Changeset 1878 for branches


Ignore:
Timestamp:
Jun 7, 2011, 12:58:14 PM (13 years ago)
Author:
achernya
Message:
Merge r1803-1877 from trunk to branches/fc15-dev
Location:
branches/fc15-dev
Files:
1 deleted
44 edited
12 copied

Legend:

Unmodified
Added
Removed
  • branches/fc15-dev

  • branches/fc15-dev/locker/bin

  • branches/fc15-dev/locker/bin/firefox-test

    r1422 r1878  
    33LD_PRELOAD=/mit/scripts/scripts-test/@sys/scripts-test-preload.so
    44export LD_PRELOAD
    5 exec firefox
     5exec firefox -no-remote
  • branches/fc15-dev/locker/bin/scripts-remove

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/bin/scripts-start

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/bin/signup-minimal

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/bin/signup-sql

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/deploy/bin

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/deploy/bin/django

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/deploy/bin/rails

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/deploy/bin/trac

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/deploy/bin/turbogears

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/sbin

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/locker/sql/bin/save-password

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/server/common/oursrc/execsys/execsys-binfmt

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/server/common/oursrc/execsys/ldapize.pl

    r1798 r1878  
    77use Net::LDAP::Filter;
    88
    9 sub report_error
    10 {
    11     my $proto = shift;
    12     my $mesg = shift;
    13 
    14     if ($proto eq 'git') {
    15         $mesg = "ERR \n  " . $mesg . "\n";
    16         my $len = length($mesg)+4;
    17         printf "%04x%s", $len, $mesg;
    18     } else {
    19         print $mesg;
    20     }
    21     exit 0;
    22 }
    23 
    249my $url = $ARGV[0];
    2510my ($proto, $hostname, $path) = $url =~ m|^(.*?)://([^/]*)(.*)| or die "Could not match URL";
    2611my $mesg;
    2712
     13my $vhostName = $hostname;
     14
     15vhost:
    2816# oh my gosh Net::LDAP::Filter SUCKS
    2917my $filter = bless({and =>
     
    3220     {or =>
    3321         [{equalityMatch => {attributeDesc  => 'scriptsVhostName',
    34                              assertionValue => $hostname}},
     22                             assertionValue => $vhostName}},
    3523          {equalityMatch => {attributeDesc  => 'scriptsVhostAlias',
    36                              assertionValue => $hostname}}]}]},
     24                             assertionValue => $vhostName}}]}]},
    3725    'Net::LDAP::Filter');
    3826
    39 my $ldap = Net::LDAP->new("ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/");
     27my $ldap = Net::LDAP->new("ldapi://%2fvar%2frun%2fslapd-scripts.socket/");
    4028$mesg = $ldap->bind();
    4129$mesg->code && die $mesg->error;
     
    4634
    4735my $vhostEntry = $mesg->pop_entry;
    48 if (!$vhostEntry)
    49 {
    50     report_error($proto, "Could not find Host $hostname");
     36if (!defined $vhostEntry) {
     37  $vhostName ne '*' or die 'No vhost for *';
     38  $vhostName =~ s/^(?:\*\.)?[^.]*/*/;  # Try next wildcard
     39  goto vhost;
    5140}
     41
    5242my $vhostDirectory = $vhostEntry->get_value('scriptsVhostDirectory');
    5343
     
    5949my ($homeDirectory, $uidNumber, $gidNumber) =
    6050    map { $userEntry->get_value($_) } qw(homeDirectory uidNumber gidNumber);
     51(my $scriptsdir = $homeDirectory) =~ s{(?:/Scripts)?$}{/Scripts};
    6152
    6253if ($proto eq 'svn') {
    6354  chdir '/usr/libexec/scripts-trusted';
    64   exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/svn', "$homeDirectory/Scripts/svn/$vhostDirectory");
     55  exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/svn', "$scriptsdir/svn/$vhostDirectory");
    6556} elsif ($proto eq 'git') {
     57  if ($vhostEntry->get_value('scriptsVhostName') eq 'notfound.example.com') {
     58    # git-daemon doesn’t report useful errors yet
     59    my $msg = "ERR No such host $hostname\n";
     60    printf '%04x%s', length($msg) + 4, $msg;
     61    exit;
     62  }
    6663  chdir '/usr/libexec/scripts-trusted';
    67   exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/git', "$homeDirectory/Scripts/git/$vhostDirectory");
     64  exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/git', "$scriptsdir/git/$vhostDirectory");
    6865} elsif ($proto eq 'http') {
    69   print "suexec $uidNumber $gidNumber $homeDirectory/Scripts/web/$vhostDirectory/$path\n";
     66  print "suexec $uidNumber $gidNumber $scriptsdir/web/$vhostDirectory/$path\n";
    7067} else {
    7168  die "Unknown protocol\n";
  • branches/fc15-dev/server/common/oursrc/execsys/mime.types

    r1784 r1878  
    509509application/xaml+xml            xaml
    510510application/x-silverlight-app   xap
     511# The following MS Office MIME types are from this source:
     512# http://blogs.msdn.com/b/vsofficedeveloper/archive/2008/05/08/office-2007-open-xml-mime-types.aspx
     513# There's a typo in .potm that's corrected in this alternate source:
     514# http://therightstuff.de/2006/12/16/Office+2007+File+Icons+For+Windows+SharePoint+Services+20+And+SharePoint+Portal+Server+2003.aspx
     515application/msword      dot
     516application/vnd.openxmlformats-officedocument.wordprocessingml.document docx
     517application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx
     518application/vnd.ms-word.document.macroEnabled.12        docm
     519application/vnd.ms-word.template.macroEnabled.12        dotm
     520application/vnd.ms-excel        xlt
     521application/vnd.ms-excel        xla
     522application/vnd.openxmlformats-officedocument.spreadsheetml.sheet       xlsx
     523application/vnd.openxmlformats-officedocument.spreadsheetml.template    xltx
     524application/vnd.ms-excel.sheet.macroEnabled.12  xlsm
     525application/vnd.ms-excel.template.macroEnabled.12       xltm
     526application/vnd.ms-excel.addin.macroEnabled.12  xlam
     527application/vnd.ms-excel.sheet.binary.macroEnabled.12   xlsb
     528application/vnd.ms-powerpoint   pot
     529application/vnd.ms-powerpoint   pps
     530application/vnd.ms-powerpoint   ppa
     531application/vnd.openxmlformats-officedocument.presentationml.presentation       pptx
     532application/vnd.openxmlformats-officedocument.presentationml.template   potx
     533application/vnd.openxmlformats-officedocument.presentationml.slideshow  ppsx
     534application/vnd.ms-powerpoint.addin.macroEnabled.12     ppam
     535application/vnd.ms-powerpoint.presentation.macroEnabled.12      pptm
     536application/vnd.ms-powerpoint.template.macroEnabled.12  potm
     537application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm
     538# End MS Office MIME types.
  • branches/fc15-dev/server/common/oursrc/execsys/upd-execsys

    r1784 r1878  
    5353 xls
    5454 ppt
     55 dot
     56 docx
     57 dotx
     58 docm
     59 dotm
     60 xlt
     61 xla
     62 xlsx
     63 xltx
     64 xlsm
     65 xltm
     66 xlam
     67 xlsb
     68 pot
     69 pps
     70 ppa
     71 pptx
     72 potx
     73 ppsx
     74 ppam
     75 pptm
     76 potm
     77 ppsm
    5578 swf
    5679 mp3
     
    7093 ttf
    7194 otf
     95 odc
     96 odb
     97 odf
     98 odg
     99 otg
     100 odi
     101 odp
     102 otp
     103 ods
     104 ots
     105 odt
     106 odm
     107 ott
     108 oth
    72109);
    73110
  • branches/fc15-dev/server/common/oursrc/nss_nonlocal/Makefile.am

    r782 r1878  
    55libnss_nonlocal_la_LDFLAGS = \
    66    -version-info 2:0:0 \
    7     -export-symbols-regex '^_nss_nonlocal_'
    8 
    9 noinst_PROGRAMS = .linktest
    10 _linktest_SOURCES =
    11 _linktest_LDADD = libnss_nonlocal.la
    12 _linktest_LDFLAGS = -nostdlib -entry=0
     7    -export-symbols-regex '^_nss_nonlocal_' \
     8    -no-undefined -Wl,-z,defs
    139
    1410install-exec-hook:
  • branches/fc15-dev/server/common/oursrc/nss_nonlocal/README

    r1553 r1878  
    99group:          compat nonlocal
    1010group_nonlocal: hesiod
     11
     12The module also assigns special properties to two local groups and one
     13local user, if they exist:
     14
     15• If the local group ‘nss-nonlocal-users’ exists, then nonlocal users
     16  will be automatically added to it.  Furthermore, if a local user is
     17  added to this group, then that user will inherit any nonlocal gids
     18  from a nonlocal user of the same name, as supplementary gids.
     19
     20• If the local group ‘nss-local-users’ exists, then local users will
     21  be automatically added to it.
     22
     23• If the local user ‘nss-nonlocal-users’ is added to a local group,
     24  then the local group will inherit the nonlocal membership of a group
     25  of the same gid.
    1126
    1227Copyright © 2007–2010 Anders Kaseorg <andersk@mit.edu> and Tim Abbott
  • branches/fc15-dev/server/common/oursrc/nss_nonlocal/configure.ac

    r1553 r1878  
    1 AC_INIT([nss_nonlocal], [1.11], [andersk@mit.edu])
     1AC_INIT([nss_nonlocal], [2.0], [andersk@mit.edu])
    22AC_CANONICAL_TARGET
    33AM_INIT_AUTOMAKE([-Wall -Werror foreign])
     
    99AC_PROG_INSTALL
    1010AC_PROG_LIBTOOL
     11
     12AC_HEADER_STDBOOL
    1113
    1214case "$target_cpu" in
  • branches/fc15-dev/server/common/oursrc/nss_nonlocal/nonlocal-group.c

    r1553 r1878  
    3434#include <syslog.h>
    3535#include <errno.h>
     36#include <pwd.h>
    3637#include <grp.h>
    3738#include <nss.h>
     
    3940#include "nonlocal.h"
    4041
     42/*
     43 * If the MAGIC_NONLOCAL_GROUPNAME local group exists, then nonlocal
     44 * users will be automatically added to it.  Furthermore, if a local
     45 * user is added to this group, then that user will inherit any
     46 * nonlocal gids from a nonlocal user of the same name, as
     47 * supplementary gids.
     48 */
    4149#define MAGIC_NONLOCAL_GROUPNAME "nss-nonlocal-users"
     50
     51/*
     52 * If the MAGIC_LOCAL_GROUPNAME local group exists, then local users
     53 * will be automatically added to it.
     54 */
    4255#define MAGIC_LOCAL_GROUPNAME "nss-local-users"
     56
     57/*
     58 * If the MAGIC_NONLOCAL_USERNAME local user is added to a local
     59 * group, then the local group will inherit the nonlocal membership of
     60 * a group of the same gid.
     61 */
     62#define MAGIC_NONLOCAL_USERNAME "nss-nonlocal-users"
    4363
    4464
     
