summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMikle Kolyada <zlogene@gentoo.org>2020-08-17 10:30:39 +0300
committerMikle Kolyada <zlogene@gentoo.org>2020-08-17 10:30:39 +0300
commited4f15348fa950b02016154790bb6d180cccf5f9 (patch)
treeeac232e072890a924f5dffa0af87f1920502f594
parentAdd pam_pwquality.so support (diff)
downloadpambase-ed4f15348fa950b02016154790bb6d180cccf5f9.tar.gz
pambase-ed4f15348fa950b02016154790bb6d180cccf5f9.tar.bz2
pambase-ed4f15348fa950b02016154790bb6d180cccf5f9.zip
make pam_gnome_keyring optionalpambase-20200817
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
-rwxr-xr-xpambase.py143
-rw-r--r--templates/passwd.tpl5
2 files changed, 76 insertions, 72 deletions
diff --git a/pambase.py b/pambase.py
index 07e458d..83ee97c 100755
--- a/pambase.py
+++ b/pambase.py
@@ -6,96 +6,97 @@ import pathlib
def main():
- parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files')
- parser.add_argument('--libcap', action="store_true", help='enable pam_caps.so module')
- parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module')
- parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module')
- parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module')
- parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module')
- parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module')
- parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module')
- parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module')
- parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module')
- parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module')
- parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module')
- parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack')
- parser.add_argument('--debug', action="store_true", help='enable debug for selected modules')
- parser.add_argument('--nullok', action="store_true", help='enable nullok option for pam_unix.so module')
-
- parsed_args = parser.parse_args()
- processed = process_args(parsed_args)
-
- parse_templates(processed)
+ parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files')
+ parser.add_argument('--gnome-keyring', action="store_true", help='enable pam_gnome_keyring.so module')
+ parser.add_argument('--libcap', action="store_true", help='enable pam_caps.so module')
+ parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module')
+ parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module')
+ parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module')
+ parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module')
+ parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module')
+ parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module')
+ parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module')
+ parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module')
+ parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module')
+ parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module')
+ parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack')
+ parser.add_argument('--debug', action="store_true", help='enable debug for selected modules')
+ parser.add_argument('--nullok', action="store_true", help='enable nullok option for pam_unix.so module')
+
+ parsed_args = parser.parse_args()
+ processed = process_args(parsed_args)
+
+ parse_templates(processed)
def process_args(args):
- # make sure that output directory exists
- pathlib.Path("stack").mkdir(parents=True, exist_ok=True)
+ # make sure that output directory exists
+ pathlib.Path("stack").mkdir(parents=True, exist_ok=True)
- blank_variables = [
- "krb5_authtok",
- "unix_authtok",
- "unix_extended_encryption",
- "likeauth",
- "nullok"
- ]
+ blank_variables = [
+ "krb5_authtok",
+ "unix_authtok",
+ "unix_extended_encryption",
+ "likeauth",
+ "nullok"
+ ]
- # create a blank dictionary
- # then add in our parsed args
- output = dict.fromkeys(blank_variables, "")
- output.update(vars(args))
+ # create a blank dictionary
+ # then add in our parsed args
+ output = dict.fromkeys(blank_variables, "")
+ output.update(vars(args))
- # unconditional variables
- output["likeauth"] = "likeauth"
- output["unix_authtok"] = "use_authtok"
+ # unconditional variables
+ output["likeauth"] = "likeauth"
+ output["unix_authtok"] = "use_authtok"
- if args.debug:
- output["debug"] = "debug"
+ if args.debug:
+ output["debug"] = "debug"
- if args.nullok:
- output["nullok"] = "nullok"
+ if args.nullok:
+ output["nullok"] = "nullok"
- if args.krb5:
- output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip()
+ if args.krb5:
+ output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip()
- if args.sha512:
- output["unix_extended_encryption"] = "sha512 shadow"
- else:
- output["unix_extended_encryption"] = "md5 shadow"
+ if args.sha512:
+ output["unix_extended_encryption"] = "sha512 shadow"
+ else:
+ output["unix_extended_encryption"] = "md5 shadow"
- return output
+ return output
def parse_templates(processed_args):
- load = FileSystemLoader('')
- env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True)
+ load = FileSystemLoader('')
+ env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True)
- templates = [
- "login",
- "other",
- "passwd",
- "system-local-login",
- "system-remote-login",
- "su",
- "system-auth",
- "system-login",
- "system-services"
- ]
+ templates = [
+ "login",
+ "other",
+ "passwd",
+ "system-local-login",
+ "system-remote-login",
+ "su",
+ "system-auth",
+ "system-login",
+ "system-services"
+ ]
- for template_name in templates:
- template = env.get_template('templates/{0}.tpl'.format(template_name))
+ for template_name in templates:
+ template = env.get_template('templates/{0}.tpl'.format(template_name))
- with open('stack/{0}'.format(template_name), "w+") as output:
- rendered_template = template.render(processed_args)
+ with open('stack/{0}'.format(template_name), "w+") as output:
+ rendered_template = template.render(processed_args)
- # Strip all intermediate lines to not worry about appeasing Jinja
- lines = rendered_template.split("\n")
- lines = [line.strip() for line in lines if line]
- rendered_template = "\n".join(lines)
+ # Strip all intermediate lines to not worry about appeasing Jinja
+ lines = rendered_template.split("\n")
+ lines = [line.strip() for line in lines if line]
+ rendered_template = "\n".join(lines)
- if rendered_template:
- output.write(rendered_template + "\n")
+ if rendered_template:
+ output.write(rendered_template + "\n")
if __name__ == "__main__":
- main()
+ main()
diff --git a/templates/passwd.tpl b/templates/passwd.tpl
index 5f4f739..101a5fc 100644
--- a/templates/passwd.tpl
+++ b/templates/passwd.tpl
@@ -2,4 +2,7 @@ auth sufficient pam_rootok.so
auth include system-auth
account include system-auth
password include system-auth
--password optional pam_gnome_keyring.so {{ unix_authtok }}
+
+{% if gnome_keyring %}
+password optional pam_gnome_keyring.so {{ unix_authtok }}
+{% endif %}