|
|
|---|
| 29 |
# /usr/share/common-licenses/AGPL-3; if not, see |
29 |
# /usr/share/common-licenses/AGPL-3; if not, see |
| 30 |
# <http://www.gnu.org/licenses/>. |
30 |
# <http://www.gnu.org/licenses/>. |
| 31 |
|
31 |
|
|
|
32 |
function allow_root_login() { |
| 33 |
ucr unset --force auth/gdm/user/root \ |
| 34 |
auth/kdm/user/root \ |
| 35 |
auth/login/user/root \ |
| 36 |
auth/other/user/root \ |
| 37 |
auth/sshd/user/root |
| 38 |
|
| 39 |
# reset su restrictions |
| 40 |
ucr unset --force auth/su/restrict \ |
| 41 |
auth/su/user/root |
| 42 |
|
| 43 |
# set to the default values, these values are not set |
| 44 |
# during the pam installation, because they were set |
| 45 |
# in the force layer |
| 46 |
ucr set auth/gdm/user/root?yes \ |
| 47 |
auth/kdm/user/root?yes \ |
| 48 |
auth/login/user/root?yes \ |
| 49 |
auth/other/user/root?yes \ |
| 50 |
auth/sshd/user/root?yes |
| 51 |
} |
| 52 |
|
| 53 |
function restrict_root_login() { |
| 54 |
# disallow root login |
| 55 |
ucr set --force auth/gdm/user/root=no \ |
| 56 |
auth/kdm/user/root=no \ |
| 57 |
auth/login/user/root=no \ |
| 58 |
auth/other/user/root=no \ |
| 59 |
auth/sshd/user/root=no |
| 60 |
|
| 61 |
# disallow su |
| 62 |
ucr set --force auth/su/restrict=yes \ |
| 63 |
auth/su/user/root=no |
| 64 |
} |
| 65 |
|
| 32 |
if [ $# -eq 0 -o "$1" = "-h" -o "$1" = "--help" ]; then |
66 |
if [ $# -eq 0 -o "$1" = "-h" -o "$1" = "--help" ]; then |
| 33 |
echo |
67 |
echo |
| 34 |
echo "When started, deactivates all access to the UCS and enforces the" |
68 |
echo "When started, deactivates all access to the UCS and enforces the" |
|
|
|---|
| 62 |
# disable sites |
96 |
# disable sites |
| 63 |
a2dissite ${active_sites[@]} |
97 |
a2dissite ${active_sites[@]} |
| 64 |
|
98 |
|
|
|
99 |
restrict_root_login |
| 100 |
|
| 65 |
# enable system activation site configuration and reload apache |
101 |
# enable system activation site configuration and reload apache |
| 66 |
a2ensite univention-system-activation |
102 |
a2ensite univention-system-activation |
| 67 |
/etc/init.d/apache2 reload |
103 |
/etc/init.d/apache2 reload |
|
|
|---|
| 84 |
# unset previously stored sites |
120 |
# unset previously stored sites |
| 85 |
ucr unset apache2/system_activation/sites |
121 |
ucr unset apache2/system_activation/sites |
| 86 |
|
122 |
|
| 87 |
# allow root login again |
123 |
allow_root_login |
| 88 |
ucr unset --force auth/gdm/user/root \ |
|
|
| 89 |
auth/kdm/user/root \ |
| 90 |
auth/login/user/root \ |
| 91 |
auth/other/user/root \ |
| 92 |
auth/sshd/user/root |
| 93 |
|
124 |
|
| 94 |
# reset su restrictions |
|
|
| 95 |
ucr unset --force auth/su/restrict \ |
| 96 |
auth/su/user/root |
| 97 |
|
| 98 |
# set to the default values, these values are not set |
| 99 |
# during the pam installation, because they were set |
| 100 |
# in the force layer |
| 101 |
ucr set auth/gdm/user/root?yes \ |
| 102 |
auth/kdm/user/root?yes \ |
| 103 |
auth/login/user/root?yes \ |
| 104 |
auth/other/user/root?yes \ |
| 105 |
auth/sshd/user/root?yes |
| 106 |
|
| 107 |
# apache reload as last step |
125 |
# apache reload as last step |
| 108 |
/etc/init.d/apache2 reload |
126 |
/etc/init.d/apache2 reload |
|
|
127 |
elif [ "$ACTION" == "allow-root" ]; then |
| 128 |
allow_root_login |
| 129 |
elif [ "$ACTION" == "restrict-root" ]; then |
| 130 |
restrict_root_login |
| 109 |
else |
131 |
else |
| 110 |
echo |
132 |
echo |
| 111 |
echo "ERROR: Unknown action given" |
133 |
echo "ERROR: Unknown action given" |
| 112 |
echo |
134 |
echo |
| 113 |
exit 1 |
135 |
exit 1 |
| 114 |
fi |
136 |
fi |
| 115 |
|
|
|