1 mike 1.1 #!/usr/bin/sh
2
3 get_new_pam_config_file() {
4 #
5 # Get configuration for sshd, service modules types auth and account
6 #
7 sshd_conf=`egrep "^[# ]*sshd[ ]+(auth|account)" /etc/pam.conf`
8 if [ $? -ne 0 ]; then
9 # No match found
10 # sshd not explicitly configured.
11 # Use passwd
12 sshd_conf=`echo "omi auth requisite pam_authtok_get.so.1
13 omi auth required pam_dhkeys.so.1
14 omi auth required pam_unix_cred.so.1
15 omi auth required pam_unix_auth.so.1
16 omi account requisite pam_roles.so.1
17 omi account required pam_unix_account.so.1"`
18 fi
19
20 #
21 # Substitute sshd with omi.
22 mike 1.1 #
23 omi_conf=`echo "$sshd_conf" | sed "s/sshd/omi/g"`
24 if [ $? -ne 0 ]; then
25 echo "can't parse /etc/pam.conf"
26 return 1
27 fi
28 }
29
30 configure_pam_file() {
31 #
32 # First check if omi is already configured in pam.conf
33 #
34 grep -s "^[# ]*omi" /etc/pam.conf > /dev/null 2>&1
35 if [ $? -eq 0 ]; then
36 # Match found
37 # Looks like omi is already configured
38 echo "omi already configured"
39 return 0
40 fi
41
42 get_new_pam_config_file
43 mike 1.1
44 #
45 # Write the final configuration to pam.conf
46 #
47 # copy file first and modify this copy, so in case of low disk space we preserve the original file
48 cp /etc/pam.conf /etc/pam.conf.omi-copy && echo "# The configuration of omi is generated by the omi installer.
49 $omi_conf
50 # End of section generated by the omi installer.
51 " >> /etc/pam.conf.omi-copy
52 if [ $? -ne 0 ]; then
53 echo "can't update file /etc/pam.conf.omi-copy"
54 rm -f /etc/pam.conf.omi-copy
55 return 1
56 fi
57 # verify that complete file was written
58 grep "# End of section generated by the omi installer." /etc/pam.conf.omi-copy > /dev/null 2>&1
59 if [ $? -ne 0 ]; then
60 echo "can't update file /etc/pam.conf.omi-copy"
61 rm -f /etc/pam.conf.omi-copy
62 return 1
63 fi
64 mike 1.1 # use move to substitute original file with verified copy
65 mv /etc/pam.conf.omi-copy /etc/pam.conf
66 if [ $? -ne 0 ]; then
67 echo "can't replace /etc/pam.conf"
68 return 1
69 fi
70 }
71
72 get_new_pam_config_dir() {
73 #
74 # Get configuration for sshd, service modules types auth and account
75 #
76 sshd_conf=`egrep "(auth|account)" /etc/pam.d/sshd 2> /dev/null`
77 if [ $? -ne 0 ]; then
78 # No match found
79 # sshd not explicitly configured.
80 # Use passwd
81 sshd_conf=`echo "auth requisite pam_authtok_get.so.1
82 auth required pam_dhkeys.so.1
83 auth required pam_unix_cred.so.1
84 auth required pam_unix_auth.so.1
85 mike 1.1 account requisite pam_roles.so.1
86 account required pam_unix_account.so.1"`
87 fi
88
89 omi_conf=$sshd_conf
90 }
91
92 configure_pam_dir() {
93 #
94 # First check if omi is already configured
95 #
96 if [ -f /etc/pam.d/omi ]; then
97 # Match found
98 # Looks like omi is already configured
99 echo "omi already configured"
100 return 0
101 fi
102
103 get_new_pam_config_dir
104 echo "#%PAM-1.0
105 # The configuration of omi is generated by the omi installer.
106 mike 1.1 $omi_conf" > /etc/pam.d/omi
107 if [ $? -ne 0 ]; then
108 echo "can't create /etc/pam.d/omi"
109 return 1
110 fi
111 }
112
113 configure_pam() {
114 #
115 # Check if pam is configured with single
116 # configuration file or with configuration
117 # directory.
118 #
119 if [ -s /etc/pam.conf ]; then
120 configure_pam_file
121 elif [ -d /etc/pam.d ]; then
122 configure_pam_dir
123 else
124 # No pam configuration.
125 echo "PAM does not seem to be configured."
126 echo "Checked both /etc/pam.conf and /etc/pam.d."
127 mike 1.1 return 1
128 fi
129 return 0
130 }
131
132 id=`./buildtool username`
133
134 if [ "$id" != "root" ]; then
135 echo
136 echo "************************************************************"
137 echo "* Warning: PAM configuration not performed (requires root *"
138 echo "* privileges). *"
139 echo "************************************************************"
140 echo
141 exit 0
142 fi
143
144 configure_pam
145 exit 0
146
147
|