Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts

author: Michael Neves 2013-07-08 17:02:37 +0200
committer: Michael Neves 2013-07-08 17:02:37 +0200
commit: 12d3c2d4bc1a66eb33566fb32b0f25603836eea8 (patch)
tree: 0179ffbd9e85dcd3954afa1720b1a699f33c4f31 /remote/modules/pam
parent: [vmchooser] remove unneeded icon for xterm (diff)
parent: [debug] remove xset from REQUIRED_INSTALLED_PACKAGES as its wrong for ubuntu (diff)
download: tm-scripts-12d3c2d4bc1a66eb33566fb32b0f25603836eea8.tar.gz
tm-scripts-12d3c2d4bc1a66eb33566fb32b0f25603836eea8.tar.xz
tm-scripts-12d3c2d4bc1a66eb33566fb32b0f25603836eea8.zip
10 files changed, 51 insertions, 26 deletions
diff --git a/remote/modules/pam/data/etc/ldap.conf b/remote/modules/pam/data/etc/ldap.conf
index 43b1640e..483595d2 100644
--- a/remote/modules/pam/data/etc/ldap.conf
+++ b/remote/modules/pam/data/etc/ldap.conf
@@ -1,5 +1,8 @@
 URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de
 BASE ou=people,dc=uni-freiburg,dc=de
+BIND_TIMELIMIT 5
+TIMELIMIT 10
+LOGDIR /tmp/ldap
 TLS_REQCERT allow
 nss_base_passwd        ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled)
 nss_base_group         ou=group,dc=uni-freiburg,dc=de?one
diff --git a/remote/modules/pam/data/etc/pam.d/common-session b/remote/modules/pam/data/etc/pam.d/common-session
index 9210dfbb..6182d470 100644
--- a/remote/modules/pam/data/etc/pam.d/common-session
+++ b/remote/modules/pam/data/etc/pam.d/common-session
@@ -13,23 +13,25 @@
 # pam-auth-update(8) for details.
 
 # here are the per-package modules (the "Primary" block)
-session	[default=1]			pam_permit.so
+session	[default=1]     pam_permit.so
 # here's the fallback if no module succeeds
-session	requisite			pam_deny.so
+session	requisite       pam_deny.so
 # prime the stack with a positive return value if there isn't one already;
 # this avoids us returning an error just because nothing sets a success code
 # since the modules above will each just jump around
-session	required			pam_permit.so
+session	required        pam_permit.so
 # The pam_umask module will set the umask according to the system default in
 # /etc/login.defs and user settings, solving the problem of different
 # umask settings with different shells, display managers, remote sessions etc.
 # See "man pam_umask".
-session optional			pam_umask.so
+session optional        pam_umask.so
 # and here are more per-package modules (the "Additional" block)
-session	required	pam_systemd.so
-session	optional	pam_krb5.so minimum_uid=1000
-session	[success=1]	pam_unix.so 
-session [success=ok]	pam_ldap.so
-session	sufficient	pam_script.so
-session optional 	pam_mkhomedir.so skel=/etc/skel umask=0022
+session	required        pam_systemd.so
+session optional        pam_env.so readenv=1
+session optional        pam_env.so readenv=1 envfile=/etc/default/locale
+session	optional        pam_krb5.so minimum_uid=1000
+session	[success=1]     pam_unix.so 
+session [success=ok]    pam_ldap.so
+session	sufficient      pam_script.so
+session optional        pam_mkhomedir.so skel=/etc/skel umask=0022
 # end of pam-auth-update config
diff --git a/remote/modules/pam/data/etc/pam.d/kdm b/remote/modules/pam/data/etc/pam.d/kdm
index 11b5f1fc..e6a4ec9b 100644
--- a/remote/modules/pam/data/etc/pam.d/kdm
+++ b/remote/modules/pam/data/etc/pam.d/kdm
@@ -4,8 +4,7 @@
 auth       required     pam_nologin.so
 auth       required     pam_env.so readenv=1
 auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
-auth include common-auth
-session    required     pam_limits.so
-account include common-account
-password include common-password
-session include common-session
+auth       include      common-auth
+account    include      common-account
+password   include      common-password
+session    include      common-session
diff --git a/remote/modules/pam/data/etc/pam.d/kdm-np b/remote/modules/pam/data/etc/pam.d/kdm-np
index 8c1a2a81..dc10e5b5 100644
--- a/remote/modules/pam/data/etc/pam.d/kdm-np
+++ b/remote/modules/pam/data/etc/pam.d/kdm-np
@@ -5,7 +5,7 @@ auth       required     pam_nologin.so
 auth       required     pam_env.so readenv=1
 auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
 session    required     pam_limits.so
-account include common-account
-password include common-password
-session include common-session
+account    include      common-account
+password   include      common-password
+session    include      common-session
 auth       required     pam_permit.so
diff --git a/remote/modules/pam/data/etc/pam.d/login b/remote/modules/pam/data/etc/pam.d/login
index 561c71df..1065f351 100644
--- a/remote/modules/pam/data/etc/pam.d/login
+++ b/remote/modules/pam/data/etc/pam.d/login
@@ -40,7 +40,8 @@ auth       requisite  pam_nologin.so
 # that a module could execute code in the wrong domain.
 # When the module is present, "required" would be sufficient (When SELinux
 # is disabled, this returns success.)
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+# OpenSLX: Not Needed?
+#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
 
