diff options
| author | Steve Langasek <vorlon@debian.org> | 2009-08-18 16:25:06 -0700 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 19:42:00 -0800 |
| commit | 9bfcff20ad2c0b0ad3244b3ef49bb4d017bcaca7 (patch) | |
| tree | 1b64892f9321deb679d2c8a775b55785bba0212d /debian/local/pam-auth-update | |
| parent | d475ac43a87c208019ac4dccad294d1fd92281f0 (diff) | |
debian/local/common-session-noninteractive{,.md5sums},
debian/local/pam-auth-update: split out a session-noninteractive include
file, so that we can at last distinguish between interactive and
non-interactive PAM sessions at a policy level. Closes: #169930,
LP: #287715.
Diffstat (limited to 'debian/local/pam-auth-update')
| -rwxr-xr-x | debian/local/pam-auth-update | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update index b059bf94..eeb14598 100755 --- a/debian/local/pam-auth-update +++ b/debian/local/pam-auth-update @@ -54,6 +54,9 @@ my %md5sums = ( '1bd2f3e86f552c57f5ee013b93ffca2b', '4a25673e8b36f1805219027d3be02cd2', ], + 'session-noninteractive' => [ + 'ad2b78ce1498dd637ef36469430b6ac6', + ], ); opendir(DIR, $inputdir) || die "could not open config directory: $!"; @@ -278,6 +281,7 @@ sub create_from_template my($template,$dest,$profiles,$enabled,$diff,$type) = @_; my $state = 0; my $uctype = ucfirst($type); + $type =~ s/-noninteractive//; open(INPUT,$template) || return 0; open(OUTPUT,">$dest") || return 0; @@ -431,7 +435,9 @@ sub write_profiles # because we can't atomically replace both /var/lib/pam/$foo and # /etc/pam.d/common-$foo at the same time, take steps to make this # somewhat robust - for my $type ('auth','account','password','session') { + for my $type ('auth','account','password','session', + 'session-noninteractive') + { my $target = $confdir . '/common-' . $type; my $template = $target; my $dest = $template . '.pam-new'; @@ -540,7 +546,9 @@ sub diff_profiles # If anything fails here, just return immediately since we then # have nothing to merge; instead, the caller will decide later # whether to force an overwrite. - for my $type ('auth','account','password','session') { + for my $type ('auth','account','password','session', + 'session-noninteractive') + { my (@saved,$modname); open(SAVED,$savedir . '/' . $type) || return 0; @@ -563,6 +571,8 @@ sub diff_profiles my $state = 0; my (@prev_opts,$curmod); + my $realtype = $type; + $realtype =~ s/-noninteractive//; open(CURRENT,$sourcedir . '/common-' . $type) || return 0; while (<CURRENT>) { @@ -572,7 +582,7 @@ sub diff_profiles next; } if ($state == 1) { - s/^$type\s+//; + s/^$realtype\s+//; if (/^# here's the fallback if no module succeeds/) { $state = 2; next; @@ -585,7 +595,7 @@ sub diff_profiles } if ($state == 3) { last if (/^# end of pam-auth-update config/); - s/^$type\s+//; + s/^$realtype\s+//; } my $found = 0; @@ -668,5 +678,10 @@ sub parse_pam_profile } } close(PROFILE); + if (!defined($profile{'Session-Interactive-Only'})) { + $profile{'Session-noninteractive-Type'} = $profile{'Session-Type'}; + $profile{'Session-noninteractive'} = $profile{'Session'}; + $profile{'Session-noninteractive-Initial'} = $profile{'Session-Initial'}; + } return %profile; } |