From 668e8c157a650523fec0b7d9ff852a4fbe777ccc Mon Sep 17 00:00:00 2001
From: Pascal Rigaux <pixel@mandriva.com>
Date: Fri, 5 Nov 2004 19:44:30 +0000
Subject: add "Smart Card" authentication (using pam_castella) (as asked by
 flepied)

---
 perl-install/authentication.pm | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm
index a50032fe3..cec86e54a 100644
--- a/perl-install/authentication.pm
+++ b/perl-install/authentication.pm
@@ -4,7 +4,7 @@ use common;
 use any;
 
 sub kinds() { 
-    ('local', 'LDAP', 'NIS', 'winbind', 'AD', 'SMBKRB');
+    ('local', 'LDAP', 'NIS', 'SmartCard', 'winbind', 'AD', 'SMBKRB');
 }
 
 sub kind2name {
@@ -12,7 +12,8 @@ sub kind2name {
     # Keep the following strings in sync with kind2description ones!!!
     ${{ local => N("Local file"), 
     LDAP => N("LDAP"), 
-    NIS => N("NIS"), 
+    NIS => N("NIS"),
+    SmartCard => N("Smart Card"),
     winbind => N("Windows Domain"), 
     AD => N("Active Directory with SFU"),
     SMBKRB => N("Active Directory with Winbind") }}{$kind};
@@ -141,7 +142,9 @@ sub set {
 
     log::l("authentication::set $kind");
 
-    if ($kind eq 'LDAP') {
+    if ($kind eq 'SmartCard') {
+	set_pam_authentication('castella');
+    } elsif ($kind eq 'LDAP') {
 	$in->do_pkgs->install(qw(openldap-clients nss_ldap pam_ldap autofs));
 
 	my $domain = $netc->{LDAPDOMAIN} || do {
@@ -282,7 +285,7 @@ sub set {
 
 
 sub pam_modules() {
-    'pam_ldap', 'pam_winbind', 'pam_krb5', 'pam_mkhomedir';
+    'pam_ldap', 'pam_castella', 'pam_winbind', 'pam_krb5', 'pam_mkhomedir';
 }
 sub pam_module_from_path { 
     $_[0] && $_[0] =~ m|(/lib/security/)?(pam_.*)\.so| && $2;
@@ -311,11 +314,15 @@ sub set_pam_authentication {
     
     my %special = (
 	auth => \@authentication_kinds,
-	account => \@authentication_kinds,
+	account => [ difference2(\@authentication_kinds, [ 'castella' ]) ],
 	password => [ intersection(\@authentication_kinds, [ 'ldap', 'krb5' ]) ],
     );
     my %before_first = (
-	session => intersection(\@authentication_kinds, [ 'winbind', 'krb5' ]) ? pam_format_line('session', 'optional', 'pam_mkhomedir', 'skel=/etc/skel/', 'umask=0022') : '',
+	session => 
+	  intersection(\@authentication_kinds, [ 'winbind', 'krb5' ]) 
+	    ? pam_format_line('session', 'optional', 'pam_mkhomedir', 'skel=/etc/skel/', 'umask=0022') :
+	  member('castella', @authentication_kinds)
+	    ? pam_format_line('session', 'optional', 'pam_castella') : '',
     );
     my %after_deny = (
 	session => member('krb5', @authentication_kinds) ? pam_format_line('session', 'optional', 'pam_krb5') : '',
@@ -334,7 +341,7 @@ sub set_pam_authentication {
 		  $type eq 'account' ? qw(use_first_pass) : @{[]};
 		@para = difference2(\@para, \@para_for_last);
 
-		my ($before, $after) = partition { $_ eq 'krb5' } @{$special{$type}};
+		my ($before, $after) = partition { member($_, 'krb5', 'castella') } @{$special{$type}};
 		my @l = ((map { [ "pam_$_" ] } @$before),
 			 [ 'pam_unix', @para ],
 			 (map { [ "pam_$_" ] } @$after),
-- 
cgit v1.2.1