diff options
| author | Sam Hartman <hartmans@debian.org> | 2023-01-04 11:20:04 -0700 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2023-01-04 11:20:04 -0700 |
| commit | b33771f7a9f1a55ef082470a34a9c93e8b287535 (patch) | |
| tree | e5577804aa62a9e2f80abfa69abbaa32b83b1f20 /debian | |
| parent | b1efe8ebca5001ab7fcf4f27de6484fbb1cb6e80 (diff) | |
pam-auth-update: --enable and --disable
* Implement --disable option
* Process --enable before we decide whether @enabled is empty, so that
if we are called with --enable and all previously enabled profiles
have disappeared, we do not need to prompt
* Document --disable and update synopsis
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/local/pam-auth-update | 21 | ||||
| -rw-r--r-- | debian/local/pam-auth-update.8 | 7 |
2 files changed, 24 insertions, 4 deletions
diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update index 385855cf..b3de86e7 100644 --- a/debian/local/pam-auth-update +++ b/debian/local/pam-auth-update @@ -39,7 +39,7 @@ my $blanktemplate = 'libpam-runtime/no_profiles_chosen'; my $titletemplate = 'libpam-runtime/title'; my $confdir = '/etc/pam.d'; my $savedir = '/var/lib/pam'; -my (%profiles, @sorted, @enabled, @conflicts, @new, %removals, %to_enable); +my (%profiles, @sorted, @enabled, @conflicts, @new, %removals, %to_disable, %to_enable); my $force = 0; my $package = 0; my $priority = 'high'; @@ -90,6 +90,13 @@ while ($#ARGV >= 0) { } # --remove implies --package $package = 1 if (keys(%removals)); + } elsif ($opt eq '--disable') { + while ($#ARGV >= 0) { + last if ($ARGV[0] =~ /^--/); + $to_disable{shift @ARGV} = 1; + } + # --disable implies --package + $package = 1 if (keys(%to_disable)); } elsif ($opt eq '--enable') { while ($#ARGV >= 0) { last if ($ARGV[0] =~ /^--/); @@ -148,15 +155,21 @@ if (-e $savedir . '/seen') { # filter out any options that are no longer available for any reason @enabled = grep { $profiles{$_} } @enabled; +# add configs to enable +push(@enabled, + grep { $to_enable{$_} } @sorted); + +# Disable anything explicitly disabled +@enabled = grep {!$to_disable{$_} } @enabled; +# And we've seen anything we disable +delete @seen{ keys %to_disable}; + # an empty module set is an error, so in that case grab all the defaults if (!@enabled) { %seen = (); $priority = 'high' unless ($force); } -# add configs to enable -push(@enabled, - grep { $to_enable{$_} } @sorted); # add any previously-unseen configs push(@enabled, diff --git a/debian/local/pam-auth-update.8 b/debian/local/pam-auth-update.8 index a5ebdbad..a31ec921 100644 --- a/debian/local/pam-auth-update.8 +++ b/debian/local/pam-auth-update.8 @@ -23,6 +23,10 @@ pam\-auth\-update - manage PAM configuration using packaged profiles .RB [ \-\-package " [" \-\-remove .IR profile " [" profile\fR... "]]]" .RB [ \-\-force ] +.RB [ \-\-enable +.IR profile " [" profile\fR... "]]" +.RB [ \-\-disable +.IR profile " [" profile\fR... "]]" .SH DESCRIPTION .I pam\-auth\-update is a utility that permits configuring the central authentication policy @@ -68,6 +72,9 @@ Indicate that the caller is a package maintainer script; lowers the priority of debconf questions to `medium' so that the user is not prompted by default. .TP +.B \-\-disable \fIprofile \fR[\fIprofile\fR...] +Disable the specified profiles in system configuration. This can be used from system administration scripts to disable profiles. +.TP .B \-\-enable \fIprofile \fR[\fIprofile\fR...] Enable the specified profiles in system configuration. This is used to enable profiles that are not on by default. |