Linux web-conference.aiou.edu.pk 5.4.0-204-generic #224-Ubuntu SMP Thu Dec 5 13:38:28 UTC 2024 x86_64
Apache/2.4.41 (Ubuntu)
: 172.16.50.247 | : 18.217.104.36
Cant Read [ /etc/named.conf ]
7.4.3-4ubuntu2.28
appadmin
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
BLACK DEFEND!
README
+ Create Folder
+ Create File
/
snap /
core20 /
2318 /
usr /
sbin /
[ HOME SHELL ]
Name
Size
Permission
Action
aa-remove-unknown
3
KB
-rwxr-xr-x
aa-status
8.63
KB
-rwxr-xr-x
aa-teardown
139
B
-rwxr-xr-x
add-shell
860
B
-rwxr-xr-x
addgroup
36.9
KB
-rwxr-xr-x
adduser
36.9
KB
-rwxr-xr-x
agetty
67.38
KB
-rwxr-xr-x
apparmor_parser
1.45
MB
-rwxr-xr-x
apparmor_status
8.63
KB
-rwxr-xr-x
arpd
78.27
KB
-rwxr-xr-x
arptables
215.32
KB
-rwxr-xr-x
arptables-nft
215.32
KB
-rwxr-xr-x
arptables-nft-restore
215.32
KB
-rwxr-xr-x
arptables-nft-save
215.32
KB
-rwxr-xr-x
arptables-restore
215.32
KB
-rwxr-xr-x
arptables-save
215.32
KB
-rwxr-xr-x
badblocks
34.32
KB
-rwxr-xr-x
blkdeactivate
14.49
KB
-rwxr-xr-x
blkdiscard
34.23
KB
-rwxr-xr-x
blkid
118.26
KB
-rwxr-xr-x
blkzone
70.23
KB
-rwxr-xr-x
blockdev
66.23
KB
-rwxr-xr-x
bridge
102.3
KB
-rwxr-xr-x
capsh
30.3
KB
-rwxr-xr-x
cfdisk
102.59
KB
-rwxr-xr-x
chcpu
46.23
KB
-rwxr-xr-x
chgpasswd
66.2
KB
-rwxr-xr-x
chmem
62.23
KB
-rwxr-xr-x
chpasswd
58.2
KB
-rwxr-xr-x
chroot
42.34
KB
-rwxr-xr-x
cpgr
60.34
KB
-rwxr-xr-x
cppw
60.34
KB
-rwxr-xr-x
cryptdisks_start
1.51
KB
-rwxr-xr-x
cryptdisks_stop
844
B
-rwxr-xr-x
cryptsetup
135.54
KB
-rwxr-xr-x
cryptsetup-reencrypt
105.32
KB
-rwxr-xr-x
ctrlaltdel
38.23
KB
-rwxr-xr-x
debugfs
225.8
KB
-rwxr-xr-x
delgroup
16.11
KB
-rwxr-xr-x
deluser
16.11
KB
-rwxr-xr-x
depmod
170.34
KB
-rwxr-xr-x
devlink
150.47
KB
-rwxr-xr-x
dhclient
508.98
KB
-rwxr-xr-x
dhclient-script
15.92
KB
-rwxr-xr-x
dmsetup
171.02
KB
-rwxr-xr-x
dmstats
171.02
KB
-rwxr-xr-x
dosfsck
58.08
KB
-rwxr-xr-x
dosfslabel
54.08
KB
-rwxr-xr-x
dumpe2fs
30.38
KB
-rwxr-xr-x
e2freefrag
18.38
KB
-rwxr-xr-x
e2fsck
327.21
KB
-rwxr-xr-x
e2image
42.38
KB
-rwxr-xr-x
e2label
106.55
KB
-rwxr-xr-x
e2mmpstatus
30.38
KB
-rwxr-xr-x
e2scrub
7.13
KB
-rwxr-xr-x
e2scrub_all
5.27
KB
-rwxr-xr-x
e2undo
22.38
KB
-rwxr-xr-x
e4crypt
30.38
KB
-rwxr-xr-x
e4defrag
34.3
KB
-rwxr-xr-x
ebtables
215.32
KB
-rwxr-xr-x
ebtables-nft
215.32
KB
-rwxr-xr-x
ebtables-nft-restore
215.32
KB
-rwxr-xr-x
ebtables-nft-save
215.32
KB
-rwxr-xr-x
ebtables-restore
215.32
KB
-rwxr-xr-x
ebtables-save
215.32
KB
-rwxr-xr-x
faillock
14.15
KB
-rwxr-xr-x
fatlabel
54.08
KB
-rwxr-xr-x
fdformat
34.23
KB
-rwxr-xr-x
fdisk
150.27
KB
-rwxr-xr-x
filefrag
18.33
KB
-rwxr-xr-x
findfs
14.23
KB
-rwxr-xr-x
fsck
54.27
KB
-rwxr-xr-x
fsck.cramfs
38.26
KB
-rwxr-xr-x
fsck.ext2
327.21
KB
-rwxr-xr-x
fsck.ext3
327.21
KB
-rwxr-xr-x
fsck.ext4
327.21
KB
-rwxr-xr-x
fsck.fat
58.08
KB
-rwxr-xr-x
fsck.minix
122.25
KB
-rwxr-xr-x
fsck.msdos
58.08
KB
-rwxr-xr-x
fsck.vfat
58.08
KB
-rwxr-xr-x
fsfreeze
14.23
KB
-rwxr-xr-x
fstab-decode
14.3
KB
-rwxr-xr-x
fstrim
70.23
KB
-rwxr-xr-x
genl
82.29
KB
-rwxr-xr-x
getcap
14.3
KB
-rwxr-xr-x
getpcaps
14.3
KB
-rwxr-xr-x
getty
67.38
KB
-rwxr-xr-x
groupadd
90.95
KB
-rwxr-xr-x
groupdel
86.77
KB
-rwxr-xr-x
groupmems
62.24
KB
-rwxr-xr-x
groupmod
94.86
KB
-rwxr-xr-x
grpck
62.18
KB
-rwxr-xr-x
grpconv
58.05
KB
-rwxr-xr-x
grpunconv
58.05
KB
