summaryrefslogtreecommitdiffstats
path: root/debian/libpam-modules.preinst
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:01:37 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:01:37 +0000
commitdcd7a5748ef6820e3e0d386139d9dd946f0d71fa (patch)
tree66900ada5e764c3422a91836695cdef113bbb883 /debian/libpam-modules.preinst
parentAdding upstream version 1.4.0. (diff)
downloadpam-debian/1.4.0-9+deb11u1.tar.xz
pam-debian/1.4.0-9+deb11u1.zip
Adding debian version 1.4.0-9+deb11u1.debian/1.4.0-9+deb11u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/libpam-modules.preinst58
1 files changed, 58 insertions, 0 deletions
diff --git a/debian/libpam-modules.preinst b/debian/libpam-modules.preinst
new file mode 100644
index 0000000..fe0d6eb
--- /dev/null
+++ b/debian/libpam-modules.preinst
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+
+handle_profiles_with_removed_modules() {
+ removed_modules="$1"
+ profiles=""
+ modules=""
+ test -x /usr/sbin/pam-auth-update ||return 0
+ test -r /var/lib/pam/auth ||return 0
+ for module in $removed_modules; do
+ new_profiles=$( perl -nle 'BEGIN {$removed = shift;} /^Module: (.*)$/&&($profile = $1); /^[^#]*$removed/&&$profile&&($profiles{$profile} = 1); END {print join("\n",keys %profiles) if %profiles;}' \
+ $module \
+ /var/lib/pam/auth /var/lib/pam/account \
+ /var/lib/pam/password /var/lib/pam/session \
+ /var/lib/pam/session-noninteractive)
+ if [ "$new_profiles" != "" ]; then
+ modules="$modules $module"
+ profiles="${profiles}${new_profiles}"
+ fi
+ done
+ profiles=$( echo "$profiles" |sort |uniq)
+ if [ "$profiles" != "" ]; then
+ db_reset libpam-modules/profiles-disabled
+ db_subst libpam-modules/profiles-disabled modules "$modules"
+ db_input critical libpam-modules/profiles-disabled ||true
+ db_go ||true
+ pam-auth-update --remove $profiles
+ fi
+}
+
+
+
+if dpkg --compare-versions "$2" lt-nl 1.4.0-5; then
+ db_version 2.0
+ handle_profiles_with_removed_modules pam_tally
+ # We have a generic template for removing pam-profiles because
+ # there is a sane automatic action. If we detect the modules in
+ # user configurations we want a specific template so we can
+ # recommend a replacement
+ # /dev/null reference is to make sure we don't grep stdin if
+ # somehow ls returns empty
+ if grep -qe '^[^#]*pam_tally' $(ls -1d /etc/pam.d/* | grep -e '^/etc/pam.d/[0-9a-zA-Z/-]*$' ) /dev/null ; then
+ db_input critical libpam-modules/deprecate-tally ||true
+ db_go ||true
+ exit 2
+ fi
+
+ if pidof xscreensaver xlockmore >/dev/null; then
+ db_input critical libpam-modules/disable-screensaver || true
+ db_go || true
+ fi
+fi
+
+#DEBHELPER#