diff options
| author | Sam Hartman <hartmans@debian.org> | 2021-02-24 14:29:53 -0500 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2021-09-15 17:52:36 -0700 |
| commit | 5580a437c37d76f78fe6fe410c9918f8f017ee8e (patch) | |
| tree | 5fcc86721b42b0f652f1cc37bd3e93730a2e3421 /debian/libpam-modules.preinst | |
| parent | 952595e2b7cbcb2c7964c4c60c5d4a8fc5f56046 (diff) | |
| download | pam-5580a437c37d76f78fe6fe410c9918f8f017ee8e.tar.gz pam-5580a437c37d76f78fe6fe410c9918f8f017ee8e.tar.bz2 pam-5580a437c37d76f78fe6fe410c9918f8f017ee8e.zip | |
debian/libpam-modules.preinst|templates: pam_tally deprecation
* Add a facility to detect enabled profiles that contain a particular module
* If a profile contains an enabled module that is being removed,
remove that profile and warn the user.
* Use this to pam_tally and because of how the string search works pam_tally2
Diffstat (limited to 'debian/libpam-modules.preinst')
| -rw-r--r-- | debian/libpam-modules.preinst | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/debian/libpam-modules.preinst b/debian/libpam-modules.preinst index 3a86a8fb..3102b6a6 100644 --- a/debian/libpam-modules.preinst +++ b/debian/libpam-modules.preinst @@ -4,8 +4,39 @@ set -e . /usr/share/debconf/confmodule + +handle_profiles_with_removed_modules() { + removed_modules="$1" + profiles="" + modules="" + test -x /usr/sbin/pam-auth-update ||return 0 + test -r /var/lib/pam/auth ||return 0 + for module in $removed_modules; do + new_profiles=$( perl -nle 'BEGIN {$removed = shift;} /^Module: (.*)$/&&($profile = $1); /^[^#]*$removed/&&$profile&&($profiles{$profile} = 1); END {print join("\n",keys %profiles) if %profiles;}' \ + $module \ + /var/lib/pam/auth /var/lib/pam/account \ + /var/lib/pam/password /var/lib/pam/session \ + /var/lib/pam/session-noninteractive) + if [ "$new_profiles" != "" ]; then + modules="$modules $module" + profiles="${profiles}${new_profiles}" + fi + done + profiles=$( echo "$profiles" |sort |uniq) + if [ "$profiles" != "" ]; then + db_reset libpam-modules/profiles-disabled + db_subst libpam-modules/profiles-disabled modules "$modules" + db_input critical libpam-modules/profiles-disabled ||true + db_go ||true + pam-auth-update --remove $profiles + fi +} + + + if dpkg --compare-versions "$2" lt-nl 1.4.0-2; then - db_version 2.0 + db_version 2.0 + handle_profiles_with_removed_modules pam_tally if pidof xscreensaver xlockmore >/dev/null; then db_input critical libpam-modules/disable-screensaver || true |