-rwxr-xr-x
halt
973.23
KB
-rwxr-xr-x
hwclock
102.35
KB
-rwxr-xr-x
iconvconfig
30.4
KB
-rwxr-xr-x
init
1.55
MB
-rwxr-xr-x
insmod
170.34
KB
-rwxr-xr-x
installkernel
2.58
KB
-rwxr-xr-x
integritysetup
60.23
KB
-rwxr-xr-x
invoke-rc.d
16.64
KB
-rwxr-xr-x
ip
597.62
KB
-rwxr-xr-x
ip6tables
96.97
KB
-rwxr-xr-x
ip6tables-apply
6.89
KB
-rwxr-xr-x
ip6tables-legacy
96.97
KB
-rwxr-xr-x
ip6tables-legacy-restore
96.97
KB
-rwxr-xr-x
ip6tables-legacy-save
96.97
KB
-rwxr-xr-x
ip6tables-nft
215.32
KB
-rwxr-xr-x
ip6tables-nft-restore
215.32
KB
-rwxr-xr-x
ip6tables-nft-save
215.32
KB
-rwxr-xr-x
ip6tables-restore
96.97
KB
-rwxr-xr-x
ip6tables-restore-translate
215.32
KB
-rwxr-xr-x
ip6tables-save
96.97
KB
-rwxr-xr-x
ip6tables-translate
215.32
KB
-rwxr-xr-x
iptables
96.97
KB
-rwxr-xr-x
iptables-apply
6.89
KB
-rwxr-xr-x
iptables-legacy
96.97
KB
-rwxr-xr-x
iptables-legacy-restore
96.97
KB
-rwxr-xr-x
iptables-legacy-save
96.97
KB
-rwxr-xr-x
iptables-nft
215.32
KB
-rwxr-xr-x
iptables-nft-restore
215.32
KB
-rwxr-xr-x
iptables-nft-save
215.32
KB
-rwxr-xr-x
iptables-restore
96.97
KB
-rwxr-xr-x
iptables-restore-translate
215.32
KB
-rwxr-xr-x
iptables-save
96.97
KB
-rwxr-xr-x
iptables-translate
215.32
KB
-rwxr-xr-x
isosize
30.23
KB
-rwxr-xr-x
killall5
26.38
KB
-rwxr-xr-x
ldattach
34.23
KB
-rwxr-xr-x
ldconfig
387
B
-rwxr-xr-x
ldconfig.real
1
MB
-rwxr-xr-x
logsave
14.16
KB
-rwxr-xr-x
losetup
110.34
KB
-rwxr-xr-x
lsmod
170.34
KB
-rwxr-xr-x
luksformat
3.32
KB
-rwxr-xr-x
mkdosfs
34.5
KB
-rwxr-xr-x
mke2fs
134.62
KB
-rwxr-xr-x
mkfs
14.23
KB
-rwxr-xr-x
mkfs.bfs
34.23
KB
-rwxr-xr-x
mkfs.cramfs
42.16
KB
-rwxr-xr-x
mkfs.ext2
134.62
KB
-rwxr-xr-x
mkfs.ext3
134.62
KB
-rwxr-xr-x
mkfs.ext4
134.62
KB
-rwxr-xr-x
mkfs.fat
34.5
KB
-rwxr-xr-x
mkfs.minix
106.23
KB
-rwxr-xr-x
mkfs.msdos
34.5
KB
-rwxr-xr-x
mkfs.vfat
34.5
KB
-rwxr-xr-x
mkhomedir_helper
22.17
KB
-rwxr-xr-x
mklost+found
14.3
KB
-rwxr-xr-x
mkswap
106.23
KB
-rwxr-xr-x
modinfo
170.34
KB
-rwxr-xr-x
modprobe
170.34
KB
-rwxr-xr-x
netplan
798
B
-rwxr-xr-x
newusers
98.8
KB
-rwxr-xr-x
nfnl_osf
18.3
KB
-rwxr-xr-x
nologin
14.3
KB
-rwxr-xr-x
pam-auth-update
19.86
KB
-rwxr-xr-x
pam_extrausers_chkpwd
42.16
KB
-rwxr-sr-x
pam_extrausers_update
42.16
KB
-rwxr-xr-x
pam_getenv
2.82
KB
-rwxr-xr-x
pam_tally
14.16
KB
-rwxr-xr-x
pam_tally2
18.16
KB
-rwxr-xr-x
pam_timestamp_check
14.15
KB
-rwxr-xr-x
pivot_root
14.23
KB
-rwxr-xr-x
poweroff
973.23
KB
-rwxr-xr-x
pwck
58.17
KB
-rwxr-xr-x
pwconv
54.05
KB
-rwxr-xr-x
pwunconv
54.05
KB
-rwxr-xr-x
raw
14.23
KB
-rwxr-xr-x
readprofile
22.26
KB
-rwxr-xr-x
reboot
973.23
KB
-rwxr-xr-x
remove-shell
904
B
-rwxr-xr-x
resize2fs
66.38
KB
-rwxr-xr-x
rfkill
50.23
KB
-rwxr-xr-x
rmmod
170.34
KB
-rwxr-xr-x
rmt
58.55
KB
-rwxr-xr-x
rmt-tar
58.55
KB
-rwxr-xr-x
rtacct
48.29
KB
-rwxr-xr-x
rtcwake
46.23
KB
-rwxr-xr-x
rtmon
78.24
KB
-rwxr-xr-x
runlevel
973.23
KB
-rwxr-xr-x
runuser
66.23
KB
-rwxr-xr-x
service
9.04
KB
-rwxr-xr-x
setcap
14.3
KB
-rwxr-xr-x
sfdisk
138.23
KB
-rwxr-xr-x
shadowconfig
885
B
-rwxr-xr-x
shutdown
973.23
KB
-rwxr-xr-x
sshd
863.79
KB
-rwxr-xr-x
start-stop-daemon
47.32
KB
-rwxr-xr-x
sulogin
50.23
KB
-rwxr-xr-x
swaplabel
18.23
KB
-rwxr-xr-x
swapoff
22.23
KB
-rwxr-xr-x
swapon
50.23
KB
-rwxr-xr-x
switch_root
14.23
KB
-rwxr-xr-x
sysctl
30.23
KB
-rwxr-xr-x
tarcat
