3 # Configure NSS for PostGreSQL for GForge
4 # Christian Bayle, Roland Mas
5 # Initially written for debian-sf (Sourceforge for Debian)
6 # Adapted as time went by for Gforge then for FusionForge
10 if [ "$GFORGEDEBUG" != 1 ] ; then
11 DEVNULL12="> /dev/null 2>&1"
12 DEVNULL2="2> /dev/null"
17 if [ $(id -u) != 0 -a "x$1" != "xlist" ] ; then
18 echo "You must be root to run this, please enter passwd"
25 db_name=$(forge_get_config database_name)
26 db_user=$(forge_get_config database_user)
27 db_host=$(forge_get_config database_host)
29 db_user_nss=${db_user}_nss
31 tmpfile_pattern=/tmp/$(basename $0).XXXXXX
34 # Should I do something for /etc/pam_pgsql.conf ?
37 # echo "Nothing to do"
40 # Check/Modify /etc/libnss-pgsql.conf
41 configure_libnss_pgsql(){
42 cat > /etc/nss-pgsql.conf.gforge-new <<EOF
43 ### NSS Configuration for Gforge
45 #----------------- DB connection
46 connectionstring = user=$db_user_nss dbname=$db_name
49 #----------------- NSS queries
50 getpwnam = SELECT login AS username,passwd,gecos,('/var/lib/gforge/chroot/home/users/' || login) AS homedir,shell,uid,gid FROM nss_passwd WHERE login = \$1
51 getpwuid = SELECT login AS username,passwd,gecos,('/var/lib/gforge/chroot/home/users/' || login) AS homedir,shell,uid,gid FROM nss_passwd WHERE uid = \$1
52 #allusers = SELECT login AS username,passwd,gecos,('/var/lib/gforge/chroot/home/users/' || login) AS homedir,shell,uid,gid FROM nss_passwd
53 getgroupmembersbygid = SELECT login AS username FROM nss_passwd WHERE gid = \$1
54 getgrnam = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups WHERE name = \$1
55 getgrgid = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups WHERE gid = \$1
56 #allgroups = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups
57 groups_dyn = SELECT ug.gid FROM nss_usergroups ug, nss_passwd p WHERE ug.uid = p.uid AND p.login = \$1 AND ug.gid <> \$2
59 cat > /etc/nss-pgsql-root.conf.gforge-new <<EOF
60 ### NSS Configuration for Gforge
62 #----------------- DB connection
63 shadowconnectionstring = user=$sys_dbuser_nss dbname=$db_name
65 #----------------- NSS queries
66 shadowbyname = SELECT login AS shadow_name, passwd AS shadow_passwd, 14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7 AS shadow_warn, '' AS shadow_inact, '' AS shadow_expire, '' AS shadow_flag FROM nss_passwd WHERE login = \$1
67 shadow = SELECT login AS shadow_name, passwd AS shadow_passwd, 14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7 AS shadow_warn, '' AS shadow_inact, '' AS shadow_expire, '' AS shadow_flag FROM nss_passwd
70 chmod 644 /etc/nss-pgsql.conf.gforge-new
71 chmod 600 /etc/nss-pgsql-root.conf.gforge-new
72 chown root:root /etc/nss-pgsql-root.conf.gforge-new
75 # Purge /etc/nss-pgsql.conf
77 echo -n > /etc/nss-pgsql.conf.gforge-new
78 echo -n > /etc/nss-pgsql-root.conf.gforge-new
81 # Modify /etc/nsswitch.conf
84 cp -a /etc/nsswitch.conf /etc/nsswitch.conf.gforge-new
85 # This is sensitive file
86 # By security i let priority to files
87 # Should maybe enhance this to take in account nis
88 # Maybe ask the order db/files/nis/pgsql
89 if ! grep -q '^passwd:.*pgsql' /etc/nsswitch.conf.gforge-new ; then
90 perl -pi -e "s/^(passwd:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by GForge install\n#Comment by GForge install#\1\2/gs" /etc/nsswitch.conf.gforge-new
92 if ! grep -q '^group:.*pgsql' /etc/nsswitch.conf.gforge-new ; then
93 perl -pi -e "s/^(group:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by GForge install\n#Comment by GForge install#\1\2/gs" /etc/nsswitch.conf.gforge-new
95 if ! grep -q '^shadow:.*pgsql' /etc/nsswitch.conf.gforge-new ; then
96 perl -pi -e "s/^(shadow:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by GForge install\n#Comment by GForge install#\1\2/gs" /etc/nsswitch.conf.gforge-new
100 # Purge /etc/nsswitch.conf
103 cp -a /etc/nsswitch.conf /etc/nsswitch.conf.gforge-new
104 perl -pi -e "s/^[^\n]*#Added by GForge install\n//" /etc/nsswitch.conf.gforge-new
105 perl -pi -e "s/#Comment by GForge install#//" /etc/nsswitch.conf.gforge-new
112 # echo "Modifying /etc/nss-pgsql.conf and /etc/nss-pgsql-root.conf"
113 configure_libnss_pgsql
114 # echo "Modifying /etc/nsswitch.conf"
121 # echo "Purging /etc/nsswitch.conf"
123 # echo "Purging /etc/nss-pgsql.conf and /etc/nss-pgsql-root.conf"
133 if [ -f /etc/nss-pgsql.conf ] ; then
134 cp /etc/nss-pgsql.conf /etc/nss-pgsql.conf.gforge-old
136 if [ -f /etc/nss-pgsql-root.conf ] ; then
137 cp /etc/nss-pgsql-root.conf /etc/nss-pgsql-root.conf.gforge-old
139 if [ -f /etc/nsswitch.conf ] ; then
140 cp /etc/nsswitch.conf /etc/nsswitch.conf.gforge-old
142 mv /etc/nss-pgsql.conf.gforge-new /etc/nss-pgsql.conf
143 mv /etc/nss-pgsql-root.conf.gforge-new /etc/nss-pgsql-root.conf
144 mv /etc/nsswitch.conf.gforge-new /etc/nsswitch.conf
148 cp /etc/nss-pgsql.conf /etc/nss-pgsql.conf.gforge-old
149 cp /etc/nss-pgsql-root.conf /etc/nss-pgsql-root.conf.gforge-old
150 cp /etc/nsswitch.conf.gforge /etc/nsswitch.conf.gforge-old
151 mv /etc/nss-pgsql.conf.gforge-new /etc/nss-pgsql.conf
152 mv /etc/nss-pgsql-root.conf.gforge-new /etc/nss-pgsql-root.conf
153 mv /etc/nsswitch.conf.gforge-new /etc/nsswitch.conf
156 echo "Usage: $0 {configure|configure-files|purge-files|test|setup|cleanup}"