/[gentoo-x86]/eclass/pam.eclass

Diff of /eclass/pam.eclass

Parent Directory | Revision Log | View Patch Patch

Revision 1.13		Revision 1.23
1	# Copyright 2004 Gentoo Foundation	1	# Copyright 1999-2012 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License, v2 or later	2	# Distributed under the terms of the GNU General Public License, v2 or later
3	# Author Diego Pettenò <flameeyes@gentoo.org>
4	# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.13 2007/07/12 14:37:40 flameeyes Exp $	3	# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.23 2012/08/05 15:34:20 jlec Exp $
5	#	4	#
		5
		6	# @ECLASS: pam.eclass
		7	# @MAINTAINER:
		8	# pam-bugs@gentoo.org
		9	# @AUTHOR:
		10	# Diego Pettenò <flameeyes@gentoo.org>
		11	# @BLURB: Handles pam related tasks
		12	# @DESCRIPTION:
6	# This eclass contains functions to install pamd configuration files and	13	# This eclass contains functions to install pamd configuration files and
7	# pam modules.	14	# pam modules.
8		15
9	inherit multilib	16	if [[ ${___ECLASS_ONCE_PAM} != "recur -_+^+_- spank" ]] ; then
		17	___ECLASS_ONCE_PAM="recur -_+^+_- spank"
10		18
		19	inherit flag-o-matic multilib
		20
		21	# @FUNCTION: dopamd
11	# dopamd <file> [more files]	22	# @USAGE: <file> [more files]
12	#	23	# @DESCRIPTION:
13	# Install pam auth config file in /etc/pam.d	24	# Install pam auth config file in /etc/pam.d
14	dopamd() {	25	dopamd() {
15	[[ -z $1 ]] && die "dopamd requires at least one argument"	26	[[ -z $1 ]] && die "dopamd requires at least one argument"
16		27
17	if hasq pam ${IUSE} && ! use pam; then	28	if has pam ${IUSE} && ! use pam; then
18	return 0;	29	return 0;
19	fi	30	fi
20		31
21	( # dont want to pollute calling env	32	( # dont want to pollute calling env
22	insinto /etc/pam.d	33	insinto /etc/pam.d
…		…
24	doins "$@"	35	doins "$@"
25	) \|\| die "failed to install $@"	36	) \|\| die "failed to install $@"
26	cleanpamd "$@"	37	cleanpamd "$@"
27	}	38	}
28		39
		40	# @FUNCTION: newpamd
29	# newpamd <old name> <new name>	41	# @USAGE: <old name> <new name>
30	#	42	# @DESCRIPTION:
31	# Install pam file <old name> as <new name> in /etc/pam.d	43	# Install pam file <old name> as <new name> in /etc/pam.d
32	newpamd() {	44	newpamd() {
33	[[ $# -ne 2 ]] && die "newpamd requires two arguments"	45	[[ $# -ne 2 ]] && die "newpamd requires two arguments"
34		46
35	if hasq pam ${IUSE} && ! use pam; then	47	if has pam ${IUSE} && ! use pam; then
36	return 0;	48	return 0;
37	fi	49	fi
38		50
39	( # dont want to pollute calling env	51	( # dont want to pollute calling env
40	insinto /etc/pam.d	52	insinto /etc/pam.d
…		…
42	newins "$1" "$2"	54	newins "$1" "$2"
43	) \|\| die "failed to install $1 as $2"	55	) \|\| die "failed to install $1 as $2"
44	cleanpamd $2	56	cleanpamd $2
45	}	57	}
46		58
		59	# @FUNCTION: dopamsecurity
47	# dopamsecurity <section> <file> [more files]	60	# @USAGE: <section> <file> [more files]
48	#	61	# @DESCRIPTION:
49	# Installs the config files in /etc/security/<section>/	62	# Installs the config files in /etc/security/<section>/
50	dopamsecurity() {	63	dopamsecurity() {
51	[[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"	64	[[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
52		65
53	if hasq pam ${IUSE} && ! use pam; then	66	if has pam ${IUSE} && ! use pam; then
