diff options
Diffstat (limited to 'debian/local/pam-auth-update')
-rw-r--r-- | debian/local/pam-auth-update | 55 |
1 files changed, 43 insertions, 12 deletions
diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update index 6d17ab72..4c288d7b 100644 --- a/debian/local/pam-auth-update +++ b/debian/local/pam-auth-update @@ -39,7 +39,7 @@ my $blanktemplate = 'libpam-runtime/no_profiles_chosen'; my $titletemplate = 'libpam-runtime/title'; my $confdir = '/etc/pam.d'; my $savedir = '/var/lib/pam'; -my (%profiles, @sorted, @enabled, @conflicts, @new, %removals, %to_enable); +my (%profiles, @sorted, @enabled, @conflicts, @new, %removals, %to_disable, %to_enable); my $force = 0; my $package = 0; my $priority = 'high'; @@ -47,25 +47,23 @@ my %md5sums = ( 'auth' => ['8d4fe17e66ba25de16a117035d1396aa'], 'account' => ['3c0c362eaf3421848b679d63fd48c3fa'], 'password' => [ + '4d5c92d595a46b69cd61f18feb4c0574', '50fce2113dfda83ac8bdd5a6e706caec', '4bd7610f2e85f8ddaef79c7db7cb49eb', '9ba753d0824276b44bcadfee1f87b6bc', ], 'session' => [ + 'f297c731a467822cbd86e1283263e8a3', '240fb92986c885b327cdb21dd641da8c', '4a25673e8b36f1805219027d3be02cd2', + '9e633425b1878897695217ecaf75e204', ], 'session-noninteractive' => [ 'ad2b78ce1498dd637ef36469430b6ac6', + '53c1ede0bf4c07879d3582d875917545', ], ); - -opendir(DIR, $inputdir) || die "could not open config directory: $!"; -while (my $profile = readdir(DIR)) { - next if ($profile eq '.' || $profile eq '..' || $profile =~ m/~$/ || $profile =~ m/^#.+#$/); - %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile); -} -closedir DIR; +my @invalid_modules = ('pam_tally'); # use a '--force' arg to specify that /etc/pam.d should be overwritten; # used only on upgrades where the postinst has already determined that the @@ -82,6 +80,11 @@ while ($#ARGV >= 0) { $force = 1; } elsif ($opt eq '--package') { $package = 1; + } elsif ($opt eq '--root') { + my $rootdir = shift @ARGV; + $savedir = "${rootdir}$savedir"; + $confdir = "${rootdir}$confdir"; + $inputdir = "${rootdir}$inputdir"; } elsif ($opt eq '--remove') { while ($#ARGV >= 0) { last if ($ARGV[0] =~ /^--/); @@ -89,6 +92,13 @@ while ($#ARGV >= 0) { } # --remove implies --package $package = 1 if (keys(%removals)); + } elsif ($opt eq '--disable') { + while ($#ARGV >= 0) { + last if ($ARGV[0] =~ /^--/); + $to_disable{shift @ARGV} = 1; + } + # --disable implies --package + $package = 1 if (keys(%to_disable)); } elsif ($opt eq '--enable') { while ($#ARGV >= 0) { last if ($ARGV[0] =~ /^--/); @@ -99,6 +109,16 @@ while ($#ARGV >= 0) { } } +opendir(DIR, $inputdir) || die "could not open config directory: $!"; +while (my $profile = readdir(DIR)) { + next if ($profile eq '.' || $profile eq '..' || $profile =~ m/~$/ || $profile =~ m/^#.+#$/); + %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile); + if (defined $profiles{$profile}{'disabled'} and $profiles{$profile}{'disabled'}) { + delete $profiles{$profile}; + } +} +closedir DIR; + $priority = 'medium' if ($package); x_loadtemplatefile('/var/lib/dpkg/info/libpam-runtime.templates','libpam-runtime'); @@ -137,15 +157,23 @@ if (-e $savedir . '/seen') { # filter out any options that are no longer available for any reason @enabled = grep { $profiles{$_} } @enabled; +# add configs to enable +push(@enabled, + grep { $to_enable{$_} } @sorted); + +# Disable anything explicitly disabled +@enabled = grep {!$to_disable{$_} } @enabled; +# And we've seen anything we disable +foreach my $i (keys %to_disable) { + $seen{$i} = 1; +} + # an empty module set is an error, so in that case grab all the defaults if (!@enabled) { %seen = (); $priority = 'high' unless ($force); } -# add configs to enable -push(@enabled, - grep { $to_enable{$_} } @sorted); # add any previously-unseen configs push(@enabled, @@ -702,11 +730,14 @@ sub parse_pam_profile s/^\s+//; s/\s+$//; $profile{$fieldname} .= "\n$_" if ($_); + if (grep { $profile{$fieldname} =~ /$_/} @invalid_modules) { + $profile{'disabled'} = 1; + } $profile{$fieldname} =~ s/^[\n\s]+//; } } close(PROFILE); - if (!defined($profile{'Session-Interactive-Only'})) { + if (!defined($profile{'Session-Interactive-Only'}) or $profile{'Session-Interactive-Only'} ne 'yes') { $profile{'Session-noninteractive-Type'} = $profile{'Session-Type'}; $profile{'Session-noninteractive'} = $profile{'Session'}; $profile{'Session-noninteractive-Initial'} = $profile{'Session-Initial'}; |