diff options
| author | Simon Rettberg | 2019-06-28 14:29:06 +0200 |
|---|---|---|
| committer | root | 2019-06-28 14:29:06 +0200 |
| commit | f245eb3e3a9b2f7d3faba6e651056c4b1e68576f (patch) | |
| tree | aca988d5576bfd478fd66b96e6526dbe3ed95b72 /core/modules/pam-bwidm | |
| parent | [run-virt] Linux scripts tiny leetle bug (diff) | |
| download | mltk-f245eb3e3a9b2f7d3faba6e651056c4b1e68576f.tar.gz mltk-f245eb3e3a9b2f7d3faba6e651056c4b1e68576f.tar.xz mltk-f245eb3e3a9b2f7d3faba6e651056c4b1e68576f.zip | |
[pam-bwidm] Improve some checks; only generate UID if none yet
Diffstat (limited to 'core/modules/pam-bwidm')
| -rwxr-xr-x | core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm b/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm index 72cd961e..011256a0 100755 --- a/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm +++ b/core/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm @@ -96,7 +96,7 @@ if ! [ -s "${IDP_QUERY_CACHE}" ]; then exit 7 fi idpret="$(curl -w "%{http_code}" -o "${IDP_QUERY_CACHE}" --connect-timeout 5 --max-time 15 "$IDP_QUERY_URL")" - if [ "x${idpret:0:1}" != "x2" ]; then + if [ "${#idpret}" != 3 ] || [ "x${idpret:0:1}" != "x2" ]; then echo "Could not download the list of identity providers from '$IDP_QUERY_URL'. Aborting." rm -f -- "$IDP_QUERY_CACHE" exit 7 @@ -173,25 +173,26 @@ if [ "x$PAM_TYPE" == "xauth" ]; then echo "machine ${HOST} login ${USER_USERNAME} password ********************" > "${NETRC}" # It should be a tmpfs but you never know rm -f -- "${NETRC}" - if [ "x$ret" == "x200" ]; then - # auth succeeded, lets create a local user representing the bwIDM user + if [ "${#ret}" = 3 ] && [ "x${ret:0:1}" == "x2" ]; then + # 2xx code, auth succeeded, lets create a local user representing the bwIDM user echo "Login for '$USER_USERNAME' on '$USER_ORGANISATION' succeeded." - # create a random 6digit UID - LOOPS=0 - while [ "$LOOPS" -lt 5 ]; do - USER_UID="$(( 100000 + $RANDOM ))" - # check existence of this UID, if its free, use it - getent passwd "$USER_UID" || break - let LOOPS++ - done - if [ "$LOOPS" -eq 5 ]; then - # could not find an empty random 6-digit UID, so we will use demo's UID... - USER_UID="$(id -u demo)" - [ -z "$USER_UID" ] && echo "Could not use UID of 'demo' as a fallback, aborting..." && exit 1 - fi - - # we have a uid, gid, lets just create the local user now - if ! grep -q "^${PAM_USER}:" /etc/passwd; then + gexp="$( printf "%s" "${PAM_USER}" | sed 's/[][$^\.*]/\\&/g' )" # Basic regexp + if ! grep -q "^${gexp}:" /etc/passwd; then + # create a random 6digit UID + LOOPS=0 + while [ "$LOOPS" -lt 5 ]; do + USER_UID="$(( 100000 + $RANDOM ))" + # check existence of this UID, if its free, use it + getent passwd "$USER_UID" || break + let LOOPS++ + done + if [ "$LOOPS" -eq 5 ]; then + # could not find an empty random 6-digit UID, so we will use demo's UID... + USER_UID="$(id -u demo)" + [ -z "$USER_UID" ] && echo "Could not use UID of 'demo' as a fallback, aborting..." && exit 1 + fi + + # we have a uid, gid, lets just create the local user now echo "${PAM_USER}:x:${USER_UID}:${USER_GID}:${PAM_USER}:/home/${PAM_USER}:/bin/bash" >> /etc/passwd fi exit 0 |