Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37756542
en ru br
Репозитории ALT
S:0.44.5-alt1
5.1: 0.10-alt2
4.1: 0.6-alt3.M41.4
4.0: 0.3-alt1.M40.2
www.altlinux.org/Changes

Группа :: Система/Настройка/Прочее
Пакет: alterator-auth

 Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR  Repocop 

alterator-auth-0.10/000075500000000000000000000000001121426042600143625ustar00rootroot00000000000000alterator-auth-0.10/Makefile000064400000000000000000000001721121426042600160220ustar00rootroot00000000000000NAME=auth

INSTALL=/usr/bin/install

all: 
clean: 
install: install-module

include /usr/share/alterator/build/module.mak
alterator-auth-0.10/applications/000075500000000000000000000000001121426042600170505ustar00rootroot00000000000000alterator-auth-0.10/applications/auth.desktop000064400000000000000000000003711121426042600214050ustar00rootroot00000000000000[Desktop Entry]
Type=Application
Categories=X-Alterator-Users
Icon=auth
Terminal=false
Name=Authentication
X-Alterator-URI=/auth
X-Alterator-Weight=20
X-Alterator-Help=auth
Name[ru]=п░я┐я┌п╣п╫я┌п╦я└п╦п╨п╟я├п╦я▐
Name[uk]=п░я┐я┌п╣п╫я┌п╦я└я√п╨п╟я├я√я▐
alterator-auth-0.10/backend3/000075500000000000000000000000001121426042600160345ustar00rootroot00000000000000alterator-auth-0.10/backend3/auth000075500000000000000000000042121121426042600167220ustar00rootroot00000000000000#!/bin/sh

#common part
po_domain="alterator-auth"
alterator_api_version=1
ldap_uri_re='^(ldap|ldapi|ldaps)://[.a-zA-Z0-9_-]+$'
rdelim='[[:space:]]\+'
wdelim=' '

. alterator-sh-functions
. shell-config
. shell-quote

#turn off auto expansion
set -f

host_2_dn()
{
    local host="$1" ; shift
    host="$(echo $host|sed -e "s/^/dc=/"|sed -e "s/\./,dc=/g")"
    echo "$host"
}

list_domain()
{
	local __ prefix ip txt role domain

    write_enum_item "local" "$(_ "local")"
	avahi-browse -prtk _server._tcp 2>/dev/null|
		while IFS=';' read prefix __ __ __ __ __ __ ip __ txt; do
			[ "$prefix" = "=" ] || continue
			role="$(txt_record role "$txt")"
			[ "$role" = "master" ] || continue
			domain="$(txt_record domain "$txt")"
            write_enum_item "$domain" "$domain ($ip)"
		done
    write_enum_item "custom" "$(_ "custom")"
}

txt_record()
{
	echo "$2" |
		sed -n "s/\(^\|.*[[:space:]]\)\"$(quote_sed_regexp "$1")=\([^\"]*\)\".*/\2/p"
}

dn_2_host()
{
    local dn="$1"
    local host=

    echo "$dn"|sed -e 's/^dc=//i'|sed -e 's/,dc=/\./g'
}

read_current()
{
    local data="$(/usr/sbin/system-auth status)"
    local status="$(echo "$data"|cut -f1 -d' ')"
    local dn

    [ "$status" = "krb5" ] && dn="$(echo "$data"|cut -f2 -d' ')" &&  dn_2_host "$dn" && return

    echo "not set"
}

on_message()
{
	case "$in_action" in
	    type)
        write_type_item domain_name hostname
        write_type_item domain hostname
		;;
	    list)
		[ "$in__objects" = "avail_domain" ] && list_domain
		;;
	    read)
        write_string_param current_domain "$(read_current)"

		;;
	    write)

        [ -z "$in_domain" ] && fatal "$(_ "Domain not set")"

        case "$in_domain" in
            local)
                /usr/sbin/system-auth write local
            ;;
            custom)
                [ -z "$in_domain_name" ] && fatal "$(_ "Domain not set")"
                /usr/sbin/system-auth write krb5 "$(host_2_dn "$in_domain_name")" ldap://ldap."$in_domain_name"
            ;;
            *)
                /usr/sbin/system-auth write krb5 "$(host_2_dn "$in_domain")" ldap://ldap."$in_domain"
            ;;
        esac

        write_nop
		;;
	esac
}

message_loop
alterator-auth-0.10/hooks/000075500000000000000000000000001121426042600155055ustar00rootroot00000000000000alterator-auth-0.10/hooks/auth000064400000000000000000000011401121426042600163650ustar00rootroot00000000000000#!/bin/sh -f

# if we are not server 
[ -f /etc/sysconfig/system ] || exit 0

. /etc/sysconfig/system

[ -n "$SERVER_ROLE" ] || exit 0

authtool="/usr/sbin/system-auth"

. shell-quote
. shell-error

olddomain="$1" ; shift
newdomain="$1" ; shift

host_2_dn()
{
    local host="$1" ; shift
    host="$(echo $host|sed -e "s/^/dc=/"|sed -e "s/\./,dc=/g")"
    echo "$host"
}

rename()
{
    local new="${2#*.}" ; shift
    [ -z "$new" ] && fatal "new domain must be set"

    uri="ldap://127.0.0.1"
    basedn="$(host_2_dn "$new")"

