/[gentoo-x86]/eclass/pam.eclass
Gentoo

Diff of /eclass/pam.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.9 Revision 1.22
1# Copyright 2004 Gentoo Foundation 1# Copyright 1999-2011 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License, v2 or later 2# Distributed under the terms of the GNU General Public License, v2 or later
3# Author Diego Pettenò <flameeyes@gentoo.org> 3# Author Diego Pettenò <flameeyes@gentoo.org>
4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.9 2005/09/09 10:31:35 flameeyes Exp $ 4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.22 2011/12/27 17:55:12 fauli Exp $
5# 5#
6# This eclass contains functions to install pamd configuration files and 6# This eclass contains functions to install pamd configuration files and
7# pam modules. 7# pam modules.
8 8
9inherit multilib 9if [[ ${___ECLASS_ONCE_PAM} != "recur -_+^+_- spank" ]] ; then
10___ECLASS_ONCE_PAM="recur -_+^+_- spank"
11
12inherit multilib flag-o-matic
10 13
11# dopamd <file> [more files] 14# dopamd <file> [more files]
12# 15#
13# Install pam auth config file in /etc/pam.d 16# Install pam auth config file in /etc/pam.d
14dopamd() { 17dopamd() {
15 [[ -z $1 ]] && die "dopamd requires at least one argument" 18 [[ -z $1 ]] && die "dopamd requires at least one argument"
16 19
17 if hasq pam ${IUSE} && ! use pam; then 20 if has pam ${IUSE} && ! use pam; then
18 return 0; 21 return 0;
19 fi 22 fi
20 23
21 INSDESTTREE=/etc/pam.d \ 24 ( # dont want to pollute calling env
25 insinto /etc/pam.d
26 insopts -m 0644
27 doins "$@"
22 doins "$@" || die "failed to install $@" 28 ) || die "failed to install $@"
23 cleanpamd "$@" 29 cleanpamd "$@"
24} 30}
25 31
26# newpamd <old name> <new name> 32# newpamd <old name> <new name>
27# 33#
28# Install pam file <old name> as <new name> in /etc/pam.d 34# Install pam file <old name> as <new name> in /etc/pam.d
29newpamd() { 35newpamd() {
30 [[ $# -ne 2 ]] && die "newpamd requires two arguments" 36 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
31 37
32 if hasq pam ${IUSE} && ! use pam; then 38 if has pam ${IUSE} && ! use pam; then
33 return 0; 39 return 0;
34 fi 40 fi
35 41
36 INSDESTTREE=/etc/pam.d \ 42 ( # dont want to pollute calling env
43 insinto /etc/pam.d
44 insopts -m 0644
45 newins "$1" "$2"
37 newins "$1" "$2" || die "failed to install $1 as $2" 46 ) || die "failed to install $1 as $2"
38 cleanpamd $2 47 cleanpamd $2
39} 48}
40 49
41# dopamsecurity <section> <file> [more files] 50# dopamsecurity <section> <file> [more files]
42# 51#
43# Installs the config files in /etc/security/<section>/ 52# Installs the config files in /etc/security/<section>/
44dopamsecurity() { 53dopamsecurity() {
45 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments" 54 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
46 55
47 if hasq pam ${IUSE} && ! use pam; then 56 if has pam ${IUSE} && ! use pam; then
48 return 0; 57 return 0
49 fi 58 fi
50 59
51 INSDESTTREE=/etc/security/$1 \ 60 ( # dont want to pollute calling env
52 doins "${@:2}" || die "failed to install ${@:2}" 61 insinto /etc/security/$1
62 insopts -m 0644
63 doins "${@:2}"
64 ) || die "failed to install ${@:2}"
53} 65}
54 66
55# newpamsecurity <section> <old name> <new name> 67# newpamsecurity <section> <old name> <new name>
56# 68#
57# Installs the config file <old name> as <new name> in /etc/security/<section>/ 69# Installs the config file <old name> as <new name> in /etc/security/<section>/
58newpamsecurity() { 70newpamsecurity() {
59 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments" 71 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
60 72
61 if hasq pam ${IUSE} && ! use pam; then 73 if has pam ${IUSE} && ! use pam; then
62 return 0; 74 return 0;
63 fi 75 fi
64 76
65 INSDESTTREE=/etc/security/$1 \ 77 ( # dont want to pollute calling env
78 insinto /etc/security/$1
79 insopts -m 0644
80 newins "$2" "$3"
66 newins "$2" "$3" || die "failed to install $2 as $3" 81 ) || die "failed to install $2 as $3"
67} 82}
68 83
69# getpam_mod_dir 84# getpam_mod_dir
70# 85#
71# Returns the pam modules' directory for current implementation 86# Returns the pam modules' directory for current implementation
72getpam_mod_dir() { 87getpam_mod_dir() {
73 if has_version sys-libs/pam || has_version sys-libs/openpam; then 88 if has_version sys-libs/pam || has_version sys-libs/openpam; then
74 PAM_MOD_DIR=/$(get_libdir)/security 89 PAM_MOD_DIR=/$(get_libdir)/security
75 elif use ppc-macos; then
76 # OSX looks there for pam modules
77 PAM_MOD_DIR=/usr/lib/pam
78 else 90 else
79 # Unable to find PAM implementation... defaulting 91 # Unable to find PAM implementation... defaulting
80 PAM_MOD_DIR=/$(get_libdir)/security 92 PAM_MOD_DIR=/$(get_libdir)/security
81 fi 93 fi
82 94
83 echo ${PAM_MOD_DIR} 95 echo ${PAM_MOD_DIR}
84} 96}
85 97
98# pammod_hide_symbols
99#
100# Hide all non-PAM-used symbols from the module; this function creates a
101# simple ld version script that hides all the symbols that are not
102# necessary for PAM to load the module, then uses append-flags to make
103# sure that it gets used.
