gentoo-x86/eclass/pam.eclass

# Copyright 2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License, v2 or later
# Author Diego Pettenò <flameeyes@gentoo.org>
# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.16 2008/03/20 23:21:37 eva Exp $
#
# This eclass contains functions to install pamd configuration files and
# pam modules.

inherit multilib

# dopamd <file> [more files]
#
# Install pam auth config file in /etc/pam.d
dopamd() {
        [[ -z $1 ]] && die "dopamd requires at least one argument"

        if hasq pam ${IUSE} && ! use pam; then
                return 0;
        fi

        ( # dont want to pollute calling env
                insinto /etc/pam.d
                insopts -m 0644
                doins "$@"
        ) || die "failed to install $@"
        cleanpamd "$@"
}

# newpamd <old name> <new name>
#
# Install pam file <old name> as <new name> in /etc/pam.d
newpamd() {
        [[ $# -ne 2 ]] && die "newpamd requires two arguments"

        if hasq pam ${IUSE} && ! use pam; then
                return 0;
        fi

        ( # dont want to pollute calling env
                insinto /etc/pam.d
                insopts -m 0644
                newins "$1" "$2"
        ) || die "failed to install $1 as $2"
        cleanpamd $2
}

# dopamsecurity <section> <file> [more files]
#
# Installs the config files in /etc/security/<section>/
dopamsecurity() {
        [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"

        if hasq pam ${IUSE} && ! use pam; then
                return 0
        fi

        ( # dont want to pollute calling env
                insinto /etc/security/$1
                insopts -m 0644
                doins "${@:2}"
        ) || die "failed to install ${@:2}"
}

# newpamsecurity <section> <old name> <new name>
#
# Installs the config file <old name> as <new name> in /etc/security/<section>/
newpamsecurity() {
        [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"

        if hasq pam ${IUSE} && ! use pam; then
                return 0;
        fi

        ( # dont want to pollute calling env
                insinto /etc/security/$1
                insopts -m 0644
                newins "$2" "$3"
        ) || die "failed to install $2 as $3"
}

# getpam_mod_dir
#
# Returns the pam modules' directory for current implementation
getpam_mod_dir() {
        if has_version sys-libs/pam || has_version sys-libs/openpam; then
                PAM_MOD_DIR=/$(get_libdir)/security
        else
                # Unable to find PAM implementation... defaulting
                PAM_MOD_DIR=/$(get_libdir)/security
        fi

        echo ${PAM_MOD_DIR}
}

# dopammod <file> [more files]
#
# Install pam module file in the pam modules' dir for current implementation
dopammod() {
        [[ -z $1 ]] && die "dopammod requires at least one argument"

        if hasq pam ${IUSE} && ! use pam; then
                return 0;
        fi

        exeinto $(getpam_mod_dir)
        doexe "$@" || die "failed to install $@"
}

# newpammod <old name> <new name>
#
# Install pam module file <old name> as <new name> in the pam
# modules' dir for current implementation
newpammod() {
        [[ $# -ne 2 ]] && die "newpammod requires two arguements"

        if hasq pam ${IUSE} && ! use pam; then
                return 0;
        fi

        exeinto $(getpam_mod_dir)
        newexe "$1" "$2" || die "failed to install $1 as $2"
}

# pamd_mimic_system <pamd file> [auth levels]
#
# This function creates a pamd file which mimics system-auth file
# for the given levels in the /etc/pam.d directory.
pamd_mimic_system() {
        [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
        pamd_mimic system-auth "$@"
}

