Mercurial > illumos > illumos-gate
changeset 3970:e0cf0f3e7aa4
5073551 krlogin, krsh, ktelnet default PAM stacks look wrong.
6533858 zones unusable in s10u4_04 due to corrupted local zone pam.conf
author | mp153739 |
---|---|
date | Thu, 05 Apr 2007 02:55:03 -0700 |
parents | 53c82f760f32 |
children | ad0c51c3d2f2 |
files | deleted_files/usr/src/pkgdefs/SUNWrcmdr/postinstall.tmpl deleted_files/usr/src/pkgdefs/SUNWtnetr/postinstall.tmpl deleted_files/usr/src/pkgdefs/common_files/proc.pam_install usr/src/lib/libpam/pam.conf usr/src/pkgdefs/SUNWrcmdr/Makefile usr/src/pkgdefs/SUNWrcmdr/postinstall.tmpl usr/src/pkgdefs/SUNWrcmdr/prototype_com usr/src/pkgdefs/SUNWtnetr/Makefile usr/src/pkgdefs/SUNWtnetr/postinstall.tmpl usr/src/pkgdefs/SUNWtnetr/prototype_com usr/src/pkgdefs/common_files/i.pamconf usr/src/pkgdefs/common_files/proc.pam_install |
diffstat | 12 files changed, 285 insertions(+), 252 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deleted_files/usr/src/pkgdefs/SUNWrcmdr/postinstall.tmpl Thu Apr 05 02:55:03 2007 -0700 @@ -0,0 +1,70 @@ +#!/bin/sh +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License, Version 1.0 only +# (the "License"). You may not use this file except in compliance +# with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# + +include pam_install + +# update the pam.conf file + +pam_init + +# Delete the rlogin entry that uses pam_krb5.so.1 from pam.conf +# Delete the "acceptor" option everywhere + +cat $pamconfold | \ + sed -e "/^rlogin.*pam_krb5.so.1/d" | + sed "s/acceptor//g" > $pamconf +if [ $? -ne 0 ]; then + echo "can't edit $pamconf" + pam_undo + exit 1 +fi + +pam_add "^[# ]*krlogin[ ]*auth" << EOF +# +# Kerberized rlogin service +# +krlogin auth binding pam_krb5.so.1 +krlogin auth required pam_unix_auth.so.1 +EOF +if [ $? -ne 0 ]; then + exit 1 +fi + +pam_add "^[# ]*krsh[ ]*auth" << EOF +# +# Kerberized rsh service +# +krsh auth binding pam_krb5.so.1 +krsh auth required pam_unix_auth.so.1 +EOF +if [ $? -ne 0 ]; then + exit 1 +fi + +pam_fini
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deleted_files/usr/src/pkgdefs/SUNWtnetr/postinstall.tmpl Thu Apr 05 02:55:03 2007 -0700 @@ -0,0 +1,59 @@ +#!/bin/sh +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License, Version 1.0 only +# (the "License"). You may not use this file except in compliance +# with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# ident "%Z%%M% %I% %E% SMI" +# + +include pam_install + +# +# update the pam.conf file +# + +pam_init + +# Delete the "acceptor" option everywhere + +cat $pamconfold | \ + sed "s/acceptor//g" > $pamconf +if [ $? -ne 0 ]; then + echo "can't edit $pamconf" + pam_undo + exit 1 +fi + +pam_add "^[# ]*ktelnet[ ]*auth" << EOF +# +# Kerberized telnet service +# +ktelnet auth binding pam_krb5.so.1 +ktelnet auth required pam_unix_auth.so.1 +EOF +if [ $? -ne 0 ]; then + exit 1 +fi + +pam_fini
