blob: fe0d6eb9f3e5d936a2478fd5af696e0704553ebf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
handle_profiles_with_removed_modules() {
removed_modules="$1"
profiles=""
modules=""
test -x /usr/sbin/pam-auth-update ||return 0
test -r /var/lib/pam/auth ||return 0
for module in $removed_modules; do
new_profiles=$( perl -nle 'BEGIN {$removed = shift;} /^Module: (.*)$/&&($profile = $1); /^[^#]*$removed/&&$profile&&($profiles{$profile} = 1); END {print join("\n",keys %profiles) if %profiles;}' \
$module \
/var/lib/pam/auth /var/lib/pam/account \
/var/lib/pam/password /var/lib/pam/session \
/var/lib/pam/session-noninteractive)
if [ "$new_profiles" != "" ]; then
modules="$modules $module"
profiles="${profiles}${new_profiles}"
fi
done
profiles=$( echo "$profiles" |sort |uniq)
if [ "$profiles" != "" ]; then
db_reset libpam-modules/profiles-disabled
db_subst libpam-modules/profiles-disabled modules "$modules"
db_input critical libpam-modules/profiles-disabled ||true
db_go ||true
pam-auth-update --remove $profiles
fi
}
if dpkg --compare-versions "$2" lt-nl 1.4.0-5; then
db_version 2.0
handle_profiles_with_removed_modules pam_tally
# We have a generic template for removing pam-profiles because
# there is a sane automatic action. If we detect the modules in
# user configurations we want a specific template so we can
# recommend a replacement
# /dev/null reference is to make sure we don't grep stdin if
# somehow ls returns empty
if grep -qe '^[^#]*pam_tally' $(ls -1d /etc/pam.d/* | grep -e '^/etc/pam.d/[0-9a-zA-Z/-]*$' ) /dev/null ; then
db_input critical libpam-modules/deprecate-tally ||true
db_go ||true
exit 2
fi
if pidof xscreensaver xlockmore >/dev/null; then
db_input critical libpam-modules/disable-screensaver || true
db_go || true
fi
fi
#DEBHELPER#
|
