This file is indexed.

postinst is in nslcd 0.9.6-3.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
#!/bin/sh

set -e

CONFFILE="/etc/nslcd.conf"

# set an option in the configuration file to the specified value
cfg_set()
{
  parameter="$1"
  value="$2"
  # check if the parameter is defined
  line=`sed -n '/^'"$parameter"'[[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)[[:space:]]/d;/^'"$parameter"'[[:space:]]/p' "$CONFFILE" | head -n 1`
  if [ -z "$line" ]
  then
    # check if the parameter is commented out
    line=`sed -n '/^#'"$parameter"'[[:space:]]*[aeghnprs][acedgihklopsrutwv]*[[:space:]]/d;/^#'"$parameter"'[[:space:]]/p' "$CONFFILE" | head -n 1`
  fi
  # decide what to do
  if [ -z "$line" ]
  then
    # just append a new line
    echo "$parameter $value" >> $CONFFILE
  else
    # escape line to replace
    replace=`echo "$line" | sed 's#\\\#\\\\\\\#g;s#\([.*+?^$|]\)#\\\\\1#g'`
    # escape value (parameter doesn't have any special stuff)
    value=`echo "$value" | sed 's#\\\#\\\\\\\#g;s#|#\\\|#g;s#&#\\\&#g'`
    # replace the first occurrence of the line
    sed -i '1,\|^'"$replace"'$| s|^'"$replace"'$|'"$parameter"' '"$value"'|i' "$CONFFILE"
  fi
  # we're done
  return 0
}

# disable options in the configuration file by commenting them out
cfg_disable()
{
  for parameter in $@
  do
    # handle bindpw option specially by removing value from config first
    if [ "$parameter" = "bindpw" ] && grep -i -q "^bindpw " $CONFFILE
    then
      cfg_set bindpw "*removed*"
    fi
    # make matching of spaces better in parameter
    param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'`
    # lines to not match
    nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
    # comment out the option
    sed -i '/'"$nomatch_re"'/!s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE"
    # we're done
  done
  return 0
}

# set the list of uris
cfg_uris()
{
  uris="$1"
  # escape all uri directives
  sed -i 's/^uri /_uri_ /i' $CONFFILE
  # set the uri options
  echo "$uris" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//;s/[[:space:]][[:space:]]*/\n/g' | while read uri
  do
    if grep -qi '^_uri_ ' $CONFFILE
    then
      # escape uri for use in regexp replacement
      uri=`echo "$uri" | sed 's#\\\#\\\\\\\#g;s#|#\\\|#g;s#&#\\\&#g'`
      # replace the first occurrence of _uri_
      sed -i '1,/^_uri_ / s|^_uri_ .*$|uri '"$uri"'|i' "$CONFFILE"
    else
      # append new uri
      echo "uri $uri" >> $CONFFILE
    fi
  done
  # comment out the remaining escaped uris
  sed -i 's/^_uri_ /#uri /' $CONFFILE
}

# create a default configuration file if nothing exists yet
create_config()
{
  if [ ! -e "$CONFFILE" ]
  then
    # create a simple configuration file from this template
    cat > "$CONFFILE" << EOM
# $CONFFILE
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://localhost/

# The search base that will be used for all queries.
base dc=example,dc=net

# The LDAP protocol version to use.
#ldap_version 3

# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

# The search scope.
#scope sub

EOM
    # fix permissions
    chmod 640 "$CONFFILE"
    chown root:nslcd "$CONFFILE"
  fi
  # we're done
  return 0
}

# update a configuration parameter, based on the debconf key
update_config()
{
  debconf_param="$1"
  cfg_param="$2"
  # update configuration option based on debconf value
  db_get "$debconf_param"
  if [ -n "$RET" ]
  then
    cfg_set "$cfg_param" "$RET"
  else
    cfg_disable "$cfg_param"
  fi
}

# check which of the provided to-check services are actually installed
# Note: this function is taken from libpam0g postinst
installed_services() {
  check="$@"

  # Only get the ones that are installed, and configured
  check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}')

  # some init scripts don't match the package names
  check=$(echo $check | \
      sed -e's/\bapache2-common\b/apache2/g' \
          -e's/\bat\b/atd/g' \
          -e's/\bdovecot-common\b/dovecot/g' \
          -e's/\bdante-server\b/danted/g' \
          -e's/\bexim4-base\b/exim4/g' \
          -e's/\bheartbeat-2\b/heartbeat/g' \
          -e's/\bhylafax-server\b/hylafax/g' \
          -e's/\bpartimage-server\b/partimaged/g' \
          -e's/\bpostgresql-common\b/postgresql/g' \
          -e's/\bsasl2-bin\b/saslauthd/g' \
  )

  for service in $check; do
    idl="/etc/init.d/${service}"
    if [ -n "$idl" ] && [ -x $idl ]; then
      services="$service $services"
    else
      echo "WARNING: init script for $service not found." >&2
    fi
  done
  echo "$services"
}

