/[gentoo-x86]/eclass/pam.eclass
Gentoo

Diff of /eclass/pam.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.3 Revision 1.20
1# Copyright 2004 Gentoo Foundation 1# Copyright 2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License, v2 or later 2# Distributed under the terms of the GNU General Public License, v2 or later
3# Author Diego Pettenò <flameeyes@gentoo.org> 3# Author Diego Pettenò <flameeyes@gentoo.org>
4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.3 2005/05/20 15:54:34 flameeyes Exp $ 4# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.20 2011/07/08 11:35:01 ssuominen Exp $
5# 5#
6# This eclass contains functions to install pamd configuration files and 6# This eclass contains functions to install pamd configuration files and
7# pam modules. 7# pam modules.
8 8
9inherit multilib 9inherit multilib flag-o-matic
10ECLASS="pam"
11INHERITED="$INHERITED $ECLASS"
12 10
13# dopamd <file> [more files] 11# dopamd <file> [more files]
14# 12#
15# Install pam auth config file in /etc/pam.d 13# Install pam auth config file in /etc/pam.d
16dopamd() { 14dopamd() {
17 [[ -z $1 ]] && die "dopamd requires at least one argument" 15 [[ -z $1 ]] && die "dopamd requires at least one argument"
18 16
19 if hasq pam ${IUSE} && ! use pam; then 17 if has pam ${IUSE} && ! use pam; then
20 return 0; 18 return 0;
21 fi 19 fi
22 20
23 INSDESTTREE=/etc/pam.d \ 21 ( # dont want to pollute calling env
22 insinto /etc/pam.d
23 insopts -m 0644
24 doins "$@"
24 doins "$@" || die "failed to install $@" 25 ) || die "failed to install $@"
26 cleanpamd "$@"
25} 27}
26 28
27# newpamd <old name> <new name> 29# newpamd <old name> <new name>
28# 30#
29# Install pam file <old name> as <new name> in /etc/pam.d 31# Install pam file <old name> as <new name> in /etc/pam.d
30newpamd() { 32newpamd() {
31 [[ $# -ne 2 ]] && die "newpamd requires two arguments" 33 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
32 34
33 if hasq pam ${IUSE} && ! use pam; then 35 if has pam ${IUSE} && ! use pam; then
34 return 0; 36 return 0;
35 fi 37 fi
36 38
37 INSDESTTREE=/etc/pam.d \ 39 ( # dont want to pollute calling env
40 insinto /etc/pam.d
41 insopts -m 0644
42 newins "$1" "$2"
38 newins "$1" "$2" || die "failed to install $1 as $2" 43 ) || die "failed to install $1 as $2"
44 cleanpamd $2
39} 45}
40 46
41# dopamsecurity <section> <file> [more files] 47# dopamsecurity <section> <file> [more files]
42# 48#
43# Installs the config files in /etc/security/<section>/ 49# Installs the config files in /etc/security/<section>/
44dopamsecurity() { 50dopamsecurity() {
45 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments" 51 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
46 52
47 if hasq pam ${IUSE} && ! use pam; then 53 if has pam ${IUSE} && ! use pam; then
48 return 0; 54 return 0
49 fi 55 fi
50 56
51 INSDESTTREE=/etc/security/$1 \ 57 ( # dont want to pollute calling env
52 shift 58 insinto /etc/security/$1
59 insopts -m 0644
60 doins "${@:2}"
53 doins "$@" || die "failed to install $@" 61 ) || die "failed to install ${@:2}"
54} 62}
55 63
56# newpamsecurity <section> <old name> <new name> 64# newpamsecurity <section> <old name> <new name>
57# 65#
58# Installs the config file <old name> as <new name> in /etc/security/<section>/ 66# Installs the config file <old name> as <new name> in /etc/security/<section>/
59newpamsecurity() { 67newpamsecurity() {
60 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments" 68 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
61 69
62 if hasq pam ${IUSE} && ! use pam; then 70 if has pam ${IUSE} && ! use pam; then
63 return 0; 71 return 0;
64 fi 72 fi
65 73
66 INSDESTTREE=/etc/security/$1 \ 74 ( # dont want to pollute calling env
75 insinto /etc/security/$1
76 insopts -m 0644
77 newins "$2" "$3"
67 newins "$2" "$3" || die "failed to install $2 as $3" 78 ) || die "failed to install $2 as $3"
68} 79}
69 80
70# getpam_mod_dir 81# getpam_mod_dir
71# 82#
72# Returns the pam modules' directory for current implementation 83# Returns the pam modules' directory for current implementation
73getpam_mod_dir() { 84getpam_mod_dir() {
74 if has_version sys-libs/pam; then 85 if has_version sys-libs/pam || has_version sys-libs/openpam; then
75 PAM_MOD_DIR=/$(get_libdir)/security 86 PAM_MOD_DIR=/$(get_libdir)/security
76 elif has_version sys-libs/openpam; then
77 PAM_MOD_DIR=/usr/$(get_libdir)
78 else 87 else
79 # Unable to find PAM implementation... defaulting 88 # Unable to find PAM implementation... defaulting
80 PAM_MOD_DIR=/$(get_libdir)/security 89 PAM_MOD_DIR=/$(get_libdir)/security
81 fi 90 fi
82 91
83 echo ${PAM_MOD_DIR} 92 echo ${PAM_MOD_DIR}
84} 93}
85 94
95# pammod_hide_symbols
96#
97# Hide all non-PAM-used symbols from the module; this function creates a
98# simple ld version script that hides all the symbols that are not
99# necessary for PAM to load the module, then uses append-flags to make
