/[gentoo-x86]/eclass/pam.eclass
Gentoo

Diff of /eclass/pam.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.7 Revision 1.22
1# Copyright 2004 Gentoo Foundation 1# Copyright 1999-2011 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License, v2 or later 2# Distributed under the terms of the GNU General Public License, v2 or later
3# Author Diego Pettenò <flameeyes@gentoo.org> 3# Author Diego Pettenò <flameeyes@gentoo.org>
4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.7 2005/07/06 20:20:04 agriffis Exp $ 4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.22 2011/12/27 17:55:12 fauli Exp $
5# 5#
6# This eclass contains functions to install pamd configuration files and 6# This eclass contains functions to install pamd configuration files and
7# pam modules. 7# pam modules.
8 8
9inherit multilib 9if [[ ${___ECLASS_ONCE_PAM} != "recur -_+^+_- spank" ]] ; then
10INHERITED="$INHERITED $ECLASS" 10___ECLASS_ONCE_PAM="recur -_+^+_- spank"
11
12inherit multilib flag-o-matic
11 13
12# dopamd <file> [more files] 14# dopamd <file> [more files]
13# 15#
14# Install pam auth config file in /etc/pam.d 16# Install pam auth config file in /etc/pam.d
15dopamd() { 17dopamd() {
16 [[ -z $1 ]] && die "dopamd requires at least one argument" 18 [[ -z $1 ]] && die "dopamd requires at least one argument"
17 19
18 if hasq pam ${IUSE} && ! use pam; then 20 if has pam ${IUSE} && ! use pam; then
19 return 0; 21 return 0;
20 fi 22 fi
21 23
22 INSDESTTREE=/etc/pam.d \ 24 ( # dont want to pollute calling env
25 insinto /etc/pam.d
26 insopts -m 0644
27 doins "$@"
23 doins "$@" || die "failed to install $@" 28 ) || die "failed to install $@"
29 cleanpamd "$@"
24} 30}
25 31
26# newpamd <old name> <new name> 32# newpamd <old name> <new name>
27# 33#
28# Install pam file <old name> as <new name> in /etc/pam.d 34# Install pam file <old name> as <new name> in /etc/pam.d
29newpamd() { 35newpamd() {
30 [[ $# -ne 2 ]] && die "newpamd requires two arguments" 36 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
31 37
32 if hasq pam ${IUSE} && ! use pam; then 38 if has pam ${IUSE} && ! use pam; then
33 return 0; 39 return 0;
34 fi 40 fi
35 41
36 INSDESTTREE=/etc/pam.d \ 42 ( # dont want to pollute calling env
43 insinto /etc/pam.d
44 insopts -m 0644
45 newins "$1" "$2"
37 newins "$1" "$2" || die "failed to install $1 as $2" 46 ) || die "failed to install $1 as $2"
47 cleanpamd $2
38} 48}
39 49
40# dopamsecurity <section> <file> [more files] 50# dopamsecurity <section> <file> [more files]
41# 51#
42# Installs the config files in /etc/security/<section>/ 52# Installs the config files in /etc/security/<section>/
43dopamsecurity() { 53dopamsecurity() {
44 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments" 54 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
45 55
46 if hasq pam ${IUSE} && ! use pam; then 56 if has pam ${IUSE} && ! use pam; then
47 return 0; 57 return 0
48 fi 58 fi
49 59
50 INSDESTTREE=/etc/security/$1 \ 60 ( # dont want to pollute calling env
51 doins "${@:2}" || die "failed to install ${@:2}" 61 insinto /etc/security/$1
62 insopts -m 0644
63 doins "${@:2}"
64 ) || die "failed to install ${@:2}"
52} 65}
53 66
54# newpamsecurity <section> <old name> <new name> 67# newpamsecurity <section> <old name> <new name>
55# 68#
56# Installs the config file <old name> as <new name> in /etc/security/<section>/ 69# Installs the config file <old name> as <new name> in /etc/security/<section>/
57newpamsecurity() { 70newpamsecurity() {
58 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments" 71 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
59 72
60 if hasq pam ${IUSE} && ! use pam; then 73 if has pam ${IUSE} && ! use pam; then
61 return 0; 74 return 0;
62 fi 75 fi
63 76
64 INSDESTTREE=/etc/security/$1 \ 77 ( # dont want to pollute calling env
78 insinto /etc/security/$1
79 insopts -m 0644
80 newins "$2" "$3"
65 newins "$2" "$3" || die "failed to install $2 as $3" 81 ) || die "failed to install $2 as $3"
66} 82}
67 83
68# getpam_mod_dir 84# getpam_mod_dir
69# 85#
70# Returns the pam modules' directory for current implementation 86# Returns the pam modules' directory for current implementation
71getpam_mod_dir() { 87getpam_mod_dir() {
72 if has_version sys-libs/pam || has_version sys-libs/openpam; then 88 if has_version sys-libs/pam || has_version sys-libs/openpam; then
73 PAM_MOD_DIR=/$(get_libdir)/security 89 PAM_MOD_DIR=/$(get_libdir)/security
74 elif use ppc-macos; then
75 # OSX looks there for pam modules
76 PAM_MOD_DIR=/usr/lib/pam
77 else 90 else
78 # Unable to find PAM implementation... defaulting 91 # Unable to find PAM implementation... defaulting
79 PAM_MOD_DIR=/$(get_libdir)/security 92 PAM_MOD_DIR=/$(get_libdir)/security
80 fi 93 fi
81 94
82 echo ${PAM_MOD_DIR} 95 echo ${PAM_MOD_DIR}
83} 96}
84 97
98# pammod_hide_symbols
99#
100# Hide all non-PAM-used symbols from the module; this function creates a
101# simple ld version script that hides all the symbols that are not
102# necessary for PAM to load the module, then uses append-flags to make
