86 lines
3.7 KiB
Plaintext
86 lines
3.7 KiB
Plaintext
(*
|
|
Module: AuthselectPam
|
|
Parses /etc/authselect/custom/*/*-auth and
|
|
/etc/authselect/custom/*/postlogin files
|
|
|
|
Author: Heston Snodgrass <heston.snodgrass@puppet.com> based on pam.aug by David Lutterkort <lutter@redhat.com>
|
|
|
|
About: Reference
|
|
This lens tries to keep as close as possible to `man pam.conf` where
|
|
possible. This lens supports authselect templating syntax as
|
|
can be found in `man authselect-profiles`.
|
|
|
|
About: Licence
|
|
This file is licensed under the LGPL v2+, like the rest of Augeas.
|
|
|
|
About: Lens Usage
|
|
|
|
About: Configuration files
|
|
This lens also autoloads /etc/authselect/custom/*/*-auth and
|
|
/etc/authselect/custom/*/postlogin because these files are PAM template
|
|
files on machines that have authselect custom profiles.
|
|
*)
|
|
module AuthselectPam =
|
|
autoload xfm
|
|
|
|
(* The Pam space does not work for certain parts of the authselect syntax so we need our own whitespace *)
|
|
let reg_ws = del /([ \t])/ " "
|
|
|
|
(* This is close the the same as argument from pam.aug, but curly braces are accounted for *)
|
|
let argument = /(\[[^]{}#\n]+\]|[^[{#\n \t\\][^#\n \t\\]*)/
|
|
|
|
(* The various types of conditional statements that can exist in authselect PAM files *)
|
|
let authselect_conditional_type = /(continue if|stop if|include if|exclude if|imply|if)/
|
|
|
|
(* Basic logical operators supported by authselect templates *)
|
|
let authselect_logic_stmt = [ reg_ws . key /(and|or|not)/ ]
|
|
|
|
(* authselect features inside conditional templates *)
|
|
let authselect_feature = [ label "feature" . Quote.do_dquote (store /([a-z0-9-]+)/) ]
|
|
|
|
(* authselect templates can substitute text if a condition is met. *)
|
|
(* The sytax for this is `<conditional>:<what to sub on true>|<what to sub on false>` *)
|
|
(* Both result forms are optional *)
|
|
let authselect_on_true = [ label "on_true" . Util.del_str ":" . store /([^#{}:|\n\\]+)/ ]
|
|
let authselect_on_false = [ label "on_false" . Util.del_str "|" . store /([^#{}:|\n\\]+)/ ]
|
|
|
|
(* Features in conditionals can be grouped together so that logical operations can be resolved for the entire group *)
|
|
let authselect_feature_group = [ label "feature_group" . Util.del_str "(" .
|
|
authselect_feature . authselect_logic_stmt .
|
|
reg_ws . authselect_feature . (authselect_logic_stmt . reg_ws . authselect_feature)* .
|
|
Util.del_str ")" ]
|
|
|
|
(* Represents a single, full authselect conditional template *)
|
|
let authselect_conditional = [ Pam.space .
|
|
Util.del_str "{" .
|
|
label "authselect_conditional" . store authselect_conditional_type .
|
|
authselect_logic_stmt* .
|
|
( reg_ws . authselect_feature | reg_ws . authselect_feature_group) .
|
|
authselect_on_true? .
|
|
authselect_on_false? .
|
|
Util.del_str "}" ]
|
|
|
|
(* Shared with PamConf *)
|
|
let record = [ label "optional" . del "-" "-" ]? .
|
|
[ label "type" . store Pam.types ] .
|
|
Pam.space .
|
|
[ label "control" . store Pam.control] .
|
|
Pam.space .
|
|
[ label "module" . store Pam.word ] .
|
|
(authselect_conditional | [ Pam.space . label "argument" . store argument ])* .
|
|
Pam.comment_or_eol
|
|
|
|
let record_svc = [ seq "record" . Pam.indent . record ]
|
|
|
|
let lns = ( Pam.empty | Pam.comment | Pam.include | record_svc ) *
|
|
|
|
let filter = incl "/etc/authselect/custom/*/*-auth"
|
|
. incl "/etc/authselect/custom/*/postlogin"
|
|
. Util.stdexcl
|
|
|
|
let xfm = transform lns filter
|
|
|
|
(* Local Variables: *)
|
|
(* mode: caml *)
|
|
(* End: *)
|