Changeset 1878 for branches/fc15-dev/server
- Timestamp:
- Jun 7, 2011, 12:58:14 PM (13 years ago)
- Location:
- branches/fc15-dev
- Files:
-
- 1 deleted
- 31 edited
- 11 copied
Legend:
- Unmodified
- Added
- Removed
-
branches/fc15-dev
- Property svn:mergeinfo changed
/trunk (added) merged: 1811,1813-1819,1821-1825,1838,1848-1856,1858-1872,1877
- Property svn:mergeinfo changed
-
branches/fc15-dev/server/common/oursrc/execsys/execsys-binfmt
- Property svn:mergeinfo changed (with no actual effect on merging)
-
branches/fc15-dev/server/common/oursrc/execsys/ldapize.pl
r1798 r1878 7 7 use Net::LDAP::Filter; 8 8 9 sub report_error10 {11 my $proto = shift;12 my $mesg = shift;13 14 if ($proto eq 'git') {15 $mesg = "ERR \n " . $mesg . "\n";16 my $len = length($mesg)+4;17 printf "%04x%s", $len, $mesg;18 } else {19 print $mesg;20 }21 exit 0;22 }23 24 9 my $url = $ARGV[0]; 25 10 my ($proto, $hostname, $path) = $url =~ m|^(.*?)://([^/]*)(.*)| or die "Could not match URL"; 26 11 my $mesg; 27 12 13 my $vhostName = $hostname; 14 15 vhost: 28 16 # oh my gosh Net::LDAP::Filter SUCKS 29 17 my $filter = bless({and => … … 32 20 {or => 33 21 [{equalityMatch => {attributeDesc => 'scriptsVhostName', 34 assertionValue => $ hostname}},22 assertionValue => $vhostName}}, 35 23 {equalityMatch => {attributeDesc => 'scriptsVhostAlias', 36 assertionValue => $ hostname}}]}]},24 assertionValue => $vhostName}}]}]}, 37 25 'Net::LDAP::Filter'); 38 26 39 my $ldap = Net::LDAP->new("ldapi://%2fvar%2frun%2f dirsrv%2fslapd-scripts.socket/");27 my $ldap = Net::LDAP->new("ldapi://%2fvar%2frun%2fslapd-scripts.socket/"); 40 28 $mesg = $ldap->bind(); 41 29 $mesg->code && die $mesg->error; … … 46 34 47 35 my $vhostEntry = $mesg->pop_entry; 48 if (!$vhostEntry) 49 { 50 report_error($proto, "Could not find Host $hostname"); 36 if (!defined $vhostEntry) { 37 $vhostName ne '*' or die 'No vhost for *'; 38 $vhostName =~ s/^(?:\*\.)?[^.]*/*/; # Try next wildcard 39 goto vhost; 51 40 } 41 52 42 my $vhostDirectory = $vhostEntry->get_value('scriptsVhostDirectory'); 53 43 … … 59 49 my ($homeDirectory, $uidNumber, $gidNumber) = 60 50 map { $userEntry->get_value($_) } qw(homeDirectory uidNumber gidNumber); 51 (my $scriptsdir = $homeDirectory) =~ s{(?:/Scripts)?$}{/Scripts}; 61 52 62 53 if ($proto eq 'svn') { 63 54 chdir '/usr/libexec/scripts-trusted'; 64 exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/svn', "$ homeDirectory/Scripts/svn/$vhostDirectory");55 exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/svn', "$scriptsdir/svn/$vhostDirectory"); 65 56 } elsif ($proto eq 'git') { 57 if ($vhostEntry->get_value('scriptsVhostName') eq 'notfound.example.com') { 58 # git-daemon doesn’t report useful errors yet 59 my $msg = "ERR No such host $hostname\n"; 60 printf '%04x%s', length($msg) + 4, $msg; 61 exit; 62 } 66 63 chdir '/usr/libexec/scripts-trusted'; 67 exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/git', "$ homeDirectory/Scripts/git/$vhostDirectory");64 exec('/usr/sbin/suexec', $uidNumber, $gidNumber, '/usr/libexec/scripts-trusted/git', "$scriptsdir/git/$vhostDirectory"); 68 65 } elsif ($proto eq 'http') { 69 print "suexec $uidNumber $gidNumber $ homeDirectory/Scripts/web/$vhostDirectory/$path\n";66 print "suexec $uidNumber $gidNumber $scriptsdir/web/$vhostDirectory/$path\n"; 70 67 } else { 71 68 die "Unknown protocol\n"; -
branches/fc15-dev/server/common/oursrc/execsys/mime.types
r1784 r1878 509 509 application/xaml+xml xaml 510 510 application/x-silverlight-app xap 511 # The following MS Office MIME types are from this source: 512 # http://blogs.msdn.com/b/vsofficedeveloper/archive/2008/05/08/office-2007-open-xml-mime-types.aspx 513 # There's a typo in .potm that's corrected in this alternate source: 514 # http://therightstuff.de/2006/12/16/Office+2007+File+Icons+For+Windows+SharePoint+Services+20+And+SharePoint+Portal+Server+2003.aspx 515 application/msword dot 516 application/vnd.openxmlformats-officedocument.wordprocessingml.document docx 517 application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx 518 application/vnd.ms-word.document.macroEnabled.12 docm 519 application/vnd.ms-word.template.macroEnabled.12 dotm 520 application/vnd.ms-excel xlt 521 application/vnd.ms-excel xla 522 application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx 523 application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx 524 application/vnd.ms-excel.sheet.macroEnabled.12 xlsm 525 application/vnd.ms-excel.template.macroEnabled.12 xltm 526 application/vnd.ms-excel.addin.macroEnabled.12 xlam 527 application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb 528 application/vnd.ms-powerpoint pot 529 application/vnd.ms-powerpoint pps 530 application/vnd.ms-powerpoint ppa 531 application/vnd.openxmlformats-officedocument.presentationml.presentation pptx 532 application/vnd.openxmlformats-officedocument.presentationml.template potx 533 application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx 534 application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam 535 application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm 536 application/vnd.ms-powerpoint.template.macroEnabled.12 potm 537 application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm 538 # End MS Office MIME types. -
branches/fc15-dev/server/common/oursrc/execsys/upd-execsys
r1784 r1878 53 53 xls 54 54 ppt 55 dot 56 docx 57 dotx 58 docm 59 dotm 60 xlt 61 xla 62 xlsx 63 xltx 64 xlsm 65 xltm 66 xlam 67 xlsb 68 pot 69 pps 70 ppa 71 pptx 72 potx 73 ppsx 74 ppam 75 pptm 76 potm 77 ppsm 55 78 swf 56 79 mp3 … … 70 93 ttf 71 94 otf 95 odc 96 odb 97 odf 98 odg 99 otg 100 odi 101 odp 102 otp 103 ods 104 ots 105 odt 106 odm 107 ott 108 oth 72 109 ); 73 110 -
branches/fc15-dev/server/common/oursrc/nss_nonlocal/Makefile.am
r782 r1878 5 5 libnss_nonlocal_la_LDFLAGS = \ 6 6 -version-info 2:0:0 \ 7 -export-symbols-regex '^_nss_nonlocal_' 8 9 noinst_PROGRAMS = .linktest 10 _linktest_SOURCES = 11 _linktest_LDADD = libnss_nonlocal.la 12 _linktest_LDFLAGS = -nostdlib -entry=0 7 -export-symbols-regex '^_nss_nonlocal_' \ 8 -no-undefined -Wl,-z,defs 13 9 14 10 install-exec-hook: -
branches/fc15-dev/server/common/oursrc/nss_nonlocal/README
r1553 r1878 9 9 group: compat nonlocal 10 10 group_nonlocal: hesiod 11 12 The module also assigns special properties to two local groups and one 13 local user, if they exist: 14 15 • If the local group ‘nss-nonlocal-users’ exists, then nonlocal users 16 will be automatically added to it. Furthermore, if a local user is 17 added to this group, then that user will inherit any nonlocal gids 18 from a nonlocal user of the same name, as supplementary gids. 19 20 • If the local group ‘nss-local-users’ exists, then local users will 21 be automatically added to it. 22 23 • If the local user ‘nss-nonlocal-users’ is added to a local group, 24 then the local group will inherit the nonlocal membership of a group 25 of the same gid. 11 26 12 27 Copyright © 2007–2010 Anders Kaseorg <andersk@mit.edu> and Tim Abbott -
branches/fc15-dev/server/common/oursrc/nss_nonlocal/configure.ac
r1553 r1878 1 AC_INIT([nss_nonlocal], [ 1.11], [andersk@mit.edu])1 AC_INIT([nss_nonlocal], [2.0], [andersk@mit.edu]) 2 2 AC_CANONICAL_TARGET 3 3 AM_INIT_AUTOMAKE([-Wall -Werror foreign]) … … 9 9 AC_PROG_INSTALL 10 10 AC_PROG_LIBTOOL 11 12 AC_HEADER_STDBOOL 11 13 12 14 case "$target_cpu" in -
branches/fc15-dev/server/common/oursrc/nss_nonlocal/nonlocal-group.c
r1553 r1878 34 34 #include <syslog.h> 35 35 #include <errno.h> 36 #include <pwd.h> 36 37 #include <grp.h> 37 38 #include <nss.h> … … 39 40 #include "nonlocal.h" 40 41 42 /* 43 * If the MAGIC_NONLOCAL_GROUPNAME local group exists, then nonlocal 44 * users will be automatically added to it. Furthermore, if a local 45 * user is added to this group, then that user will inherit any 46 * nonlocal gids from a nonlocal user of the same name, as 47 * supplementary gids. 48 */ 41 49 #define MAGIC_NONLOCAL_GROUPNAME "nss-nonlocal-users" 50 51 /* 52 * If the MAGIC_LOCAL_GROUPNAME local group exists, then local users 53 * will be automatically added to it. 54 */ 42 55 #define MAGIC_LOCAL_GROUPNAME "nss-local-users" 56 57 /* 58 * If the MAGIC_NONLOCAL_USERNAME local user is added to a local 59 * group, then the local group will inherit the nonlocal membership of 60 * a group of the same gid. 61 */ 62 #define MAGIC_NONLOCAL_USERNAME "nss-nonlocal-users" 43 63 44 64 … … 52 72 53 73 54 static service_user * 55 nss_group_nonlocal_database(void) 56 { 57 static service_user *nip = NULL; 58 if (nip == NULL) 59 __nss_database_lookup("group_nonlocal", NULL, "", &nip); 60 61 return nip; 62 } 63 64 65 enum nss_status 66 check_nonlocal_gid(const char *user, gid_t gid, int *errnop) 67 { 68 static const char *fct_name = "getgrgid_r"; 69 static service_user *startp = NULL; 70 static void *fct_start = NULL; 71 enum nss_status status; 72 service_user *nip; 73 union { 74 enum nss_status (*l)(gid_t gid, struct group *grp, 75 char *buffer, size_t buflen, int *errnop); 76 void *ptr; 77 } fct; 74 static service_user *__nss_group_nonlocal_database; 75 76 static int 77 internal_function 78 __nss_group_nonlocal_lookup(service_user **ni, const char *fct_name, 79 void **fctp) 80 { 81 if (__nss_group_nonlocal_database == NULL 82 && __nss_database_lookup("group_nonlocal", NULL, NULL, 83 &__nss_group_nonlocal_database) < 0) 84 return -1; 85 86 *ni = __nss_group_nonlocal_database; 87 88 *fctp = __nss_lookup_function(*ni, fct_name); 89 return 0; 90 } 91 92 93 enum nss_status 94 check_nonlocal_gid(const char *user, const char *group, gid_t gid, int *errnop) 95 { 96 enum nss_status status; 78 97 struct group gbuf; 79 int old_errno = errno; 80 98 char *buf; 81 99 size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); 82 char *buf = malloc(buflen); 83 if (buf == NULL) { 84 *errnop = ENOMEM; 85 errno = old_errno; 86 return NSS_STATUS_TRYAGAIN; 87 } 88 89 if (fct_start == NULL && 90 __nss_group_lookup(&startp, fct_name, &fct_start) != 0) { 91 free(buf); 92 return NSS_STATUS_UNAVAIL; 93 } 94 nip = startp; 95 fct.ptr = fct_start; 96 do { 97 morebuf: 98 if (fct.l == _nss_nonlocal_getgrgid_r) 99 status = NSS_STATUS_NOTFOUND; 100 else 101 status = DL_CALL_FCT(fct.l, (gid, &gbuf, buf, buflen, errnop)); 102 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { 103 free(buf); 104 buflen *= 2; 105 buf = malloc(buflen); 106 if (buf == NULL) { 107 *errnop = ENOMEM; 108 errno = old_errno; 109 return NSS_STATUS_TRYAGAIN; 100 const struct walk_nss w = { 101 .lookup = &__nss_group_lookup, .fct_name = "getgrgid_r", 102 .status = &status, .errnop = errnop, .buf = &buf, .buflen = &buflen 103 }; 104 const __typeof__(&_nss_nonlocal_getgrgid_r) self = &_nss_nonlocal_getgrgid_r; 105 #define args (gid, &gbuf, buf, buflen, errnop) 106 #include "walk_nss.h" 107 #undef args 108 109 if (status == NSS_STATUS_TRYAGAIN) 110 return status; 111 else if (status != NSS_STATUS_SUCCESS) 112 return NSS_STATUS_SUCCESS; 113 114 if (group == NULL || strcmp(gbuf.gr_name, group) == 0) { 115 char *const *mem; 116 for (mem = gbuf.gr_mem; *mem != NULL; mem++) 117 if (strcmp(*mem, MAGIC_NONLOCAL_USERNAME) == 0) { 118 status = check_nonlocal_user(*mem, errnop); 119 if (status == NSS_STATUS_TRYAGAIN) { 120 free(buf); 121 return status; 122 } else if (status == NSS_STATUS_NOTFOUND) { 123 free(buf); 124 return NSS_STATUS_SUCCESS; 125 } 126 break; 110 127 } 111 goto morebuf; 112 } 113 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 114 115 if (status == NSS_STATUS_SUCCESS) { 116 syslog(LOG_DEBUG, "nss_nonlocal: removing local group %u (%s) from non-local user %s\n", gbuf.gr_gid, gbuf.gr_name, user); 117 status = NSS_STATUS_NOTFOUND; 118 } else if (status != NSS_STATUS_TRYAGAIN) { 119 status = NSS_STATUS_SUCCESS; 120 } 121 128 } 129 130 syslog(LOG_DEBUG, "nss_nonlocal: removing local group %u (%s) from non-local user %s\n", gbuf.gr_gid, gbuf.gr_name, user); 122 131 free(buf); 123 return status;132 return NSS_STATUS_NOTFOUND; 124 133 } 125 134 … … 134 143 errno = 0; 135 144 gid = strtoul(grp->gr_name, &end, 10); 136 if (errno == 0 && *end == '\0' && (gid_t)gid == gid) 137 status = check_nonlocal_gid(user, gid, errnop); 138 errno = old_errno; 145 if (errno == 0 && *end == '\0' && (gid_t)gid == gid) { 146 errno = old_errno; 147 status = check_nonlocal_gid(user, grp->gr_name, gid, errnop); 148 } else 149 errno = old_errno; 139 150 if (status != NSS_STATUS_SUCCESS) 140 151 return status; 141 152 142 return check_nonlocal_gid(user, grp->gr_ gid, errnop);153 return check_nonlocal_gid(user, grp->gr_name, grp->gr_gid, errnop); 143 154 } 144 155 … … 146 157 get_local_group(const char *name, struct group *grp, char **buffer, int *errnop) 147 158 { 148 static const char *fct_name = "getgrnam_r"; 149 static service_user *startp = NULL; 150 static void *fct_start = NULL; 151 enum nss_status status; 152 service_user *nip; 153 union { 154 enum nss_status (*l)(const char *name, struct group *grp, 155 char *buffer, size_t buflen, int *errnop); 156 void *ptr; 157 } fct; 158 size_t buflen; 159 int old_errno = errno; 160 161 buflen = sysconf(_SC_GETGR_R_SIZE_MAX); 162 *buffer = malloc(buflen); 163 if (*buffer == NULL) { 164 *errnop = ENOMEM; 165 errno = old_errno; 166 return NSS_STATUS_TRYAGAIN; 167 } 168 169 if (fct_start == NULL && 170 __nss_group_lookup(&startp, fct_name, &fct_start) != 0) { 171 free(*buffer); 172 *buffer = NULL; 173 return NSS_STATUS_UNAVAIL; 174 } 175 nip = startp; 176 fct.ptr = fct_start; 177 do { 178 morebuf: 179 if (fct.l == _nss_nonlocal_getgrnam_r) 180 status = NSS_STATUS_NOTFOUND; 181 else 182 status = DL_CALL_FCT(fct.l, (name, grp, *buffer, buflen, errnop)); 183 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { 184 free(*buffer); 185 buflen *= 2; 186 *buffer = malloc(buflen); 187 if (*buffer == NULL) { 188 *errnop = ENOMEM; 189 errno = old_errno; 190 return NSS_STATUS_TRYAGAIN; 191 } 192 goto morebuf; 193 } 194 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 195 196 if (status != NSS_STATUS_SUCCESS) { 197 free(*buffer); 198 *buffer = NULL; 199 } 200 159 enum nss_status status; 160 size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); 161 const struct walk_nss w = { 162 .lookup = &__nss_group_lookup, .fct_name = "getgrnam_r", 163 .status = &status, .errnop = errnop, .buf = buffer, .buflen = &buflen 164 }; 165 const __typeof__(&_nss_nonlocal_getgrnam_r) self = &_nss_nonlocal_getgrnam_r; 166 #define args (name, grp, *buffer, buflen, errnop) 167 #include "walk_nss.h" 168 #undef args 201 169 return status; 202 170 } 203 171 204 static service_user *grent_ nip = NULL;172 static service_user *grent_startp, *grent_nip; 205 173 static void *grent_fct_start; 206 174 static union { … … 214 182 _nss_nonlocal_setgrent(int stayopen) 215 183 { 216 static const char *fct_name = "setgrent"; 217 static void *fct_start = NULL; 218 enum nss_status status; 219 service_user *nip; 220 union { 221 enum nss_status (*l)(int stayopen); 222 void *ptr; 223 } fct; 224 225 nip = nss_group_nonlocal_database(); 226 if (nip == NULL) 227 return NSS_STATUS_UNAVAIL; 228 if (fct_start == NULL) 229 fct_start = __nss_lookup_function(nip, fct_name); 230 fct.ptr = fct_start; 231 do { 232 if (fct.ptr == NULL) 233 status = NSS_STATUS_UNAVAIL; 234 else 235 status = DL_CALL_FCT(fct.l, (stayopen)); 236 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 184 enum nss_status status; 185 const struct walk_nss w = { 186 .lookup = &__nss_group_nonlocal_lookup, .fct_name = "setgrent", 187 .status = &status 188 }; 189 const __typeof__(&_nss_nonlocal_setgrent) self = NULL; 190 #define args (stayopen) 191 #include "walk_nss.h" 192 #undef args 237 193 if (status != NSS_STATUS_SUCCESS) 238 194 return status; 239 195 240 grent_nip = nip;241 196 if (grent_fct_start == NULL) 242 grent_fct_start = __nss_lookup_function(nip, grent_fct_name); 197 __nss_group_nonlocal_lookup(&grent_startp, grent_fct_name, 198 &grent_fct_start); 199 grent_nip = grent_startp; 243 200 grent_fct.ptr = grent_fct_start; 244 201 return NSS_STATUS_SUCCESS; … … 248 205 _nss_nonlocal_endgrent(void) 249 206 { 250 static const char *fct_name = "endgrent"; 251 static void *fct_start = NULL; 252 enum nss_status status; 253 service_user *nip; 254 union { 255 enum nss_status (*l)(void); 256 void *ptr; 257 } fct; 207 enum nss_status status; 208 const struct walk_nss w = { 209 .lookup = &__nss_group_nonlocal_lookup, .fct_name = "endgrent", 210 .status = &status 211 }; 212 const __typeof__(&_nss_nonlocal_endgrent) self = NULL; 258 213 259 214 grent_nip = NULL; 260 215 261 nip = nss_group_nonlocal_database(); 262 if (nip == NULL) 263 return NSS_STATUS_UNAVAIL; 264 if (fct_start == NULL) 265 fct_start = __nss_lookup_function(nip, fct_name); 266 fct.ptr = fct_start; 267 do { 268 if (fct.ptr == NULL) 269 status = NSS_STATUS_UNAVAIL; 270 else 271 status = DL_CALL_FCT(fct.l, ()); 272 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 216 #define args () 217 #include "walk_nss.h" 218 #undef args 273 219 return status; 274 220 } … … 315 261 char *buffer, size_t buflen, int *errnop) 316 262 { 317 static const char *fct_name = "getgrnam_r"; 318 static void *fct_start = NULL; 319 enum nss_status status; 320 service_user *nip; 321 union { 322 enum nss_status (*l)(const char *name, struct group *grp, 323 char *buffer, size_t buflen, int *errnop); 324 void *ptr; 325 } fct; 263 enum nss_status status; 264 const struct walk_nss w = { 265 .lookup = &__nss_group_nonlocal_lookup, .fct_name = "getgrnam_r", 266 .status = &status, .errnop = errnop 267 }; 268 const __typeof__(&_nss_nonlocal_getgrnam_r) self = NULL; 326 269 327 270 char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV); … … 329 272 return NSS_STATUS_UNAVAIL; 330 273 331 nip = nss_group_nonlocal_database(); 332 if (nip == NULL) 333 return NSS_STATUS_UNAVAIL; 334 if (fct_start == NULL) 335 fct_start = __nss_lookup_function(nip, fct_name); 336 fct.ptr = fct_start; 337 do { 338 if (fct.ptr == NULL) 339 status = NSS_STATUS_UNAVAIL; 340 else 341 status = DL_CALL_FCT(fct.l, (name, grp, buffer, buflen, errnop)); 342 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 343 break; 344 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 274 #define args (name, grp, buffer, buflen, errnop) 275 #include "walk_nss.h" 276 #undef args 345 277 if (status != NSS_STATUS_SUCCESS) 346 278 return status; … … 358 290 char *buffer, size_t buflen, int *errnop) 359 291 { 360 static const char *fct_name = "getgrgid_r"; 361 static void *fct_start = NULL; 362 enum nss_status status; 363 service_user *nip; 364 union { 365 enum nss_status (*l)(gid_t gid, struct group *grp, 366 char *buffer, size_t buflen, int *errnop); 367 void *ptr; 368 } fct; 292 enum nss_status status; 293 const struct walk_nss w = { 294 .lookup = &__nss_group_nonlocal_lookup, .fct_name = "getgrgid_r", 295 .status = &status, .errnop = errnop 296 }; 297 const __typeof__(&_nss_nonlocal_getgrgid_r) self = NULL; 369 298 370 299 char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV); … … 372 301 return NSS_STATUS_UNAVAIL; 373 302 374 nip = nss_group_nonlocal_database(); 375 if (nip == NULL) 376 return NSS_STATUS_UNAVAIL; 377 if (fct_start == NULL) 378 fct_start = __nss_lookup_function(nip, fct_name); 379 fct.ptr = fct_start; 380 do { 381 if (fct.ptr == NULL) 382 status = NSS_STATUS_UNAVAIL; 383 else 384 status = DL_CALL_FCT(fct.l, (gid, grp, buffer, buflen, errnop)); 385 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 386 break; 387 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 303 #define args (gid, grp, buffer, buflen, errnop) 304 #include "walk_nss.h" 305 #undef args 388 306 if (status != NSS_STATUS_SUCCESS) 389 307 return status; … … 397 315 } 398 316 317 static bool 318 add_group(gid_t group, long int *start, long int *size, gid_t **groupsp, 319 long int limit, int *errnop, enum nss_status *status) 320 { 321 int i, old_errno = errno; 322 for (i = 0; i < *start; ++i) 323 if ((*groupsp)[i] == group) 324 return true; 325 if (*start + 1 > *size) { 326 gid_t *newgroups; 327 long int newsize = 2 * *size; 328 if (limit > 0) { 329 if (*size >= limit) { 330 *status = NSS_STATUS_SUCCESS; 331 return false; 332 } 333 if (newsize > limit) 334 newsize = limit; 335 } 336 newgroups = realloc(*groupsp, newsize * sizeof((*groupsp)[0])); 337 errno = old_errno; 338 if (newgroups == NULL) { 339 *errnop = ENOMEM; 340 *status = NSS_STATUS_TRYAGAIN; 341 return false; 342 } 343 *groupsp = newgroups; 344 *size = newsize; 345 } 346 (*groupsp)[(*start)++] = group; 347 return true; 348 } 349 399 350 enum nss_status 400 351 _nss_nonlocal_initgroups_dyn(const char *user, gid_t group, long int *start, … … 402 353 int *errnop) 403 354 { 404 static const char *fct_name = "initgroups_dyn"; 405 static void *fct_start = NULL; 406 enum nss_status status; 407 service_user *nip; 408 union { 409 enum nss_status (*l)(const char *user, gid_t group, long int *start, 410 long int *size, gid_t **groupsp, long int limit, 411 int *errnop); 412 void *ptr; 413 } fct; 355 enum nss_status status; 356 const struct walk_nss w = { 357 .lookup = &__nss_group_nonlocal_lookup, .fct_name = "initgroups_dyn", 358 .status = &status, .errnop = errnop 359 }; 360 const __typeof__(&_nss_nonlocal_initgroups_dyn) self = NULL; 414 361 415 362 struct group local_users_group, nonlocal_users_group; 416 gid_t local_users_gid, gid; 417 int is_local = 0; 363 bool is_nonlocal = true; 418 364 char *buffer; 419 int old_errno;420 365 int in, out, i; 421 366 422 /* Check that the user is a nonlocal user before adding any groups. */ 367 /* Check that the user is a nonlocal user, or a member of the 368 * MAGIC_NONLOCAL_GROUPNAME group, before adding any groups. */ 423 369 status = check_nonlocal_user(user, errnop); 424 if (status == NSS_STATUS_TRYAGAIN) 425 return status; 426 else if (status != NSS_STATUS_SUCCESS) 427 is_local = 1; 428 429 old_errno = errno; 430 431 status = get_local_group(MAGIC_LOCAL_GROUPNAME, 432 &local_users_group, &buffer, errnop); 433 if (status == NSS_STATUS_SUCCESS) { 434 local_users_gid = local_users_group.gr_gid; 435 free(buffer); 436 } else if (status == NSS_STATUS_TRYAGAIN) { 437 return status; 438 } else { 439 syslog(LOG_WARNING, "nss_nonlocal: Group %s does not exist locally!", 440 MAGIC_LOCAL_GROUPNAME); 441 local_users_gid = -1; 442 } 443 444 if (is_local) { 445 gid = local_users_gid; 446 } else { 447 status = get_local_group(MAGIC_NONLOCAL_GROUPNAME, 448 &nonlocal_users_group, &buffer, errnop); 370 if (status == NSS_STATUS_TRYAGAIN) { 371 return status; 372 } else if (status != NSS_STATUS_SUCCESS) { 373 is_nonlocal = false; 374 375 status = get_local_group(MAGIC_LOCAL_GROUPNAME, 376 &local_users_group, &buffer, errnop); 449 377 if (status == NSS_STATUS_SUCCESS) { 450 gid = nonlocal_users_group.gr_gid;451 378 free(buffer); 379 if (!add_group(local_users_group.gr_gid, start, size, groupsp, 380 limit, errnop, &status)) 381 return status; 452 382 } else if (status == NSS_STATUS_TRYAGAIN) { 453 383 return status; 454 384 } else { 455 syslog(LOG_WARNING, "nss_nonlocal: Group %s does not exist locally!",456 MAGIC_NONLOCAL_GROUPNAME);457 gid = -1;458 } 459 } 460 461 if (gid != -1) {462 int i;463 for (i = 0; i < *start; ++i) 464 if ((*groupsp)[i] == gid)465 break;466 if (i >= *start) {467 if (*start + 1 > *size) {468 gid_t *newgroups;469 long int newsize = 2 * *size;470 if (limit > 0) {471 if (*size >= limit)472 return NSS_STATUS_SUCCESS;473 i f (newsize > limit)474 newsize = limit;385 syslog(LOG_WARNING, 386 "nss_nonlocal: Group %s does not exist locally!", 387 MAGIC_LOCAL_GROUPNAME); 388 } 389 } 390 391 status = get_local_group(MAGIC_NONLOCAL_GROUPNAME, 392 &nonlocal_users_group, &buffer, errnop); 393 if (status == NSS_STATUS_SUCCESS) { 394 free(buffer); 395 if (is_nonlocal) { 396 if (!add_group(nonlocal_users_group.gr_gid, start, size, groupsp, 397 limit, errnop, &status)) 398 return status; 399 } else { 400 int i; 401 for (i = 0; i < *start; ++i) { 402 if ((*groupsp)[i] == nonlocal_users_group.gr_gid) { 403 is_nonlocal = true; 404 break; 475 405 } 476 newgroups = realloc(*groupsp, newsize * sizeof((*groupsp)[0])); 477 if (newgroups == NULL) { 478 *errnop = ENOMEM; 479 errno = old_errno; 480 return NSS_STATUS_TRYAGAIN; 406 } 407 408 if (is_nonlocal) { 409 struct passwd pwbuf; 410 char *buf; 411 int nonlocal_errno = *errnop; 412 status = get_nonlocal_passwd(user, &pwbuf, &buf, errnop); 413 414 if (status == NSS_STATUS_SUCCESS) { 415 nonlocal_errno = *errnop; 416 status = check_nonlocal_gid(user, NULL, pwbuf.pw_gid, 417 &nonlocal_errno); 418 free(buf); 481 419 } 482 *groupsp = newgroups; 483 *size = newsize; 420 421 if (status == NSS_STATUS_SUCCESS) { 422 if (!add_group(pwbuf.pw_gid, start, size, groupsp, limit, 423 errnop, &status)) 424 return status; 425 } else if (status == NSS_STATUS_TRYAGAIN) { 426 *errnop = nonlocal_errno; 427 return status; 428 } 484 429 } 485 (*groupsp)[(*start)++] = gid; 486 } 487 } 488 489 if (is_local) 430 } 431 } else if (status == NSS_STATUS_TRYAGAIN) { 432 if (is_nonlocal) 433 return status; 434 } else { 435 syslog(LOG_WARNING, "nss_nonlocal: Group %s does not exist locally!", 436 MAGIC_NONLOCAL_GROUPNAME); 437 } 438 439 if (!is_nonlocal) 490 440 return NSS_STATUS_SUCCESS; 491 441 492 442 in = out = *start; 493 443 494 nip = nss_group_nonlocal_database(); 495 if (nip == NULL) 496 return NSS_STATUS_UNAVAIL; 497 if (fct_start == NULL) 498 fct_start = __nss_lookup_function(nip, fct_name); 499 fct.ptr = fct_start; 500 501 do { 502 if (fct.ptr == NULL) 503 status = NSS_STATUS_UNAVAIL; 504 else 505 status = DL_CALL_FCT(fct.l, (user, group, start, size, groupsp, limit, errnop)); 506 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 507 break; 508 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 444 #define args (user, group, start, size, groupsp, limit, errnop) 445 #include "walk_nss.h" 446 #undef args 509 447 if (status != NSS_STATUS_SUCCESS) 510 448 return status; … … 519 457 continue; 520 458 521 /* Don't let users get into MAGIC_LOCAL_GROUPNAME from nonlocal reasons. */ 522 if (local_users_gid == (*groupsp)[in]) { 523 syslog(LOG_WARNING, "nss_nonlocal: Nonlocal user %s removed from special local users group %s", 524 user, MAGIC_LOCAL_GROUPNAME); 525 continue; 526 } 527 528 status = check_nonlocal_gid(user, (*groupsp)[in], &nonlocal_errno); 459 status = check_nonlocal_gid(user, NULL, (*groupsp)[in], 460 &nonlocal_errno); 529 461 if (status == NSS_STATUS_SUCCESS) { 530 462 (*groupsp)[out++] = (*groupsp)[in]; -
branches/fc15-dev/server/common/oursrc/nss_nonlocal/nonlocal-passwd.c
r1553 r1878 50 50 51 51 52 static service_user * 53 nss_passwd_nonlocal_database(void) 54 { 55 static service_user *nip = NULL; 56 if (nip == NULL) 57 __nss_database_lookup("passwd_nonlocal", NULL, "", &nip); 58 59 return nip; 52 static service_user *__nss_passwd_nonlocal_database; 53 54 static int 55 internal_function 56 __nss_passwd_nonlocal_lookup(service_user **ni, const char *fct_name, 57 void **fctp) 58 { 59 if (__nss_passwd_nonlocal_database == NULL 60 && __nss_database_lookup("passwd_nonlocal", NULL, NULL, 61 &__nss_passwd_nonlocal_database) < 0) 62 return -1; 63 64 *ni = __nss_passwd_nonlocal_database; 65 66 *fctp = __nss_lookup_function(*ni, fct_name); 67 return 0; 60 68 } 61 69 … … 64 72 check_nonlocal_uid(const char *user, uid_t uid, int *errnop) 65 73 { 66 static const char *fct_name = "getpwuid_r"; 67 static service_user *startp = NULL; 68 static void *fct_start = NULL; 69 enum nss_status status; 70 service_user *nip; 71 union { 72 enum nss_status (*l)(uid_t uid, struct passwd *pwd, 73 char *buffer, size_t buflen, int *errnop); 74 void *ptr; 75 } fct; 74 enum nss_status status; 76 75 struct passwd pwbuf; 77 int old_errno = errno; 78 76 char *buf; 79 77 size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); 80 char *buf = malloc(buflen); 81 if (buf == NULL) { 82 *errnop = ENOMEM; 83 errno = old_errno; 84 return NSS_STATUS_TRYAGAIN; 85 } 86 87 if (fct_start == NULL && 88 __nss_passwd_lookup(&startp, fct_name, &fct_start) != 0) { 89 free(buf); 90 return NSS_STATUS_UNAVAIL; 91 } 92 nip = startp; 93 fct.ptr = fct_start; 94 do { 95 morebuf: 96 if (fct.l == _nss_nonlocal_getpwuid_r) 97 status = NSS_STATUS_NOTFOUND; 98 else 99 status = DL_CALL_FCT(fct.l, (uid, &pwbuf, buf, buflen, errnop)); 100 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { 101 free(buf); 102 buflen *= 2; 103 buf = malloc(buflen); 104 if (buf == NULL) { 105 *errnop = ENOMEM; 106 errno = old_errno; 107 return NSS_STATUS_TRYAGAIN; 108 } 109 goto morebuf; 110 } 111 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 78 const struct walk_nss w = { 79 .lookup = &__nss_passwd_lookup, .fct_name = "getpwuid_r", 80 .status = &status, .errnop = errnop, .buf = &buf, .buflen = &buflen 81 }; 82 const __typeof__(&_nss_nonlocal_getpwuid_r) self = &_nss_nonlocal_getpwuid_r; 83 #define args (uid, &pwbuf, buf, buflen, errnop) 84 #include "walk_nss.h" 85 #undef args 112 86 113 87 if (status == NSS_STATUS_SUCCESS) { 114 88 syslog(LOG_ERR, "nss_nonlocal: possible spoofing attack: non-local user %s has same UID as local user %s!\n", user, pwbuf.pw_name); 89 free(buf); 115 90 status = NSS_STATUS_NOTFOUND; 116 91 } else if (status != NSS_STATUS_TRYAGAIN) { … … 118 93 } 119 94 120 free(buf);121 95 return status; 122 96 } … … 132 106 errno = 0; 133 107 uid = strtoul(pwd->pw_name, &end, 10); 134 if (errno == 0 && *end == '\0' && (uid_t)uid == uid) 108 if (errno == 0 && *end == '\0' && (uid_t)uid == uid) { 109 errno = old_errno; 135 110 status = check_nonlocal_uid(user, uid, errnop); 136 errno = old_errno; 111 } else { 112 errno = old_errno; 113 } 137 114 if (status != NSS_STATUS_SUCCESS) 138 115 return status; … … 144 121 check_nonlocal_user(const char *user, int *errnop) 145 122 { 146 static const char *fct_name = "getpwnam_r"; 147 static service_user *startp = NULL; 148 static void *fct_start = NULL; 149 enum nss_status status; 150 service_user *nip; 151 union { 152 enum nss_status (*l)(const char *name, struct passwd *pwd, 153 char *buffer, size_t buflen, int *errnop); 154 void *ptr; 155 } fct; 123 enum nss_status status; 156 124 struct passwd pwbuf; 157 int old_errno = errno; 158 125 char *buf; 159 126 size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); 160 char *buf = malloc(buflen); 161 if (buf == NULL) { 162 *errnop = ENOMEM; 163 errno = old_errno; 164 return NSS_STATUS_TRYAGAIN; 165 } 166 167 if (fct_start == NULL && 168 __nss_passwd_lookup(&startp, fct_name, &fct_start) != 0) { 127 const struct walk_nss w = { 128 .lookup = __nss_passwd_lookup, .fct_name = "getpwnam_r", 129 .status = &status, .errnop = errnop, .buf = &buf, .buflen = &buflen 130 }; 131 const __typeof__(&_nss_nonlocal_getpwnam_r) self = &_nss_nonlocal_getpwnam_r; 132 #define args (user, &pwbuf, buf, buflen, errnop) 133 #include "walk_nss.h" 134 #undef args 135 136 if (status == NSS_STATUS_SUCCESS) { 169 137 free(buf); 170 return NSS_STATUS_UNAVAIL;171 }172 nip = startp;173 fct.ptr = fct_start;174 do {175 morebuf:176 if (fct.l == _nss_nonlocal_getpwnam_r)177 status = NSS_STATUS_NOTFOUND;178 else179 status = DL_CALL_FCT(fct.l, (user, &pwbuf, buf, buflen, errnop));180 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {181 free(buf);182 buflen *= 2;183 buf = malloc(buflen);184 if (buf == NULL) {185 *errnop = ENOMEM;186 errno = old_errno;187 return NSS_STATUS_TRYAGAIN;188 }189 goto morebuf;190 }191 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);192 193 if (status == NSS_STATUS_SUCCESS)194 138 status = NSS_STATUS_NOTFOUND; 195 else if (status != NSS_STATUS_TRYAGAIN)139 } else if (status != NSS_STATUS_TRYAGAIN) { 196 140 status = NSS_STATUS_SUCCESS; 197 198 free(buf); 141 } 142 199 143 return status; 200 144 } 201 145 202 203 static service_user *pwent_nip = NULL; 146 enum nss_status 147 get_nonlocal_passwd(const