1 mike 1.1 #!/bin/sh
2
3 get_new_pam_config_file() {
4 #
5 # Get configuration for sshd, service modules types auth and account
6 #
7 sshd_conf=`egrep "^[# ]*sshd[ ]+(auth|account)" /etc/pam.conf`
8 if [ $? -ne 0 ]; then
9 # No match found
10 # sshd not explicitly configured.
11 # Use passwd
12 sshd_conf=`echo "omi auth required /usr/lib/security/pam_aix
13 omi account required /usr/lib/security/pam_aix"`
14 fi
15
16 #
17 # Substitute sshd with omi.
18 #
19 omi_conf=`echo "$sshd_conf" | sed "s/sshd/omi/g"`
20 if [ $? -ne 0 ]; then
21 echo "can't parse /etc/pam.conf"
22 mike 1.1 return 1
23 fi
24 }
25
26 configure_pam_file() {
27 #
28 # First check if omi is already configured in pam.conf
29 #
30 grep -s "^[# ]*omi" /etc/pam.conf > /dev/null 2>&1
31 if [ $? -eq 0 ]; then
32 # Match found
33 # Looks like omi is already configured
34 echo "omi already configured"
35 return 0
36 fi
37
38 get_new_pam_config_file
39
40 #
41 # Write the final configuration to pam.conf
42 #
43 mike 1.1 # copy file first and modify this copy, so in case of low disk space we preserve the original file
44 cp /etc/pam.conf /etc/pam.conf.omi-copy && echo "# The configuration of omi is generated by the omi installer.
45 $omi_conf
46 # End of section generated by the omi installer.
47 " >> /etc/pam.conf.omi-copy
48 if [ $? -ne 0 ]; then
49 echo "can't update file /etc/pam.conf.omi-copy"
50 rm -f /etc/pam.conf.omi-copy
51 return 1
52 fi
53 # verify that complete file was written
54 grep "# End of section generated by the omi installer." /etc/pam.conf.omi-copy > /dev/null 2>&1
55 if [ $? -ne 0 ]; then
56 echo "can't update file /etc/pam.conf.omi-copy"
57 rm -f /etc/pam.conf.omi-copy
58 return 1
59 fi
60 # use move to substitute original file with verified copy
61 mv /etc/pam.conf.omi-copy /etc/pam.conf
62 if [ $? -ne 0 ]; then
63 echo "can't replace /etc/pam.conf"
64 mike 1.1 return 1
65 fi
66 }
67
68 get_new_pam_config_dir() {
69 #
70 # Get configuration for sshd, service modules types auth and account
71 #
72 sshd_conf=`egrep "(auth|account)" /etc/pam.d/sshd 2> /dev/null`
73 if [ $? -ne 0 ]; then
74 # No match found
75 # sshd not explicitly configured.
76 # Use passwd
77 sshd_conf=`echo "auth required /usr/lib/security/pam_aix
78 account required /usr/lib/security/pam_aix"`
79 fi
80
81 omi_conf=$sshd_conf
82 }
83
84 configure_pam_dir() {
85 mike 1.1 #
86 # First check if omi is already configured
87 #
88 if [ -f /etc/pam.d/omi ]; then
89 # Match found
90 # Looks like omi is already configured
91 echo "omi already configured"
92 return 0
93 fi
94
95 get_new_pam_config_dir
96 echo "#%PAM-1.0
97 # The configuration of omi is generated by the omi installer.
98 $omi_conf" > /etc/pam.d/omi
99 if [ $? -ne 0 ]; then
100 echo "can't create /etc/pam.d/omi"
101 return 1
102 fi
103 }
104
105 configure_pam() {
106 mike 1.1 #
107 # Check if pam is configured with single
108 # configuration file or with configuration
109 # directory.
110 #
111 if [ -s /etc/pam.conf ]; then
112 configure_pam_file
113 elif [ -d /etc/pam.d ]; then
114 configure_pam_dir
115 else
116 # No pam configuration.
117 echo "PAM does not seem to be configured."
118 echo "Checked both /etc/pam.conf and /etc/pam.d."
119 return 1
120 fi
121 return 0
122 }
123
124 id=`./buildtool username`
125
126 if [ "$id" != "root" ]; then
127 mike 1.1 echo
128 echo "************************************************************"
129 echo "* Warning: PAM configuration not performed (requires root *"
130 echo "* privileges). *"
131 echo "************************************************************"
132 echo
133 exit 0
134 fi
135
136 configure_pam
137 exit 0
|