/[gentoo-x86]/eclass/pam.eclass
Gentoo

Diff of /eclass/pam.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.8 Revision 1.22
1# Copyright 2004 Gentoo Foundation 1# Copyright 1999-2011 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License, v2 or later 2# Distributed under the terms of the GNU General Public License, v2 or later
3# Author Diego Pettenò <flameeyes@gentoo.org> 3# Author Diego Pettenò <flameeyes@gentoo.org>
4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.8 2005/07/06 20:23:20 agriffis Exp $ 4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.22 2011/12/27 17:55:12 fauli Exp $
5# 5#
6# This eclass contains functions to install pamd configuration files and 6# This eclass contains functions to install pamd configuration files and
7# pam modules. 7# pam modules.
8 8
9inherit multilib 9if [[ ${___ECLASS_ONCE_PAM} != "recur -_+^+_- spank" ]] ; then
10___ECLASS_ONCE_PAM="recur -_+^+_- spank"
11
12inherit multilib flag-o-matic
10 13
11# dopamd <file> [more files] 14# dopamd <file> [more files]
12# 15#
13# Install pam auth config file in /etc/pam.d 16# Install pam auth config file in /etc/pam.d
14dopamd() { 17dopamd() {
15 [[ -z $1 ]] && die "dopamd requires at least one argument" 18 [[ -z $1 ]] && die "dopamd requires at least one argument"
16 19
17 if hasq pam ${IUSE} && ! use pam; then 20 if has pam ${IUSE} && ! use pam; then
18 return 0; 21 return 0;
19 fi 22 fi
20 23
21 INSDESTTREE=/etc/pam.d \ 24 ( # dont want to pollute calling env
25 insinto /etc/pam.d
26 insopts -m 0644
27 doins "$@"
22 doins "$@" || die "failed to install $@" 28 ) || die "failed to install $@"
29 cleanpamd "$@"
23} 30}
24 31
25# newpamd <old name> <new name> 32# newpamd <old name> <new name>
26# 33#
27# Install pam file <old name> as <new name> in /etc/pam.d 34# Install pam file <old name> as <new name> in /etc/pam.d
28newpamd() { 35newpamd() {
29 [[ $# -ne 2 ]] && die "newpamd requires two arguments" 36 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
30 37
31 if hasq pam ${IUSE} && ! use pam; then 38 if has pam ${IUSE} && ! use pam; then
32 return 0; 39 return 0;
33 fi 40 fi
34 41
35 INSDESTTREE=/etc/pam.d \ 42 ( # dont want to pollute calling env
43 insinto /etc/pam.d
44 insopts -m 0644
45 newins "$1" "$2"
36 newins "$1" "$2" || die "failed to install $1 as $2" 46 ) || die "failed to install $1 as $2"
47 cleanpamd $2
37} 48}
38 49
39# dopamsecurity <section> <file> [more files] 50# dopamsecurity <section> <file> [more files]
40# 51#
41# Installs the config files in /etc/security/<section>/ 52# Installs the config files in /etc/security/<section>/
42dopamsecurity() { 53dopamsecurity() {
43 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments" 54 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
44 55
45 if hasq pam ${IUSE} && ! use pam; then 56 if has pam ${IUSE} && ! use pam; then
46 return 0; 57 return 0
47 fi 58 fi
48 59
49 INSDESTTREE=/etc/security/$1 \ 60 ( # dont want to pollute calling env
50 doins "${@:2}" || die "failed to install ${@:2}" 61 insinto /etc/security/$1
62 insopts -m 0644
63 doins "${@:2}"
64 ) || die "failed to install ${@:2}"
51} 65}
52 66
53# newpamsecurity <section> <old name> <new name> 67# newpamsecurity <section> <old name> <new name>
54# 68#
55# Installs the config file <old name> as <new name> in /etc/security/<section>/ 69# Installs the config file <old name> as <new name> in /etc/security/<section>/
56newpamsecurity() { 70newpamsecurity() {
57 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments" 71 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
58 72
59 if hasq pam ${IUSE} && ! use pam; then 73 if has pam ${IUSE} && ! use pam; then
60 return 0; 74 return 0;
61 fi 75 fi
62 76
63 INSDESTTREE=/etc/security/$1 \ 77 ( # dont want to pollute calling env
78 insinto /etc/security/$1
79 insopts -m 0644
80 newins "$2" "$3"
64 newins "$2" "$3" || die "failed to install $2 as $3" 81 ) || die "failed to install $2 as $3"
65} 82}
66 83
67# getpam_mod_dir 84# getpam_mod_dir
68# 85#
69# Returns the pam modules' directory for current implementation 86# Returns the pam modules' directory for current implementation
70getpam_mod_dir() { 87getpam_mod_dir() {
71 if has_version sys-libs/pam || has_version sys-libs/openpam; then 88 if has_version sys-libs/pam || has_version sys-libs/openpam; then
72 PAM_MOD_DIR=/$(get_libdir)/security 89 PAM_MOD_DIR=/$(get_libdir)/security
73 elif use ppc-macos; then
74 # OSX looks there for pam modules
75 PAM_MOD_DIR=/usr/lib/pam
76 else 90 else
77 # Unable to find PAM implementation... defaulting 91 # Unable to find PAM implementation... defaulting
78 PAM_MOD_DIR=/$(get_libdir)/security 92 PAM_MOD_DIR=/$(get_libdir)/security
79 fi 93 fi
80 94
81 echo ${PAM_MOD_DIR} 95 echo ${PAM_MOD_DIR}
82} 96}
83 97
98# pammod_hide_symbols
99#
100# Hide all non-PAM-used symbols from the module; this function creates a
101# simple ld version script that hides all the symbols that are not
102# necessary for PAM to load the module, then uses append-flags to make
103# sure that it gets used.
104pammod_hide_symbols() {
105 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
106{
107 global: pam_sm_*;
108 local: *;
109};
110EOF
111
112 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
113}
114
84# dopammod <file> [more files] 115# dopammod <file> [more files]
85# 116#
86# Install pam module file in the pam modules' dir for current implementation 117# Install pam module file in the pam modules' dir for current implementation
87dopammod() { 118dopammod() {
88 [[ -z $1 ]] && die "dopammod requires at least one argument" 119 [[ -z $1 ]] && die "dopammod requires at least one argument"
89 120
90 if hasq pam ${IUSE} && ! use pam; then 121 if has pam ${IUSE} && ! use pam; then
91 return 0; 122 return 0;
92 fi 123 fi
93 124
94 exeinto $(getpam_mod_dir) 125 exeinto $(getpam_mod_dir)
95 doexe "$@" || die "failed to install $@" 126 doexe "$@" || die "failed to install $@"
100# Install pam module file <old name> as <new name> in the pam 131# Install pam module file <old name> as <new name> in the pam
101# modules' dir for current implementation 132# modules' dir for current implementation
102newpammod() { 133newpammod() {
103 [[ $# -ne 2 ]] && die "newpammod requires two arguements" 134 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
104 135
105 if hasq pam ${IUSE} && ! use pam; then 136 if has pam ${IUSE} && ! use pam; then
106 return 0; 137 return 0;
107 fi 138 fi
108 139
109 exeinto $(getpam_mod_dir) 140 exeinto $(getpam_mod_dir)
110 newexe "$1" "$2" || die "failed to install $1 as $2" 141 newexe "$1" "$2" || die "failed to install $1 as $2"
114# 145#
115# This function creates a pamd file which mimics system-auth file 146# This function creates a pamd file which mimics system-auth file
116# for the given levels in the /etc/pam.d directory. 147# for the given levels in the /etc/pam.d directory.
117pamd_mimic_system() { 148pamd_mimic_system() {
118 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments" 149 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
150 pamd_mimic system-auth "$@"
151}
119 152
153# pamd_mimic <stack> <pamd file> [auth levels]
154#
155# This function creates a pamd file which mimics the given stack
156# for the given levels in the /etc/pam.d directory.
157pamd_mimic() {
158 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
159
120 if hasq pam ${IUSE} && ! use pam; then 160 if has pam ${IUSE} && ! use pam; then
121 return 0; 161 return 0;
122 fi 162 fi
123 163
124 dodir /etc/pam.d 164 dodir /etc/pam.d
125 pamdfile=${D}/etc/pam.d/$1 165 pamdfile=${D}/etc/pam.d/$2
126 echo -e "# File autogenerated by pamd_mimic_system in pam eclass\n\n" >> \ 166 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
127 $pamdfile 167 $pamdfile
128 168
169 originalstack=$1
129 authlevels="auth account password session" 170 authlevels="auth account password session"
130 171
131 if has_version '<sys-libs/pam-0.78'; then 172 if has_version '<sys-libs/pam-0.78'; then
132 mimic="\trequired\t\tpam_stack.so service=system-auth" 173 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
133 else 174 else
134 mimic="\tinclude\t\tsystem-auth" 175 mimic="\tinclude\t\t${originalstack}"
135 fi 176 fi
136 177
137 shift 178 shift; shift
138 179
139 while [[ -n $1 ]]; do 180 while [[ -n $1 ]]; do
140 hasq $1 ${authlevels} || die "unknown level type" 181 has $1 ${authlevels} || die "unknown level type"
141 182
142 echo -e "$1${mimic}" >> ${pamdfile} 183 echo -e "$1${mimic}" >> ${pamdfile}
143 184
144 shift 185 shift
145 done 186 done
146} 187}
188
189# cleanpamd <pamd file>
190#
191# Cleans a pam.d file from modules that might not be present on the system
192# where it's going to be installed
193cleanpamd() {
194 while [[ -n $1 ]]; do
195 if ! has_version sys-libs/pam; then
196 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
197 fi
198
199 shift
200 done
201}
202
203pam_epam_expand() {
204 sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
205 "$@" | sort -u | while read condition parameter; do
206
207 disable="yes"
208
209 case "$condition" in
210 If-Has)
211 message="This can be used only if you have ${parameter} installed"
212 has_version "$parameter" && disable="no"
213 ;;
214 Use-Flag)
215 message="This can be used only if you enabled the ${parameter} USE flag"
216 use "$parameter" && disable="no"
217 ;;
218 *)
219 eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
220 die "Unknown EPAM condition '${condition}' ('${parameter}')"
221 ;;
222 esac
223
224 if [ "${disable}" = "yes" ]; then
225 sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
226 else
227 sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
228 fi
229
230 done
231}
232
233# Think about it before uncommenting this one, for now run it by hand
234# pam_pkg_preinst() {
235# eshopts_push -o noglob # so that bash doen't expand "*"
236#
237# pam_epam_expand "${D}"/etc/pam.d/*
238#
239# eshopts_pop # reset old shell opts
240# }
241
242fi

Legend:
Removed from v.1.8  
changed lines
  Added in v.1.22

  ViewVC Help
Powered by ViewVC 1.1.20