Rework session handling wrt home directory mounting and persistence again. Don't try to force a user's home to /home/<username> anymore.

author: Simon Rettberg 2013-12-20 18:31:28 +0100
committer: Simon Rettberg 2013-12-20 18:31:28 +0100
commit: 7b098d7835923948f4053c23a1266bd8497c2aee (patch)
tree: 436c5099db82b0f641f7318fc8c67c2ab27073fe
parent: Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts (diff)
download: tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.tar.gz
tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.tar.xz
tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.zip
6 files changed, 66 insertions, 67 deletions
diff --git a/remote/modules/pam/data/etc/security/pam_env.conf b/remote/modules/pam/data/etc/security/pam_env.conf
index c914c9c7..d0ba35c2 100644
--- a/remote/modules/pam/data/etc/security/pam_env.conf
+++ b/remote/modules/pam/data/etc/security/pam_env.conf
@@ -71,4 +71,3 @@
 #DOLLARDOLLAR	DEFAULT=	OVERRIDE=\$${DOLLAR}
 #DOLLARPLUS	DEFAULT=\${REMOTEHOST}${REMOTEHOST}
 #ATSIGN		DEFAULT=""	OVERRIDE=\@
-HOME		OVERRIDE="/home/@{PAM_USER}"
diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
index f7a10fef..38146ac6 100755
--- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
+++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
@@ -21,8 +21,9 @@ if [ "x$PAM_SERVICE" = "xsu" -o "x$PAM_SERVICE" = "xsudo" ]; then
 fi
 
 if [ "$SESSIONCOUNT" = "1" ]; then
-	# last sessions, close all ghost user processes
-	usleep 500000
+
+	# last session, close all ghost user processes
+	usleep 100000 2> /dev/null
 	pkill -u "${PAM_USER}"
 
 	# check if user's process are still running
@@ -39,16 +40,26 @@ if [ "$SESSIONCOUNT" = "1" ]; then
 		# give some time
 		sleep "${TIMEOUT}"
 	done
+
 	# just to be sure we check if there's no other open session in the meantime
 	OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
+
 	if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then
+
 		# unmount the home directory structure
-		umount -l -f "/home/${PAM_USER}/PERSISTENT" || \
-			echo "Could not unmount '/home/${PAM_USER}/PERSISTENT'."
+		USER_HOME=$(getent passwd "$PAM_USER" | awk -F ':' '{print $6}')
+		PERSISTENT="$USER_HOME/PERSISTENT"
+		if [ -d "$PERSISTENT" ]; then
+			umount -l -f "$PERSISTENT" || \
+				echo "Could not unmount '$PERSISTENT'."
+		fi
+
+		if grep -q " $USER_HOME tmpfs " "/proc/mounts"; then
+			umount -l -f "$USER_HOME" 2> /dev/null
+		fi
 
-		umount -l -f "/home/${PAM_USER}" || \
-			echo "Could not unmount '/home/${PAM_USER}'."
 	fi
+
 fi
 
 exit 0
diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
index 66cda56c..4041d755 100755
--- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
+++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
@@ -3,16 +3,18 @@
 # Needed as pam_script clears PATH
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin"
 
+PASSWD=$(getent passwd "$PAM_USER")
+USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}')
+USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}')
+
 # Script to be sourced to mount the user's persistent home
 PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent"
 # Script to be run in the user's context iff the persistent home could be mounted successfully
 PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user"
 # The user's non-persistent home directory mount point, which should be their linux home
-TEMP_HOME_DIR="/home/${PAM_USER}"
+TEMP_HOME_DIR="$USER_HOME"
 # The user's persistent home directory mount point
-PERSISTENT_HOME_DIR="/home/${PAM_USER}/PERSISTENT"
-
-PAM_GROUP=$(id -ng "$PAM_USER")
+PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
 
 # NSA needs to know
 if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then
@@ -48,19 +50,7 @@ EOF
 mkdir -p "${PERSISTENT_HOME_DIR}" || \
 	{ slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
 
-# always warn the user that his files won't be saved persistently
-cat > "${PERSISTENT_HOME_DIR}/WARNING.txt" << EOF
-Your home directory contents is unavailable.
-DO NOT SAVE ANYTHING HERE AS ALL WILL BE LOST UPON REBOOT!
-EOF
-# Try to get the user's attention (probably unsuccessful anyways)
-for ext in doc xls ppt odt; do
-	for fname in WARNING ACHTUNG ATTENTION; do
-		ln "${PERSISTENT_HOME_DIR}/WARNING.txt" "${PERSISTENT_HOME_DIR}/${fname}.${ext}"
-	done
-done
-
-if ! chown -R "${PAM_USER}" "${TEMP_HOME_DIR}"; then
+if ! chown -R "${PAM_USER}:${USER_GID}" "${TEMP_HOME_DIR}"; then
 	slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
 	exit 1
 fi
@@ -71,14 +61,10 @@ fi
 . "${PERSISTENT_MOUNT_SCRIPT}" || \
 	{ slxlog "pam-global-sourcepersistent" "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; }
 
