1 |
commit: ed4f15348fa950b02016154790bb6d180cccf5f9 |
2 |
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Aug 17 07:30:39 2020 +0000 |
4 |
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Aug 17 07:30:39 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=ed4f1534 |
7 |
|
8 |
make pam_gnome_keyring optional |
9 |
|
10 |
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> |
11 |
|
12 |
pambase.py | 143 ++++++++++++++++++++++++++------------------------- |
13 |
templates/passwd.tpl | 5 +- |
14 |
2 files changed, 76 insertions(+), 72 deletions(-) |
15 |
|
16 |
diff --git a/pambase.py b/pambase.py |
17 |
index 07e458d..83ee97c 100755 |
18 |
--- a/pambase.py |
19 |
+++ b/pambase.py |
20 |
@@ -6,96 +6,97 @@ import pathlib |
21 |
|
22 |
|
23 |
def main(): |
24 |
- parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files') |
25 |
- parser.add_argument('--libcap', action="store_true", help='enable pam_caps.so module') |
26 |
- parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module') |
27 |
- parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module') |
28 |
- parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module') |
29 |
- parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module') |
30 |
- parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module') |
31 |
- parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module') |
32 |
- parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module') |
33 |
- parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module') |
34 |
- parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module') |
35 |
- parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module') |
36 |
- parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack') |
37 |
- parser.add_argument('--debug', action="store_true", help='enable debug for selected modules') |
38 |
- parser.add_argument('--nullok', action="store_true", help='enable nullok option for pam_unix.so module') |
39 |
- |
40 |
- parsed_args = parser.parse_args() |
41 |
- processed = process_args(parsed_args) |
42 |
- |
43 |
- parse_templates(processed) |
44 |
+ parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files') |
45 |
+ parser.add_argument('--gnome-keyring', action="store_true", help='enable pam_gnome_keyring.so module') |
46 |
+ parser.add_argument('--libcap', action="store_true", help='enable pam_caps.so module') |
47 |
+ parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module') |
48 |
+ parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module') |
49 |
+ parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module') |
50 |
+ parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module') |
51 |
+ parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module') |
52 |
+ parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module') |
53 |
+ parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module') |
54 |
+ parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module') |
55 |
+ parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module') |
56 |
+ parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module') |
57 |
+ parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack') |
58 |
+ parser.add_argument('--debug', action="store_true", help='enable debug for selected modules') |
59 |
+ parser.add_argument('--nullok', action="store_true", help='enable nullok option for pam_unix.so module') |
60 |
+ |
61 |
+ parsed_args = parser.parse_args() |
62 |
+ processed = process_args(parsed_args) |
63 |
+ |
64 |
+ parse_templates(processed) |
65 |
|
66 |
|
67 |
def process_args(args): |
68 |
- # make sure that output directory exists |
69 |
- pathlib.Path("stack").mkdir(parents=True, exist_ok=True) |
70 |
+ # make sure that output directory exists |
71 |
+ pathlib.Path("stack").mkdir(parents=True, exist_ok=True) |
72 |
|
73 |
- blank_variables = [ |
74 |
- "krb5_authtok", |
75 |
- "unix_authtok", |
76 |
- "unix_extended_encryption", |
77 |
- "likeauth", |
78 |
- "nullok" |
79 |
- ] |
80 |
+ blank_variables = [ |
81 |
+ "krb5_authtok", |
82 |
+ "unix_authtok", |
83 |
