comparison: pam/pamtool
pam/pamtool
- changeset 656
- 0f564e7490b9
equal
deleted
inserted
replaced
| -1:000000000000 | 0:6fcaa189e385 |
|---|---|
| 1 #!/bin/sh | |
| 2 ## | |
| 3 ## pamtool -- OpenPKG PAM Auxiliary Tool | |
| 4 ## Copyright (c) 2000-2007 OpenPKG Foundation e.V. <http://openpkg.net/> | |
| 5 ## Copyright (c) 2000-2007 Ralf S. Engelschall <http://engelschall.com/> | |
| 6 ## | |
| 7 ## Permission to use, copy, modify, and distribute this software for | |
| 8 ## any purpose with or without fee is hereby granted, provided that | |
| 9 ## the above copyright notice and this permission notice appear in all | |
| 10 ## copies. | |
| 11 ## | |
| 12 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED | |
| 13 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
| 14 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 15 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR | |
| 16 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 17 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
| 18 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF | |
| 19 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
| 20 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 21 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT | |
| 22 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
| 23 ## SUCH DAMAGE. | |
| 24 ## | |
| 25 | |
| 26 # program name, version and date | |
| 27 progname="pamtool" | |
| 28 progvers="0.9.0" | |
| 29 progdate="11-Mar-2002" | |
| 30 | |
| 31 # the OpenPKG instance information | |
| 32 l_prefix="@l_prefix@" | |
| 33 l_platform="@l_platform@" | |
| 34 | |
| 35 # default parameters | |
| 36 verbose=no | |
| 37 help=no | |
| 38 add=no | |
| 39 remove=no | |
| 40 smart=no | |
| 41 name="" | |
| 42 id="" | |
| 43 | |
| 44 # iterate over argument line | |
| 45 while [ $# -gt 0 ]; do | |
| 46 opt=$1 | |
| 47 case $opt in | |
| 48 -*=*) arg=`echo "$opt" | sed 's/^[-_a-zA-Z0-9]*=//'` ;; | |
| 49 *) arg='' ;; | |
| 50 esac | |
| 51 case $opt in | |
| 52 -v|--verbose ) verbose=yes ;; | |
| 53 -h|--help ) help=yes ;; | |
| 54 -a|--add ) add=yes ;; | |
| 55 -r|--remove ) remove=yes ;; | |
| 56 -s|--smart ) smart=yes ;; | |
| 57 --name=* ) name=$arg ;; | |
| 58 --id=* ) id=$arg ;; | |
| 59 -* ) help="Invalid option \`$opt'"; break ;; | |
| 60 * ) break ;; | |
| 61 esac | |
| 62 shift | |
| 63 done | |
| 64 if [ ".$help" = .yes ]; then | |
| 65 echo "$progname --add|--remove --name=NAME [--smart] [--id=ID]"; | |
| 66 exit 0 | |
| 67 fi | |
| 68 if [ ".$add" = .no -a ".$remove" = .no ]; then | |
| 69 echo "$progname:ERROR: either option -a/--add or -r/--remove have to be specified" 1>&2 | |
| 70 exit 1 | |
| 71 fi | |
| 72 if [ ".$add" = .yes -a ".$remove" = .yes ]; then | |
| 73 echo "$progname:ERROR: option -a/--add and -r/--remove cannot be specified in parallel" 1>&2 | |
| 74 exit 1 | |
| 75 fi | |
| 76 if [ ".$name" = . ]; then | |
| 77 echo "$progname:ERROR: option --name has to be specified" 1>&2 | |
| 78 exit 1 | |
| 79 fi | |
| 80 if [ ".$id" = . ]; then | |
| 81 id="$l_prefix:$name" | |
| 82 fi | |
| 83 | |
| 84 | |
| 85 # find a reasonable temporary location | |
| 86 if [ ".$TMPDIR" != . ]; then | |
| 87 tmpdir="$TMPDIR" | |
| 88 elif [ ".$TEMPDIR" != . ]; then | |
| 89 tmpdir="$TEMPDIR" | |
| 90 else | |
| 91 tmpdir="/tmp" | |
| 92 fi | |
| 93 tmpfile="$tmpdir/pamtool.$$.tmp" | |
| 94 | |
| 95 # determine PAM information from OpenPKG configuration | |
| 96 if [ ! -f "$l_prefix/etc/rc" ]; then | |
| 97 echo "$progname:$ERROR: OpenPKG run-command facility not found under $l_prefix" 1>&2 | |
| 98 exit 1 | |
| 99 fi | |
| 100 pam_enable=`$l_prefix/bin/openpkg rc --query pam_enable` | |
| 101 pam_cfgloc=`$l_prefix/bin/openpkg rc --query pam_cfgloc` | |
| 102 pam_modpfx=`$l_prefix/bin/openpkg rc --query pam_modpfx` | |
