From e7854f21bcb0819f2f68c612cf6ef1c24ca17ed8 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 9 Mar 2018 11:54:14 +0100 Subject: [pam-slx-plug] Set USER_DN on successful auth; move to basic.target --- .../etc/systemd/system/basic.target.wants/slx-update-pam-nss.service | 1 + .../systemd/system/multi-user.target.wants/slx-update-pam-nss.service | 1 - .../pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service | 2 +- .../pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap | 3 ++- core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) create mode 120000 core/modules/pam-slx-plug/data/etc/systemd/system/basic.target.wants/slx-update-pam-nss.service delete mode 120000 core/modules/pam-slx-plug/data/etc/systemd/system/multi-user.target.wants/slx-update-pam-nss.service (limited to 'core/modules/pam-slx-plug') diff --git a/core/modules/pam-slx-plug/data/etc/systemd/system/basic.target.wants/slx-update-pam-nss.service b/core/modules/pam-slx-plug/data/etc/systemd/system/basic.target.wants/slx-update-pam-nss.service new file mode 120000 index 00000000..450c4948 --- /dev/null +++ b/core/modules/pam-slx-plug/data/etc/systemd/system/basic.target.wants/slx-update-pam-nss.service @@ -0,0 +1 @@ +../slx-update-pam-nss.service \ No newline at end of file diff --git a/core/modules/pam-slx-plug/data/etc/systemd/system/multi-user.target.wants/slx-update-pam-nss.service b/core/modules/pam-slx-plug/data/etc/systemd/system/multi-user.target.wants/slx-update-pam-nss.service deleted file mode 120000 index 450c4948..00000000 --- a/core/modules/pam-slx-plug/data/etc/systemd/system/multi-user.target.wants/slx-update-pam-nss.service +++ /dev/null @@ -1 +0,0 @@ -../slx-update-pam-nss.service \ No newline at end of file diff --git a/core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service b/core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service index fa7a8bd0..d800563c 100644 --- a/core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service +++ b/core/modules/pam-slx-plug/data/etc/systemd/system/slx-update-pam-nss.service @@ -1,6 +1,6 @@ [Unit] Description=Create fresh pam config and nsswitch.conf -Before=graphical.target display-manager.target +Before=graphical.target display-manager.target sssd.service [Service] Type=oneshot diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap b/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap index 0b5ca0f6..fd2d4a3c 100644 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/auth-source.d/99-slx-ldap @@ -16,7 +16,7 @@ unset_ldap_vars() { for vn in $(set | grep -Eo '^(SHARE|LDAP)_[^=]+'); do unset "$vn" done - unset USER_UID USER_GID USER_GROUP REAL_ACCOUNT NETWORK_HOME HOME_MOUNT_OPTS + unset USER_DN USER_UID USER_GID USER_GROUP REAL_ACCOUNT NETWORK_HOME HOME_MOUNT_OPTS } # ldapsearch can return fields either as @@ -136,6 +136,7 @@ run_auth() { unset USER_UID return 1 fi + USER_DN="$BINDDN" REAL_ACCOUNT=$(extract_field "realAccount" "$SEARCH_USER" "$SEARCH_ANON") [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(extract_field "uid" "$SEARCH_USER" "$SEARCH_ANON") NETWORK_HOME=$(extract_field "homeMount" "$SEARCH_USER" "$SEARCH_ANON") diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth index ef964d5f..9883bdaf 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_auth @@ -44,6 +44,7 @@ for auth_file in /opt/openslx/pam/auth-source.d/*; do USER_GID= USER_GROUP= USER_HOME= + USER_DN= [ -f "$auth_file" ] || continue . "$auth_file" [ -n "$USER_UID" ] || continue -- cgit v1.2.3-55-g7522