# real functions begin here
if [ "$1" = "configure" ]
then
  # get configuration data from debconf
  . /usr/share/debconf/confmodule
  # check if the nslcd user exists
  if getent passwd nslcd >/dev/null
  then
    :
  else
    # create nslcd user and group
    adduser --system --group --home /var/run/nslcd/ \
            --gecos "nslcd name service LDAP connection daemon" \
            --no-create-home \
            nslcd
    # add uid/gid options to the config file if it exists
    # (this is when we're upgrading)
    if [ -f "$CONFFILE" ]
    then
      echo "Adding uid and gid options to $CONFFILE..." >&2
      echo "# automatically added on upgrade of nslcd package" >> "$CONFFILE"
      cfg_set uid nslcd
      cfg_set gid nslcd
    fi
  fi
  # create a default configuration
  create_config
  # rename tls_checkpeer to tls_reqcert
  if grep -qi '^tls_checkpeer[[:space:]]' $CONFFILE
  then
    echo "Renaming tls_checkpeer to tls_reqcert in $CONFFILE..." >&2
    sed -i 's/^tls_checkpeer[[:space:]]/tls_reqcert /' "$CONFFILE"
  fi
  # rename reconnect_maxsleeptime to reconnect_retrytime
  if grep -qi '^reconnect_maxsleeptime[[:space:]]' $CONFFILE
  then
    echo "Renaming reconnect_maxsleeptime to reconnect_retrytime in $CONFFILE..." >&2
    sed -i 's/^reconnect_maxsleeptime[[:space:]]/reconnect_retrytime /' "$CONFFILE"
  fi
  # rename tls_cacert to tls_cacertfile
  if grep -qi '^tls_cacert[[:space:]]' $CONFFILE
  then
    echo "Renaming tls_cacert to tls_cacertfile in $CONFFILE..." >&2
    sed -i 's/^tls_cacert[[:space:]]/tls_cacertfile /' "$CONFFILE"
  fi
  # comment out mapping of uniqueMember to member which is now used by default
  if grep -qi '^map[[:space:]]*group[[:space:]]*uniqueMember[[:space:]]*member[[:space:]]*$' $CONFFILE
  then
    echo "Commenting out uniqueMember mapping due to rename in $CONFFILE..." >&2
    sed -i '/^map[[:space:]]*group[[:space:]]*uniqueMember[[:space:]]*member[[:space:]]*$/i \
#off# automatically commented out next line because this is now the default
s/^map[[:space:]]*group[[:space:]]*uniqueMember[[:space:]]*member[[:space:]]*$/#off# &/' "$CONFFILE"
  fi
  # set server uri
  db_get nslcd/ldap-uris
  cfg_uris "$RET"
  # update some options
  update_config nslcd/ldap-base base
  db_get nslcd/ldap-auth-type
  authtype="$RET"
  case "$authtype" in
  simple)
    update_config nslcd/ldap-binddn binddn
    update_config nslcd/ldap-bindpw bindpw
    cfg_disable sasl_mech sasl_realm sasl_authcid sasl_authzid sasl_secprops krb5_ccname
    ;;
  SASL)
    update_config nslcd/ldap-sasl-mech sasl_mech
    update_config nslcd/ldap-sasl-realm sasl_realm
    # RFC4313 if SASL, binddn should be disabled
    cfg_disable binddn
    db_get nslcd/ldap-sasl-mech
    saslmech="$RET"
    case "$saslmech" in
    GSSAPI)
      update_config nslcd/ldap-sasl-krb5-ccname krb5_ccname
      cfg_disable sasl_authcid
      ;;
    *)
      update_config nslcd/ldap-sasl-authcid sasl_authcid
      update_config nslcd/ldap-bindpw bindpw
      cfg_disable krb5_ccname
      ;;
    esac
    update_config nslcd/ldap-sasl-authzid sasl_authzid
    update_config nslcd/ldap-sasl-secprops sasl_secprops
    ;;
  none)
    cfg_disable binddn bindpw
    cfg_disable sasl_mech sasl_realm sasl_authcid sasl_authzid sasl_secprops krb5_ccname
  esac
  update_config nslcd/ldap-reqcert tls_reqcert
  update_config nslcd/ldap-cacertfile tls_cacertfile
  # remove password from database
  db_set nslcd/ldap-bindpw ""
  # set ssl option
  db_get nslcd/ldap-starttls
  if [ "$RET" = "true" ]
  then
    cfg_set ssl "start_tls"
  elif grep -qi '^ssl[[:space:]]*start_*tls' $CONFFILE
  then
    cfg_disable ssl
  fi

