diff options
author | Simon Rettberg | 2018-03-14 20:31:47 +0100 |
---|---|---|
committer | Simon Rettberg | 2018-03-14 20:31:47 +0100 |
commit | 51680b00cefba826c14893e9d7737138a3ba9a7b (patch) | |
tree | 8019d7abeee7c62851e32689a548e7fd6723bae8 /core | |
parent | [run-virt/iptables-helper] Handle race condition when adding interfaces (diff) | |
download | mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.tar.gz mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.tar.xz mltk-51680b00cefba826c14893e9d7737138a3ba9a7b.zip |
[pam/rfs-stage32/pam-slx-plug] Only overwrite pam/nsswitch files that have <slx-autogen>
Diffstat (limited to 'core')
5 files changed, 72 insertions, 59 deletions
diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config index 0ac461ae..274c5e08 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config @@ -123,66 +123,76 @@ session+=("optional pam_exec.so quiet /opt/openslx/pam/exec_session") # # Write pam configs tmpfile=$(mktemp) + # common-auth -skip=$(( ${#auth[@]} + 1 )) -echo "# Generated $(date)" > "$tmpfile" -for line in "${auth[@]}"; do - echo "auth ${line//%NUM%/$skip}" - skip=$(( skip - 1 )) -done >> "$tmpfile" -cat >> "$tmpfile" <<-HERE - auth optional pam_faildelay.so delay=2123123 - auth requisite pam_deny.so - auth required pam_permit.so - auth optional pam_cap.so -HERE -cp -f -- "$tmpfile" "/etc/pam.d/common-auth" +if grep -q '<slx-autogen>' "/etc/pam.d/common-auth"; then + skip=$(( ${#auth[@]} + 1 )) + echo "# <slx-autogen> Generated $(date)" > "$tmpfile" + for line in "${auth[@]}"; do + echo "auth ${line//%NUM%/$skip}" + skip=$(( skip - 1 )) + done >> "$tmpfile" + cat >> "$tmpfile" <<-HERE + auth optional pam_faildelay.so delay=2123123 + auth requisite pam_deny.so + auth required pam_permit.so + auth optional pam_cap.so + HERE + cp -f -- "$tmpfile" "/etc/pam.d/common-auth" +fi # common-account -skip=${#account[@]} -echo "# Generated $(date)" > "$tmpfile" -for line in "${account[@]}"; do - echo "account ${line//%NUM%/$skip}" - skip=$(( skip - 1 )) -done >> "$tmpfile" -cat >> "$tmpfile" <<-HERE - account requisite pam_deny.so - account required pam_permit.so -HERE -cp -f -- "$tmpfile" "/etc/pam.d/common-account" +if grep -q '<slx-autogen>' "/etc/pam.d/common-account"; then + skip=${#account[@]} + echo "# <slx-autogen> Generated $(date)" > "$tmpfile" + for line in "${account[@]}"; do + echo "account ${line//%NUM%/$skip}" + skip=$(( skip - 1 )) + done >> "$tmpfile" + cat >> "$tmpfile" <<-HERE + account requisite pam_deny.so + account required pam_permit.so + HERE + cp -f -- "$tmpfile" "/etc/pam.d/common-account" +fi # common-session -cat > "$tmpfile" <<-HERE - session required pam_permit.so - session optional pam_umask.so - session required pam_systemd.so - session optional pam_env.so readenv=1 - session optional pam_env.so readenv=1 envfile=/etc/default/locale - session optional pam_exec.so quiet /opt/openslx/pam/mkhome -HERE -for line in "${session[@]}"; do - echo "session $line" -done >> "$tmpfile" -cp -f -- "$tmpfile" "/etc/pam.d/common-session" +if grep -q '<slx-autogen>' "/etc/pam.d/common-session"; then + cat > "$tmpfile" <<-HERE + # <slx-autogen> Generated $(date) + session required pam_permit.so + session optional pam_umask.so + session required pam_systemd.so + session optional pam_env.so readenv=1 + session optional pam_env.so readenv=1 envfile=/etc/default/locale + session optional pam_exec.so quiet /opt/openslx/pam/mkhome + HERE + for line in "${session[@]}"; do + echo "session $line" + done >> "$tmpfile" + cp -f -- "$tmpfile" "/etc/pam.d/common-session" +fi # # Write nsswitch.conf -cat > "/etc/nsswitch.conf" <<-HERE -# Generated $(date) -passwd: ${nss[@]} -group: ${nss[@]} -shadow: files - -hosts: ${dns[@]} -networks: files - -protocols: db files -services: db files -ethers: db files -rpc: db files - -netgroup: nis -HERE +if grep -q '<slx-autogen>' "/etc/nsswitch.conf"; then + cat > "/etc/nsswitch.conf" <<-HERE + # <slx-autogen> Generated $(date) + passwd: ${nss[@]} + group: ${nss[@]} + shadow: files + + hosts: ${dns[@]} + networks: files + + protocols: db files + services: db files + ethers: db files + rpc: db files + + netgroup: nis + HERE +fi rm -f -- "$tmpfile" diff --git a/core/modules/pam/data/etc/pam.d/common-account b/core/modules/pam/data/etc/pam.d/common-account index 6694c6f7..40ddfde4 100644 --- a/core/modules/pam/data/etc/pam.d/common-account +++ b/core/modules/pam/data/etc/pam.d/common-account @@ -1,3 +1,4 @@ +# <slx-autogen> account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so account requisite pam_deny.so account required pam_permit.so diff --git a/core/modules/pam/data/etc/pam.d/common-auth b/core/modules/pam/data/etc/pam.d/common-auth index bc2d23bd..12d09a35 100644 --- a/core/modules/pam/data/etc/pam.d/common-auth +++ b/core/modules/pam/data/etc/pam.d/common-auth @@ -1,3 +1,4 @@ +# <slx-autogen> auth [success=1 default=ignore] pam_unix.so auth requisite pam_deny.so auth required pam_permit.so diff --git a/core/modules/pam/data/etc/pam.d/common-session b/core/modules/pam/data/etc/pam.d/common-session index 4009012e..323b81b1 100644 --- a/core/modules/pam/data/etc/pam.d/common-session +++ b/core/modules/pam/data/etc/pam.d/common-session @@ -1,3 +1,4 @@ +# <slx-autogen> session required pam_permit.so session required pam_unix.so session optional pam_umask.so diff --git a/core/rootfs/rootfs-stage32/data/etc/nsswitch.conf b/core/rootfs/rootfs-stage32/data/etc/nsswitch.conf index 6886def9..a44378e4 100644 --- a/core/rootfs/rootfs-stage32/data/etc/nsswitch.conf +++ b/core/rootfs/rootfs-stage32/data/etc/nsswitch.conf @@ -1,14 +1,14 @@ # /etc/nsswitch.conf # -# Example configuration of GNU Name Service Switch functionality. -# If you have the `glibc-doc-reference' and `info' packages installed, try: -# `info libc "Name Service Switch"' for information about this file. +# <slx-autogen> +# Default OpenSLX nsswitch file -- remove line above to prevent +# this file from being overwritten at runtime -passwd: compat -group: compat -shadow: compat +passwd: files +group: files +shadow: files -hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 +hosts: files dns networks: files protocols: db files |