From db442f67120958ce5c01cbb089665c4af6d8fffb Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 19 Apr 2014 21:47:21 +0100
Subject: [PATCH] add init script and config to the debian package, renamed to
ai-auth-server
---
authserv/server.py | 4 +-
debian/ai-auth-server.conf | 34 +++++
debian/ai-auth-server.default | 5 +
debian/ai-auth-server.init | 142 ++++++++++++++++++
...uthserv.install => ai-auth-server.install} | 1 +
debian/ai-auth-server.postinst | 24 +++
debian/control | 2 +-
debian/rules | 3 +
8 files changed, 213 insertions(+), 2 deletions(-)
create mode 100644 debian/ai-auth-server.conf
create mode 100644 debian/ai-auth-server.default
create mode 100644 debian/ai-auth-server.init
rename debian/{python-authserv.install => ai-auth-server.install} (57%)
create mode 100644 debian/ai-auth-server.postinst
diff --git a/authserv/server.py b/authserv/server.py
index 6a4bfe5..f5eb74d 100644
--- a/authserv/server.py
+++ b/authserv/server.py
@@ -78,6 +78,8 @@ def main():
help='Configuration file')
parser.add_option('--port', type='int', default=1616,
help='TCP port to listen on (default: %default)')
+ parser.add_option('--addr', dest='addr', default='0.0.0.0',
+ help='Address to listen on (default: %default)')
parser.add_option('--ca', dest='ssl_ca',
default='/etc/ai/internal_ca.pem',
help='SSL CA certificate file (default: %default)')
@@ -120,7 +122,7 @@ def main():
ssl_ctx = ssl.create_server_context(opts.ssl_cert, opts.ssl_key,
opts.ssl_ca, opts.dh_params)
- app.run(host='0.0.0.0', port=opts.port, use_reloader=False,
+ app.run(host=opts.addr, port=opts.port, use_reloader=False,
ssl_context=ssl_ctx)
diff --git a/debian/ai-auth-server.conf b/debian/ai-auth-server.conf
new file mode 100644
index 0000000..9603a07
--- /dev/null
+++ b/debian/ai-auth-server.conf
@@ -0,0 +1,34 @@
+#
+
+MEMCACHE_ADDR = ['127.0.0.1:11211']
+
+# Lock all low-level authentications (email and dav services) to
+# accounts assigned to the local machine.
+import socket
+host = socket.gethostname().split('.')[0]
+
+LDAP_SERVICE_MAP = {
+
+ # Mail accounts (dovecot, nginx-mail-mapper).
+ 'mail': {
+ 'base': 'ou=People, dc=investici, dc=org, o=Anarchy',
+ 'filter': '(&(objectClass=virtualMailUser)(status=active)(mail=%s))',
+ },
+
+ # DAV access (webdav fcgi handler).
+ 'dav': {
+ 'base': 'ou=People, dc=investici, dc=org, o=Anarchy',
+ 'filter': '(&(objectClass=ftpAccount)(status=active)(host=%s)(ftpname=%%s))' % host,
+ },
+
+ # Main account (pannello).
+ 'account': {
+ 'dn': 'uid=%s, ou=People, dc=investici, dc=org, o=Anarchy',
+ },
+
+}
+
+LDAP_BIND_DN = 'cn=manager, o=Anarchy'
+
+with open('/etc/ldap.secret') as fd:
+ LDAP_BIND_PW = fd.read().strip()
diff --git a/debian/ai-auth-server.default b/debian/ai-auth-server.default
new file mode 100644
index 0000000..65a3f14
--- /dev/null
+++ b/debian/ai-auth-server.default
@@ -0,0 +1,5 @@
+
+#PORT=1616
+#ADDR=127.0.0.1
+#CONFIG=/etc/ai-auth-server.conf
+
diff --git a/debian/ai-auth-server.init b/debian/ai-auth-server.init
new file mode 100644
index 0000000..4f28f6a
--- /dev/null
+++ b/debian/ai-auth-server.init
@@ -0,0 +1,142 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: ai-auth-server
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: A/I authentication server.
+### END INIT INFO
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Local audit log server"
+NAME=ai-auth-server
+DAEMON=/usr/bin/$NAME
+DAEMON_ARGS=""
+AUDIT_SERVER=""
+USER=auth
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Default options.
+PORT=1616
+BIND_ADDR=127.0.0.1
+CONFIG=/etc/ai-auth-server.conf
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+DAEMON_ARGS="--config=$CONFIG --port=$PORT --addr=$BIND_ADDR $DAEMON_ARGS"
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ pre_start
+
+ start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE -
+-chuid $USER:$GROUP --umask 007 --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE -
+-chuid $USER:$GROUP --umask 007 --exec $DAEMON -- \
+ --syslog $DAEMON_ARGS \
+ || return 2
+ # Add code here, if necessary, that waits for the process to be ready
+ # to handle requests from services started subsequently which depend
+ # on this one. As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --user $USER --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ #start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ #[ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/debian/python-authserv.install b/debian/ai-auth-server.install
similarity index 57%
rename from debian/python-authserv.install
rename to debian/ai-auth-server.install
index e1240fe..46f8d1f 100644
--- a/debian/python-authserv.install
+++ b/debian/ai-auth-server.install
@@ -1,2 +1,3 @@
+debian/tmp/etc/ai-auth-server.conf
debian/tmp/usr/bin
debian/tmp/usr/lib/python2.7
diff --git a/debian/ai-auth-server.postinst b/debian/ai-auth-server.postinst
new file mode 100644
index 0000000..3861eb4
--- /dev/null
+++ b/debian/ai-auth-server.postinst
@@ -0,0 +1,24 @@
+#!/bin/sh
+# postinstall script for ai-auth-server.
+
+case "$1" in
+configure)
+
+ adduser --quiet --system --home /var/spool/audit --no-create-home \
+ --disabled-password --ingroup internal-credentials ai-auth-server
+
+ ;;
+abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+*)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/control b/debian/control
index 65a836d..f38a7a2 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}
Description: PAM module for authserv.
PAM module for authserv.
-Package: python-authserv
+Package: ai-auth-server
Architecture: all
Depends: ${python:Depends}, ${misc:Depends}
Description: Auth server package.
diff --git a/debian/rules b/debian/rules
index 08124da..1855e17 100755
--- a/debian/rules
+++ b/debian/rules
@@ -28,6 +28,9 @@ override_dh_auto_build:
dh_auto_build
override_dh_install:
+ install -d $(CURDIR)/debian/tmp/etc
+ install -o root -g root -m 644 $(CURDIR)/debian/ai-auth-server.conf \
+ $(CURDIR)/debian/tmp/etc/ai-auth-server.conf
(cd pam && make install DESTDIR=$(CURDIR)/debian/tmp)
rm -f $(PAM_INST_DIR)/pam_authclient.so{,.0}
mv $(PAM_INST_DIR)/pam_authclient.so.0.0.0 \
--
GitLab