Bug#610117: nslcd: Avoid loosing previous configuration values by nslcd debconf: authentication scenarios are handled in postint

[Arthur de Jong]

tags 610117 + pending
thanks

On Sat, 2011-01-15 at 15:10 +0100, Daniel Dehennin wrote:
> Here are some change to the nslcd debconf to avoid loosing the previous
> configuration on dpkg-reconfigure.

Thanks for the patch and sorry for not getting back to you sooner. It
took some time to do some tests with this to see if preseeding is still
handled OK (I think it is).

I've integrated your patch and it will be in the next release.

Thanks again!

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Bug#610117: nslcd: Avoid loosing previous configuration values by nslcd debconf: authentication scenarios are handled in postint

[Daniel Dehennin]

Package: nslcd
Version: 0.8.0
Severity: wishlist

Here are some change to the nslcd debconf to avoid loosing the previous
configuration on dpkg-reconfigure.

Any change to the configuration file prevails on debconf, this permit to
avoid "clearing settings to pick up valus from configfile".

Here is my changelog:

* debian/nslcd.config: Do not reset all debconf values when the
  configuration file exists.
  Deduce authentication type only if not defined.
  Keep all authentication values in debconf, postinst handle them.
  (read_config): Overwrite debconf value whent it differs from
  configuration file.
  (parsesys): Remove useless statements.

* debian/nslcd.postinst: Handle all the authentication scenarios.
  (cfg_disable): Can take more than one paremeter.

Tested on my system:
- install with priority high
- reconfigure with priority low -> SASL -> DIGEST-MD5
- reconfigure with priority low -> no authentication -> disable all SASL options
- reconfigure with priority low -> SASL -> all SASL options are predefined
  as in first reconfigure
- edit /etc/nslcd.conf -> sasl_mech GSSAPI
- reconfigure with priority low -> SASL is preselected -> GSSAPI is preselected

Regards.
-- System Information:
Debian Release: 6.0
  APT prefers sid
  APT policy: (500, 'sid'), (500, 'unstable'), (90, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37+hati.1 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-- 
Daniel Dehennin
Récupérer ma clef GPG:
gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1

diff --git a/debian/nslcd.config b/debian/nslcd.config
index 933c5e3..9ef3240 100644
--- a/debian/nslcd.config
+++ b/debian/nslcd.config
@@ -26,13 +26,11 @@ read_config()
 {
   debconf_param="$1"
   cfg_param="$2"
-  # get debconf value to ensure we don't overwrite an already set value
+  # overwrite debconf value if different from config file
   db_get "$debconf_param"
-  if [ -z "$RET" ]
-  then
-value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
-[ -n "$value" ] && db_set "$debconf_param" "$value"
-  fi
+  debconf_value="$RET"
+  cfgfile_value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
+  [ -n "$cfgfile_value" ] && [ "$debconf_value" != "$cfgfile_value" ] && db_set "$debconf_param" "$cfgfile_value"
   # we're done
   return 0
 }
@@ -49,8 +47,6 @@ parsesys()
 [ -z "$domain" ] && domain=`hostname --nis | grep '\.'` || true
 [ -z "$domain" ] && domain=`hostname --fqdn | sed -n 's/^[^.]*\.//p'` || true
 [ -z "$domain" ] && domain=`sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf | head -n 1` || true
-db_get nslcd/ldap-base
-searchbase="$RET"
 # if the ldap-base value doesn't seem to be preseeded, try to use the
 # domain name to build the default base
 if [ -n "$domain" ]
@@ -148,17 +144,17 @@ parsecfg()
 if [ -f "$CONFFILE" ]
 then
   # clear settings to pick up valus from configfile
-  db_set nslcd/ldap-uris ""
-  db_set nslcd/ldap-base ""
-  db_set nslcd/ldap-binddn ""
-  db_set nslcd/ldap-bindpw ""
-  db_set nslcd/ldap-sasl-mech ""
-  db_set nslcd/ldap-sasl-realm ""
-  db_set nslcd/ldap-sasl-authcid ""
-  db_set nslcd/ldap-sasl-authzid ""
-  db_set nslcd/ldap-sasl-secprops ""
-  db_set nslcd/ldap-starttls ""
-  db_set nslcd/ldap-reqcert ""
+  # db_set nslcd/ldap-uris ""
+  # db_set nslcd/ldap-base ""
+  # db_set nslcd/ldap-binddn ""
+  # db_set nslcd/ldap-bindpw ""
+  # db_set nslcd/ldap-sasl-mech ""
+  # db_set nslcd/ldap-sasl-realm ""
+  # db_set nslcd/ldap-sasl-authcid ""
+  # db_set nslcd/ldap-sasl-authzid ""
+  # db_set nslcd/ldap-sasl-secprops ""
+  # db_set nslcd/ldap-starttls ""
+  # db_set nslcd/ldap-reqcert ""
   # parse current configuration
   parsecfg "$CONFFILE"
 else
@@ -180,18 +176,22 @@ db_get nslcd/ldap-starttls
 [ -z "$RET" ] && db_set nslcd/ldap-starttls "false"
 
 # deduce auth-type from available information
-db_get nslcd/ldap-sasl-mech
-sasl_mech="$RET"
-db_get nslcd/ldap-binddn
-binddn="$RET"
-if [ -n "$sasl_mech" ]
+db_get nslcd/ldap-auth-type
+if [ -z "$RET" ]
 then
-  db_set nslcd/ldap-auth-type "SASL"
-elif [ -n "$binddn" ]
-then
-  db_set nslcd/ldap-auth-type "simple"
-else
-  db_set nslcd/ldap-auth-type "none"
+  db_get nslcd/ldap-sasl-mech
+  sasl_mech="$RET"
+  db_get nslcd/ldap-binddn
+  binddn="$RET"
+  if [ -n "$sasl_mech" ]
+  then
+db_set nslcd/ldap-auth-type "SASL"
+  elif [ -n "$binddn" ]
+  then
+db_set nslcd/ldap-auth-type "simple"
+  else
+db_set nslcd/ldap-auth-type "none"
+  fi
 fi
 
 #
@@ -225,24 +225,19 @@ do
 db_get nslcd/ldap-auth-type
 case "$RET" in
 none)
-  # anonymous bind, nothing to ask (clear options)
-  db_set nslcd/ldap-binddn ""
+  # anonymous bind, nothing to ask (clear password)
   db_set nslcd/ldap-bindpw ""
-  db_set nslcd/ldap-sasl-mec