1 # Copyright 1999-2019 Gentoo Authors
2 # Distributed under the terms of the GNU General Public License v2
6 # Mikle Kolyada <zlogene@gentoo.org>
8 # Diego Pettenò <flameeyes@gentoo.org>
9 # @BLURB: Handles pam related tasks
11 # This eclass contains functions to install pamd configuration files and
14 if [[ -z ${_PAM_ECLASS} ]]; then
17 inherit flag-o-matic multilib
20 # @USAGE: <file> [more files]
22 # Install pam auth config file in /etc/pam.d
24 [[ -z $1 ]] && die "dopamd requires at least one argument"
26 if has pam ${IUSE} && ! use pam; then
30 ( # dont want to pollute calling env
34 ) || die "failed to install $@"
39 # @USAGE: <old name> <new name>
41 # Install pam file <old name> as <new name> in /etc/pam.d
43 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
45 if has pam ${IUSE} && ! use pam; then
49 ( # dont want to pollute calling env
53 ) || die "failed to install $1 as $2"
57 # @FUNCTION: dopamsecurity
58 # @USAGE: <section> <file> [more files]
60 # Installs the config files in /etc/security/<section>/
62 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
64 if has pam ${IUSE} && ! use pam; then
68 ( # dont want to pollute calling env
69 insinto /etc/security/$1
72 ) || die "failed to install ${@:2}"
75 # @FUNCTION: newpamsecurity
76 # @USAGE: <section> <old name> <new name>
78 # Installs the config file <old name> as <new name> in /etc/security/<section>/
80 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
82 if has pam ${IUSE} && ! use pam; then
86 ( # dont want to pollute calling env
87 insinto /etc/security/$1
90 ) || die "failed to install $2 as $3"
93 # @FUNCTION: getpam_mod_dir
95 # Returns the pam modules' directory for current implementation
97 if has_version sys-libs/pam; then
98 PAM_MOD_DIR=/$(get_libdir)/security
100 # Unable to find PAM implementation... defaulting
101 PAM_MOD_DIR=/$(get_libdir)/security
107 # @FUNCTION: pammod_hide_symbols
109 # Hide all non-PAM-used symbols from the module; this function creates a
110 # simple ld version script that hides all the symbols that are not
111 # necessary for PAM to load the module, then uses append-flags to make
112 # sure that it gets used.
113 pammod_hide_symbols() {
114 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
121 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
124 # @FUNCTION: dopammod
125 # @USAGE: <file> [more files]
127 # Install pam module file in the pam modules' dir for current implementation
129 [[ -z $1 ]] && die "dopammod requires at least one argument"
131 if has pam ${IUSE} && ! use pam; then
135 exeinto $(getpam_mod_dir)
136 doexe "$@" || die "failed to install $@"
139 # @FUNCTION: newpammod
140 # @USAGE: <old name> <new name>
142 # Install pam module file <old name> as <new name> in the pam
143 # modules' dir for current implementation
145 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
147 if has pam ${IUSE} && ! use pam; then
151 exeinto $(getpam_mod_dir)
152 newexe "$1" "$2" || die "failed to install $1 as $2"
155 # @FUNCTION: pamd_mimic_system
156 # @USAGE: <pamd file> [auth levels]
158 # This function creates a pamd file which mimics system-auth file
159 # for the given levels in the /etc/pam.d directory.
160 pamd_mimic_system() {
161 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
162 pamd_mimic system-auth "$@"
165 # @FUNCTION: pamd_mimic
166 # @USAGE: <stack> <pamd file> [auth levels]
168 # This function creates a pamd file which mimics the given stack
169 # for the given levels in the /etc/pam.d directory.
171 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
173 if has pam ${IUSE} && ! use pam; then
178 pamdfile=${D}/etc/pam.d/$2
179 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
183 authlevels="auth account password session"
185 if has_version '<sys-libs/pam-0.78'; then
186 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
188 mimic="\tinclude\t\t${originalstack}"
193 while [[ -n $1 ]]; do
194 has $1 ${authlevels} || die "unknown level type"
196 echo -e "$1${mimic}" >> ${pamdfile}
202 # @FUNCTION: cleanpamd
203 # @USAGE: <pamd file>
205 # Cleans a pam.d file from modules that might not be present on the system
206 # where it's going to be installed
208 while [[ -n $1 ]]; do
209 if ! has_version sys-libs/pam; then
210 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
217 # @FUNCTION: pam_epam_expand
218 # @USAGE: <pamd file>
220 # Steer clear, deprecated, don't use, bad experiment
222 sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
223 "$@" | sort -u | while read condition parameter; do
229 message="This can be used only if you have ${parameter} installed"
230 has_version "$parameter" && disable="no"
233 message="This can be used only if you enabled the ${parameter} USE flag"
234 use "$parameter" && disable="no"
237 eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
238 die "Unknown EPAM condition '${condition}' ('${parameter}')"
242 if [ "${disable}" = "yes" ]; then
243 sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
245 sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
251 # Think about it before uncommenting this one, for now run it by hand
252 # pam_pkg_preinst() {
253 # eshopts_push -o noglob # so that bash doen't expand "*"
255 # pam_epam_expand "${D}"/etc/pam.d/*
257 # eshopts_pop # reset old shell opts