-# If there is a user mount script and mounting was successful, run it
-if [ -n "$PERSISTENT_OK" -a -x "$PERSISTENT_MOUNT_USER_SCRIPT" ]; then
-	if which sudo 2> /dev/null; then
-		sudo -u "$PAM_USER" "$PERSISTENT_MOUNT_USER_SCRIPT"
-	else
-		su -l -c "$PERSISTENT_MOUNT_USER_SCRIPT" "$PAM_USER"
-	fi
-fi
+# Just try to delete the persistent dir. If the mount was successful, it will not work
+# If it was not successful, it will be removed so the user doesn't think he can store
+# anything in there
+rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null
 
 exit 0
 
diff --git a/remote/rootfs/rootfs-stage32/data/etc/profile b/remote/rootfs/rootfs-stage32/data/etc/profile
index b4c2400d..1ac8a450 100644
--- a/remote/rootfs/rootfs-stage32/data/etc/profile
+++ b/remote/rootfs/rootfs-stage32/data/etc/profile
@@ -2,7 +2,7 @@
 # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
 # XXX: Use `backticks` here instead of $(this stuff) as we don't know which shell is running...
 
-export UID=`id -u`
+export UID=`id -u` 2> /dev/null
 
 # If running interactively, then:
 if [ "$PS1" ]; then
diff --git a/server/modules/pam-freiburg/etc/profile.d/00-autostart.sh b/server/modules/pam-freiburg/etc/profile.d/00-autostart.sh
new file mode 100755
index 00000000..a6c4744f
--- /dev/null
+++ b/server/modules/pam-freiburg/etc/profile.d/00-autostart.sh
@@ -0,0 +1,37 @@
+#!/bin/ash
+
+TEMP_HOME_DIR="$HOME"
+PERSISTENT_HOME_DIR="$HOME/PERSISTENT"
+
+if [ -d "$PERSISTENT_HOME_DIR" ]; then
+
+	# Persistent home was mounted, take care of some conveinience
+	# Dirs
+	for file in .vim .mozilla .thunderbird .config/chromium .config/htop .config/openslx; do
+		[ -e "$TEMP_HOME_DIR/$file" ] && break
+		if [ "x$(dirname "$file")" != "x." ]; then
+			mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")"
+		fi
+		if [ ! -d "$PERSISTENT_HOME_DIR/$file" ]; then
+			mkdir -p "$PERSISTENT_HOME_DIR/$file"
+		fi
+		ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
+	done
+	# Files
+	for file in .bashrc .profile .vimrc .gitconfig; do
+		[ -e "$TEMP_HOME_DIR/$file" ] && break
+		if [ "x$(dirname "$file")" != "x." ]; then
+			mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")"
+		fi
+		if [ ! -e "$PERSISTENT_HOME_DIR/$file" ]; then
+			touch "$PERSISTENT_HOME_DIR/$file"
+		fi
+		ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
+	done
+	# Check if user has autostart script and run it (so they can create more symlinks etc.)
+	if [ -x "$PERSISTENT_HOME_DIR/AUTOSTART" ]; then
+		"$PERSISTENT_HOME_DIR/AUTOSTART"
+	fi
+
+fi
+
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user
deleted file mode 100644
index 3f4bba49..00000000
--- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/ash
-# Called by pam_script_mount_persistent
-# Run as the user that is opening a session
-
-# Persistent home was mounted, take care of some conveinience
-# Dirs
-for file in .vim .mozilla .thunderbird .config/chromium .config/htop .config/openslx; do
-	if [ "x$(dirname "$file")" != "x." ]; then
-		mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")"
-		chown -R "$PAM_USER:$PAM_GROUP" "$TEMP_HOME_DIR/${file%%/*}"
-	fi
-	if [ ! -d "$PERSISTENT_HOME_DIR/$file" ]; then
-		mkdir -p "$PERSISTENT_HOME_DIR/$file"
-		chown -R "$PAM_USER:$PAM_GROUP" "$PERSISTENT_HOME_DIR/${file%%/*}"
-	fi
-	ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
-done
-# Files
-for file in .bashrc .profile .vimrc .gitconfig; do
-	if [ "x$(dirname "$file")" != "x." ]; then
-		mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")"
-		chown -R "$PAM_USER:$PAM_GROUP" "$TEMP_HOME_DIR/${file%%/*}"
-	fi
-	if [ ! -d "$PERSISTENT_HOME_DIR/$file" ]; then
-		mkdir -p "$PERSISTENT_HOME_DIR/$file"
-		chown -R "$PAM_USER:$PAM_GROUP" "$PERSISTENT_HOME_DIR/${file%%/*}"
-	fi
-	ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
-done
-# Check if user has autostart script and run it (so they can create more symlinks etc.)
-if [ -x "$PERSISTENT_HOME_DIR/AUTOSTART" ]; then
-	"$PERSISTENT_HOME_DIR/AUTOSTART"
-fi
-
author	Simon Rettberg	2013-12-20 18:31:28 +0100
committer	Simon Rettberg	2013-12-20 18:31:28 +0100
commit	7b098d7835923948f4053c23a1266bd8497c2aee (patch)
tree	436c5099db82b0f641f7318fc8c67c2ab27073fe
parent	Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts (diff)
download	tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.tar.gz tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.tar.xz tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.zip