blob: 4611c461d7f2cd5f6418033c57a5fb011c294194 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
#!/bin/ash
# This is being sourced and running in ash
if [ -n "$TEMP_HOME_DIR" ]; then
if [ -z "$PAM_TTY" ] || [ "x$PAM_TTY" = "x:0" ]; then
# Pass on network path to home directory
if [ -z "$PERSISTENT_NETPATH" ]; then
PERSISTENT_NETPATH=$(grep -m1 -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | awk '{print $1}')
fi
if [ -n "$PERSISTENT_NETPATH" ]; then
[ "x${PERSISTENT_NETPATH:0:2}" = "x//" ] && PERSISTENT_NETPATH=$(echo "$PERSISTENT_NETPATH" | tr '/' '\\')
echo "${PERSISTENT_NETPATH}" > "${TEMP_HOME_DIR}/.openslx/home"
chmod 0644 "${TEMP_HOME_DIR}/.openslx/home"
fi
# pwdaemon
# Figure out username
XUSER="${REAL_ACCOUNT}"
[ -z "$XUSER" ] && XUSER="${PAM_USER}"
# Figure out domain
XDOMAIN=
if [ -d "/opt/openslx/pam/slx-ldap.d" ]; then
# New pretty approach - modular with multiple auth sources
if [ -n "$SHARE_DOMAIN" ]; then
[ "x$SHARE_DOMAIN" != "x#" ] && XDOMAIN="$SHARE_DOMAIN"
else
if [ -z "$XDOMAIN" ] && [ -n "$PERSISTENT_HOME_DIR" ]; then
XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]*)[ ,].*$/\1/g')
fi
if [ -z "$XDOMAIN" ] && [ -n "$USER_DN" ]; then
XDOMAIN=$(echo "$USER_DN" | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
fi
if [ -z "$XDOMAIN" ] && [ -n "$LDAP_BASE" ]; then
XDOMAIN=$(echo "$LDAP_BASE" | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
fi
if [ -z "$XDOMAIN" ]; then
XDOMAIN="WORKGROUP"
fi
fi
else
# Old approach - just one global config
# Take explicitly configured domain
if [ -s "/opt/openslx/inc/shares" ]; then
. /opt/openslx/inc/shares
XDOMAIN="${SHARE_DOMAIN}"
fi
if [ "x$XDOMAIN" = "x#" ]; then
XDOMAIN=
else
# Guess domain
if [ -z "$XDOMAIN" ] && [ -n "$PERSISTENT_HOME_DIR" ]; then
XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]*)[ ,].*$/\1/g')
fi
if [ -z "$XDOMAIN" ]; then
XDOMAIN=$(<"/etc/ldap.conf" grep -m1 -i '^BASE\s.*DC=' | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
fi
if [ -z "$XDOMAIN" ]; then
XDOMAIN=$(<"/etc/sssd/sssd.conf" grep -m1 -i '^ldap_search_base\s*=.*DC=' | grep -o -E -i 'DC=[^,;]+' | head -n 1 | cut -c 4-)
fi
if [ -z "$XDOMAIN" ]; then
XDOMAIN="WORKGROUP"
fi
fi
fi
[ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr 'a-z' 'A-Z')\\"
[ -z "${SLX_PXE_CLIENT_IP}${SLX_KCL_SERVERS}" ] && . /opt/openslx/config
# Allow querying password via UNIX Socket?
pw=0
[ "$SLX_PRINT_REUSE_PASSWORD" = "yes" ] && pw=1
USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" \
LOCAL_PW="$pw" pwdaemon --daemon "${USER_UID}"
unset XUSER XDOMAIN
fi
fi
# Now copy all the share mount options over from the current ldap plugin
if [ -n "$SLX_LDAP_FILE" ] && [ -s "$SLX_LDAP_FILE" ]; then
grep '^SHARE_' "$SLX_LDAP_FILE"
if [ -n "$USER_DN" ] && [ "$(echo "$USER_DN" | wc -l)" = 1 ]; then
set | grep '^USER_DN='
fi
fi > "${TEMP_HOME_DIR}/.openslx/shares"
true
|