V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-09-12 21:16:21 +02:00
parent 5be2f97a91
commit 40a40120aa
1 changed files with 43 additions and 20 deletions
--- a/func/cdi_4500_user/4520_accounts_setup.sh
+++ b/func/cdi_4500_user/4520_accounts_setup.sh
@@ -606,26 +606,49 @@ pam_access_sync_login_sshd() {
  fi

  ### 1) If the 'pam_access' line is commented in '/etc/pam.d/login', uncomment exactly one occurrence.
-  chroot_script "${TARGET}" "
+  # shellcheck disable=SC2155
+  declare     var_payload="$(
+    cat <<'CISS'
+tmp="$(mktemp /etc/pam.d/login.XXXXXX)"
 LC_ALL=C awk '
 BEGIN { done=0 }
 {
  if (!done) {
-            tmp=\$0
-            # Strip a leading comment marker plus following spaces (but only once)
-            sub(/^[[:space:]]*#+[[:space:]]*/, \"\", tmp)
-            # Match the pam_access.so line after decommenting attempt
-              if (tmp ~ /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/) {
-              print tmp
-              done=1
-              next
+    line=$0
+    sub(/^[[:space:]]*#+[[:space:]]*/, "", line)
+    if (line ~ /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/) {
+      print line; done=1; next
    }
  }
  print
 }
-      ' /etc/pam.d/login >| /etc/pam.d/login.new
-      mv -f /etc/pam.d/login.new /etc/pam.d/login
-    "
+' /etc/pam.d/login >| "${tmp}"
+
+test -s "${tmp}"
+mv -f "${tmp}" /etc/pam.d/login
+CISS
+  )"
+
+  chroot_script "${TARGET}" "${var_payload}"
+
+  #chroot_script "${TARGET}" "
+  #  LC_ALL=C awk '
+  #    BEGIN { done=0 }
+  #      {
+  #        if (!done) {
+  #          tmp=\$0
+  #          sub(/^[[:space:]]*#+[[:space:]]*/, \"\", tmp)
+  #            if (tmp ~ /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/) {
+  #            print tmp
+  #            done=1
+  #            next
+  #          }
+  #        }
+  #      print
+  #      }
+  #    ' /etc/pam.d/login >| /etc/pam.d/login.new
+  #    mv -f /etc/pam.d/login.new /etc/pam.d/login
+  #  "

  ### 2) If '/etc/pam.d/login' now has an active pam_access line, ensure '/etc/pam.d/sshd' pam_access line(s) are commented out.
  chroot_script "${TARGET}" "