# pamd_mimic <stack> <pamd file> [auth levels]
#
# This function creates a pamd file which mimics the given stack
# for the given levels in the /etc/pam.d directory.
pamd_mimic() {
        [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"

        if hasq pam ${IUSE} && ! use pam; then
                return 0;
        fi

        dodir /etc/pam.d
        pamdfile=${D}/etc/pam.d/$2
        echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
                $pamdfile

        originalstack=$1
        authlevels="auth account password session"

        if has_version '<sys-libs/pam-0.78'; then
                mimic="\trequired\t\tpam_stack.so service=${originalstack}"
        else
                mimic="\tinclude\t\t${originalstack}"
        fi

        shift; shift

        while [[ -n $1 ]]; do
                hasq $1 ${authlevels} || die "unknown level type"

                echo -e "$1${mimic}" >> ${pamdfile}

                shift
        done
}

# cleanpamd <pamd file>
#
# Cleans a pam.d file from modules that might not be present on the system
# where it's going to be installed
cleanpamd() {
        while [[ -n $1 ]]; do
                if ! has_version sys-libs/pam; then
                        sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
                fi

                shift
        done
}

pam_epam_expand() {
        sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
        "$@" | sort -u | while read condition parameter; do

        disable="yes"

        case "$condition" in
                If-Has)
                message="This can be used only if you have ${parameter} installed"
                has_version "$parameter" && disable="no"
                ;;
                Use-Flag)
                message="This can be used only if you enabled the ${parameter} USE flag"
                use "$parameter" && disable="no"
                ;;
                *)
                eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
                die "Unknown EPAM condition '${condition}' ('${parameter}')"
                ;;
        esac

        if [ "${disable}" = "yes" ]; then
                sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
        else
                sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
        fi

