From 51680b00cefba826c14893e9d7737138a3ba9a7b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 14 Mar 2018 20:31:47 +0100 Subject: [pam/rfs-stage32/pam-slx-plug] Only overwrite pam/nsswitch files that have --- .../data/opt/openslx/pam/systemd/create-pam-config | 114 +++++++++++---------- 1 file changed, 62 insertions(+), 52 deletions(-) (limited to 'core/modules/pam-slx-plug') diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config index 0ac461ae..274c5e08 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config @@ -123,66 +123,76 @@ session+=("optional pam_exec.so quiet /opt/openslx/pam/exec_session") # # Write pam configs tmpfile=$(mktemp) + # common-auth -skip=$(( ${#auth[@]} + 1 )) -echo "# Generated $(date)" > "$tmpfile" -for line in "${auth[@]}"; do - echo "auth ${line//%NUM%/$skip}" - skip=$(( skip - 1 )) -done >> "$tmpfile" -cat >> "$tmpfile" <<-HERE - auth optional pam_faildelay.so delay=2123123 - auth requisite pam_deny.so - auth required pam_permit.so - auth optional pam_cap.so -HERE -cp -f -- "$tmpfile" "/etc/pam.d/common-auth" +if grep -q '' "/etc/pam.d/common-auth"; then + skip=$(( ${#auth[@]} + 1 )) + echo "# Generated $(date)" > "$tmpfile" + for line in "${auth[@]}"; do + echo "auth ${line//%NUM%/$skip}" + skip=$(( skip - 1 )) + done >> "$tmpfile" + cat >> "$tmpfile" <<-HERE + auth optional pam_faildelay.so delay=2123123 + auth requisite pam_deny.so + auth required pam_permit.so + auth optional pam_cap.so + HERE + cp -f -- "$tmpfile" "/etc/pam.d/common-auth" +fi # common-account -skip=${#account[@]} -echo "# Generated $(date)" > "$tmpfile" -for line in "${account[@]}"; do - echo "account ${line//%NUM%/$skip}" - skip=$(( skip - 1 )) -done >> "$tmpfile" -cat >> "$tmpfile" <<-HERE - account requisite pam_deny.so - account required pam_permit.so -HERE -cp -f -- "$tmpfile" "/etc/pam.d/common-account" +if grep -q '' "/etc/pam.d/common-account"; then + skip=${#account[@]} + echo "# Generated $(date)" > "$tmpfile" + for line in "${account[@]}"; do + echo "account ${line//%NUM%/$skip}" + skip=$(( skip - 1 )) + done >> "$tmpfile" + cat >> "$tmpfile" <<-HERE + account requisite pam_deny.so + account required pam_permit.so + HERE + cp -f -- "$tmpfile" "/etc/pam.d/common-account" +fi # common-session -cat > "$tmpfile" <<-HERE - session required pam_permit.so - session optional pam_umask.so - session required pam_systemd.so - session optional pam_env.so readenv=1 - session optional pam_env.so readenv=1 envfile=/etc/default/locale - session optional pam_exec.so quiet /opt/openslx/pam/mkhome -HERE -for line in "${session[@]}"; do - echo "session $line" -done >> "$tmpfile" -cp -f -- "$tmpfile" "/etc/pam.d/common-session" +if grep -q '' "/etc/pam.d/common-session"; then + cat > "$tmpfile" <<-HERE + # Generated $(date) + session required pam_permit.so + session optional pam_umask.so + session required pam_systemd.so + session optional pam_env.so readenv=1 + session optional pam_env.so readenv=1 envfile=/etc/default/locale + session optional pam_exec.so quiet /opt/openslx/pam/mkhome + HERE + for line in "${session[@]}"; do + echo "session $line" + done >> "$tmpfile" + cp -f -- "$tmpfile" "/etc/pam.d/common-session" +fi # # Write nsswitch.conf -cat > "/etc/nsswitch.conf" <<-HERE -# Generated $(date) -passwd: ${nss[@]} -group: ${nss[@]} -shadow: files - -hosts: ${dns[@]} -networks: files - -protocols: db files -services: db files -ethers: db files -rpc: db files - -netgroup: nis -HERE +if grep -q '' "/etc/nsswitch.conf"; then + cat > "/etc/nsswitch.conf" <<-HERE + # Generated $(date) + passwd: ${nss[@]} + group: ${nss[@]} + shadow: files + + hosts: ${dns[@]} + networks: files + + protocols: db files + services: db files + ethers: db files + rpc: db files + + netgroup: nis + HERE +fi rm -f -- "$tmpfile" -- cgit v1.2.3-55-g7522