1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
#!/bin/ash
# Needed as pam_script clears PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin"
# check if the script runs as root
[ "x$(whoami)" != "xroot" ] && exit 0
PASSWD=$(getent passwd "$PAM_USER")
USER_NAME=$(echo "$PASSWD" | awk -F ':' '{print $1}')
USER_UID=$(echo "$PASSWD" | awk -F ':' '{print $3}')
USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}')
USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}')
[ -n "$USER_NAME" ] && PAM_USER="$USER_NAME"
[ -z "$USER_UID" ] && USER_UID=$(id -u "$PAM_USER")
[ -z "$USER_GID" ] && USER_GID=$(id -g "$PAM_USER")
[ -z "$USER_HOME" ] && USER_HOME="/home/$PAM_USER"
if [ -z "$USER_UID" -o -z "$USER_GID" ]; then
slxlog "pam-get-ids" "Could not determine UID or GID for user '$PAM_USER'."
exit 1
fi
# The user's non-persistent home directory mount point, which should be their linux home
TEMP_HOME_DIR="$USER_HOME"
# check if PAM_USER is root and skip if it is the case
[ "x${PAM_USER}" == "xroot" ] && exit 0
###############################################################################
#
# Preparations for volatile /home/<user>
#
#
# check if we already mounted the home directory
if ! mount | grep -q -F " ${TEMP_HOME_DIR} "; then
# no home, lets create it
if ! mkdir -p "${TEMP_HOME_DIR}"; then
slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."
exit 1
fi
# now make it a tmpfs
if ! mount -t tmpfs -o mode=700,size=1024m tmpfs "${TEMP_HOME_DIR}"; then
slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"
exit 1
fi
fi
###############################################################################
#
# Preparations for /home/<user>/PERSISTENT
#
#
# Script to be sourced to mount the user's persistent home
PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent"
# Script to be run in the user's context iff the persistent home could be mounted successfully
PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user"
# The user's persistent home directory mount point
PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
# now lets see if we have a persistent directory mount script, and it's not already mounted
if [ -e "${PERSISTENT_MOUNT_SCRIPT}" ] && ! mount | grep -q -F " ${PERSISTENT_HOME_DIR} "; then
# seems we should try to mount...
# create the PERSISTENT directory and give to user
if ! mkdir -p "${PERSISTENT_HOME_DIR}"; then
slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."
elif ! chown "${USER_UID}:${USER_GID}" "${TEMP_HOME_DIR}"; then
slxlog "pam-global-chpersistent" "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
else
# everything seems ok, call mount script
. "${PERSISTENT_MOUNT_SCRIPT}" \
|| slxlog "pam-global-sourcepersistent" "Could not source '${PERSISTENT_MOUNT_SCRIPT}'."
if [ -n "${REAL_ACCOUNT}" ]; then
echo "${REAL_ACCOUNT}" > "${TEMP_HOME_DIR}/.account"
chmod 0644 "${TEMP_HOME_DIR}/.account"
fi
fi
fi # end "mount-home-script-exists"
# Just try to delete the persistent dir. If the mount was successful, it will not work
# If it was not successful, it will be removed so the user doesn't think he can store
# anything in there
rmdir "${PERSISTENT_HOME_DIR}" 2> /dev/null
# Write warning message to tmpfs home
if [ -d "${PERSISTENT_HOME_DIR}" ]; then
# create a WARNING.txt for the user with hint to PERSISTENT
cat > "${TEMP_HOME_DIR}/WARNING.txt" <<EOF
ATTENTION: This is the non-persistent home directory!
Files saved here will be lost on shutdown.
Your real home is under ${PERSISTENT_HOME_DIR}
Please save your files there.
EOF
else
# create a WARNING.txt for the user, no PERSISTENT :-(
cat > "${TEMP_HOME_DIR}/WARNING.txt" <<EOF
ATTENTION: This is a non-persistent home directory!
Files saved here will be lost on shutdown.
Please save your files on a USB drive or upload them
to some web service.
EOF
fi
chown "${USER_UID}" "${TEMP_HOME_DIR}/WARNING.txt"
###############################################################################
#
# Preparations for /home/<user>/SHARE
#
#
# Script to be sourced to mount the common share folder
COMMON_SHARE_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_common_share"
# User specific mount point for the common share
COMMON_SHARE_MOUNT_POINT="${TEMP_HOME_DIR}/SHARE"
# check for common share mount script, exit if we don't have one
if [ -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && ! mount | grep -q -F " ${COMMON_SHARE_MOUNT_POINT} "; then
# create the SHARE directory
if ! mkdir -p "${COMMON_SHARE_MOUNT_POINT}"; then
slxlog "pam-global-mkshare" "Could not create '${COMMON_SHARE_MOUNT_POINT}'."
elif ! chown "${USER_UID}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}"; then
slxlog "pam-global-chshare" "Could not chown '${COMMON_SHARE_MOUNT_POINT}' to '${PAM_USER}'."
else
COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" \
PAM_USER="${PAM_USER}" \
PAM_AUTHTOK="${PAM_AUTHTOK}" \
USER_UID="${USER_UID}" \
USER_GID="${USER_GID}" \
/bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" \
|| slxlog "pam-global-sourceshare" "Could not execute '${COMMON_SHARE_MOUNT_SCRIPT}'."
fi
fi
# Just try to delete the common share dir. If the mount was successful, it will not work
rmdir "${COMMON_SHARE_MOUNT_POINT}" 2> /dev/null
#
# source the stuff in pam_script_auth.d, if it exists
#
if [ -d "/opt/openslx/scripts/pam_script_auth.d" ]; then
for HOOK in $(ls "/opt/openslx/scripts/pam_script_auth.d"); do
# source it, in case of failure do nothing since these scripts are non-critical
. "/opt/openslx/scripts/pam_script_auth.d/$HOOK" || slxlog "pam-source-hooks" "Could not source '$HOOK'."
done
fi
exit 0
|