936
B
-rwxr-xr-x
tc
529.45
KB
-rwxr-xr-x
telinit
973.23
KB
-rwxr-xr-x
tipc
126.23
KB
-rwxr-xr-x
tune2fs
106.55
KB
-rwxr-xr-x
tzconfig
106
B
-rwxr-xr-x
unix_chkpwd
42.15
KB
-rwxr-sr-x
unix_update
42.15
KB
-rwxr-xr-x
update-ca-certificates
5.29
KB
-rwxr-xr-x
update-mime
9.18
KB
-rwxr-xr-x
update-passwd
34.56
KB
-rwxr-xr-x
update-rc.d
16.76
KB
-rwxr-xr-x
useradd
143.71
KB
-rwxr-xr-x
userdel
98.89
KB
-rwxr-xr-x
usermod
139.49
KB
-rwxr-xr-x
veritysetup
51.82
KB
-rwxr-xr-x
vigr
68.55
KB
-rwxr-xr-x
vipw
68.55
KB
-rwxr-xr-x
visudo
218.2
KB
-rwxr-xr-x
wipefs
46.23
KB
-rwxr-xr-x
wpa_action
1.69
KB
-rwxr-xr-x
wpa_cli
152.22
KB
-rwxr-xr-x
wpa_supplicant
2.76
MB
-rwxr-xr-x
xtables-legacy-multi
96.97
KB
-rwxr-xr-x
xtables-monitor
215.32
KB
-rwxr-xr-x
xtables-nft-multi
215.32
KB
-rwxr-xr-x
zic
62.29
KB
-rwxr-xr-x
zramctl
114.34
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : pam-auth-update
#!/usr/bin/perl -w # pam-auth-update: update /etc/pam.d/common-* from /usr/share/pam-configs # # Update the /etc/pam.d/common-* files based on the per-package profiles # provided in /usr/share/pam-configs/ taking into consideration user's # preferences (as determined via debconf prompting). # # Written by Steve Langasek <steve.langasek@canonical.com> # # Copyright (C) 2008 Canonical Ltd. # # This program is free software; you can redistribute it and/or modify # it under the terms of version 3 of the GNU General Public License as # published by the Free Software Foundation. # # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, # USA. use strict; use Debconf::Client::ConfModule ':all'; use IPC::Open2 'open2'; version('2.0'); my $capb=capb('backup escape'); my $inputdir = '/usr/share/pam-configs'; my $template = 'libpam-runtime/profiles'; my $errtemplate = 'libpam-runtime/conflicts'; my $overridetemplate = 'libpam-runtime/override'; my $blanktemplate = 'libpam-runtime/no_profiles_chosen'; my $titletemplate = 'libpam-runtime/title'; my $confdir = '/etc/pam.d'; my $savedir = '/var/lib/pam'; my (%profiles, @sorted, @enabled, @conflicts, @new, %removals, %to_enable); my $force = 0; my $package = 0; my $priority = 'high'; my %md5sums = ( 'auth' => ['8d4fe17e66ba25de16a117035d1396aa'], 'account' => ['3c0c362eaf3421848b679d63fd48c3fa'], 'password' => [ '50fce2113dfda83ac8bdd5a6e706caec', '4bd7610f2e85f8ddaef79c7db7cb49eb', '9ba753d0824276b44bcadfee1f87b6bc', ], 'session' => [ '240fb92986c885b327cdb21dd641da8c', '4a25673e8b36f1805219027d3be02cd2', '73144a2f4e609a922a51e301cd66a57e', ], 'session-noninteractive' => [ 'ad2b78ce1498dd637ef36469430b6ac6', 'a20e8df3469bfe25c13a3b39161b30f0', ], ); opendir(DIR, $inputdir) || die "could not open config directory: $!"; while (my $profile = readdir(DIR)) { next if ($profile eq '.' || $profile eq '..' || $profile =~ m/~$/ || $profile =~ m/^#.