From 283f7378da92b407c1a21ca6b952a260e37d4ee0 Mon Sep 17 00:00:00 2001 From: geos_one Date: Sat, 30 Jul 2011 10:53:45 +0000 Subject: [PATCH] app-admin/mmc-core: Bump to new version (Portage version: 2.1.10.7/svn/Linux x86_64, RepoMan options: --force) git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/mds@2992 6952d904-891a-0410-993b-d76249ca496b --- app-admin/mmc-core/ChangeLog | 6 + app-admin/mmc-core/Manifest | 4 +- .../files/mmc-core-3.0.2-gentoo-1.patch | 34 ++ .../files/mmc-core-3.0.2-kerberos-1.patch | 423 ++++++++++++++++++ app-admin/mmc-core/mmc-core-3.0.2.ebuild | 60 +++ 5 files changed, 525 insertions(+), 2 deletions(-) create mode 100644 app-admin/mmc-core/files/mmc-core-3.0.2-gentoo-1.patch create mode 100644 app-admin/mmc-core/files/mmc-core-3.0.2-kerberos-1.patch create mode 100644 app-admin/mmc-core/mmc-core-3.0.2.ebuild diff --git a/app-admin/mmc-core/ChangeLog b/app-admin/mmc-core/ChangeLog index b5b3998..2b2dde8 100644 --- a/app-admin/mmc-core/ChangeLog +++ b/app-admin/mmc-core/ChangeLog @@ -2,6 +2,12 @@ # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 # $Header: $ +*mmc-core-3.0.2 (30 Jul 2011) + + 30 Jul 2011; Mario Fetka +mmc-core-3.0.2.ebuild, + +files/mmc-core-3.0.2-gentoo-1.patch, +files/mmc-core-3.0.2-kerberos-1.patch: + Bump to new version + *mmc-core-3.0.1 (21 Jan 2011) 21 Jan 2011; Mario Fetka +mmc-core-3.0.1.ebuild, diff --git a/app-admin/mmc-core/Manifest b/app-admin/mmc-core/Manifest index 8cc53fd..8003bce 100644 --- a/app-admin/mmc-core/Manifest +++ b/app-admin/mmc-core/Manifest @@ -9,6 +9,6 @@ DIST mmc-core-3.0.1.tar.gz 655442 RMD160 deebc610b6bd628b8cdeb4b211da572fb450596 DIST mmc-core-3.0.2.tar.gz 1003526 RMD160 4e04ed7f7388b060dacd662dc837172f6ba29e15 SHA1 d6b0e8305b65b62f1d7e93ea547bf690684da7d3 SHA256 6ec685bb7247226e5973e40c6e1889674a5a453e97a584e39cf8b8e76a99266a EBUILD mmc-core-3.0.0.ebuild 1234 RMD160 d63bd5b2219df6402e7e7410ae37ea61a3685257 SHA1 dc334ba3e426e2021864d2d126ad753de42d1e1a SHA256 84c47e990f71860b50d8aa106a23811f9c2018a165b46d757c47e3e38955ec8d EBUILD mmc-core-3.0.1.ebuild 1234 RMD160 4c97c95f578f7f9714a764b81c9df9860f07184a SHA1 22bd0b06c73576df0ce2b7e682749032a85b6b5f SHA256 91e1cd0abfeac1f779ebe0e1ad184c595c574d38ba736aa54407324bd113d9ec -EBUILD mmc-core-3.0.2.ebuild 1360 RMD160 6ca92f9e3ddd17a76ab6b5b1f23c903b5e3b8f6d SHA1 bf8b4b2dbfe37b1ee0af598f3d779f9ae506ea9c SHA256 c89acb55af2a368fa547f28106553662ce9e1cd65193e8051c1dadeb8ef7787d -MISC ChangeLog 3328 RMD160 772283f0589057030836b8a2b53138a2ce804c0b SHA1 3d0fd4f0973b485143b63093f40fa5a1923f8e13 SHA256 f67da60b29076724ae16d538ae6ede2825fc16dd5f524a6dd3011fceaa911d6b +EBUILD mmc-core-3.0.2.ebuild 1557 RMD160 5cec565c86af58cc691c6dd15602004057de10c3 SHA1 3ff9b1846e15d7292f6a9d6946c385b754495d8d SHA256 f8cdd3a898cf4f051fa74b82b65072f517fbd66de1ad5b3ae747a9231e982e91 +MISC ChangeLog 3537 RMD160 6f2dda1e3f5ffa3a0ddc95071aefbd8bded6ad84 SHA1 cff4a30f8419f237d31c55d6033c3aeb8895deb3 