diff -Nru nss-pam-ldapd-0.8.10/debian/changelog nss-pam-ldapd-0.8.10/debian/changelog --- nss-pam-ldapd-0.8.10/debian/changelog 2012-06-29 03:29:18.000000000 -0700 +++ nss-pam-ldapd-0.8.10/debian/changelog 2012-10-07 14:18:45.000000000 -0700 @@ -1,3 +1,10 @@ +nss-pam-ldapd (0.8.10-1ubuntu1) quantal; urgency=low + + * Upstart init scripts (resolves LP: #806761) + * Added Kerberos-related packages to nslcd package suggestions + + -- Caleb Callaway Sun, 07 Oct 2012 14:18:41 -0700 + nss-pam-ldapd (0.8.10-1) unstable; urgency=low * New upstream release: diff -Nru nss-pam-ldapd-0.8.10/debian/control nss-pam-ldapd-0.8.10/debian/control --- nss-pam-ldapd-0.8.10/debian/control 2012-03-26 11:20:25.000000000 -0700 +++ nss-pam-ldapd-0.8.10/debian/control 2012-07-25 20:13:01.000000000 -0700 @@ -14,7 +14,7 @@ Multi-Arch: foreign Depends: ${misc:Depends}, ${shlibs:Depends}, adduser Recommends: nscd, libnss-ldapd | libnss-ldap, libpam-ldapd | libpam-ldap | libpam-krb5 | libpam-heimdal | libpam-sss, ldap-utils, bind9-host | host -Suggests: kstart +Suggests: kstart, libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal Replaces: libnss-ldapd (<< 0.7.0) Breaks: libnss-ldapd (<< 0.7.0) Description: Daemon for NSS and PAM lookups using LDAP diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.if-up nss-pam-ldapd-0.8.10/debian/nslcd.if-up --- nss-pam-ldapd-0.8.10/debian/nslcd.if-up 1969-12-31 16:00:00.000000000 -0800 +++ nss-pam-ldapd-0.8.10/debian/nslcd.if-up 2013-04-17 18:54:08.000000000 -0700 @@ -0,0 +1,15 @@ +#!/bin/sh +# Send "start" signal to the nslcd service + +#check to make sure we're using a non-loopback interface, +if [ "$IFACE" != "lo" ] +then + # check for upstart + if [ -x /sbin/initctl ] && `/sbin/initctl version | /bin/grep -q upstart` + then + # serialize start attempts, to avoid race conditions + # when multiple interfaces are brought up in rapid succession + flock /etc/init/nslcd.conf -c "start wait-for-state \ + WAIT_FOR=nslcd WAITER=$IFACE WAIT_STATE=running" & + fi +fi diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.init nss-pam-ldapd-0.8.10/debian/nslcd.init --- nss-pam-ldapd-0.8.10/debian/nslcd.init 2012-02-04 05:48:36.000000000 -0800 +++ nss-pam-ldapd-0.8.10/debian/nslcd.init 2012-10-07 14:02:17.000000000 -0700 @@ -115,6 +115,13 @@ # set up state directory [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \ chown nslcd:nslcd "$NSLCD_STATEDIR" ) + + if which initctl >/dev/null && initctl version | grep -q upstart + then + "Upstart is installed, please use it instead." + exit 1 + fi + # start k5start if needed k5start_start # start nslcd diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.nslcd-k5start.upstart nss-pam-ldapd-0.8.10/debian/nslcd.nslcd-k5start.upstart --- nss-pam-ldapd-0.8.10/debian/nslcd.nslcd-k5start.upstart 1969-12-31 16:00:00.000000000 -0800 +++ nss-pam-ldapd-0.8.10/debian/nslcd.nslcd-k5start.upstart 2013-04-07 13:20:55.000000000 -0700 @@ -0,0 +1,133 @@ +# nslcd-k5start - Maintain a Kerberos