3.6.1.4.1.5322.10.2.1
|
||||
+ NAME 'krb5Principal'
|
||||
+ SUP top
|
||||
+ AUXILIARY
|
||||
+ MUST ( krb5PrincipalName )
|
||||
+ MAY ( cn $ krb5PrincipalRealm ) )
|
||||
+
|
||||
+objectclass ( 1.3.6.1.4.1.5322.10.2.2
|
||||
+ NAME 'krb5KDCEntry'
|
||||
+ SUP krb5Principal
|
||||
+ AUXILIARY
|
||||
+ MUST ( krb5KeyVersionNumber )
|
||||
+ MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
|
||||
+ krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
|
||||
+ krb5EncryptionType $ krb5Key ) )
|
||||
+
|
||||
+objectclass ( 1.3.6.1.4.1.5322.10.2.3
|
||||
+ NAME 'krb5Realm'
|
||||
+ SUP top
|
||||
+ AUXILIARY
|
||||
+ MUST ( krb5RealmName ) )
|
||||
+
|
||||
diff -uNr mmc-core-3.0.2.orig//agent/mmc/Makefile.am mmc-core-3.0.2/agent/mmc/Makefile.am
|
||||
--- mmc-core-3.0.2.orig//agent/mmc/Makefile.am 2011-07-30 07:38:43.333000122 +0200
|
||||
+++ mmc-core-3.0.2/agent/mmc/Makefile.am 2011-07-30 07:41:43.306000122 +0200
|
||||
@@ -20,7 +20,7 @@
|
||||
# Author(s):
|
||||
# Jean Parpaillon <jparpaillon@mandriva.com>
|
||||
#
|
||||
-pythonmodules = support plugins plugins.base plugins.ppolicy \
|
||||
+pythonmodules = support plugins plugins.base plugins.ppolicy plugins.kerberos \
|
||||
core core.audit
|
||||
|
||||
all-local: site.py
|
||||
diff -uNr mmc-core-3.0.2.orig//agent/mmc/plugins/base/__init__.py mmc-core-3.0.2/agent/mmc/plugins/base/__init__.py
|
||||
--- mmc-core-3.0.2.orig//agent/mmc/plugins/base/__init__.py 2011-07-30 07:38:43.331000122 +0200
|
||||
+++ mmc-core-3.0.2/agent/mmc/plugins/base/__init__.py 2011-07-30 07:39:59.352000122 +0200
|
||||
@@ -1322,6 +1322,10 @@
|
||||
attrs = []
|
||||
attrib = self.l.search_s(dn, ldap.SCOPE_BASE)
|
||||
c, attrs = attrib[0]
|
||||
+ # kerberos -> remove binary key from attrs
|
||||
+ try: attrs.pop('krb5Key')
|
||||
+ except: pass
|
||||
+ #
|
||||
newattrs = copy.deepcopy(attrs)
|
||||
return newattrs
|
||||
|
||||
@@ -1351,6 +1355,10 @@
|
||||
attrib = self.l.search_s(cn, ldap.SCOPE_BASE, attrlist = myattrlist)
|
||||
|
||||
c,attrs=attrib[0]
|
||||
+ # kerberos -> remove binary key from attrs
|
||||
+ try: attrs.pop('krb5Key')
|
||||
+ except: pass
|
||||
+ #
|
||||
|
||||
newattrs = copy.deepcopy(attrs)
|
||||
|
||||
@@ -1541,8 +1549,13 @@
|
||||
@rtype: list
|
||||
"""
|
||||
if not base: base = self.baseUsersDN
|
||||
- if (pattern==''): searchFilter = "uid=*"
|
||||
- else: searchFilter = pattern
|
||||
+ # kerberos -> search only PosixAccount
|
||||
+ if (pattern==''): searchFilter = "(&(objectClass=posixAccount)(uid=*))"
|
||||
+ elif pattern[0] == '(':
|
||||
+ searchFilter = "(&(objectClass=posixAccount)%s)" % (pattern)
|
||||
+ else:
|
||||
+ searchFilter = "(&(objectClass=posixAccount)(%s))" % (pattern)
|
||||
+ #
|
||||
monoattrs = ["uid", "sn", "givenName", "mail"]
|
||||
result_set = self.search(searchFilter, base, monoattrs + ["telephoneNumber", "loginShell", "objectClass"], ldap.SCOPE_ONELEVEL)
|
||||
|
||||
diff -uNr mmc-core-3.0.2.orig//agent/mmc/plugins/kerberos/__init__.py mmc-core-3.0.2/agent/mmc/plugins/kerberos/__init__.py
|
||||
--- mmc-core-3.0.2.orig//agent/mmc/plugins/kerberos/__init__.py 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ mmc-core-3.0.2/agent/mmc/plugins/kerberos/__init__.py 2011-07-30 07:39:59.352000122 +0200
|
||||
@@ -0,0 +1,180 @@
|
||||
+# -*- coding: utf-8; -*-
|
||||
+#
|
||||
+# (c) 2004-2007 Linbox / Free&ALter Soft, http://linbox.com
|
||||
+# (c) 2007 Mandriva, http://www.mandriva.com/
|
||||
+# (c) 2007 Kids-und-Co g.e.V http://www.kids-und-co.de
|
||||
+#
|
||||
+# $Id: __init__.py 108 2007-11-21 09:56:21Z iosifb $
|
||||
+#
|
||||
+# This file is part of Mandriva Management Console (MMC).
