This file is indexed.

postinst is in libpam-ldap 184-8.7+b1.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#!/bin/sh -e


 
pam-auth-update --package

PACKAGE=libpam-ldap
CONFFILE="/etc/pam_ldap.conf"
PASSWDFILE="/etc/pam_ldap.secret"
OLDPASSWDFILE="/etc/ldap.secret"

add_missing()
{
	# FIXME: it would be nice to get the prototype from a template.
	
	parameter=$1
	value=$2
	echo "$parameter $value" >> $CONFFILE
}

change_value()
{
	parameter=$1
	value=$2
	commented=0 ; notthere=0
	egrep -i -q "^$parameter " $CONFFILE || notthere=1
	if [ "$notthere" = "1" ]; then
		if ( egrep -i -q "^# *$parameter" $CONFFILE ); then
			notthere=0
			commented=1	
		fi
	fi

	if [ "$notthere" = "1" ]; then
		add_missing $parameter $value
	else
		# i really need a better way to do this...
		# currently we replace only the first match, we need a better
		# way of dealing with multiple hits.
		if [ "$commented" = "1" ]; then
			value="$value" parameter="$parameter" perl -i -p -e 's/^# *\Q$ENV{"parameter"}\E .*/$ENV{"parameter"} $ENV{"value"}/i
				and $match=1 unless ($match)' $CONFFILE
		else
			value="$value" parameter="$parameter" perl -i -p -e 's/^\Q$ENV{"parameter"}\E .*/$ENV{"parameter"} $ENV{"value"}/i
				and $match=1 unless ($match)' $CONFFILE
		fi
	fi
}

disable_param()
{
	parameter=$1
	enabled=0
	egrep -q "^$parameter " $CONFFILE && enabled=1
	if [ "$enabled" = "1" ]; then
		perl -i -p -e "s/^($parameter .*)/#\$1/i" $CONFFILE
	fi
}
	


# ok, lets get to business..
. /usr/share/debconf/confmodule

# lets create the configuration from example if it's not there.
examplefile=/usr/share/$PACKAGE/ldap.conf
if [ ! -e $CONFFILE -a -e $examplefile ]; then
	cat > $CONFFILE << EOM
###DEBCONF###
# the configuration of this file will be done by debconf as long as the
# first line of the file says '###DEBCONF###'
#
# you should use dpkg-reconfigure to configure this file
#
EOM
	cat $examplefile >> $CONFFILE
	chmod 0644 $CONFFILE
	db_set libpam-ldap/override true
fi

db_get libpam-ldap/override
if [ "$RET" = "true" ]; then
	if ( head -1 $CONFFILE | grep -q -v '^###DEBCONF###$' ); then
		mv $CONFFILE $CONFFILE.tmp
		cat > $CONFFILE << EOM
###DEBCONF###
EOM
		cat $CONFFILE.tmp >> $CONFFILE
		rm -f $CONFFILE.tmp
		chmod 0644 $CONFFILE
	fi

	db_get shared/ldapns/ldap-server
	if echo $RET | egrep -q '^ldap[is]?://'; then
		disable_param host
		change_value uri "$RET"
	else
		disable_param uri
		change_value host "$RET"
	fi

	db_get shared/ldapns/base-dn
	change_value base "$RET"

	db_get shared/ldapns/ldap_version
	change_value ldap_version "$RET"

	db_get libpam-ldap/pam_password
	change_value pam_password "$RET"

	db_get libpam-ldap/dbrootlogin
	if [ "$RET" = "true" ]; then
		# separate root login to the database
		db_get libpam-ldap/rootbinddn
		change_value rootbinddn "$RET"

		db_get libpam-ldap/rootbindpw
		if [ "$RET" != "" ]; then
			rm -f $PASSWDFILE $OLDPASSWDFILE
			echo $RET > $PASSWDFILE
			chmod 0600 $PASSWDFILE
			db_set libpam-ldap/rootbindpw ''
		else
			# copy the old password file to its new location
			if [ ! -e $PASSWDFILE -a -e $OLDPASSWDFILE ]; then
				cp -a $OLDPASSWDFILE $PASSWDFILE
			fi	
		fi
	else
		# ok, so the user refused to use this feature, better make
		# sure it's really off.
		disable_param rootbinddn
		rm -f $PASSWDFILE /etc/ldap.conf
	fi

	db_get libpam-ldap/dblogin
	if [ "$RET" = "true" ]; then
		# user wants to log in to the database, so be it.
		db_get libpam-ldap/binddn
		change_value binddn "$RET"

		db_get libpam-ldap/bindpw
		if [ "$RET" != "" ]; then
			change_value bindpw "$RET"
			db_set libpam-ldap/bindpw ''
		fi
	else
		# once again, user didn't.. lets make sure we dont.
		disable_param binddn
		disable_param bindpw
	fi
else
	# copy the password file to its new location
	if [ ! -e $PASSWDFILE -a -e $OLDPASSWDFILE ]; then
		cp -a $OLDPASSWDFILE $PASSWDFILE
	fi
fi
db_stop