+#$/); %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile); } closedir DIR; # use a '--force' arg to specify that /etc/pam.d should be overwritten; # used only on upgrades where the postinst has already determined that the # checksums match. Module packages other than libpam-runtime itself must # NEVER use this option! Document with big skullses and crossboneses! It # needs to be exposed for libpam-runtime because that's the package that # decides whether we have a pristine config to be converted, and knows # whether the version being upgraded from is one for which the conversion # should be done. while ($#ARGV >= 0) { my $opt = shift; if ($opt eq '--force') { $force = 1; } elsif ($opt eq '--package') { $package = 1; } elsif ($opt eq '--remove') { while ($#ARGV >= 0) { last if ($ARGV[0] =~ /^--/); $removals{shift @ARGV} = 1; } # --remove implies --package $package = 1 if (keys(%removals)); } elsif ($opt eq '--enable') { while ($#ARGV >= 0) { last if ($ARGV[0] =~ /^--/); $to_enable{shift @ARGV} = 1; } # --enable implies --package $package = 1 if (keys(%to_enable)); } } $priority = 'medium' if ($package); x_loadtemplatefile('/var/lib/dpkg/info/libpam-runtime.templates','libpam-runtime'); # always sort by priority, so we have consistency and don't have to # shuffle later @sorted = sort { $profiles{$b}->{'Priority'} <=> $profiles{$a}->{'Priority'} || $b cmp $a } keys(%profiles); # If we're being called for package removal, filter out those options here @sorted = grep { !$removals{$_} } @sorted; subst($template, 'profile_names', join(', ',@sorted)); subst($template, 'profiles', join(', ', map { $profiles{$_}->{'Name'} } @sorted)); my $diff = diff_profiles($confdir,$savedir); if ($diff) { @enabled = grep { !$removals{$_} } @{$diff->{'mods'}}; } else { @enabled = split(/, /,get($template)); } # find out what we've seen, so we can ignore those defaults my %seen; if (-e $savedir . '/seen') { open(SEEN,$savedir . '/seen') or die("open(${savedir}/seen) failed: $!"); while (<SEEN>) { chomp; $seen{$_} = 1; } close(SEEN); } # filter out any options that are no longer available for any reason @enabled = grep { $profiles{$_} } @enabled; # an empty module set is an error, so in that case grab all the defaults if (!@enabled) { %seen = (); $priority = 'high' unless ($force); } # add configs to enable push(@enabled, grep { $to_enable{$_} } @sorted); # add any previously-unseen configs push(@enabled, grep { $profiles{$_}->{'Default'} eq 'yes' && !$seen{$_} } @sorted); @enabled = sort { $profiles{$b}->{'Priority'} <=> $profiles{$a}->{'Priority'} || $b cmp $a } @enabled; my $prev = ''; @enabled = grep { $_ ne $prev && (($prev) = $_) } @enabled; # Do we have any new options to show? If not, we shouldn't reprompt the # user, at any priority level, unless explicitly called. @new = grep { !$seen{$_} } @sorted; settitle($titletemplate); # if diff_profiles() fails, and we weren't passed a 'force' argument # (because this isn't an upgrade from an old version, or the checksum # didn't match, or we're being called by some other module package), prompt # the user whether to override. If the user declines (the default), we # never again manage this config unless manually called with '--force'. if (!$diff && !$force) { input('high',$overridetemplate); go(); $force = 1 if (get($overridetemplate) eq 'true'); } if (!$diff && !$force) { print STDERR <<EOF; pam-auth-update: Local modifications to /etc/pam.d/common-*, not updating. pam-auth-update: Run pam-auth-update --force to override. EOF exit; } umask(0022); do { @conflicts = (); if (@new || !