3 Parses /etc/authselect/custom/*/*-auth and
4 /etc/authselect/custom/*/postlogin files
6 Author: Heston Snodgrass <heston.snodgrass@puppet.com> based on pam.aug by David Lutterkort <lutter@redhat.com>
9 This lens tries to keep as close as possible to `man pam.conf` where
10 possible. This lens supports authselect templating syntax as
11 can be found in `man authselect-profiles`.
14 This file is licensed under the LGPL v2+, like the rest of Augeas.
18 About: Configuration files
19 This lens also autoloads /etc/authselect/custom/*/*-auth and
20 /etc/authselect/custom/*/postlogin because these files are PAM template
21 files on machines that have authselect custom profiles.
23 module AuthselectPam =
26 (* The Pam space does not work for certain parts of the authselect syntax so we need our own whitespace *)
27 let reg_ws = del /([ \t])/ " "
29 (* This is close the the same as argument from pam.aug, but curly braces are accounted for *)
30 let argument = /(\[[^]{}#\n]+\]|[^[{#\n \t\\][^#\n \t\\]*)/
32 (* The various types of conditional statements that can exist in authselect PAM files *)
33 let authselect_conditional_type = /(continue if|stop if|include if|exclude if|imply|if)/
35 (* Basic logical operators supported by authselect templates *)
36 let authselect_logic_stmt = [ reg_ws . key /(and|or|not)/ ]
38 (* authselect features inside conditional templates *)
39 let authselect_feature = [ label "feature" . Quote.do_dquote (store /([a-z0-9-]+)/) ]
41 (* authselect templates can substitute text if a condition is met. *)
42 (* The sytax for this is `<conditional>:<what to sub on true>|<what to sub on false>` *)
43 (* Both result forms are optional *)
44 let authselect_on_true = [ label "on_true" . Util.del_str ":" . store /([^#{}:|\n\\]+)/ ]
45 let authselect_on_false = [ label "on_false" . Util.del_str "|" . store /([^#{}:|\n\\]+)/ ]
47 (* Features in conditionals can be grouped together so that logical operations can be resolved for the entire group *)
48 let authselect_feature_group = [ label "feature_group" . Util.del_str "(" .
49 authselect_feature . authselect_logic_stmt .
50 reg_ws . authselect_feature . (authselect_logic_stmt . reg_ws . authselect_feature)* .
53 (* Represents a single, full authselect conditional template *)
54 let authselect_conditional = [ Pam.space .
56 label "authselect_conditional" . store authselect_conditional_type .
57 authselect_logic_stmt* .
58 ( reg_ws . authselect_feature | reg_ws . authselect_feature_group) .
60 authselect_on_false? .
63 (* Shared with PamConf *)
64 let record = [ label "optional" . del "-" "-" ]? .
65 [ label "type" . store Pam.types ] .
67 [ label "control" . store Pam.control] .
69 [ label "module" . store Pam.word ] .
70 (authselect_conditional | [ Pam.space . label "argument" . store argument ])* .
73 let record_svc = [ seq "record" . Pam.indent . record ]
75 let lns = ( Pam.empty | Pam.comment | Pam.include | record_svc ) *
77 let filter = incl "/etc/authselect/custom/*/*-auth"
78 . incl "/etc/authselect/custom/*/postlogin"
81 let xfm = transform lns filter
83 (* Local Variables: *)