    5272
    5373
    54 static service_user *
    55 nss_group_nonlocal_database(void)
    56 {
    57     static service_user *nip = NULL;
    58     if (nip == NULL)
    59         __nss_database_lookup("group_nonlocal", NULL, "", &nip);
    60 
    61     return nip;
    62 }
    63 
    64 
    65 enum nss_status
    66 check_nonlocal_gid(const char *user, gid_t gid, int *errnop)
    67 {
    68     static const char *fct_name = "getgrgid_r";
    69     static service_user *startp = NULL;
    70     static void *fct_start = NULL;
    71     enum nss_status status;
    72     service_user *nip;
    73     union {
    74         enum nss_status (*l)(gid_t gid, struct group *grp,
    75                              char *buffer, size_t buflen, int *errnop);
    76         void *ptr;
    77     } fct;
     74static service_user *__nss_group_nonlocal_database;
     75
     76static int
     77internal_function
     78__nss_group_nonlocal_lookup(service_user **ni, const char *fct_name,
     79                            void **fctp)
     80{
     81    if (__nss_group_nonlocal_database == NULL
     82        && __nss_database_lookup("group_nonlocal", NULL, NULL,
     83                                 &__nss_group_nonlocal_database) < 0)
     84        return -1;
     85
     86    *ni = __nss_group_nonlocal_database;
     87
     88    *fctp = __nss_lookup_function(*ni, fct_name);
     89    return 0;
     90}
     91
     92
     93enum nss_status
     94check_nonlocal_gid(const char *user, const char *group, gid_t gid, int *errnop)
     95{
     96    enum nss_status status;
    7897    struct group gbuf;
    79     int old_errno = errno;
    80 
     98    char *buf;
    8199    size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
    82     char *buf = malloc(buflen);
    83     if (buf == NULL) {
    84         *errnop = ENOMEM;
    85         errno = old_errno;
    86         return NSS_STATUS_TRYAGAIN;
    87     }
    88 
    89     if (fct_start == NULL &&
    90         __nss_group_lookup(&startp, fct_name, &fct_start) != 0) {
    91         free(buf);
    92         return NSS_STATUS_UNAVAIL;
    93     }
    94     nip = startp;
    95     fct.ptr = fct_start;
    96     do {
    97     morebuf:
    98         if (fct.l == _nss_nonlocal_getgrgid_r)
    99             status = NSS_STATUS_NOTFOUND;
    100         else
    101             status = DL_CALL_FCT(fct.l, (gid, &gbuf, buf, buflen, errnop));
    102         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
    103             free(buf);
    104             buflen *= 2;
    105             buf = malloc(buflen);
    106             if (buf == NULL) {
    107                 *errnop = ENOMEM;
    108                 errno = old_errno;
    109                 return NSS_STATUS_TRYAGAIN;
     100    const struct walk_nss w = {
     101        .lookup = &__nss_group_lookup, .fct_name = "getgrgid_r",
     102        .status = &status, .errnop = errnop, .buf = &buf, .buflen = &buflen
     103    };
     104    const __typeof__(&_nss_nonlocal_getgrgid_r) self = &_nss_nonlocal_getgrgid_r;
     105#define args (gid, &gbuf, buf, buflen, errnop)
     106#include "walk_nss.h"
     107#undef args
     108
     109    if (status == NSS_STATUS_TRYAGAIN)
     110        return status;
     111    else if (status != NSS_STATUS_SUCCESS)
     112        return NSS_STATUS_SUCCESS;
     113
     114    if (group == NULL || strcmp(gbuf.gr_name, group) == 0) {
     115        char *const *mem;
     116        for (mem = gbuf.gr_mem; *mem != NULL; mem++)
     117            if (strcmp(*mem, MAGIC_NONLOCAL_USERNAME) == 0) {
     118                status = check_nonlocal_user(*mem, errnop);
     119                if (status == NSS_STATUS_TRYAGAIN) {
     120                    free(buf);
     121                    return status;
     122                } else if (status == NSS_STATUS_NOTFOUND) {
     123                    free(buf);
     124                    return NSS_STATUS_SUCCESS;
     125                }
     126                break;
    110127            }
    111             goto morebuf;
    112         }
    113     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
    114 
    115     if (status == NSS_STATUS_SUCCESS) {
    116         syslog(LOG_DEBUG, "nss_nonlocal: removing local group %u (%s) from non-local user %s\n", gbuf.gr_gid, gbuf.gr_name, user);
    117         status = NSS_STATUS_NOTFOUND;
    118     } else if (status != NSS_STATUS_TRYAGAIN) {
    119         status = NSS_STATUS_SUCCESS;
    120     }
    121 
     128    }
     129
     130    syslog(LOG_DEBUG, "nss_nonlocal: removing local group %u (%s) from non-local user %s\n", gbuf.gr_gid, gbuf.gr_name, user);
    122131    free(buf);
    123     return status;
     132    return NSS_STATUS_NOTFOUND;
    124133}
    125134
     
    134143    errno = 0;
    135144    gid = strtoul(grp->gr_name, &end, 10);
    136     if (errno == 0 && *end == '\0' && (gid_t)gid == gid)
    137         status = check_nonlocal_gid(user, gid, errnop);
    138     errno = old_errno;
     145    if (errno == 0 && *end == '\0' && (gid_t)gid == gid) {
     146        errno = old_errno;
     147        status = check_nonlocal_gid(user, grp->gr_name, gid, errnop);
     148    } else
     149        errno = old_errno;
    139150    if (status != NSS_STATUS_SUCCESS)
    140151        return status;
    141152
    142     return check_nonlocal_gid(user, grp->gr_gid, errnop);
     153    return check_nonlocal_gid(user, grp->gr_name, grp->gr_gid, errnop);
    143154}
    144155
     
    146157get_local_group(const char *name, struct group *grp, char **buffer, int *errnop)
    147158{
    148     static const char *fct_name = "getgrnam_r";
    149     static service_user *startp = NULL;
    150     static void *fct_start = NULL;
    151     enum nss_status status;
    152     service_user *nip;
    153     union {
    154         enum nss_status (*l)(const char *name, struct group *grp,
    155                              char *buffer, size_t buflen, int *errnop);
    156         void *ptr;
    157     } fct;
    158     size_t buflen;
    159     int old_errno = errno;
    160 
    161     buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
    162     *buffer = malloc(buflen);
    163     if (*buffer == NULL) {
    164         *errnop = ENOMEM;
    165         errno = old_errno;
    166         return NSS_STATUS_TRYAGAIN;
    167     }
    168 
    169     if (fct_start == NULL &&
    170         __nss_group_lookup(&startp, fct_name, &fct_start) != 0) {
    171         free(*buffer);
    172         *buffer = NULL;
    173         return NSS_STATUS_UNAVAIL;
    174     }
    175     nip = startp;
    176     fct.ptr = fct_start;
    177     do {
    178     morebuf:
    179         if (fct.l == _nss_nonlocal_getgrnam_r)
    180             status = NSS_STATUS_NOTFOUND;
    181         else
    182             status = DL_CALL_FCT(fct.l, (name, grp, *buffer, buflen, errnop));
    183         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
    184             free(*buffer);
    185             buflen *= 2;
    186             *buffer = malloc(buflen);
    187             if (*buffer == NULL) {
    188                 *errnop = ENOMEM;
    189                 errno = old_errno;
    190                 return NSS_STATUS_TRYAGAIN;
    191             }
    192             goto morebuf;
    193         }
    194     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
    195 
    196     if (status != NSS_STATUS_SUCCESS) {
    197         free(*buffer);
    198         *buffer = NULL;
    199     }
    200 
     159    enum nss_status status;
     160    size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
     161    const struct walk_nss w = {
     162        .lookup = &__nss_group_lookup, .fct_name = "getgrnam_r",
     163        .status = &status, .errnop = errnop, .buf = buffer, .buflen = &buflen
     164    };
     165    const __typeof__(&_nss_nonlocal_getgrnam_r) self = &_nss_nonlocal_getgrnam_r;
     166#define args (name, grp, *buffer, buflen, errnop)
     167#include "walk_nss.h"
     168#undef args
    201169    return status;
    202170}
    203171
    204 static service_user *grent_nip = NULL;
     172static service_user *grent_startp, *grent_nip;
    205173static void *grent_fct_start;
    206174static union {
     
    214182_nss_nonlocal_setgrent(int stayopen)
    215183{
    216     static const char *fct_name = "setgrent";
    217     static void *fct_start = NULL;
    218     enum nss_status status;
    219     service_user *nip;
    220     union {
    221         enum nss_status (*l)(int stayopen);
    222         void *ptr;
    223     } fct;
    224 
    225     nip = nss_group_nonlocal_database();
    226     if (nip == NULL)
    227         return NSS_STATUS_UNAVAIL;
    228     if (fct_start == NULL)
    229         fct_start = __nss_lookup_function(nip, fct_name);
    230     fct.ptr = fct_start;
    231     do {
    232         if (fct.ptr == NULL)
    233             status = NSS_STATUS_UNAVAIL;
    234         else
    235             status = DL_CALL_FCT(fct.l, (stayopen));
    236     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     184    enum nss_status status;
     185    const struct walk_nss w = {
     186        .lookup = &__nss_group_nonlocal_lookup, .fct_name = "setgrent",
     187        .status = &status
     188    };
     189    const __typeof__(&_nss_nonlocal_setgrent) self = NULL;
     190#define args (stayopen)
     191#include "walk_nss.h"
     192#undef args
    237193    if (status != NSS_STATUS_SUCCESS)
    238194        return status;
    239195
    240     grent_nip = nip;
    241196    if (grent_fct_start == NULL)
    242         grent_fct_start = __nss_lookup_function(nip, grent_fct_name);
     197        __nss_group_nonlocal_lookup(&grent_startp, grent_fct_name,
     198                                    &grent_fct_start);
     199    grent_nip = grent_startp;
    243200    grent_fct.ptr = grent_fct_start;
    244201    return NSS_STATUS_SUCCESS;
     
    248205_nss_nonlocal_endgrent(void)
    249206{
    250     static const char *fct_name = "endgrent";
    251     static void *fct_start = NULL;
    252     enum nss_status status;
    253     service_user *nip;
    254     union {
    255         enum nss_status (*l)(void);
    256         void *ptr;
    257     } fct;
     207    enum nss_status status;
     208    const struct walk_nss w = {
     209        .lookup = &__nss_group_nonlocal_lookup, .fct_name = "endgrent",
     210        .status = &status
     211    };
     212    const __typeof__(&_nss_nonlocal_endgrent) self = NULL;
    258213
    259214    grent_nip = NULL;
    260215
    261     nip = nss_group_nonlocal_database();
    262     if (nip == NULL)
    263         return NSS_STATUS_UNAVAIL;
    264     if (fct_start == NULL)
    265         fct_start = __nss_lookup_function(nip, fct_name);
    266     fct.ptr = fct_start;
    267     do {
    268         if (fct.ptr == NULL)
    269             status = NSS_STATUS_UNAVAIL;
    270         else
    271             status = DL_CALL_FCT(fct.l, ());
    272     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     216#define args ()
     217#include "walk_nss.h"
     218#undef args
    273219    return status;
    274220}
     
    315261                         char *buffer, size_t buflen, int *errnop)
    316262{
    317     static const char *fct_name = "getgrnam_r";
    318     static void *fct_start = NULL;
    319     enum nss_status status;
    320     service_user *nip;
    321     union {
    322         enum nss_status (*l)(const char *name, struct group *grp,
    323                              char *buffer, size_t buflen, int *errnop);
    324         void *ptr;
    325     } fct;
     263    enum nss_status status;
     264    const struct walk_nss w = {
     265        .lookup = &__nss_group_nonlocal_lookup, .fct_name = "getgrnam_r",
     266        .status = &status, .errnop = errnop
     267    };
     268    const __typeof__(&_nss_nonlocal_getgrnam_r) self = NULL;
    326269
    327270    char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV);
     
    329272        return NSS_STATUS_UNAVAIL;
    330273
    331     nip = nss_group_nonlocal_database();
    332     if (nip == NULL)
    333         return NSS_STATUS_UNAVAIL;
    334     if (fct_start == NULL)
    335         fct_start = __nss_lookup_function(nip, fct_name);
    336     fct.ptr = fct_start;
    337     do {
    338         if (fct.ptr == NULL)
    339             status = NSS_STATUS_UNAVAIL;
    340         else
    341             status = DL_CALL_FCT(fct.l, (name, grp, buffer, buflen, errnop));
    342         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    343             break;
    344     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     274#define args (name, grp, buffer, buflen, errnop)
     275#include "walk_nss.h"
     276#undef args
    345277    if (status != NSS_STATUS_SUCCESS)
    346278        return status;
     
    358290                         char *buffer, size_t buflen, int *errnop)
    359291{
    360     static const char *fct_name = "getgrgid_r";
    361     static void *fct_start = NULL;
    362     enum nss_status status;
    363     service_user *nip;
    364     union {
    365         enum nss_status (*l)(gid_t gid, struct group *grp,
    366                              char *buffer, size_t buflen, int *errnop);
    367         void *ptr;
    368     } fct;
     292    enum nss_status status;
     293    const struct walk_nss w = {
     294        .lookup = &__nss_group_nonlocal_lookup, .fct_name = "getgrgid_r",
     295        .status = &status, .errnop = errnop
     296    };
     297    const __typeof__(&_nss_nonlocal_getgrgid_r) self = NULL;
    369298
    370299    char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV);
     
    372301        return NSS_STATUS_UNAVAIL;
    373302
    374     nip = nss_group_nonlocal_database();
    375     if (nip == NULL)
    376         return NSS_STATUS_UNAVAIL;
    377     if (fct_start == NULL)
    378         fct_start = __nss_lookup_function(nip, fct_name);
    379     fct.ptr = fct_start;
    380     do {
    381         if (fct.ptr == NULL)
    382             status = NSS_STATUS_UNAVAIL;
    383         else
    384             status = DL_CALL_FCT(fct.l, (gid, grp, buffer, buflen, errnop));
    385         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    386             break;
    387     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     303#define args (gid, grp, buffer, buflen, errnop)
     304#include "walk_nss.h"
     305#undef args
    388306    if (status != NSS_STATUS_SUCCESS)
    389307        return status;
     
    397315}
    398316
     317static bool
     318add_group(gid_t group, long int *start, long int *size, gid_t **groupsp,
     319          long int limit, int *errnop, enum nss_status *status)
     320{
     321    int i, old_errno = errno;
     322    for (i = 0; i < *start; ++i)
     323        if ((*groupsp)[i] == group)
     324            return true;
     325    if (*start + 1 > *size) {
     326        gid_t *newgroups;
     327        long int newsize = 2 * *size;
     328        if (limit > 0) {
     329            if (*size >= limit) {
     330                *status = NSS_STATUS_SUCCESS;
     331                return false;
     332            }
     333            if (newsize > limit)
     334                newsize = limit;
     335        }
     336        newgroups = realloc(*groupsp, newsize * sizeof((*groupsp)[0]));
     337        errno = old_errno;
     338        if (newgroups == NULL) {
     339            *errnop = ENOMEM;
     340            *status = NSS_STATUS_TRYAGAIN;
     341            return false;
     342        }
     343        *groupsp = newgroups;
     344        *size = newsize;
     345    }
     346    (*groupsp)[(*start)++] = group;
     347    return true;
     348}
     349
    399350enum nss_status
    400351_nss_nonlocal_initgroups_dyn(const char *user, gid_t group, long int *start,
     
