diff options
Diffstat (limited to 'debian/libpam-modules.preinst')
| -rw-r--r-- | debian/libpam-modules.preinst | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/debian/libpam-modules.preinst b/debian/libpam-modules.preinst new file mode 100644 index 0000000..fe0d6eb --- /dev/null +++ b/debian/libpam-modules.preinst @@ -0,0 +1,58 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + + +handle_profiles_with_removed_modules() { + removed_modules="$1" + profiles="" + modules="" + test -x /usr/sbin/pam-auth-update ||return 0 + test -r /var/lib/pam/auth ||return 0 + for module in $removed_modules; do + new_profiles=$( perl -nle 'BEGIN {$removed = shift;} /^Module: (.*)$/&&($profile = $1); /^[^#]*$removed/&&$profile&&($profiles{$profile} = 1); END {print join("\n",keys %profiles) if %profiles;}' \ + $module \ + /var/lib/pam/auth /var/lib/pam/account \ + /var/lib/pam/password /var/lib/pam/session \ + /var/lib/pam/session-noninteractive) + if [ "$new_profiles" != "" ]; then + modules="$modules $module" + profiles="${profiles}${new_profiles}" + fi + done + profiles=$( echo "$profiles" |sort |uniq) + if [ "$profiles" != "" ]; then + db_reset libpam-modules/profiles-disabled + db_subst libpam-modules/profiles-disabled modules "$modules" + db_input critical libpam-modules/profiles-disabled ||true + db_go ||true + pam-auth-update --remove $profiles + fi +} + + + +if dpkg --compare-versions "$2" lt-nl 1.4.0-5; then + db_version 2.0 + handle_profiles_with_removed_modules pam_tally + # We have a generic template for removing pam-profiles because + # there is a sane automatic action. If we detect the modules in + # user configurations we want a specific template so we can + # recommend a replacement + # /dev/null reference is to make sure we don't grep stdin if + # somehow ls returns empty + if grep -qe '^[^#]*pam_tally' $(ls -1d /etc/pam.d/* | grep -e '^/etc/pam.d/[0-9a-zA-Z/-]*$' ) /dev/null ; then + db_input critical libpam-modules/deprecate-tally ||true + db_go ||true + exit 2 + fi + + if pidof xscreensaver xlockmore >/dev/null; then + db_input critical libpam-modules/disable-screensaver || true + db_go || true + fi +fi + +#DEBHELPER# |