postinst is in libpam-ldap 184-8.7+b1.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 | #!/bin/sh -e
pam-auth-update --package
PACKAGE=libpam-ldap
CONFFILE="/etc/pam_ldap.conf"
PASSWDFILE="/etc/pam_ldap.secret"
OLDPASSWDFILE="/etc/ldap.secret"
add_missing()
{
# FIXME: it would be nice to get the prototype from a template.
parameter=$1
value=$2
echo "$parameter $value" >> $CONFFILE
}
change_value()
{
parameter=$1
value=$2
commented=0 ; notthere=0
egrep -i -q "^$parameter " $CONFFILE || notthere=1
if [ "$notthere" = "1" ]; then
if ( egrep -i -q "^# *$parameter" $CONFFILE ); then
notthere=0
commented=1
fi
fi
if [ "$notthere" = "1" ]; then
add_missing $parameter $value
else
# i really need a better way to do this...
# currently we replace only the first match, we need a better
# way of dealing with multiple hits.
if [ "$commented" = "1" ]; then
value="$value" parameter="$parameter" perl -i -p -e 's/^# *\Q$ENV{"parameter"}\E .*/$ENV{"parameter"} $ENV{"value"}/i
and $match=1 unless ($match)' $CONFFILE
else
value="$value" parameter="$parameter" perl -i -p -e 's/^\Q$ENV{"parameter"}\E .*/$ENV{"parameter"} $ENV{"value"}/i
and $match=1 unless ($match)' $CONFFILE
fi
fi
}
disable_param()
{
parameter=$1
enabled=0
egrep -q "^$parameter " $CONFFILE && enabled=1
if [ "$enabled" = "1" ]; then
perl -i -p -e "s/^($parameter .*)/#\$1/i" $CONFFILE
fi
}
# ok, lets get to business..
. /usr/share/debconf/confmodule
# lets create the configuration from example if it's not there.
examplefile=/usr/share/$PACKAGE/ldap.conf
if [ ! -e $CONFFILE -a -e $examplefile ]; then
cat > $CONFFILE << EOM
###DEBCONF###
# the configuration of this file will be done by debconf as long as the
# first line of the file says '###DEBCONF###'
#
# you should use dpkg-reconfigure to configure this file
#
EOM
cat $examplefile >> $CONFFILE
chmod 0644 $CONFFILE
db_set libpam-ldap/override true
fi
db_get libpam-ldap/override
if [ "$RET" = "true" ]; then
if ( head -1 $CONFFILE | grep -q -v '^###DEBCONF###$' ); then
mv $CONFFILE $CONFFILE.tmp
cat > $CONFFILE << EOM
###DEBCONF###
EOM
cat $CONFFILE.tmp >> $CONFFILE
rm -f $CONFFILE.tmp
chmod 0644 $CONFFILE
fi
db_get shared/ldapns/ldap-server
if echo $RET | egrep -q '^ldap[is]?://'; then
disable_param host
change_value uri "$RET"
else
disable_param uri
change_value host "$RET"
fi
db_get shared/ldapns/base-dn
change_value base "$RET"
db_get shared/ldapns/ldap_version
change_value ldap_version "$RET"
db_get libpam-ldap/pam_password
change_value pam_password "$RET"
db_get libpam-ldap/dbrootlogin
if [ "$RET" = "true" ]; then
# separate root login to the database
db_get libpam-ldap/rootbinddn
change_value rootbinddn "$RET"
db_get libpam-ldap/rootbindpw
if [ "$RET" != "" ]; then
rm -f $PASSWDFILE $OLDPASSWDFILE
echo $RET > $PASSWDFILE
chmod 0600 $PASSWDFILE
db_set libpam-ldap/rootbindpw ''
else
# copy the old password file to its new location
if [ ! -e $PASSWDFILE -a -e $OLDPASSWDFILE ]; then
cp -a $OLDPASSWDFILE $PASSWDFILE
fi
fi
else
# ok, so the user refused to use this feature, better make
# sure it's really off.
disable_param rootbinddn
rm -f $PASSWDFILE /etc/ldap.conf
fi
db_get libpam-ldap/dblogin
if [ "$RET" = "true" ]; then
# user wants to log in to the database, so be it.
db_get libpam-ldap/binddn
change_value binddn "$RET"
db_get libpam-ldap/bindpw
if [ "$RET" != "" ]; then
change_value bindpw "$RET"
db_set libpam-ldap/bindpw ''
fi
else
# once again, user didn't.. lets make sure we dont.
disable_param binddn
disable_param bindpw
fi
else
# copy the password file to its new location
if [ ! -e $PASSWDFILE -a -e $OLDPASSWDFILE ]; then
cp -a $OLDPASSWDFILE $PASSWDFILE
fi
fi
db_stop
|