char *name, struct passwd *pwd, char **buffer, 148 int *errnop) 149 { 150 enum nss_status status; 151 size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); 152 const struct walk_nss w = { 153 .lookup = __nss_passwd_nonlocal_lookup, .fct_name = "getpwnam_r", 154 .status = &status, .errnop = errnop, .buf = buffer, .buflen = &buflen 155 }; 156 const __typeof__(&_nss_nonlocal_getpwnam_r) self = NULL; 157 #define args (name, pwd, *buffer, buflen, errnop) 158 #include "walk_nss.h" 159 #undef args 160 return status; 161 } 162 163 164 static service_user *pwent_startp, *pwent_nip; 204 165 static void *pwent_fct_start; 205 166 static union { … … 213 174 _nss_nonlocal_setpwent(int stayopen) 214 175 { 215 static const char *fct_name = "setpwent"; 216 static void *fct_start = NULL; 217 enum nss_status status; 218 service_user *nip; 219 union { 220 enum nss_status (*l)(int stayopen); 221 void *ptr; 222 } fct; 223 224 nip = nss_passwd_nonlocal_database(); 225 if (nip == NULL) 226 return NSS_STATUS_UNAVAIL; 227 if (fct_start == NULL) 228 fct_start = __nss_lookup_function(nip, fct_name); 229 fct.ptr = fct_start; 230 do { 231 if (fct.ptr == NULL) 232 status = NSS_STATUS_UNAVAIL; 233 else 234 status = DL_CALL_FCT(fct.l, (stayopen)); 235 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 236 if (status != NSS_STATUS_SUCCESS) 237 return status; 238 239 pwent_nip = nip; 176 enum nss_status status; 177 const struct walk_nss w = { 178 .lookup = &__nss_passwd_nonlocal_lookup, .fct_name = "setpwent", 179 .status = &status 180 }; 181 const __typeof__(&_nss_nonlocal_setpwent) self = NULL; 182 #define args (stayopen) 183 #include "walk_nss.h" 184 #undef args 185 if (status != NSS_STATUS_SUCCESS) 186 return status; 187 240 188 if (pwent_fct_start == NULL) 241 pwent_fct_start = __nss_lookup_function(nip, pwent_fct_name); 189 __nss_passwd_nonlocal_lookup(&pwent_startp, pwent_fct_name, 190 &pwent_fct_start); 191 pwent_nip = pwent_startp; 242 192 pwent_fct.ptr = pwent_fct_start; 243 193 return NSS_STATUS_SUCCESS; … … 247 197 _nss_nonlocal_endpwent(void) 248 198 { 249 static const char *fct_name = "endpwent"; 250 static void *fct_start = NULL; 251 enum nss_status status; 252 service_user *nip; 253 union { 254 enum nss_status (*l)(void); 255 void *ptr; 256 } fct; 199 enum nss_status status; 200 const struct walk_nss w = { 201 .lookup = &__nss_passwd_nonlocal_lookup, .fct_name = "endpwent", 202 .status = &status 203 }; 204 const __typeof__(&_nss_nonlocal_endpwent) self = NULL; 257 205 258 206 pwent_nip = NULL; 259 207 260 nip = nss_passwd_nonlocal_database(); 261 if (nip == NULL) 262 return NSS_STATUS_UNAVAIL; 263 if (fct_start == NULL) 264 fct_start = __nss_lookup_function(nip, fct_name); 265 fct.ptr = fct_start; 266 do { 267 if (fct.ptr == NULL) 268 status = NSS_STATUS_UNAVAIL; 269 else 270 status = DL_CALL_FCT(fct.l, ()); 271 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 208 #define args () 209 #include "walk_nss.h" 210 #undef args 272 211 return status; 273 212 } … … 314 253 char *buffer, size_t buflen, int *errnop) 315 254 { 316 static const char *fct_name = "getpwnam_r"; 317 static void *fct_start = NULL; 318 enum nss_status status; 319 service_user *nip; 320 union { 321 enum nss_status (*l)(const char *name, struct passwd *pwd, 322 char *buffer, size_t buflen, int *errnop); 323 void *ptr; 324 } fct; 255 enum nss_status status; 325 256 int group_errno; 257 const struct walk_nss w = { 258 .lookup = __nss_passwd_nonlocal_lookup, .fct_name = "getpwnam_r", 259 .status = &status, .errnop = errnop 260 }; 261 const __typeof__(&_nss_nonlocal_getpwnam_r) self = NULL; 326 262 327 263 char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV); … … 329 265 return NSS_STATUS_UNAVAIL; 330 266 331 nip = nss_passwd_nonlocal_database(); 332 if (nip == NULL) 333 return NSS_STATUS_UNAVAIL; 334 if (fct_start == NULL) 335 fct_start = __nss_lookup_function(nip, fct_name); 336 fct.ptr = fct_start; 337 do { 338 if (fct.ptr == NULL) 339 status = NSS_STATUS_UNAVAIL; 340 else 341 status = DL_CALL_FCT(fct.l, (name, pwd, buffer, buflen, errnop)); 342 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 343 break; 344 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 267 #define args (name, pwd, buffer, buflen, errnop) 268 #include "walk_nss.h" 269 #undef args 345 270 if (status != NSS_STATUS_SUCCESS) 346 271 return status; … … 355 280 return status; 356 281 357 if (check_nonlocal_gid(name, pwd->pw_gid, &group_errno) !=282 if (check_nonlocal_gid(name, NULL, pwd->pw_gid, &group_errno) != 358 283 NSS_STATUS_SUCCESS) 359 284 pwd->pw_gid = 65534 /* nogroup */; … … 365 290 char *buffer, size_t buflen, int *errnop) 366 291 { 367 static const char *fct_name = "getpwuid_r"; 368 static void *fct_start = NULL; 369 enum nss_status status; 370 service_user *nip; 371 union { 372 enum nss_status (*l)(uid_t uid, struct passwd *pwd, 373 char *buffer, size_t buflen, int *errnop); 374 void *ptr; 375 } fct; 292 enum nss_status status; 376 293 int group_errno; 294 const struct walk_nss w = { 295 .lookup = &__nss_passwd_nonlocal_lookup, .fct_name = "getpwuid_r", 296 .status = &status, .errnop = errnop 297 }; 298 const __typeof__(&_nss_nonlocal_getpwuid_r) self = NULL; 377 299 378 300 char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV); … … 380 302 return NSS_STATUS_UNAVAIL; 381 303 382 nip = nss_passwd_nonlocal_database(); 383 if (nip == NULL) 384 return NSS_STATUS_UNAVAIL; 385 if (fct_start == NULL) 386 fct_start = __nss_lookup_function(nip, fct_name); 387 fct.ptr = fct_start; 388 do { 389 if (fct.ptr == NULL) 390 status = NSS_STATUS_UNAVAIL; 391 else 392 status = DL_CALL_FCT(fct.l, (uid, pwd, buffer, buflen, errnop)); 393 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 394 break; 395 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 304 #define args (uid, pwd, buffer, buflen, errnop) 305 #include "walk_nss.h" 306 #undef args 396 307 if (status != NSS_STATUS_SUCCESS) 397 308 return status; … … 406 317 return status; 407 318 408 if (check_nonlocal_gid(pwd->pw_name, pwd->pw_gid, &group_errno) !=319 if (check_nonlocal_gid(pwd->pw_name, NULL, pwd->pw_gid, &group_errno) != 409 320 NSS_STATUS_SUCCESS) 410 321 pwd->pw_gid = 65534 /* nogroup */; -
branches/fc15-dev/server/common/oursrc/nss_nonlocal/nonlocal-shadow.c
r1553 r1878 40 40 41 41 42 static service_user * 43 nss_shadow_nonlocal_database(void) 42 static service_user *__nss_shadow_nonlocal_database; 43 44 static int 45 internal_function 46 __nss_shadow_nonlocal_lookup(service_user **ni, const char *fct_name, 47 void **fctp) 44 48 { 45 static service_user *nip = NULL; 46 if (nip == NULL) 47 __nss_database_lookup("shadow_nonlocal", NULL, "", &nip); 49 if (__nss_shadow_nonlocal_database == NULL 50 && __nss_database_lookup("shadow_nonlocal", NULL, NULL, 51 &__nss_shadow_nonlocal_database) < 0) 52 return -1; 48 53 49 return nip; 54 *ni = __nss_shadow_nonlocal_database; 55 56 *fctp = __nss_lookup_function(*ni, fct_name); 57 return 0; 50 58 } 51 59 52 60 53 static service_user *spent_ nip = NULL;61 static service_user *spent_startp, *spent_nip; 54 62 static void *spent_fct_start; 55 63 static union { … … 63 71 _nss_nonlocal_setspent(int stayopen) 64 72 { 65 static const char *fct_name = "setspent";66 static void *fct_start = NULL;67 73 enum nss_status status; 68 service_user *nip; 69 union { 70 enum nss_status (*l)(int stayopen); 71 void *ptr; 72 } fct; 73 74 nip = nss_shadow_nonlocal_database(); 75 if (nip == NULL) 76 return NSS_STATUS_UNAVAIL; 77 if (fct_start == NULL) 78 fct_start = __nss_lookup_function(nip, fct_name); 79 fct.ptr = fct_start; 80 do { 81 if (fct.ptr == NULL) 82 status = NSS_STATUS_UNAVAIL; 83 else 84 status = DL_CALL_FCT(fct.l, (stayopen)); 85 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 74 const struct walk_nss w = { 75 .lookup = &__nss_shadow_nonlocal_lookup, .fct_name = "setspent", 76 .status = &status 77 }; 78 const __typeof__(&_nss_nonlocal_setspent) self = NULL; 79 #define args (stayopen) 80 #include "walk_nss.h" 81 #undef args 86 82 if (status != NSS_STATUS_SUCCESS) 87 83 return status; 88 84 89 spent_nip = nip;90 85 if (spent_fct_start == NULL) 91 spent_fct_start = __nss_lookup_function(nip, spent_fct_name); 86 __nss_shadow_nonlocal_lookup(&spent_startp, spent_fct_name, 87 &spent_fct_start); 88 spent_nip = spent_startp; 92 89 spent_fct.ptr = spent_fct_start; 93 90 return NSS_STATUS_SUCCESS; … … 97 94 _nss_nonlocal_endspent(void) 98 95 { 99 static const char *fct_name = "endspent";100 static void *fct_start = NULL;101 96 enum nss_status status; 102 service_user *nip;103 union { 104 enum nss_status (*l)(void);105 void *ptr;106 } fct;97 const struct walk_nss w = { 98 .lookup = &__nss_shadow_nonlocal_lookup, .fct_name = "endspent", 99 .status = &status 100 }; 101 const __typeof__(&_nss_nonlocal_endspent) self = NULL; 107 102 108 103 spent_nip = NULL; 109 104 110 nip = nss_shadow_nonlocal_database(); 111 if (nip == NULL) 112 return NSS_STATUS_UNAVAIL; 113 if (fct_start == NULL) 114 fct_start = __nss_lookup_function(nip, fct_name); 115 fct.ptr = fct_start; 116 do { 117 if (fct.ptr == NULL) 118 status = NSS_STATUS_UNAVAIL; 119 else 120 status = DL_CALL_FCT(fct.l, ()); 121 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 105 #define args () 106 #include "walk_nss.h" 107 #undef args 122 108 return status; 123 109 } … … 154 140 char *buffer, size_t buflen, int *errnop) 155 141 { 156 static const char *fct_name = "getspnam_r";157 static void *fct_start = NULL;158 142 enum nss_status status; 159 service_user *nip; 160 union { 161 enum nss_status (*l)(const char *name, struct spwd *pwd, 162 char *buffer, size_t buflen, int *errnop); 163 void *ptr; 164 } fct; 165 166 nip = nss_shadow_nonlocal_database(); 167 if (nip == NULL) 168 return NSS_STATUS_UNAVAIL; 169 if (fct_start == NULL) 170 fct_start = __nss_lookup_function(nip, fct_name); 171 fct.ptr = fct_start; 172 do { 173 if (fct.ptr == NULL) 174 status = NSS_STATUS_UNAVAIL; 175 else 176 status = DL_CALL_FCT(fct.l, (name, pwd, buffer, buflen, errnop)); 177 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 178 break; 179 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 143 const struct walk_nss w = { 144 .lookup = __nss_shadow_nonlocal_lookup, .fct_name = "getspnam_r", 145 .status = &status, .errnop = errnop 146 }; 147 const __typeof__(&_nss_nonlocal_getspnam_r) self = NULL; 148 #define args (name, pwd, buffer, buflen, errnop) 149 #include "walk_nss.h" 150 #undef args 180 151 if (status != NSS_STATUS_SUCCESS) 181 152 return status; -
branches/fc15-dev/server/common/oursrc/nss_nonlocal/nonlocal.h
