merge with latest dev version (tm-scripts commit f5a59daf8d70a9027118292cd40b18c221897408)

1 files changed, 41 insertions, 0 deletions

diff --git a/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials b/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials
new file mode 100644
index 00000000..a03d8886
--- /dev/null
+++ b/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials
@@ -0,0 +1,41 @@
+#!/bin/ash
+# This is being sourced and running in ash
+
+if [ -n "$TEMP_HOME_DIR" ]; then
+	if [ -z "$PAM_TTY" ] || [ "x$PAM_TTY" = "x:0" ]; then
+		# Pass on network path to home directory
+		if [ -z "$PERSISTENT_NETPATH" ]; then
+			PERSISTENT_NETPATH=$(grep -m1 -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | awk '{print $1}')
+		fi
+		if [ -n "$PERSISTENT_NETPATH" ]; then
+			[ "x${PERSISTENT_NETPATH:0:2}" = "x//" ] && PERSISTENT_NETPATH=$(echo "$PERSISTENT_NETPATH" | tr '/' '\')
+			echo "${PERSISTENT_NETPATH}" > "${TEMP_HOME_DIR}/.home"
+			chmod 0644 "${TEMP_HOME_DIR}/.home"
+		fi
+		# pwdaemon
+		# Figure out username
+		XUSER="${REAL_ACCOUNT}"
+		[ -z "$XUSER" ] && XUSER="${PAM_USER}"
+		# Guess domain
+		XDOMAIN=
+		if [ -n "$PERSISTENT_HOME_DIR" ]; then
+			XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]+)[ ,].*$/\1/g')
+		fi
+		if [ -z "$XDOMAIN" ]; then
+			XDOMAIN=$(grep -m1 -i '^BASE\s*DC=' "/etc/ldap.conf" | sed -r 's/^BASE\s*DC=([^,;]+).*$/\1/I')
+		fi
+		if [ -z "$XDOMAIN" ]; then
+			XDOMAIN=$(grep -m1 -i '^ldap_search_base\s*=\s*DC=' "/etc/sssd/sssd.conf" | sed -r 's/^ldap_search_base\s*=\s*DC=([^,;]+).*$/\1/I')
+		fi
+		if [ -n "$XDOMAIN" ]; then
+			XDOMAIN=$(echo "$XDOMAIN" | tr '[a-z]' '[A-Z]')
+		else
+			XDOMAIN="WORKGROUP"
+		fi
+		USERNAME="$XDOMAIN\\$XUSER" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" su -c 'pwdaemon --daemon &' "${PAM_USER}" &
+		unset XUSER XDOMAIN
+	fi
+fi
+
+true
+