diff options
| author | Jonathan Bauer | 2014-11-07 18:06:27 +0100 |
|---|---|---|
| committer | Jonathan Bauer | 2014-11-07 18:06:27 +0100 |
| commit | b2898b3bd299903eec8b243d59e154087f9b4659 (patch) | |
| tree | f531dce540622b0d8c7e978c6e76c39396cc7592 | |
| parent | [vmchooser] fix funny variables (diff) | |
| download | tm-scripts-b2898b3bd299903eec8b243d59e154087f9b4659.tar.gz tm-scripts-b2898b3bd299903eec8b243d59e154087f9b4659.tar.xz tm-scripts-b2898b3bd299903eec8b243d59e154087f9b4659.zip | |
[pam-common-share] support for multiple shares
| -rw-r--r-- | remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share | 111 | ||||
| -rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_auth | 2 |
2 files changed, 79 insertions, 34 deletions
diff --git a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share index 5ffb1205..5c034824 100644 --- a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share +++ b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share @@ -3,59 +3,82 @@ # This script is a part of the pam_script_auth script # and is not stand-alone! # -# It will try to mount the common share as specified in the -# variables SLX_COMMON_SHARE_PATH and SLX_COMMON_SHARE_AUTH of -# the global slx config '/opt/openslx/config'. Supported AUTH -# are 'guest' and 'user'. First is self-explanatory, second -# will use the user's credentials to authorize the mount. +# It will try to mount the common shares specified in the +# variables of the global slx config '/opt/openslx/config'. +# A primary and a secondary share may be given. Every share +# require following bundle of variables: +# +# +# SLX_SHARE_[0-9]_AUTH_TYPE [guest|user|pam] +# SLX_SHARE_[0-9]_AUTH_USER <username> +# SLX_SHARE_[0-9]_AUTH_PASS <password> +# SLX_SHARE_[0-9]_PERM [ro|rw] +# SLX_SHARE_[0-9]_PATH <path_to_share> # # Example: -# SLX_COMMON_SHARE_PATH='//windows.server/sharename' -# SLX_COMMON_SHARE_AUTH='user' +# SLX_SHARE_0_PATH='//windows.server/sharename' +# SLX_SHARE_0_AUTH_TYPE='user' +# SLX_SHARE_0_AUTH_USER='shareuser' +# SLX_SHARE_0_AUTH_PASS='sharepass' +# SLX_SHARE_0_PERM='rw' # +# Note: When AUTH_TYPE is set to 'pam' or 'guest', +# no need to specify AUTH_USER or AUTH_PASS. # - -mount_common_share() { - # at this point we need the slx config to do anything - [ -e "/opt/openslx/config" ] || \ - { slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; } - - # we have it as we should, source it - . /opt/openslx/config || \ - { slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; } +# +# usage: mount_share <auth_type> <auth_user> <auth_password> <permissions> <path> <share> +mount_share() { + # only want two arguments + [ $# -ne 6 ] && { slxlog "pam-share-args" "Wrong number of arguments given! Need 6, $# given."; return; } # lets check if we have our variables - [ "x${SLX_COMMON_SHARE_PATH}" != "x" ] || \ - { slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_PATH' found in config!"; return; } - [ "x${SLX_COMMON_SHARE_AUTH}" != "x" ] || \ - { slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_AUTH' found in config!"; return; } - + local SHARE_AUTH_TYPE="$1" + local SHARE_AUTH_USER="$2" + local SHARE_AUTH_PASS="$3" + local SHARE_PERM="$4" + local SHARE_PATH="$5" + local SHARE_NUM="$6" + + # unless specified otherwise, mount the share read-only + [ "x${SHARE_PERM}" != "xrw" ] && SHARE_PERM='ro' + # all good: now we can mount depending on the type # supports: cifs?/nfs? - if [ "${SLX_COMMON_SHARE_PATH:0:2}" = "//" ]; then + if [ "${SHARE_PATH:0:2}" = "//" ]; then # '//' prefixed, assume windows share # prepare common mount options for either authentication type - MOUNT_OPTS="-t cifs -o nounix,uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,nobrl,noacl" + MOUNT_OPTS="-t cifs -o nounix,uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,nobrl,noacl,$SHARE_PERM" # flag for failure SIGNAL=$(mktemp) rm -f -- "${SIGNAL}" # output of command MOUNT_OUTPUT=$(mktemp) - # now see if the share needs credentials - if [ "${SLX_COMMON_SHARE_AUTH}" = "guest" ]; then + # now construct the mount options depending on the type of the share. + if [ "${SHARE_AUTH_TYPE}" = "guest" ]; then MOUNT_OPTS="${MOUNT_OPTS},guest,file_mode=0777,dir_mode=0777" - elif [ "${SLX_COMMON_SHARE_AUTH}" = "user" ]; then + elif [ "${SHARE_AUTH_TYPE}" = "pam" ]; then export USER="{PAM_USER}" export PASSWD="{PAM_AUTHTOK}" MOUNT_OPTS="${MOUNT_OPTS},sec=ntlm,file_mode=0700,dir_mode=0700" + elif [ "${SHARE_AUTH_TYPE}" = "user" ]; then + # check if credentials are set + [ ! -z "${SHARE_AUTH_USER}" ] || \ + { slxlog "pam-share-noauthuser" "Share${SHARE_NUM}: No variable 'SLX_SHARE_${SHARE_NUM}_AUTH_USER' found in config!"; return; } + # now export them to the env + export USER="${SHARE_AUTH_USER}" + export PASSWD="${SHARE_AUTH_PASS}" + MOUNT_OPTS="${MOUNT_OPTS},sec=ntlm,file_mode=0700,dir_mode=0700" else - slxlog "pam-share-auth" "Auth type '${SLX_COMMON_SHARE_AUTH}' not supported." + slxlog "pam-share-auth" "Share${SHARE_NUM}: Auth type '${SHARE_AUTH_TYPE}' not supported." return; fi + # now create the subdir within $COMMON_SHARE_MOUNT_POINT + mkdir -p "${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}" || \ + { slxlog "pam-share-mkdirfail" "Share${SHARE_NUM}: Could not create directory '${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}'."; return; } # now try to mount it - ( mount ${MOUNT_OPTS} "${SLX_COMMON_SHARE_PATH}" "${COMMON_SHARE_MOUNT_POINT}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) & + ( mount ${MOUNT_OPTS} "${SHARE_PATH}" "${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) & MOUNT_PID=$! for COUNTER in 1 1 2 4; do kill -0 "${MOUNT_PID}" 2>/dev/null || break @@ -64,10 +87,10 @@ mount_common_share() { # check for failures if [ -e "${SIGNAL}" ]; then - slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" + slxlog "pam-share-mount" "Mount of '${SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" rm -f -- "${SIGNAL}" elif kill -9 "${MOUNT_PID}" 2>/dev/null; then - slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" + slxlog "pam-share-mount" "Mount of '${SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" fi ( sleep 2; rm -f -- "${MOUNT_OUTPUT}" ) & @@ -75,8 +98,30 @@ mount_common_share() { unset USER unset PASSWD fi - - # TODO support more than CIFS? NFS maybe? } -mount_common_share +# at this point we need the slx config to do anything +[ -e "/opt/openslx/config" ] || \ + { slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; } + +# we have it as we should, source it +. /opt/openslx/config || \ + { slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; } + +# Since many shares can be specified, we need to identify how many we have first. +# We just go over all SLX_SHARE_* variables and check for those ending in _PATH +# For each of those, a share was specified and we will try to mount it. +for SHARE in ${!SLX_SHARE_*}; do + # skip if the variable doesn't end in _PATH + [[ "$SHARE" =~ .*_PATH$ ]] || continue + # ok so we have a path in S, let's extract the number of the share + # i.e. SLX_SHARE_0_PATH -> share number 0 + # first strip the leading SLX_SHARE_ + SHARE=${SHARE#SLX_SHARE_} + # now remove the trailing _PATH + SHARE=${SHARE%_PATH} + # now it should be a number, TODO accept more than numbers? Doesn't really matter... + # this check is mostly to be sure that the variable splitting worked as it should + [[ "$SHARE" =~ ^[0-9]+$ ]] || continue + eval mount_share \""\$SLX_SHARE_${SHARE}_AUTH_TYPE"\" \""\$SLX_SHARE_${SHARE}_AUTH_USER"\" \""\$SLX_SHARE_${SHARE}_AUTH_PASS"\" \""\$SLX_SHARE_${SHARE}_PERM"\" \""\$SLX_SHARE_${SHARE}_PATH"\" \""$SHARE"\" +done diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth index 656d9a01..3b8bf676 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth @@ -105,7 +105,7 @@ chown "${PAM_USER}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}" || \ [ ! -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && exit 0 # we do! -. "${COMMON_SHARE_MOUNT_SCRIPT}" || \ +COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/bash "${COMMON_SHARE_MOUNT_SCRIPT}" || \ { slxlog "pam-global-sourceshare" "Could not source '${COMMON_SHARE_MOUNT_SCRIPT}'."; exit 1; } # Just try to delete the common share dir. If the mount was successful, it will not work |