100# sure that it gets used.
101pammod_hide_symbols() {
102 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
103{
104 global: pam_sm_*;
105 local: *;
106};
107EOF
108
109 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
110}
111
86# dopammod <file> [more files] 112# dopammod <file> [more files]
87# 113#
88# Install pam module file in the pam modules' dir for current implementation 114# Install pam module file in the pam modules' dir for current implementation
89dopammod() { 115dopammod() {
90 [[ -z $1 ]] && die "dopammod requires at least one argument" 116 [[ -z $1 ]] && die "dopammod requires at least one argument"
91 117
92 if hasq pam ${IUSE} && ! use pam; then 118 if has pam ${IUSE} && ! use pam; then
93 return 0; 119 return 0;
94 fi 120 fi
95 121
96 exeinto $(getpam_mod_dir) 122 exeinto $(getpam_mod_dir)
97 doexe "$@" || die "failed to install $@" 123 doexe "$@" || die "failed to install $@"
102# Install pam module file <old name> as <new name> in the pam 128# Install pam module file <old name> as <new name> in the pam
103# modules' dir for current implementation 129# modules' dir for current implementation
104newpammod() { 130newpammod() {
105 [[ $# -ne 2 ]] && die "newpammod requires two arguements" 131 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
106 132
107 if hasq pam ${IUSE} && ! use pam; then 133 if has pam ${IUSE} && ! use pam; then
108 return 0; 134 return 0;
109 fi 135 fi
110 136
111 exeinto $(getpam_mod_dir) 137 exeinto $(getpam_mod_dir)
112 newexe "$1" "$2" || die "failed to install $1 as $2" 138 newexe "$1" "$2" || die "failed to install $1 as $2"
116# 142#
117# This function creates a pamd file which mimics system-auth file 143# This function creates a pamd file which mimics system-auth file
118# for the given levels in the /etc/pam.d directory. 144# for the given levels in the /etc/pam.d directory.
119pamd_mimic_system() { 145pamd_mimic_system() {
120 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments" 146 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
147 pamd_mimic system-auth "$@"
148}
121 149
150# pamd_mimic <stack> <pamd file> [auth levels]
151#
152# This function creates a pamd file which mimics the given stack
153# for the given levels in the /etc/pam.d directory.
154pamd_mimic() {
155 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
156
122 if hasq pam ${IUSE} && ! use pam; then 157 if has pam ${IUSE} && ! use pam; then
123 return 0; 158 return 0;
124 fi 159 fi
125 160
126 dodir /etc/pam.d 161 dodir /etc/pam.d
127 pamdfile=${D}/etc/pam.d/$1 162 pamdfile=${D}/etc/pam.d/$2
128 echo -e "# File autogenerated by pamd_mimic_system in pam eclass\n\n" >> \ 163 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
129 $pamdfile 164 $pamdfile
130 165
166 originalstack=$1
131 authlevels="auth account password session" 167 authlevels="auth account password session"
132 168
133 shift 169 if has_version '<sys-libs/pam-0.78'; then
170 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
171 else
172 mimic="\tinclude\t\t${originalstack}"
173 fi
174
175 shift; shift
134 176
135 while [[ -n $1 ]]; do 177 while [[ -n $1 ]]; do
136 hasq $1 ${authlevels} || die "unknown level type" 178 has $1 ${authlevels} || die "unknown level type"
137 179
138 echo -e "$1\tinclude\t\tsystem-auth" >> ${pamdfile} 180 echo -e "$1${mimic}" >> ${pamdfile}
139 181
140 shift 182 shift
141 done 183 done
142} 184}
185
186# cleanpamd <pamd file>
187#
188# Cleans a pam.d file from modules that might not be present on the system
189# where it's going to be installed
190cleanpamd() {
191 while [[ -n $1 ]]; do
192 if ! has_version sys-libs/pam; then
193 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
194 fi
195
196 shift
197 done
198}
199
200pam_epam_expand() {
201 sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
202 "$@" | sort -u | while read condition parameter; do
203
204 disable="yes"
205
206 case "$condition" in
207 If-Has)
208 message="This can be used only if you have ${parameter} installed"
209 has_version "$parameter" && disable="no"
210 ;;
211 Use-Flag)
212 message="This can be used only if you enabled the ${parameter} USE flag"
213 use "$parameter" && disable="no"
214 ;;
215 *)
216 eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
217 die "Unknown EPAM condition '${condition}' ('${parameter}')"
218 ;;
219 esac
220
221 if [ "${disable}" = "yes" ]; then
222 sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
223 else
224 sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
225 fi
226
227 done
228}
229
230# Think about it before uncommenting this one, for now run it by hand
231# pam_pkg_preinst() {
232# eshopts_push -o noglob # so that bash doen't expand "*"
233#
234# pam_epam_expand "${D}"/etc/pam.d/*
235#
236# eshopts_pop # reset old shell opts
237# }

Legend:
Removed from v.1.3  
changed lines
  Added in v.1.20

  ViewVC Help
Powered by ViewVC 1.1.20