/[gentoo-x86]/eclass/pam.eclass
Gentoo

Diff of /eclass/pam.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.7 Revision 1.23
1# Copyright 2004 Gentoo Foundation 1# Copyright 1999-2012 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License, v2 or later 2# Distributed under the terms of the GNU General Public License, v2 or later
3# Author Diego Pettenò <flameeyes@gentoo.org>
4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.7 2005/07/06 20:20:04 agriffis Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.23 2012/08/05 15:34:20 jlec Exp $
5# 4#
5
6# @ECLASS: pam.eclass
7# @MAINTAINER:
8# pam-bugs@gentoo.org
9# @AUTHOR:
10# Diego Pettenò <flameeyes@gentoo.org>
11# @BLURB: Handles pam related tasks
12# @DESCRIPTION:
6# This eclass contains functions to install pamd configuration files and 13# This eclass contains functions to install pamd configuration files and
7# pam modules. 14# pam modules.
8 15
9inherit multilib 16if [[ ${___ECLASS_ONCE_PAM} != "recur -_+^+_- spank" ]] ; then
10INHERITED="$INHERITED $ECLASS" 17___ECLASS_ONCE_PAM="recur -_+^+_- spank"
11 18
19inherit flag-o-matic multilib
20
21# @FUNCTION: dopamd
12# dopamd <file> [more files] 22# @USAGE: <file> [more files]
13# 23# @DESCRIPTION:
14# Install pam auth config file in /etc/pam.d 24# Install pam auth config file in /etc/pam.d
15dopamd() { 25dopamd() {
16 [[ -z $1 ]] && die "dopamd requires at least one argument" 26 [[ -z $1 ]] && die "dopamd requires at least one argument"
17 27
18 if hasq pam ${IUSE} && ! use pam; then 28 if has pam ${IUSE} && ! use pam; then
19 return 0; 29 return 0;
20 fi 30 fi
21 31
22 INSDESTTREE=/etc/pam.d \ 32 ( # dont want to pollute calling env
33 insinto /etc/pam.d
34 insopts -m 0644
35 doins "$@"
23 doins "$@" || die "failed to install $@" 36 ) || die "failed to install $@"
37 cleanpamd "$@"
24} 38}
25 39
40# @FUNCTION: newpamd
26# newpamd <old name> <new name> 41# @USAGE: <old name> <new name>
27# 42# @DESCRIPTION:
28# Install pam file <old name> as <new name> in /etc/pam.d 43# Install pam file <old name> as <new name> in /etc/pam.d
29newpamd() { 44newpamd() {
30 [[ $# -ne 2 ]] && die "newpamd requires two arguments" 45 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
31 46
32 if hasq pam ${IUSE} && ! use pam; then 47 if has pam ${IUSE} && ! use pam; then
33 return 0; 48 return 0;
34 fi 49 fi
35 50
36 INSDESTTREE=/etc/pam.d \ 51 ( # dont want to pollute calling env
52 insinto /etc/pam.d
53 insopts -m 0644
54 newins "$1" "$2"
37 newins "$1" "$2" || die "failed to install $1 as $2" 55 ) || die "failed to install $1 as $2"
56 cleanpamd $2
38} 57}
39 58
59# @FUNCTION: dopamsecurity
40# dopamsecurity <section> <file> [more files] 60# @USAGE: <section> <file> [more files]
41# 61# @DESCRIPTION:
42# Installs the config files in /etc/security/<section>/ 62# Installs the config files in /etc/security/<section>/
43dopamsecurity() { 63dopamsecurity() {
44 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments" 64 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
45 65
46 if hasq pam ${IUSE} && ! use pam; then 66 if has pam ${IUSE} && ! use pam; then
47 return 0; 67 return 0
48 fi 68 fi
49 69
50 INSDESTTREE=/etc/security/$1 \ 70 ( # dont want to pollute calling env
51 doins "${@:2}" || die "failed to install ${@:2}" 71 insinto /etc/security/$1
72 insopts -m 0644
73 doins "${@:2}"
74 ) || die "failed to install ${@:2}"
52} 75}
53 76
77# @FUNCTION: newpamsecurity
54# newpamsecurity <section> <old name> <new name> 78# @USAGE: <section> <old name> <new name>
55# 79# @DESCRIPTION:
56# Installs the config file <old name> as <new name> in /etc/security/<section>/ 80# Installs the config file <old name> as <new name> in /etc/security/<section>/
57newpamsecurity() { 81newpamsecurity() {