SHA256 5d8b1009ac5a9de5161c16d220271904e0e862053faf3b833c1dd44ca3b5ccc4 MISC metadata.xml 226 RMD160 bebcbe7a5e3d2be83c25e006192f71ebf45abb14 SHA1 ec2b713fc2363b8c51e9c164d0802eeb59d9d296 SHA256 a9d3f7df2362a9a7ddcbe05c5d97d726eeb4bab135b21643508149a08bf6a2b2 diff --git a/app-admin/mmc-core/files/mmc-core-3.0.2-gentoo-1.patch b/app-admin/mmc-core/files/mmc-core-3.0.2-gentoo-1.patch new file mode 100644 index 0000000..30fe2ed --- /dev/null +++ b/app-admin/mmc-core/files/mmc-core-3.0.2-gentoo-1.patch @@ -0,0 +1,34 @@ +Submitted By: Mario Fetka (mario dot fetka at gmail dot com) +Date: 2011-07-30 +Initial Package Version: 2.3.2 +Origin: me +Upstream Status: gentoo specific +Description: wrap mmc alias in define and disable php_flag + +diff -uNr mmc-core-3.0.2.orig//web/confs/apache/mmc.conf.in mmc-core-3.0.2/web/confs/apache/mmc.conf.in +--- mmc-core-3.0.2.orig//web/confs/apache/mmc.conf.in 2011-07-30 07:58:33.638000121 +0200 ++++ mmc-core-3.0.2/web/confs/apache/mmc.conf.in 2011-07-30 08:00:12.498000123 +0200 +@@ -1,11 +1,13 @@ +-### Add an alias /mmc on www server root +-Alias /mmc @datadir@/mmc ++ ++ ### Add an alias /mmc on www server root ++ Alias /mmc @datadir@/mmc + +-### Allow access to lmc web directory to everyone +- +- AllowOverride None +- Order allow,deny +- allow from all +- php_flag short_open_tag on +- php_flag magic_quotes_gpc on +- ++ ### Allow access to lmc web directory to everyone ++ ++ AllowOverride None ++ Order allow,deny ++ allow from all ++ # php_flag short_open_tag on ++ # php_flag magic_quotes_gpc on ++ ++ diff --git a/app-admin/mmc-core/files/mmc-core-3.0.2-kerberos-1.patch b/app-admin/mmc-core/files/mmc-core-3.0.2-kerberos-1.patch new file mode 100644 index 0000000..d002c45 --- /dev/null +++ b/app-admin/mmc-core/files/mmc-core-3.0.2-kerberos-1.patch @@ -0,0 +1,423 @@ +Submitted By: Mario Fetka (geos_one) (mario dot fetka at gmail dot com) +Date: 2011-07-30 +Initial Package Version: 2.3.1 +Origin: http://mds.mandriva.org/ticket/144 +Upstream Status: unknown +Description: add support for kerberos attributes + +diff -uNr mmc-core-3.0.2.orig//agent/conf/Makefile.am mmc-core-3.0.2/agent/conf/Makefile.am +--- mmc-core-3.0.2.orig//agent/conf/Makefile.am 2011-07-30 07:38:43.327000122 +0200 ++++ mmc-core-3.0.2/agent/conf/Makefile.am 2011-07-30 07:43:17.272000123 +0200 +@@ -21,7 +21,7 @@ + # Jean Parpaillon + # + mmcconfdir = $(sysconfdir)/mmc +-nobase_dist_mmcconf_DATA = plugins/ppolicy.ini \ ++nobase_dist_mmcconf_DATA = plugins/ppolicy.ini plugins/kerberos.ini \ + agent/keys/cacert.pem agent/keys/localcert.pem + nobase_nodist_mmcconf_DATA = agent/config.ini plugins/base.ini + +diff -uNr mmc-core-3.0.2.orig//agent/conf/plugins/kerberos.ini mmc-core-3.0.2/agent/conf/plugins/kerberos.ini +--- mmc-core-3.0.2.orig//agent/conf/plugins/kerberos.ini 1970-01-01 01:00:00.000000000 +0100 ++++ mmc-core-3.0.2/agent/conf/plugins/kerberos.ini 2011-07-30 07:39:59.350000124 +0200 +@@ -0,0 +1,5 @@ ++[main] ++disable = 0 ++ ++[kerberos] ++realm = EXAMPLE.COM +diff -uNr mmc-core-3.0.2.orig//agent/contrib/ldap/Makefile.am mmc-core-3.0.2/agent/contrib/ldap/Makefile.am +--- mmc-core-3.0.2.orig//agent/contrib/ldap/Makefile.am 2011-07-30 07:38:43.342000122 +0200 ++++ mmc-core-3.0.2/agent/contrib/ldap/Makefile.am 2011-07-30 07:45:43.795000123 +0200 +@@ -23,4 +23,4 @@ + ldapcontribdir = $(datarootdir)/doc/python-mmc-base/contrib/ldap + dist_ldapcontrib_DATA = dhcp.schema mail.schema nsswitch.conf pam_ldap.conf quota.schema slapd.conf \ + slapd.conf.samba dnszone.schema mmc.schema printer.schema samba.schema slapd.conf.mmc-samba-ox \ +- slapd.conf.userquota zarafa.schema ppolicy.schema openssh-lpk.schema ++ slapd.conf.userquota zarafa.schema ppolicy.schema openssh-lpk.schema krb5-kdc.schema +diff -uNr mmc-core-3.0.2.orig//agent/contrib/ldap/krb5-kdc.schema mmc-core-3.0.2/agent/contrib/ldap/krb5-kdc.schema +--- mmc-core-3.0.2.orig//agent/contrib/ldap/krb5-kdc.schema 1970-01-01 01:00:00.000000000 +0100 ++++ mmc-core-3.0.2/agent/contrib/ldap/krb5-kdc.schema 2011-07-30 07:39:59.351000123 +0200 +@@ -0,0 +1,136 @@ ++# $Id: krb5-kdc.schema,v 1.1 2004-03-22 17:25:05 quanah Exp $ ++# Definitions for a Kerberos V KDC schema ++ ++# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10) ++# ++# Syntaxes are under 1.3.6.1.4.1.5322.10.0 ++# Attributes types are under 1.3.6.1.4.1.5322.10.1 ++# Object classes are under 1.3.6.1.4.1.5322.10.2 ++ ++# Syntax definitions ++ ++#krb5KDCFlagsSyntax SYNTAX ::= { ++# WITH SYNTAX INTEGER ++#-- initial(0), -- require as-req ++#-- forwardable(1), -- may issue forwardable ++#-- proxiable(2), -- may issue proxiable ++#-- renewable(3), -- may issue renewable ++#-- postdate(4), -- may issue postdatable ++#-- server(5), -- may be server ++#-- client(6), -- may be client ++#-- invalid(7), -- entry is invalid ++#-- require-preauth(8), -- must use preauth ++#-- change-pw(9), -- change password service ++#-- require-hwauth(10), -- must use hwauth ++#-- ok-as-delegate(11), -- as in TicketFlags ++#-- user-to-user(12), -- may use user-to-user auth ++#-- immutable(13) -- may not be deleted ++# ID { 1.3.6.1.4.1.5322.10.0.1 } ++#} ++ ++#krb5PrincipalNameSyntax SYNTAX ::= { ++# WITH SYNTAX OCTET STRING ++#-- String representations of distinguished names as per RFC1510 ++# ID { 1.3.6.1.4.1.5322.10.0.2 } ++#} ++ ++# Attribute type definitions ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.1 ++ NAME 'krb5PrincipalName' ++ DESC 'The unparsed Kerberos principal name' ++ EQUALITY caseExactIA5Match ++ SINGLE-VALUE ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.2 ++ NAME 'krb5KeyVersionNumber' ++ EQUALITY integerMatch ++ SINGLE-VALUE ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.3 ++ NAME 'krb5MaxLife' ++ EQUALITY integerMatch ++ SINGLE-VALUE ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.4 ++ NAME 'krb5MaxRenew' ++ EQUALITY integerMatch ++ SINGLE-VALUE ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.5 ++ NAME 'krb5KDCFlags' ++ EQUALITY integerMatch ++ SINGLE-VALUE ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.6 ++ NAME 'krb5EncryptionType' ++ EQUALITY integerMatch ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.7 ++ NAME 'krb5ValidStart' ++ EQUALITY generalizedTimeMatch ++ ORDERING generalizedTimeOrderingMatch ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ++ SINGLE-VALUE ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.8 ++ NAME 'krb5ValidEnd' ++ EQUALITY generalizedTimeMatch ++ ORDERING generalizedTimeOrderingMatch ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ++ SINGLE-VALUE ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.9 ++ NAME 'krb5PasswordEnd' ++ EQUALITY generalizedTimeMatch ++ ORDERING generalizedTimeOrderingMatch ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ++ SINGLE-VALUE ) ++ ++# this is temporary; keys will eventually ++# be child entries or compound attributes. ++attributetype ( 1.3.6.1.4.1.5322.10.1.10 ++ NAME 'krb5Key' ++ DESC 'Encoded ASN1 Key as an octet string' ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.11 ++ NAME 'krb5PrincipalRealm' ++ DESC 'Distinguished name of krb5Realm entry' ++ SUP distinguishedName ) ++ ++attributetype ( 1.3.6.1.4.1.5322.10.1.12 ++ NAME 'krb5RealmName' ++ EQUALITY octetStringMatch ++ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) ++ ++# Object class definitions ++ ++objectclass ( 1.3.6.1.4.1.5322.10.2.1 ++ NAME 'krb5Principal' ++ SUP top ++ AUXILIARY ++ MUST ( krb5PrincipalName ) ++ MAY ( cn $ krb5PrincipalRealm ) ) ++ ++objectclass ( 1.3.6.1.4.1.5322.10.2.2 ++ NAME 'krb5KDCEntry' ++ SUP krb5Principal ++ AUXILIARY ++ MUST ( krb5KeyVersionNumber ) ++ MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $ ++ krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $ ++ krb5EncryptionType $ krb5Key ) ) ++ ++objectclass ( 1.3.6.1.4.1.5322.10.2.3 ++ NAME 'krb5Realm' ++ SUP top ++ AUXILIARY ++ MUST ( krb5RealmName ) ) ++ +diff -uNr mmc-core-3.0.2.orig//agent/mmc/Makefile.am mmc-core-3.0.2/agent/mmc/Makefile.am +--- mmc-core-3.0.2.orig//agent/mmc/Makefile.am 2011-07-30 07:38:43.333000122 +0200 ++++ mmc-core-3.0.2/agent/mmc/Makefile.am 2011-07-30 07:41:43.306000122 +0200 +@@ -20,7 +20,7 @@ + # Author(s): + # Jean Parpaillon + # +-pythonmodules = support plugins plugins.base plugins.ppolicy \ ++pythonmodules = support plugins plugins.base plugins.ppolicy plugins.kerberos \ + core core.audit + + all-local: site.py +diff -uNr mmc-core-3.0.2.orig//agent/mmc/plugins/base/__init__.py mmc-core-3.0.2/agent/mmc/plugins/base/__init__.py +--- mmc-core-3.0.2.orig//agent/mmc/plugins/base/__init__.py 2011-07-30 07:38:43.331000122 +0200 ++++ mmc-core-3.0.2/agent/mmc/plugins/base/__init__.py 2011-07-30 07:39:59.352000122 +0200 +@@ -1322,6 +1322,10 @@ + attrs = [] + attrib = self.l.search_s(dn, ldap.SCOPE_BASE) + c, attrs = attrib[0] ++ # kerberos -> remove binary key from attrs ++ try: attrs.pop('krb5Key') ++ except: pass ++ # + newattrs = copy.deepcopy(attrs) + return newattrs + +@@ -1351,6 +1355,10 @@ + attrib = self.l.search_s(cn, ldap.SCOPE_BASE, attrlist = myattrlist) + + c,attrs=attrib[0] ++ # kerberos -> remove binary key from attrs ++ try: attrs.pop('krb5Key') ++ except: pass ++ # + + newattrs = copy.deepcopy(attrs) + +@@ -1541,8 +1549,13 @@ + @rtype: list + """ + if not base: base = self.baseUsersDN +- if (pattern==''): searchFilter = "uid=*" +- else: searchFilter = pattern ++ # kerberos -> search only PosixAccount ++ if (pattern==''): searchFilter = "(&(objectClass=posixAccount)(uid=*))" ++ elif pattern[0] == '(': ++ searchFilter = "(&(objectClass=posixAccount)%s)" % (pattern) ++ else: ++ searchFilter = "(&(objectClass=posixAccount)(%s))" % (pattern) ++ # + monoattrs = ["uid", "sn", "givenName", "mail"] + result_set = self.search(searchFilter, base, monoattrs + ["telephoneNumber", "loginShell", "objectClass"], ldap.SCOPE_ONELEVEL) + +diff -uNr mmc-core-3.0.2.orig//agent/mmc/plugins/kerberos/__init__.py mmc-core-3.0.2/agent/mmc/plugins/kerberos/__init__.py +--- mmc-core-3.0.2.orig//agent/mmc/plugins/kerberos/__init__.py 1970-01-01 01:00:00.000000000 +0100 ++++ mmc-core-3.0.2/agent/mmc/plugins/kerberos/__init__.py 2011-07-30 07:39:59.352000122 +0200 +@@ -0,0 +1,180 @@ ++# -*- coding: utf-8; -*- ++# ++# (c) 2004-2007 Linbox / Free&ALter Soft, http://linbox.com ++# (c) 2007 Mandriva, http://www.mandriva.com/ ++# (c) 2007 Kids-und-Co g.e.V http://www.kids-und-co.de ++# ++# $Id: __init__.py 108 2007-11-21 09:56:21Z iosifb $ ++# ++# This file is part of Mandriva Management Console (MMC). ++# ++# MMC is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# MMC is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with MMC; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ ++import logging ++import ldap.modlist ++import copy ++from mmc.plugins.base import ldapUserGroupControl ++import xmlrpclib ++from mmc.support.errorObj import errorMessage ++from mmc.support.mmcException import * ++from mmc.support import mmctools ++import mmc.plugins.base ++from mmc.support.config import * ++from mmc.plugins.base import ldapUserGroupControl ++ ++VERSION = "2.3.1" ++APIVERSION = "4:2:0" ++REVISION = int("$Rev: 108 $".split(':')[1].strip(' $')) ++ ++def getVersion(): return VERSION ++def getApiVersion(): return APIVERSION ++def getRevision(): return REVISION ++ ++def activate(): ++ """ ++ this function define if the module "base" can be activated. ++ @return: return True if this module can be activate ++ @rtype: boolean ++ """ ++ config = KerberosConfig("kerberos") ++ logger = logging.getLogger() ++ ++ if config.disabled: ++ logger.info("Kerberos plugin disabled by configuration.") ++ return False ++ ++ try: ++ ldapObj = ldapUserGroupControl() ++ except ldap.INVALID_CREDENTIALS: ++ logger.error("Can't bind to LDAP: invalid credentials.") ++ return False ++ ++ # Test if the Kerberos