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deleted_files/usr/src/pkgdefs/common_files/proc.pam_install Thu Apr 05 02:55:03 2007 -0700 @@ -0,0 +1,69 @@ +# +# Copyright 2005 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License, Version 1.0 only +# (the "License"). You may not use this file except in compliance +# with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# ident "%Z%%M% %I% %E% SMI" +# +# proc.pam_install -- common code for pam.conf entry addition +# +# pam_init : call before any other functions +# pam_add : if the regular expression specified as argument 1 +# does not match any line in pam.conf, add the lines +# provided on stdin to the file +# pam_undo : call if rest of procedure script fails +# pam_fini : call if rest of procedure script succeeds +# +# pam_init and pam_add will perform necessary clean-up and +# return a non-zero exit code on failure. + +pamconf=${PKG_INSTALL_ROOT:-/}/etc/pam.conf +pamconfold=/tmp/pam.conf.$$ + +pam_init() { + cat $pamconf > $pamconfold + if [ $? -ne 0 ]; then + echo "can't create $pamconfold" + return 1 + fi + return 0 +} + +pam_fini() { + rm -f -- $pamconfold + return 0 +} + +pam_undo() { + cat $pamconfold > $pamconf + pam_fini +} + +pam_add() { + grep -s "$1" $pamconf > /dev/null 2>&1 || cat >> $pamconf + if [ $? -ne 0 ]; then + echo "can't edit $pamconf" + pam_undo + return 1 + fi + return 0 +}
--- a/usr/src/lib/libpam/pam.conf Wed Apr 04 22:56:20 2007 -0700 +++ b/usr/src/lib/libpam/pam.conf Thu Apr 05 02:55:03 2007 -0700 @@ -2,9 +2,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -22,7 +21,7 @@ # #ident "%Z%%M% %I% %E% SMI" # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PAM configuration @@ -55,8 +54,7 @@ # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 -krlogin auth binding pam_krb5.so.1 -krlogin auth required pam_unix_auth.so.1 +krlogin auth required pam_krb5.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) @@ -67,14 +65,12 @@ # Kerberized rsh service # krsh auth required pam_unix_cred.so.1 -krsh auth binding pam_krb5.so.1 -krsh auth required pam_unix_auth.so.1 +krsh auth required pam_krb5.so.1 # # Kerberized telnet service # ktelnet auth required pam_unix_cred.so.1 -ktelnet auth binding pam_krb5.so.1 -ktelnet auth required pam_unix_auth.so.1 +ktelnet auth required pam_krb5.so.1 # # PPP service (explicit because of pam_dial_auth) #
--- a/usr/src/pkgdefs/SUNWrcmdr/Makefile Wed Apr 04 22:56:20 2007 -0700 +++ b/usr/src/pkgdefs/SUNWrcmdr/Makefile Thu Apr 05 02:55:03 2007 -0700 @@ -2,9 +2,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -30,7 +29,6 @@ .KEEP_STATE: -TMPLFILES += postinstall DATAFILES += i.manifest r.manifest depend all: $(FILES)
--- a/usr/src/pkgdefs/SUNWrcmdr/postinstall.tmpl Wed Apr 04 22:56:20 2007 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,70 +0,0 @@ -#!/bin/sh -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include pam_install - -# update the pam.conf file - -pam_init - -# Delete the rlogin entry that uses pam_krb5.so.1 from pam.conf -# Delete the "acceptor" option everywhere - -cat $pamconfold | \ - sed -e "/^rlogin.*pam_krb5.so.1/d" | - sed "s/acceptor//g" > $pamconf -if [ $? -ne 0 ]; then - echo "can't edit $pamconf" - pam_undo - exit 1 -fi - -pam_add "^[# ]*krlogin[ ]*auth" << EOF -# -# Kerberized rlogin service -# -krlogin auth binding pam_krb5.so.1 -krlogin auth required pam_unix_auth.so.1 -EOF -if [ $? -ne 0 ]; then - exit 1 -fi - -pam_add "^[# ]*krsh[ ]*auth" << EOF -# -# Kerberized rsh service -# -krsh auth binding pam_krb5.so.1 -krsh auth required pam_unix_auth.so.1 -EOF -if [ $? -ne 0 ]; then - exit 1 -fi - -pam_fini
--- a/usr/src/pkgdefs/SUNWrcmdr/prototype_com Wed Apr 04 22:56:20 2007 -0700 +++ b/usr/src/pkgdefs/SUNWrcmdr/prototype_com Thu Apr 05 02:55:03 2007 -0700 @@ -2,9 +2,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -39,7 +38,6 @@ i pkginfo i copyright i depend -i postinstall i i.manifest i r.manifest #
