package phpldapadmin tag 578981 + patch thanks Le dimanche 17 oct. 2010 à 19:18:01 (+0200), Julien Valroff a écrit : > > I can work on a patch but would need someone to carefully test the changes > as I do not use LDAP myself.
I attach a NMU diff which I'd like someone test in "real conditions" before announcing a real NMU to the maintainer. lsdiff: phpldapadmin-1.2.0.5/debian/changelog phpldapadmin-1.2.0.5/debian/config phpldapadmin-1.2.0.5/debian/control phpldapadmin-1.2.0.5/debian/postinst phpldapadmin-1.2.0.5/debian/postrm diffstat: changelog | 8 ++ config | 181 ++++++++++++++++++++++++++++++-------------------------------- control | 2 postinst | 45 +++++++-------- postrm | 15 ++++- 5 files changed, 135 insertions(+), 116 deletions(-) Cheers, Julieen -- Julien Valroff <jul...@kirya.net> http://www.kirya.net GPG key: 1024D/9F71D449 17F4 93D8 746F F011 B845 9F91 210B F2AB 9F71 D449
diff -urN phpldapadmin-1.2.0.5/debian/changelog phpldapadmin-1.2.0.5.new//debian/changelog --- phpldapadmin-1.2.0.5/debian/changelog 2010-10-17 21:02:08.000000000 +0200 +++ phpldapadmin-1.2.0.5.new//debian/changelog 2010-10-17 21:00:51.000000000 +0200 @@ -1,3 +1,11 @@ +phpldapadmin (1.2.0.5-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Handle /etc/phpldapadmin/config.php as a conffile using ucf and ensure + user changes are preserved on package uprgade (Closes: #578981) + + -- Julien Valroff <jul...@kirya.net> Sun, 17 Oct 2010 20:59:30 +0200 + phpldapadmin (1.2.0.5-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. diff -urN phpldapadmin-1.2.0.5/debian/config phpldapadmin-1.2.0.5.new//debian/config --- phpldapadmin-1.2.0.5/debian/config 2010-10-17 21:02:08.000000000 +0200 +++ phpldapadmin-1.2.0.5.new//debian/config 2010-10-17 21:31:30.000000000 +0200 @@ -6,115 +6,112 @@ db_version 2.0 || [ $? -lt 30 ] # Autoconfiguration for phpldapadmin -if [ ! -f $CONFFILE ] || [ `md5sum $CONFFILE | awk '{print $1}'` = "49dc066603a3a22a24eb482181912c57" ]; then - # Let's try to read default from slapd.conf, libnss-ldap.conf or libpam_ldap.conf - if [ -f /etc/ldap/slapd.conf ]; then - ldapserver="localhost" - if grep "^TLS" /etc/ldap/slapd.conf > /dev/null 2>&1; then - tls="true" - else - tls="false" - fi - basedn=`grep ^suffix /etc/ldap/slapd.conf | awk '{print $2}' | sed -e s/\"//g` - binddn=`grep -e "by dn=.* write" /etc/ldap/slapd.conf | cut -d"\"" -f2 | head -n1` - elif [ -f /etc/libnss-ldap.conf ]; then - if grep "^host" /etc/libnss-ldap.conf > /dev/null 2>&1; then - ldapserver=`grep ^host /etc/libnss-ldap.conf | awk '{print $2}'` - elif grep "^uri" /etc/libnss-ldap.conf > /dev/null 2>&1; then - ldapserver=`grep ^uri /etc/libnss-ldap.conf | sed -e s@/@@g | awk -F : '{print $2}'` - fi - if grep "^TLS" /etc/libnss-ldap.conf > /dev/null 2>&1; then - tls="true" - else - tls="false" - fi - basedn=`grep -e "^base" /etc/libnss-ldap.conf | awk '{print $2}' | sed -e s/\"//g` - binddn=`grep -e "^rootbinddn" /etc/libnss-ldap.conf | awk '{print $2}'` - elif [ -f /etc/pam_ldap.conf ]; then - if grep "^host" /etc/pam_ldap.conf > /dev/null 2>&1; then - ldapserver=`grep ^host /etc/pam_ldap.conf | awk '{print $2}'` - elif grep "^uri" /etc/pam_ldap.conf > /dev/null 2>&1; then - ldapserver=`grep ^uri /etc/pam_ldap.conf | sed -e s@/@@g | awk -F : '{print $2}'` - fi - if grep "^TLS" /etc/pam_ldap.conf > /dev/null 2>&1; then - tls="true" - else - tls="false" - fi - basedn=`grep -e "^base" /etc/pam_ldap.conf | awk '{print $2}' | sed -e s/\"//g` - binddn=`grep -e "^rootbinddn" /etc/pam_ldap.conf | head -n1 | awk '{print $2}'` +# Let's try to read default from slapd.conf, libnss-ldap.conf or libpam_ldap.conf +if [ -f /etc/ldap/slapd.conf ]; then + ldapserver="localhost" + if grep "^TLS" /etc/ldap/slapd.conf > /dev/null 2>&1; then + tls="true" + else + tls="false" fi - - if [ -f /etc/ldap.secret ]; then - bindpw=`head -n1 /etc/ldap.secret` + basedn=`grep ^suffix /etc/ldap/slapd.conf | awk '{print $2}' | sed -e s/\"//g` + binddn=`grep -e "by dn=.* write" /etc/ldap/slapd.conf | cut -d"\"" -f2 | head -n1` +elif [ -f /etc/libnss-ldap.conf ]; then + if grep "^host" /etc/libnss-ldap.conf > /dev/null 2>&1; then + ldapserver=`grep ^host /etc/libnss-ldap.conf | awk '{print $2}'` + elif grep "^uri" /etc/libnss-ldap.conf > /dev/null 2>&1; then + ldapserver=`grep ^uri /etc/libnss-ldap.conf | sed -e s@/@@g | awk -F : '{print $2}'` fi - - if [ "$ldapserver" = "" ]; then - db_input medium phpldapadmin/ldap-server || true - db_go || true - db_get phpldapadmin/ldap-server || true - ldapserver="$RET" + if grep "^TLS" /etc/libnss-ldap.conf > /dev/null 2>&1; then + tls="true" else - db_set phpldapadmin/ldap-server $ldapserver || true + tls="false" fi - - if [ "$tls" = "" ]; then - db_input medium phpldapadmin/ldap-tls || true - db_go || true - db_get phpldapadmin/ldap-tls || true - tls="$RET" + basedn=`grep -e "^base" /etc/libnss-ldap.conf | awk '{print $2}' | sed -e s/\"//g` + binddn=`grep -e "^rootbinddn" /etc/libnss-ldap.conf | awk '{print $2}'` +elif [ -f /etc/pam_ldap.conf ]; then + if grep "^host" /etc/pam_ldap.conf > /dev/null 2>&1; then + ldapserver=`grep ^host /etc/pam_ldap.conf | awk '{print $2}'` + elif grep "^uri" /etc/pam_ldap.conf > /dev/null 2>&1; then + ldapserver=`grep ^uri /etc/pam_ldap.conf | sed -e s@/@@g | awk -F : '{print $2}'` + fi + if grep "^TLS" /etc/pam_ldap.conf > /dev/null 2>&1; then + tls="true" else - db_set phpldapadmin/ldap-tls $tls || true + tls="false" fi + basedn=`grep -e "^base" /etc/pam_ldap.conf | awk '{print $2}' | sed -e s/\"//g` + binddn=`grep -e "^rootbinddn" /etc/pam_ldap.conf | head -n1 | awk '{print $2}'` +fi - if [ "$tls" = "true" ]; then - ldapserver="ldaps:\\/\\/$ldapserver" - db_set phpldapadmin/ldap-server $ldapserver || true - fi +if [ -f /etc/ldap.secret ]; then + bindpw=`head -n1 /etc/ldap.secret` +fi - if [ "$basedn" = "" ]; then - db_input medium phpldapadmin/ldap-basedn || true - db_go || true - db_get phpldapadmin/ldap-basedn || true - basedn="$RET" - else - db_set phpldapadmin/ldap-basedn $basedn || true - fi - - db_input medium phpldapadmin/ldap-authtype || true +if [ "$ldapserver" = "" ]; then + db_input medium phpldapadmin/ldap-server || true db_go || true - db_get phpldapadmin/ldap-authtype || true - authtype="$RET" + db_get phpldapadmin/ldap-server || true + ldapserver="$RET" +else + db_set phpldapadmin/ldap-server $ldapserver || true +fi - if [ "$binddn" = "" ]; then - db_set phpldapadmin/ldap-binddn "cn=admin,$basedn" - db_input medium phpldapadmin/ldap-binddn || true - db_go || true - else - db_set phpldapadmin/ldap-binddn $binddn || true - fi +if [ "$tls" = "" ]; then + db_input medium phpldapadmin/ldap-tls || true + db_go || true + db_get phpldapadmin/ldap-tls || true + tls="$RET" +else + db_set phpldapadmin/ldap-tls $tls || true +fi - if [ "$authtype" = "config" ]; then - if [ "$bindpw" = "" ]; then - db_input medium phpldapadmin/ldap-bindpw || true - db_go || true - else - db_set phpldapadmin/ldap-bindpw $bindpw || true - fi - fi +if [ "$tls" = "true" ]; then + ldapserver="ldaps:\\/\\/$ldapserver" + db_set phpldapadmin/ldap-server $ldapserver || true +fi - # Apache* autoconfiguration - db_input medium phpldapadmin/reconfigure-webserver || true +if [ "$basedn" = "" ]; then + db_input medium phpldapadmin/ldap-basedn || true db_go || true - db_get phpldapadmin/reconfigure-webserver || true - webservers="$RET" - - if [ ! "$webservers" = "" ]; then - db_input medium phpldapadmin/restart-webserver || true + db_get phpldapadmin/ldap-basedn || true + basedn="$RET" +else + db_set phpldapadmin/ldap-basedn $basedn || true +fi + +db_input medium phpldapadmin/ldap-authtype || true +db_go || true +db_get phpldapadmin/ldap-authtype || true +authtype="$RET" + +if [ "$binddn" = "" ]; then + db_set phpldapadmin/ldap-binddn "cn=admin,$basedn" + db_input medium phpldapadmin/ldap-binddn || true + db_go || true +else + db_set phpldapadmin/ldap-binddn $binddn || true +fi + +if [ "$authtype" = "config" ]; then + if [ "$bindpw" = "" ]; then + db_input medium phpldapadmin/ldap-bindpw || true db_go || true + else + db_set phpldapadmin/ldap-bindpw $bindpw || true fi +fi + +# Apache* autoconfiguration +db_input medium phpldapadmin/reconfigure-webserver || true +db_go || true +db_get phpldapadmin/reconfigure-webserver || true +webservers="$RET" +if [ ! "$webservers" = "" ]; then + db_input medium phpldapadmin/restart-webserver || true + db_go || true fi #DEBHELPER# diff -urN phpldapadmin-1.2.0.5/debian/control phpldapadmin-1.2.0.5.new//debian/control --- phpldapadmin-1.2.0.5/debian/control 2010-10-17 21:02:08.000000000 +0200 +++ phpldapadmin-1.2.0.5.new//debian/control 2010-10-17 20:55:26.000000000 +0200 @@ -7,7 +7,7 @@ Package: phpldapadmin Architecture: all -Depends: apache2 | httpd, php5-ldap, libapache2-mod-php5 | libapache-mod-php5 | php5-cgi | php5, ${misc:Depends} +Depends: apache2 | httpd, php5-ldap, libapache2-mod-php5 | libapache-mod-php5 | php5-cgi | php5, ucf (>= 0.28), ${misc:Depends} Description: web based interface for administering LDAP servers phpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP diff -urN phpldapadmin-1.2.0.5/debian/postinst phpldapadmin-1.2.0.5.new//debian/postinst --- phpldapadmin-1.2.0.5/debian/postinst 2010-10-17 21:02:08.000000000 +0200 +++ phpldapadmin-1.2.0.5.new//debian/postinst 2010-10-17 21:08:33.000000000 +0200 @@ -13,58 +13,59 @@ if [ "$1" = "configure" ]; then - if [ ! -f $CONFFILE ]; then - cp /usr/share/phpldapadmin/config/config.php.example $CONFFILE - chown -R root:www-data $CONFFILE - chmod 0640 $CONFFILE - if [ ! -e /usr/share/phpldapadmin/config/config.php ]; then - ln -s $CONFFILE /usr/share/phpldapadmin/config/config.php - fi - else - if [ ! -e /usr/share/phpldapadmin/config/config.php ]; then - ln -s $CONFFILE /usr/share/phpldapadmin/config/config.php - fi - exit 0 - fi + tempfile=`mktemp` + cp /usr/share/phpldapadmin/config/config.php.example ${tempfile} db_get phpldapadmin/ldap-server || true ldapserver="$RET" - sed -i -e "s#// \$servers->setValue('server','host','127.0.0.1');#\$servers->setValue('server','host','$ldapserver');#g" $CONFFILE + sed -i -e "s#// \$servers->setValue('server','host','127.0.0.1');#\$servers->setValue('server','host','$ldapserver');#g" ${tempfile} db_get phpldapadmin/ldap-tls || true tls="$RET" if [ "$tls" = "true" ]; then - sed -i -e "s#// \$servers->setValue('server','port',389);#\$servers->setValue('server','port',636);#g" $CONFFILE - sed -i -e "s#// \$servers->setValue('server','tls',false);#\$servers->setValue('server','tls',true);#g" $CONFFILE + sed -i -e "s#// \$servers->setValue('server','port',389);#\$servers->setValue('server','port',636);#g" ${tempfile} + sed -i -e "s#// \$servers->setValue('server','tls',false);#\$servers->setValue('server','tls',true);#g" ${tempfile} fi db_get phpldapadmin/ldap-basedn || true basedn="$RET" - sed -i -e "s#// \$servers->setValue('server','base',array(''));#\$servers->setValue('server','base',array('$basedn'));#g" $CONFFILE + sed -i -e "s#// \$servers->setValue('server','base',array(''));#\$servers->setValue('server','base',array('$basedn'));#g" ${tempfile} db_get phpldapadmin/ldap-authtype || true authtype="$RET" - sed -i -e "s#// \$servers->setValue('login','auth_type','session');#\$servers->setValue('login','auth_type','$authtype');#g" $CONFFILE + sed -i -e "s#// \$servers->setValue('login','auth_type','session');#\$servers->setValue('login','auth_type','$authtype');#g" ${tempfile} db_get phpldapadmin/ldap-binddn || true binddn="$RET" - sed -i -e "s#// \$servers->setValue('login','bind_id','');#\$servers->setValue('login','bind_id','$binddn');#g" $CONFFILE + sed -i -e "s#// \$servers->setValue('login','bind_id','');#\$servers->setValue('login','bind_id','$binddn');#g" ${tempfile} if [ "$authtype" = "config" ]; then db_get phpldapadmin/ldap-bindpw || true bindpw="$RET" - sed -i -e "s#// \$servers->setValue('login','bind_pass','');#\$servers->setValue('login','bind_pass','$bindpw');#g" $CONFFILE + sed -i -e "s#// \$servers->setValue('login','bind_pass','');#\$servers->setValue('login','bind_pass','$bindpw');#g" ${tempfile} + fi + + chown root:www-data ${tempfile} + chmod 0640 ${tempfile} + + ucf --debconf-ok ${tempfile} $CONFFILE + ucfr phpldapadmin $CONFFILE + + if [ ! -e /usr/share/phpldapadmin/config/config.php ]; then + ln -s $CONFFILE /usr/share/phpldapadmin/config/config.php fi + rm -f ${tempfile} + # Autoconfiguration for apache* db_get phpldapadmin/reconfigure-webserver || true webservers="$RET" restart="" - + for webserver in $webservers; do webserver=${webserver%,} test -x /usr/sbin/$webserver || continue - + case "$webserver" in apache|apache-perl|apache-ssl) if [ -x /usr/sbin/modules-config ]; then diff -urN phpldapadmin-1.2.0.5/debian/postrm phpldapadmin-1.2.0.5.new//debian/postrm --- phpldapadmin-1.2.0.5/debian/postrm 2010-10-17 21:02:08.000000000 +0200 +++ phpldapadmin-1.2.0.5.new//debian/postrm 2010-10-17 21:22:00.000000000 +0200 @@ -45,8 +45,21 @@ purge) rm -f /usr/share/phpldapadmin/config/config.php + + for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do + rm -f /etc/phpldapadmin/config.php$ext + done + rm -f /etc/phpldapadmin/config.php - rmdir --ignore-fail-on-non-empty /etc/phpldapadmin || true + + if which ucf >/dev/null; then + ucf --purge /etc/phpldapadmin/config.php + fi + if which ucfr >/dev/null; then + ucfr --purge phpldapadmin /etc/phpldapadmin/config.php + fi + + rmdir --ignore-fail-on-non-empty /etc/phpldapadmin || true ;; esac
signature.asc
Description: Digital signature