+ "unix_extended_encryption", |
84 |
+ "likeauth", |
85 |
+ "nullok" |
86 |
+ ] |
87 |
|
88 |
- # create a blank dictionary |
89 |
- # then add in our parsed args |
90 |
- output = dict.fromkeys(blank_variables, "") |
91 |
- output.update(vars(args)) |
92 |
+ # create a blank dictionary |
93 |
+ # then add in our parsed args |
94 |
+ output = dict.fromkeys(blank_variables, "") |
95 |
+ output.update(vars(args)) |
96 |
|
97 |
- # unconditional variables |
98 |
- output["likeauth"] = "likeauth" |
99 |
- output["unix_authtok"] = "use_authtok" |
100 |
+ # unconditional variables |
101 |
+ output["likeauth"] = "likeauth" |
102 |
+ output["unix_authtok"] = "use_authtok" |
103 |
|
104 |
- if args.debug: |
105 |
- output["debug"] = "debug" |
106 |
+ if args.debug: |
107 |
+ output["debug"] = "debug" |
108 |
|
109 |
- if args.nullok: |
110 |
- output["nullok"] = "nullok" |
111 |
+ if args.nullok: |
112 |
+ output["nullok"] = "nullok" |
113 |
|
114 |
- if args.krb5: |
115 |
- output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip() |
116 |
+ if args.krb5: |
117 |
+ output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip() |
118 |
|
119 |
- if args.sha512: |
120 |
- output["unix_extended_encryption"] = "sha512 shadow" |
121 |
- else: |
122 |
- output["unix_extended_encryption"] = "md5 shadow" |
123 |
+ if args.sha512: |
124 |
+ output["unix_extended_encryption"] = "sha512 shadow" |
125 |
+ else: |
126 |
+ output["unix_extended_encryption"] = "md5 shadow" |
127 |
|
128 |
- return output |
129 |
+ return output |
130 |
|
131 |
|
132 |
def parse_templates(processed_args): |
133 |
- load = FileSystemLoader('') |
134 |
- env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True) |
135 |
+ load = FileSystemLoader('') |
136 |
+ env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True) |
137 |
|
138 |
- templates = [ |
139 |
- "login", |
140 |
- "other", |
141 |
- "passwd", |
142 |
- "system-local-login", |
143 |
- "system-remote-login", |
144 |
- "su", |
145 |
- "system-auth", |
146 |
- "system-login", |
147 |
- "system-services" |
148 |
- ] |
149 |
+ templates = [ |
150 |
+ "login", |
151 |
+ "other", |
152 |
+ "passwd", |
153 |
+ "system-local-login", |
154 |
+ "system-remote-login", |
155 |
+ "su", |
156 |
+ "system-auth", |
157 |
+ "system-login", |
158 |
+ "system-services" |
159 |
+ ] |
160 |
|
161 |
- for template_name in templates: |
162 |
- template = env.get_template('templates/{0}.tpl'.format(template_name)) |
163 |
+ for template_name in templates: |
164 |
+ template = env.get_template('templates/{0}.tpl'.format(template_name)) |
165 |
|
166 |
- with open('stack/{0}'.format(template_name), "w+") as output: |
167 |
- rendered_template = template.render(processed_args) |
168 |
+ with open('stack/{0}'.format(template_name), "w+") as output: |
169 |
+ rendered_template = template.render(processed_args) |
170 |
|
171 |
- # Strip all intermediate lines to not worry about appeasing Jinja |
172 |
- lines = rendered_template.split("\n") |
173 |
- lines = [line.strip() for line in lines if line] |
174 |
- rendered_template = "\n".join(lines) |
175 |
+ # Strip all intermediate lines to not worry about appeasing Jinja |
176 |
+ lines = rendered_template.split("\n") |
177 |
+ lines = [line.strip() for line in lines if line] |
178 |
+ rendered_template = "\n".join(lines) |
179 |
|
180 |
- if rendered_template: |
181 |
- output.write(rendered_template + "\n") |
182 |
+ if rendered_template: |
183 |
+ output.write(rendered_template + "\n") |
184 |
|
185 |
|
186 |
if __name__ == "__main__": |
187 |
- main() |
188 |
+ main() |
189 |
|
190 |
diff --git a/templates/passwd.tpl b/templates/passwd.tpl |
191 |
index 5f4f739..101a5fc 100644 |
192 |
--- a/templates/passwd.tpl |
193 |
+++ b/templates/passwd.tpl |
194 |
@@ -2,4 +2,7 @@ auth sufficient pam_rootok.so |
195 |
auth include system-auth |
196 |
account include system-auth |
197 |
password include system-auth |
198 |
--password optional pam_gnome_keyring.so {{ unix_authtok }} |
199 |
+ |
200 |
+{% if gnome_keyring %} |
201 |
+password optional pam_gnome_keyring.so {{ unix_authtok }} |
202 |
+{% endif %} |