diff options
author | Mikle Kolyada <zlogene@gentoo.org> | 2020-08-17 10:30:39 +0300 |
---|---|---|
committer | Mikle Kolyada <zlogene@gentoo.org> | 2020-08-17 10:30:39 +0300 |
commit | ed4f15348fa950b02016154790bb6d180cccf5f9 (patch) | |
tree | eac232e072890a924f5dffa0af87f1920502f594 | |
parent | Add pam_pwquality.so support (diff) | |
download | pambase-20200817.tar.gz pambase-20200817.tar.bz2 pambase-20200817.zip |
make pam_gnome_keyring optionalpambase-20200817
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
-rwxr-xr-x | pambase.py | 143 | ||||
-rw-r--r-- | templates/passwd.tpl | 5 |
2 files changed, 76 insertions, 72 deletions
@@ -6,96 +6,97 @@ import pathlib def main(): - parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files') - parser.add_argument('--libcap', action="store_true", help='enable pam_caps.so module') - parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module') - parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module') - parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module') - parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module') - parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module') - parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module') - parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module') - parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module') - parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module') - parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module') - parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack') - parser.add_argument('--debug', action="store_true", help='enable debug for selected modules') - parser.add_argument('--nullok', action="store_true", help='enable nullok option for pam_unix.so module') - - parsed_args = parser.parse_args() - processed = process_args(parsed_args) - - parse_templates(processed) + parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files') + parser.add_argument('--gnome-keyring', action="store_true", help='enable pam_gnome_keyring.so module') + parser.add_argument('--libcap', action="store_true", help='enable pam_caps.so module') + parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module') + parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module') + parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module') + parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module') + parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module') + parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module') + parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module') + parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module') + parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module') + parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module') + parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack') + parser.add_argument('--debug', action="store_true", help='enable debug for selected modules') + parser.add_argument('--nullok', action="store_true", help='enable nullok option for pam_unix.so module') + + parsed_args = parser.parse_args() + processed = process_args(parsed_args) + + parse_templates(processed) def process_args(args): - # make sure that output directory exists - pathlib.Path("stack").mkdir(parents=True, exist_ok=True) + # make sure that output directory exists + pathlib.Path("stack").mkdir(parents=True, exist_ok=True) - blank_variables = [ - "krb5_authtok", - "unix_authtok", - "unix_extended_encryption", - "likeauth", - "nullok" - ] + blank_variables = [ + "krb5_authtok", + "unix_authtok", + "unix_extended_encryption", + "likeauth", + "nullok" + ] - # create a blank dictionary - # then add in our parsed args - output = dict.fromkeys(blank_variables, "") - output.update(vars(args)) + # create a blank dictionary + # then add in our parsed args + output = dict.fromkeys(blank_variables, "") + output.update(vars(args)) - # unconditional variables - output["likeauth"] = "likeauth" - output["unix_authtok"] = "use_authtok" + # unconditional variables + output["likeauth"] = "likeauth" + output["unix_authtok"] = "use_authtok" - if args.debug: - output["debug"] = "debug" + if args.debug: + output["debug"] = "debug" - if args.nullok: - output["nullok"] = "nullok" + if args.nullok: + output["nullok"] = "nullok" - if args.krb5: - output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip() + if args.krb5: + output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip() - if args.sha512: - output["unix_extended_encryption"] = "sha512 shadow" - else: - output["unix_extended_encryption"] = "md5 shadow" + if args.sha512: + output["unix_extended_encryption"] = "sha512 shadow" + else: + output["unix_extended_encryption"] = "md5 shadow" - return output + return output def parse_templates(processed_args): - load = FileSystemLoader('') - env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True) + load = FileSystemLoader('') + env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True) - templates = [ - "login", - "other", - "passwd", - "system-local-login", - "system-remote-login", - "su", - "system-auth", - "system-login", - "system-services" - ] + templates = [ + "login", + "other", + "passwd", + "system-local-login", + "system-remote-login", + "su", + "system-auth", + "system-login", + "system-services" + ] - for template_name in templates: - template = env.get_template('templates/{0}.tpl'.format(template_name)) + for template_name in templates: + template = env.get_template('templates/{0}.tpl'.format(template_name)) - with open('stack/{0}'.format(template_name), "w+") as output: - rendered_template = template.render(processed_args) + with open('stack/{0}'.format(template_name), "w+") as output: + rendered_template = template.render(processed_args) - # Strip all intermediate lines to not worry about appeasing Jinja - lines = rendered_template.split("\n") - lines = [line.strip() for line in lines if line] - rendered_template = "\n".join(lines) + # Strip all intermediate lines to not worry about appeasing Jinja + lines = rendered_template.split("\n") + lines = [line.strip() for line in lines if line] + rendered_template = "\n".join(lines) - if rendered_template: - output.write(rendered_template + "\n") + if rendered_template: + output.write(rendered_template + "\n") if __name__ == "__main__": - main() + main() diff --git a/templates/passwd.tpl b/templates/passwd.tpl index 5f4f739..101a5fc 100644 --- a/templates/passwd.tpl +++ b/templates/passwd.tpl @@ -2,4 +2,7 @@ auth sufficient pam_rootok.so auth include system-auth account include system-auth password include system-auth --password optional pam_gnome_keyring.so {{ unix_authtok }} + +{% if gnome_keyring %} +password optional pam_gnome_keyring.so {{ unix_authtok }} +{% endif %} |