|
Line 0
Link Here
|
|
|
1 |
--- bin/google_oslogin_control.orig 2019-06-14 12:36:44 UTC |
| 2 |
+++ bin/google_oslogin_control |
| 3 |
@@ -154,6 +154,7 @@ modify_pam_config() ( |
| 4 |
pam_account_oslogin="account optional pam_oslogin_admin.so" |
| 5 |
pam_account_admin="account requisite pam_oslogin_login.so" |
| 6 |
pam_session_homedir="session optional pam_mkhomedir.so" |
| 7 |
+ pam_account_su="account optional pam_oslogin_login.so" |
| 8 |
fi |
| 9 |
|
| 10 |
local added_config="" |
| 11 |
@@ -201,6 +202,11 @@ modify_pam_config() ( |
| 12 |
# Get location of system-remote-login. |
| 13 |
insert=$($sed -rn "/^auth\s+include\s+system-remote-login/=" "$pam_sshd_config") |
| 14 |
# TODO: find su_insert point for arch linux. |
| 15 |
+ elif is_freebsd; then |
| 16 |
+ # Get location of the first auth occurrence. |
| 17 |
+ insert=$($sed -rn '/^auth/=' "$pam_sshd_config" | head -1) |
| 18 |
+ # Get location of the first account occurrence. |
| 19 |
+ su_insert=$($sed -rn '/^account/=' "$pam_su_config" | head -1) |
| 20 |
fi |
| 21 |
|
| 22 |
added_config="$added_comment" |
| 23 |
@@ -223,7 +229,7 @@ modify_pam_config() ( |
| 24 |
# Insert su blocker at top of `su:account` stack. |
| 25 |
if [ -n "$su_insert" ] && ! grep -qE "$pam_account_su" "$pam_su_config"; then |
| 26 |
added_su_config="${added_comment}\n${pam_account_su}" |
| 27 |
- sed -i"" "${su_insert}i ${added_su_config}" "$pam_su_config" |
| 28 |
+ $sed -i"" "${su_insert}i ${added_su_config}" "$pam_su_config" |
| 29 |
fi |
| 30 |
|
| 31 |
# Append account modules at end of `sshd:account` stack. |
| 32 |
@@ -314,16 +320,24 @@ restart_sshd() { |
| 33 |
return 0 |
| 34 |
fi |
| 35 |
echo "Restarting SSHD" |
| 36 |
- for svc in "ssh" "sshd"; do |
| 37 |
- restart_service "$svc" |
| 38 |
- done |
| 39 |
+ if is_freebsd; then |
| 40 |
+ restart_service "sshd" |
| 41 |
+ else |
| 42 |
+ for svc in "ssh" "sshd"; do |
| 43 |
+ restart_service "$svc" |
| 44 |
+ done |
| 45 |
+ fi |
| 46 |
} |
| 47 |
|
| 48 |
restart_svcs() { |
| 49 |
echo "Restarting optional services." |
| 50 |
- for svc in "nscd" "unscd" "systemd-logind" "cron" "crond"; do |
| 51 |
- restart_service "$svc" |
| 52 |
- done |
| 53 |
+ if is_freebsd; then |
| 54 |
+ restart_service "cron" |
| 55 |
+ else |
| 56 |
+ for svc in "nscd" "unscd" "systemd-logind" "cron" "crond"; do |
| 57 |
+ restart_service "$svc" |
| 58 |
+ done |
| 59 |
+ fi |
| 60 |
} |
| 61 |
|
| 62 |
setup_google_dirs() { |
| 63 |
@@ -347,18 +361,34 @@ remove_google_dirs() { |
| 64 |
} |
| 65 |
|
| 66 |
activate() { |
| 67 |
- for func in modify_sshd_conf modify_nsswitch_conf \ |
| 68 |
- modify_pam_config setup_google_dirs restart_svcs restart_sshd \ |
| 69 |
- modify_group_conf; do |
| 70 |
+ if is_freebsd; then |
| 71 |
+ # In FreeBSD there is no pam_group config file similar to |
| 72 |
+ # /etc/security/group.conf. |
| 73 |
+ funcs="modify_sshd_conf modify_nsswitch_conf modify_pam_config \ |
| 74 |
+ setup_google_dirs restart_svcs restart_sshd" |
| 75 |
+ else |
| 76 |
+ funcs="modify_sshd_conf modify_nsswitch_conf modify_pam_config \ |
| 77 |
+ setup_google_dirs restart_svcs restart_sshd modify_group_conf" |
| 78 |
+ fi |
| 79 |
+ |
| 80 |
+ for func in "$funcs"; do |
| 81 |
$func |
| 82 |
[ $? -eq 0 ] || return 1 |
| 83 |
done |
| 84 |
} |
| 85 |
|
| 86 |
deactivate() { |
| 87 |
- for func in remove_google_dirs restore_nsswitch_conf \ |
| 88 |
- restore_sshd_conf restore_pam_config restart_svcs restart_sshd \ |
| 89 |
- restore_group_conf; do |
| 90 |
+ if is_freebsd; then |
| 91 |
+ # In FreeBSD there is no pam_group config file similar to |
| 92 |
+ # /etc/security/group.conf. |
| 93 |
+ funcs="remove_google_dirs restore_nsswitch_conf restore_sshd_conf \ |
| 94 |
+ restore_pam_config restart_svcs restart_sshd" |
| 95 |
+ else |
| 96 |
+ funcs="remove_google_dirs restore_nsswitch_conf restore_sshd_conf \ |
| 97 |
+ restore_pam_config restart_svcs restart_sshd restore_group_conf" |
| 98 |
+ fi |
| 99 |
+ |
| 100 |
+ for func in "$funcs"; do |
| 101 |
$func |
| 102 |
done |
| 103 |
} |