ticket cache for nslcd +# +# Adapted from the System V nslcd init script, +# http://ubuntuforums.org/showthread.php?t=1335022, +# and https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761 + +description "Maintain a Kerberos ticket cache for nslcd" +author "Caleb Callaway " + +start on starting nslcd +stop on stopping nslcd + +env PATH=/bin:/usr/bin:/sbin:/usr/sbin +env NSLCD_CFG=/etc/nslcd.conf + +env KINIT_BIN=/usr/bin/kinit +env K5START_BIN=/usr/bin/k5start + +env NSLCD_USER=nslcd +env NSLCD_GROUP=nslcd +env NSLCD_STATEDIR=/var/run/nslcd + +env K5START_MODE=600 +env K5START_KEYTAB=/etc/krb5.keytab +env K5START_CCREFRESH=60 + +script + log () { + echo `date +"%Y-%d-%m %T "`$1 + } + + if [ ! -f "$NSLCD_CFG" ]; then + log "Startup aborted (nslcd configuration file missing)." + stop; exit 0 + fi + + #set some default values + K5START_CCFILE=$(sed -n 's/^krb5_ccname[[:space:]]*\(FILE:\)\?\([^:[:space:]]*\)[[:space:]]*$/\2/ip' $NSLCD_CFG) + K5START_PRINCIPAL="host/$(hostname -f)" + K5START_PIDFILE=$NSLCD_STATEDIR/k5start_nslcd.pid + #upstart's env stanza doesn't do expansion, so we do it here + NSLCD_USER=$(sed -n 's/^uid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG) + NSLCD_GROUP=$(sed -n 's/^gid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG) + + if grep -q '^sasl_mech[[:space:]]*GSSAPI[[:space:]]*$' $NSLCD_CFG && [ -n "$K5START_CCFILE" ]; then + K5START_START="yes" + fi + + if [ -e /etc/default/nslcd ]; then + . /etc/default/nslcd + fi + + #make sure we have a state directory + if [ ! -d "$NSLCD_STATEDIR" ]; then + install -d -m 755 -o $NSLCD_USER -g $NSLCD_GROUP $NSLCD_STATEDIR + fi + + #run k5start if required to do so by the defaults file, OR sasl_mech is GSSAPI and krb5_ccname is a file-type ticket cache + if [ "$K5START_START" = "yes" ]; then + log "Starting nslcd-k5start..." + + if [ ! -x "$K5START_BIN" ]; then + log "Startup aborted (k5start not found)." + stop; exit 0 + fi + + K5START_COMMAND="$K5START_BIN -L -p $K5START_PIDFILE -o $NSLCD_USER -g $NSLCD_GROUP -m $K5START_MODE -f $K5START_KEYTAB -K $K5START_CCREFRESH -u $K5START_PRINCIPAL -k $K5START_CCFILE" + log "Command: $K5START_COMMAND" + + eval $K5START_COMMAND + fi +end script + +post-start script + log () { + echo `date +"%Y-%d-%m %T "`$1 + } + + K5START_CCFILE=$(sed -n 's/^krb5_ccname[[:space:]]*\(FILE:\)\?\([^:[:space:]]*\)[[:space:]]*$/\2/ip' $NSLCD_CFG) + + # wait until the cache is actually established, or a timeout has passed. + # each iteration sleeps for a tenth of a second, so the following default sleeps for ~30 seconds before timing out. + # this timeout should exceed the any k5start timeouts, or k5start's errors won't reach the logs + K5START_TIMEOUT=300 + + if [ -e /etc/default/nslcd ]; then + . /etc/default/nslcd + fi + + until [ $K5START_TIMEOUT -eq 0 ]; do + if [ -e $K5START_CCFILE ]; then + log "nslcd-k5start started." + exit 0; + else + #make sure the job state hasn't changed + #(e.g. the admin has called 'nslcd stop') + statusnow=`status` + if echo $statusnow | grep -q 'stop/' ; then + exit 0 + elif echo $statusnow | grep -q 'respawn/' ; then + exit 1 + fi + fi + + K5START_TIMEOUT=$((K5START_TIMEOUT-1)) + sleep .1 + done + + log "Timeout getting credentials cache." + stop; exit 1 +end script + +post-stop script + log () { + echo `date +"%Y-%d-%m %T "`$1 + } + + K5START_CCFILE=$(sed -n 's/^krb5_ccname[[:space:]]*\(FILE:\)\?