diff options
| author | Simon Rettberg | 2018-03-09 11:54:14 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2018-03-09 11:54:14 +0100 |
| commit | e7854f21bcb0819f2f68c612cf6ef1c24ca17ed8 (patch) | |
| tree | 7299061ee485df3135288b6ae6e2b05c2088458f /core/modules/pam-slx-plug | |
| parent | [run-virt] pwdaemon now drops privs, no more su hack; support pam-slx-plug (diff) | |
| download | mltk-e7854f21bcb0819f2f68c612cf6ef1c24ca17ed8.tar.gz mltk-e7854f21bcb0819f2f68c612cf6ef1c24ca17ed8.tar.xz mltk-e7854f21bcb0819f2f68c612cf6ef1c24ca17ed8.zip | |
[pam-slx-plug] Set USER_DN on successful auth; move to basic.target
Diffstat (limited to 'core/modules/pam-slx-plug')
| l--------- | core/modules/pam-slx-plug/data/etc/systemd/system/basic.target.wants/slx-update-pam-nss.service (renamed from core/modules/pam-slx-plug/data/etc/systemd/system/multi-user.target.wants/slx-update-pam-nss.service) | 0 | ||||
| -rw-r--r-- | core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service | 2 | ||||
| -rw-r--r-- | core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap | 3 | ||||
| -rwxr-xr-x | core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth | 1 |
4 files changed, 4 insertions, 2 deletions
diff --git a/core/modules/pam-slx-plug/data/etc/systemd/system/multi-user.target.wants/slx-update-pam-nss.service b/core/modules/pam-slx-plug/data/etc/systemd/system/basic.target.wants/slx-update-pam-nss.service index 450c4948..450c4948 120000 --- a/core/modules/pam-slx-plug/data/etc/systemd/system/multi-user.target.wants/slx-update-pam-nss.service +++ b/core/modules/pam-slx-plug/data/etc/systemd/system/basic.target.wants/slx-update-pam-nss.service diff --git a/core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service b/core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service index fa7a8bd0..d800563c 100644 --- a/core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service +++ b/core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service @@ -1,6 +1,6 @@ [Unit] Description=Create fresh pam config and nsswitch.conf -Before=graphical.target display-manager.target +Before=graphical.target display-manager.target sssd.service [Service] Type=oneshot diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap b/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap index 0b5ca0f6..fd2d4a3c 100644 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap @@ -16,7 +16,7 @@ unset_ldap_vars() { for vn in $(set | grep -Eo '^(SHARE|LDAP)_[^=]+'); do unset "$vn" done - unset USER_UID USER_GID USER_GROUP REAL_ACCOUNT NETWORK_HOME HOME_MOUNT_OPTS + unset USER_DN USER_UID USER_GID USER_GROUP REAL_ACCOUNT NETWORK_HOME HOME_MOUNT_OPTS } # ldapsearch can return fields either as @@ -136,6 +136,7 @@ run_auth() { unset USER_UID return 1 fi + USER_DN="$BINDDN" REAL_ACCOUNT=$(extract_field "realAccount" "$SEARCH_USER" "$SEARCH_ANON") [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(extract_field "uid" "$SEARCH_USER" "$SEARCH_ANON") NETWORK_HOME=$(extract_field "homeMount" "$SEARCH_USER" "$SEARCH_ANON") diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth index ef964d5f..9883bdaf 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth @@ -44,6 +44,7 @@ for auth_file in /opt/openslx/pam/auth-source.d/*; do USER_GID= USER_GROUP= USER_HOME= + USER_DN= [ -f "$auth_file" ] || continue . "$auth_file" [ -n "$USER_UID" ] || continue |