|
||||
+#
|
||||
+# MMC is free software; you can redistribute it and/or modify
|
||||
+# it under the terms of the GNU General Public License as published by
|
||||
+# the Free Software Foundation; either version 2 of the License, or
|
||||
+# (at your option) any later version.
|
||||
+#
|
||||
+# MMC is distributed in the hope that it will be useful,
|
||||
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+# GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with MMC; if not, write to the Free Software
|
||||
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
+
|
||||
+import logging
|
||||
+import ldap.modlist
|
||||
+import copy
|
||||
+from mmc.plugins.base import ldapUserGroupControl
|
||||
+import xmlrpclib
|
||||
+from mmc.support.errorObj import errorMessage
|
||||
+from mmc.support.mmcException import *
|
||||
+from mmc.support import mmctools
|
||||
+import mmc.plugins.base
|
||||
+from mmc.support.config import *
|
||||
+from mmc.plugins.base import ldapUserGroupControl
|
||||
+
|
||||
+VERSION = "2.3.1"
|
||||
+APIVERSION = "4:2:0"
|
||||
+REVISION = int("$Rev: 108 $".split(':')[1].strip(' $'))
|
||||
+
|
||||
+def getVersion(): return VERSION
|
||||
+def getApiVersion(): return APIVERSION
|
||||
+def getRevision(): return REVISION
|
||||
+
|
||||
+def activate():
|
||||
+ """
|
||||
+ this function define if the module "base" can be activated.
|
||||
+ @return: return True if this module can be activate
|
||||
+ @rtype: boolean
|
||||
+ """
|
||||
+ config = KerberosConfig("kerberos")
|
||||
+ logger = logging.getLogger()
|
||||
+
|
||||
+ if config.disabled:
|
||||
+ logger.info("Kerberos plugin disabled by configuration.")
|
||||
+ return False
|
||||
+
|
||||
+ try:
|
||||
+ ldapObj = ldapUserGroupControl()
|
||||
+ except ldap.INVALID_CREDENTIALS:
|
||||
+ logger.error("Can't bind to LDAP: invalid credentials.")