LDAP schema is available in the directory ++ try: ++ schema = ldapObj.getSchema("krb5KDCEntry") ++ if len(schema) <= 0: ++ logger.error("Kerberos schema is not included in LDAP directory"); ++ return False ++ except: ++ logger.exception("invalid schema") ++ return False ++ try: ++ schema = ldapObj.getSchema("krb5Principal") ++ if len(schema) <= 0: ++ logger.error("Kerberos schema is not included in LDAP directory"); ++ return False ++ except: ++ logger.exception("invalid schema") ++ return False ++ """ ++ TODO: Check kerberos database ++ """ ++ return True ++ ++def isKrbUser(uid): ++ return kerberosLdapControl().isKerberosUser(uid) ++ ++def addKrbAttr(uid,password): ++ return kerberosLdapControl().addKerberosAttr(uid,password) ++ ++def delKrbAttr(uid,password): ++ return kerberosLdapControl().delKerberosAttr(uid,password) ++ ++def changePassword(uid,password): ++ return kerberosLdapControl().changePassword(uid, password) ++ ++class KerberosConfig(PluginConfig): ++ def __init__(self,name, conffile = None): ++ PluginConfig.__init__(self,name, conffile = None) ++ self.setDefault() ++ self.readConfig() ++ ++ def readConfig(self): ++ PluginConfig.readConf(self) ++ self.realm = self.get("kerberos", "realm") ++ ++class kerberosLdapControl(mmc.plugins.base.ldapUserGroupControl): ++ ++ def __init__(self, conffile = None, conffilebase = None): ++ mmc.plugins.base.ldapUserGroupControl.__init__(self, conffilebase) ++ self.configKerberos = KerberosConfig("kerberos", conffile) ++ self.realm = self.configKerberos.realm ++ ++ def delKerberosAttr(self,uid,password): ++ # If the password has been encoded in the XML-RPC stream, decode it ++ if isinstance(password, xmlrpclib.Binary): ++ password = str(password) ++ dn = 'uid=' + uid + ',' + self.baseUsersDN ++ s = self.l.search_s(dn, ldap.SCOPE_BASE) ++ c, attr = s[0] ++ old = {} ++ new = {} ++ for key in attr.keys(): old[key.lower()] = attr[key] ++ new = copy.deepcopy(old) ++ # remove krb attributes ++ new.pop('krb5kdcflags') ++ new.pop('krb5principalname') ++ new.pop('krb5keyversionnumber') ++ try: new.pop('krb5key') ++ except KeyError: pass ++ newobjclasses = () ++ for s in new.pop('objectclass'): ++ if s[0:4] == 'krb5': pass ++ else: newobjclasses = newobjclasses + (s,) ++ new['objectclass'] = newobjclasses ++ modlist = ldap.modlist.modifyModlist(old, new) ++ #logger = logging.getLogger() ++ #logger.debug(newobjclasses) ++ #logger.debug(modlist) ++ self.l.modify_s(dn, modlist) ++ mmc.plugins.base.ldapUserGroupControl.changeUserPasswd(self,uid,password) ++ return True ++ ++ def addKerberosAttr(self,uid,password): ++ # If the password has been encoded in the XML-RPC stream, decode it ++ if isinstance(password, xmlrpclib.Binary): ++ password = str(password) ++ dn = 'uid=' + uid + ',' + self.baseUsersDN ++ s = self.l.search_s(dn, ldap.SCOPE_BASE) ++ c, attr = s[0] ++ old = {} ++ new = {} ++ for key in attr.keys(): old[key.lower()] = attr[key] ++ new = copy.deepcopy(old) ++ new['objectclass'] = new['objectclass'] + ['krb5Principal','krb5KDCEntry'] ++ new['userpassword'] = ['{K5Key}'] ++ new['krb5kdcflags'] = ['126'] ++ new['krb5keyversionnumber'] = ['0'] ++ new['krb5principalname'] = [uid+'@' +self.realm] ++ modlist = ldap.modlist.modifyModlist(old, new) ++ self.l.modify_s(dn, modlist) ++ self.l.passwd_s(dn, None, password) ++ return True ++ ++ def isKerberosUser(self,uid): ++ ret = False ++ if self.existUser(uid): ret = "krb5Principal" in self.getDetailedUser(uid)["objectClass"] ++ return ret ++ ++ def changePassword(self,uid,password): ++ # If the password has been encoded in the XML-RPC stream, decode it ++ if isinstance(password, xmlrpclib.Binary): ++ password = str(password) ++ dn = 'uid=' + uid + ',' + self.baseUsersDN ++ self.l.modify_s(dn, [(ldap.MOD_REPLACE,'userPassWord','{K5KEY}')]) ++ self.l.passwd_s(dn, None, password) ++ return True ++ ++ +diff -uNr mmc-core-3.0.2.orig//conf/plugins/kerberos.ini mmc-core-3.0.2/conf/plugins/kerberos.ini +--- mmc-core-3.0.2.orig//conf/plugins/kerberos.ini 1970-01-01 01:00:00.000000000 +0100 ++++ mmc-core-3.0.2/conf/plugins/kerberos.ini 2011-07-30 07:40:15.121000121 +0200 +@@ -0,0 +1,5 @@ ++[main] ++disable = 0 ++ ++[kerberos] ++realm = EXAMPLE.COM diff --git a/app-admin/mmc-core/mmc-core-3.0.2.ebuild b/app-admin/mmc-core/mmc-core-3.0.2.ebuild new file mode 100644 index 0000000..ebb67cd --- /dev/null +++ b/app-admin/mmc-core/mmc-core-3.0.2.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI="2" +SUPPORT_PYTHON_ABIS="1" + +inherit eutils autotools flag-o-matic + +MY_P="${P/_p/-}" +MY_PV="${PV/_p*/}" + +DESCRIPTION="The MMC Agent and its Core Python plugins." +HOMEPAGE="http://mds.mandriva.org/" +SRC_URI="http://mds.mandriva.org/pub/mmc-core/sources//${PV}/${P}.tar.gz" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="" + +SLOT="0" + +RDEPEND=">=dev-python/twisted-web-0.7.0 + >=dev-python/python-ldap-2.2.1 + >=dev-python/mysql-python-1.2.0 + >=dev-python/sqlalchemy-0.6.1 + >=dev-python/pyopenssl-0.10 + >=net-nds/openldap-2.4.26 + !app-admin/mmc-web-core + !app-admin/mmc-agent" + +DEPEND="$RDEPEND + sys-apps/lsb-release" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-3.0.2-kerberos-1.patch + epatch "${FILESDIR}"/${PN}-3.0.2-gentoo-1.patch + eautoreconf +} + +src_configure() { + append-flags -U_FORTIFY_SOURCE + econf --enable-check-password --with-ldap-confdir=/etc/openldap --with-ldap-libdir=/usr/$(get_libdir)/openldap/openldap +} + +src_install() { + emake install DESTDIR=${D} || die "install failed" + newinitd "${FILESDIR}"/mmc-agent.initd mmc-agent + keepdir /var/log/mmc + insinto etc/apache2/modules.d + newins ${D}/etc/mmc/apache/mmc.conf 90_mmc.conf + rm -rf ${D}/etc/mmc/apache +} + +pkg_postinst() { + elog "To disable some plugin in your mmc environments, you have to set" + elog "disable to 1 in /etc/mmc/plugins/*.ini" + elog "(one config file per service)" + elog "You can't disable the base plugin." +}