r782 r1878 1 /* 2 * nonlocal.h 3 * common definitions for nss_nonlocal proxy 4 * 5 * Copyright © 2007–2010 Anders Kaseorg <andersk@mit.edu> and Tim 6 * Abbott <tabbott@mit.edu> 7 * 8 * This file is part of nss_nonlocal. 9 * 10 * nss_nonlocal is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU Lesser General Public License 12 * as published by the Free Software Foundation; either version 2.1 of 13 * the License, or (at your option) any later version. 14 * 15 * nss_nonlocal is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * Lesser General Public License for more details. 19 * 20 * You should have received a copy of the GNU Lesser General Public 21 * License along with nss_nonlocal; if not, write to the Free Software 22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 23 * 02110-1301 USA 24 */ 25 1 26 #ifndef NONLOCAL_H 2 27 #define NONLOCAL_H … … 4 29 #include "config.h" 5 30 31 #ifdef HAVE_STDBOOL_H 32 # include <stdbool.h> 33 #else 34 # ifndef HAVE__BOOL 35 # ifdef __cplusplus 36 typedef bool _Bool; 37 # else 38 # define _Bool signed char 39 # endif 40 # endif 41 # define bool _Bool 42 # define false 0 43 # define true 1 44 # define __bool_true_false_are_defined 1 45 #endif 46 47 #include "nsswitch-internal.h" 48 #include <pwd.h> 49 50 struct walk_nss { 51 enum nss_status *status; 52 int (*lookup)(service_user **ni, const char *fct_name, 53 void **fctp) internal_function; 54 const char *fct_name; 55 int *errnop; 56 char **buf; 57 size_t *buflen; 58 }; 59 6 60 enum nss_status check_nonlocal_uid(const char *user, uid_t uid, int *errnop); 7 enum nss_status check_nonlocal_gid(const char *user, gid_t gid, int *errnop); 61 enum nss_status check_nonlocal_gid(const char *user, const char *group, 62 gid_t gid, int *errnop); 8 63 enum nss_status check_nonlocal_user(const char *user, int *errnop); 64 enum nss_status get_nonlocal_passwd(const char *name, struct passwd *pwd, 65 char **buffer, int *errnop); 9 66 10 67 #define NONLOCAL_IGNORE_ENV "NSS_NONLOCAL_IGNORE" -
branches/fc15-dev/server/common/oursrc/php_scripts/php_scripts-config.m4
- Property svn:mergeinfo changed (with no actual effect on merging)
-
branches/fc15-dev/server/common/oursrc/scripts-static-cat/StaticCat.hs
r1784 r1878 35 35 (".css", "text/css"), 36 36 (".doc", "application/msword"), 37 (".docm", "application/vnd.ms-word.document.macroEnabled.12"), 38 (".docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document"), 39 (".dot", "application/msword"), 40 (".dotm", "application/vnd.ms-word.template.macroEnabled.12"), 41 (".dotx", "application/vnd.openxmlformats-officedocument.wordprocessingml.template"), 37 42 (".gif", "image/gif"), 38 43 (".htm", "text/html"), … … 50 55 (".mpeg", "video/mpeg"), 51 56 (".mpg", "video/mpeg"), 57 (".odb", "application/vnd.oasis.opendocument.database"), 58 (".odc", "application/vnd.oasis.opendocument.chart"), 59 (".odf", "application/vnd.oasis.opendocument.formula"), 60 (".odg", "application/vnd.oasis.opendocument.graphics"), 61 (".odi", "application/vnd.oasis.opendocument.image"), 62 (".odm", "application/vnd.oasis.opendocument.text-master"), 63 (".odp", "application/vnd.oasis.opendocument.presentation"), 64 (".ods", "application/vnd.oasis.opendocument.spreadsheet"), 65 (".odt", "application/vnd.oasis.opendocument.text"), 52 66 (".otf", "application/octet-stream"), 67 (".otg", "application/vnd.oasis.opendocument.graphics-template"), 68 (".oth", "application/vnd.oasis.opendocument.text-web"), 69 (".otp", "application/vnd.oasis.opendocument.presentation-template"), 70 (".ots", "application/vnd.oasis.opendocument.spreadsheet-template"), 71 (".ott", "application/vnd.oasis.opendocument.text-template"), 53 72 (".pdf", "application/pdf"), 54 73 (".png", "image/png"), 74 (".pot", "application/vnd.ms-powerpoint"), 75 (".potm", "application/vnd.ms-powerpoint.template.macroEnabled.12"), 76 (".potx", "application/vnd.openxmlformats-officedocument.presentationml.template"), 77 (".ppa", "application/vnd.ms-powerpoint"), 78 (".ppam", "application/vnd.ms-powerpoint.addin.macroEnabled.12"), 79 (".pps", "application/vnd.ms-powerpoint"), 80 (".ppsm", "application/vnd.ms-powerpoint.slideshow.macroEnabled.12"), 81 (".ppsx", "application/vnd.openxmlformats-officedocument.presentationml.slideshow"), 55 82 (".ppt", "application/vnd.ms-powerpoint"), 83 (".pptm", "application/vnd.ms-powerpoint.presentation.macroEnabled.12"), 84 (".pptx", "application/vnd.openxmlformats-officedocument.presentationml.presentation"), 56 85 (".ps", "application/postscript"), 57 86 (".svg", "image/svg+xml"), … … 67 96 (".xap", "application/x-silverlight-app"), 68 97 (".xhtml", "application/xhtml+xml"), 98 (".xla", "application/vnd.ms-excel"), 99 (".xlam", "application/vnd.ms-excel.addin.macroEnabled.12"), 69 100 (".xls", "application/vnd.ms-excel"), 101 (".xlsb", "application/vnd.ms-excel.sheet.binary.macroEnabled.12"), 102 (".xlsm", "application/vnd.ms-excel.sheet.macroEnabled.12"), 103 (".xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"), 104 (".xlt", "application/vnd.ms-excel"), 105 (".xltm", "application/vnd.ms-excel.template.macroEnabled.12"), 106 (".xltx", "application/vnd.openxmlformats-officedocument.spreadsheetml.template"), 70 107 (".xml", "text/xml"), 71 108 (".xsl", "text/xml"), -
branches/fc15-dev/server/common/patches/httpd-suexec-scripts.patch
r1785 r1878 73 73 74 74 /* variable name is */ 75 @@ -245,9 +250, 71@@75 @@ -245,9 +250,108 @@ 76 76 environ = cleanenv; 77 77 } … … 100 100 + "xls", 101 101 + "ppt", 102 + "dot", 103 + "docx", 104 + "dotx", 105 + "docm", 106 + "dotm", 107 + "xlt", 108 + "xla", 109 + "xlsx", 110 + "xltx", 111 + "xlsm", 112 + "xltm", 113 + "xlam", 114 + "xlsb", 115 + "pot", 116 + "pps", 117 + "ppa", 118 + "pptx", 119 + "potx", 120 + "ppsx", 121 + "ppam", 122 + "pptm", 123 + "potm", 124 + "ppsm", 102 125 + "swf", 103 126 + "mp3", … … 117 140 + "ttf", 118 141 + "otf", 142 + "odc", 143 + "odb", 144 + "odf", 145 + "odg", 146 + "otg", 147 + "odi", 148 + "odp", 149 + "otp", 150 + "ods", 151 + "ots", 152 + "odt", 153 + "odm", 154 + "ott", 155 + "oth", 119 156 + NULL 120 157 +}; … … 145 182 gid_t gid; /* target group placeholder */ 146 183 char *target_uname; /* target user name */ 147 @@ -268,6 +3 31,7 @@184 @@ -268,6 +368,7 @@ 148 185 * Start with a "clean" environment 149 186 */ … … 153 190 prog = argv[0]; 154 191 /* 155 @@ -350,6 +4 14,20 @@192 @@ -350,6 +451,20 @@ 156 193 #endif /*_OSD_POSIX*/ 157 194 … … 174 211 * or attempts to back up out of the current directory, 175 212 * to protect against attacks. If any are 176 @@ -371,6 +4 49,7 @@213 @@ -371,6 +486,7 @@ 177 214 userdir = 1; 178 215 } … … 182 219 * Error out if the target username is invalid. 183 220 */ 184 @@ -452,7 +5 31,7 @@221 @@ -452,7 +568,7 @@ 185 222 * Error out if attempt is made to execute as root or as 186 223 * a UID less than AP_UID_MIN. Tsk tsk. … … 191 228 exit(107); 192 229 } 193 @@ -484,6 +5 63,7 @@230 @@ -484,6 +599,7 @@ 194 231 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 195 232 exit(110); … … 199 236 /* 200 237 * Get the current working directory, as well as the proper 201 @@ -506,6 +6 00,21 @@238 @@ -506,6 +637,21 @@ 202 239 log_err("cannot get docroot information (%s)\n", target_homedir); 203 240 exit(112); … … 221 258 else { 222 259 if (((chdir(AP_DOC_ROOT)) != 0) || 223 @@ -532,15 +6 41,17 @@260 @@ -532,15 +678,17 @@ 224 261 /* 225 262 * Error out if cwd is writable by others. … … 240 277 exit(117); 241 278 } 242 @@ -548,10 +6 59,12 @@279 @@ -548,10 +696,12 @@ 243 280 /* 244 281 * Error out if the program is writable by others. … … 253 290 /* 254 291 * Error out if the file is setuid or setgid. 255 @@ -565,6 + 678,7 @@292 @@ -565,6 +715,7 @@ 256 293 * Error out if the target name/group is different from 257 294 * the name/group of the cwd or the program. … … 261 298 (gid != dir_info.st_gid) || 262 299 (uid != prg_info.st_uid) || 263 @@ -576,12 + 690,14 @@300 @@ -576,12 +727,14 @@ 264 301 prg_info.st_uid, prg_info.st_gid); 265 302 exit(120); … … 277 314 exit(121); 278 315 } 279 @@ -614,6 +7 30,23 @@316 @@ -614,6 +767,23 @@ 280 317 /* 281 318 * Execute the command, replacing our image with its own. -
branches/fc15-dev/server/doc/install-ldap
r1698 r1878 28 28 29 29 # Inside cn=config. These changes definitely require a restart. 30 nsslapd-ldapifilepath: /var/run/ dirsrv/slapd-scripts.socket30 nsslapd-ldapifilepath: /var/run/slapd-scripts.socket 31 31 nsslapd-ldapilisten: on 32 32 nsslapd-syntaxcheck: off … … 51 51 - chown fedora-ds:fedora-ds /var/run/dirsrv 52 52 - chown fedora-ds /etc/dirsrv/keytab 53 - chmod 755 /var/run/dirsrv54 53 - /sbin/service dirsrv start 55 54 - Use ldapvi -b cn=config to add these indexes (8 of them): -
branches/fc15-dev/server/doc/install-xen
r1693 r1878 1 # install Hardy 2 # this involves complicated partitioning (with lvm) 3 # the popular version of Grub doesn't cope with this. 4 # Thus, we need a boot partition not under LVM 5 # allocate about 1G for /root ext3 filesystem 6 # partition the two disks the same way 7 # that means you have two disks, each with a 1G partition and 8 # a "rest-of-the-space"G partition 9 # now, combine the two 1G partitions into a RAID 1 (as /boot ext3) 10 # take the two other partitions, another RAID 1 (set up as lvm) 11 # create one volume group the same as the host 12 # in that volume group, create two lvs one of them named root (ext3) 13 # and one named swap (copy sizes, 10G root and 2G swap) 14 # F11 will suggest ext4, DON'T USE IT. 1 # install Squeeze 2 # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID 3 # Create a RAID1 for the 1G partitions 4 # Create a RAID1 for each pair of rest-of-the-space partitions 5 # Create an ext3 /boot on the 1G RAID1 6 # Create an LVM volume group named after the machine's short hostname 7 # Create an LV called "swap" that is the same size as the machine's physical RAM 8 # Create an LV called "root" that is 50G ext4 9 10 # ??? F11 will suggest ext4, DON'T USE IT. 15 11 # - New filesystem, so it's scary 16 12 # - The hosts can't mount it 17 13 # - Grub can't cope with it 18 14 19 # enable backports (because Xen 3.3 is in hardy backports) 20 apt-get update 21 apt-get dist-upgrade 15 # install useful utility packages 16 aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron bwm-ng bzip2 ethtool i2c-tools lm-sensors mii-diag molly-guard mtr-tiny nbd-client nbd-server rlwrap strace tcpdump tree 17 git config --global color.ui auto 18 22 19 # install Xen 23 apt-get install ubuntu-xen-server 20 aptitude install xen-linux-system 21 24 22 # download Debathena archive key, verify 25 apt-key add ... 