1 mike 1.1 #!/usr/bin/sh
2
3 get_new_pam_config_file() {
4 #
5 # Get configuration for sshd, service modules types auth and account
6 #
7 sshd_conf=`egrep "^[# ]*sshd[ ]+(auth|account)" /etc/pam.conf`
8 if [ $? -ne 0 ]; then
9 # No match found
10 # sshd not explicitly configured.
11 # Use passwd
12 sshd_conf=`echo "omi auth required libpam_hpsec.so.1
13 omi auth required libpam_unix.so.1
14 omi account required libpam_hpsec.so.1
15 omi account required libpam_unix.so.1"`
16 fi
17
18 #
19 # Substitute sshd with omi.
20 #
21 omi_conf=`echo "$sshd_conf" | sed "s/sshd/omi/g"`
22 mike 1.1 if [ $? -ne 0 ]; then
23 echo "can't parse /etc/pam.conf"
24 return 1
25 fi
26 }
27
28 configure_pam_file() {
29 #
30 # First check if omi is already configured in pam.conf
31 #
32 grep -s "^[# ]*omi" /etc/pam.conf > /dev/null 2>&1
33 if [ $? -eq 0 ]; then
34 # Match found
35 # Looks like omi is already configured
36 echo "omi already configured"
37 return 0
38 fi
39
40 get_new_pam_config_file
41
42 #
43 mike 1.1 # Write the final configuration to pam.conf
44 #
45 # copy file first and modify this copy, so in case of low disk space we preserve the original file
46 cp /etc/pam.conf /etc/pam.conf.omi-copy && echo "# The configuration of omi is generated by the omi installer.
47 $omi_conf
48 # End of section generated by the omi installer.
49 " >> /etc/pam.conf.omi-copy
50 if [ $? -ne 0 ]; then
51 echo "can't update file /etc/pam.conf.omi-copy"
52 rm -f /etc/pam.conf.omi-copy
53 return 1
54 fi
55 # verify that complete file was written
56 grep "# End of section generated by the omi installer." /etc/pam.conf.omi-copy > /dev/null 2>&1
57 if [ $? -ne 0 ]; then
58 echo "can't update file /etc/pam.conf.omi-copy"
59 rm -f /etc/pam.conf.omi-copy
60 return 1
61 fi
62 # use move to substitute original file with verified copy
63 mv /etc/pam.conf.omi-copy /etc/pam.conf
64 mike 1.1 if [ $? -ne 0 ]; then
65 echo "can't replace /etc/pam.conf"
66 return 1
67 fi
68 }
69
70 get_new_pam_config_dir() {
71 #
72 # Get configuration for sshd, service modules types auth and account
73 #
74 sshd_conf=`egrep "(auth|account)" /etc/pam.d/sshd 2> /dev/null`
75 if [ $? -ne 0 ]; then
76 # No match found
77 # sshd not explicitly configured.
78 # Use passwd
79 sshd_conf=`echo "auth required libpam_hpsec.so.1
80 auth required libpam_unix.so.1
81 account required libpam_hpsec.so.1
82 account required libpam_unix.so.1"`
83 fi
84
85 mike 1.1 omi_conf=$sshd_conf
86 }
87
88 configure_pam_dir() {
89 #
90 # First check if omi is already configured
91 #
92 if [ -f /etc/pam.d/omi ]; then
93 # Match found
94 # Looks like omi is already configured
95 echo "omi already configured"
96 return 0
97 fi
98
99 get_new_pam_config_dir
100 echo "#%PAM-1.0
101 # The configuration of omi is generated by the omi installer.
102 $omi_conf" > /etc/pam.d/omi
103 if [ $? -ne 0 ]; then
104 echo "can't create /etc/pam.d/omi"
105 return 1
106 mike 1.1 fi
107 }
108
109 configure_pam() {
110 #
111 # Check if pam is configured with single
112 # configuration file or with configuration
113 # directory.
114 #
115 if [ -s /etc/pam.conf ]; then
116 configure_pam_file
117 elif [ -d /etc/pam.d ]; then
118 configure_pam_dir
119 else
120 # No pam configuration.
121 echo "PAM does not seem to be configured."
122 echo "Checked both /etc/pam.conf and /etc/pam.d."
123 return 1
124 fi
125 return 0
126 }
127 mike 1.1
|