54	return 0	67	return 0
55	fi	68	fi
56		69
57	( # dont want to pollute calling env	70	( # dont want to pollute calling env
58	insinto /etc/security/$1	71	insinto /etc/security/$1
59	insopts -m 0644	72	insopts -m 0644
60	doins "${@:2}"	73	doins "${@:2}"
61	) \|\| die "failed to install ${@:2}"	74	) \|\| die "failed to install ${@:2}"
62	}	75	}
63		76
		77	# @FUNCTION: newpamsecurity
64	# newpamsecurity <section> <old name> <new name>	78	# @USAGE: <section> <old name> <new name>
65	#	79	# @DESCRIPTION:
66	# Installs the config file <old name> as <new name> in /etc/security/<section>/	80	# Installs the config file <old name> as <new name> in /etc/security/<section>/
67	newpamsecurity() {	81	newpamsecurity() {
68	[[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"	82	[[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
69		83
70	if hasq pam ${IUSE} && ! use pam; then	84	if has pam ${IUSE} && ! use pam; then
71	return 0;	85	return 0;
72	fi	86	fi
73		87
74	( # dont want to pollute calling env	88	( # dont want to pollute calling env
75	insinto /etc/security/$1	89	insinto /etc/security/$1
76	insopts -m 0644	90	insopts -m 0644
77	newins "$2" "$3"	91	newins "$2" "$3"
78	) \|\| die "failed to install $2 as $3"	92	) \|\| die "failed to install $2 as $3"
79	}	93	}
80		94
81	# getpam_mod_dir	95	# @FUNCTION: getpam_mod_dir
82	#	96	# @DESCRIPTION:
83	# Returns the pam modules' directory for current implementation	97	# Returns the pam modules' directory for current implementation
84	getpam_mod_dir() {	98	getpam_mod_dir() {
85	if has_version sys-libs/pam \|\| has_version sys-libs/openpam; then	99	if has_version sys-libs/pam \|\| has_version sys-libs/openpam; then
86	PAM_MOD_DIR=/$(get_libdir)/security	100	PAM_MOD_DIR=/$(get_libdir)/security
87	elif use ppc-macos; then
88	# OSX looks there for pam modules
89	PAM_MOD_DIR=/usr/lib/pam
90	else	101	else
91	# Unable to find PAM implementation... defaulting	102	# Unable to find PAM implementation... defaulting
92	PAM_MOD_DIR=/$(get_libdir)/security	103	PAM_MOD_DIR=/$(get_libdir)/security
93	fi	104	fi
94		105
95	echo ${PAM_MOD_DIR}	106	echo ${PAM_MOD_DIR}
96	}	107	}
97		108
98	# dopammod <file> [more files]	109	# @FUNCTION: pammod_hide_symbols
99	#	110	# @DESCRIPTION:
		111	# Hide all non-PAM-used symbols from the module; this function creates a
		112	# simple ld version script that hides all the symbols that are not
		113	# necessary for PAM to load the module, then uses append-flags to make
		114	# sure that it gets used.
		115	pammod_hide_symbols() {
		116	cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
		117	{
		118	global: pam_sm_*;
		119	local: *;
		120	};
		121	EOF
		122
		123	append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
		124	}
		125
		126	# @FUNCTION: dopammod
		127	# @USAGE: <file> [more files]
		128	# @DESCRIPTION:
100	# Install pam module file in the pam modules' dir for current implementation	129	# Install pam module file in the pam modules' dir for current implementation
101	dopammod() {	130	dopammod() {
102	[[ -z $1 ]] && die "dopammod requires at least one argument"	131	[[ -z $1 ]] && die "dopammod requires at least one argument"
103		132
104	if hasq pam ${IUSE} && ! use pam; then	133	if has pam ${IUSE} && ! use pam; then