26 # add Debathena repos to etc/apt.d/sources.list 27 # install Debathena software 28 apt-get install debathena-clients 23 (aptitude install debian-keyring && 24 cd /tmp && 25 wget http://debathena.mit.edu/apt/debathena-archive.asc && 26 kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) && 27 gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc && 28 gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys && 29 gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint && 30 gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import) 31 32 # add Debathena repos to etc/apt/sources.list.d 33 cat <<EOF > /etc/apt/sources.list.d/debathena.list 34 deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs 35 deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs 36 EOF 37 38 # install host keytab 39 cp $keytab /etc/krb5.keytab 40 k5srvutil change 41 k5srvutil delold 42 # install ~/.k5login 43 # install Debathena software (hit enter to take the defaults at the 44 # configuration prompts) 45 aptitude update 46 aptitude install debathena-clients debathena-ssh-server-config 29 47 # compare packages with another server 30 dpkg -l48 dpkg -l 31 49 # reconfigure so that we can get an MTA, although we don't 32 # want the hosts to accept mail ( smart host, does not takemail)50 # want the hosts to accept mail (mail sent by smarthost; no local mail) 33 51 # outgoing.mit.edu 34 dpkg reconfigure xm4-config52 dpkg-reconfigure exim4-config 35 53 # answer questions properly 36 54 # change root alias in /etc/aliases to be the same as scripts server 37 55 # reload it 38 56 newaliases 39 # ssh key for host...40 # install host keytab 57 # clone the xen config (/etc/xen) 58 git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen 41 59 # copy conserver config (we need to version this) 42 # clone the xen config (/etc/xen) 43 git clone ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen 44 60 aptitude install sudo conserver-{server,client} 45 61 # setup conserver 46 cat /etc/conserver/console.cf # add the correct entires here 62 cat <<EOF > /etc/conserver/conserver.cf 63 config * { 64 sslrequired no; 65 } 66 default full { 67 rw *; 68 } 69 default * { 70 logfile /var/log/conserver/&.log; 71 timestamp "1lab"; 72 include full; 73 sslrequired no; 74 options reinitoncc; 75 } 76 default xen { 77 type exec; 78 exec sudo xm console f; 79 execsubst f=cs; 80 } 81 access * { 82 trusted 127.0.0.1; 83 } 84 EOF 47 85 visudo # add conservr to sudoers list with: 48 86 conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console * 87 88 # setup munin and nagios 89 aptitude install munin-node 90 cat <<EOF >> /etc/munin/munin-node.conf 91 allow ^18\.187\.1\.128$ 92 allow ^18\.181\.0\.65$ 93 allow ^18\.181\.0\.51$ 94 EOF 95 -
branches/fc15-dev/server/fedora/config/etc/aliases
r1721 r1878 89 89 90 90 # Person who should get root's mail 91 root: andersk@mit.edu, quentin@mit.edu, geofft+root@mit.edu, mitchb@mit.edu, ezyang@mit.edu, xavid@mit.edu, adehnert-sipb@mit.edu 91 root: andersk@mit.edu, quentin@mit.edu, geofft+root@mit.edu, mitchb@mit.edu, ezyang@mit.edu, xavid@mit.edu, adehnert-sipb@mit.edu, achernya@mit.edu 92 92 93 93 scripts: root … … 100 100 # Put "/dev/null" as the target of their alias 101 101 srimano: /dev/null # has a phpBB generating a lot of backscatter 102 103 # Temporary to clear the queue 104 # Should be deleted if left uncommitted -
branches/fc15-dev/server/fedora/config/etc/httpd/conf/httpd.conf
r1772 r1878 345 345 Include conf.d/vhosts-common-ssl.conf 346 346 SSLCertificateFile /etc/pki/tls/certs/scripts.pem 347 SSLCertificateKeyFile /etc/pki/tls/private/scripts.key 348 SSLCertificateChainFile /etc/pki/tls/certs/scripts.pem 347 349 </VirtualHost> 348 350 <VirtualHost 18.181.0.43:444> … … 352 354 Include conf.d/vhosts-common-ssl-cert.conf 353 355 SSLCertificateFile /etc/pki/tls/certs/scripts.pem 356 SSLCertificateKeyFile /etc/pki/tls/private/scripts.key 357 SSLCertificateChainFile /etc/pki/tls/certs/scripts.pem 354 358 </VirtualHost> 355 359 # LDAP vhost, w00t w00t -
branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/finboard.conf
r1552 r1878 19 19 Include conf.d/vhosts-common-ssl.conf 20 20 SSLCertificateFile /etc/pki/tls/certs/finboard.pem 21 SSLCertificateKeyFile /etc/pki/tls/private/scripts.key 21 22 </VirtualHost> 22 23 <VirtualHost *:444> … … 29 30 Include conf.d/vhosts-common-ssl-cert.conf 30 31 SSLCertificateFile /etc/pki/tls/certs/finboard.pem 32 SSLCertificateKeyFile /etc/pki/tls/private/scripts.key 31 33 </VirtualHost> 32 34 </IfModule> -
branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py
r1768 r1878 25 25 import sys 26 26 27 ll = ldap.initialize("ldapi://%2fvar%2frun%2f dirsrv%2fslapd-scripts.socket/")27 ll = ldap.initialize("ldapi://%2fvar%2frun%2fslapd-scripts.socket/") 28 28 ll.simple_bind_s("", "") 29 29 -
branches/fc15-dev/server/fedora/config/etc/httpd/vhosts.d/tours.conf
r1214 r1878 19 19 Include conf.d/vhosts-common-ssl.conf 20 20 SSLCertificateFile /etc/pki/tls/certs/tours.pem 21 SSLCertificateKeyFile /etc/pki/tls/private/scripts.key 21 22 </VirtualHost> 22 23 <VirtualHost *:444> … … 29 30 Include conf.d/vhosts-common-ssl-cert.conf 30 31 SSLCertificateFile /etc/pki/tls/certs/tours.pem 32 SSLCertificateKeyFile /etc/pki/tls/private/scripts.key 31 33 </VirtualHost> 32 34 </IfModule> -
branches/fc15-dev/server/fedora/config/etc/ldap.conf
r512 r1878 27 27 #uri ldapi://%2fvar%2frun%2fldapi_sock/ 28 28 # Note: %2f encodes the '/' used as directory separator 29 uri ldapi://%2fvar%2frun%2f dirsrv%2fslapd-scripts.socket/29 uri ldapi://%2fvar%2frun%2fslapd-scripts.socket/ 30 30 31 31 # The LDAP version to use (defaults to 3 -
branches/fc15-dev/server/fedora/config/etc/nagios/check_afs
r1043 r1878 8 8 9 9 if [ $STATUS -gt 0 ]; then 10 if $ECHO "$CHECKS" | grep -i STYX>/dev/null; then10 if $ECHO "$CHECKS" | grep -i PHLEGETHON >/dev/null; then 11 11 exit $STATE_CRITICAL; 12 12 else -
branches/fc15-dev/server/fedora/config/etc/nagios/nrpe.cfg
r1270 r1878 221 221 command[check_procs_u]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -u $ARG3$ 222 222 command[check_procs_z]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -z $ARG3$ 223 command[check_postfix_mailq]=/usr/lib64/nagios/plugins/check_mailq -w 300 -c 1000 -M postfix 223 224 command[check_afs]=/etc/nagios/check_afs 224 225 command[check_cron_working]=/etc/nagios/check_cron_working 225 226 command[check_ldap_mmr]=/etc/nagios/check_ldap_mmr 227 command[check_kern_taint]=/etc/nagios/check_kern_taint -
branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/finboard.pem
r1552 r1878 1 From mitcert@MIT.EDU Tue Apr 19 13:48:37 2011 2 Date: Tue, 19 Apr 2011 13:48:34 -0400 3 From: mitcert@MIT.EDU 4 To: geofft@mit.edu 5 Subject: [help.mit.edu #1582629] Certificate renewal request for finboard.mit.edu 6 1 7 Certificate: 2 8 Data: 3 9 Version: 3 (0x2) 4 10 Serial Number: 5 a4:10:09:e5:83:d7:c1:06:a9:b6:f5:bd:5d:dc:92:d811 db:fb:e9:9c:73:3e:ac:a0:fa:8b:82:fb:8f:3a:69:99 6 12 Signature Algorithm: sha1WithRSAEncryption 7 13 Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority 8 14 Validity 9 Not Before: Apr 28 16:00:00 2010 GMT 10 Not After : Apr 28 16:00:00 2011 GMT 11 Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, 12 CN=finboard.mit.edu/emailAddress=scripts@mit.edu 15 Not Before: Apr 18 16:00:00 2011 GMT 16 Not After : Apr 18 16:00:00 2012 GMT 17 Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=finboard.mit.edu/emailAddress=scripts@mit.edu 13 18 Subject Public Key Info: 14 19 Public Key Algorithm: rsaEncryption 15 RSA Public Key: (1024 bit) 16 Modulus (1024 bit): 17 00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37: 18 27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c: 19 0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66: 20 f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5: 21 6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4: 22 bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d: 23 d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67: 24 4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e: 25 7c:4c:b7:db:dc:6a:8a:5d:81 20 RSA Public Key: (4096 bit) 21 Modulus (4096 bit): 22 00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56: 23 f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3: 24 93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17: 25 47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91: 26 d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1: 27 b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24: 28 4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55: 29 4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b: 30 6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc: 31 4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad: 32 4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87: 33 2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06: 34 f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25: 35 66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59: 36 01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2: 37 a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4: 38 74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c: 39 21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d: 40 08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc: 41 c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43: 42 c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7: 43 54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa: 44 ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31: 45 07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b: 46 84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51: 47 50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3: 48 a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e: 49 07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0: 50 f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18: 51 5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc: 52 f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35: 53 f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76: 54 0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb: 55 24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46: 56 ce:8b:6d 26 57 Exponent: 65537 (0x10001) 27 58 X509v3 extensions: … … 30 61 Netscape Cert Type: 31 62 SSL Client, SSL Server, S/MIME 32 X509v3 Extended Key Usage: 63 X509v3 Extended Key Usage: 33 64 TLS Web Server Authentication, E-mail Protection, TLS Web Client Authentication 34 X509v3 Key Usage: 65 X509v3 Key Usage: 35 66 Digital Signature, Non