  # when upgrading from an pre-0.9 version of the package check to restart
  # applications that otherwise may no longer be able to lookup or
  # authenticate users (when nslcd is being configured, both modules should
  # already be unpacked and will be loaded by restarted services)
  if dpkg --compare-versions "$2" lt-nl "0.9"
  then
    # code heavily based on eglibc and pam postinst

    echo "Checking for services that may need to be restarted..."
    check="apache2-common at bayonne cherokee courier-authdaemon"
    check="$check cron cups"
    check="$check dante-server diald dovecot-common exim exim4-base"
    check="$check fcron fireflier-server freeradius gdm heartbeat"
    check="$check heartbeat-2 hylafax-server iiimf-server inn2"
    check="$check kannel linesrv linesrv-mysql lsh-server"
    check="$check muddleftpd netatalk nuauth partimage-server"
    check="$check perdition pgpool popa3d"
    check="$check postgresql-common proftpd pure-ftpd"
    check="$check pure-ftpd-ldap pure-ftpd-mysql"
    check="$check pure-ftpd-postgresql racoon samba sasl2-bin"
    check="$check sfs-server solid-pop3d squid squid3 tac-plus"
    check="$check vsftpd wu-ftpd wzdftpd xrdp yardradius yaws"
    # only restart wdm and xdm if no-one is logged in in X
    if ! who | awk '{print $2}' | grep -q ':[0-9]'
    then
      check="$check wdm xdm"
    fi
    services=$(installed_services "$check")

    if [ -n "$services" ]
    then
      db_input critical libraries/restart-without-asking || true
      db_go || true
      db_get libraries/restart-without-asking
      if [ "$RET" != true ]
      then
        db_reset nslcd/restart-services
        db_set nslcd/restart-services "$services"
        db_input critical nslcd/restart-services || true
        db_go || true
        db_get nslcd/restart-services

        if [ "x$RET" != "x" ]
        then
          services=$RET
        else
          services=""
        fi
      fi
      echo
      if [ "$services" != "" ]; then
        echo "Restarting services possibly affected by the upgrade:"
        failed=""
        rl=$(runlevel | sed 's/.*\ //')
        for service in $services; do
          idl="invoke-rc.d ${service}"

          case "$service" in
            gdm)
              echo -n "  $service: reloading..."
              if $idl reload > /dev/null 2>&1; then
                echo "done."
              else
                echo "FAILED! ($?)"
                failed="$service $failed"
              fi
              continue
            ;;
          esac
          echo -n "  $service: stopping..."
          $idl stop > /dev/null 2>&1 || true
          sleep 1
          echo -n "starting..."
          if $idl start > /dev/null 2>&1; then
            echo "done."
          else
            echo "FAILED! ($?)"
            failed="$service $failed"
          fi
        done
        echo
        if [ -n "$failed" ]; then
          db_subst nslcd/restart-failed services "$failed"
          db_input critical nslcd/restart-failed || true
          db_go || true
        else
          echo "Services restarted successfully."
        fi
        echo
      fi
    else
      echo "Nothing to restart."
    fi

    if who | awk '{print $2}' | grep -q ':[0-9]'
    then
      dms=""
      for service in wdm xdm; do
        case "$services" in
          *$service*)   ;;
          *)    dms="$dms $service"
        esac
      done
      services=$(installed_services "$dms")
      if [ -n "$services" ]; then
        db_input critical nslcd/xdm-needs-restart || true
        db_go || true
      fi
    fi
  fi

  # we're done
  db_stop
fi

# Automatically added by dh_installinit
if [ -x "/etc/init.d/nslcd" ]; then
	update-rc.d nslcd defaults >/dev/null   
fi
if [ -x "/etc/init.d/nslcd" ] || [ -e "/etc/init/nslcd.conf" ]; then
	if [ -n "$2" ]; then
		_dh_action=restart
	else
		_dh_action=start
	fi
	invoke-rc.d nslcd $_dh_action || exit $?
fi
# End automatically added section


exit 0