    402353                             int *errnop)
    403354{
    404     static const char *fct_name = "initgroups_dyn";
    405     static void *fct_start = NULL;
    406     enum nss_status status;
    407     service_user *nip;
    408     union {
    409         enum nss_status (*l)(const char *user, gid_t group, long int *start,
    410                              long int *size, gid_t **groupsp, long int limit,
    411                              int *errnop);
    412         void *ptr;
    413     } fct;
     355    enum nss_status status;
     356    const struct walk_nss w = {
     357        .lookup = &__nss_group_nonlocal_lookup, .fct_name = "initgroups_dyn",
     358        .status = &status, .errnop = errnop
     359    };
     360    const __typeof__(&_nss_nonlocal_initgroups_dyn) self = NULL;
    414361
    415362    struct group local_users_group, nonlocal_users_group;
    416     gid_t local_users_gid, gid;
    417     int is_local = 0;
     363    bool is_nonlocal = true;
    418364    char *buffer;
    419     int old_errno;
    420365    int in, out, i;
    421366
    422     /* Check that the user is a nonlocal user before adding any groups. */
     367    /* Check that the user is a nonlocal user, or a member of the
     368     * MAGIC_NONLOCAL_GROUPNAME group, before adding any groups. */
    423369    status = check_nonlocal_user(user, errnop);
    424     if (status == NSS_STATUS_TRYAGAIN)
    425         return status;
    426     else if (status != NSS_STATUS_SUCCESS)
    427         is_local = 1;
    428 
    429     old_errno = errno;
    430 
    431     status = get_local_group(MAGIC_LOCAL_GROUPNAME,
    432                              &local_users_group, &buffer, errnop);
    433     if (status == NSS_STATUS_SUCCESS) {
    434         local_users_gid = local_users_group.gr_gid;
    435         free(buffer);
    436     } else if (status == NSS_STATUS_TRYAGAIN) {
    437         return status;
    438     } else {
    439         syslog(LOG_WARNING, "nss_nonlocal: Group %s does not exist locally!",
    440                MAGIC_LOCAL_GROUPNAME);
    441         local_users_gid = -1;
    442     }
    443 
    444     if (is_local) {
    445         gid = local_users_gid;
    446     } else {
    447         status = get_local_group(MAGIC_NONLOCAL_GROUPNAME,
    448                                  &nonlocal_users_group, &buffer, errnop);
     370    if (status == NSS_STATUS_TRYAGAIN) {
     371        return status;
     372    } else if (status != NSS_STATUS_SUCCESS) {
     373        is_nonlocal = false;
     374
     375        status = get_local_group(MAGIC_LOCAL_GROUPNAME,
     376                                 &local_users_group, &buffer, errnop);
    449377        if (status == NSS_STATUS_SUCCESS) {
    450             gid = nonlocal_users_group.gr_gid;
    451378            free(buffer);
     379            if (!add_group(local_users_group.gr_gid, start, size, groupsp,
     380                           limit, errnop, &status))
     381                return status;
    452382        } else if (status == NSS_STATUS_TRYAGAIN) {
    453383            return status;
    454384        } else {
    455             syslog(LOG_WARNING, "nss_nonlocal: Group %s does not exist locally!",
    456                    MAGIC_NONLOCAL_GROUPNAME);
    457             gid = -1;
    458         }
    459     }
    460 
    461     if (gid != -1) {
    462         int i;
    463         for (i = 0; i < *start; ++i)
    464             if ((*groupsp)[i] == gid)
    465                 break;
    466         if (i >= *start) {
    467             if (*start + 1 > *size) {
    468                 gid_t *newgroups;
    469                 long int newsize = 2 * *size;
    470                 if (limit > 0) {
    471                     if (*size >= limit)
    472                         return NSS_STATUS_SUCCESS;
    473                     if (newsize > limit)
    474                         newsize = limit;
     385            syslog(LOG_WARNING,
     386                   "nss_nonlocal: Group %s does not exist locally!",
     387                   MAGIC_LOCAL_GROUPNAME);
     388        }
     389    }
     390
     391    status = get_local_group(MAGIC_NONLOCAL_GROUPNAME,
     392                             &nonlocal_users_group, &buffer, errnop);
     393    if (status == NSS_STATUS_SUCCESS) {
     394        free(buffer);
     395        if (is_nonlocal) {
     396            if (!add_group(nonlocal_users_group.gr_gid, start, size, groupsp,
     397                           limit, errnop, &status))
     398                return status;
     399        } else {
     400            int i;
     401            for (i = 0; i < *start; ++i) {
     402                if ((*groupsp)[i] == nonlocal_users_group.gr_gid) {
     403                    is_nonlocal = true;
     404                    break;
    475405                }
    476                 newgroups = realloc(*groupsp, newsize * sizeof((*groupsp)[0]));
    477                 if (newgroups == NULL) {
    478                     *errnop = ENOMEM;
    479                     errno = old_errno;
    480                     return NSS_STATUS_TRYAGAIN;
     406            }
     407
     408            if (is_nonlocal) {
     409                struct passwd pwbuf;
     410                char *buf;
     411                int nonlocal_errno = *errnop;
     412                status = get_nonlocal_passwd(user, &pwbuf, &buf, errnop);
     413
     414                if (status == NSS_STATUS_SUCCESS) {
     415                    nonlocal_errno = *errnop;
     416                    status = check_nonlocal_gid(user, NULL, pwbuf.pw_gid,
     417                                                &nonlocal_errno);
     418                    free(buf);
    481419                }
    482                 *groupsp = newgroups;
    483                 *size = newsize;
     420
     421                if (status == NSS_STATUS_SUCCESS) {
     422                    if (!add_group(pwbuf.pw_gid, start, size, groupsp, limit,
     423                                   errnop, &status))
     424                        return status;
     425                } else if (status == NSS_STATUS_TRYAGAIN) {
     426                    *errnop = nonlocal_errno;
     427                    return status;
     428                }
    484429            }
    485             (*groupsp)[(*start)++] = gid;
    486         }
    487     }
    488 
    489     if (is_local)
     430        }
     431    } else if (status == NSS_STATUS_TRYAGAIN) {
     432        if (is_nonlocal)
     433            return status;
     434    } else {
     435        syslog(LOG_WARNING, "nss_nonlocal: Group %s does not exist locally!",
     436               MAGIC_NONLOCAL_GROUPNAME);
     437    }
     438
     439    if (!is_nonlocal)
    490440        return NSS_STATUS_SUCCESS;
    491441
    492442    in = out = *start;
    493443
    494     nip = nss_group_nonlocal_database();
    495     if (nip == NULL)
    496         return NSS_STATUS_UNAVAIL;
    497     if (fct_start == NULL)
    498         fct_start = __nss_lookup_function(nip, fct_name);
    499     fct.ptr = fct_start;
    500 
    501     do {
    502         if (fct.ptr == NULL)
    503             status = NSS_STATUS_UNAVAIL;
    504         else
    505             status = DL_CALL_FCT(fct.l, (user, group, start, size, groupsp, limit, errnop));
    506         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    507             break;
    508     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     444#define args (user, group, start, size, groupsp, limit, errnop)
     445#include "walk_nss.h"
     446#undef args
    509447    if (status != NSS_STATUS_SUCCESS)
    510448        return status;
     
    519457            continue;
    520458
    521         /* Don't let users get into MAGIC_LOCAL_GROUPNAME from nonlocal reasons. */
    522         if (local_users_gid == (*groupsp)[in]) {
    523             syslog(LOG_WARNING, "nss_nonlocal: Nonlocal user %s removed from special local users group %s",
    524                    user, MAGIC_LOCAL_GROUPNAME);
    525             continue;
    526         }
    527 
    528         status = check_nonlocal_gid(user, (*groupsp)[in], &nonlocal_errno);
     459        status = check_nonlocal_gid(user, NULL, (*groupsp)[in],
     460                                    &nonlocal_errno);
    529461        if (status == NSS_STATUS_SUCCESS) {
    530462            (*groupsp)[out++] = (*groupsp)[in];
  • branches/fc15-dev/server/common/oursrc/nss_nonlocal/nonlocal-passwd.c

    r1553 r1878  
    5050
    5151
    52 static service_user *
    53 nss_passwd_nonlocal_database(void)
    54 {
    55     static service_user *nip = NULL;
    56     if (nip == NULL)
    57         __nss_database_lookup("passwd_nonlocal", NULL, "", &nip);
    58 
    59     return nip;
     52static service_user *__nss_passwd_nonlocal_database;
     53
     54static int
     55internal_function
     56__nss_passwd_nonlocal_lookup(service_user **ni, const char *fct_name,
     57                             void **fctp)
     58{
     59    if (__nss_passwd_nonlocal_database == NULL
     60        && __nss_database_lookup("passwd_nonlocal", NULL, NULL,
     61                                 &__nss_passwd_nonlocal_database) < 0)
     62        return -1;
     63
     64    *ni = __nss_passwd_nonlocal_database;
     65
     66    *fctp = __nss_lookup_function(*ni, fct_name);
     67    return 0;
    6068}
    6169
     
    6472check_nonlocal_uid(const char *user, uid_t uid, int *errnop)
    6573{
    66     static const char *fct_name = "getpwuid_r";
    67     static service_user *startp = NULL;
    68     static void *fct_start = NULL;
    69     enum nss_status status;
    70     service_user *nip;
    71     union {
    72         enum nss_status (*l)(uid_t uid, struct passwd *pwd,
    73                              char *buffer, size_t buflen, int *errnop);
    74         void *ptr;
    75     } fct;
     74    enum nss_status status;
    7675    struct passwd pwbuf;
    77     int old_errno = errno;
    78 
     76    char *buf;
    7977    size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
    80     char *buf = malloc(buflen);
    81     if (buf == NULL) {
    82         *errnop = ENOMEM;
    83         errno = old_errno;
    84         return NSS_STATUS_TRYAGAIN;
    85     }
    86 
    87     if (fct_start == NULL &&
    88         __nss_passwd_lookup(&startp, fct_name, &fct_start) != 0) {
    89         free(buf);
    90         return NSS_STATUS_UNAVAIL;
    91     }
    92     nip = startp;
    93     fct.ptr = fct_start;
    94     do {
    95     morebuf:
    96         if (fct.l == _nss_nonlocal_getpwuid_r)
    97             status = NSS_STATUS_NOTFOUND;
    98         else
    99             status = DL_CALL_FCT(fct.l, (uid, &pwbuf, buf, buflen, errnop));
    100         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
    101             free(buf);
    102             buflen *= 2;
    103             buf = malloc(buflen);
    104             if (buf == NULL) {
    105                 *errnop = ENOMEM;
    106                 errno = old_errno;
    107                 return NSS_STATUS_TRYAGAIN;
    108             }
    109             goto morebuf;
    110         }
    111     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     78    const struct walk_nss w = {
     79        .lookup = &__nss_passwd_lookup, .fct_name = "getpwuid_r",
     80        .status = &status, .errnop = errnop, .buf = &buf, .buflen = &buflen
     81    };
     82    const __typeof__(&_nss_nonlocal_getpwuid_r) self = &_nss_nonlocal_getpwuid_r;
     83#define args (uid, &pwbuf, buf, buflen, errnop)
     84#include "walk_nss.h"
     85#undef args
    11286
    11387    if (status == NSS_STATUS_SUCCESS) {
    11488        syslog(LOG_ERR, "nss_nonlocal: possible spoofing attack: non-local user %s has same UID as local user %s!\n", user, pwbuf.pw_name);
     89        free(buf);
    11590        status = NSS_STATUS_NOTFOUND;
    11691    } else if (status != NSS_STATUS_TRYAGAIN) {
     
    11893    }
    11994
    120     free(buf);
    12195    return status;
    12296}
     
    132106    errno = 0;
    133107    uid = strtoul(pwd->pw_name, &end, 10);
    134     if (errno == 0 && *end == '\0' && (uid_t)uid == uid)
     108    if (errno == 0 && *end == '\0' && (uid_t)uid == uid) {
     109        errno = old_errno;
    135110        status = check_nonlocal_uid(user, uid, errnop);
    136     errno = old_errno;
     111    } else {
     112        errno = old_errno;
     113    }
    137114    if (status != NSS_STATUS_SUCCESS)
    138115        return status;
     
