2 # Configure NSS+PostgreSQL shell access
5 db_name=$(forge_get_config database_name)
6 db_user=$(forge_get_config database_user)
7 db_host=$(forge_get_config database_host)
8 # homedir_prefix, e.g. /home/users/ (with trailing slash)
9 homedir_prefix=$(forge_get_config homedir_prefix | sed -e 's:[^/]$:&/:')
11 db_user_nss=${db_user}_nss
13 # Distros may want to install new conffiles using tools such as ucf(1)
15 mkdir -m 755 -p $DESTDIR/etc/
17 # Check/Modify /etc/libnss-pgsql.conf
18 configure_libnss_pgsql(){
21 127.*|localhost.*|localhost) ;; # 'local'
22 *) hostconf="host=$db_host" ;; # 'host'
24 if [ -e $DESTDIR/etc/nss-pgsql.conf ]; then return; fi
25 cat > $DESTDIR/etc/nss-pgsql.conf <<EOF
26 ### NSS Configuration for FusionForge
28 #----------------- DB connection
29 # Use 'trust' authentication, cf. https://bugs.debian.org/551389
30 connectionstring = user=$db_user_nss dbname=$db_name $hostconf
33 #----------------- NSS queries
34 getpwnam = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,gid FROM nss_passwd WHERE login = \$1
35 getpwuid = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,gid FROM nss_passwd WHERE uid = \$1
36 #allusers = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,gid FROM nss_passwd
37 getgroupmembersbygid = SELECT login AS username FROM nss_passwd WHERE gid = \$1
38 getgrnam = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups WHERE name = \$1
39 getgrgid = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups WHERE gid = \$1
40 #allgroups = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups
41 groups_dyn = SELECT ug.gid FROM nss_usergroups ug, nss_passwd p WHERE ug.uid = p.uid AND p.login = \$1 AND ug.gid <> \$2
43 if [ -e $DESTDIR/etc/nss-pgsql-root.conf ]; then return; fi
44 cat > $DESTDIR/etc/nss-pgsql-root.conf <<EOF
45 ### NSS Configuration for FusionForge
47 #----------------- DB connection
48 shadowconnectionstring = user=$db_user_nss dbname=$db_name $hostconf
50 #----------------- NSS queries
51 shadowbyname = SELECT login AS shadow_name, passwd AS shadow_passwd, 14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7 AS shadow_warn, '' AS shadow_inact, '' AS shadow_expire, '' AS shadow_flag FROM nss_passwd WHERE login = \$1
52 shadow = SELECT login AS shadow_name, passwd AS shadow_passwd, 14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7 AS shadow_warn, '' AS shadow_inact, '' AS shadow_expire, '' AS shadow_flag FROM nss_passwd
55 chmod 644 $DESTDIR/etc/nss-pgsql.conf
56 chmod 600 $DESTDIR/etc/nss-pgsql-root.conf
57 chown root:root $DESTDIR/etc/nss-pgsql-root.conf
61 rm -f /etc/nss-pgsql.conf /etc/nss-pgsql-root.conf
64 # Modify /etc/nsswitch.conf
65 # Not using UCF since we're sed-ing an existing file
68 if ! grep -q '^passwd:.*pgsql' /etc/nsswitch.conf ; then
69 perl -pi -e "s/^(passwd:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by GForge install\n#Comment by GForge install#\1\2/gs" /etc/nsswitch.conf
71 if ! grep -q '^group:.*pgsql' /etc/nsswitch.conf ; then
72 perl -pi -e "s/^(group:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by GForge install\n#Comment by GForge install#\1\2/gs" /etc/nsswitch.conf
74 if ! grep -q '^shadow:.*pgsql' /etc/nsswitch.conf ; then
75 perl -pi -e "s/^(shadow:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by GForge install\n#Comment by GForge install#\1\2/gs" /etc/nsswitch.conf
79 # Revert /etc/nsswitch.conf
82 sed -i -e '/^.*#Added by GForge install/d' /etc/nsswitch.conf
83 sed -i -e 's/#Comment by GForge install#//' /etc/nsswitch.conf
89 configure_libnss_pgsql
96 # note: can't be called from Debian's postrm - rely on ucfq(1)
100 echo "Usage: $0 {configure|purge}"