1 mike 1.1 #!/bin/sh
2
3 get_new_pam_config_file() {
4 #
5 # Get configuration for sshd, service modules types auth and account
6 #
7 sshd_conf=`egrep "^[# ]*sshd[ ]+(auth|account)" /etc/pam.conf`
8 if [ $? -ne 0 ]; then
9 # No match found
10 # sshd not explicitly configured.
11 # Use passwd
12 sshd_conf=`echo "omi auth include common-auth
13 omi auth required pam_nologin.so
14 omi account include common-account"`
15 fi
16
17 #
18 # Substitute sshd with omi.
19 #
20 omi_conf=`echo "$sshd_conf" | sed "s/sshd/omi/g"`
21 if [ $? -ne 0 ]; then
22 mike 1.1 echo "can't parse /etc/pam.conf"
23 return 1
24 fi
25 }
26
27 configure_pam_file() {
28 #
29 # First check if omi is already configured in pam.conf
30 #
31 grep -s "^[# ]*omi" /etc/pam.conf > /dev/null 2>&1
32 if [ $? -eq 0 ]; then
33 # Match found
34 # Looks like omi is already configured
35 echo "omi already configured"
36 return 0
37 fi
38
39 get_new_pam_config_file
40
41 #
42 # Write the final configuration to pam.conf
43 mike 1.1 #
44 # copy file first and modify this copy, so in case of low disk space we preserve the original file
45 cp /etc/pam.conf /etc/pam.conf.omi-copy && echo "# The configuration of omi is generated by the omi installer.
46 $omi_conf
47 # End of section generated by the omi installer.
48 " >> /etc/pam.conf.omi-copy
49 if [ $? -ne 0 ]; then
50 echo "can't update file /etc/pam.conf.omi-copy"
51 rm -f /etc/pam.conf.omi-copy
52 return 1
53 fi
54 # verify that complete file was written
55 grep "# End of section generated by the omi installer." /etc/pam.conf.omi-copy > /dev/null 2>&1
56 if [ $? -ne 0 ]; then
57 echo "can't update file /etc/pam.conf.omi-copy"
58 rm -f /etc/pam.conf.omi-copy
59 return 1
60 fi
61 # use move to substitute original file with verified copy
62 mv /etc/pam.conf.omi-copy /etc/pam.conf
63 if [ $? -ne 0 ]; then
64 mike 1.1 echo "can't replace /etc/pam.conf"
65 return 1
66 fi
67 }
68
69 get_new_pam_config_dir() {
70 #
71 # Get configuration for sshd, service modules types auth and account
72 #
73 sshd_conf=`egrep "(auth|account)" /etc/pam.d/sshd 2> /dev/null`
74 if [ $? -ne 0 ]; then
75 # No match found
76 # sshd not explicitly configured.
77 # Use passwd
78 sshd_conf=`echo "auth include common-auth
79 auth required pam_nologin.so
80 account include common-account"`
81 fi
82
83 omi_conf=$sshd_conf
84 }
85 mike 1.1
86 configure_pam_dir() {
87 #
88 # First check if omi is already configured
89 #
90 if [ -f /etc/pam.d/omi ]; then
91 # Match found
92 # Looks like omi is already configured
93 echo "omi already configured"
94 return 0
95 fi
96
97 get_new_pam_config_dir
98 echo "#%PAM-1.0
99 # The configuration of omi is generated by the omi installer.
100 $omi_conf" > /etc/pam.d/omi
101 if [ $? -ne 0 ]; then
102 echo "can't create /etc/pam.d/omi"
103 return 1
104 fi
105 }
106 mike 1.1
107 configure_pam() {
108 #
109 # Check if pam is configured with single
110 # configuration file or with configuration
111 # directory.
112 #
113 if [ -s /etc/pam.conf ]; then
114 configure_pam_file
115 elif [ -d /etc/pam.d ]; then
116 configure_pam_dir
117 else
118 # No pam configuration.
119 echo "PAM does not seem to be configured."
120 echo "Checked both /etc/pam.conf and /etc/pam.d."
121 return 1
122 fi
123 return 0
124 }
125
|