    $authtool write ldap "$basedn" "$uri"
}

rename "$olddomain" "$newdomain"

alterator-auth-0.10/sbin/000075500000000000000000000000001121426042600153155ustar00rootroot00000000000000alterator-auth-0.10/sbin/system-auth000075500000000000000000000111231121426042600175240ustar00rootroot00000000000000#!/bin/sh

rdelim='[[:space:]]\+'
wdelim=' '

#pam configuration
pamldapfile="/etc/pam_ldap.conf"

#nss configuration
nssldapfile=
nssldapfile1="/etc/nss_ldap.conf"
nssldapfile2="/etc/nss-ldapd.conf"
nsswitchfile="/etc/nsswitch.conf"

#openldap conf
ldap_conf="/etc/openldap/ldap.conf"

# krb conf
krb5_conf="/etc/krb5.conf"

#select between nss_ldap and nss_ldapd
[ -f "$nssldapfile1" ] && nssldapfile="$nssldapfile1"
[ -f "$nssldapfile2" ] && nssldapfile="$nssldapfile2"

. shell-config
. shell-quote
. shell-error

#turn off auto expansion
set -f

# getting current auth
get_status()
{
    local status="$(/usr/sbin/control system-auth)"

    case "$status" in
        local) 
            echo "local"
        ;;
        ldap)
            echo -n "ldap " && pam_ldap_info
        ;;
        krb5)
            echo -n "krb5 " && pam_ldap_info
        ;;
        *)
            echo "unknown status"
        ;;
    esac
}

list()
{
    # always local
    echo "local" 
   
    # checking pam_ldap and libnss_ldap libs
    [ -n "$(find /$(getconf SLIB)/security -maxdepth 1 -name 'pam_ldap.*')" ] &&
	[ -n "$(find /$(getconf SLIB) -maxdepth 1 -name 'libnss_ldap.so.*')" ] &&
    echo "ldap"
   
    # checking ldap and krb5 libs
    [ -n "$(find /$(getconf SLIB)/security -maxdepth 1 -name 'pam_ldap.*')" ] &&
	[ -n "$(find /$(getconf SLIB) -maxdepth 1 -name 'libnss_ldap.so.*')" ] &&
	[ -n "$(find /$(getconf SLIB) -maxdepth 1 -name 'libkrb5.so.*')" ] &&
	echo "krb5" 
}

pam_ldap_info()
{
    local uri basedn

    uri="$(read_pam_ldap uri)"
    basedn="$(read_pam_ldap base)"

    check_uri "$uri" && check_basedn "$basedn" && echo "$basedn $uri" 
}

check_uri()
{
    local uri="$1"

    [ -z "$uri" ] && message "$0 (check_uri) uri not set" && return 1

    [ -z "$(echo "$uri"| egrep "^ldap[s|i]?:\/\/[^\/]+/?$")" ] && message "$0 (check_uri) invalid uri format" && return 1

    :
}

check_basedn()
{
    local basedn="$1"

    [ -z "$basedn" ] && message "$0 (check_basedn) basedn not set" && return 1
    
    [ -z "$(echo "$basedn"| egrep "^dc=[^,]+(,dc=[^,]+)*$")" ] && message "$0 (check_basedn) invalid basedn format" && return 1

    :
}

read_pam_ldap()
{
    read_config "$pamldapfile" "$1"
}

read_config()
{
    shell_config_get "$1" "$2" "$rdelim"
}


write_profile()
{
    /usr/sbin/control system-auth "$1" &&
    case "$1" in
	local)
	    write_nsswitch "passwd" "files"
	    write_nsswitch "shadow" "tcb files"
	    write_nsswitch "group" "files"
	    ;;
	ldap)
	    write_nsswitch "passwd" "files ldap"
	    write_nsswitch "shadow" "tcb files ldap"
	    write_nsswitch "group" "files ldap"
	    ;;
	krb5)
	    write_nsswitch "passwd" "files ldap"
	    write_nsswitch "shadow" "tcb files ldap"
	    write_nsswitch "group" "files ldap"
	    ;;
    esac
}

write_nsswitch()
{
    write_config "$nsswitchfile" "$1:" "$2" 
}

write_2_ldap()
{
    write_pam_ldap "$1" "$2"
    write_nss_ldap "$1" "$2"
    write_ldap_conf "$1" "$2"
}

write_pam_ldap()
{
    write_config "$pamldapfile" "$1" "$2"
}

write_nss_ldap()
{
    write_config "$nssldapfile" "$1" "$2"
}

write_ldap_conf()
{
    # ugly, but effective
    sed -r -i -e "/^[^#]*$1.*$/Id" "$ldap_conf"
    echo "$1 $2" >> "$ldap_conf"
}

write_config()
{
    shell_config_set "$1" "$2" "$3" "$rdelim" "$wdelim"
}

dn_2_host()
{
    local dn="$1"