103# sure that it gets used.
104pammod_hide_symbols() {
105 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
106{
107 global: pam_sm_*;
108 local: *;
109};
110EOF
111
112 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
113}
114
85# dopammod <file> [more files] 115# dopammod <file> [more files]
86# 116#
87# Install pam module file in the pam modules' dir for current implementation 117# Install pam module file in the pam modules' dir for current implementation
88dopammod() { 118dopammod() {
89 [[ -z $1 ]] && die "dopammod requires at least one argument" 119 [[ -z $1 ]] && die "dopammod requires at least one argument"
90 120
91 if hasq pam ${IUSE} && ! use pam; then 121 if has pam ${IUSE} && ! use pam; then
92 return 0; 122 return 0;
93 fi 123 fi
94 124
95 exeinto $(getpam_mod_dir) 125 exeinto $(getpam_mod_dir)
96 doexe "$@" || die "failed to install $@" 126 doexe "$@" || die "failed to install $@"
101# Install pam module file <old name> as <new name> in the pam 131# Install pam module file <old name> as <new name> in the pam
102# modules' dir for current implementation 132# modules' dir for current implementation
103newpammod() { 133newpammod() {
104 [[ $# -ne 2 ]] && die "newpammod requires two arguements" 134 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
105 135
106 if hasq pam ${IUSE} && ! use pam; then 136 if has pam ${IUSE} && ! use pam; then
107 return 0; 137 return 0;
108 fi 138 fi
109 139
110 exeinto $(getpam_mod_dir) 140 exeinto $(getpam_mod_dir)
111 newexe "$1" "$2" || die "failed to install $1 as $2" 141 newexe "$1" "$2" || die "failed to install $1 as $2"
115# 145#
116# This function creates a pamd file which mimics system-auth file 146# This function creates a pamd file which mimics system-auth file
117# for the given levels in the /etc/pam.d directory. 147# for the given levels in the /etc/pam.d directory.
118pamd_mimic_system() { 148pamd_mimic_system() {
119 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments" 149 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
150 pamd_mimic system-auth "$@"
151}
120 152
153# pamd_mimic <stack> <pamd file> [auth levels]
154#
155# This function creates a pamd file which mimics the given stack
156# for the given levels in the /etc/pam.d directory.
157pamd_mimic() {
158 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
159
121 if hasq pam ${IUSE} && ! use pam; then 160 if has pam ${IUSE} && ! use pam; then
122 return 0; 161 return 0;
123 fi 162 fi
124 163
125 dodir /etc/pam.d 164 dodir /etc/pam.d
126 pamdfile=${D}/etc/pam.d/$1 165 pamdfile=${D}/etc/pam.d/$2
127 echo -e "# File autogenerated by pamd_mimic_system in pam eclass\n\n" >> \ 166 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
128 $pamdfile 167 $pamdfile
129 168
169 originalstack=$1
130 authlevels="auth account password session" 170 authlevels="auth account password session"
131 171
132 if has_version '<sys-libs/pam-0.78'; then 172 if has_version '<sys-libs/pam-0.78'; then
133 mimic="\trequired\t\tpam_stack.so service=system-auth" 173 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
134 else 174 else
135 mimic="\tinclude\t\tsystem-auth" 175 mimic="\tinclude\t\t${originalstack}"
136 fi 176 fi
137 177
138 shift 178 shift; shift
139 179
140 while [[ -n $1 ]]; do 180 while [[ -n $1 ]]; do
141 hasq $1 ${authlevels} || die "unknown level type" 181 has $1 ${authlevels} || die "unknown level type"
142 182
143 echo -e "$1${mimic}" >> ${pamdfile} 183 echo -e "$1${mimic}" >> ${pamdfile}
144 184
145 shift 185 shift
146 done 186 done
147} 187}
188
189# cleanpamd <pamd file>
190#
191# Cleans a pam.d file from modules that might not be present on the system
192# where it's going to be installed
193cleanpamd() {
194 while [[ -n $1 ]]; do
195 if ! has_version sys-libs/pam; then
196 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
197 fi
198
199 shift
200 done
201}
202
203pam_epam_expand() {
204 sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
205 "$@" | sort -u | while read condition parameter; do
206
207 disable="yes"
208
209 case "$condition" in
210 If-Has)
211 message="This can be used only if you have ${parameter} installed"
212 has_version "$parameter" && disable="no"
213 ;;
214 Use-Flag)
215 message="This can be used only if you enabled the ${parameter} USE flag"
216 use "$parameter" && disable="no"
217 ;;
218 *)
219 eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
220 die "Unknown EPAM condition '${condition}' ('${parameter}')"
221 ;;
222 esac
223
224 if [ "${disable}" = "yes" ]; then
225 sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
226 else
227 sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
228 fi
229
230 done
231}
232
233# Think about it before uncommenting this one, for now run it by hand
234# pam_pkg_preinst() {
235# eshopts_push -o noglob # so that bash doen't expand "*"
236#
237# pam_epam_expand "${D}"/etc/pam.d/*
238#
239# eshopts_pop # reset old shell opts
240# }
241
242fi

Legend:
Removed from v.1.7  
changed lines
  Added in v.1.22

  ViewVC Help
Powered by ViewVC 1.1.20