/[gentoo-x86]/eclass/pam.eclass
Gentoo

Contents of /eclass/pam.eclass

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.19 - (show annotations) (download)
Sat Feb 5 22:29:40 2011 UTC (3 years, 7 months ago) by flameeyes
Branch: MAIN
Changes since 1.18: +19 -2 lines
Add a function to make it easier to hide non-pam symbols from modules.

Rather than reinventing the wheel and adding a stupid file to each of
the packages, use a single function to create a temporary file and use
that.

1 # Copyright 2004 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License, v2 or later
3 # Author Diego Pettenò <flameeyes@gentoo.org>
4 # $Header: /var/cvsroot/gentoo-x86/eclass/pam.eclass,v 1.18 2009/12/11 20:33:11 vapier Exp $
5 #
6 # This eclass contains functions to install pamd configuration files and
7 # pam modules.
8
9 inherit multilib flag-o-matic
10
11 # dopamd <file> [more files]
12 #
13 # Install pam auth config file in /etc/pam.d
14 dopamd() {
15 [[ -z $1 ]] && die "dopamd requires at least one argument"
16
17 if hasq pam ${IUSE} && ! use pam; then
18 return 0;
19 fi
20
21 ( # dont want to pollute calling env
22 insinto /etc/pam.d
23 insopts -m 0644
24 doins "$@"
25 ) || die "failed to install $@"
26 cleanpamd "$@"
27 }
28
29 # newpamd <old name> <new name>
30 #
31 # Install pam file <old name> as <new name> in /etc/pam.d
32 newpamd() {
33 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
34
35 if hasq pam ${IUSE} && ! use pam; then
36 return 0;
37 fi
38
39 ( # dont want to pollute calling env
40 insinto /etc/pam.d
41 insopts -m 0644
42 newins "$1" "$2"
43 ) || die "failed to install $1 as $2"
44 cleanpamd $2
45 }
46
47 # dopamsecurity <section> <file> [more files]
48 #
49 # Installs the config files in /etc/security/<section>/
50 dopamsecurity() {
51 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
52
53 if hasq pam ${IUSE} && ! use pam; then
54 return 0
55 fi
56
57 ( # dont want to pollute calling env
58 insinto /etc/security/$1
59 insopts -m 0644
60 doins "${@:2}"
61 ) || die "failed to install ${@:2}"
62 }
63
64 # newpamsecurity <section> <old name> <new name>
65 #
66 # Installs the config file <old name> as <new name> in /etc/security/<section>/
67 newpamsecurity() {
68 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
69
70 if hasq pam ${IUSE} && ! use pam; then
71 return 0;
72 fi
73
74 ( # dont want to pollute calling env
75 insinto /etc/security/$1
76 insopts -m 0644
77 newins "$2" "$3"
78 ) || die "failed to install $2 as $3"
79 }
80
81 # getpam_mod_dir
82 #
83 # Returns the pam modules' directory for current implementation
84 getpam_mod_dir() {
85 if has_version sys-libs/pam || has_version sys-libs/openpam; then
86 PAM_MOD_DIR=/$(get_libdir)/security
87 else
88 # Unable to find PAM implementation... defaulting
89 PAM_MOD_DIR=/$(get_libdir)/security
90 fi
91
92 echo ${PAM_MOD_DIR}
93 }
94
95 # pammod_hide_symbols
96 #
97 # Hide all non-PAM-used symbols from the module; this function creates a
98 # simple ld version script that hides all the symbols that are not
99 # necessary for PAM to load the module, then uses append-flags to make
100 # sure that it gets used.
101 pammod_hide_symbols() {
102 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
103 {
104 global: pam_sm_*;
105 local: *;
106 };
107 EOF
108
109 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
110 }
111
112 # dopammod <file> [more files]
113 #
114 # Install pam module file in the pam modules' dir for current implementation
115 dopammod() {
116 [[ -z $1 ]] && die "dopammod requires at least one argument"
117
118 if hasq pam ${IUSE} && ! use pam; then
119 return 0;
120 fi
121
122 exeinto $(getpam_mod_dir)
123 doexe "$@" || die "failed to install $@"
124 }
125
126 # newpammod <old name> <new name>
127 #
128 # Install pam module file <old name> as <new name> in the pam
129 # modules' dir for current implementation
130 newpammod() {
131 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
132
133 if hasq pam ${IUSE} && ! use pam; then
134 return 0;
135 fi
136
137 exeinto $(getpam_mod_dir)
138 newexe "$1" "$2" || die "failed to install $1 as $2"
139 }
140
141 # pamd_mimic_system <pamd file> [auth levels]
142 #
143 # This function creates a pamd file which mimics system-auth file
144 # for the given levels in the /etc/pam.d directory.
145 pamd_mimic_system() {
146 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
147 pamd_mimic system-auth "$@"
148 }
149
150 # pamd_mimic <stack> <pamd file> [auth levels]
151 #
152 # This function creates a pamd file which mimics the given stack
153 # for the given levels in the /etc/pam.d directory.
154 pamd_mimic() {
155 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
156
157 if hasq pam ${IUSE} && ! use pam; then
158 return 0;
159 fi
160
161 dodir /etc/pam.d
162 pamdfile=${D}/etc/pam.d/$2
163 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
164 $pamdfile
165
166 originalstack=$1
167 authlevels="auth account password session"
168
169 if has_version '<sys-libs/pam-0.78'; then
170 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
171 else
172 mimic="\tinclude\t\t${originalstack}"
173 fi
174
175 shift; shift
176
177 while [[ -n $1 ]]; do
178 hasq $1 ${authlevels} || die "unknown level type"
179
180 echo -e "$1${mimic}" >> ${pamdfile}
181
182 shift
183 done
184 }
185
186 # cleanpamd <pamd file>
187 #
188 # Cleans a pam.d file from modules that might not be present on the system
189 # where it's going to be installed
190 cleanpamd() {
191 while [[ -n $1 ]]; do
192 if ! has_version sys-libs/pam; then
193 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
194 fi
195
196 shift
197 done
198 }
199
200 pam_epam_expand() {
201 sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
202 "$@" | sort -u | while read condition parameter; do
203
204 disable="yes"
205
206 case "$condition" in
207 If-Has)
208 message="This can be used only if you have ${parameter} installed"
209 has_version "$parameter" && disable="no"
210 ;;
211 Use-Flag)
212 message="This can be used only if you enabled the ${parameter} USE flag"
213 use "$parameter" && disable="no"
214 ;;
215 *)
216 eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
217 die "Unknown EPAM condition '${condition}' ('${parameter}')"
218 ;;
219 esac
220
221 if [ "${disable}" = "yes" ]; then
222 sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
223 else
224 sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
225 fi
226
227 done
228 }
229
230 # Think about it before uncommenting this one, for now run it by hand
231 # pam_pkg_preinst() {
232 # eshopts_push -o noglob # so that bash doen't expand "*"
233 #
234 # pam_epam_expand "${D}"/etc/pam.d/*
235 #
236 # eshopts_pop # reset old shell opts
237 # }

  ViewVC Help
Powered by ViewVC 1.1.20