[gentoo-commits] proj/pambase:master commit in: /, templates/

Mike Gilbert Sun, 13 Apr 2025 14:15:22 -0700

commit:     9f1eeb8ebfb220151c1d9ac5fb532192ee926bec
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Apr  4 18:24:30 2025 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Apr  4 18:24:30 2025 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=9f1eeb8e


Simplify debug and nullok options

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 pambase.py                   | 17 ++++++++---------
 templates/system-auth.tpl    | 16 ++++++++--------
 templates/system-login.tpl   |  8 ++++----
 templates/system-session.tpl |  8 ++++----
 4 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/pambase.py b/pambase.py
index df7495e..2e6546c 100755
--- a/pambase.py
+++ b/pambase.py
@@ -65,11 +65,17 @@ def main():
         "--minimal", action="store_true", help="install minimalistic PAM stack"
     )
     parser.add_argument(
-        "--debug", action="store_true", help="enable debug for selected 
modules"
+        "--debug",
+        action="store_const",
+        const="debug",
+        default="",
+        help="enable debug for selected modules",
     )
     parser.add_argument(
         "--nullok",
-        action="store_true",
+        action="store_const",
+        const="nullok",
+        default="",
         help="enable nullok option for pam_unix.so module",
     )
 
@@ -88,7 +94,6 @@ def process_args(args):
         "unix_authtok",
         "unix_extended_encryption",
         "likeauth",
-        "nullok",
         "local_users_only",
     ]
 
@@ -101,12 +106,6 @@ def process_args(args):
     output["likeauth"] = "likeauth"
     output["unix_authtok"] = "use_authtok"
 
-    if args.debug:
-        output["debug"] = "debug"
-
-    if args.nullok:
-        output["nullok"] = "nullok"
-
     if args.krb5:
         output["krb5_params"] = "{0} ignore_root 
try_first_pass".format("debug").strip()
 

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 9ecb27a..97aedd0 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -1,4 +1,4 @@
-auth           required        pam_env.so {{ debug|default('', true) }}
+auth           required        pam_env.so {{ debug }}
 {% if pam_ssh %}
 auth           sufficient      pam_ssh.so
 {% endif %}
@@ -19,13 +19,13 @@ auth                [success=2 default=ignore]      
pam_systemd_home.so
 {% endif %}
 
 {% if sssd %}
-auth           sufficient      pam_unix.so {{ nullok|default('', true) }} {{ 
debug|default('', true) }}
+auth           sufficient      pam_unix.so {{ nullok }} {{ debug }}
 {% else %}
-auth           [success=1 new_authtok_reqd=1 ignore=ignore default=bad]        
pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} 
try_first_pass
+auth           [success=1 new_authtok_reqd=1 ignore=ignore default=bad]        
pam_unix.so {{ nullok }} {{ debug }} try_first_pass
 {% endif %}
 auth           [default=die]   pam_faillock.so authfail
 {% if sssd %}
-auth           sufficient      pam_sss.so forward_pass {{ debug|default('', 
true) }}
+auth           sufficient      pam_sss.so forward_pass {{ debug }}
 {% endif %}
 {% if caps %}
 auth           optional        pam_cap.so
@@ -41,12 +41,12 @@ account             [success=2 default=ignore]      
pam_krb5.so {{ krb5_params }}
 account                [success={{ 2 if sssd else 1 }} default=ignore] 
pam_systemd_home.so
 {% endif %}
 
-account                required        pam_unix.so {{ debug|default('', true) 
}}
+account                required        pam_unix.so {{ debug }}
 account                required        pam_faillock.so
 {% if sssd %}
 account                sufficient      pam_localuser.so
 account                sufficient      pam_usertype.so issystem
-account                [default=bad success=ok user_unknown=ignore]    
pam_sss.so {{ debug|default('', true) }}
+account                [default=bad success=ok user_unknown=ignore]    
pam_sss.so {{ debug }}
 account                required        pam_permit.so
 {% endif %}
 
@@ -71,9 +71,9 @@ password      [success=1 default=ignore]      
pam_systemd_home.so
 {% endif %}
 
 {% if passwdqc or pwquality %}
-password       {{ 'sufficient' if sssd else 'required' }}      pam_unix.so 
try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) 
}} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) 
}}
+password       {{ 'sufficient' if sssd else 'required' }}      pam_unix.so 
try_first_pass {{ unix_authtok|default('', true) }} {{ nullok }} {{ 
unix_extended_encryption|default('', true) }} {{ debug }}
 {% else %}
-password       {{ 'sufficient' if sssd else 'required' }}      pam_unix.so 
try_first_pass {{ nullok|default('', true) }} {{ 
unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
+password       {{ 'sufficient' if sssd else 'required' }}      pam_unix.so 
try_first_pass {{ nullok }} {{ unix_extended_encryption|default('', true) }} {{ 
debug }}
 {% endif %}
 
 {% if sssd %}

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 44dad37..77926b7 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -1,10 +1,10 @@
 {% if shells %}
-auth           required        pam_shells.so {{ debug|default('', true) }}
+auth           required        pam_shells.so {{ debug }}
 {% endif %}
 auth           required        pam_nologin.so
 auth           include         system-auth
 
-account                required        pam_access.so {{ debug|default('', 
true) }}
+account                required        pam_access.so {{ debug }}
 account                required        pam_nologin.so
 account                required        pam_time.so
 account                include         system-auth
@@ -15,7 +15,7 @@ session               optional        pam_loginuid.so
 session                required        pam_selinux.so close
 {% endif %}
 
-session                required        pam_env.so envfile=/etc/profile.env {{ 
debug|default('', true) }}
+session                required        pam_env.so envfile=/etc/profile.env {{ 
debug }}
 session                include         system-auth
 {% if selinux %}
 # Note: modules that run in the user's context must come after this line.
@@ -24,7 +24,7 @@ session               required        pam_selinux.so multiple 
open
 
 {% if not minimal %}
 session                optional        pam_motd.so motd=/etc/motd
-session                optional        pam_lastlog.so never showfailed {{ 
debug|default('', true) }}
+session                optional        pam_lastlog.so never showfailed {{ 
debug }}
 session                optional        pam_mail.so
 {% endif %}
 

diff --git a/templates/system-session.tpl b/templates/system-session.tpl
index efcb464..bd2d562 100644
--- a/templates/system-session.tpl
+++ b/templates/system-session.tpl
@@ -1,5 +1,5 @@
-session                required        pam_limits.so {{ debug|default('', 
true) }}
-session                required        pam_env.so {{ debug|default('', true) }}
+session                required        pam_limits.so {{ debug }}
+session                required        pam_env.so {{ debug }}
 {% if mktemp %}
 session                optional        pam_mktemp.so
 {% endif %}
@@ -12,8 +12,8 @@ session               [success=1 default=ignore]      
pam_krb5.so {{ krb5_params }}
 session                [success=1 default=ignore]      pam_systemd_home.so
 {% endif %}
 
-session                required        pam_unix.so {{ debug|default('', true) 
}}
+session                required        pam_unix.so {{ debug }}
 
 {% if sssd %}
-session                optional        pam_sss.so {{ debug|default('', true) }}
+session                optional        pam_sss.so {{ debug }}
 {% endif %}

[gentoo-commits] proj/pambase:master commit in: /, templates/

Reply via email to