From afbd128d519cb2740df26138b2c611c34c8c5ea2 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 13 Jul 2017 15:43:42 +0200
Subject: [run-virt] Support domainless credential passing

---
 .../pam_script_auth.d/99-run_virt_credentials      | 33 +++++++++++++---------
 1 file changed, 19 insertions(+), 14 deletions(-)

(limited to 'core/modules/run-virt/data/opt/openslx/scripts')

diff --git a/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials b/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials
index f23d85a1..7c4e7a50 100644
--- a/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials
+++ b/core/modules/run-virt/data/opt/openslx/scripts/pam_script_auth.d/99-run_virt_credentials
@@ -23,22 +23,27 @@ if [ -n "$TEMP_HOME_DIR" ]; then
 			. /opt/openslx/inc/shares
 			XDOMAIN="${SHARE_DOMAIN}"
 		fi
-		# Guess domain
-		if [ -z "$XDOMAIN" ] && [ -n "$PERSISTENT_HOME_DIR" ]; then
-			XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]+)[ ,].*$/\1/g')
-		fi
-		if [ -z "$XDOMAIN" ]; then
-			XDOMAIN=$(<"/etc/ldap.conf" grep -m1 -i '^BASE\s.*DC=' | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
-		fi
-		if [ -z "$XDOMAIN" ]; then
-			XDOMAIN=$(<"/etc/sssd/sssd.conf" grep -m1 -i '^ldap_search_base\s*=.*DC=' | grep -o -E -i 'DC=[^,;]+' | head -n 1 | cut -c 4-)
-		fi
-		if [ -n "$XDOMAIN" ]; then
-			XDOMAIN=$(echo "$XDOMAIN" | tr '[a-z]' '[A-Z]')
+		if [ "x$XDOMAIN" != "x#" ]; then
+			# Guess domain
+			if [ -z "$XDOMAIN" ] && [ -n "$PERSISTENT_HOME_DIR" ]; then
+				XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]+)[ ,].*$/\1/g')
+			fi
+			if [ -z "$XDOMAIN" ]; then
+				XDOMAIN=$(<"/etc/ldap.conf" grep -m1 -i '^BASE\s.*DC=' | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
+			fi
+			if [ -z "$XDOMAIN" ]; then
+				XDOMAIN=$(<"/etc/sssd/sssd.conf" grep -m1 -i '^ldap_search_base\s*=.*DC=' | grep -o -E -i 'DC=[^,;]+' | head -n 1 | cut -c 4-)
+			fi
+			if [ -n "$XDOMAIN" ]; then
+				XDOMAIN=$(echo "$XDOMAIN" | tr '[a-z]' '[A-Z]')
+			else
+				XDOMAIN="WORKGROUP"
+			fi
+			XDOMAIN="\\$XDOMAIN"
 		else
-			XDOMAIN="WORKGROUP"
+			XDOMAIN=
 		fi
-		USERNAME="$XDOMAIN\\$XUSER" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" su -c 'pwdaemon --daemon &' "${PAM_USER}" &
+		USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" su -c 'pwdaemon --daemon &' "${PAM_USER}" &
 		unset XUSER XDOMAIN
 	fi
 fi
-- 
cgit v1.2.3-55-g7522