| 103 | |
| 104 # perform operation | |
| 105 if [ ! -f "$l_prefix/lib/openpkg/rpmtool" ]; then | |
| 106 echo "$progname:$ERROR: OpenPKG rpmtool not found under $l_prefix/sbin/" 1>&2 | |
| 107 exit 1 | |
| 108 fi | |
| 109 rpmtool_config="$l_prefix/lib/openpkg/rpmtool config" | |
| 110 if [ ".$smart" = .yes ]; then | |
| 111 rpmtool_config="$rpmtool_config -s" | |
| 112 fi | |
| 113 if [ ".$add" = .yes ]; then | |
| 114 # | |
| 115 # add a PAM entry | |
| 116 # | |
| 117 | |
| 118 # determine platform specific PAM entries | |
| 119 ( case "$l_platform" in | |
| 120 *-freebsd* ) | |
| 121 echo "auth sufficient ${pam_modpfx}pam_opie.so no_warn no_fake_prompts" | |
| 122 echo "auth requisite ${pam_modpfx}pam_opieaccess.so no_warn allow_local" | |
| 123 echo "auth required ${pam_modpfx}pam_unix.so try_first_pass" | |
| 124 echo "account required ${pam_modpfx}pam_unix.so" | |
| 125 echo "password required ${pam_modpfx}pam_permit.so" | |
| 126 echo "session required ${pam_modpfx}pam_permit.so" | |
| 127 ;; | |
| 128 *-linux* ) | |
| 129 echo "auth required ${pam_modpfx}pam_unix_auth.so shadow nodelay" | |
| 130 echo "auth required ${pam_modpfx}pam_nologin.so" | |
| 131 echo "account required ${pam_modpfx}pam_unix_acct.so" | |
| 132 echo "password required ${pam_modpfx}pam_unix_passwd.so shadow nullok use_authtok" | |
| 133 echo "session required ${pam_modpfx}pam_unix_session.so" | |
| 134 echo "session required ${pam_modpfx}pam_limits.so" | |
| 135 ;; | |
| 136 *-sunos* ) | |
| 137 echo "auth required ${pam_modpfx}pam_unix.so try_first_pass" | |
| 138 echo "account required ${pam_modpfx}pam_unix.so" | |
| 139 echo "password required ${pam_modpfx}pam_unix.so" | |
| 140 echo "session required ${pam_modpfx}pam_unix.so" | |
| 141 ;; | |
| 142 *-aix* ) | |
| 143 echo "auth required ${pam_modpfx}pam_aix try_first_pass" | |
| 144 echo "account required ${pam_modpfx}pam_aix" | |
| 145 echo "password required ${pam_modpfx}pam_aix" | |
| 146 echo "session required ${pam_modpfx}pam_aix" | |
| 147 ;; | |
| 148 * ) | |
| 149 echo "auth required ${pam_modpfx}pam_unix.so try_first_pass" | |
| 150 echo "account required ${pam_modpfx}pam_unix.so" | |
| 151 echo "password required ${pam_modpfx}pam_unix.so" | |
| 152 echo "session required ${pam_modpfx}pam_unix.so" | |
| 153 ;; | |
| 154 esac | |
| 155 ) >$tmpfile | |
| 156 | |
| 157 # add application name prefix if using combined configuration | |
| 158 if [ -f $pam_cfgloc ]; then | |
| 159 sed -e "s;^;$name ;" <$tmpfile >$tmpfile.n | |
| 160 mv $tmpfile.n $tmpfile | |
| 161 fi | |
| 162 | |
| 163 # create entry | |
| 164 if [ -f $pam_cfgloc ]; then | |
| 165 if [ ".$verbose" = .yes ]; then | |
| 166 echo "++ adding entry to $pam_cfgloc" | |
| 167 fi | |
| 168 $rpmtool_config -a -i $id $pam_cfgloc <$tmpfile || exit $? | |
| 169 elif [ -d $pam_cfgloc ]; then | |
| 170 if [ ".$verbose" = .yes ]; then | |
| 171 echo "++ adding entry to $pam_cfgloc/$name" | |
| 172 fi | |
| 173 $rpmtool_config -a -i $id $pam_cfgloc/$name <$tmpfile || exit $? | |
| 174 fi | |
| 175 | |
| 176 elif [ ".$remove" = .yes ]; then | |
| 177 # | |
| 178 # remove a PAM entry | |
| 179 # | |
| 180 | |
| 181 # remove entry | |
| 182 if [ -f $pam_cfgloc ]; then | |
| 183 if [ ".$verbose" = .yes ]; then | |
| 184 echo "++ removing entry from $pam_cfgloc" | |
| 185 fi | |
| 186 $rpmtool_config -r -i $id $pam_cfgloc || exit $? | |
| 187 elif [ -d $pam_cfgloc ]; then | |
| 188 if [ ".$verbose" = .yes ]; then | |
| 189 echo "++ removing entry from $pam_cfgloc/$name" | |
| 190 fi | |
| 191 $rpmtool_config -r -i $id $pam_cfgloc/$name || exit $? | |
| 192 if [ ! -s $pam_cfgloc/$name ]; then | |
| 193 rm -f $pam_cfgloc/$name >/dev/null 2>&1 || true | |
| 194 fi | |
| 195 fi | |
| 196 fi | |
| 197 | |
| 198 # cleanup | |
| 199 rm -f $tmpfile | |
| 200 exit 0 | |
| 201 |