58 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments" 82 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
59 83
60 if hasq pam ${IUSE} && ! use pam; then 84 if has pam ${IUSE} && ! use pam; then
61 return 0; 85 return 0;
62 fi 86 fi
63 87
64 INSDESTTREE=/etc/security/$1 \ 88 ( # dont want to pollute calling env
89 insinto /etc/security/$1
90 insopts -m 0644
91 newins "$2" "$3"
65 newins "$2" "$3" || die "failed to install $2 as $3" 92 ) || die "failed to install $2 as $3"
66} 93}
67 94
68# getpam_mod_dir 95# @FUNCTION: getpam_mod_dir
69# 96# @DESCRIPTION:
70# Returns the pam modules' directory for current implementation 97# Returns the pam modules' directory for current implementation
71getpam_mod_dir() { 98getpam_mod_dir() {
72 if has_version sys-libs/pam || has_version sys-libs/openpam; then 99 if has_version sys-libs/pam || has_version sys-libs/openpam; then
73 PAM_MOD_DIR=/$(get_libdir)/security 100 PAM_MOD_DIR=/$(get_libdir)/security
74 elif use ppc-macos; then
75 # OSX looks there for pam modules
76 PAM_MOD_DIR=/usr/lib/pam
77 else 101 else
78 # Unable to find PAM implementation... defaulting 102 # Unable to find PAM implementation... defaulting
79 PAM_MOD_DIR=/$(get_libdir)/security 103 PAM_MOD_DIR=/$(get_libdir)/security
80 fi 104 fi
81 105
82 echo ${PAM_MOD_DIR} 106 echo ${PAM_MOD_DIR}
83} 107}
84 108
85# dopammod <file> [more files] 109# @FUNCTION: pammod_hide_symbols
86# 110# @DESCRIPTION:
111# Hide all non-PAM-used symbols from the module; this function creates a
112# simple ld version script that hides all the symbols that are not
113# necessary for PAM to load the module, then uses append-flags to make
114# sure that it gets used.
115pammod_hide_symbols() {
116 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
117{
118 global: pam_sm_*;
119 local: *;
120};
121EOF
122
123 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
124}
125
126# @FUNCTION: dopammod
127# @USAGE: <file> [more files]
128# @DESCRIPTION:
87# Install pam module file in the pam modules' dir for current implementation 129# Install pam module file in the pam modules' dir for current implementation
88dopammod() { 130dopammod() {
89 [[ -z $1 ]] && die "dopammod requires at least one argument" 131 [[ -z $1 ]] && die "dopammod requires at least one argument"
90 132
91 if hasq pam ${IUSE} && ! use pam; then 133 if has pam ${IUSE} && ! use pam; then
92 return 0; 134 return 0;
93 fi 135 fi
94 136
95 exeinto $(getpam_mod_dir) 137 exeinto $(getpam_mod_dir)
96 doexe "$@" || die "failed to install $@" 138 doexe "$@" || die "failed to install $@"
97} 139}
98 140
141# @FUNCTION: newpammod
99# newpammod <old name> <new name> 142# @USAGE: <old name> <new name>
100# 143# @DESCRIPTION:
101# Install pam module file <old name> as <new name> in the pam 144# Install pam module file <old name> as <new name> in the pam
102# modules' dir for current implementation 145# modules' dir for current implementation
103newpammod() { 146newpammod() {
104 [[ $# -ne 2 ]] && die "newpammod requires two arguements" 147 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
105 148
106 if hasq pam ${IUSE} && ! use pam; then 149 if has pam ${IUSE} && ! use pam; then
107 return 0; 150 return 0;
108 fi 151 fi
109 152
110 exeinto $(getpam_mod_dir) 153 exeinto $(getpam_mod_dir)
111 newexe "$1" "$2" || die "failed to install $1 as $2" 154 newexe "$1" "$2" || die "failed to install $1 as $2"
112} 155}
113 156
114# pamd_mimic_system <pamd file> [auth levels] 157# @FUNCTION: pamd_mimic_system
115# 158# @USAGE: <pamd file> [auth levels]
159# @DESCRIPTION:
116# This function creates a pamd file which mimics system-auth file 160# This function creates a pamd file which mimics system-auth file
117# for the given levels in the /etc/pam.d directory. 161# for the given levels in the /etc/pam.d directory.