104pammod_hide_symbols() {
105 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
106{
107 global: pam_sm_*;
108 local: *;
109};
110EOF
111
112 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
113}
114
86# dopammod <file> [more files] 115# dopammod <file> [more files]
87# 116#
88# Install pam module file in the pam modules' dir for current implementation 117# Install pam module file in the pam modules' dir for current implementation
89dopammod() { 118dopammod() {
90 [[ -z $1 ]] && die "dopammod requires at least one argument" 119 [[ -z $1 ]] && die "dopammod requires at least one argument"
91 120
92 if hasq pam ${IUSE} && ! use pam; then 121 if has pam ${IUSE} && ! use pam; then
93 return 0; 122 return 0;
94 fi 123 fi
95 124
96 exeinto $(getpam_mod_dir) 125 exeinto $(getpam_mod_dir)
97 doexe "$@" || die "failed to install $@" 126 doexe "$@" || die "failed to install $@"
102# Install pam module file <old name> as <new name> in the pam 131# Install pam module file <old name> as <new name> in the pam
103# modules' dir for current implementation 132# modules' dir for current implementation
104newpammod() { 133newpammod() {
105 [[ $# -ne 2 ]] && die "newpammod requires two arguements" 134 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
106 135
107 if hasq pam ${IUSE} && ! use pam; then 136 if has pam ${IUSE} && ! use pam; then
108 return 0; 137 return 0;
109 fi 138 fi
110 139
111 exeinto $(getpam_mod_dir) 140 exeinto $(getpam_mod_dir)
112 newexe "$1" "$2" || die "failed to install $1 as $2" 141 newexe "$1" "$2" || die "failed to install $1 as $2"
116# 145#
117# This function creates a pamd file which mimics system-auth file 146# This function creates a pamd file which mimics system-auth file
118# for the given levels in the /etc/pam.d directory. 147# for the given levels in the /etc/pam.d directory.
119pamd_mimic_system() { 148pamd_mimic_system() {
120 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments" 149 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
150 pamd_mimic system-auth "$@"
151}
121 152
153# pamd_mimic <stack> <pamd file> [auth levels]
154#
155# This function creates a pamd file which mimics the given stack
156# for the given levels in the /etc/pam.d directory.
157pamd_mimic() {
158 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
159
122 if hasq pam ${IUSE} && ! use pam; then 160 if has pam ${IUSE} && ! use pam; then
123 return 0; 161 return 0;
124 fi 162 fi
125 163
126 dodir /etc/pam.d 164 dodir /etc/pam.d
127 pamdfile=${D}/etc/pam.d/$1 165 pamdfile=${D}/etc/pam.d/$2
128 echo -e "# File autogenerated by pamd_mimic_system in pam eclass\n\n" >> \ 166 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
129 $pamdfile 167 $pamdfile
130 168
169 originalstack=$1
131 authlevels="auth account password session" 170 authlevels="auth account password session"
132 171
133 if has_version '<sys-libs/pam-0.78'; then 172 if has_version '<sys-libs/pam-0.78'; then
134 mimic="\trequired\t\tpam_stack.so service=system-auth" 173 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
135 else 174 else
136 mimic="\tinclude\t\tsystem-auth" 175 mimic="\tinclude\t\t${originalstack}"
137 fi 176 fi
138 177
139 shift 178 shift; shift
140 179
141 while [[ -n $1 ]]; do 180 while [[ -n $1 ]]; do
142 hasq $1 ${authlevels} || die "unknown level type" 181 has $1 ${authlevels} || die "unknown level type"
143 182
144 echo -e "$1${mimic}" >> ${pamdfile} 183 echo -e "$1${mimic}" >> ${pamdfile}
145 184
146 shift 185 shift
147 done 186 done
152# Cleans a pam.d file from modules that might not be present on the system 191# Cleans a pam.d file from modules that might not be present on the system
153# where it's going to be installed 192# where it's going to be installed
154cleanpamd() { 193cleanpamd() {
155 while [[ -n $1 ]]; do 194 while [[ -n $1 ]]; do
156 if ! has_version sys-libs/pam; then 195 if ! has_version sys-libs/pam; then
157 sed -i -e '/pam_shells\|pam_console/s:^:#:' ${D}/etc/pam.d/$1 196 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
158 fi 197 fi
159 198
160 shift 199 shift
161 done 200 done
162} 201}
202
203pam_epam_expand() {
204 sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
205 "$@" | sort -u | while read condition parameter; do
206
207 disable="yes"
208
209 case "$condition" in
210 If-Has)
211 message="This can be used only if you have ${parameter} installed"
212 has_version "$parameter" && disable="no"
213 ;;
214 Use-Flag)
215 message="This can be used only if you enabled the ${parameter} USE flag"
216 use "$parameter" && disable="no"
217 ;;
218 *)
219 eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
220 die "Unknown EPAM condition '${condition}' ('${parameter}')"
221 ;;
222 esac
223
224 if [ "${disable}" = "yes" ]; then
225 sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
226 else
227 sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
228 fi
229
230 done
231}
232
233# Think about it before uncommenting this one, for now run it by hand
234# pam_pkg_preinst() {
235# eshopts_push -o noglob # so that bash doen't expand "*"
236#
237# pam_epam_expand "${D}"/etc/pam.d/*
238#
239# eshopts_pop # reset old shell opts
240# }
241
242fi
Legend:
Removed from v.1.9  
changed lines
  Added in v.1.22
  ViewVC Help
Powered by ViewVC 1.1.13