--- a/usr/src/pkgdefs/SUNWtnetr/Makefile Wed Apr 04 22:56:20 2007 -0700 +++ b/usr/src/pkgdefs/SUNWtnetr/Makefile Thu Apr 05 02:55:03 2007 -0700 @@ -2,9 +2,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -28,7 +27,6 @@ include ../Makefile.com -TMPLFILES += postinstall DATAFILES += depend i.preserve i.manifest r.manifest .KEEP_STATE:
--- a/usr/src/pkgdefs/SUNWtnetr/postinstall.tmpl Wed Apr 04 22:56:20 2007 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,59 +0,0 @@ -#!/bin/sh -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# ident "%Z%%M% %I% %E% SMI" -# - -include pam_install - -# -# update the pam.conf file -# - -pam_init - -# Delete the "acceptor" option everywhere - -cat $pamconfold | \ - sed "s/acceptor//g" > $pamconf -if [ $? -ne 0 ]; then - echo "can't edit $pamconf" - pam_undo - exit 1 -fi - -pam_add "^[# ]*ktelnet[ ]*auth" << EOF -# -# Kerberized telnet service -# -ktelnet auth binding pam_krb5.so.1 -ktelnet auth required pam_unix_auth.so.1 -EOF -if [ $? -ne 0 ]; then - exit 1 -fi - -pam_fini
--- a/usr/src/pkgdefs/SUNWtnetr/prototype_com Wed Apr 04 22:56:20 2007 -0700 +++ b/usr/src/pkgdefs/SUNWtnetr/prototype_com Thu Apr 05 02:55:03 2007 -0700 @@ -2,9 +2,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2005 Sun Microsystems, Inc. All rights reserved. +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -39,7 +38,6 @@ i pkginfo i copyright i depend -i postinstall i i.preserve i i.manifest i r.manifest
--- a/usr/src/pkgdefs/common_files/i.pamconf Wed Apr 04 22:56:20 2007 -0700 +++ b/usr/src/pkgdefs/common_files/i.pamconf Thu Apr 05 02:55:03 2007 -0700 @@ -3,9 +3,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -23,7 +22,7 @@ # #ident "%Z%%M% %I% %E% SMI" # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # CLEANUP_FILE=/tmp/CLEANUP @@ -32,35 +31,21 @@ PPP_ENTRIES=$PAM_TMP/scp.$$ CRON_ENTRIES=$PAM_TMP/scc.$$ mkdir $PAM_TMP || exit 1 -KRB5_CONF_FILE=$BASEDIR/etc/krb5/krb5.conf -COMMENT_PREFIX="#" PATH="/usr/bin:/usr/sbin:${PATH}" export PATH -kerberos_configured() { - if [ -f $KRB5_CONF_FILE ]; then - grep "___default_realm___" $KRB5_CONF_FILE > /dev/null 2>&1 - if [ $? = 1 ]; then - COMMENT_PREFIX="" - fi - fi -} - setup_kerb_changes() { # # No comments or blanks lines allowed in entries below # cat > ${KERB_ENTRIES} << EOF krlogin auth required pam_unix_cred.so.1 -krlogin auth binding pam_krb5.so.1 -krlogin auth required pam_unix_auth.so.1 +krlogin auth required pam_krb5.so.1 krsh auth required pam_unix_cred.so.1 -krsh auth binding pam_krb5.so.1 -krsh auth required pam_unix_auth.so.1 +krsh auth required pam_krb5.so.1 ktelnet auth required pam_unix_cred.so.1 -ktelnet auth binding pam_krb5.so.1 -ktelnet auth required pam_unix_auth.so.1 +ktelnet auth required pam_krb5.so.1 EOF } @@ -86,7 +71,6 @@ EOF } # -kerberos_configured setup_kerb_changes setup_ppp_changes setup_cron_changes @@ -279,6 +263,59 @@ >> ${CLEANUP_FILE} rm -f /tmp/pamconf.$$ fi + +# +# update pam.conf to remove the rlogin entry that uses pam_krb5.so.1 +# + rm -f /tmp/pamconf.$$ + sed -e "/^[# ]*rlogin.*pam_krb5.so.1/d" \ + $dest > /tmp/pamconf.$$ + if [ $? -ne 0 ]; then + echo "Couldn't edit /tmp/pamconf.$$, rlogin lines have not been \ + updated to remove pam_krb5.so.1." \ + >> ${CLEANUP_FILE} + else + cp /tmp/pamconf.