|
||||
+ return False
|
||||
+
|
||||
+ # Test if the Kerberos LDAP schema is available in the directory
|
||||
+ try:
|
||||
+ schema = ldapObj.getSchema("krb5KDCEntry")
|
||||
+ if len(schema) <= 0:
|
||||
+ logger.error("Kerberos schema is not included in LDAP directory");
|
||||
+ return False
|
||||
+ except:
|
||||
+ logger.exception("invalid schema")
|
||||
+ return False
|
||||
+ try:
|
||||
+ schema = ldapObj.getSchema("krb5Principal")
|
||||
+ if len(schema) <= 0:
|
||||
+ logger.error("Kerberos schema is not included in LDAP directory");
|
||||
+ return False
|
||||
+ except:
|
||||
+ logger.exception("invalid schema")
|
||||
+ return False
|
||||
+ """
|
||||
+ TODO: Check kerberos database
|
||||
+ """
|
||||
+ return True
|
||||
+
|
||||
+def isKrbUser(uid):
|
||||
+ return kerberosLdapControl().isKerberosUser(uid)
|
||||
+
|
||||
+def addKrbAttr(uid,password):
|
||||
+ return kerberosLdapControl().addKerberosAttr(uid,password)
|
||||
+
|
||||
+def delKrbAttr(uid,password):
|
||||
+ return kerberosLdapControl().delKerberosAttr(uid,password)
|
||||
+
|
||||
+def changePassword(uid,password):
|
||||
+ return kerberosLdapControl().changePassword(uid, password)
|
||||
+
|
||||
+class KerberosConfig(PluginConfig):
|
||||
+ def __init__(self,name, conffile = None):
|
||||
+ PluginConfig.__init__(self,name, conffile = None)
|
||||
+ self.setDefault()
|
||||
+ self.readConfig()
|
||||
+
|
||||
+ def readConfig(self):
|
||||
+ PluginConfig.readConf(self)
|
||||
+ self.realm = self.get("kerberos", "realm")
|
||||
+
|
||||
+class kerberosLdapControl(mmc.plugins.base.ldapUserGroupControl):
|
||||
+
|
||||
+ def __init__(self, conffile = None, conffilebase = None):
|
||||
+ mmc.plugins.base.ldapUserGroupControl.__init__(self, conffilebase)
|
||||
+ self.configKerberos = KerberosConfig("kerberos", conffile)
|
||||
+ self.realm = self.configKerberos.realm
|
||||
+
|
||||
+ def delKerberosAttr(self,uid,password):
|
||||
+ # If the password has been encoded in the XML-RPC stream, decode it
|
||||
+ if isinstance(password, xmlrpclib.Binary):
|
||||
+ password = str(password)
|
||||
+ dn = 'uid=' + uid + ',' + self.baseUsersDN
|
||||
+ s = self.l.search_s(dn, ldap.SCOPE_BASE)
|
||||
+ c, attr = s[0]
|
||||
+ old = {}
|
||||
+ new = {}
|
||||
+ for key in attr.keys(): old[key.lower()] = attr[key]
|
||||
+ new = copy.deepcopy(old)
|
||||
+ # remove krb attributes
|
||||
+ new.pop('krb5kdcflags')
|
||||
+ new.pop('krb5principalname')
|
||||
+ new.pop('krb5keyversionnumber')
|
||||
+ try: new.pop('krb5key')
|
||||
+ except KeyError: pass
|
||||
+ newobjclasses = ()
|
||||
+ for s in new.pop('objectclass'):
|
||||
+ if s[0:4] == 'krb5': pass
|
||||
+ else: newobjclasses = newobjclasses + (s,)
|
||||
+ new['objectclass'] = newobjclasses
|
||||
+ modlist = ldap.modlist.modifyModlist(old, new)
|
||||
+ #logger = logging.getLogger()
|
||||
+ #logger.debug(newobjclasses)
|
||||
+ #logger.debug(modlist)
|
||||
+ self.l.modify_s(dn, modlist)
|
||||
+ mmc.plugins.base.ldapUserGroupControl.changeUserPasswd(self,uid,password)
|
||||
+ return True
|
||||
+
|
||||
+ def addKerberosAttr(self,uid,password):
|
||||
+ # If the password has been encoded in the XML-RPC stream, decode it
|
||||
+ if isinstance(password, xmlrpclib.Binary):
|
||||
+ password = str(password)
|
||||
+ dn = 'uid=' + uid + ',' + self.baseUsersDN
|
||||
+ s = self.l.search_s(dn, ldap.SCOPE_BASE)
|
||||
+ c, attr = s[0]
|
||||
+ old = {}
|
||||
+ new = {}
|
||||
+ for key in attr.keys(): old[key.lower()] = attr[key]