$package) { fset($template,'seen','false'); } set($template,join(', ', @enabled)); input($priority,$template); go(); @enabled = split(/, /, get($template)); # in case of conflicts, automatically unset the lower priority # item of each pair foreach my $elem (@enabled) { for (my $i=$#enabled; $i >= 0; $i--) { my $conflict = $enabled[$i]; if ($profiles{$elem}->{'Conflicts'}->{$conflict}) { splice(@enabled,$i,1); my $desc = $profiles{$elem}->{'Name'} . ', ' . $profiles{$conflict}->{'Name'}; push(@conflicts,$desc); } } } if (@conflicts) { subst($errtemplate, 'conflicts', join("\\n", @conflicts)); input('high',$errtemplate); } set($template, join(', ', @enabled)); if (!@enabled) { input('high',$blanktemplate); # we can only end up here by user error, but give them another # shot at selecting a correct config anyway. fset($template,'seen','false'); } } while (@conflicts || !@enabled); # the decision has been made about what configs to use, so even if # something fails after this, we shouldn't go munging the default # options again. Save the list of known configs to /var/lib/pam. open(SEEN,"> $savedir/seen") or die("open(${savedir}/seen) failed: $!"); for my $i (@sorted) { print SEEN "$i\n"; } close(SEEN) or die("close(${savedir}/seen) failed: $!"); # @enabled now contains our list of profiles to use for piecing together # a config # we have: # - templates into which we insert the specialness # - magic comments denoting the beginning and end of our managed block; # looking at only the functional config lines would potentially let us # handle more cases, at the expense of much greater complexity, so # pass on this at least for the first round # - a representation of the autogenerated config stored in /var/lib/pam, # that we can diff against in order to account for changed options or # manually dropped modules # - a hash describing the local modifications the user has made to the # config; these are always preserved unless manually overridden with # the --force option write_profiles(\%profiles, \@enabled, $confdir, $savedir, $diff, $force); # take a single line from a stock config, and merge it with the # information about local admin edits sub merge_one_line { my ($line,$diff,$count) = @_; my (@opts,$modline); my ($adds,$removes); $line =~ /^((\[[^]]+\]|\w+)\s+\S+)\s*(.*)/; @opts = split(/\s+/,$3); $modline = $1; $modline =~ s/end/$count/g; if ($diff) { my $mod = $modline; $mod =~ s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; $adds = \%{$diff->{'add'}{$mod}}; $removes = \%{$diff->{'remove'}{$mod}}; } else { $adds = $removes = undef; } for (my $i = 0; $i <= $#opts; $i++) { if ($adds->{$opts[$i]}) { delete $adds->{$opts[$i]}; } if ($removes->{$opts[$i]}) { splice(@opts,$i,1); $i--; } } return $modline . " " . join(' ',@opts,sort keys(%{$adds})) . "\n"; } # return the lines for a given config name, type, and position in the stack sub lines_for_module_and_type { my ($profiles, $mod, $type, $modpos) = @_; if ($modpos == 0 && $profiles->{$mod}{$type . '-Initial'}) { return $profiles->{$mod}{$type . '-Initial'}; } return $profiles->{$mod}{$type}; } # create a single PAM config from the indicated template and selections, # writing to a new file sub create_from_template { my($template,$dest,$profiles,$enabled,$diff,$type) = @_; my $state = 0; my $uctype = ucfirst($type); $type =~ s/-noninteractive//; open(INPUT,$template) || return 0; open(OUTPUT,">$dest") || return 0; while (<INPUT>) { if ($state == 1) { if (/^# here's the fallback if no module succeeds/) { print OUTPUT; $state++; } next; } if ($state == 3) { if (/^# end of pam-auth-update config/) { print OUTPUT; $state++; } next; } print OUTPUT; my ($pattern,$val); if ($state == 0) { $pattern = '^# here are the per-package modules \(the "Primary" block\)'; $val = 'Primary'; } elsif ($state == 2) { $pattern = '^# and here are more per-package modules \(the "Additional" block\)'; $val = 'Additional'; } else { next; } if (/$pattern/) { my $i = 0; my $count = 0; # first we need to get a count of lines that we're # going to output, so we can fix up the jumps correctly for my $mod (@{$enabled}) { my $output; next if (!$profiles->{$mod}{$uctype . '-Type'}); next if $profiles->{$mod}{$uctype . '-Type'} ne $val; $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); # bypasses a perl warning about @_, sigh my @tmparr = split("\n+",$output); $count += @tmparr; } # in case anything tries to jump in the 'additional' # block, let's try not to jump off the stack... $count-- if ($val eq 'Additional'); # no primary block, so output a stock pam_permit line # to keep the stack intact if ($val eq 'Primary' && $count == 0) { print OUTPUT "$type\t[default=1]\t\t\tpam_permit.so\n"; } $i = 0; for my $mod (@{$enabled}) { my $output; my @output; next if (!$profiles->{$mod}{$uctype . '-Type'}); next if $profiles->{$mod}{$uctype . '-Type'} ne $val; $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); for my $line (split("\n",$output)) { $line = merge_one_line($line,$diff, $count); print OUTPUT "$type\t$line"; $count--; } } $state++; } } close(INPUT); close(OUTPUT) or die("close($dest) failed: $!"); if ($state < 4) { unlink($dest); return 0; } return 1; } # take a template file, strip out everything between the markers, and # return the md5sum of the remaining contents. Used for testing for # local modifications of the boilerplate. sub get_template_md5sum { my($template) = @_; my $state = 0; open(INPUT,$template) || return ''; my($md5sum_fd,$output_fd); my $pid = open2($md5sum_fd, $output_fd, 'md5sum'); return '' if (!$pid); while (<INPUT>) { if ($state == 1) { if (/^# here's the fallback if no module succeeds/) { print $output_fd $_; $state++; } next; } if ($state == 3) { if (/^# end of pam-auth-update config/) { print $output_fd $_; $state++; } next; } print $output_fd $_; my ($pattern,$val); if ($state == 0) { $pattern = '^# here are the per-package modules \(the "Primary" block\)'; } elsif ($state == 2) { $pattern = '^# and here are more per-package modules \(the "Additional" block\)'; } else { next; } if (/$pattern/) { $state++; } } close(INPUT); close($output_fd); my $md5sum = <$md5sum_fd>; close($md5sum_fd); waitpid $pid, 0; $md5sum = (split(/\s+/,$md5sum))[0]; return $md5sum; } # merge a set of module declarations into a set of new config files, # using the information returned from diff_profiles(). sub write_profiles { my($profiles,$enabled,$confdir,$savedir,$diff,$force) = @_; if (! -d $savedir) { mkdir($savedir); } # because we can't atomically replace both /var/lib/pam/$foo and # /etc/pam.d/common-$foo at the same time, take steps to make this # somewhat robust for my $type ('auth','account','password','session', 'session-noninteractive') { my $target = $confdir . '/common-' . $type; my $template = $target; my $dest = $template . '.pam-new'; my $diff = $diff; if ($diff) { $diff = \%{$diff->{$type}}; } # Detect if the template is unmodified, and if so, use # the version from /usr/share. Depends on knowing the # md5sums of the originals. my $md5sum = get_template_md5sum($template); for my $i (@{$md5sums{$type}}) { if ($md5sum eq $i) { $template = '/usr/share/pam/common-' . $type; last; } } # first, write out the new config if (!create_from_template($template,$dest,$profiles,$enabled, $diff,$type)) { if (!$force) { return 0; } $template = '/usr/share/pam/common-' . $type; if (!create_from_template($template,$dest,$profiles, $enabled,$diff,$type)) { return 0; } } # then write out the saved config if (!open(OUTPUT, "> $savedir/$type.new")) { unlink($dest); return 0; } my $i = 0; my $uctype = ucfirst($type); for my $mod (@{$enabled}) { my $output; next if (!$profiles->{$mod}{$uctype . '-Type'}); next if ($profiles->{$mod}{$uctype . '-Type'} eq 'Additional'); $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); if ($output) { print OUTPUT "Module: $mod\n"; print OUTPUT $output . "\n"; } } # no primary block, so output a stock pam_permit line if ($i == 0) { print OUTPUT "Module: null\n"; print OUTPUT "[default=1]\t\t\tpam_permit.so\n"; } $i = 0; for my $mod (@{$enabled}) { my $output; next if (!$profiles->{$mod}{$uctype . '-Type'}); next if ($profiles->{$mod}{$uctype . '-Type'} eq 'Primary'); $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); if ($output) { print OUTPUT "Module: $mod\n"; print OUTPUT $output . "\n"; } } close(OUTPUT) or die("close($dest) failed: $!"); # then do the renames, back-to-back # we have to use system because File::Copy is in # perl-modules, not perl-base if (-e $target && $force) { system('cp','-f',$target,$target . '.pam-old') == 0 or die("cp -f ${target} ${target}.pam.old failed"); } rename($dest,$target) or die("rename($dest, $target) failed: $!"); rename("$savedir/${type}.new","$savedir/$type") or die("rename(${savedir}/${type}.new, ${savedir}/${type}) failed: $!"); } # at the end of a successful write, reset the 'seen' flag and the # value of the debconf override question. fset($overridetemplate,'seen','false'); set($overridetemplate,'false'); } # reconcile the current config in /etc/pam.d with the saved ones in # /var/lib/pam; returns a hash of profile names and the corresponding # options that should be added/removed relative to the stock config. # returns false if any of the markers are missing that permit a merge, # or on any other failure. sub diff_profiles { my ($sourcedir,$savedir) = @_; my (%diff); @{$diff{'mods'}} = (); # Load the saved config from /var/lib/pam, then iterate through all # lines in the current config that are in the managed block. # If anything fails here, just return immediately since we then # have nothing to merge; instead, the caller will decide later # whether to force an overwrite. for my $type ('auth','account','password','session', 'session-noninteractive') { my (@saved,$modname); open(SAVED,$savedir . '/' . $type) || return 0; while (<SAVED>) { if (/^Module: (.