summaryrefslogtreecommitdiffstats
path: root/core/modules/pam-slx-plug/data/opt/openslx/pam/mount.d/99-fallback
diff options
context:
space:
mode:
Diffstat (limited to 'core/modules/pam-slx-plug/data/opt/openslx/pam/mount.d/99-fallback')
-rw-r--r--core/modules/pam-slx-plug/data/opt/openslx/pam/mount.d/99-fallback97
1 files changed, 97 insertions, 0 deletions
diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/mount.d/99-fallback b/core/modules/pam-slx-plug/data/opt/openslx/pam/mount.d/99-fallback
new file mode 100644
index 00000000..0251458e
--- /dev/null
+++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/mount.d/99-fallback
@@ -0,0 +1,97 @@
+#!/bin/ash - sourced by exec_auth
+
+[ -z "$NETWORK_HOME" ] && return
+
+OPTION_LIST="$HOME_MOUNT_OPTS"
+EXTRA_OPTS=
+if [ "${NETWORK_HOME:0:2}" = "//" ]; then
+ # CIFS
+ MOUNT="cifs"
+ if [ -z "$OPTION_LIST" ]; then
+ # No opts given, determine list of options we'll try
+ # TODO: Kerberos? How? cruid...
+ OPTION_LIST="vers=3.0,sec=ntlmssp vers=2.1,sec=ntlmssp vers=1.0,sec=ntlm vers=3.0,sec=ntlmv2 vers=1.0,sec=ntlmv2 vers=3.0,sec=ntlm vers=2.0,sec=ntlmssp #"
+ EXTRA_OPTS="forceuid,forcegid,nounix,file_mode=0700,dir_mode=0700,noacl,nobrl"
+ fi
+else
+ # Assume NFS? Leave empty, should work for NFS too
+ MOUNT=
+ if [ -n "$PAM_KRB5CCNAME" ]; then
+ export KRB5CCNAME="$PAM_KRB5CCNAME"
+ [ -z "$OPTION_LIST" ] && OPTION_LIST="sec=krb5 #"
+ fi
+fi
+[ -z "$OPTION_LIST" ] && OPTION_LIST="#"
+
+if [ "$MOUNT" = "cifs" ]; then
+ # Most servers can work without, but some don't
+ XDOMAIN=
+ if [ -n "$LDAP_BASE" ]; then
+ XDOMAIN=$( echo "$LDAP_BASE" | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4- )
+ fi
+ if [ -z "$LDAP_DOMAIN_OVERRIDE" ]; then
+ XDOMAIN="$XDOMAIN #"
+
+ export USER="${REAL_ACCOUNT}"
+ export PASSWD="${USER_PASSWORD}"
+else
+ XDOMAIN="#"
+fi
+
+LOGFILES=
+PIDS=
+CNT=0
+for opt in $OPTION_LIST; do
+ # try with and without explicit domain argument
+ for dom in $LDAP_DOMAIN_OVERRIDE $XDOMAIN; do # No quotes
+ CNT=$(( CNT + 1 ))
+ FILE=$(mktemp)
+ LOGFILES="$LOGFILES $FILE"
+ COMMAND_LINE="-v"
+ OPTS=
+ if [ "$MOUNT" = "cifs" ]; then
+ COMMAND_LINE="$COMMAND_LINE -t cifs"
+ OPTS="${OPTS},uid=${USER_UID},gid=${USER_GID}"
+ fi
+ [ -n "$EXTRA_OPTS" ] && OPTS="${OPTS},${EXTRA_OPTS}"
+ [ "x$dom" != "x#" ] && OPTS="${OPTS},domain=$dom"
+ [ "x$opt" != "x#" ] && OPTS="${OPTS},$opt"
+ echo " ****** Trying '$OPTS'" > "$FILE"
+ [ -n "$OPTS" ] && COMMAND_LINE="$COMMAND_LINE -o ${OPTS:1}"
+ mount ${COMMAND_LINE} "${NETWORK_HOME}" "${PERSISTENT_HOME_DIR}" >> "${FILE}" 2>&1 &
+ PID=$!
+ # Wait max. 1 second; remember PID if this mount call seems to be running after we stop waiting
+ for waits in 1 2 3 4; do
+ usleep 250000
+ if isHomeMounted; then
+ # A previously invoked mount call might have succeeded while this one is still running; try to stop it right away
+ kill "$PID" &> /dev/null
+ break 3
+ fi
+ kill -0 "$PID" || break
+ done
+ kill -0 "$PID" && PIDS="$PIDS $PID" # Remember all PIDs
+ done
+done
+
+unset USER
+unset PASSWD
+
+if [ -n "$PIDS" ]; then
+ CNT=0
+ while ! isHomeMounted && [ "$CNT" -lt 10 ] && kill -0 $PIDS; do # No quotes
+ usleep 333000
+ CNT=$(( CNT + 1 ))
+ done
+ kill -9 $PIDS # Kill any leftovers; No quotes
+fi
+
+if ! isHomeMounted; then
+ LOG_COMBINED=$(mktemp)
+ [ -n "$LOGFILES" ] && cat ${LOGFILES} > "$LOG_COMBINED" # No quotes
+ slxlog --delete "pam-ad-mount" "Mount of '${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed." "${LOG_COMBINED}"
+fi
+
+[ -n "${LOGFILES}" ] && rm -f -- ${LOGFILES} # No quotes
+true
+
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-08 05:51:32 +0200