Repudiation, Key Encipherment 36 67 X509v3 Subject Key Identifier: 37 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E868 CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62 38 69 X509v3 CRL Distribution Points: 39 70 URI:http://ca.mit.edu/ca/mitserver.crl 40 71 41 72 Signature Algorithm: sha1WithRSAEncryption 42 4a:7c:d3:b2:84:dd:b8:f9:46:1e:04:28:c3:cc:7b:78:72:ca:43 97:c3:6e:a9:6b:0e:a0:b1:99:47:65:1a:6c:13:5c:13:b2:20:44 10:6e:cd:af:9e:f1:47:ff:4c:f5:b0:ab:0f:e5:2d:dd:bd:40:45 05:43:cc:12:3d:dc:7b:c6:c8:d9:d8:18:dd:59:1a:e3:78:b2:46 93:b4:c2:75:18:7a:23:2d:ee:15:0e:bf:9e:ff:18:c3:d2:9d:47 4f:15:2a:f9:66:1c:04:40:db:cc:57:b8:fa:59:e6:b7:49:b8:48 29:fc:02:a6:0f:a2:c9:dd:ee:00:e0:58:cc:b4:79:60:f5:3e:49 91:fd73 7a:69:0c:91:e2:fb:49:59:50:9f:7f:e5:ad:3f:3e:c7:56:f7: 74 14:0e:f4:b7:7c:9b:da:1c:33:6c:62:f4:c2:b3:82:fc:28:17: 75 f4:87:3e:29:ea:da:c2:1a:15:6f:bd:ab:af:87:81:d8:43:b6: 76 f2:32:f3:f1:7d:37:e3:04:67:23:f5:13:67:a4:80:e7:c4:9f: 77 fa:b1:ff:53:53:24:bd:ce:ff:9a:89:b9:4f:13:04:e1:9c:f5: 78 54:e3:ff:e6:de:09:a8:f8:2e:50:66:b2:c4:67:ac:34:ae:78: 79 f8:b7:4a:3b:48:70:1b:f9:ec:8f:a7:e6:3d:cd:28:8e:28:b5: 80 fd:f7 50 81 -----BEGIN CERTIFICATE----- 51 MII DgDCCAumgAwIBAgIRAKQQCeWD18EGqbb1vV3cktgwDQYJKoZIhvcNAQEFBQAw82 MIIFBDCCBG2gAwIBAgIRANv76ZxzPqyg+ouC+486aZkwDQYJKoZIhvcNAQEFBQAw 52 83 ezELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoT 53 84 JU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsT 54 G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xM DA0MjgxNjAwMDBaFw0x55 M TA0MjgxNjAwMDBaMIHSMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz85 G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTA0MTgxNjAwMDBaFw0x 86 MjA0MTgxNjAwMDBaMIHSMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz 56 87 ZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRz 57 88 IEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYDVQQLEyNzY3JpcHRzLm1pdC5l 58 89 ZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEZMBcGA1UEAxMQZmluYm9hcmQubWl0LmVk 59 dTEeMBwGCSqGSIb3DQEJARYPc2NyaXB0c0BtaXQuZWR1MIGfMA0GCSqGSIb3DQEB 60 AQUAA4GNADCBiQKBgQC1PiFNwYlrAYxHgP6zNyd2+FJB5qI9S3Z45fJmPA+xrfuX 61 jy6itlPTtg7iZvm5C7fOtNX1HB9vIn1I9W3wFs2OSHnRFEoULy/4xL0dh899i1x3 62 rVgksA6hbdYKx9i8L2dlyF3Y2DHCZ0tK9KGlVIKvyzQIKgR/jnxMt9vcaopdgQID 63 AQABo4GrMIGoMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgXgMCcGA1UdJQQg 64 MB4GCCsGAQUFBwMBBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0G 65 A1UdDgQWBBRUEXwJVUQclEWponZGKywkJmpE6DAzBgNVHR8ELDAqMCigJqAkhiJo 66 dHRwOi8vY2EubWl0LmVkdS9jYS9taXRzZXJ2ZXIuY3JsMA0GCSqGSIb3DQEBBQUA 67 A4GBAEp807KE3bj5Rh4EKMPMe3hyypfDbqlrDqCxmUdlGmwTXBOyIBBuza+e8Uf/ 68 TPWwqw/lLd29QAVDzBI93HvGyNnYGN1ZGuN4spO0wnUYeiMt7hUOv57/GMPSnU8V 69 KvlmHARA28xXuPpZ5rdJuCn8AqYPosnd7gDgWMy0eWD1PpH9 90 dTEeMBwGCSqGSIb3DQEJARYPc2NyaXB0c0BtaXQuZWR1MIICIjANBgkqhkiG9w0B 91 AQEFAAOCAg8AMIICCgKCAgEAv6Pye5jMFqdX5pKFNFbx42KDnmpPNZ3wz4mHc+OT 92 97cBVzhu6fxZTSTrpxdHyixRDkXIt2jJDjIm4JHTBlyMfA5smQyyRgUPTfGwx141 93 BmL+KtYPGyy1AiRMwwZx7JTKHaqvfrktwFVLzLxRPXZoW9PtNdADuhts86DY09xr 94 RLBeAVHTAsxK2lIS3jUxaRZaSIsPzq1N5NWLETZ/hxz9hNpDLocvQXCsrd9UwO32 95 IVH6xQbwG+uhsL9NHEI0itVv9yVmc49gxNeNM5H0RjqXCVkB/8NklEBIMGjwbgMm 96 dMKhs9fLlPxuU4oqnv2xT8R0ViVjH6q9lSV4nEVGGwwhceuElNCy8dpS9tF/Yx0I 97 I1JfwvlNrKRE5ZpUcPzJ/NTUtx11lQDjvz5M80PDlscJKilFEtIx1nlMiudUJyLG 98 gK6HI1bxjUmbyPrtM1tfVnbID36FFGnESDEHOaU0gfJrFVAi+7ssrUuE6lVk995W 99 ndC20H0eG1FQN0SU5sQV60Ux8bPsD7OpDPgcR8dRAAXv7rA9n34Hpzjog0w92zS2 100 JAyQV8D50GQUipNHm0H1oxQdnhhd1dhmr/XzyC+8pwKn79zwDsdHjS7WqGJCk1t8 101 9TX4MRB7ONRAJGiBEyfL+3YO0ZkU2NXr92lkj6+PgrskKfnUKR3O5hS6TIsJ/0bO 102 i20CAwEAAaOBqzCBqDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF4DAnBgNV 103 HSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwQGCCsGAQUFBwMCMAsGA1UdDwQEAwIF 104 4DAdBgNVHQ4EFgQUyxG3AV+GVU9FXqsnab7hPIl6VWIwMwYDVR0fBCwwKjAooCag 105 JIYiaHR0cDovL2NhLm1pdC5lZHUvY2EvbWl0c2VydmVyLmNybDANBgkqhkiG9w0B 106 AQUFAAOBgQB6aQyR4vtJWVCff+WtPz7HVvcUDvS3fJvaHDNsYvTCs4L8KBf0hz4p 107 6trCGhVvvauvh4HYQ7byMvPxfTfjBGcj9RNnpIDnxJ/6sf9TUyS9zv+aiblPEwTh 108 nPVU4//m3gmo+C5QZrLEZ6w0rnj4t0o7SHAb+eyPp+Y9zSiOKLX99w== 70 109 -----END CERTIFICATE----- 110 -
branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/scripts.pem
r1170 r1878 1 Certificate: 2 Data: 3 Version: 3 (0x2) 4 Serial Number: 745256 (0xb5f28) 5 Signature Algorithm: sha1WithRSAEncryption 6 Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority 7 Validity 8 Not Before: Jun 4 20:22:36 2009 GMT 9 Not After : Jun 7 02:53:00 2011 GMT 10 Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=scripts.mit.edu 11 Subject Public Key Info: 12 Public Key Algorithm: rsaEncryption 13 RSA Public Key: (1024 bit) 14 Modulus (1024 bit): 15 00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37: 16 27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c: 17 0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66: 18 f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5: 19 6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4: 20 bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d: 21 d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67: 22 4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e: 23 7c:4c:b7:db:dc:6a:8a:5d:81 24 Exponent: 65537 (0x10001) 25 X509v3 extensions: 26 X509v3 Key Usage: critical 27 Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment 28 X509v3 Subject Key Identifier: 29 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8 30 X509v3 CRL Distribution Points: 31 URI:http://crl.geotrust.com/crls/secureca.crl 1 From mitcert@MIT.EDU Wed May 25 15:32:24 2011 2 Date: Wed, 25 May 2011 15:32:22 -0400 3 From: mitcert@MIT.EDU 4 To: geofft@mit.edu 5 Subject: [help.mit.edu #1615888] Equifax certificate renewal for scripts.mit.edu 32 6 33 X509v3 Authority Key Identifier: 34 keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4 7 5 Year ($300) Certificate: 35 8 36 X509v3 Extended Key Usage: 37 TLS Web Server Authentication, TLS Web Client Authentication 38 Signature Algorithm: sha1WithRSAEncryption 39 0e:42:72:ba:24:61:07:eb:69:d6:3e:4a:e9:ec:a3:f8:16:c0: 40 a2:31:2d:f0:93:ec:37:2c:dc:c0:7c:a6:9e:60:52:d4:c6:af: 41 f4:c7:cb:f0:ad:bf:3c:b8:34:a7:1e:35:c3:15:84:f6:79:96: 42 f3:ec:d7:78:62:83:81:b5:bb:5e:77:0a:19:b6:d1:9f:ae:a9: 43 0b:f6:8a:7c:71:1e:a9:8e:e7:3d:e7:a6:38:47:3a:9f:0c:69: 44 37:a1:3f:0e:44:77:47:b9:75:4a:49:08:f3:42:43:58:2c:24: 45 d2:b9:5b:9c:8b:9a:5f:b6:83:cc:bb:ec:26:65:b7:75:50:83: 46 a6:5b 9 Web Server CERTIFICATE 10 ----------------- 11 47 12 -----BEGIN CERTIFICATE----- 48 MIIDKDCCApGgAwIBAgIDC18oMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT 49 MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 50 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNjA0MjAyMjM2WhcNMTEwNjA3MDI1MzAw 51 WjCBsjELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNV 52 BAcTCUNhbWJyaWRnZTEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUg 53 b2YgVGVjaG5vbG9neTEtMCsGA1UECxMkU3R1ZGVudCBJbmZvcm1hdGlvbiBQcm9j 54 ZXNzaW5nIEJvYXJkMRgwFgYDVQQDEw9zY3JpcHRzLm1pdC5lZHUwgZ8wDQYJKoZI 55 hvcNAQEBBQADgY0AMIGJAoGBALU+IU3BiWsBjEeA/rM3J3b4UkHmoj1Ldnjl8mY8 56 D7Gt+5ePLqK2U9O2DuJm+bkLt8601fUcH28ifUj1bfAWzY5IedEUShQvL/jEvR2H 57 z32LXHetWCSwDqFt1grH2LwvZ2XIXdjYMcJnS0r0oaVUgq/LNAgqBH+OfEy329xq 58 il2BAgMBAAGjga4wgaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBRUEXwJVUQc 59 lEWponZGKywkJmpE6DA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3Ry 60 dXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9KylddH 61 2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI 62 hvcNAQEFBQADgYEADkJyuiRhB+tp1j5K6eyj+BbAojEt8JPsNyzcwHymnmBS1Mav 63 9MfL8K2/PLg0px41wxWE9nmW8+zXeGKDgbW7XncKGbbRn66pC/aKfHEeqY7nPeem 64 OEc6nwxpN6E/DkR3R7l1SkkI80JDWCwk0rlbnIuaX7aDzLvsJmW3dVCDpls= 13 MIIFvTCCBKWgAwIBAgIDAKAKMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT 14 MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM 15 IENBMB4XDTExMDUyNDExNDA1MloXDTE2MDYyNDE2MjgwNlowgdwxKTAnBgNVBAUT 16 IHNLTHQ1aW8zNjBqTS1vQWQyRUdMTkswRXJhWHdYRTQ2MQswCQYDVQQGEwJVUzEW 17 MBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYD 18 VQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYD 19 VQQLEyNzY3JpcHRzLm1pdC5lZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEYMBYGA1UE 20 AxMPc2NyaXB0cy5taXQuZWR1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC 21 AgEAv6Pye5jMFqdX5pKFNFbx42KDnmpPNZ3wz4mHc+OT97cBVzhu6fxZTSTrpxdH 22 yixRDkXIt2jJDjIm4JHTBlyMfA5smQyyRgUPTfGwx141BmL+KtYPGyy1AiRMwwZx 23 7JTKHaqvfrktwFVLzLxRPXZoW9PtNdADuhts86DY09xrRLBeAVHTAsxK2lIS3jUx 24 aRZaSIsPzq1N5NWLETZ/hxz9hNpDLocvQXCsrd9UwO32IVH6xQbwG+uhsL9NHEI0 25 itVv9yVmc49gxNeNM5H0RjqXCVkB/8NklEBIMGjwbgMmdMKhs9fLlPxuU4oqnv2x 26 T8R0ViVjH6q9lSV4nEVGGwwhceuElNCy8dpS9tF/Yx0II1JfwvlNrKRE5ZpUcPzJ 27 /NTUtx11lQDjvz5M80PDlscJKilFEtIx1nlMiudUJyLGgK6HI1bxjUmbyPrtM1tf 28 VnbID36FFGnESDEHOaU0gfJrFVAi+7ssrUuE6lVk995WndC20H0eG1FQN0SU5sQV 29 60Ux8bPsD7OpDPgcR8dRAAXv7rA9n34Hpzjog0w92zS2JAyQV8D50GQUipNHm0H1 30 oxQdnhhd1dhmr/XzyC+8pwKn79zwDsdHjS7WqGJCk1t89TX4MRB7ONRAJGiBEyfL 31 +3YO0ZkU2NXr92lkj6+PgrskKfnUKR3O5hS6TIsJ/0bOi20CAwEAAaOCASEwggEd 32 MB8GA1UdIwQYMBaAFEJ5VBthzVUrPmPVPEhX9Z/7Rc5KMA4GA1UdDwEB/wQEAwIF 33 oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGgYDVR0RBBMwEYIPc2Ny 34 aXB0cy5taXQuZWR1MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu 35 Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBTLEbcBX4ZVT0Ve 36 qydpvuE8iXpVYjAMBgNVHRMBAf8EAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEF 37 BQcwAoYnaHR0cDovL2d0c3NsLWFpYS5nZW90cnVzdC5jb20vZ3Rzc2wuY3J0MA0G 38 CSqGSIb3DQEBBQUAA4IBAQAyzdBtuhneBsq8S1I1WA2vQn/qp4lfRoqNzdSCGixW 39 rbk2RK/qMic7mwrOFX1ZYflCzWyuehcTOAKfjetVmyfs+81atmB/liLNGnpF0qSJ 40 JQJbNemjf8KxQyXCFj/OXvUhG/lLh83FA2AGqvFAFiD8mVe/xmzbd7UsI1+EpaFd 41 sKcn7f/3YQ25ADrfdOguuiXIGsWPKcApo09fK69NZZKjD9oQ6QFsj9Hyk8Ymyhf5 42 bBtvqYOUQ5QMlYZ91Uy4CXVhx5mCo3L1ddXWDG/onDdcDI0LORxCgJVIqh+3g4vg 43 QKJR/6V68wkGpGGblkWawj02bfcyMjc73TVIASl+QOi/ 65 44 -----END CERTIFICATE----- 45 46 47 INTERMEDIATE CA: 48 --------------------------------------- 49 50 -----BEGIN CERTIFICATE----- 51 MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT 52 MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i 53 YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG 54 EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0 55 IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat 56 cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu 57 FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR 58 8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh 59 dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50 60 96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN 61 d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5 62 VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4 63 ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov 64 L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE 65 KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI 66 hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji 67 J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES 68 0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk 69 2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V 70 4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE 71 TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ= 72 -----END CERTIFICATE----- -