*)/) { $modname = $1; next; } chomp; # trim out the destination of any jumps; this saves # us from having to re-parse everything just to fix # up the jump lengths, when changes to these will # already show up as inconsistencies elsewhere s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; s/(\[.*)end(.*\])/$1$2/g; my (@temp) = ($modname,$_); push(@saved,\@temp); } close(SAVED); my $state = 0; my (@prev_opts,$curmod); my $realtype = $type; $realtype =~ s/-noninteractive//; open(CURRENT,$sourcedir . '/common-' . $type) || return 0; while (<CURRENT>) { if ($state == 0) { $state = 1 if (/^# here are the per-package modules \(the "Primary" block\)/); next; } if ($state == 1) { s/^$realtype\s+//; if (/^# here's the fallback if no module succeeds/) { $state = 2; next; } } if ($state == 2) { $state = 3 if (/^# and here are more per-package modules \(the "Additional" block\)/); next; } if ($state == 3) { last if (/^# end of pam-auth-update config/); s/^$realtype\s+//; } my $found = 0; my $curopts; while (!$found && $#saved >= 0) { my $line; ($modname,$line) = @{$saved[0]}; shift(@saved); $line =~ /^((\[[^]]+\]|\w+)\s+\S+)\s*(.*)/; @prev_opts = split(/\s+/,$3); $curmod = $1; # FIXME: the key isn't derived from the config # name, so collisions are possible if more # than one config references the same module $_ =~ s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; # check if this is a match for the current line if ($_ =~ /^\Q$curmod\E\s*(.*)$/) { $found = 1; $curopts = $1; push(@{$diff{'mods'}},$modname); } } # there's a line in the live config that doesn't # correspond to anything from the saved config. # treat this as a failure; it's very error-prone # to decide what to do with an added line that # didn't come from a package. return 0 if (!$found); for my $opt (split(/\s+/,$curopts)) { my $found = 0; for (my $i = 0; $i <= $#prev_opts; $i++) { if ($prev_opts[$i] eq $opt) { $found = 1; splice(@prev_opts,$i,1); } } $diff{$type}{'add'}{$curmod}{$opt} = 1 if (!$found); } for my $opt (@prev_opts) { $diff{$type}{'remove'}{$curmod}{$opt} = 1; } } close(CURRENT); # we couldn't parse the config, so the merge fails return 0 if ($state < 3); } return \%diff; } # simple function to parse a provided config file, in pseudo-RFC822 # format, sub parse_pam_profile { my ($profile) = $_[0]; my $fieldname; my %profile; open(PROFILE, $profile) || die "could not read profile $profile: $!"; while (<PROFILE>) { if (/^(\S+):\s+(.*)\s*$/) { $fieldname = $1; # compatibility with the first implementation round; # "Auth-Final" is now just called "Auth" $fieldname =~ s/-Final$//; if ($fieldname eq 'Conflicts') { foreach my $elem (split(/, /, $2)) { $profile{'Conflicts'}->{$elem} = 1; } } else { $profile{$fieldname} = $2; } } else { chomp; s/^\s+//; s/\s+$//; $profile{$fieldname} .= "\n$_" if ($_); $profile{$fieldname} =~ s/^[\n\s]+//; } } close(PROFILE); if (!defined($profile{'Session-Interactive-Only'})) { $profile{'Session-noninteractive-Type'} = $profile{'Session-Type'}; $profile{'Session-noninteractive'} = $profile{'Session'}; $profile{'Session-noninteractive-Initial'} = $profile{'Session-Initial'}; } return %profile; }
Close