msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m6s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-09-12 21:16:21 +02:00
parent 5be2f97a91
commit 40a40120aa
1 changed files with 43 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
func/cdi_4500_user/4520_accounts_setup.sh
View File

@@ -606,26 +606,49 @@ pam_access_sync_login_sshd() {
fi fi
### 1) If the 'pam_access' line is commented in '/etc/pam.d/login', uncomment exactly one occurrence. ### 1) If the 'pam_access' line is commented in '/etc/pam.d/login', uncomment exactly one occurrence.
chroot_script "${TARGET}" " # shellcheck disable=SC2155
LC_ALL=C awk ' declare var_payload="$(
BEGIN { done=0 } cat <<'CISS'
{ tmp="$(mktemp /etc/pam.d/login.XXXXXX)"
LC_ALL=C awk '
BEGIN { done=0 }
{
if (!done) { if (!done) {
tmp=\$0 line=$0
# Strip a leading comment marker plus following spaces (but only once) sub(/^[[:space:]]*#+[[:space:]]*/, "", line)
sub(/^[[:space:]]*#+[[:space:]]*/, \"\", tmp) if (line ~ /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/) {
# Match the pam_access.so line after decommenting attempt print line; done=1; next
if (tmp ~ /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/) {
print tmp
done=1
next
} }
} }
print print
} }
' /etc/pam.d/login >| /etc/pam.d/login.new ' /etc/pam.d/login >| "${tmp}"
mv -f /etc/pam.d/login.new /etc/pam.d/login
" test -s "${tmp}"
mv -f "${tmp}" /etc/pam.d/login
CISS
)"
chroot_script "${TARGET}" "${var_payload}"
#chroot_script "${TARGET}" "
# LC_ALL=C awk '
# BEGIN { done=0 }
# {
# if (!done) {
# tmp=\$0
# sub(/^[[:space:]]*#+[[:space:]]*/, \"\", tmp)
# if (tmp ~ /^[[:space:]]*account[[:space:]]+required[[:space:]]+pam_access[.]so([[:space:]]|$)/) {
# print tmp
# done=1
# next
# }
# }
# print
# }
# ' /etc/pam.d/login >| /etc/pam.d/login.new
# mv -f /etc/pam.d/login.new /etc/pam.d/login
# "
### 2) If '/etc/pam.d/login' now has an active pam_access line, ensure '/etc/pam.d/sshd' pam_access line(s) are commented out. ### 2) If '/etc/pam.d/login' now has an active pam_access line, ensure '/etc/pam.d/sshd' pam_access line(s) are commented out.
chroot_script "${TARGET}" " chroot_script "${TARGET}" "