    144121check_nonlocal_user(const char *user, int *errnop)
    145122{
    146     static const char *fct_name = "getpwnam_r";
    147     static service_user *startp = NULL;
    148     static void *fct_start = NULL;
    149     enum nss_status status;
    150     service_user *nip;
    151     union {
    152         enum nss_status (*l)(const char *name, struct passwd *pwd,
    153                              char *buffer, size_t buflen, int *errnop);
    154         void *ptr;
    155     } fct;
     123    enum nss_status status;
    156124    struct passwd pwbuf;
    157     int old_errno = errno;
    158 
     125    char *buf;
    159126    size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
    160     char *buf = malloc(buflen);
    161     if (buf == NULL) {
    162         *errnop = ENOMEM;
    163         errno = old_errno;
    164         return NSS_STATUS_TRYAGAIN;
    165     }
    166 
    167     if (fct_start == NULL &&
    168         __nss_passwd_lookup(&startp, fct_name, &fct_start) != 0) {
     127    const struct walk_nss w = {
     128        .lookup = __nss_passwd_lookup, .fct_name = "getpwnam_r",
     129        .status = &status, .errnop = errnop, .buf = &buf, .buflen = &buflen
     130    };
     131    const __typeof__(&_nss_nonlocal_getpwnam_r) self = &_nss_nonlocal_getpwnam_r;
     132#define args (user, &pwbuf, buf, buflen, errnop)
     133#include "walk_nss.h"
     134#undef args
     135
     136    if (status == NSS_STATUS_SUCCESS) {
    169137        free(buf);
    170         return NSS_STATUS_UNAVAIL;
    171     }
    172     nip = startp;
    173     fct.ptr = fct_start;
    174     do {
    175     morebuf:
    176         if (fct.l == _nss_nonlocal_getpwnam_r)
    177             status = NSS_STATUS_NOTFOUND;
    178         else
    179             status = DL_CALL_FCT(fct.l, (user, &pwbuf, buf, buflen, errnop));
    180         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
    181             free(buf);
    182             buflen *= 2;
    183             buf = malloc(buflen);
    184             if (buf == NULL) {
    185                 *errnop = ENOMEM;
    186                 errno = old_errno;
    187                 return NSS_STATUS_TRYAGAIN;
    188             }
    189             goto morebuf;
    190         }
    191     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
    192 
    193     if (status == NSS_STATUS_SUCCESS)
    194138        status = NSS_STATUS_NOTFOUND;
    195     else if (status != NSS_STATUS_TRYAGAIN)
     139    } else if (status != NSS_STATUS_TRYAGAIN) {
    196140        status = NSS_STATUS_SUCCESS;
    197 
    198     free(buf);
     141    }
     142
    199143    return status;
    200144}
    201145
    202 
    203 static service_user *pwent_nip = NULL;
     146enum nss_status
     147get_nonlocal_passwd(const char *name, struct passwd *pwd, char **buffer,
     148                    int *errnop)
     149{
     150    enum nss_status status;
     151    size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
     152    const struct walk_nss w = {
     153        .lookup = __nss_passwd_nonlocal_lookup, .fct_name = "getpwnam_r",
     154        .status = &status, .errnop = errnop, .buf = buffer, .buflen = &buflen
     155    };
     156    const __typeof__(&_nss_nonlocal_getpwnam_r) self = NULL;
     157#define args (name, pwd, *buffer, buflen, errnop)
     158#include "walk_nss.h"
     159#undef args
     160    return status;
     161}
     162
     163
     164static service_user *pwent_startp, *pwent_nip;
    204165static void *pwent_fct_start;
    205166static union {
     
    213174_nss_nonlocal_setpwent(int stayopen)
    214175{
    215     static const char *fct_name = "setpwent";
    216     static void *fct_start = NULL;
    217     enum nss_status status;
    218     service_user *nip;
    219     union {
    220         enum nss_status (*l)(int stayopen);
    221         void *ptr;
    222     } fct;
    223 
    224     nip = nss_passwd_nonlocal_database();
    225     if (nip == NULL)
    226         return NSS_STATUS_UNAVAIL;
    227     if (fct_start == NULL)
    228         fct_start = __nss_lookup_function(nip, fct_name);
    229     fct.ptr = fct_start;
    230     do {
    231         if (fct.ptr == NULL)
    232             status = NSS_STATUS_UNAVAIL;
    233         else
    234             status = DL_CALL_FCT(fct.l, (stayopen));
    235     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
    236     if (status != NSS_STATUS_SUCCESS)
    237         return status;
    238 
    239     pwent_nip = nip;
     176    enum nss_status status;
     177    const struct walk_nss w = {
     178        .lookup = &__nss_passwd_nonlocal_lookup, .fct_name = "setpwent",
     179        .status = &status
     180    };
     181    const __typeof__(&_nss_nonlocal_setpwent) self = NULL;
     182#define args (stayopen)
     183#include "walk_nss.h"
     184#undef args
     185    if (status != NSS_STATUS_SUCCESS)
     186        return status;
     187
    240188    if (pwent_fct_start == NULL)
    241         pwent_fct_start = __nss_lookup_function(nip, pwent_fct_name);
     189        __nss_passwd_nonlocal_lookup(&pwent_startp, pwent_fct_name,
     190                                     &pwent_fct_start);
     191    pwent_nip = pwent_startp;
    242192    pwent_fct.ptr = pwent_fct_start;
    243193    return NSS_STATUS_SUCCESS;
     
    247197_nss_nonlocal_endpwent(void)
    248198{
    249     static const char *fct_name = "endpwent";
    250     static void *fct_start = NULL;
    251     enum nss_status status;
    252     service_user *nip;
    253     union {
    254         enum nss_status (*l)(void);
    255         void *ptr;
    256     } fct;
     199    enum nss_status status;
     200    const struct walk_nss w = {
     201        .lookup = &__nss_passwd_nonlocal_lookup, .fct_name = "endpwent",
     202        .status = &status
     203    };
     204    const __typeof__(&_nss_nonlocal_endpwent) self = NULL;
    257205
    258206    pwent_nip = NULL;
    259207
    260     nip = nss_passwd_nonlocal_database();
    261     if (nip == NULL)
    262         return NSS_STATUS_UNAVAIL;
    263     if (fct_start == NULL)
    264         fct_start = __nss_lookup_function(nip, fct_name);
    265     fct.ptr = fct_start;
    266     do {
    267         if (fct.ptr == NULL)
    268             status = NSS_STATUS_UNAVAIL;
    269         else
    270             status = DL_CALL_FCT(fct.l, ());
    271     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     208#define args ()
     209#include "walk_nss.h"
     210#undef args
    272211    return status;
    273212}
     
    314253                         char *buffer, size_t buflen, int *errnop)
    315254{
    316     static const char *fct_name = "getpwnam_r";
    317     static void *fct_start = NULL;
    318     enum nss_status status;
    319     service_user *nip;
    320     union {
    321         enum nss_status (*l)(const char *name, struct passwd *pwd,
    322                              char *buffer, size_t buflen, int *errnop);
    323         void *ptr;
    324     } fct;
     255    enum nss_status status;
    325256    int group_errno;
     257    const struct walk_nss w = {
     258        .lookup = __nss_passwd_nonlocal_lookup, .fct_name = "getpwnam_r",
     259        .status = &status, .errnop = errnop
     260    };
     261    const __typeof__(&_nss_nonlocal_getpwnam_r) self = NULL;
    326262
    327263    char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV);
     
    329265        return NSS_STATUS_UNAVAIL;
    330266
    331     nip = nss_passwd_nonlocal_database();
    332     if (nip == NULL)
    333         return NSS_STATUS_UNAVAIL;
    334     if (fct_start == NULL)
    335         fct_start = __nss_lookup_function(nip, fct_name);
    336     fct.ptr = fct_start;
    337     do {
    338         if (fct.ptr == NULL)
    339             status = NSS_STATUS_UNAVAIL;
    340         else
    341             status = DL_CALL_FCT(fct.l, (name, pwd, buffer, buflen, errnop));
    342         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    343             break;
    344     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     267#define args (name, pwd, buffer, buflen, errnop)
     268#include "walk_nss.h"
     269#undef args
    345270    if (status != NSS_STATUS_SUCCESS)
    346271        return status;
     
    355280        return status;
    356281
    357     if (check_nonlocal_gid(name, pwd->pw_gid, &group_errno) !=
     282    if (check_nonlocal_gid(name, NULL, pwd->pw_gid, &group_errno) !=
    358283        NSS_STATUS_SUCCESS)
    359284        pwd->pw_gid = 65534 /* nogroup */;
     
    365290                         char *buffer, size_t buflen, int *errnop)
    366291{
    367     static const char *fct_name = "getpwuid_r";
    368     static void *fct_start = NULL;
    369     enum nss_status status;
    370     service_user *nip;
    371     union {
    372         enum nss_status (*l)(uid_t uid, struct passwd *pwd,
    373                              char *buffer, size_t buflen, int *errnop);
    374         void *ptr;
    375     } fct;
     292    enum nss_status status;
    376293    int group_errno;
     294    const struct walk_nss w = {
     295        .lookup = &__nss_passwd_nonlocal_lookup, .fct_name = "getpwuid_r",
     296        .status = &status, .errnop = errnop
     297    };
     298    const __typeof__(&_nss_nonlocal_getpwuid_r) self = NULL;
    377299
    378300    char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV);
     
    380302        return NSS_STATUS_UNAVAIL;
    381303
    382     nip = nss_passwd_nonlocal_database();
    383     if (nip == NULL)
    384         return NSS_STATUS_UNAVAIL;
    385     if (fct_start == NULL)
    386         fct_start = __nss_lookup_function(nip, fct_name);
    387     fct.ptr = fct_start;
    388     do {
    389         if (fct.ptr == NULL)
    390             status = NSS_STATUS_UNAVAIL;
    391         else
    392             status = DL_CALL_FCT(fct.l, (uid, pwd, buffer, buflen, errnop));
    393         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    394             break;
    395     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     304#define args (uid, pwd, buffer, buflen, errnop)
     305#include "walk_nss.h"
     306#undef args
    396307    if (status != NSS_STATUS_SUCCESS)
    397308        return status;
     
    406317        return status;
    407318
    408     if (check_nonlocal_gid(pwd->pw_name, pwd->pw_gid, &group_errno) !=
     319    if (check_nonlocal_gid(pwd->pw_name, NULL, pwd->pw_gid, &group_errno) !=
    409320        NSS_STATUS_SUCCESS)
    410321        pwd->pw_gid = 65534 /* nogroup */;
  • branches/fc15-dev/server/common/oursrc/nss_nonlocal/nonlocal-shadow.c

    r1553 r1878  
    4040
    4141
    42 static service_user *
    43 nss_shadow_nonlocal_database(void)
     42static service_user *__nss_shadow_nonlocal_database;
     43
     44static int
     45internal_function
     46__nss_shadow_nonlocal_lookup(service_user **ni, const char *fct_name,
     47                            void **fctp)
    4448{
    45     static service_user *nip = NULL;
    46     if (nip == NULL)
    47         __nss_database_lookup("shadow_nonlocal", NULL, "", &nip);
     49    if (__nss_shadow_nonlocal_database == NULL
     50        && __nss_database_lookup("shadow_nonlocal", NULL, NULL,
     51                                 &__nss_shadow_nonlocal_database) < 0)
     52        return -1;
    4853
    49     return nip;
     54    *ni = __nss_shadow_nonlocal_database;
     55
     56    *fctp = __nss_lookup_function(*ni, fct_name);
     57    return 0;
    5058}
    5159
    5260
    53 static service_user *spent_nip = NULL;
     61static service_user *spent_startp, *spent_nip;
    5462static void *spent_fct_start;
    5563static union {
     
    6371_nss_nonlocal_setspent(int stayopen)
    6472{
    65     static const char *fct_name = "setspent";
    66     static void *fct_start = NULL;
    6773    enum nss_status status;
    68     service_user *nip;
    69     union {
    70         enum nss_status (*l)(int stayopen);
    71         void *ptr;
    72     } fct;
    73 
    74     nip = nss_shadow_nonlocal_database();
    75     if (nip == NULL)
    76         return NSS_STATUS_UNAVAIL;
    77     if (fct_start == NULL)
    78         fct_start = __nss_lookup_function(nip, fct_name);
    79     fct.ptr = fct_start;
    80     do {
    81         if (fct.ptr == NULL)
    82             status = NSS_STATUS_UNAVAIL;
    83         else
    84             status = DL_CALL_FCT(fct.l, (stayopen));
    85     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     74    const struct walk_nss w = {
     75        .lookup = &__nss_shadow_nonlocal_lookup, .fct_name = "setspent",
     76        .status = &status
     77    };
     78    const __typeof__(&_nss_nonlocal_setspent) self = NULL;
     79#define args (stayopen)
     80#include "walk_nss.h"
     81#undef args
    8682    if (status != NSS_STATUS_SUCCESS)
    8783        return status;
    8884
    89     spent_nip = nip;
    9085    if (spent_fct_start == NULL)
    91         spent_fct_start = __nss_lookup_function(nip, spent_fct_name);
     86        __nss_shadow_nonlocal_lookup(&spent_startp, spent_fct_name,
     87                                     &spent_fct_start);
     88    spent_nip = spent_startp;
    9289    spent_fct.ptr = spent_fct_start;
    9390    return NSS_STATUS_SUCCESS;
     
    9794_nss_nonlocal_endspent(void)
    9895{
    99     static const char *fct_name = "endspent";
    100     static void *fct_start = NULL;
    10196    enum nss_status status;
    102     service_user *nip;
    103     union {
    104         enum nss_status (*l)(void);
    105         void *ptr;
    106     } fct;
     97    const struct walk_nss w = {
     98        .lookup = &__nss_shadow_nonlocal_lookup, .fct_name = "endspent",
     99        .status = &status
     100    };
     101    const __typeof__(&_nss_nonlocal_endspent) self = NULL;
    107102
    108103    spent_nip = NULL;
    109104
    110     nip = nss_shadow_nonlocal_database();
    111     if (nip == NULL)
    112         return NSS_STATUS_UNAVAIL;
    113     if (fct_start == NULL)
    114         fct_start = __nss_lookup_function(nip, fct_name);
    115     fct.ptr = fct_start;
    116     do {
    117         if (fct.ptr == NULL)
    118             status = NSS_STATUS_UNAVAIL;
    119         else
    120             status = DL_CALL_FCT(fct.l, ());
    121     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     105#define args ()
     106#include "walk_nss.h"
     107#undef args
    122108    return status;
    123109}
     
