1 mike 1.1 #!/usr/bin/sh
2
3 get_new_pam_config_file() {
4 #
5 # Get configuration for sshd, service modules types auth and account
6 #
7 sshd_conf=`egrep "^[# ]*sshd[ ]+(auth|account)" /etc/pam.conf`
8 if [ $? -ne 0 ]; then
9 # No match found
10 # sshd not explicitly configured.
11 # Use passwd
12 sshd_conf=`echo "omi auth requisite pam_authtok_get.so.1
13 omi auth required pam_dhkeys.so.1
14 omi auth required pam_unix_auth.so.1
15 omi account requisite pam_roles.so.1
16 omi account required pam_unix_account.so.1"`
17 fi
18
19 #
20 # Substitute sshd with omi.
21 #
22 mike 1.1 omi_conf=`echo "$sshd_conf" | sed "s/sshd/omi/g"`
23 if [ $? -ne 0 ]; then
24 echo "can't parse /etc/pam.conf"
25 return 1
26 fi
27 }
28
29 configure_pam_file() {
30 #
31 # First check if omi is already configured in pam.conf
32 #
33 grep -s "^[# ]*omi" /etc/pam.conf > /dev/null 2>&1
34 if [ $? -eq 0 ]; then
35 # Match found
36 # Looks like omi is already configured
37 echo "omi already configured"
38 return 0
39 fi
40
41 get_new_pam_config_file
42
43 mike 1.1 #
44 # Write the final configuration to pam.conf
45 #
46 # copy file first and modify this copy, so in case of low disk space we preserve the original file
47 cp /etc/pam.conf /etc/pam.conf.omi-copy && echo "# The configuration of omi is generated by the omi installer.
48 $omi_conf
49 # End of section generated by the omi installer.
50 " >> /etc/pam.conf.omi-copy
51 if [ $? -ne 0 ]; then
52 echo "can't update file /etc/pam.conf.omi-copy"
53 rm -f /etc/pam.conf.omi-copy
54 return 1
55 fi
56 # verify that complete file was written
57 grep "# End of section generated by the omi installer." /etc/pam.conf.omi-copy > /dev/null 2>&1
58 if [ $? -ne 0 ]; then
59 echo "can't update file /etc/pam.conf.omi-copy"
60 rm -f /etc/pam.conf.omi-copy
61 return 1
62 fi
63 # use move to substitute original file with verified copy
64 mike 1.1 mv /etc/pam.conf.omi-copy /etc/pam.conf
65 if [ $? -ne 0 ]; then
66 echo "can't replace /etc/pam.conf"
67 return 1
68 fi
69 }
70
71 get_new_pam_config_dir() {
72 #
73 # Get configuration for sshd, service modules types auth and account
74 #
75 sshd_conf=`egrep "(auth|account)" /etc/pam.d/sshd 2> /dev/null`
76 if [ $? -ne 0 ]; then
77 # No match found
78 # sshd not explicitly configured.
79 # Use passwd
80 sshd_conf=`echo "auth requisite pam_authtok_get.so.1
81 auth required pam_dhkeys.so.1
82 auth required pam_unix_auth.so.1
83 account requisite pam_roles.so.1
84 account required pam_unix_account.so.1"`
85 mike 1.1 fi
86
87 omi_conf=$sshd_conf
88 }
89
90 configure_pam_dir() {
91 #
92 # First check if omi is already configured
93 #
94 if [ -f /etc/pam.d/omi ]; then
95 # Match found
96 # Looks like omi is already configured
97 echo "omi already configured"
98 return 0
99 fi
100
101 get_new_pam_config_dir
102 echo "#%PAM-1.0
103 # The configuration of omi is generated by the omi installer.
104 $omi_conf" > /etc/pam.d/omi
105 if [ $? -ne 0 ]; then
106 mike 1.1 echo "can't create /etc/pam.d/omi"
107 return 1
108 fi
109 }
110
111 configure_pam() {
112 #
113 # Check if pam is configured with single
114 # configuration file or with configuration
115 # directory.
116 #
117 if [ -s /etc/pam.conf ]; then
118 configure_pam_file
119 elif [ -d /etc/pam.d ]; then
120 configure_pam_dir
121 else
122 # No pam configuration.
123 echo "PAM does not seem to be configured."
124 echo "Checked both /etc/pam.conf and /etc/pam.d."
125 return 1
126 fi
127 mike 1.1 return 0
128 }
129
|