From 6b565dbbb621a4445ee443a321f26bbc57f586cc Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 28 Jun 2019 16:12:36 +0200 Subject: [pam-slx-plug] Move slx-plug specific hook directory From /opt/openslx/scripts/pam_script_auth.d/* to /opt/openslx/pam/hooks/auth-slx-source.d/* The old location is now a symlink to the new one. --- .../pam-slx-plug/data/opt/openslx/pam/exec_auth | 32 ++++++++++++---------- .../data/opt/openslx/scripts/pam_script_auth.d | 1 + 2 files changed, 19 insertions(+), 14 deletions(-) create mode 120000 core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_auth.d (limited to 'core/modules/pam-slx-plug') diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth index cd8a2ecd..9de61708 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth @@ -10,7 +10,7 @@ readonly USER_PASSWORD USER_NAME="$PAM_USER" readonly PAM_USER -# Needed as pam_script clears PATH +# Needed as pam_script/pam_exec clears PATH export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin" # check for invalid char ':' @@ -61,6 +61,12 @@ for auth_file in /opt/openslx/pam/auth-source.d/*; do [ -n "${USER_GID}${USER_GROUP}" ] || continue break done + +# No success - access denied +[ -z "$USER_UID" ] && exit 1 +# No root +[ "$USER_UID" = "0" ] && exit 1 + [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT="$PAM_USER" readonly USER_UID REAL_ACCOUNT USER_NAME @@ -70,10 +76,6 @@ if [ "$USER_NAME" != "$PAM_USER" ]; then exit 1 fi -# No success - access denied -[ -z "$USER_UID" ] && exit 1 -[ "x$USER_UID" = "x0" ] && exit 1 - # Validate if ! echo "$USER_UID" | grep -Exq '[0-9]+'; then slxlog --echo "pam-format-uid" "'$PAM_USER' has invalid userid '$USER_UID'" @@ -180,15 +182,9 @@ if ! isHomeMounted; then fi done fi -fi - -# Remember for hooks in pam_script_auth.d -if [ "${NETWORK_HOME:0:2}" = '//' ]; then - PERSISTENT_NETPATH=$(echo "$NETWORK_HOME" | tr '/' '\') else - PERSISTENT_NETPATH="$NETWORK_HOME" + PERSISTENT_OK="yes" fi -export PERSISTENT_NETPATH # Just try to delete the persistent dir. If the mount was successful, it will not work # If it was not successful, it will be removed so the user doesn't think he can store @@ -217,12 +213,20 @@ EOF fi chown "${USER_UID}" "${TEMP_HOME_DIR}/WARNING.txt" +# Remember for hooks in auth-slx-source.d +if [ "${NETWORK_HOME:0:2}" = '//' ]; then + PERSISTENT_NETPATH=$(echo "$NETWORK_HOME" | tr '/' '\') +else + PERSISTENT_NETPATH="$NETWORK_HOME" +fi +export PERSISTENT_NETPATH + # -# execute the stuff in pam_script_auth.d, if it exists +# source the stuff in auth-slx-source.d, if it exists # PAM_AUTHTOK="${USER_PASSWORD}" readonly PAM_AUTHTOK -for file in /opt/openslx/scripts/pam_script_auth.d/*; do +for file in /opt/openslx/pam/hooks/auth-slx-source.d/*; do [ -f "$file" ] || continue ( . "$file" ) || slxlog "pam-source-hooks" "Could not source '$file'." done diff --git a/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_auth.d b/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_auth.d new file mode 120000 index 00000000..fa58d57e --- /dev/null +++ b/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_auth.d @@ -0,0 +1 @@ +/opt/openslx/pam/hooks/auth-slx-source.d \ No newline at end of file -- cgit v1.2.3-55-g7522