    154140                         char *buffer, size_t buflen, int *errnop)
    155141{
    156     static const char *fct_name = "getspnam_r";
    157     static void *fct_start = NULL;
    158142    enum nss_status status;
    159     service_user *nip;
    160     union {
    161         enum nss_status (*l)(const char *name, struct spwd *pwd,
    162                              char *buffer, size_t buflen, int *errnop);
    163         void *ptr;
    164     } fct;
    165 
    166     nip = nss_shadow_nonlocal_database();
    167     if (nip == NULL)
    168         return NSS_STATUS_UNAVAIL;
    169     if (fct_start == NULL)
    170         fct_start = __nss_lookup_function(nip, fct_name);
    171     fct.ptr = fct_start;
    172     do {
    173         if (fct.ptr == NULL)
    174             status = NSS_STATUS_UNAVAIL;
    175         else
    176             status = DL_CALL_FCT(fct.l, (name, pwd, buffer, buflen, errnop));
    177         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    178             break;
    179     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     143    const struct walk_nss w = {
     144        .lookup = __nss_shadow_nonlocal_lookup, .fct_name = "getspnam_r",
     145        .status = &status, .errnop = errnop
     146    };
     147    const __typeof__(&_nss_nonlocal_getspnam_r) self = NULL;
     148#define args (name, pwd, buffer, buflen, errnop)
     149#include "walk_nss.h"
     150#undef args
    180151    if (status != NSS_STATUS_SUCCESS)
    181152        return status;
  • branches/fc15-dev/server/common/oursrc/nss_nonlocal/nonlocal.h

    r782 r1878  
     1/*
     2 * nonlocal.h
     3 * common definitions for nss_nonlocal proxy
     4 *
     5 * Copyright © 2007–2010 Anders Kaseorg <andersk@mit.edu> and Tim
     6 * Abbott <tabbott@mit.edu>
     7 *
     8 * This file is part of nss_nonlocal.
     9 *
     10 * nss_nonlocal is free software; you can redistribute it and/or
     11 * modify it under the terms of the GNU Lesser General Public License
     12 * as published by the Free Software Foundation; either version 2.1 of
     13 * the License, or (at your option) any later version.
     14 *
     15 * nss_nonlocal is distributed in the hope that it will be useful, but
     16 * WITHOUT ANY WARRANTY; without even the implied warranty of
     17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     18 * Lesser General Public License for more details.
     19 *
     20 * You should have received a copy of the GNU Lesser General Public
     21 * License along with nss_nonlocal; if not, write to the Free Software
     22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
     23 * 02110-1301  USA
     24 */
     25
    126#ifndef NONLOCAL_H
    227#define NONLOCAL_H
     
    429#include "config.h"
    530
     31#ifdef HAVE_STDBOOL_H
     32# include <stdbool.h>
     33#else
     34# ifndef HAVE__BOOL
     35#  ifdef __cplusplus
     36typedef bool _Bool;
     37#  else
     38#   define _Bool signed char
     39#  endif
     40# endif
     41# define bool _Bool
     42# define false 0
     43# define true 1
     44# define __bool_true_false_are_defined 1
     45#endif
     46
     47#include "nsswitch-internal.h"
     48#include <pwd.h>
     49
     50struct walk_nss {
     51    enum nss_status *status;
     52    int (*lookup)(service_user **ni, const char *fct_name,
     53                  void **fctp) internal_function;
     54    const char *fct_name;
     55    int *errnop;
     56    char **buf;
     57    size_t *buflen;
     58};
     59
    660enum nss_status check_nonlocal_uid(const char *user, uid_t uid, int *errnop);
    7 enum nss_status check_nonlocal_gid(const char *user, gid_t gid, int *errnop);
     61enum nss_status check_nonlocal_gid(const char *user, const char *group,
     62                                   gid_t gid, int *errnop);
    863enum nss_status check_nonlocal_user(const char *user, int *errnop);
     64enum nss_status get_nonlocal_passwd(const char *name, struct passwd *pwd,
     65                                    char **buffer, int *errnop);
    966
    1067#define NONLOCAL_IGNORE_ENV "NSS_NONLOCAL_IGNORE"
  • branches/fc15-dev/server/common/oursrc/php_scripts/php_scripts-config.m4

    • Property svn:mergeinfo changed (with no actual effect on merging)
  • branches/fc15-dev/server/common/oursrc/scripts-static-cat/StaticCat.hs

    r1784 r1878  
    3535         (".css", "text/css"),
    3636         (".doc", "application/msword"),
     37         (".docm", "application/vnd.ms-word.document.macroEnabled.12"),
     38         (".docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document"),
     39         (".dot", "application/msword"),
     40         (".dotm", "application/vnd.ms-word.template.macroEnabled.12"),
     41         (".dotx", "application/vnd.openxmlformats-officedocument.wordprocessingml.template"),
    3742         (".gif", "image/gif"),
    3843         (".htm", "text/html"),
     
    5055         (".mpeg", "video/mpeg"),
    5156         (".mpg", "video/mpeg"),
     57         (".odb", "application/vnd.oasis.opendocument.database"),
     58         (".odc", "application/vnd.oasis.opendocument.chart"),
     59         (".odf", "application/vnd.oasis.opendocument.formula"),
     60         (".odg", "application/vnd.oasis.opendocument.graphics"),
     61         (".odi", "application/vnd.oasis.opendocument.image"),
     62         (".odm", "application/vnd.oasis.opendocument.text-master"),
     63         (".odp", "application/vnd.oasis.opendocument.presentation"),
     64         (".ods", "application/vnd.oasis.opendocument.spreadsheet"),
     65         (".odt", "application/vnd.oasis.opendocument.text"),
    5266         (".otf", "application/octet-stream"),
     67         (".otg", "application/vnd.oasis.opendocument.graphics-template"),
     68         (".oth", "application/vnd.oasis.opendocument.text-web"),
     69         (".otp", "application/vnd.oasis.opendocument.presentation-template"),
     70         (".ots", "application/vnd.oasis.opendocument.spreadsheet-template"),
     71         (".ott", "application/vnd.oasis.opendocument.text-template"),
    5372         (".pdf", "application/pdf"),
    5473         (".png", "image/png"),
     74         (".pot", "application/vnd.ms-powerpoint"),
     75         (".potm", "application/vnd.ms-powerpoint.template.macroEnabled.12"),
     76         (".potx", "application/vnd.openxmlformats-officedocument.presentationml.template"),
     77         (".ppa", "application/vnd.ms-powerpoint"),
     78         (".ppam", "application/vnd.ms-powerpoint.addin.macroEnabled.12"),
     79         (".pps", "application/vnd.ms-powerpoint"),
     80         (".ppsm", "application/vnd.ms-powerpoint.slideshow.macroEnabled.12"),
     81         (".ppsx", "application/vnd.openxmlformats-officedocument.presentationml.slideshow"),
    5582         (".ppt", "application/vnd.ms-powerpoint"),
     83         (".pptm", "application/vnd.ms-powerpoint.presentation.macroEnabled.12"),
     84         (".pptx", "application/vnd.openxmlformats-officedocument.presentationml.presentation"),
    5685         (".ps", "application/postscript"),
    5786         (".svg", "image/svg+xml"),
     
    6796         (".xap", "application/x-silverlight-app"),
    6897         (".xhtml", "application/xhtml+xml"),
     98         (".xla", "application/vnd.ms-excel"),
     99         (".xlam", "application/vnd.ms-excel.addin.macroEnabled.12"),
    69100         (".xls", "application/vnd.ms-excel"),
     101         (".xlsb", "application/vnd.ms-excel.sheet.binary.macroEnabled.12"),
     102         (".xlsm", "application/vnd.ms-excel.sheet.macroEnabled.12"),
     103         (".xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"),
     104         (".xlt", "application/vnd.ms-excel"),
     105         (".xltm", "application/vnd.ms-excel.template.macroEnabled.12"),
     106         (".xltx", "application/vnd.openxmlformats-officedocument.spreadsheetml.template"),
    70107         (".xml", "text/xml"),
    71108         (".xsl", "text/xml"),
  • branches/fc15-dev/server/common/patches/httpd-suexec-scripts.patch

    r1785 r1878  
    7373 
    7474     /* variable name is */
    75 @@ -245,9 +250,71 @@
     75@@ -245,9 +250,108 @@
    7676     environ = cleanenv;
    7777 }
     
    100100+    "xls",
    101101+    "ppt",
     102+    "dot",
     103+    "docx",
     104+    "dotx",
     105+    "docm",
     106+    "dotm",
     107+    "xlt",
     108+    "xla",
     109+    "xlsx",
     110+    "xltx",
     111+    "xlsm",
     112+    "xltm",
     113+    "xlam",
     114+    "xlsb",
     115+    "pot",
     116+    "pps",
     117+    "ppa",
     118+    "pptx",
     119+    "potx",
     120+    "ppsx",
     121+    "ppam",
     122+    "pptm",
     123+    "potm",
     124+    "ppsm",
    102125+    "swf",
    103126+    "mp3",
     
    117140+    "ttf",
    118141+    "otf",
     142+    "odc",
     143+    "odb",
     144+    "odf",
     145+    "odg",
     146+    "otg",
     147+    "odi",
     148+    "odp",
     149+    "otp",
     150+    "ods",
     151+    "ots",
     152+    "odt",
     153+    "odm",
     154+    "ott",
     155+    "oth",
    119156+    NULL
    120157+};
     
    145182     gid_t gid;              /* target group placeholder  */
    146183     char *target_uname;     /* target user name          */
    147 @@ -268,6 +331,7 @@
     184@@ -268,6 +368,7 @@
    148185      * Start with a "clean" environment
    149186      */
     
    153190     prog = argv[0];
    154191     /*
    155 @@ -350,6 +414,20 @@
     192@@ -350,6 +451,20 @@
    156193 #endif /*_OSD_POSIX*/
    157194 
     
    174211      * or attempts to back up out of the current directory,
    175212      * to protect against attacks.  If any are
    176 @@ -371,6 +449,7 @@
     213@@ -371,6 +486,7 @@
    177214         userdir = 1;
    178215     }
     
    182219      * Error out if the target username is invalid.
    183220      */
    184 @@ -452,7 +531,7 @@
     221@@ -452,7 +568,7 @@
    185222      * Error out if attempt is made to execute as root or as
    186223      * a UID less than AP_UID_MIN.  Tsk tsk.
     
    191228         exit(107);
    192229     }
    193 @@ -484,6 +563,7 @@
     230@@ -484,6 +599,7 @@
    194231         log_err("failed to setuid (%ld: %s)\n", uid, cmd);
    195232         exit(110);
     
    199236     /*
    200237      * Get the current working directory, as well as the proper
    201 @@ -506,6 +600,21 @@
     238@@ -506,6 +637,21 @@
    202239             log_err("cannot get docroot information (%s)\n", target_homedir);
    203240             exit(112);
     
    221258     else {
    222259         if (((chdir(AP_DOC_ROOT)) != 0) ||
    223 @@ -532,15 +641,17 @@
     260@@ -532,15 +678,17 @@
    224261     /*
    225262      * Error out if cwd is writable by others.
     
    240277         exit(117);
    241278     }
    242 @@ -548,10 +659,12 @@
     279@@ -548,10 +696,12 @@
    243280     /*
    244281      * Error out if the program is writable by others.
     
    253290     /*
    254291      * Error out if the file is setuid or setgid.
    255 @@ -565,6 +678,7 @@
     292@@ -565,6 +715,7 @@
    256293      * Error out if the target name/group is different from
    257294      * the name/group of the cwd or the program.
     
    261298         (gid != dir_info.st_gid) ||
    262299         (uid != prg_info.st_uid) ||
    263 @@ -576,12 +690,14 @@
     300@@ -576,12 +727,14 @@
    264301                 prg_info.st_uid, prg_info.st_gid);
    265302         exit(120);
     
    277314         exit(121);
    278315     }
    279 @@ -614,6 +730,23 @@
     316@@ -614,6 +767,23 @@
    280317     /*
    281318      * Execute the command, replacing our image with its own.
  • branches/fc15-dev/server/doc/install-ldap

    r1698 r1878  
    2828
    2929# Inside cn=config.  These changes definitely require a restart.
    30 nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
     30nsslapd-ldapifilepath: /var/run/slapd-scripts.socket
    3131nsslapd-ldapilisten: on
    3232nsslapd-syntaxcheck: off
     