    echo "$dn"|sed -e 's/^dc=//i'|sed -e 's/,dc=/\./g'
}


remove_host_from_confs()
{
    del_from_conf_var "$pamldapfile" "host" && del_from_conf_var "$nssldapfile" "host"
}

del_from_conf_var()
{
    shell_config_del "$1" "$2" "$rdelim"
}


#initial settings
init()
{
    # removing host parameter from pam_ldap_conf
    remove_host_from_confs
    [ ! -s "$nssldapfile1" ] || write_config "$nssldapfile1" bind_policy soft
    [ ! -s "$nssldapfile1" ] || write_config "$nssldapfile1" bind_timelimit 30
}

action="$1" ; shift
[ $# -ge 1 ] && object="$1" && shift

case "$action" in
    status)
        get_status
    ;;
    list)
        list
    ;;
    write)
    case "$object" in
        local)
            write_profile "$object"
        ;;
        ldap)
        if  check_basedn "$1" && check_uri "$2"  ;then
            init
            write_profile "$object"
            write_2_ldap base "$1"
            write_2_ldap uri "$2"
        else
            exit 1
        fi
        ;;
        krb5)
        if  check_basedn "$1" && check_uri "$2" ;then
            init
            write_profile "$object"
            write_2_ldap base "$1"
            write_2_ldap uri "$2"
        else
            exit 1
        fi
        ;;
        *)
            fatal "unknown auth type $object"
        ;;
    esac
    ;;
    *)
        echo "$0 action [object]"
    ;;
esac
alterator-auth-0.10/ui/000075500000000000000000000000001121426042600147775ustar00rootroot00000000000000alterator-auth-0.10/ui/auth/000075500000000000000000000000001121426042600157405ustar00rootroot00000000000000alterator-auth-0.10/ui/auth/ajax.scm000064400000000000000000000010321121426042600173630ustar00rootroot00000000000000(define-module (ui auth ajax)
    :use-module (alterator woo)
    :use-module (alterator ajax)
    :export (init))

(define (update-domain)
    (let ((domain (form-value "domain")))
    (form-update-visibility '("domain_name") (string=? domain "custom"))))

(define (ui-init)
    (let ((data (woo-read-first "/auth")))
    (form-update-value-list '("current_domain") data)
    (form-update-enum "domain" (woo-list "/auth/avail_domain"))
    (update-domain)))

(define (init)
    (ui-init)
    (form-bind "domain" "change" update-domain))
alterator-auth-0.10/ui/auth/index.html000064400000000000000000000016541121426042600177430ustar00rootroot00000000000000<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<!-- authentication administration module -->
<html wf="form">
  <head>
  </head>
  <body>
    <form method="POST">
      <table class="form-table">
  <tr>
	  <td><span translate="_" name="current_domain">Current domain:</span></td>
	  <td><span class="alterator-label" name="current_domain"/></td>
	</tr>

	<tr>
	    <td colspan="2">&nbsp;</td>
	</tr>
        <tr>
	  <td><span translate="_">Domain list:</span></td>
          <td>
	    <select name="domain" enumref="/auth/avail_domain"/>
	  </td>
	</tr>
	<tr>
	  <td>&nbsp;</td>
	  <td>
		<input type="text" class="text" name="domain_name" style="width:98%"/>
      </td>
	</tr>
	<tr>
	  <td colspan="2">&nbsp;</td>
	</tr>
	<tr>
	    <td>&nbsp;</td>
	    <td>
		<input type="submit" value="Apply" class="btn"/>&nbsp;
	    </td>
	</tr>
      </table>
      <br/>
    </form>
  </body>
</html>
alterator-auth-0.10/ui/auth/index.scm000064400000000000000000000023521121426042600175550ustar00rootroot00000000000000(document:surround "/std/frame")

;;; Functions
(define (update-domain)
  (let ((domain (form-value "domain")))
    (form-update-visibility '("domain_name") (string=? domain "custom"))))

(define (ui-commit)
  (catch/message
    (lambda()
      (apply woo-write
	     "/auth"
	     (form-value-list))
      (form-update-value-list '("current_domain") (woo-read-first "/auth")))))

(define (ui-init)
    (let ((data (woo-read-first "/auth")))
    (form-update-value-list '("current_domain") data)
    (form-update-enum "domain" (woo-list "/auth/avail_domain"))
    (update-domain)))

;;; UI
(gridbox
    columns "0;100"
    margin 50

    (label text (_ "Current domain:") align "right")
    (label name "current_domain")

    (label colspan 2)

    (label text (_ "Domain list:") align "right")
    (combobox name "domain")
    
    (spacer)
    (edit name "domain_name" visibility #t)
    
    (label colspan 2)
    
    (if (global 'frame:next)
    (label)
    (hbox align "left"
	(button name "apply" text (_ "Apply") (when clicked (ui-commit)))))
)

;;; Logic

(document:root
  (when loaded
    (ui-init)
    (form-bind "domain" "change" update-domain)))

(frame:on-back (thunk (or (ui-commit) 'cancel)))
(frame:on-next (thunk (or (ui-commit) 'cancel)))
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin