Line 0
Link Here
|
|
|
1 |
--- bin/google_oslogin_control.orig 2019-06-14 12:36:44 UTC |
2 |
+++ bin/google_oslogin_control |
3 |
@@ -154,6 +154,7 @@ modify_pam_config() ( |
4 |
pam_account_oslogin="account optional pam_oslogin_admin.so" |
5 |
pam_account_admin="account requisite pam_oslogin_login.so" |
6 |
pam_session_homedir="session optional pam_mkhomedir.so" |
7 |
+ pam_account_su="account optional pam_oslogin_login.so" |
8 |
fi |
9 |
|
10 |
local added_config="" |
11 |
@@ -201,6 +202,11 @@ modify_pam_config() ( |
12 |
# Get location of system-remote-login. |
13 |
insert=$($sed -rn "/^auth\s+include\s+system-remote-login/=" "$pam_sshd_config") |
14 |
# TODO: find su_insert point for arch linux. |
15 |
+ elif is_freebsd; then |
16 |
+ # Get location of the first auth occurrence. |
17 |
+ insert=$($sed -rn '/^auth/=' "$pam_sshd_config" | head -1) |
18 |
+ # Get location of the first account occurrence. |
19 |
+ su_insert=$($sed -rn '/^account/=' "$pam_su_config" | head -1) |
20 |
fi |
21 |
|
22 |
added_config="$added_comment" |
23 |
@@ -223,7 +229,7 @@ modify_pam_config() ( |
24 |
# Insert su blocker at top of `su:account` stack. |
25 |
if [ -n "$su_insert" ] && ! grep -qE "$pam_account_su" "$pam_su_config"; then |
26 |
added_su_config="${added_comment}\n${pam_account_su}" |
27 |
- sed -i"" "${su_insert}i ${added_su_config}" "$pam_su_config" |
28 |
+ $sed -i"" "${su_insert}i ${added_su_config}" "$pam_su_config" |
29 |
fi |
30 |
|
31 |
# Append account modules at end of `sshd:account` stack. |
32 |
@@ -314,16 +320,24 @@ restart_sshd() { |
33 |
return 0 |
34 |
fi |
35 |
echo "Restarting SSHD" |
36 |
- for svc in "ssh" "sshd"; do |
37 |
- restart_service "$svc" |
38 |
- done |
39 |
+ if is_freebsd; then |
40 |
+ restart_service "sshd" |
41 |
+ else |
42 |
+ for svc in "ssh" "sshd"; do |
43 |
+ restart_service "$svc" |
44 |
+ done |
45 |
+ fi |
46 |
} |
47 |
|
48 |
restart_svcs() { |
49 |
echo "Restarting optional services." |
50 |
- for svc in "nscd" "unscd" "systemd-logind" "cron" "crond"; do |
51 |
- restart_service "$svc" |
52 |
- done |
53 |
+ if is_freebsd; then |
54 |
+ restart_service "cron" |
55 |
+ else |
56 |
+ for svc in "nscd" "unscd" "systemd-logind" "cron" "crond"; do |
57 |
+ restart_service "$svc" |
58 |
+ done |
59 |
+ fi |
60 |
} |
61 |
|
62 |
setup_google_dirs() { |
63 |
@@ -347,18 +361,34 @@ remove_google_dirs() { |
64 |
} |
65 |
|
66 |
activate() { |
67 |
- for func in modify_sshd_conf modify_nsswitch_conf \ |
68 |
- modify_pam_config setup_google_dirs restart_svcs restart_sshd \ |
69 |
- modify_group_conf; do |
70 |
+ if is_freebsd; then |
71 |
+ # In FreeBSD there is no pam_group config file similar to |
72 |
+ # /etc/security/group.conf. |
73 |
+ funcs="modify_sshd_conf modify_nsswitch_conf modify_pam_config \ |
74 |
+ setup_google_dirs restart_svcs restart_sshd" |
75 |
+ else |
76 |
+ funcs="modify_sshd_conf modify_nsswitch_conf modify_pam_config \ |
77 |
+ setup_google_dirs restart_svcs restart_sshd modify_group_conf" |
78 |
+ fi |
79 |
+ |
80 |
+ for func in "$funcs"; do |
81 |
$func |
82 |
[ $? -eq 0 ] || return 1 |
83 |
done |
84 |
} |
85 |
|
86 |
deactivate() { |
87 |
- for func in remove_google_dirs restore_nsswitch_conf \ |
88 |
- restore_sshd_conf restore_pam_config restart_svcs restart_sshd \ |
89 |
- restore_group_conf; do |
90 |
+ if is_freebsd; then |
91 |
+ # In FreeBSD there is no pam_group config file similar to |
92 |
+ # /etc/security/group.conf. |
93 |
+ funcs="remove_google_dirs restore_nsswitch_conf restore_sshd_conf \ |
94 |
+ restore_pam_config restart_svcs restart_sshd" |
95 |
+ else |
96 |
+ funcs="remove_google_dirs restore_nsswitch_conf restore_sshd_conf \ |
97 |
+ restore_pam_config restart_svcs restart_sshd restore_group_conf" |
98 |
+ fi |
99 |
+ |
100 |
+ for func in "$funcs"; do |
101 |
$func |
102 |
done |
103 |
} |