 # This module parses environment configuration file(s)
 # and also allows you to use an extended config
diff --git a/remote/modules/pam/data/etc/systemd/system/activate-nss-ldap.service b/remote/modules/pam/data/etc/systemd/system/activate-nss-ldap.service
index a09b78ae..bbac775a 100644
--- a/remote/modules/pam/data/etc/systemd/system/activate-nss-ldap.service
+++ b/remote/modules/pam/data/etc/systemd/system/activate-nss-ldap.service
@@ -1,6 +1,10 @@
 [Unit]
 Description=Activate NSS-LDAP lookups
+Before=graphical.target
 
 [Service]
-Type=simple
-ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd.*/passwd:\t\tfiles ldap/g;s/^group.*/group:\t\tfiles ldap/g' /etc/nsswitch.conf
+Type=oneshot
+ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap
+ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/;s/^hosts:.*files/hosts:\t\tcache files/' /etc/nsswitch.conf
+ExecStart=/usr/bin/systemctl restart nscd
+
diff --git a/remote/modules/pam/data/etc/systemd/system/rpc-gssd.service b/remote/modules/pam/data/etc/systemd/system/rpc-gssd.service
index 6623428d..79ffce8d 100644
--- a/remote/modules/pam/data/etc/systemd/system/rpc-gssd.service
+++ b/remote/modules/pam/data/etc/systemd/system/rpc-gssd.service
@@ -4,4 +4,4 @@ Requires=run-rpc_pipefs.mount
 After=run-rpc_pipefs.mount
 
 [Service]
-ExecStart=/usr/sbin/rpc.gssd -f -vvv
+ExecStart=/usr/sbin/rpc.gssd -f -vvv -p /run/rpc_pipefs
diff --git a/remote/modules/pam/pam.build b/remote/modules/pam/pam.build
index d3c0dd88..4cdba400 100644
--- a/remote/modules/pam/pam.build
+++ b/remote/modules/pam/pam.build
@@ -1,13 +1,20 @@
 fetch_source() {
-	:
+	# get pam-script source
+	download_untar "$REQUIRED_PAM_SCRIPT_URL" "src/"
 }
 
 build() {
 	mkdir -p "$MODULE_BUILD_DIR/opt/openslx/bin"
 	gcc -o "$MODULE_BUILD_DIR/opt/openslx/bin/sslconnect" "$MODULE_DIR/sslconnect.c" -lssl -lcrypto -O3 || perror "Could not compile sslconnect.c"
 	local COPYLIST="$MODULE_BUILD_DIR/list_packet_files"
-	list_packet_files | sort -u > "$COPYLIST"
+	# TODO: Hack for SUSE: Ignore file (/var/lib/nfs/state) that does not exist :(
+	list_packet_files | grep -v '/var/lib/nfs/state' | sort -u > "$COPYLIST"
 	tarcopy "$(cat "$COPYLIST")" "${MODULE_BUILD_DIR}"
+
+	# build pam-script separatly since we use a source tarball
+	cd "${MODULE_DIR}/src/pam-script-${REQUIRED_PAM_SCRIPT_VERSION}" || perror "Could not cd to ${MODULE_DIR}/src/pam-script-${REQUIRED_PAM_SCRIPT_VERSION}."
+	./configure --prefix=/ --sysconfdir=/etc/pam-script --libdir=/lib/security|| perror "pam-script: ./configure failed."
+	make DESTDIR="${MODULE_BUILD_DIR}" install || perror "pam-script: make install to ${MODULE_BUILD_DIR} failed."
 }
 