$$ $dest + fi + +# +# update pam.conf to remove obsolete flags used with pam_krb5.so.1 +# + rm -f /tmp/pamconf.$$ + sed -e "s/\(pam_krb5.so.1.*\)acceptor/\1/g" \ + -e "s/\(pam_krb5.so.1.*\)use_first_pass/\1/g" \ + -e "s/\(pam_krb5.so.1.*\)try_first_pass/\1/g" \ + -e "s/\(pam_krb5.so.1.*\)use_xfn_pass/\1/g" \ + -e "s/\(pam_krb5.so.1.*\)try_xfn_pass/\1/g" \ + $dest > /tmp/pamconf.$$ + if [ $? -ne 0 ]; then + echo "Couldn't edit /tmp/pamconf.$$ to remove obsolete flags: \ + acceptor, use_first_pass, try_first_pass, use_xfn_pass, try_xfn_pass." \ + >> ${CLEANUP_FILE} + else + cp /tmp/pamconf.$$ $dest + fi + +# +# update pam.conf to remove the unnecessary unix_auth entries for the +# kerberized services. +# + rm -f /tmp/pamconf.$$ + sed -e "/^[# ]*krlogin[ ]*auth[ ]*.*[ ]*pam_unix_auth.so.1/d" \ + -e "/^[# ]*krsh[ ]*auth[ ]*.*[ ]*pam_unix_auth.so.1/d" \ + -e "/^[# ]*ktelnet[ ]*auth[ ]*.*[ ]*pam_unix_auth.so.1/d" \ + -e "s/^\([# ]*krlogin[ ]*auth[ ]*\)binding/\1required/" \ + -e "s/^\([# ]*krsh[ ]*auth[ ]*\)binding/\1required/" \ + -e "s/^\([# ]*ktelnet[ ]*auth[ ]*\)binding/\1required/" \ + $dest > /tmp/pamconf.$$ + if [ $? -ne 0 ]; then + echo "Couldn't edit /tmp/pamconf.$$, krlogin, krsh, ktelnet may \ + still have pam_unix_auth in their stacks." \ + >> ${CLEANUP_FILE} + else + cp /tmp/pamconf.$$ $dest + fi + # # update pam.conf to append kerberos entries if not already present # @@ -296,13 +333,21 @@ if [ $e1 = "dtlogin" ]; then if grep "^[# ]*$e1[ ][ ]*$e2[ ]" \ $dest >/dev/null 2>&1; then - echo "$COMMENT_PREFIX$e1\t$e2 $e3\t\t$e4 $e5" >> /tmp/pamconf.$$ + echo "$e1\t$e2 $e3\t\t$e4 $e5" >> /tmp/pamconf.$$ fi else # Doesn't exist, enter into pam.conf - echo "$COMMENT_PREFIX$e1\t$e2 $e3\t\t$e4 $e5" >> \ + echo "$e1\t$e2 $e3\t\t$e4 $e5" >> \ /tmp/pamconf.$$ fi + else + # Does exist. To maintain proper stacking order: remove it + # and append it to the bottom of the conf file. + grep "^[# ]*$e1[ ][ ]*$e2[ ][ ]*$e3[ ][ ]*$e4" \ + $dest >> /tmp/pamconf.$$ 2>/dev/null + sed -e "/^[# ]*$e1[ ][ ]*$e2[ ][ ]*$e3[ ][ ]*$e4/d" \ + $dest > /tmp/pamconf2.$$ + mv /tmp/pamconf2.$$ $dest fi done) # Append kerberos lines if any were not present already.
--- a/usr/src/pkgdefs/common_files/proc.pam_install Wed Apr 04 22:56:20 2007 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,69 +0,0 @@ -# -# Copyright 2005 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# ident "%Z%%M% %I% %E% SMI" -# -# proc.pam_install -- common code for pam.conf entry addition -# -# pam_init : call before any other functions -# pam_add : if the regular expression specified as argument 1 -# does not match any line in pam.conf, add the lines -# provided on stdin to the file -# pam_undo : call if rest of procedure script fails -# pam_fini : call if rest of procedure script succeeds -# -# pam_init and pam_add will perform necessary clean-up and -# return a non-zero exit code on failure. - -pamconf=${PKG_INSTALL_ROOT:-/}/etc/pam.conf -pamconfold=/tmp/pam.conf.$$ - -pam_init() { - cat $pamconf > $pamconfold - if [ $? -ne 0 ]; then - echo "can't create $pamconfold" - return 1 - fi - return 0 -} - -pam_fini() { - rm -f -- $pamconfold - return 0 -} - -pam_undo() { - cat $pamconfold > $pamconf - pam_fini -} - -pam_add() { - grep -s "$1" $pamconf > /dev/null 2>&1 || cat >> $pamconf - if [ $? -ne 0 ]; then - echo "can't edit $pamconf" - pam_undo - return 1 - fi - return 0 -}