/[gentoo-x86]/eclass/pam.eclass
Gentoo

Diff of /eclass/pam.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.14 Revision 1.20
1# Copyright 2004 Gentoo Foundation 1# Copyright 2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License, v2 or later 2# Distributed under the terms of the GNU General Public License, v2 or later
3# Author Diego Pettenò <flameeyes@gentoo.org> 3# Author Diego Pettenò <flameeyes@gentoo.org>
4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.14 2007/11/04 15:00:27 flameeyes Exp $ 4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.20 2011/07/08 11:35:01 ssuominen Exp $
5# 5#
6# This eclass contains functions to install pamd configuration files and 6# This eclass contains functions to install pamd configuration files and
7# pam modules. 7# pam modules.
8 8
9inherit multilib 9inherit multilib flag-o-matic
10 10
11# dopamd <file> [more files] 11# dopamd <file> [more files]
12# 12#
13# Install pam auth config file in /etc/pam.d 13# Install pam auth config file in /etc/pam.d
14dopamd() { 14dopamd() {
15 [[ -z $1 ]] && die "dopamd requires at least one argument" 15 [[ -z $1 ]] && die "dopamd requires at least one argument"
16 16
17 if hasq pam ${IUSE} && ! use pam; then 17 if has pam ${IUSE} && ! use pam; then
18 return 0; 18 return 0;
19 fi 19 fi
20 20
21 ( # dont want to pollute calling env 21 ( # dont want to pollute calling env
22 insinto /etc/pam.d 22 insinto /etc/pam.d
30# 30#
31# Install pam file <old name> as <new name> in /etc/pam.d 31# Install pam file <old name> as <new name> in /etc/pam.d
32newpamd() { 32newpamd() {
33 [[ $# -ne 2 ]] && die "newpamd requires two arguments" 33 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
34 34
35 if hasq pam ${IUSE} && ! use pam; then 35 if has pam ${IUSE} && ! use pam; then
36 return 0; 36 return 0;
37 fi 37 fi
38 38
39 ( # dont want to pollute calling env 39 ( # dont want to pollute calling env
40 insinto /etc/pam.d 40 insinto /etc/pam.d
48# 48#
49# Installs the config files in /etc/security/<section>/ 49# Installs the config files in /etc/security/<section>/
50dopamsecurity() { 50dopamsecurity() {
51 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments" 51 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
52 52
53 if hasq pam ${IUSE} && ! use pam; then 53 if has pam ${IUSE} && ! use pam; then
54 return 0 54 return 0
55 fi 55 fi
56 56
57 ( # dont want to pollute calling env 57 ( # dont want to pollute calling env
58 insinto /etc/security/$1 58 insinto /etc/security/$1
65# 65#
66# Installs the config file <old name> as <new name> in /etc/security/<section>/ 66# Installs the config file <old name> as <new name> in /etc/security/<section>/
67newpamsecurity() { 67newpamsecurity() {
68 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments" 68 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
69 69
70 if hasq pam ${IUSE} && ! use pam; then 70 if has pam ${IUSE} && ! use pam; then
71 return 0; 71 return 0;
72 fi 72 fi
73 73
74 ( # dont want to pollute calling env 74 ( # dont want to pollute calling env
75 insinto /etc/security/$1 75 insinto /etc/security/$1
82# 82#
83# Returns the pam modules' directory for current implementation 83# Returns the pam modules' directory for current implementation
84getpam_mod_dir() { 84getpam_mod_dir() {
85 if has_version sys-libs/pam || has_version sys-libs/openpam; then 85 if has_version sys-libs/pam || has_version sys-libs/openpam; then
86 PAM_MOD_DIR=/$(get_libdir)/security 86 PAM_MOD_DIR=/$(get_libdir)/security
87 elif use ppc-macos; then
88 # OSX looks there for pam modules
89 PAM_MOD_DIR=/usr/lib/pam
90 else 87 else
91 # Unable to find PAM implementation... defaulting 88 # Unable to find PAM implementation... defaulting
92 PAM_MOD_DIR=/$(get_libdir)/security 89 PAM_MOD_DIR=/$(get_libdir)/security
93 fi 90 fi
94 91
95 echo ${PAM_MOD_DIR} 92 echo ${PAM_MOD_DIR}
96} 93}
97 94
95# pammod_hide_symbols
96#
97# Hide all non-PAM-used symbols from the module; this function creates a
98# simple ld version script that hides all the symbols that are not
99# necessary for PAM to load the module, then uses append-flags to make
100# sure that it gets used.
101pammod_hide_symbols() {
102 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
103{
104 global: pam_sm_*;
105 local: *;
106};
107EOF
108
109 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
110}
111
98# dopammod <file> [more files] 112# dopammod <file> [more files]
99# 113#
