[pam/rfs-stage32/pam-slx-plug] Only overwrite pam/nsswitch files that have <slx-autogen>

author: Simon Rettberg 2018-03-14 20:31:47 +0100
committer: Simon Rettberg 2018-03-14 20:31:47 +0100
commit: 51680b00cefba826c14893e9d7737138a3ba9a7b (patch)
tree: 8019d7abeee7c62851e32689a548e7fd6723bae8
parent: [run-virt/iptables-helper] Handle race condition when adding interfaces (diff)
download: mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.tar.gz
mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.tar.xz
mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.zip
5 files changed, 72 insertions, 59 deletions
diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config
index 0ac461ae..274c5e08 100755
--- a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config
+++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config
@@ -123,66 +123,76 @@ session+=("optional pam_exec.so quiet /opt/openslx/pam/exec_session")
 #
 # Write pam configs
 tmpfile=$(mktemp)
+
 # common-auth
-skip=$(( ${#auth[@]} + 1 ))
-echo "# Generated $(date)" > "$tmpfile"
-for line in "${auth[@]}"; do
-	echo "auth  ${line//%NUM%/$skip}"
-	skip=$(( skip - 1 ))
-done >> "$tmpfile"
-cat >> "$tmpfile" <<-HERE
-	auth  optional   pam_faildelay.so delay=2123123
-	auth  requisite  pam_deny.so
-	auth  required   pam_permit.so
-	auth  optional   pam_cap.so
-HERE
-cp -f -- "$tmpfile" "/etc/pam.d/common-auth"
+if grep -q '<slx-autogen>' "/etc/pam.d/common-auth"; then
+	skip=$(( ${#auth[@]} + 1 ))
+	echo "# <slx-autogen> Generated $(date)" > "$tmpfile"
+	for line in "${auth[@]}"; do
+		echo "auth  ${line//%NUM%/$skip}"
+		skip=$(( skip - 1 ))
+	done >> "$tmpfile"
+	cat >> "$tmpfile" <<-HERE
+		auth  optional   pam_faildelay.so delay=2123123
+		auth  requisite  pam_deny.so
+		auth  required   pam_permit.so
+		auth  optional   pam_cap.so
+	HERE
+	cp -f -- "$tmpfile" "/etc/pam.d/common-auth"
+fi
 
 # common-account
-skip=${#account[@]}
-echo "# Generated $(date)" > "$tmpfile"
-for line in "${account[@]}"; do
-	echo "account  ${line//%NUM%/$skip}"
-	skip=$(( skip - 1 ))
-done >> "$tmpfile"
-cat >> "$tmpfile" <<-HERE
-	account	requisite  pam_deny.so
-	account	required   pam_permit.so
-HERE
-cp -f -- "$tmpfile" "/etc/pam.d/common-account"
+if grep -q '<slx-autogen>' "/etc/pam.d/common-account"; then
+	skip=${#account[@]}
+	echo "# <slx-autogen> Generated $(date)" > "$tmpfile"
+	for line in "${account[@]}"; do
+		echo "account  ${line//%NUM%/$skip}"
+		skip=$(( skip - 1 ))
+	done >> "$tmpfile"
+	cat >> "$tmpfile" <<-HERE
+		account	requisite  pam_deny.so
+		account	required   pam_permit.so
+	HERE
+	cp -f -- "$tmpfile" "/etc/pam.d/common-account"
+fi
 
 # common-session
-cat > "$tmpfile" <<-HERE
-	session  required pam_permit.so
-	session  optional pam_umask.so
-	session  required pam_systemd.so
-	session  optional pam_env.so readenv=1
-	session  optional pam_env.so readenv=1 envfile=/etc/default/locale
-	session  optional pam_exec.so quiet /opt/openslx/pam/mkhome
-HERE
-for line in "${session[@]}"; do
-	echo "session  $line"
-done >> "$tmpfile"
-cp -f -- "$tmpfile" "/etc/pam.d/common-session"
+if grep -q '<slx-autogen>' "/etc/pam.d/common-session"; then
+	cat > "$tmpfile" <<-HERE
+		# <slx-autogen> Generated $(date)
+		session  required pam_permit.so
+		session  optional pam_umask.so
+		session  required pam_systemd.so
+		session  optional pam_env.so readenv=1
+		session  optional pam_env.so readenv=1 envfile=/etc/default/locale
+		session  optional pam_exec.so quiet /opt/openslx/pam/mkhome
+	HERE
+	for line in "${session[@]}"; do
+		echo "session  $line"
+	done >> "$tmpfile"
+	cp -f -- "$tmpfile" "/etc/pam.d/common-session"
+fi
 
