diff options
Diffstat (limited to 'core/modules/pam/data/opt/openslx/scripts/pam_script_auth')
-rwxr-xr-x | core/modules/pam/data/opt/openslx/scripts/pam_script_auth | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/core/modules/pam/data/opt/openslx/scripts/pam_script_auth b/core/modules/pam/data/opt/openslx/scripts/pam_script_auth new file mode 100755 index 00000000..0fe73cbd --- /dev/null +++ b/core/modules/pam/data/opt/openslx/scripts/pam_script_auth @@ -0,0 +1,146 @@ +#!/bin/ash + +# Needed as pam_script clears PATH +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin" + +# check if the script runs as root +[ "x$(whoami)" != "xroot" ] && exit 0 + +PASSWD=$(getent passwd "$PAM_USER") +USER_NAME=$(echo "$PASSWD" | awk -F ':' '{print $1}') +USER_UID=$(echo "$PASSWD" | awk -F ':' '{print $3}') +USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}') +USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}') +[ -n "$USER_NAME" ] && PAM_USER="$USER_NAME" +[ -z "$USER_UID" ] && USER_UID=$(id -u "$PAM_USER") +[ -z "$USER_GID" ] && USER_GID=$(id -g "$PAM_USER") +[ -z "$USER_HOME" ] && USER_HOME="/home/$PAM_USER" +if [ -z "$USER_UID" -o -z "$USER_GID" ]; then + slxlog "pam-get-ids" "Could not determine UID or GID for user '$PAM_USER'." + exit 1 +fi + +# The user's non-persistent home directory mount point, which should be their linux home +TEMP_HOME_DIR="$USER_HOME" + +# check if PAM_USER is root and skip if it is the case +[ "x${PAM_USER}" == "xroot" ] && exit 0 + +############################################################################### +# +# Preparations for volatile /home/<user> +# +# +# check if we already mounted the home directory +if ! mount | grep -q -F " ${TEMP_HOME_DIR} "; then + # no home, lets create it + if ! mkdir -p "${TEMP_HOME_DIR}"; then + slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'." + exit 1 + fi + # now make it a tmpfs + if ! mount -t tmpfs -o mode=700,size=1024m tmpfs "${TEMP_HOME_DIR}"; then + slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}" + exit 1 + fi +fi + +############################################################################### +# +# Preparations for /home/<user>/PERSISTENT +# +# +# Script to be sourced to mount the user's persistent home +PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent" +# Script to be run in the user's context iff the persistent home could be mounted successfully +PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user" +# The user's persistent home directory mount point +PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT" + +# now lets see if we have a persistent directory mount script, and it's not already mounted +if [ -e "${PERSISTENT_MOUNT_SCRIPT}" ] && ! mount | grep -q -F " ${PERSISTENT_HOME_DIR} "; then + # seems we should try to mount... + # create the PERSISTENT directory and give to user + if ! mkdir -p "${PERSISTENT_HOME_DIR}"; then + slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'." + elif ! chown "${USER_UID}:${USER_GID}" "${TEMP_HOME_DIR}"; then + slxlog "pam-global-chpersistent" "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'." + else + # everything seems ok, call mount script + . "${PERSISTENT_MOUNT_SCRIPT}" \ + || slxlog "pam-global-sourcepersistent" "Could not source '${PERSISTENT_MOUNT_SCRIPT}'." + if [ -n "${REAL_ACCOUNT}" ]; then + echo "${REAL_ACCOUNT}" > "${TEMP_HOME_DIR}/.account" + chmod 0644 "${TEMP_HOME_DIR}/.account" + fi + fi +fi # end "mount-home-script-exists" + + +# Just try to delete the persistent dir. If the mount was successful, it will not work +# If it was not successful, it will be removed so the user doesn't think he can store +# anything in there +rmdir "${PERSISTENT_HOME_DIR}" 2> /dev/null + +# Write warning message to tmpfs home +if [ -d "${PERSISTENT_HOME_DIR}" ]; then + # create a WARNING.txt for the user with hint to PERSISTENT + cat > "${TEMP_HOME_DIR}/WARNING.txt" <<EOF +ATTENTION: This is the non-persistent home directory! +Files saved here will be lost on shutdown. +Your real home is under ${PERSISTENT_HOME_DIR} +Please save your files there. +EOF +else + # create a WARNING.txt for the user, no PERSISTENT :-( + cat > "${TEMP_HOME_DIR}/WARNING.txt" <<EOF +ATTENTION: This is a non-persistent home directory! +Files saved here will be lost on shutdown. +Please save your files on a USB drive or upload them +to some web service. +EOF +fi +chown "${USER_UID}" "${TEMP_HOME_DIR}/WARNING.txt" + +############################################################################### +# +# Preparations for /home/<user>/SHARE +# +# +# Script to be sourced to mount the common share folder +COMMON_SHARE_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_common_share" +# User specific mount point for the common share +COMMON_SHARE_MOUNT_POINT="${TEMP_HOME_DIR}/SHARE" + +# check for common share mount script, exit if we don't have one +if [ -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && ! mount | grep -q -F " ${COMMON_SHARE_MOUNT_POINT} "; then + # create the SHARE directory + if ! mkdir -p "${COMMON_SHARE_MOUNT_POINT}"; then + slxlog "pam-global-mkshare" "Could not create '${COMMON_SHARE_MOUNT_POINT}'." + elif ! chown "${USER_UID}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}"; then + slxlog "pam-global-chshare" "Could not chown '${COMMON_SHARE_MOUNT_POINT}' to '${PAM_USER}'." + else + COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" \ + PAM_USER="${PAM_USER}" \ + PAM_AUTHTOK="${PAM_AUTHTOK}" \ + USER_UID="${USER_UID}" \ + USER_GID="${USER_GID}" \ + /bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" \ + || slxlog "pam-global-sourceshare" "Could not execute '${COMMON_SHARE_MOUNT_SCRIPT}'." + fi +fi +# Just try to delete the common share dir. If the mount was successful, it will not work +rmdir "${COMMON_SHARE_MOUNT_POINT}" 2> /dev/null + +# +# source the stuff in pam_script_auth.d, if it exists +# +if [ -d "/opt/openslx/scripts/pam_script_auth.d" ]; then + for HOOK in $(ls "/opt/openslx/scripts/pam_script_auth.d"); do + # source it, in case of failure do nothing since these scripts are non-critical + . "/opt/openslx/scripts/pam_script_auth.d/$HOOK" || slxlog "pam-source-hooks" "Could not source '$HOOK'." + done +fi + +exit 0 + |