xrdp/instfiles/pam.d/mkpamrules

#!/bin/sh

# Find suitable PAM config file

rules="$1"
srcdir="$2"
outfile="$3"

service="xrdp-sesman"
pamdir="/etc/pam.d"
pamdir_suse="/usr/lib/pam.d"
if [ ! -d $pamdir_suse ]; then
   # Older SUSE distros uses /usr/etc/pam.d
   pamdir_suse="/usr/etc/pam.d"
fi

# Modules needed by xrdp-sesman.unix, if we get to that
unix_modules_needed="pam_unix.so pam_env.so pam_nologin.so"

# Directories where pam modules might be installed
# Add to this list as platforms are added
pam_module_dir_searchpath="/lib*/security /usr/lib*/security /lib/*/security /usr/lib/*/security"

find_pam_module_dir()
{
  # Looks for the pam security module directory
  set -- $pam_module_dir_searchpath
  for d in "$@"; do
    if [ -s "$d/pam_unix.so" ]; then
      echo "$d"
      break
    fi
  done
}

can_apply_unix_config()
{
  result=0
  module_dir="$1"
  for m in $unix_modules_needed; do
    if [ ! -s "$module_dir/$m" ]; then
      echo "  ** $m not found" >&2
      result=1
    fi
  done

  return $result
}

guess_rules ()
{
  rules=
  if [ -s "$pamdir/password-auth" ]; then
    rules="redhat"

  elif [ -s "$pamdir_suse/common-account" ]; then
    rules="suse"

  elif [ -s "$pamdir/common-account" ]; then
    if grep "^@include" "$pamdir/passwd" >/dev/null 2>&1; then
      rules="debian"
    else
      rules="suse"
    fi

  elif [ ! -f "$pamdir/system-auth" -a -s "$pamdir/system" ]; then
    rules="freebsd"

  elif [ -s "$pamdir/authorization" ]; then
    rules="macos"

  elif [ -s "$pamdir/system-remote-login" ]; then
    rules="arch"

  elif [ -s "$pamdir/system-auth" ]; then
    rules="system"

  else
    module_dir=`find_pam_module_dir`
    if [ -d "$module_dir" ]; then
      #echo "- Found pam modules in $module_dir" >&2
      if can_apply_unix_config "$module_dir" ; then
        rules="unix"
      fi
    fi
  fi
}

if [ "$rules" = "auto" ]; then
  guess_rules
  if [ -z "$rules" ]; then
    echo "** Can't guess PAM rules for this system"
    exit 1
  fi
fi

if [ -s "$srcdir/$service.$rules" ]; then
  ln -nsf "$srcdir/$service.$rules" "$outfile"
else
  echo "Cannot find $srcdir/$service.$rules"
  exit 1
fi
Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00			`#!/bin/sh`

			`# Find suitable PAM config file`

			`rules="$1"`
			`srcdir="$2"`
			`outfile="$3"`

			`service="xrdp-sesman"`
			`pamdir="/etc/pam.d"`
Update pamdir_suse to accommodate with TW pam.d move (#2413) On newer builds of openSUSE tumbleweed the path of pam.d has moved from /usr/etc/pam.d to /usr/lib/pam.d, which prevents install script to correctly guess pam rules. Updating path in mkpamrules solves the problem. 2022-11-08 13:05:55 +03:00			`pamdir_suse="/usr/lib/pam.d"`
			`if [ ! -d $pamdir_suse ]; then`
			`# Older SUSE distros uses /usr/etc/pam.d`
			`pamdir_suse="/usr/etc/pam.d"`
			`fi`
Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00
mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`# Modules needed by xrdp-sesman.unix, if we get to that`
			`unix_modules_needed="pam_unix.so pam_env.so pam_nologin.so"`

			`# Directories where pam modules might be installed`
			`# Add to this list as platforms are added`
			`pam_module_dir_searchpath="/lib/security /usr/lib/security /lib//security /usr/lib//security"`

			`find_pam_module_dir()`
			`{`
			`# Looks for the pam security module directory`
			`set -- $pam_module_dir_searchpath`
			`for d in "$@"; do`
fix some shellcheck warnings 2022-09-03 03:50:56 +03:00			`if [ -s "$d/pam_unix.so" ]; then`
			`echo "$d"`
mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`break`
			`fi`
			`done`
			`}`

			`can_apply_unix_config()`
			`{`
			`result=0`
			`module_dir="$1"`
			`for m in $unix_modules_needed; do`
fix some shellcheck warnings 2022-09-03 03:50:56 +03:00			`if [ ! -s "$module_dir/$m" ]; then`
mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`echo " ** $m not found" >&2`
			`result=1`
			`fi`
			`done`

			`return $result`
			`}`

Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00			`guess_rules ()`
			`{`
mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`rules=`
			`if [ -s "$pamdir/password-auth" ]; then`
Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00			`rules="redhat"`

mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`elif [ -s "$pamdir_suse/common-account" ]; then`
mkpamrules: Support openSUSE's usage of /usr/etc/pam.d to contain the pam configuration files: https://lists.opensuse.org/opensuse-factory/2019-08/msg00113.html 2019-11-13 06:06:42 +03:00			`rules="suse"`

mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`elif [ -s "$pamdir/common-account" ]; then`
Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00			`if grep "^@include" "$pamdir/passwd" >/dev/null 2>&1; then`
			`rules="debian"`
			`else`
			`rules="suse"`
			`fi`

mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`elif [ ! -f "$pamdir/system-auth" -a -s "$pamdir/system" ]; then`
Add a pam file for FreeBSD as existing xrdp-sesman.unix doesn't suit FreeBSD. 2017-07-19 09:17:10 +03:00			`rules="freebsd"`

mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`elif [ -s "$pamdir/authorization" ]; then`
Added PAM support for MacOS 2018-01-30 12:42:42 +03:00			`rules="macos"`

mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`elif [ -s "$pamdir/system-remote-login" ]; then`
instfiles: Add pam.d config for arch linux. 2018-03-23 21:34:23 +03:00			`rules="arch"`

mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`elif [ -s "$pamdir/system-auth" ]; then`
			`rules="system"`

			`else`
			module_dir=`find_pam_module_dir`
			`if [ -d "$module_dir" ]; then`
			`#echo "- Found pam modules in $module_dir" >&2`
			`if can_apply_unix_config "$module_dir" ; then`
			`rules="unix"`
			`fi`
			`fi`
			`fi`
Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00			`}`

mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`if [ "$rules" = "auto" ]; then`
Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00			`guess_rules`
mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`if [ -z "$rules" ]; then`
			`echo "** Can't guess PAM rules for this system"`
			`exit 1`
			`fi`
Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00			`fi`

mkpamrules now supports Slackware 2020-04-26 19:27:19 +03:00			`if [ -s "$srcdir/$service.$rules" ]; then`
Allow PAM file selection in configure, improve autodetection, add SUSE Use easy to understand names for config files (debian, redhat, suse, unix). Move all autodetection to a separate script. 2016-12-31 07:00:46 +03:00			`ln -nsf "$srcdir/$service.$rules" "$outfile"`
			`else`
			`echo "Cannot find $srcdir/$service.$rules"`
			`exit 1`
			`fi`