branches/fc15-dev/server/fedora/config/etc/pki/tls/certs/tours.pem
r1577 r1878 1 From mitcert@MIT.EDU Thu Jun 17 08:13:52 20102 Date: Thu, 17 Jun 2010 08:13:51 -0400 (EDT)1 From mitcert@MIT.EDU Mon Jun 6 11:01:40 2011 2 Date: Mon, 6 Jun 2011 11:01:37 -0400 3 3 From: mitcert@MIT.EDU 4 To: mitchb@mit.edu5 Subject: Certificate signing request for tours.mit.edu [help.mit.edu #1263305]4 To: geofft@mit.edu 5 Subject: [help.mit.edu #1628846] certificate renewal for scripts vhost tours.mit.edu 6 6 7 7 Certificate: … … 9 9 Version: 3 (0x2) 10 10 Serial Number: 11 63:75:30:51:9d:87:bd:ac:0d:9b:0d:27:00:13:b9:b511 cd:7f:98:ad:03:56:53:60:54:b9:67:c1:4b:ca:66:75 12 12 Signature Algorithm: sha1WithRSAEncryption 13 13 Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority 14 14 Validity 15 Not Before: Jun 15 16:00:00 2010GMT16 Not After : Jun 16 16:00:00 2011GMT15 Not Before: Jun 4 16:00:00 2011 GMT 16 Not After : Jun 5 16:00:00 2012 GMT 17 17 Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=scripts.mit.edu web hosting service, CN=tours.mit.edu/emailAddress=scripts@mit.edu 18 18 Subject Public Key Info: 19 19 Public Key Algorithm: rsaEncryption 20 RSA Public Key: (1024 bit) 21 Modulus (1024 bit): 22 00:b5:3e:21:4d:c1:89:6b:01:8c:47:80:fe:b3:37: 23 27:76:f8:52:41:e6:a2:3d:4b:76:78:e5:f2:66:3c: 24 0f:b1:ad:fb:97:8f:2e:a2:b6:53:d3:b6:0e:e2:66: 25 f9:b9:0b:b7:ce:b4:d5:f5:1c:1f:6f:22:7d:48:f5: 26 6d:f0:16:cd:8e:48:79:d1:14:4a:14:2f:2f:f8:c4: 27 bd:1d:87:cf:7d:8b:5c:77:ad:58:24:b0:0e:a1:6d: 28 d6:0a:c7:d8:bc:2f:67:65:c8:5d:d8:d8:31:c2:67: 29 4b:4a:f4:a1:a5:54:82:af:cb:34:08:2a:04:7f:8e: 30 7c:4c:b7:db:dc:6a:8a:5d:81 20 RSA Public Key: (4096 bit) 21 Modulus (4096 bit): 22 00:bf:a3:f2:7b:98:cc:16:a7:57:e6:92:85:34:56: 23 f1:e3:62:83:9e:6a:4f:35:9d:f0:cf:89:87:73:e3: 24 93:f7:b7:01:57:38:6e:e9:fc:59:4d:24:eb:a7:17: 25 47:ca:2c:51:0e:45:c8:b7:68:c9:0e:32:26:e0:91: 26 d3:06:5c:8c:7c:0e:6c:99:0c:b2:46:05:0f:4d:f1: 27 b0:c7:5e:35:06:62:fe:2a:d6:0f:1b:2c:b5:02:24: 28 4c:c3:06:71:ec:94:ca:1d:aa:af:7e:b9:2d:c0:55: 29 4b:cc:bc:51:3d:76:68:5b:d3:ed:35:d0:03:ba:1b: 30 6c:f3:a0:d8:d3:dc:6b:44:b0:5e:01:51:d3:02:cc: 31 4a:da:52:12:de:35:31:69:16:5a:48:8b:0f:ce:ad: 32 4d:e4:d5:8b:11:36:7f:87:1c:fd:84:da:43:2e:87: 33 2f:41:70:ac:ad:df:54:c0:ed:f6:21:51:fa:c5:06: 34 f0:1b:eb:a1:b0:bf:4d:1c:42:34:8a:d5:6f:f7:25: 35 66:73:8f:60:c4:d7:8d:33:91:f4:46:3a:97:09:59: 36 01:ff:c3:64:94:40:48:30:68:f0:6e:03:26:74:c2: 37 a1:b3:d7:cb:94:fc:6e:53:8a:2a:9e:fd:b1:4f:c4: 38 74:56:25:63:1f:aa:bd:95:25:78:9c:45:46:1b:0c: 39 21:71:eb:84:94:d0:b2:f1:da:52:f6:d1:7f:63:1d: 40 08:23:52:5f:c2:f9:4d:ac:a4:44:e5:9a:54:70:fc: 41 c9:fc:d4:d4:b7:1d:75:95:00:e3:bf:3e:4c:f3:43: 42 c3:96:c7:09:2a:29:45:12:d2:31:d6:79:4c:8a:e7: 43 54:27:22:c6:80:ae:87:23:56:f1:8d:49:9b:c8:fa: 44 ed:33:5b:5f:56:76:c8:0f:7e:85:14:69:c4:48:31: 45 07:39:a5:34:81:f2:6b:15:50:22:fb:bb:2c:ad:4b: 46 84:ea:55:64:f7:de:56:9d:d0:b6:d0:7d:1e:1b:51: 47 50:37:44:94:e6:c4:15:eb:45:31:f1:b3:ec:0f:b3: 48 a9:0c:f8:1c:47:c7:51:00:05:ef:ee:b0:3d:9f:7e: 49 07:a7:38:e8:83:4c:3d:db:34:b6:24:0c:90:57:c0: 50 f9:d0:64:14:8a:93:47:9b:41:f5:a3:14:1d:9e:18: 51 5d:d5:d8:66:af:f5:f3:c8:2f:bc:a7:02:a7:ef:dc: 52 f0:0e:c7:47:8d:2e:d6:a8:62:42:93:5b:7c:f5:35: 53 f8:31:10:7b:38:d4:40:24:68:81:13:27:cb:fb:76: 54 0e:d1:99:14:d8:d5:eb:f7:69:64:8f:af:8f:82:bb: 55 24:29:f9:d4:29:1d:ce:e6:14:ba:4c:8b:09:ff:46: 56 ce:8b:6d 31 57 Exponent: 65537 (0x10001) 32 58 X509v3 extensions: … … 40 66 Digital Signature, Non Repudiation, Key Encipherment 41 67 X509v3 Subject Key Identifier: 42 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E868 CB:11:B7:01:5F:86:55:4F:45:5E:AB:27:69:BE:E1:3C:89:7A:55:62 43 69 X509v3 CRL Distribution Points: 44 70 URI:http://ca.mit.edu/ca/mitserver.crl 45 71 46 72 Signature Algorithm: sha1WithRSAEncryption 47 5e:72:af:24:29:41:16:76:f9:61:0d:e1:ad:16:05:00:90:8c:48 c4:42:41:ae:20:3b:cc:9f:e8:e5:de:07:26:35:bd:54:1a:95:49 4f:20:7b:5a:5d:e1:5b:10:ac:6b:c1:24:0d:22:cd:ef:d2:16:50 67:2a:33:b1:4e:8f:da:44:56:35:98:b0:67:67:47:ca:c5:89:51 5 1:26:7e:cd:e9:5c:c2:74:73:d1:ac:ff:20:03:ee:76:17:97:52 6c:d9:e2:74:c1:48:89:a4:b8:53:70:24:23:36:b8:f4:c4:ed:53 76:9d:6a:d2:69:26:07:a7:79:fd:9f:9b:b1:f9:64:00:c2:61:54 48:5e73 22:c7:5e:7a:58:8e:2f:a9:e2:fc:ff:27:3f:2d:91:2e:c6:a1: 74 47:02:af:7b:a5:22:43:cc:c7:2c:08:04:98:c1:56:e8:14:88: 75 89:08:b7:56:d0:7a:61:5b:f7:32:d7:21:58:80:13:e4:68:99: 76 74:43:50:54:e7:64:f1:ce:68:3a:87:22:5c:c7:b9:c4:43:cd: 77 53:5f:09:23:a1:92:c4:3a:ec:a7:1e:60:2a:cd:3e:17:5d:51: 78 cf:14:c2:4a:b8:10:55:a6:66:e7:6b:b1:c7:08:32:ae:e7:9f: 79 a8:31:79:65:c6:61:2e:dc:e1:0d:e6:a0:f6:6e:98:90:5b:66: 80 8a:a5 55 81 -----BEGIN CERTIFICATE----- 56 MIIDfDCCAuWgAwIBAgIQY3UwUZ2HvawNmw0nABO5tTANBgkqhkiG9w0BAQUFADB7 57 MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMl 58 TWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEkMCIGA1UECxMb 59 TUlUIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEwMDYxNTE2MDAwMFoXDTEx 60 MDYxNjE2MDAwMFowgc8xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl 61 dHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg 62 SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxLDAqBgNVBAsTI3NjcmlwdHMubWl0LmVk 63 dSB3ZWIgaG9zdGluZyBzZXJ2aWNlMRYwFAYDVQQDEw10b3Vycy5taXQuZWR1MR4w 64 HAYJKoZIhvcNAQkBFg9zY3JpcHRzQG1pdC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQAD 65 gY0AMIGJAoGBALU+IU3BiWsBjEeA/rM3J3b4UkHmoj1Ldnjl8mY8D7Gt+5ePLqK2 66 U9O2DuJm+bkLt8601fUcH28ifUj1bfAWzY5IedEUShQvL/jEvR2Hz32LXHetWCSw 67 DqFt1grH2LwvZ2XIXdjYMcJnS0r0oaVUgq/LNAgqBH+OfEy329xqil2BAgMBAAGj 68 gaswgagwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBeAwJwYDVR0lBCAwHgYI 69 KwYBBQUHAwEGCCsGAQUFBwMEBggrBgEFBQcDAjALBgNVHQ8EBAMCBeAwHQYDVR0O 70 BBYEFFQRfAlVRByURamidkYrLCQmakToMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6 71 Ly9jYS5taXQuZWR1L2NhL21pdHNlcnZlci5jcmwwDQYJKoZIhvcNAQEFBQADgYEA 72 XnKvJClBFnb5YQ3hrRYFAJCMxEJBriA7zJ/o5d4HJjW9VBqVTyB7Wl3hWxCsa8Ek 73 DSLN79IWZyozsU6P2kRWNZiwZ2dHysWJUSZ+zelcwnRz0az/IAPudheXbNnidMFI 74 iaS4U3AkIza49MTtdp1q0mkmB6d5/Z+bsflkAMJhSF4= 82 MIIFATCCBGqgAwIBAgIRAM1/mK0DVlNgVLlnwUvKZnUwDQYJKoZIhvcNAQEFBQAw 83 ezELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoT 84 JU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsT 85 G01JVCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTA2MDQxNjAwMDBaFw0x 86 MjA2MDUxNjAwMDBaMIHPMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVz 87 ZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRz 88 IEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSwwKgYDVQQLEyNzY3JpcHRzLm1pdC5l 89 ZHUgd2ViIGhvc3Rpbmcgc2VydmljZTEWMBQGA1UEAxMNdG91cnMubWl0LmVkdTEe 90 MBwGCSqGSIb3DQEJARYPc2NyaXB0c0BtaXQuZWR1MIICIjANBgkqhkiG9w0BAQEF 91 AAOCAg8AMIICCgKCAgEAv6Pye5jMFqdX5pKFNFbx42KDnmpPNZ3wz4mHc+OT97cB 92 Vzhu6fxZTSTrpxdHyixRDkXIt2jJDjIm4JHTBlyMfA5smQyyRgUPTfGwx141BmL+ 93 KtYPGyy1AiRMwwZx7JTKHaqvfrktwFVLzLxRPXZoW9PtNdADuhts86DY09xrRLBe 94 AVHTAsxK2lIS3jUxaRZaSIsPzq1N5NWLETZ/hxz9hNpDLocvQXCsrd9UwO32IVH6 95 xQbwG+uhsL9NHEI0itVv9yVmc49gxNeNM5H0RjqXCVkB/8NklEBIMGjwbgMmdMKh 96 s9fLlPxuU4oqnv2xT8R0ViVjH6q9lSV4nEVGGwwhceuElNCy8dpS9tF/Yx0II1Jf 97 wvlNrKRE5ZpUcPzJ/NTUtx11lQDjvz5M80PDlscJKilFEtIx1nlMiudUJyLGgK6H 98 I1bxjUmbyPrtM1tfVnbID36FFGnESDEHOaU0gfJrFVAi+7ssrUuE6lVk995WndC2 99 0H0eG1FQN0SU5sQV60Ux8bPsD7OpDPgcR8dRAAXv7rA9n34Hpzjog0w92zS2JAyQ 100 V8D50GQUipNHm0H1oxQdnhhd1dhmr/XzyC+8pwKn79zwDsdHjS7WqGJCk1t89TX4 101 MRB7ONRAJGiBEyfL+3YO0ZkU2NXr92lkj6+PgrskKfnUKR3O5hS6TIsJ/0bOi20C 102 AwEAAaOBqzCBqDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF4DAnBgNVHSUE 103 IDAeBggrBgEFBQcDAQYIKwYBBQUHAwQGCCsGAQUFBwMCMAsGA1UdDwQEAwIF4DAd 104 BgNVHQ4EFgQUyxG3AV+GVU9FXqsnab7hPIl6VWIwMwYDVR0fBCwwKjAooCagJIYi 105 aHR0cDovL2NhLm1pdC5lZHUvY2EvbWl0c2VydmVyLmNybDANBgkqhkiG9w0BAQUF 106 AAOBgQAix156WI4vqeL8/yc/LZEuxqFHAq97pSJDzMcsCASYwVboFIiJCLdW0Hph 107 W/cy1yFYgBPkaJl0Q1BU52Txzmg6hyJcx7nEQ81TXwkjoZLEOuynHmAqzT4XXVHP 108 FMJKuBBVpmbna7HHCDKu55+oMXllxmEu3OEN5qD2bpiQW2aKpQ== 75 109 -----END CERTIFICATE----- 76 110 -
branches/fc15-dev/server/fedora/config/etc/postfix/virtual-alias-domains-ldap.cf
r1443 r1878 12 12 # version 3 is necessary to use ldapi. 13 13 14 server_host = ldapi://%2fvar%2frun%2f dirsrv%2fslapd-scripts.socket/14 server_host = ldapi://%2fvar%2frun%2fslapd-scripts.socket/ 15 15 search_base = ou=VirtualHosts,dc=scripts,dc=mit,dc=edu 16 16 query_filter = (&(objectClass=scriptsVhost)(|(scriptsVhostName=%s)(scriptsVhostAlias=%s))(!(scriptsVhostName=scripts.mit.edu))) -
branches/fc15-dev/server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf
r1443 r1878 13 13 # necessary to use ldapi. 14 14 15 server_host = ldapi://%2fvar%2frun%2f dirsrv%2fslapd-scripts.socket/15 server_host = ldapi://%2fvar%2frun%2fslapd-scripts.socket/ 16 16 search_base = ou=VirtualHosts,dc=scripts,dc=mit,dc=edu 17 17 query_filter = (&(objectClass=scriptsVhost)(|(scriptsVhostName=%d)(scriptsVhostAlias=%d))(!(scriptsVhostName=scripts.mit.edu))) -
branches/fc15-dev/server/fedora/specs/nss_nonlocal.spec
r1554 r1878 2 2 Group: System Environment/Libraries 3 3 Name: nss_nonlocal 4 Version: 1.114 Version: 2.0 5 5 Release: 1 6 6 URL: http://debathena.mit.edu/nss_nonlocal/ … … 11 11 Source: %{name}.tar.gz 12 12 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 13 Requires(pre): shadow-utils 13 14 14 15 %description … … 47 48 48 49 %pre 49 groupadd -r nss-local-users || : 50 groupadd -r nss-nonlocal-users || : 50 getent passwd nss-nonlocal-users >/dev/null || \ 51 useradd -r -g nobody -d / -s /sbin/nologin \ 52 -c 'Magic user for local group whitelist' nss-nonlocal-users 53 getent group nss-local-users || groupadd -r nss-local-users 54 getent group nss-nonlocal-users || groupadd -r nss-nonlocal-users 55 exit 0 51 56 52 57 %post … … 57 62 58 63 %changelog 64 65 * Tue Mar 29 2011 Anders Kaseorg <andersk@mit.edu> 2.0-1 66 - New upstream version. 59 67 60 68 * Sun May 2 2010 Anders Kaseorg <andersk@mit.edu> 1.11-1
Note: See TracChangeset
for help on using the changeset viewer.