    5151- chown fedora-ds:fedora-ds /var/run/dirsrv
    5252- chown fedora-ds /etc/dirsrv/keytab
    53 - chmod 755 /var/run/dirsrv
    5453- /sbin/service dirsrv start
    5554- Use ldapvi -b cn=config to add these indexes (8 of them):
  • branches/fc15-dev/server/doc/install-xen

    r1693 r1878  
    1 # install Hardy
    2 # this involves complicated partitioning (with lvm)
    3 # the popular version of Grub doesn't cope with this.
    4 # Thus, we need a boot partition not under LVM
    5 # allocate about 1G for /root ext3 filesystem
    6 # partition the two disks the same way
    7 # that means you have two disks, each with a 1G partition and
    8 # a "rest-of-the-space"G partition
    9 # now, combine the two 1G partitions into a RAID 1 (as /boot ext3)
    10 # take the two other partitions, another RAID 1 (set up as lvm)
    11 # create one volume group the same as the host
    12 # in that volume group, create two lvs one of them named root (ext3)
    13 # and one named swap (copy sizes, 10G root and 2G swap)
    14 # F11 will suggest ext4, DON'T USE IT.
     1# install Squeeze
     2 # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID
     3 # Create a RAID1 for the 1G partitions
     4 # Create a RAID1 for each pair of rest-of-the-space partitions
     5 # Create an ext3 /boot on the 1G RAID1
     6 # Create an LVM volume group named after the machine's short hostname
     7 # Create an LV called "swap" that is the same size as the machine's physical RAM
     8 # Create an LV called "root" that is 50G ext4
     9
     10# ??? F11 will suggest ext4, DON'T USE IT.
    1511#   - New filesystem, so it's scary
    1612#   - The hosts can't mount it
    1713#   - Grub can't cope with it
    1814
    19 # enable backports (because Xen 3.3 is in hardy backports)
    20     apt-get update
    21     apt-get dist-upgrade
     15# install useful utility packages
     16    aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron bwm-ng bzip2 ethtool i2c-tools lm-sensors mii-diag molly-guard mtr-tiny nbd-client nbd-server rlwrap strace tcpdump tree
     17    git config --global color.ui auto
     18
    2219# install Xen
    23     apt-get install ubuntu-xen-server
     20    aptitude install xen-linux-system
     21
    2422# download Debathena archive key, verify
    25     apt-key add ...
    26 # add Debathena repos to etc/apt.d/sources.list
    27 # install Debathena software
    28     apt-get install debathena-clients
     23  (aptitude install debian-keyring &&
     24  cd /tmp &&
     25  wget http://debathena.mit.edu/apt/debathena-archive.asc &&
     26  kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) &&
     27  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc &&
     28  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys &&
     29  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint &&
     30  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import)
     31
     32# add Debathena repos to etc/apt/sources.list.d
     33  cat <<EOF > /etc/apt/sources.list.d/debathena.list
     34deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs
     35deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs
     36EOF
     37
     38# install host keytab
     39  cp $keytab /etc/krb5.keytab
     40  k5srvutil change
     41  k5srvutil delold
     42# install ~/.k5login
     43# install Debathena software (hit enter to take the defaults at the
     44# configuration prompts)
     45  aptitude update
     46  aptitude install debathena-clients debathena-ssh-server-config
    2947# compare packages with another server
    30 dpkg -l
     48  dpkg -l
    3149# reconfigure so that we can get an MTA, although we don't
    32 # want the hosts to accept mail (smart host, does not take mail)
     50# want the hosts to accept mail (mail sent by smarthost; no local mail)
    3351# outgoing.mit.edu
    34     dpkg reconfigure xm4-config
     52    dpkg-reconfigure exim4-config
    3553        # answer questions properly
    3654# change root alias in /etc/aliases to be the same as scripts server
    3755# reload it
    3856    newaliases
    39 # ssh key for host...
    40 # install host keytab
     57# clone the xen config (/etc/xen)
     58    git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen
    4159# copy conserver config (we need to version this)
    42 # clone the xen config (/etc/xen)
    43     git clone ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen
    44 
     60  aptitude install sudo conserver-{server,client}
    4561# setup conserver
    46     cat /etc/conserver/console.cf # add the correct entires here
     62  cat <<EOF > /etc/conserver/conserver.cf
     63config * {
     64        sslrequired no;
     65}
     66default full {
     67        rw *;
     68}
     69default * {
     70        logfile /var/log/conserver/&.log;
     71        timestamp "1lab";
     72        include full;
     73        sslrequired no;
     74        options reinitoncc;
     75}
     76default xen {
     77        type exec;
     78        exec sudo xm console f;
     79        execsubst f=cs;
     80}
     81access * {
     82        trusted 127.0.0.1;
     83}
     84EOF
    4785    visudo # add conservr to sudoers list with:
    4886        conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console *
     87
     88# setup munin and nagios 
     89    aptitude install munin-node
     90cat <<EOF >> /etc/munin/munin-node.conf
     91allow ^18\.187\.1\.128$
     92allow ^18\.181\.0\.65$
     93allow ^18\.181\.0\.51$
     94EOF
     95
  • branches/fc15-dev/server/fedora/config/etc/aliases

    r1721 r1878  
    8989
    9090# Person who should get root's mail
    91 root:           andersk@mit.edu, quentin@mit.edu, geofft+root@mit.edu, mitchb@mit.edu, ezyang@mit.edu, xavid@mit.edu, adehnert-sipb@mit.edu
     91root:           andersk@mit.edu, quentin@mit.edu, geofft+root@mit.edu, mitchb@mit.edu, ezyang@mit.edu, xavid@mit.edu, adehnert-sipb@mit.edu, achernya@mit.edu
    9292
    9393scripts:        root
     
    100100# Put "/dev/null" as the target of their alias
    101101srimano:        /dev/null       # has a phpBB generating a lot of backscatter
     102
     103# Temporary to clear the queue
     104# Should be deleted if left uncommitted
  • branches/fc15-dev/server/fedora/config/etc/httpd/conf/httpd.conf

    r1772 r1878  
    345345        Include conf.d/vhosts-common-ssl.conf
    346346        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
     347        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
     348        SSLCertificateChainFile /etc/pki/tls/certs/scripts.pem
    347349    </VirtualHost>
    348350    <VirtualHost 18.181.0.43:444>
     
    352354        Include conf.d/vhosts-common-ssl-cert.conf
    353355        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
     356        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
     357        SSLCertificateChainFile /etc/pki/tls/certs/scripts.pem
    354358    </VirtualHost>
    355359    # LDAP vhost, w00t w00t
  • branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/finboard.conf

    r1552 r1878  
    1919                Include conf.d/vhosts-common-ssl.conf
    2020                SSLCertificateFile /etc/pki/tls/certs/finboard.pem
     21                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    2122        </VirtualHost>
    2223        <VirtualHost *:444>
     
    2930                Include conf.d/vhosts-common-ssl-cert.conf
    3031                SSLCertificateFile /etc/pki/tls/certs/finboard.pem
     32                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    3133        </VirtualHost>
    3234</IfModule>
  • branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py

    r1768 r1878  
    2525import sys
    2626
    27 ll = ldap.initialize("ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/")
     27ll = ldap.initialize("ldapi://%2fvar%2frun%2fslapd-scripts.socket/")
    2828ll.simple_bind_s("", "")
    2929
  • branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/tours.conf

    r1214 r1878  
    1919                Include conf.d/vhosts-common-ssl.conf
    2020                SSLCertificateFile /etc/pki/tls/certs/tours.pem
     21                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    2122        </VirtualHost>
    2223        <VirtualHost *:444>
     
    2930                Include conf.d/vhosts-common-ssl-cert.conf
    3031                SSLCertificateFile /etc/pki/tls/certs/tours.pem
     32                SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
    3133        </VirtualHost>
    3234</IfModule>
  • branches/fc15-dev/server/fedora/config/etc/ldap.conf

    r512 r1878  
    2727#uri ldapi://%2fvar%2frun%2fldapi_sock/
    2828# Note: %2f encodes the '/' used as directory separator
    29 uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
     29uri ldapi://%2fvar%2frun%2fslapd-scripts.socket/
    3030
    3131# The LDAP version to use (defaults to 3
  • branches/fc15-dev/server/fedora/config/etc/nagios/check_afs

    r1043 r1878  
    88
    99if [ $STATUS -gt 0 ]; then
    10     if $ECHO "$CHECKS" | grep -i STYX >/dev/null; then
     10    if $ECHO "$CHECKS" | grep -i PHLEGETHON >/dev/null; then
    1111        exit $STATE_CRITICAL;
    1212    else
  • branches/fc15-dev/server/fedora/config/etc/nagios/nrpe.cfg

    r1270 r1878  
    221221command[check_procs_u]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -u $ARG3$
    222222command[check_procs_z]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -z $ARG3$
     223command[check_postfix_mailq]=/usr/lib64/nagios/plugins/check_mailq -w 300 -c 1000 -M postfix
    223224command[check_afs]=/etc/nagios/check_afs
    224225command[check_cron_working]=/etc/nagios/check_cron_working
    225226command[check_ldap_mmr]=/etc/nagios/check_ldap_mmr
     227command[check_kern_taint]=/etc/nagios/check_kern_taint
  • branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/finboard.pem

    r1552 r1878  
     1From mitcert@MIT.EDU Tue Apr 19 13:48:37 2011
     2Date: Tue, 19 Apr 2011 13:48:34 -0400
     3From: mitcert@MIT.EDU
     4To: geofft@mit.edu
     5Subject: [help.mit.edu #1582629] Certificate renewal request for finboard.mit.edu
     6
    17Certificate:
    28    Data:
    39        Version: 3 (0x2)
    410        Serial Number:
    5             a4:10:09:e5:83:d7:c1:06:a9:b6:f5:bd:5d:dc:92:d8
     11            db:fb:e9:9c:73:3e:ac:a0:fa:8b:82:fb:8f:3a:69:99
    612        Signature Algorithm: sha1WithRSAEncryption
    713        Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority
    814        Validity
    9             Not Before: Apr 28 16:00:00 2010 GMT
    10             Not After : Apr 28 16:00:00 2011 GMT
    11         Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service,
    12 CN=finboard.mit.edu/emailAddress=scripts@mit.edu
     15            Not Before: Apr 18 16:00:00 2011 GMT
     16            Not After : Apr 18 16:00:00 2012 GMT
     17        Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=finboard.mit.edu/emailAddress=scripts@mit.edu
    1318        Subject Public Key Info:
    1419            Public Key Algorithm: rsaEncryption
    15             RSA Public Key: (1024 bit)
    16                 Modulus (1024 bit):
    17                     00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37:
    18                     27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c:
    19                     0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66:
    20                     f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5:
    21                     6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4:
    22                     bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d:
    23                     d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67:
    24                     4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e:
    25                     7c:4c:b7:db:dc:6a:8a:5d:81
     20            RSA Public Key: (4096 bit)
     21                Modulus (4096 bit):
     22                    00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56:
     23                    f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3:
     24                    93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17:
     25                    47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91:
     26                    d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1:
     27                    b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24:
     28                    4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55:
     29                    4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b:
     30                    6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc:
     31                    4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad:
     32                    4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87:
     33                    2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06:
     34                    f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25:
     35                    66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59:
     36                    01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2:
     37                    a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4:
     38                    74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c:
     39                    21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d:
     40                    08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc:
     41                    c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43:
     42                    c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7:
     43                    54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa:
     44                    ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31:
     45                    07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b:
     46                    84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51:
     47                    50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3:
     48                    a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e:
     49                    07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0:
     50                    f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18:
     51                    5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc:
     52                    f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35:
     53                    f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76:
     54                    0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb:
     55                    24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46:
     56                    ce:8b:6d
    2657                Exponent: 65537 (0x10001)
    2758        X509v3 extensions:
     