 #
 # Write nsswitch.conf
-cat > "/etc/nsswitch.conf" <<-HERE
-# Generated $(date)
-passwd:         ${nss[@]}
-group:          ${nss[@]}
-shadow:         files
-
-hosts:          ${dns[@]}
-networks:       files
-
-protocols:      db files
-services:       db files
-ethers:         db files
-rpc:            db files
-
-netgroup:       nis
-HERE
+if grep -q '<slx-autogen>' "/etc/nsswitch.conf"; then
+	cat > "/etc/nsswitch.conf" <<-HERE
+		# <slx-autogen> Generated $(date)
+		passwd:         ${nss[@]}
+		group:          ${nss[@]}
+		shadow:         files
+
+		hosts:          ${dns[@]}
+		networks:       files
+
+		protocols:      db files
+		services:       db files
+		ethers:         db files
+		rpc:            db files
+
+		netgroup:       nis
+	HERE
+fi
 
 rm -f -- "$tmpfile"
 
diff --git a/core/modules/pam/data/etc/pam.d/common-account b/core/modules/pam/data/etc/pam.d/common-account
index 6694c6f7..40ddfde4 100644
--- a/core/modules/pam/data/etc/pam.d/common-account
+++ b/core/modules/pam/data/etc/pam.d/common-account
@@ -1,3 +1,4 @@
+# <slx-autogen>
 account [success=1 new_authtok_reqd=done default=ignore]  pam_unix.so
 account requisite                                         pam_deny.so
 account required                                          pam_permit.so
diff --git a/core/modules/pam/data/etc/pam.d/common-auth b/core/modules/pam/data/etc/pam.d/common-auth
index bc2d23bd..12d09a35 100644
--- a/core/modules/pam/data/etc/pam.d/common-auth
+++ b/core/modules/pam/data/etc/pam.d/common-auth
@@ -1,3 +1,4 @@
+# <slx-autogen>
 auth [success=1 default=ignore]  pam_unix.so
 auth requisite                   pam_deny.so
 auth required                    pam_permit.so
diff --git a/core/modules/pam/data/etc/pam.d/common-session b/core/modules/pam/data/etc/pam.d/common-session
index 4009012e..323b81b1 100644
--- a/core/modules/pam/data/etc/pam.d/common-session
+++ b/core/modules/pam/data/etc/pam.d/common-session
@@ -1,3 +1,4 @@
+# <slx-autogen>
 session required        pam_permit.so
 session required        pam_unix.so
 session optional        pam_umask.so
diff --git a/core/rootfs/rootfs-stage32/data/etc/nsswitch.conf b/core/rootfs/rootfs-stage32/data/etc/nsswitch.conf
index 6886def9..a44378e4 100644
--- a/core/rootfs/rootfs-stage32/data/etc/nsswitch.conf
+++ b/core/rootfs/rootfs-stage32/data/etc/nsswitch.conf
@@ -1,14 +1,14 @@
 # /etc/nsswitch.conf
 #
-# Example configuration of GNU Name Service Switch functionality.
-# If you have the `glibc-doc-reference' and `info' packages installed, try:
-# `info libc "Name Service Switch"' for information about this file.
+# <slx-autogen>
+# Default OpenSLX nsswitch file -- remove line above to prevent
+# this file from being overwritten at runtime
 
-passwd:         compat
-group:          compat
-shadow:         compat
+passwd:         files
+group:          files
+shadow:         files
 
-hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
+hosts:          files dns
 networks:       files
 
 protocols:      db files
author	Simon Rettberg	2018-03-14 20:31:47 +0100
committer	Simon Rettberg	2018-03-14 20:31:47 +0100
commit	51680b00cefba826c14893e9d7737138a3ba9a7b (patch)
tree	8019d7abeee7c62851e32689a548e7fd6723bae8
parent	[run-virt/iptables-helper] Handle race condition when adding interfaces (diff)
download	mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.tar.gz mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.tar.xz mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.zip