100# Install pam module file in the pam modules' dir for current implementation 114# Install pam module file in the pam modules' dir for current implementation
101dopammod() { 115dopammod() {
102 [[ -z $1 ]] && die "dopammod requires at least one argument" 116 [[ -z $1 ]] && die "dopammod requires at least one argument"
103 117
104 if hasq pam ${IUSE} && ! use pam; then 118 if has pam ${IUSE} && ! use pam; then
105 return 0; 119 return 0;
106 fi 120 fi
107 121
108 exeinto $(getpam_mod_dir) 122 exeinto $(getpam_mod_dir)
109 doexe "$@" || die "failed to install $@" 123 doexe "$@" || die "failed to install $@"
114# Install pam module file <old name> as <new name> in the pam 128# Install pam module file <old name> as <new name> in the pam
115# modules' dir for current implementation 129# modules' dir for current implementation
116newpammod() { 130newpammod() {
117 [[ $# -ne 2 ]] && die "newpammod requires two arguements" 131 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
118 132
119 if hasq pam ${IUSE} && ! use pam; then 133 if has pam ${IUSE} && ! use pam; then
120 return 0; 134 return 0;
121 fi 135 fi
122 136
123 exeinto $(getpam_mod_dir) 137 exeinto $(getpam_mod_dir)
124 newexe "$1" "$2" || die "failed to install $1 as $2" 138 newexe "$1" "$2" || die "failed to install $1 as $2"
128# 142#
129# This function creates a pamd file which mimics system-auth file 143# This function creates a pamd file which mimics system-auth file
130# for the given levels in the /etc/pam.d directory. 144# for the given levels in the /etc/pam.d directory.
131pamd_mimic_system() { 145pamd_mimic_system() {
132 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments" 146 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
147 pamd_mimic system-auth "$@"
148}
133 149
150# pamd_mimic <stack> <pamd file> [auth levels]
151#
152# This function creates a pamd file which mimics the given stack
153# for the given levels in the /etc/pam.d directory.
154pamd_mimic() {
155 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
156
134 if hasq pam ${IUSE} && ! use pam; then 157 if has pam ${IUSE} && ! use pam; then
135 return 0; 158 return 0;
136 fi 159 fi
137 160
138 dodir /etc/pam.d 161 dodir /etc/pam.d
139 pamdfile=${D}/etc/pam.d/$1 162 pamdfile=${D}/etc/pam.d/$2
140 echo -e "# File autogenerated by pamd_mimic_system in pam eclass\n\n" >> \ 163 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
141 $pamdfile 164 $pamdfile
142 165
166 originalstack=$1
143 authlevels="auth account password session" 167 authlevels="auth account password session"
144 168
145 if has_version '<sys-libs/pam-0.78'; then 169 if has_version '<sys-libs/pam-0.78'; then
146 mimic="\trequired\t\tpam_stack.so service=system-auth" 170 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
147 else 171 else
148 mimic="\tinclude\t\tsystem-auth" 172 mimic="\tinclude\t\t${originalstack}"
149 fi 173 fi
150 174
151 shift 175 shift; shift
152 176
153 while [[ -n $1 ]]; do 177 while [[ -n $1 ]]; do
154 hasq $1 ${authlevels} || die "unknown level type" 178 has $1 ${authlevels} || die "unknown level type"
155 179
156 echo -e "$1${mimic}" >> ${pamdfile} 180 echo -e "$1${mimic}" >> ${pamdfile}
157 181
158 shift 182 shift
159 done 183 done
164# Cleans a pam.d file from modules that might not be present on the system 188# Cleans a pam.d file from modules that might not be present on the system
165# where it's going to be installed 189# where it's going to be installed
166cleanpamd() { 190cleanpamd() {
167 while [[ -n $1 ]]; do 191 while [[ -n $1 ]]; do
168 if ! has_version sys-libs/pam; then 192 if ! has_version sys-libs/pam; then
169 sed -i -e '/pam_shells\|pam_console/s:^:#:' ${D}/etc/pam.d/$1 193 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
170 fi 194 fi
171 195
172 shift 196 shift
173 done 197 done
174} 198}
203 done 227 done
204} 228}
205 229
206# Think about it before uncommenting this one, for now run it by hand 230# Think about it before uncommenting this one, for now run it by hand
207# pam_pkg_preinst() { 231# pam_pkg_preinst() {
208# local shopts=$-
209# set -o noglob # so that bash doen't expand "*" 232# eshopts_push -o noglob # so that bash doen't expand "*"
210# 233#
211# pam_epam_expand "${D}"/etc/pam.d/* 234# pam_epam_expand "${D}"/etc/pam.d/*
212# 235#
213# set +o noglob; set -$shopts # reset old shell opts 236# eshopts_pop # reset old shell opts
214# } 237# }

Legend:
Removed from v.1.14  
changed lines
  Added in v.1.20

  ViewVC Help
Powered by ViewVC 1.1.20