%PDF- %PDF-
Direktori : /usr/share/augeas/lenses/dist/ |
Current File : //usr/share/augeas/lenses/dist/authselectpam.aug |
(* Module: AuthselectPam Parses /etc/authselect/custom/*/*-auth and /etc/authselect/custom/*/postlogin files Author: Heston Snodgrass <heston.snodgrass@puppet.com> based on pam.aug by David Lutterkort <lutter@redhat.com> About: Reference This lens tries to keep as close as possible to `man pam.conf` where possible. This lens supports authselect templating syntax as can be found in `man authselect-profiles`. About: Licence This file is licensed under the LGPL v2+, like the rest of Augeas. About: Lens Usage About: Configuration files This lens also autoloads /etc/authselect/custom/*/*-auth and /etc/authselect/custom/*/postlogin because these files are PAM template files on machines that have authselect custom profiles. *) module AuthselectPam = autoload xfm (* The Pam space does not work for certain parts of the authselect syntax so we need our own whitespace *) let reg_ws = del /([ \t])/ " " (* This is close the the same as argument from pam.aug, but curly braces are accounted for *) let argument = /(\[[^]{}#\n]+\]|[^[{#\n \t\\][^#\n \t\\]*)/ (* The various types of conditional statements that can exist in authselect PAM files *) let authselect_conditional_type = /(continue if|stop if|include if|exclude if|imply|if)/ (* Basic logical operators supported by authselect templates *) let authselect_logic_stmt = [ reg_ws . key /(and|or|not)/ ] (* authselect features inside conditional templates *) let authselect_feature = [ label "feature" . Quote.do_dquote (store /([a-z0-9-]+)/) ] (* authselect templates can substitute text if a condition is met. *) (* The sytax for this is `<conditional>:<what to sub on true>|<what to sub on false>` *) (* Both result forms are optional *) let authselect_on_true = [ label "on_true" . Util.del_str ":" . store /([^#{}:|\n\\]+)/ ] let authselect_on_false = [ label "on_false" . Util.del_str "|" . store /([^#{}:|\n\\]+)/ ] (* Features in conditionals can be grouped together so that logical operations can be resolved for the entire group *) let authselect_feature_group = [ label "feature_group" . Util.del_str "(" . authselect_feature . authselect_logic_stmt . reg_ws . authselect_feature . (authselect_logic_stmt . reg_ws . authselect_feature)* . Util.del_str ")" ] (* Represents a single, full authselect conditional template *) let authselect_conditional = [ Pam.space . Util.del_str "{" . label "authselect_conditional" . store authselect_conditional_type . authselect_logic_stmt* . ( reg_ws . authselect_feature | reg_ws . authselect_feature_group) . authselect_on_true? . authselect_on_false? . Util.del_str "}" ] (* Shared with PamConf *) let record = [ label "optional" . del "-" "-" ]? . [ label "type" . store Pam.types ] . Pam.space . [ label "control" . store Pam.control] . Pam.space . [ label "module" . store Pam.word ] . (authselect_conditional | [ Pam.space . label "argument" . store argument ])* . Pam.comment_or_eol let record_svc = [ seq "record" . Pam.indent . record ] let lns = ( Pam.empty | Pam.comment | Pam.include | record_svc ) * let filter = incl "/etc/authselect/custom/*/*-auth" . incl "/etc/authselect/custom/*/postlogin" . Util.stdexcl let xfm = transform lns filter (* Local Variables: *) (* mode: caml *) (* End: *)