105	return 0;	134	return 0;
106	fi	135	fi
107		136
108	exeinto $(getpam_mod_dir)	137	exeinto $(getpam_mod_dir)
109	doexe "$@" \|\| die "failed to install $@"	138	doexe "$@" \|\| die "failed to install $@"
110	}	139	}
111		140
		141	# @FUNCTION: newpammod
112	# newpammod <old name> <new name>	142	# @USAGE: <old name> <new name>
113	#	143	# @DESCRIPTION:
114	# Install pam module file <old name> as <new name> in the pam	144	# Install pam module file <old name> as <new name> in the pam
115	# modules' dir for current implementation	145	# modules' dir for current implementation
116	newpammod() {	146	newpammod() {
117	[[ $# -ne 2 ]] && die "newpammod requires two arguements"	147	[[ $# -ne 2 ]] && die "newpammod requires two arguements"
118		148
119	if hasq pam ${IUSE} && ! use pam; then	149	if has pam ${IUSE} && ! use pam; then
120	return 0;	150	return 0;
121	fi	151	fi
122		152
123	exeinto $(getpam_mod_dir)	153	exeinto $(getpam_mod_dir)
124	newexe "$1" "$2" \|\| die "failed to install $1 as $2"	154	newexe "$1" "$2" \|\| die "failed to install $1 as $2"
125	}	155	}
126		156
127	# pamd_mimic_system <pamd file> [auth levels]	157	# @FUNCTION: pamd_mimic_system
128	#	158	# @USAGE: <pamd file> [auth levels]
		159	# @DESCRIPTION:
129	# This function creates a pamd file which mimics system-auth file	160	# This function creates a pamd file which mimics system-auth file
130	# for the given levels in the /etc/pam.d directory.	161	# for the given levels in the /etc/pam.d directory.
131	pamd_mimic_system() {	162	pamd_mimic_system() {
132	[[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"	163	[[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
		164	pamd_mimic system-auth "$@"
		165	}
133		166
		167	# @FUNCTION: pamd_mimic
		168	# @USAGE: <stack> <pamd file> [auth levels]
		169	# @DESCRIPTION:
		170	# This function creates a pamd file which mimics the given stack
		171	# for the given levels in the /etc/pam.d directory.
		172	pamd_mimic() {
		173	[[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
		174
134	if hasq pam ${IUSE} && ! use pam; then	175	if has pam ${IUSE} && ! use pam; then
135	return 0;	176	return 0;
136	fi	177	fi
137		178
138	dodir /etc/pam.d	179	dodir /etc/pam.d
139	pamdfile=${D}/etc/pam.d/$1	180	pamdfile=${D}/etc/pam.d/$2
140	echo -e "# File autogenerated by pamd_mimic_system in pam eclass\n\n" >> \	181	echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
141	$pamdfile	182	$pamdfile
142		183
		184	originalstack=$1
143	authlevels="auth account password session"	185	authlevels="auth account password session"
144		186
145	if has_version '<sys-libs/pam-0.78'; then	187	if has_version '<sys-libs/pam-0.78'; then
146	mimic="\trequired\t\tpam_stack.so service=system-auth"	188	mimic="\trequired\t\tpam_stack.so service=${originalstack}"
147	else	189	else
148	mimic="\tinclude\t\tsystem-auth"	190	mimic="\tinclude\t\t${originalstack}"
149	fi	191	fi
150		192
151	shift	193	shift; shift
152		194
153	while [[ -n $1 ]]; do	195	while [[ -n $1 ]]; do
154	hasq $1 ${authlevels} \|\| die "unknown level type"	196	has $1 ${authlevels} \|\| die "unknown level type"
155		197
156	echo -e "$1${mimic}" >> ${pamdfile}	198	echo -e "$1${mimic}" >> ${pamdfile}
157		199
158	shift	200	shift
159	done	201	done
160	}	202	}
161		203
