1 # Copyright 1999-2015 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
9 # Diego Pettenò <flameeyes@gentoo.org>
10 # @BLURB: Handles pam related tasks
12 # This eclass contains functions to install pamd configuration files and
15 if [[ -z ${_PAM_ECLASS} ]]; then
18 inherit flag-o-matic multilib
21 # @USAGE: <file> [more files]
23 # Install pam auth config file in /etc/pam.d
25 [[ -z $1 ]] && die "dopamd requires at least one argument"
27 if has pam ${IUSE} && ! use pam; then
31 ( # dont want to pollute calling env
35 ) || die "failed to install $@"
40 # @USAGE: <old name> <new name>
42 # Install pam file <old name> as <new name> in /etc/pam.d
44 [[ $# -ne 2 ]] && die "newpamd requires two arguments"
46 if has pam ${IUSE} && ! use pam; then
50 ( # dont want to pollute calling env
54 ) || die "failed to install $1 as $2"
58 # @FUNCTION: dopamsecurity
59 # @USAGE: <section> <file> [more files]
61 # Installs the config files in /etc/security/<section>/
63 [[ $# -lt 2 ]] && die "dopamsecurity requires at least two arguments"
65 if has pam ${IUSE} && ! use pam; then
69 ( # dont want to pollute calling env
70 insinto /etc/security/$1
73 ) || die "failed to install ${@:2}"
76 # @FUNCTION: newpamsecurity
77 # @USAGE: <section> <old name> <new name>
79 # Installs the config file <old name> as <new name> in /etc/security/<section>/
81 [[ $# -ne 3 ]] && die "newpamsecurity requires three arguments"
83 if has pam ${IUSE} && ! use pam; then
87 ( # dont want to pollute calling env
88 insinto /etc/security/$1
91 ) || die "failed to install $2 as $3"
94 # @FUNCTION: getpam_mod_dir
96 # Returns the pam modules' directory for current implementation
98 if has_version sys-libs/pam || has_version sys-libs/openpam; then
99 PAM_MOD_DIR=/$(get_libdir)/security
101 # Unable to find PAM implementation... defaulting
102 PAM_MOD_DIR=/$(get_libdir)/security
108 # @FUNCTION: pammod_hide_symbols
110 # Hide all non-PAM-used symbols from the module; this function creates a
111 # simple ld version script that hides all the symbols that are not
112 # necessary for PAM to load the module, then uses append-flags to make
113 # sure that it gets used.
114 pammod_hide_symbols() {
115 cat - > "${T}"/pam-eclass-pam_symbols.ver <<EOF
122 append-ldflags -Wl,--version-script="${T}"/pam-eclass-pam_symbols.ver
125 # @FUNCTION: dopammod
126 # @USAGE: <file> [more files]
128 # Install pam module file in the pam modules' dir for current implementation
130 [[ -z $1 ]] && die "dopammod requires at least one argument"
132 if has pam ${IUSE} && ! use pam; then
136 exeinto $(getpam_mod_dir)
137 doexe "$@" || die "failed to install $@"
140 # @FUNCTION: newpammod
141 # @USAGE: <old name> <new name>
143 # Install pam module file <old name> as <new name> in the pam
144 # modules' dir for current implementation
146 [[ $# -ne 2 ]] && die "newpammod requires two arguements"
148 if has pam ${IUSE} && ! use pam; then
152 exeinto $(getpam_mod_dir)
153 newexe "$1" "$2" || die "failed to install $1 as $2"
156 # @FUNCTION: pamd_mimic_system
157 # @USAGE: <pamd file> [auth levels]
159 # This function creates a pamd file which mimics system-auth file
160 # for the given levels in the /etc/pam.d directory.
161 pamd_mimic_system() {
162 [[ $# -lt 2 ]] && die "pamd_mimic_system requires at least two argments"
163 pamd_mimic system-auth "$@"
166 # @FUNCTION: pamd_mimic
167 # @USAGE: <stack> <pamd file> [auth levels]
169 # This function creates a pamd file which mimics the given stack
170 # for the given levels in the /etc/pam.d directory.
172 [[ $# -lt 3 ]] && die "pamd_mimic requires at least three argments"
174 if has pam ${IUSE} && ! use pam; then
179 pamdfile=${D}/etc/pam.d/$2
180 echo -e "# File autogenerated by pamd_mimic in pam eclass\n\n" >> \
184 authlevels="auth account password session"
186 if has_version '<sys-libs/pam-0.78'; then
187 mimic="\trequired\t\tpam_stack.so service=${originalstack}"
189 mimic="\tinclude\t\t${originalstack}"
194 while [[ -n $1 ]]; do
195 has $1 ${authlevels} || die "unknown level type"
197 echo -e "$1${mimic}" >> ${pamdfile}
203 # @FUNCTION: cleanpamd
204 # @USAGE: <pamd file>
206 # Cleans a pam.d file from modules that might not be present on the system
207 # where it's going to be installed
209 while [[ -n $1 ]]; do
210 if ! has_version sys-libs/pam; then
211 sed -i -e '/pam_shells\|pam_console/s:^:#:' "${D}/etc/pam.d/$1"
218 # @FUNCTION: pam_epam_expand
219 # @USAGE: <pamd file>
221 # Steer clear, deprecated, don't use, bad experiment
223 sed -n -e 's|#%EPAM-\([[:alpha:]-]\+\):\([-+<>=/.![:alnum:]]\+\)%#.*|\1 \2|p' \
224 "$@" | sort -u | while read condition parameter; do
230 message="This can be used only if you have ${parameter} installed"
231 has_version "$parameter" && disable="no"
234 message="This can be used only if you enabled the ${parameter} USE flag"
235 use "$parameter" && disable="no"
238 eerror "Unknown EPAM condition '${condition}' ('${parameter}')"
239 die "Unknown EPAM condition '${condition}' ('${parameter}')"
243 if [ "${disable}" = "yes" ]; then
244 sed -i -e "/#%EPAM-${condition}:${parameter/\//\\/}%#/d" "$@"
246 sed -i -e "s|#%EPAM-${condition}:${parameter}%#||" "$@"
252 # Think about it before uncommenting this one, for now run it by hand
253 # pam_pkg_preinst() {
254 # eshopts_push -o noglob # so that bash doen't expand "*"
256 # pam_epam_expand "${D}"/etc/pam.d/*
258 # eshopts_pop # reset old shell opts