|
||||
+ new = copy.deepcopy(old)
|
||||
+ new['objectclass'] = new['objectclass'] + ['krb5Principal','krb5KDCEntry']
|
||||
+ new['userpassword'] = ['{K5Key}']
|
||||
+ new['krb5kdcflags'] = ['126']
|
||||
+ new['krb5keyversionnumber'] = ['0']
|
||||
+ new['krb5principalname'] = [uid+'@' +self.realm]
|
||||
+ modlist = ldap.modlist.modifyModlist(old, new)
|
||||
+ self.l.modify_s(dn, modlist)
|
||||
+ self.l.passwd_s(dn, None, password)
|
||||
+ return True
|
||||
+
|
||||
+ def isKerberosUser(self,uid):
|
||||
+ ret = False
|
||||
+ if self.existUser(uid): ret = "krb5Principal" in self.getDetailedUser(uid)["objectClass"]
|
||||
+ return ret
|
||||
+
|
||||
+ def changePassword(self,uid,password):
|
||||
+ # If the password has been encoded in the XML-RPC stream, decode it
|
||||
+ if isinstance(password, xmlrpclib.Binary):
|
||||
+ password = str(password)
|
||||
+ dn = 'uid=' + uid + ',' + self.baseUsersDN
|
||||
+ self.l.modify_s(dn, [(ldap.MOD_REPLACE,'userPassWord','{K5KEY}')])
|
||||
+ self.l.passwd_s(dn, None, password)
|
||||
+ return True
|
||||
+
|
||||
+
|
||||
diff -uNr mmc-core-3.0.2.orig//conf/plugins/kerberos.ini mmc-core-3.0.2/conf/plugins/kerberos.ini
|
||||
--- mmc-core-3.0.2.orig//conf/plugins/kerberos.ini 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ mmc-core-3.0.2/conf/plugins/kerberos.ini 2011-07-30 07:40:15.121000121 +0200
|
||||
@@ -0,0 +1,5 @@
|
||||
+[main]
|
||||
+disable = 0
|
||||
+
|
||||
+[kerberos]
|
||||
+realm = EXAMPLE.COM
|
60
app-admin/mmc-core/mmc-core-3.0.2.ebuild
Normal file
60
app-admin/mmc-core/mmc-core-3.0.2.ebuild
Normal file
@ -0,0 +1,60 @@
|
||||
# Copyright 1999-2011 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: $
|
||||
|
||||
EAPI="2"
|
||||
SUPPORT_PYTHON_ABIS="1"
|
||||
|
||||
inherit eutils autotools flag-o-matic
|
||||
|
||||
MY_P="${P/_p/-}"
|
||||
MY_PV="${PV/_p*/}"
|
||||
|
||||
DESCRIPTION="The MMC Agent and its Core Python plugins."
|
||||
HOMEPAGE="http://mds.mandriva.org/"
|
||||
SRC_URI="http://mds.mandriva.org/pub/mmc-core/sources//${PV}/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
|
||||
IUSE=""
|
||||
|
||||
SLOT="0"
|
||||
|
||||
RDEPEND=">=dev-python/twisted-web-0.7.0
|
||||
>=dev-python/python-ldap-2.2.1
|
||||
>=dev-python/mysql-python-1.2.0
|
||||
>=dev-python/sqlalchemy-0.6.1
|
||||
>=dev-python/pyopenssl-0.10
|
||||
>=net-nds/openldap-2.4.26
|
||||
!app-admin/mmc-web-core
|
||||
!app-admin/mmc-agent"
|
||||
|
||||
DEPEND="$RDEPEND
|
||||
sys-apps/lsb-release"
|
||||
|
||||
src_prepare() {
|
||||
epatch "${FILESDIR}"/${PN}-3.0.2-kerberos-1.patch
|
||||
epatch "${FILESDIR}"/${PN}-3.0.2-gentoo-1.patch
|
||||
eautoreconf
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
append-flags -U_FORTIFY_SOURCE
|
||||
econf --enable-check-password --with-ldap-confdir=/etc/openldap --with-ldap-libdir=/usr/$(get_libdir)/openldap/openldap
|
||||
}
|
||||
|
||||
src_install() {
|
||||
emake install DESTDIR=${D} || die "install failed"
|
||||
newinitd "${FILESDIR}"/mmc-agent.initd mmc-agent
|
||||
keepdir /var/log/mmc
|
||||
insinto etc/apache2/modules.d
|
||||
newins ${D}/etc/mmc/apache/mmc.conf 90_mmc.conf
|
||||
rm -rf ${D}/etc/mmc/apache
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
elog "To disable some plugin in your mmc environments, you have to set"
|
||||
elog "disable to 1 in /etc/mmc/plugins/*.ini"
|
||||
elog "(one config file per service)"
|
||||
elog "You can't disable the base plugin."
|
||||
}
|
Loading…
Reference in New Issue
Block a user