From 2dfc74ec5b9c5bfcbd4a6a6522deb9accd59a267 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 14 Jul 2010 12:37:00 -0400 Subject: [PATCH] Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR environment variable. --HG-- branch : 1.7 --- Makefile.in | 3 ++- mkpkg | 10 +++++----- sudo.pp | 14 +++++++++++++- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/Makefile.in b/Makefile.in index 4441b2694..5d0ec8db7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -499,7 +499,8 @@ install-sudoers: install-dirs $(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers install-doc: install-dirs ChangeLog - (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE README* TROUBLESHOOTING UPGRADE WHATSNEW sample.* schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) + (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE README TROUBLESHOOTING UPGRADE WHATSNEW sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) + @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) diff --git a/mkpkg b/mkpkg index cb78e8d76..d48dc77cb 100755 --- a/mkpkg +++ b/mkpkg @@ -3,7 +3,6 @@ # Build a binary package using polypkg # Usage: mkpkg # -# TODO: add flavors (e.g. LDAP) IFS= @@ -147,14 +146,16 @@ case "$platform" in deb[456].*) # XXX - create sudo group like debian does # debian now has a %sudo entry in its sample sudoers - # XXX - debian has separate ldap and non-ldap packages # Note, must indent with tabs, not spaces due to IFS trickery - configure_opts=" + if test "${SUDO_FLAVOR:-vanilla}" == "ldap"; then + configure_opts="--with-ldap + --with-ldap-conf-file=/etc/sudo-ldap.conf" + fi + configure_opts="$configure_opts --prefix=/usr --with-all-insults --with-exempt=sudo --with-pam - --with-ldap --with-fqdn --with-logging=syslog --with-logfac=authpriv @@ -167,7 +168,6 @@ case "$platform" in --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail - --with-ldap-conf-file=/etc/ldap/ldap.conf --mandir=/usr/share/man --libexecdir=/usr/lib/sudo --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" diff --git a/sudo.pp b/sudo.pp index 71a7ed737..451cd5c14 100644 --- a/sudo.pp +++ b/sudo.pp @@ -1,5 +1,9 @@ %set - name="sudo" + if test -n "$SUDO_FLAVOR"; then + name="sudo-$SUDO_FLAVOR" + else + name="sudo" + fi summary="Provide limited super-user priveleges to specific users" description="Sudo is a program designed to allow a sysadmin to give \ limited root privileges to users and log root activity. \ @@ -149,6 +153,14 @@ still allow people to get their work done." # installs it 0640 when sudo requires 0440 chmod %{sudoers_mode} %{sudoersdir}/sudoers + # create symlink to ease transition to new path for ldap config + # if old config file exists and new one doesn't + if test X"%{SUDO_FLAVOR}" = X"ldap"; then + if test -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then + ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf + fi + fi + # Debian uses a sudo group in its default sudoers file perl -e ' exit 0 if getgrnam("sudo"); -- 2.40.0