        done
}

# Think about it before uncommenting this one, for now run it by hand
# pam_pkg_preinst() {
#       local shopts=$-
#       set -o noglob # so that bash doen't expand "*"
#
#       pam_epam_expand "${D}"/etc/pam.d/*
#
#       set +o noglob; set -$shopts # reset old shell opts
# }
1	# Copyright 2004 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License, v2 or later
3	# Author Diego Pettenò <flameeyes@gentoo.org>
4	# $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.16 2008/03/20 23:21:37 eva Exp $
5	#
6	# This eclass contains functions to install pamd configuration files and
7	# pam modules.
8
9	inherit multilib
10
11	# dopamd <file> [more files]
12	#
13	# Install pam auth config file in /etc/pam.d
14	dopamd() {
15	[[ -z $1 ]] && die "dopamd requires at least one argument"
16
17	if hasq pam ${IUSE} && ! use pam; then
18	return 0;
19	fi
20
21	( # dont want to pollute calling env
22	insinto /etc/pam.d
23	insopts -m 0644
24	doins "$@"
25	) \|\| die "failed to install $@"
26	cleanpamd "$@"
27	}
28
29	# newpamd <old name> <new name>
30	#
31	# Install pam file <old name> as <new name> in /etc/pam.d
32	newpamd() {
33	[[ $# -ne 2 ]] && die "newpamd requires two arguments"
34
35	if hasq pam ${IUSE} && ! use pam; then
36	return 0;
37	fi
38
39	( # dont want to pollute calling env
40	insinto /etc/pam.d
41	insopts -m 0644
42	newins "$1" "$2"
43	) \|\| die "failed to install $1 as $2"
44	cleanpamd $2
45	}
46
47	# dopamsecurity <section> <file> [more files]
48	#
49	# Installs the config files in /etc/security/<section>/
50	dopamsecurity() {
51	[[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
52
53	if hasq pam ${IUSE} && ! use pam; then
54	return 0
55	fi
56
57	( # dont want to pollute calling env
58	insinto /etc/security/$1
59	insopts -m 0644
60	doins "${@:2}"
61	) \|\| die "failed to install ${@:2}"
62	}
63
64	# newpamsecurity <section> <old name> <new name>
65	#
66	# Installs the config file <old name> as <new name> in /etc/security/<section>/
67	newpamsecurity() {
68	[[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
69
70	if hasq pam ${IUSE} && ! use pam; then
71	return 0;
72	fi
73
74	( # dont want to pollute calling env
75	insinto /etc/security/$1
76	insopts -m 0644
77	newins "$2" "$3"
78	) \|\| die "failed to install $2 as $3"
79	}
80
81	# getpam_mod_dir
82	#
83	# Returns the pam modules' directory for current implementation
84	getpam_mod_dir() {
85	if has_version sys-libs/pam \|\| has_version sys-libs/openpam; then
86	PAM_MOD_DIR=/$(get_libdir)/security
87	else
88	# Unable to find PAM implementation... defaulting
89	PAM_MOD_DIR=/$(get_libdir)/security
90	fi
91
92	echo ${PAM_MOD_DIR}
93	}
94
95	# dopammod <file> [more files]
96	#
97	# Install pam module file in the pam modules' dir for current implementation
98	dopammod() {
99	[[ -z $1 ]] && die "dopammod requires at least one argument"
100
101	if hasq pam ${IUSE} && ! use pam; then
102	return 0;
103	fi
104
105	exeinto $(getpam_mod_dir)
106	doexe "$@" \|\| die "failed to install $@"
107	}
108
109	# newpammod <old name> <new name>
110	#
111	# Install pam module file <old name> as <new name> in the pam
112	# modules' dir for current implementation
113	newpammod() {
114	[[ $# -ne 2 ]] && die "newpammod requires two arguements"
115
116	if hasq pam ${IUSE} && ! use pam; then
117	return 0;
118	fi
119
120	exeinto $(getpam_mod_dir)
121	newexe "$1" "$2" \|\| die "failed to install $1 as $2"
122	}
123
124	# pamd_mimic_system <pamd file> [auth levels]
125	#
126	# This function creates a pamd file which mimics system-auth file
127	# for the given levels in the /etc/pam.d directory.
128	pamd_mimic_system() {
129	[[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
130	pamd_mimic system-auth "$@"
131	}
132
133	# pamd_mimic <stack> <pamd file> [auth levels]
134	#
135	# This function creates a pamd file which mimics the given stack
136	# for the given levels in the /etc/pam.d directory.
137	pamd_mimic() {
138	[[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
139
140	if hasq pam ${IUSE} && ! use pam; then
141	return 0;
142	fi
143
144	dodir /etc/pam.d
145	pamdfile=${D}/etc/pam.d/$2
146	echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
147	$pamdfile
148
149	originalstack=$1
150	authlevels="auth account password session"
151
152	if has_version '<sys-libs/pam-0.78'; then
153	mimic="\trequired\t\tpam_stack.so service=${originalstack}"
154	else
155	mimic="\tinclude\t\t${originalstack}"
156	fi
157
158	shift; shift
159
160	while [[ -n $1 ]]; do
161	hasq $1 ${authlevels} \|\| die "unknown level type"
162
163	echo -e "$1${mimic}" >> ${pamdfile}
164
165	shift
166	done
167	}
168
169	# cleanpamd <pamd file>
170	#
171	# Cleans a pam.d file from modules that might not be present on the system
172	# where it's going to be installed
173	cleanpamd() {
174	while [[ -n $1 ]]; do
175	if ! has_version sys-libs/pam; then
176	sed -i -e '/pam_shells\\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
177	fi
178
179	shift
180	done
181	}
182
183	pam_epam_expand() {
184	sed -n -e 's\|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*\|\1 \2\|p' \
185	"$@" \| sort -u \| while read condition parameter; do
186
187	disable="yes"
188
189	case "$condition" in
190	If-Has)
191	message="This can be used only if you have ${parameter} installed"
192	has_version "$parameter" && disable="no"
193	;;
194	Use-Flag)
195	message="This can be used only if you enabled the ${parameter} USE flag"
196	use "$parameter" && disable="no"
197	;;
198	*)
199	eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
200	die "Unknown EPAM condition '${condition}' ('${parameter}')"
201	;;
202	esac
203
204	if [ "${disable}" = "yes" ]; then
205	sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
206	else
207	sed -i -e "s\|#%EPAM-${condition}:${parameter}%#\|\|" "$@"
208	fi
209
210	done
211	}
212
213	# Think about it before uncommenting this one, for now run it by hand
214	# pam_pkg_preinst() {
215	# local shopts=$-
216	# set -o noglob # so that bash doen't expand "*"
217	#
218	# pam_epam_expand "${D}"/etc/pam.d/*
219	#
220	# set +o noglob; set -$shopts # reset old shell opts
221	# }