 post_copy() {	
diff --git a/remote/modules/pam/pam.conf b/remote/modules/pam/pam.conf
index a3399190..140bca9e 100644
--- a/remote/modules/pam/pam.conf
+++ b/remote/modules/pam/pam.conf
@@ -1,7 +1,6 @@
 REQUIRED_INSTALLED_PACKAGES="
 	libpam-ldap
 	libnss-ldap
-	libpam-script
 	krb5-user
 	krb5-config
 	libpam-krb5
@@ -9,13 +8,13 @@ REQUIRED_INSTALLED_PACKAGES="
 	ldap-utils
 	libnfsidmap2
 	nfs-common
+	libpam0g-dev
 "
 REQUIRED_CONTENT_PACKAGES="
 	libpam0g
 	libpam-modules
 	libpam-ck-connector
 	libpam-cap
-	libpam-script
 	libldap-2.4-2
 	libpam-ldap
 	libnss-ldap
@@ -37,6 +36,7 @@ REQUIRED_LIBRARIES="
 	static
 	umich_ldap
 	libnfsidmap
+	pam_script
 "
 REQUIRED_DIRECTORIES="
 	/lib
@@ -52,3 +52,5 @@ REQUIRED_SYSTEM_FILES="
 	/lib/security
 	/lib/${ARCH_TRIPLET}/security
 "
+REQUIRED_PAM_SCRIPT_VERSION="1.1.6"
+REQUIRED_PAM_SCRIPT_URL="http://downloads.sourceforge.net/project/pam-script/pam-script-${REQUIRED_PAM_SCRIPT_VERSION}.tar.gz"
diff --git a/remote/modules/pam/pam.conf.zypper b/remote/modules/pam/pam.conf.zypper
index 403cd59f..9319e78c 100644
--- a/remote/modules/pam/pam.conf.zypper
+++ b/remote/modules/pam/pam.conf.zypper
@@ -1,29 +1,36 @@
 REQUIRED_INSTALLED_PACKAGES="
 	pam_ldap
 	pam
+	pam_krb5
 	pam-devel
 	nss_ldap
 	pam-modules
 	libopenssl-devel
 	openldap2-client
 	nfsidmap
+	nfs-client
 	glibc
+	pam-devel
 "
 REQUIRED_CONTENT_PACKAGES="
 	pam_ldap
 	pam
+	pam_krb5
 	pam-devel
 	nss_ldap
 	pam-modules
 	nss-mdns
 	openldap2-client
 	nfsidmap
+	nfs-client
 	glibc
 "
 REQUIRED_BINARIES="
 	sslconnect
 	ldapsearch
 	mkhomedir_helper
+	rpc.gssd
+	rpc.idmapd
 "
 REQUIRED_LIBRARIES="
         nsswitch
author	Michael Neves	2013-07-08 17:02:37 +0200
committer	Michael Neves	2013-07-08 17:02:37 +0200
commit	12d3c2d4bc1a66eb33566fb32b0f25603836eea8 (patch)
tree	0179ffbd9e85dcd3954afa1720b1a699f33c4f31 /remote/modules/pam
parent	[vmchooser] remove unneeded icon for xterm (diff)
parent	[debug] remove xset from REQUIRED_INSTALLED_PACKAGES as its wrong for ubuntu (diff)
download	tm-scripts-12d3c2d4bc1a66eb33566fb32b0f25603836eea8.tar.gz tm-scripts-12d3c2d4bc1a66eb33566fb32b0f25603836eea8.tar.xz tm-scripts-12d3c2d4bc1a66eb33566fb32b0f25603836eea8.zip