162	# cleanpamd <pamd file>	204	# @FUNCTION: cleanpamd
163	#	205	# @USAGE: <pamd file>
		206	# @DESCRIPTION:
164	# Cleans a pam.d file from modules that might not be present on the system	207	# Cleans a pam.d file from modules that might not be present on the system
165	# where it's going to be installed	208	# where it's going to be installed
166	cleanpamd() {	209	cleanpamd() {
167	while [[ -n $1 ]]; do	210	while [[ -n $1 ]]; do
168	if ! has_version sys-libs/pam; then	211	if ! has_version sys-libs/pam; then
169	sed -i -e '/pam_shells\\|pam_console/s:^:#:' ${D}/etc/pam.d/$1	212	sed -i -e '/pam_shells\\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
170	fi	213	fi
171		214
172	shift	215	shift
173	done	216	done
174	}	217	}
175		218
		219	# @FUNCTION: pam_epam_expand
		220	# @USAGE: <pamd file>
		221	# @DESCRIPTION:
		222	# Steer clear, deprecated, don't use, bad experiment
176	pam_epam_expand() {	223	pam_epam_expand() {
177	sed -n -e 's\|#%EPAM-$[[:alpha:]-]\+$:$[-+<>=/.![:alnum:]]\+$%#.*\|\1 \2\|p' \	224	sed -n -e 's\|#%EPAM-$[[:alpha:]-]\+$:$[-+<>=/.![:alnum:]]\+$%#.*\|\1 \2\|p' \
178	"$@" \| sort -u \| while read condition parameter; do	225	"$@" \| sort -u \| while read condition parameter; do
179		226
180	disable="# "	227	disable="yes"
181		228
182	case "$condition" in	229	case "$condition" in
183	If-Has)	230	If-Has)
184	message="This can be used only if you have ${parameter} installed"	231	message="This can be used only if you have ${parameter} installed"
185	has_version "$parameter" && disable=""	232	has_version "$parameter" && disable="no"
186	;;	233	;;
187	Use-Flag)	234	Use-Flag)
188	message="This can be used only if you enabled the ${parameter} USE flag"	235	message="This can be used only if you enabled the ${parameter} USE flag"
189	use "$parameter" && disable=""	236	use "$parameter" && disable="no"
190	;;	237	;;
191	*)	238	*)
192	eerror "Unknown EPAM condition '${condition}' ('${parameter}')"	239	eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
193	die "Unknown EPAM condition '${condition}' ('${parameter}')"	240	die "Unknown EPAM condition '${condition}' ('${parameter}')"
194	;;	241	;;
195	esac	242	esac
196		243
		244	if [ "${disable}" = "yes" ]; then
		245	sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
		246	else
197	sed -i -e "s\|#%EPAM-${condition}:${parameter}%#\|# ${message}\n${disable}\|" "$@"	247	sed -i -e "s\|#%EPAM-${condition}:${parameter}%#\|\|" "$@"
		248	fi
		249
198	done	250	done
199	}	251	}
200		252
201	# Think about it before uncommenting this one, for nwo run it by hand	253	# Think about it before uncommenting this one, for now run it by hand
202	# pam_pkg_preinst() {	254	# pam_pkg_preinst() {
203	# local shopts=$-
204	# set -o noglob # so that bash doen't expand "*"	255	# eshopts_push -o noglob # so that bash doen't expand "*"
205	#	256	#
206	# pam_epam_expand "${D}"/etc/pam.d/*	257	# pam_epam_expand "${D}"/etc/pam.d/*
207	#	258	#
208	# set +o noglob; set -$shopts # reset old shell opts	259	# eshopts_pop # reset old shell opts
209	# }	260	# }
		261
		262	fi

 Legend:



Removed from v.1.13
 


changed lines


 
Added in v.1.23
 Legend:



Removed from v.1.13
 


changed lines


 
Added in v.1.23
-Removed from v.1.13
+Added in v.1.23

	ViewVC Help
Powered by ViewVC 1.1.13