#!/usr/bin/sh
get_new_pam_config_file() {
#
# Get configuration for sshd, service modules types auth and account
#
sshd_conf=`egrep "^[# ]*sshd[ ]+(auth|account)" /etc/pam.conf`
if [ $? -ne 0 ]; then
# No match found
# sshd not explicitly configured.
# Use passwd
sshd_conf=`echo "omi auth requisite pam_authtok_get.so.1
omi auth required pam_dhkeys.so.1
omi auth required pam_unix_auth.so.1
omi account requisite pam_roles.so.1
omi account required pam_unix_account.so.1"`
fi
#
# Substitute sshd with omi.
#
omi_conf=`echo "$sshd_conf" | sed "s/sshd/omi/g"`
if [ $? -ne 0 ]; then
echo "can't parse /etc/pam.conf"
return 1
fi
}
configure_pam_file() {
#
# First check if omi is already configured in pam.conf
#
grep -s "^[# ]*omi" /etc/pam.conf > /dev/null 2>&1
if [ $? -eq 0 ]; then
# Match found
# Looks like omi is already configured
echo "omi already configured"
return 0
fi
get_new_pam_config_file
#
# Write the final configuration to pam.conf
#
# copy file first and modify this copy, so in case of low disk space we preserve the original file
cp /etc/pam.conf /etc/pam.conf.omi-copy && echo "# The configuration of omi is generated by the omi installer.
$omi_conf
# End of section generated by the omi installer.
" >> /etc/pam.conf.omi-copy
if [ $? -ne 0 ]; then
echo "can't update file /etc/pam.conf.omi-copy"
rm -f /etc/pam.conf.omi-copy
return 1
fi
# verify that complete file was written
grep "# End of section generated by the omi installer." /etc/pam.conf.omi-copy > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "can't update file /etc/pam.conf.omi-copy"
rm -f /etc/pam.conf.omi-copy
return 1
fi
# use move to substitute original file with verified copy
mv /etc/pam.conf.omi-copy /etc/pam.conf
if [ $? -ne 0 ]; then
echo "can't replace /etc/pam.conf"
return 1
fi
}
get_new_pam_config_dir() {
#
# Get configuration for sshd, service modules types auth and account
#
sshd_conf=`egrep "(auth|account)" /etc/pam.d/sshd 2> /dev/null`
if [ $? -ne 0 ]; then
# No match found
# sshd not explicitly configured.
# Use passwd
sshd_conf=`echo "auth requisite pam_authtok_get.so.1
auth required pam_dhkeys.so.1
auth required pam_unix_auth.so.1
account requisite pam_roles.so.1
account required pam_unix_account.so.1"`
fi
omi_conf=$sshd_conf
}
configure_pam_dir() {
#
# First check if omi is already configured
#
if [ -f /etc/pam.d/omi ]; then
# Match found
# Looks like omi is already configured
echo "omi already configured"
return 0
fi
get_new_pam_config_dir
echo "#%PAM-1.0
# The configuration of omi is generated by the omi installer.
$omi_conf" > /etc/pam.d/omi
if [ $? -ne 0 ]; then
echo "can't create /etc/pam.d/omi"
return 1
fi
}
configure_pam() {
#
# Check if pam is configured with single
# configuration file or with configuration
# directory.
#
if [ -s /etc/pam.conf ]; then
configure_pam_file
elif [ -d /etc/pam.d ]; then
configure_pam_dir
else
# No pam configuration.
echo "PAM does not seem to be configured."
echo "Checked both /etc/pam.conf and /etc/pam.d."
return 1
fi
return 0
}
id=`./buildtool username`
if [ "$id" != "root" ]; then
echo
echo "************************************************************"
echo "* Warning: PAM configuration not performed (requires root *"
echo "* privileges). *"
echo "************************************************************"
echo
exit 0
fi
configure_pam
exit 0