diff options
| author | Simon Rettberg | 2019-06-28 16:56:22 +0200 |
|---|---|---|
| committer | root | 2019-06-28 17:12:49 +0200 |
| commit | f8abc5d351b6fa2293593d394a80c83665d5729d (patch) | |
| tree | e24a9ee760e50f66cf6698eaf0a73ee104b2b93b /core/modules/run-virt/data/opt/openslx/scripts | |
| parent | [pam-slx-plug] Move slx-plug specific hook directory (diff) | |
| download | mltk-f8abc5d351b6fa2293593d394a80c83665d5729d.tar.gz mltk-f8abc5d351b6fa2293593d394a80c83665d5729d.tar.xz mltk-f8abc5d351b6fa2293593d394a80c83665d5729d.zip | |
[pam-slx-plug] Move old pam_script_* hook dirs to pam dir
They're all now in subdirectories of /opt/openslx/pam/hooks.
Symlinks have been put in place where they used to reside.
Diffstat (limited to 'core/modules/run-virt/data/opt/openslx/scripts')
2 files changed, 0 insertions, 99 deletions
diff --git a/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials b/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials deleted file mode 100644 index 613c66ca..00000000 --- a/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/ash -# This is being sourced and running in ash - -if [ -n "$TEMP_HOME_DIR" ]; then - if [ -z "$PAM_TTY" ] || [ "x$PAM_TTY" = "x:0" ]; then - # Pass on network path to home directory - if [ -z "$PERSISTENT_NETPATH" ]; then - PERSISTENT_NETPATH=$(grep -m1 -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | awk '{print $1}') - fi - if [ -n "$PERSISTENT_NETPATH" ]; then - [ "x${PERSISTENT_NETPATH:0:2}" = "x//" ] && PERSISTENT_NETPATH=$(echo "$PERSISTENT_NETPATH" | tr '/' '\\') - echo "${PERSISTENT_NETPATH}" > "${TEMP_HOME_DIR}/.openslx/home" - chmod 0644 "${TEMP_HOME_DIR}/.openslx/home" - fi - - # pwdaemon - - # Figure out username - XUSER="${REAL_ACCOUNT}" - [ -z "$XUSER" ] && XUSER="${PAM_USER}" - # Figure out domain - XDOMAIN= - - if [ -d "/opt/openslx/pam/slx-ldap.d" ]; then - # New pretty approach - modular with multiple auth sources - if [ -n "$SHARE_DOMAIN" ]; then - [ "x$SHARE_DOMAIN" != "x#" ] && XDOMAIN="$SHARE_DOMAIN" - else - if [ -z "$XDOMAIN" ] && [ -n "$PERSISTENT_HOME_DIR" ]; then - XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]*)[ ,].*$/\1/g') - fi - if [ -z "$XDOMAIN" ] && [ -n "$USER_DN" ]; then - XDOMAIN=$(echo "$USER_DN" | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-) - fi - if [ -z "$XDOMAIN" ] && [ -n "$LDAP_BASE" ]; then - XDOMAIN=$(echo "$LDAP_BASE" | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-) - fi - if [ -z "$XDOMAIN" ]; then - XDOMAIN="WORKGROUP" - fi - fi - else - # Old approach - just one global config - # Take explicitly configured domain - if [ -s "/opt/openslx/inc/shares" ]; then - . /opt/openslx/inc/shares - XDOMAIN="${SHARE_DOMAIN}" - fi - if [ "x$XDOMAIN" = "x#" ]; then - XDOMAIN= - else - # Guess domain - if [ -z "$XDOMAIN" ] && [ -n "$PERSISTENT_HOME_DIR" ]; then - XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]*)[ ,].*$/\1/g') - fi - if [ -z "$XDOMAIN" ]; then - XDOMAIN=$(<"/etc/ldap.conf" grep -m1 -i '^BASE\s.*DC=' | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-) - fi - if [ -z "$XDOMAIN" ]; then - XDOMAIN=$(<"/etc/sssd/sssd.conf" grep -m1 -i '^ldap_search_base\s*=.*DC=' | grep -o -E -i 'DC=[^,;]+' | head -n 1 | cut -c 4-) - fi - if [ -z "$XDOMAIN" ]; then - XDOMAIN="WORKGROUP" - fi - fi - fi - [ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr '[a-z]' '[A-Z]')\\" - USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" pwdaemon --daemon "${USER_UID}" - unset XUSER XDOMAIN - fi -fi - -# Now copy all the share mount options over from the current ldap plugin -if [ -n "$SLX_LDAP_FILE" ] && [ -s "$SLX_LDAP_FILE" ]; then - grep '^SHARE_' "$SLX_LDAP_FILE" - if [ -n "$USER_DN" ] && [ "$(echo "$USER_DN" | wc -l)" = 1 ]; then - set | grep '^USER_DN=' - fi -fi > "${TEMP_HOME_DIR}/.openslx/shares" - -true - diff --git a/core/modules/run-virt/data/opt/openslx/scripts/pam_script_ses_close.d/runvirt-firewall-clear b/core/modules/run-virt/data/opt/openslx/scripts/pam_script_ses_close.d/runvirt-firewall-clear deleted file mode 100644 index dab08190..00000000 --- a/core/modules/run-virt/data/opt/openslx/scripts/pam_script_ses_close.d/runvirt-firewall-clear +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/ash - -# Sourced by pam_script_ses_close - -runvirt_fw_clear () { - iptables -w -F runvirt-INPUT - ip6tables -w -F runvirt-INPUT - iptables -w -F runvirt-OUTPUT - ip6tables -w -F runvirt-OUTPUT -} - -if [ "x$PAM_TTY" = "x:0" ]; then - runvirt_fw_clear > /dev/null 2>&1 -fi - -true - |