    3061            Netscape Cert Type:
    3162                SSL Client, SSL Server, S/MIME
    32             X509v3 Extended Key Usage:
     63            X509v3 Extended Key Usage: 
    3364                TLS Web Server Authentication, E-mail Protection, TLS Web Client Authentication
    34             X509v3 Key Usage:
     65            X509v3 Key Usage: 
    3566                Digital Signature, Non Repudiation, Key Encipherment
    3667            X509v3 Subject Key Identifier:
    37                 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8
     68                CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62
    3869            X509v3 CRL Distribution Points:
    3970                URI:http://ca.mit.edu/ca/mitserver.crl
    4071
    4172    Signature Algorithm: sha1WithRSAEncryption
    42         4a:7c:d3:b2:84:dd:b8:f9:46:1e:04:28:c3:cc:7b:78:72:ca:
    43         97:c3:6e:a9:6b:0e:a0:b1:99:47:65:1a:6c:13:5c:13:b2:20:
    44         10:6e:cd:af:9e:f1:47:ff:4c:f5:b0:ab:0f:e5:2d:dd:bd:40:
    45         05:43:cc:12:3d:dc:7b:c6:c8:d9:d8:18:dd:59:1a:e3:78:b2:
    46         93:b4:c2:75:18:7a:23:2d:ee:15:0e:bf:9e:ff:18:c3:d2:9d:
    47         4f:15:2a:f9:66:1c:04:40:db:cc:57:b8:fa:59:e6:b7:49:b8:
    48         29:fc:02:a6:0f:a2:c9:dd:ee:00:e0:58:cc:b4:79:60:f5:3e:
    49         91:fd
     73        7a:69:0c:91:e2:fb:49:59:50:9f:7f:e5:ad:3f:3e:c7:56:f7:
     74        14:0e:f4:b7:7c:9b:da:1c:33:6c:62:f4:c2:b3:82:fc:28:17:
     75        f4:87:3e:29:ea:da:c2:1a:15:6f:bd:ab:af:87:81:d8:43:b6:
     76        f2:32:f3:f1:7d:37:e3:04:67:23:f5:13:67:a4:80:e7:c4:9f:
     77        fa:b1:ff:53:53:24:bd:ce:ff:9a:89:b9:4f:13:04:e1:9c:f5:
     78        54:e3:ff:e6:de:09:a8:f8:2e:50:66:b2:c4:67:ac:34:ae:78:
     79        f8:b7:4a:3b:48:70:1b:f9:ec:8f:a7:e6:3d:cd:28:8e:28:b5:
     80        fd:f7
    5081-----BEGIN CERTIFICATE-----
    51 MIIDgDCCAumgAwIBAgIRAKQQCeWD18EGqbb1vV3cktgwDQYJKoZIhvcNAQEFBQAw
     82MIIFBDCCBG2gAwIBAgIRANv76ZxzPqyg+ouC+486aZkwDQYJKoZIhvcNAQEFBQAw
    5283ezELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoT
    5384JU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsT
    54 G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA0MjgxNjAwMDBaFw0x
    55 MTA0MjgxNjAwMDBaMIHSMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz
     85G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTA0MTgxNjAwMDBaFw0x
     86MjA0MTgxNjAwMDBaMIHSMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz
    5687ZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRz
    5788IEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYDVQQLEyNzY3JpcHRzLm1pdC5l
    5889ZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEZMBcGA1UEAxMQZmluYm9hcmQubWl0LmVk
    59 dTEeMBwGCSqGSIb3DQEJARYPc2NyaXB0c0BtaXQuZWR1MIGfMA0GCSqGSIb3DQEB
    60 AQUAA4GNADCBiQKBgQC1PiFNwYlrAYxHgP6zNyd2+FJB5qI9S3Z45fJmPA+xrfuX
    61 jy6itlPTtg7iZvm5C7fOtNX1HB9vIn1I9W3wFs2OSHnRFEoULy/4xL0dh899i1x3
    62 rVgksA6hbdYKx9i8L2dlyF3Y2DHCZ0tK9KGlVIKvyzQIKgR/jnxMt9vcaopdgQID
    63 AQABo4GrMIGoMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgXgMCcGA1UdJQQg
    64 MB4GCCsGAQUFBwMBBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0G
    65 A1UdDgQWBBRUEXwJVUQclEWponZGKywkJmpE6DAzBgNVHR8ELDAqMCigJqAkhiJo
    66 dHRwOi8vY2EubWl0LmVkdS9jYS9taXRzZXJ2ZXIuY3JsMA0GCSqGSIb3DQEBBQUA
    67 A4GBAEp807KE3bj5Rh4EKMPMe3hyypfDbqlrDqCxmUdlGmwTXBOyIBBuza+e8Uf/
    68 TPWwqw/lLd29QAVDzBI93HvGyNnYGN1ZGuN4spO0wnUYeiMt7hUOv57/GMPSnU8V
    69 KvlmHARA28xXuPpZ5rdJuCn8AqYPosnd7gDgWMy0eWD1PpH9
     90dTEeMBwGCSqGSIb3DQEJARYPc2NyaXB0c0BtaXQuZWR1MIICIjANBgkqhkiG9w0B
     91AQEFAAOCAg8AMIICCgKCAgEAv6Pye5jMFqdX5pKFNFbx42KDnmpPNZ3wz4mHc+OT
     9297cBVzhu6fxZTSTrpxdHyixRDkXIt2jJDjIm4JHTBlyMfA5smQyyRgUPTfGwx141
     93BmL+KtYPGyy1AiRMwwZx7JTKHaqvfrktwFVLzLxRPXZoW9PtNdADuhts86DY09xr
     94RLBeAVHTAsxK2lIS3jUxaRZaSIsPzq1N5NWLETZ/hxz9hNpDLocvQXCsrd9UwO32
     95IVH6xQbwG+uhsL9NHEI0itVv9yVmc49gxNeNM5H0RjqXCVkB/8NklEBIMGjwbgMm
     96dMKhs9fLlPxuU4oqnv2xT8R0ViVjH6q9lSV4nEVGGwwhceuElNCy8dpS9tF/Yx0I
     97I1JfwvlNrKRE5ZpUcPzJ/NTUtx11lQDjvz5M80PDlscJKilFEtIx1nlMiudUJyLG
     98gK6HI1bxjUmbyPrtM1tfVnbID36FFGnESDEHOaU0gfJrFVAi+7ssrUuE6lVk995W
     99ndC20H0eG1FQN0SU5sQV60Ux8bPsD7OpDPgcR8dRAAXv7rA9n34Hpzjog0w92zS2
     100JAyQV8D50GQUipNHm0H1oxQdnhhd1dhmr/XzyC+8pwKn79zwDsdHjS7WqGJCk1t8
     1019TX4MRB7ONRAJGiBEyfL+3YO0ZkU2NXr92lkj6+PgrskKfnUKR3O5hS6TIsJ/0bO
     102i20CAwEAAaOBqzCBqDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF4DAnBgNV
     103HSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwQGCCsGAQUFBwMCMAsGA1UdDwQEAwIF
     1044DAdBgNVHQ4EFgQUyxG3AV+GVU9FXqsnab7hPIl6VWIwMwYDVR0fBCwwKjAooCag
     105JIYiaHR0cDovL2NhLm1pdC5lZHUvY2EvbWl0c2VydmVyLmNybDANBgkqhkiG9w0B
     106AQUFAAOBgQB6aQyR4vtJWVCff+WtPz7HVvcUDvS3fJvaHDNsYvTCs4L8KBf0hz4p
     1076trCGhVvvauvh4HYQ7byMvPxfTfjBGcj9RNnpIDnxJ/6sf9TUyS9zv+aiblPEwTh
     108nPVU4//m3gmo+C5QZrLEZ6w0rnj4t0o7SHAb+eyPp+Y9zSiOKLX99w==
    70109-----END CERTIFICATE-----
     110
  • branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/scripts.pem

    r1170 r1878  
    1 Certificate:
    2     Data:
    3         Version: 3 (0x2)
    4         Serial Number: 745256 (0xb5f28)
    5         Signature Algorithm: sha1WithRSAEncryption
    6         Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
    7         Validity
    8             Not Before: Jun  4 20:22:36 2009 GMT
    9             Not After : Jun  7 02:53:00 2011 GMT
    10         Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=scripts.mit.edu
    11         Subject Public Key Info:
    12             Public Key Algorithm: rsaEncryption
    13             RSA Public Key: (1024 bit)
    14                 Modulus (1024 bit):
    15                     00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37:
    16                     27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c:
    17                     0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66:
    18                     f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5:
    19                     6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4:
    20                     bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d:
    21                     d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67:
    22                     4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e:
    23                     7c:4c:b7:db:dc:6a:8a:5d:81
    24                 Exponent: 65537 (0x10001)
    25         X509v3 extensions:
    26             X509v3 Key Usage: critical
    27                 Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
    28             X509v3 Subject Key Identifier:
    29                 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8
    30             X509v3 CRL Distribution Points:
    31                 URI:http://crl.geotrust.com/crls/secureca.crl
     1From mitcert@MIT.EDU Wed May 25 15:32:24 2011
     2Date: Wed, 25 May 2011 15:32:22 -0400
     3From: mitcert@MIT.EDU
     4To: geofft@mit.edu
     5Subject: [help.mit.edu #1615888] Equifax certificate renewal for scripts.mit.edu
    326
    33             X509v3 Authority Key Identifier:
    34                 keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
     75 Year ($300) Certificate:
    358
    36             X509v3 Extended Key Usage:
    37                 TLS Web Server Authentication, TLS Web Client Authentication
    38     Signature Algorithm: sha1WithRSAEncryption
    39         0e:42:72:ba:24:61:07:eb:69:d6:3e:4a:e9:ec:a3:f8:16:c0:
    40         a2:31:2d:f0:93:ec:37:2c:dc:c0:7c:a6:9e:60:52:d4:c6:af:
    41         f4:c7:cb:f0:ad:bf:3c:b8:34:a7:1e:35:c3:15:84:f6:79:96:
    42         f3:ec:d7:78:62:83:81:b5:bb:5e:77:0a:19:b6:d1:9f:ae:a9:
    43         0b:f6:8a:7c:71:1e:a9:8e:e7:3d:e7:a6:38:47:3a:9f:0c:69:
    44         37:a1:3f:0e:44:77:47:b9:75:4a:49:08:f3:42:43:58:2c:24:
    45         d2:b9:5b:9c:8b:9a:5f:b6:83:cc:bb:ec:26:65:b7:75:50:83:
    46         a6:5b
     9Web Server CERTIFICATE
     10-----------------
     11
    4712-----BEGIN CERTIFICATE-----
    48 MIIDKDCCApGgAwIBAgIDC18oMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
    49 MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
    50 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNjA0MjAyMjM2WhcNMTEwNjA3MDI1MzAw
    51 WjCBsjELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNV
    52 BAcTCUNhbWJyaWRnZTEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUg
    53 b2YgVGVjaG5vbG9neTEtMCsGA1UECxMkU3R1ZGVudCBJbmZvcm1hdGlvbiBQcm9j
    54 ZXNzaW5nIEJvYXJkMRgwFgYDVQQDEw9zY3JpcHRzLm1pdC5lZHUwgZ8wDQYJKoZI
    55 hvcNAQEBBQADgY0AMIGJAoGBALU+IU3BiWsBjEeA/rM3J3b4UkHmoj1Ldnjl8mY8
    56 D7Gt+5ePLqK2U9O2DuJm+bkLt8601fUcH28ifUj1bfAWzY5IedEUShQvL/jEvR2H
    57 z32LXHetWCSwDqFt1grH2LwvZ2XIXdjYMcJnS0r0oaVUgq/LNAgqBH+OfEy329xq
    58 il2BAgMBAAGjga4wgaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBRUEXwJVUQc
    59 lEWponZGKywkJmpE6DA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3Ry
    60 dXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9KylddH
    61 2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI
    62 hvcNAQEFBQADgYEADkJyuiRhB+tp1j5K6eyj+BbAojEt8JPsNyzcwHymnmBS1Mav
    63 9MfL8K2/PLg0px41wxWE9nmW8+zXeGKDgbW7XncKGbbRn66pC/aKfHEeqY7nPeem
    64 OEc6nwxpN6E/DkR3R7l1SkkI80JDWCwk0rlbnIuaX7aDzLvsJmW3dVCDpls=
     13MIIFvTCCBKWgAwIBAgIDAKAKMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT
     14MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM
     15IENBMB4XDTExMDUyNDExNDA1MloXDTE2MDYyNDE2MjgwNlowgdwxKTAnBgNVBAUT
     16IHNLTHQ1aW8zNjBqTS1vQWQyRUdMTkswRXJhWHdYRTQ2MQswCQYDVQQGEwJVUzEW
     17MBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYD
     18VQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYD
     19VQQLEyNzY3JpcHRzLm1pdC5lZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEYMBYGA1UE
     20AxMPc2NyaXB0cy5taXQuZWR1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
     21AgEAv6Pye5jMFqdX5pKFNFbx42KDnmpPNZ3wz4mHc+OT97cBVzhu6fxZTSTrpxdH
     22yixRDkXIt2jJDjIm4JHTBlyMfA5smQyyRgUPTfGwx141BmL+KtYPGyy1AiRMwwZx
     237JTKHaqvfrktwFVLzLxRPXZoW9PtNdADuhts86DY09xrRLBeAVHTAsxK2lIS3jUx
     24aRZaSIsPzq1N5NWLETZ/hxz9hNpDLocvQXCsrd9UwO32IVH6xQbwG+uhsL9NHEI0
     25itVv9yVmc49gxNeNM5H0RjqXCVkB/8NklEBIMGjwbgMmdMKhs9fLlPxuU4oqnv2x
     26T8R0ViVjH6q9lSV4nEVGGwwhceuElNCy8dpS9tF/Yx0II1JfwvlNrKRE5ZpUcPzJ
     27/NTUtx11lQDjvz5M80PDlscJKilFEtIx1nlMiudUJyLGgK6HI1bxjUmbyPrtM1tf
     28VnbID36FFGnESDEHOaU0gfJrFVAi+7ssrUuE6lVk995WndC20H0eG1FQN0SU5sQV
     2960Ux8bPsD7OpDPgcR8dRAAXv7rA9n34Hpzjog0w92zS2JAyQV8D50GQUipNHm0H1
     30oxQdnhhd1dhmr/XzyC+8pwKn79zwDsdHjS7WqGJCk1t89TX4MRB7ONRAJGiBEyfL
     31+3YO0ZkU2NXr92lkj6+PgrskKfnUKR3O5hS6TIsJ/0bOi20CAwEAAaOCASEwggEd
     32MB8GA1UdIwQYMBaAFEJ5VBthzVUrPmPVPEhX9Z/7Rc5KMA4GA1UdDwEB/wQEAwIF
     33oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGgYDVR0RBBMwEYIPc2Ny
     34aXB0cy5taXQuZWR1MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu
     35Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBTLEbcBX4ZVT0Ve
     36qydpvuE8iXpVYjAMBgNVHRMBAf8EAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEF
     37BQcwAoYnaHR0cDovL2d0c3NsLWFpYS5nZW90cnVzdC5jb20vZ3Rzc2wuY3J0MA0G
     38CSqGSIb3DQEBBQUAA4IBAQAyzdBtuhneBsq8S1I1WA2vQn/qp4lfRoqNzdSCGixW
     39rbk2RK/qMic7mwrOFX1ZYflCzWyuehcTOAKfjetVmyfs+81atmB/liLNGnpF0qSJ
     40JQJbNemjf8KxQyXCFj/OXvUhG/lLh83FA2AGqvFAFiD8mVe/xmzbd7UsI1+EpaFd
     41sKcn7f/3YQ25ADrfdOguuiXIGsWPKcApo09fK69NZZKjD9oQ6QFsj9Hyk8Ymyhf5
     42bBtvqYOUQ5QMlYZ91Uy4CXVhx5mCo3L1ddXWDG/onDdcDI0LORxCgJVIqh+3g4vg
     43QKJR/6V68wkGpGGblkWawj02bfcyMjc73TVIASl+QOi/
    6544-----END CERTIFICATE-----
     45
     46
     47INTERMEDIATE CA:
     48---------------------------------------
     49
     50-----BEGIN CERTIFICATE-----
     51MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
     52MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
     53YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG
     54EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0
     55IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat
     56cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu
     57FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR
     588im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh
     59dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50
     6096QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN
     61d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5
     62VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
     63ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov
     64L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE
     65KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI
     66hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji
     67J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES
     680tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk
     692k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V
     704NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE
     71TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ=
     72-----END CERTIFICATE-----
  • branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/tours.pem

    r1577 r1878  
    1 From mitcert@MIT.EDU Thu Jun 17 08:13:52 2010
    2 Date: Thu, 17 Jun 2010 08:13:51 -0400 (EDT)
     1From mitcert@MIT.EDU Mon Jun  6 11:01:40 2011
     2Date: Mon, 6 Jun 2011 11:01:37 -0400
    33From: mitcert@MIT.EDU
    4 To: mitchb@mit.edu
    5 Subject: Certificate signing request for tours.mit.edu  [help.mit.edu #1263305]
     4To: geofft@mit.edu
     5Subject: [help.mit.edu #1628846] certificate renewal for scripts vhost tours.mit.edu
    66
    77Certificate:
     