118pamd_mimic_system() { 162pamd_mimic_system() {
119 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments" 163 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
164 pamd_mimic system-auth "$@"
165}
120 166
167# @FUNCTION: pamd_mimic
168# @USAGE: <stack> <pamd file> [auth levels]
169# @DESCRIPTION:
170# This function creates a pamd file which mimics the given stack
171# for the given levels in the /etc/pam.d directory.
172pamd_mimic() {
173 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
174
121 if hasq pam ${IUSE} && ! use pam; then 175 if has pam ${IUSE} && ! use pam; then
122 return 0; 176 return 0;
123 fi 177 fi
124 178
125 dodir /etc/pam.d 179 dodir /etc/pam.d
126 pamdfile=${D}/etc/pam.d/$1 180 pamdfile=${D}/etc/pam.d/$2
127 echo -e "# File autogenerated by pamd_mimic_system in pam eclass\n\n" >> \ 181 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
128 $pamdfile 182 $pamdfile
129 183
184 originalstack=$1
130 authlevels="auth account password session" 185 authlevels="auth account password session"
131 186
132 if has_version '<sys-libs/pam-0.78'; then 187 if has_version '<sys-libs/pam-0.78'; then
133 mimic="\trequired\t\tpam_stack.so service=system-auth" 188 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
134 else 189 else
135 mimic="\tinclude\t\tsystem-auth" 190 mimic="\tinclude\t\t${originalstack}"
136 fi 191 fi
137 192
138 shift 193 shift; shift
139 194
140 while [[ -n $1 ]]; do 195 while [[ -n $1 ]]; do
141 hasq $1 ${authlevels} || die "unknown level type" 196 has $1 ${authlevels} || die "unknown level type"
142 197
143 echo -e "$1${mimic}" >> ${pamdfile} 198 echo -e "$1${mimic}" >> ${pamdfile}
144 199
145 shift 200 shift
146 done 201 done
147} 202}
203
204# @FUNCTION: cleanpamd
205# @USAGE: <pamd file>
206# @DESCRIPTION:
207# Cleans a pam.d file from modules that might not be present on the system
208# where it's going to be installed
209cleanpamd() {
210 while [[ -n $1 ]]; do
211 if ! has_version sys-libs/pam; then
212 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
213 fi
214
215 shift
216 done
217}
218
219# @FUNCTION: pam_epam_expand
220# @USAGE: <pamd file>
221# @DESCRIPTION:
222# Steer clear, deprecated, don't use, bad experiment
223pam_epam_expand() {
224 sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
225 "$@" | sort -u | while read condition parameter; do
226
227 disable="yes"
228
229 case "$condition" in
230 If-Has)
231 message="This can be used only if you have ${parameter} installed"
232 has_version "$parameter" && disable="no"
233 ;;
234 Use-Flag)
235 message="This can be used only if you enabled the ${parameter} USE flag"
236 use "$parameter" && disable="no"
237 ;;
238 *)
239 eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
240 die "Unknown EPAM condition '${condition}' ('${parameter}')"
241 ;;
242 esac
243
244 if [ "${disable}" = "yes" ]; then
245 sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
246 else
247 sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
248 fi
249
250 done
251}
252
253# Think about it before uncommenting this one, for now run it by hand
254# pam_pkg_preinst() {
255# eshopts_push -o noglob # so that bash doen't expand "*"
256#
257# pam_epam_expand "${D}"/etc/pam.d/*
258#
259# eshopts_pop # reset old shell opts
260# }
261
262fi

Legend:
Removed from v.1.7  
changed lines
  Added in v.1.23

  ViewVC Help
Powered by ViewVC 1.1.20