\([^:[:space:]]*\)[[:space:]]*$/\2/ip' $NSLCD_CFG) + + if [ -e /etc/default/nslcd ]; then + . /etc/default/nslcd + fi + + if [ -e "$NSLCD_STATEDIR/k5start_nslcd.pid" ]; then + rm -f $K5START_PIDFILE + fi + + if [ -e "$K5START_CCFILE" ]; then + rm -f $K5START_CCFILE + fi + + log "nslcd-k5start stopped." +end script diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.upstart nss-pam-ldapd-0.8.10/debian/nslcd.upstart --- nss-pam-ldapd-0.8.10/debian/nslcd.upstart 1969-12-31 16:00:00.000000000 -0800 +++ nss-pam-ldapd-0.8.10/debian/nslcd.upstart 2013-08-10 10:31:02.000000000 -0700 @@ -0,0 +1,65 @@ +# nslcd - LDAP connection daemon +# +# nslcd is a daemon that is used to do LDAP queries +# for NSS and PAM modules. +# +# Adapted from the System V nslcd init script, +# http://ubuntuforums.org/showthread.php?t=1335022, +# and https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761 + +description "LDAP connection daemon" +author "Caleb Callaway " + +start on runlevel [2345] +stop on runlevel [!2345] + +env PATH=/bin:/usr/bin:/sbin:/usr/sbin +env NSLCD_BIN=/usr/sbin/nslcd +env NSLCD_CFG=/etc/nslcd.conf + +env NSLCD_USER=nslcd +env NSLCD_GROUP=nslcd +env NSLCD_STATEDIR=/var/run/nslcd + +pre-start script + log () { + echo `date +"%Y-%d-%m %T "`$1 + } + + if [ ! -x "$NSLCD_BIN" ]; then + log "Startup aborted (nslcd binary $NSLCD_BIN not found)." + stop; exit 0 + fi + + #upstart's env stanza doesn't do expansion, so we do it here + NSLCD_USER=$(sed -n 's/^uid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG) + NSLCD_GROUP=$(sed -n 's/^gid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG) + + if [ -e /etc/default/nslcd ]; then + . /etc/default/nslcd + fi + + #make sure we have a state directory + if [ ! -d "$NSLCD_STATEDIR" ]; then + install -d -m 755 -o $NSLCD_USER -g $NSLCD_GROUP $NSLCD_STATEDIR + fi + log "Starting nslcd..." +end script + +exec $NSLCD_BIN -d + +post-start script + log () { + echo `date +"%Y-%d-%m %T "`$1 + } + + log "nslcd started." +end script + +post-stop script + NSLCD_PIDFILE="$NSLCD_STATEDIR/nslcd.pid" + + if [ -e "$NSLCD_PIDFILE" ]; then + rm -f $NSLCD_PIDFILE + fi +end script diff -Nru nss-pam-ldapd-0.8.10/debian/rules nss-pam-ldapd-0.8.10/debian/rules --- nss-pam-ldapd-0.8.10/debian/rules 2012-01-20 08:05:16.000000000 -0800 +++ nss-pam-ldapd-0.8.10/debian/rules 2013-04-12 21:40:45.000000000 -0700 @@ -24,4 +24,5 @@ # ensure that nslcd is not down during upgrades override_dh_installinit: - dh_installinit --restart-after-upgrade + dh_installinit --name=nslcd-k5start + dh_installinit --name=nslcd --restart-after-upgrade