    99        Version: 3 (0x2)
    1010        Serial Number:
    11             63:75:30:51:9d:87:bd:ac:0d:9b:0d:27:00:13:b9:b5
     11            cd:7f:98:ad:03:56:53:60:54:b9:67:c1:4b:ca:66:75
    1212        Signature Algorithm: sha1WithRSAEncryption
    1313        Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority
    1414        Validity
    15             Not Before: Jun 15 16:00:00 2010 GMT
    16             Not After : Jun 16 16:00:00 2011 GMT
     15            Not Before: Jun  4 16:00:00 2011 GMT
     16            Not After : Jun  5 16:00:00 2012 GMT
    1717        Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=tours.mit.edu/emailAddress=scripts@mit.edu
    1818        Subject Public Key Info:
    1919            Public Key Algorithm: rsaEncryption
    20             RSA Public Key: (1024 bit)
    21                 Modulus (1024 bit):
    22                     00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37:
    23                     27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c:
    24                     0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66:
    25                     f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5:
    26                     6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4:
    27                     bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d:
    28                     d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67:
    29                     4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e:
    30                     7c:4c:b7:db:dc:6a:8a:5d:81
     20            RSA Public Key: (4096 bit)
     21                Modulus (4096 bit):
     22                    00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56:
     23                    f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3:
     24                    93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17:
     25                    47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91:
     26                    d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1:
     27                    b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24:
     28                    4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55:
     29                    4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b:
     30                    6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc:
     31                    4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad:
     32                    4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87:
     33                    2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06:
     34                    f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25:
     35                    66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59:
     36                    01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2:
     37                    a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4:
     38                    74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c:
     39                    21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d:
     40                    08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc:
     41                    c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43:
     42                    c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7:
     43                    54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa:
     44                    ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31:
     45                    07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b:
     46                    84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51:
     47                    50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3:
     48                    a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e:
     49                    07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0:
     50                    f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18:
     51                    5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc:
     52                    f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35:
     53                    f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76:
     54                    0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb:
     55                    24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46:
     56                    ce:8b:6d
    3157                Exponent: 65537 (0x10001)
    3258        X509v3 extensions:
     
    4066                Digital Signature, Non Repudiation, Key Encipherment
    4167            X509v3 Subject Key Identifier:
    42                 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8
     68                CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62
    4369            X509v3 CRL Distribution Points:
    4470                URI:http://ca.mit.edu/ca/mitserver.crl
    4571
    4672    Signature Algorithm: sha1WithRSAEncryption
    47         5e:72:af:24:29:41:16:76:f9:61:0d:e1:ad:16:05:00:90:8c:
    48         c4:42:41:ae:20:3b:cc:9f:e8:e5:de:07:26:35:bd:54:1a:95:
    49         4f:20:7b:5a:5d:e1:5b:10:ac:6b:c1:24:0d:22:cd:ef:d2:16:
    50         67:2a:33:b1:4e:8f:da:44:56:35:98:b0:67:67:47:ca:c5:89:
    51         51:26:7e:cd:e9:5c:c2:74:73:d1:ac:ff:20:03:ee:76:17:97:
    52         6c:d9:e2:74:c1:48:89:a4:b8:53:70:24:23:36:b8:f4:c4:ed:
    53         76:9d:6a:d2:69:26:07:a7:79:fd:9f:9b:b1:f9:64:00:c2:61:
    54         48:5e
     73        22:c7:5e:7a:58:8e:2f:a9:e2:fc:ff:27:3f:2d:91:2e:c6:a1:
     74        47:02:af:7b:a5:22:43:cc:c7:2c:08:04:98:c1:56:e8:14:88:
     75        89:08:b7:56:d0:7a:61:5b:f7:32:d7:21:58:80:13:e4:68:99:
     76        74:43:50:54:e7:64:f1:ce:68:3a:87:22:5c:c7:b9:c4:43:cd:
     77        53:5f:09:23:a1:92:c4:3a:ec:a7:1e:60:2a:cd:3e:17:5d:51:
     78        cf:14:c2:4a:b8:10:55:a6:66:e7:6b:b1:c7:08:32:ae:e7:9f:
     79        a8:31:79:65:c6:61:2e:dc:e1:0d:e6:a0:f6:6e:98:90:5b:66:
     80        8a:a5
    5581-----BEGIN CERTIFICATE-----
    56 MIIDfDCCAuWgAwIBAgIQY3UwUZ2HvawNmw0nABO5tTANBgkqhkiG9w0BAQUFADB7
    57 MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMl
    58 TWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEkMCIGA1UECxMb
    59 TUlUIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEwMDYxNTE2MDAwMFoXDTEx
    60 MDYxNjE2MDAwMFowgc8xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl
    61 dHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg
    62 SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxLDAqBgNVBAsTI3NjcmlwdHMubWl0LmVk
    63 dSB3ZWIgaG9zdGluZyBzZXJ2aWNlMRYwFAYDVQQDEw10b3Vycy5taXQuZWR1MR4w
    64 HAYJKoZIhvcNAQkBFg9zY3JpcHRzQG1pdC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQAD
    65 gY0AMIGJAoGBALU+IU3BiWsBjEeA/rM3J3b4UkHmoj1Ldnjl8mY8D7Gt+5ePLqK2
    66 U9O2DuJm+bkLt8601fUcH28ifUj1bfAWzY5IedEUShQvL/jEvR2Hz32LXHetWCSw
    67 DqFt1grH2LwvZ2XIXdjYMcJnS0r0oaVUgq/LNAgqBH+OfEy329xqil2BAgMBAAGj
    68 gaswgagwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBeAwJwYDVR0lBCAwHgYI
    69 KwYBBQUHAwEGCCsGAQUFBwMEBggrBgEFBQcDAjALBgNVHQ8EBAMCBeAwHQYDVR0O
    70 BBYEFFQRfAlVRByURamidkYrLCQmakToMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6
    71 Ly9jYS5taXQuZWR1L2NhL21pdHNlcnZlci5jcmwwDQYJKoZIhvcNAQEFBQADgYEA
    72 XnKvJClBFnb5YQ3hrRYFAJCMxEJBriA7zJ/o5d4HJjW9VBqVTyB7Wl3hWxCsa8Ek
    73 DSLN79IWZyozsU6P2kRWNZiwZ2dHysWJUSZ+zelcwnRz0az/IAPudheXbNnidMFI
    74 iaS4U3AkIza49MTtdp1q0mkmB6d5/Z+bsflkAMJhSF4=
     82MIIFATCCBGqgAwIBAgIRAM1/mK0DVlNgVLlnwUvKZnUwDQYJKoZIhvcNAQEFBQAw
     83ezELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoT
     84JU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsT
     85G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTA2MDQxNjAwMDBaFw0x
     86MjA2MDUxNjAwMDBaMIHPMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz
     87ZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRz
     88IEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYDVQQLEyNzY3JpcHRzLm1pdC5l
     89ZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEWMBQGA1UEAxMNdG91cnMubWl0LmVkdTEe
     90MBwGCSqGSIb3DQEJARYPc2NyaXB0c0BtaXQuZWR1MIICIjANBgkqhkiG9w0BAQEF
     91AAOCAg8AMIICCgKCAgEAv6Pye5jMFqdX5pKFNFbx42KDnmpPNZ3wz4mHc+OT97cB
     92Vzhu6fxZTSTrpxdHyixRDkXIt2jJDjIm4JHTBlyMfA5smQyyRgUPTfGwx141BmL+
     93KtYPGyy1AiRMwwZx7JTKHaqvfrktwFVLzLxRPXZoW9PtNdADuhts86DY09xrRLBe
     94AVHTAsxK2lIS3jUxaRZaSIsPzq1N5NWLETZ/hxz9hNpDLocvQXCsrd9UwO32IVH6
     95xQbwG+uhsL9NHEI0itVv9yVmc49gxNeNM5H0RjqXCVkB/8NklEBIMGjwbgMmdMKh
     96s9fLlPxuU4oqnv2xT8R0ViVjH6q9lSV4nEVGGwwhceuElNCy8dpS9tF/Yx0II1Jf
     97wvlNrKRE5ZpUcPzJ/NTUtx11lQDjvz5M80PDlscJKilFEtIx1nlMiudUJyLGgK6H
     98I1bxjUmbyPrtM1tfVnbID36FFGnESDEHOaU0gfJrFVAi+7ssrUuE6lVk995WndC2
     990H0eG1FQN0SU5sQV60Ux8bPsD7OpDPgcR8dRAAXv7rA9n34Hpzjog0w92zS2JAyQ
     100V8D50GQUipNHm0H1oxQdnhhd1dhmr/XzyC+8pwKn79zwDsdHjS7WqGJCk1t89TX4
     101MRB7ONRAJGiBEyfL+3YO0ZkU2NXr92lkj6+PgrskKfnUKR3O5hS6TIsJ/0bOi20C
     102AwEAAaOBqzCBqDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF4DAnBgNVHSUE
     103IDAeBggrBgEFBQcDAQYIKwYBBQUHAwQGCCsGAQUFBwMCMAsGA1UdDwQEAwIF4DAd
     104BgNVHQ4EFgQUyxG3AV+GVU9FXqsnab7hPIl6VWIwMwYDVR0fBCwwKjAooCagJIYi
     105aHR0cDovL2NhLm1pdC5lZHUvY2EvbWl0c2VydmVyLmNybDANBgkqhkiG9w0BAQUF
     106AAOBgQAix156WI4vqeL8/yc/LZEuxqFHAq97pSJDzMcsCASYwVboFIiJCLdW0Hph
     107W/cy1yFYgBPkaJl0Q1BU52Txzmg6hyJcx7nEQ81TXwkjoZLEOuynHmAqzT4XXVHP
     108FMJKuBBVpmbna7HHCDKu55+oMXllxmEu3OEN5qD2bpiQW2aKpQ==
    75109-----END CERTIFICATE-----
    76110
  • branches/fc15-dev/server/fedora/config/etc/postfix/virtual-alias-domains-ldap.cf

    r1443 r1878  
    1212# version 3 is necessary to use ldapi.
    1313
    14 server_host = ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
     14server_host = ldapi://%2fvar%2frun%2fslapd-scripts.socket/
    1515search_base = ou=VirtualHosts,dc=scripts,dc=mit,dc=edu
    1616query_filter = (&(objectClass=scriptsVhost)(|(scriptsVhostName=%s)(scriptsVhostAlias=%s))(!(scriptsVhostName=scripts.mit.edu)))
  • branches/fc15-dev/server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf

    r1443 r1878  
    1313# necessary to use ldapi.
    1414
    15 server_host = ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
     15server_host = ldapi://%2fvar%2frun%2fslapd-scripts.socket/
    1616search_base = ou=VirtualHosts,dc=scripts,dc=mit,dc=edu
    1717query_filter = (&(objectClass=scriptsVhost)(|(scriptsVhostName=%d)(scriptsVhostAlias=%d))(!(scriptsVhostName=scripts.mit.edu)))
  • branches/fc15-dev/server/fedora/specs/nss_nonlocal.spec

    r1554 r1878  
    22Group: System Environment/Libraries
    33Name: nss_nonlocal
    4 Version: 1.11
     4Version: 2.0
    55Release: 1
    66URL: http://debathena.mit.edu/nss_nonlocal/
     
    1111Source: %{name}.tar.gz
    1212BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
     13Requires(pre): shadow-utils
    1314
    1415%description
     
    4748
    4849%pre
    49 groupadd -r nss-local-users || :
    50 groupadd -r nss-nonlocal-users || :
     50getent passwd nss-nonlocal-users >/dev/null || \
     51    useradd -r -g nobody -d / -s /sbin/nologin \
     52    -c 'Magic user for local group whitelist' nss-nonlocal-users
     53getent group nss-local-users || groupadd -r nss-local-users
     54getent group nss-nonlocal-users || groupadd -r nss-nonlocal-users
     55exit 0
    5156
    5257%post
     
    5762
    5863%changelog
     64
     65* Tue Mar 29 2011 Anders Kaseorg <andersk@mit.edu> 2.0-1
     66- New upstream version.
    5967
    6068* Sun May  2 2010 Anders Kaseorg <andersk@mit.edu> 1.11-1
Note: See TracChangeset for help on using the changeset viewer.