diff options
| author | Simon Rettberg | 2013-12-20 18:31:28 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2013-12-20 18:31:28 +0100 |
| commit | 7b098d7835923948f4053c23a1266bd8497c2aee (patch) | |
| tree | 436c5099db82b0f641f7318fc8c67c2ab27073fe /remote/modules | |
| parent | Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts (diff) | |
| download | tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.tar.gz tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.tar.xz tm-scripts-7b098d7835923948f4053c23a1266bd8497c2aee.zip | |
Rework session handling wrt home directory mounting and persistence again. Don't try to force a user's home to /home/<username> anymore.
Diffstat (limited to 'remote/modules')
3 files changed, 28 insertions, 32 deletions
diff --git a/remote/modules/pam/data/etc/security/pam_env.conf b/remote/modules/pam/data/etc/security/pam_env.conf index c914c9c7..d0ba35c2 100644 --- a/remote/modules/pam/data/etc/security/pam_env.conf +++ b/remote/modules/pam/data/etc/security/pam_env.conf @@ -71,4 +71,3 @@ #DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} #DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} #ATSIGN DEFAULT="" OVERRIDE=\@ -HOME OVERRIDE="/home/@{PAM_USER}" diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close index f7a10fef..38146ac6 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close @@ -21,8 +21,9 @@ if [ "x$PAM_SERVICE" = "xsu" -o "x$PAM_SERVICE" = "xsudo" ]; then fi if [ "$SESSIONCOUNT" = "1" ]; then - # last sessions, close all ghost user processes - usleep 500000 + + # last session, close all ghost user processes + usleep 100000 2> /dev/null pkill -u "${PAM_USER}" # check if user's process are still running @@ -39,16 +40,26 @@ if [ "$SESSIONCOUNT" = "1" ]; then # give some time sleep "${TIMEOUT}" done + # just to be sure we check if there's no other open session in the meantime OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-) + if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then + # unmount the home directory structure - umount -l -f "/home/${PAM_USER}/PERSISTENT" || \ - echo "Could not unmount '/home/${PAM_USER}/PERSISTENT'." + USER_HOME=$(getent passwd "$PAM_USER" | awk -F ':' '{print $6}') + PERSISTENT="$USER_HOME/PERSISTENT" + if [ -d "$PERSISTENT" ]; then + umount -l -f "$PERSISTENT" || \ + echo "Could not unmount '$PERSISTENT'." + fi + + if grep -q " $USER_HOME tmpfs " "/proc/mounts"; then + umount -l -f "$USER_HOME" 2> /dev/null + fi - umount -l -f "/home/${PAM_USER}" || \ - echo "Could not unmount '/home/${PAM_USER}'." fi + fi exit 0 diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open index 66cda56c..4041d755 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open @@ -3,16 +3,18 @@ # Needed as pam_script clears PATH export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin" +PASSWD=$(getent passwd "$PAM_USER") +USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}') +USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}') + # Script to be sourced to mount the user's persistent home PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent" # Script to be run in the user's context iff the persistent home could be mounted successfully PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user" # The user's non-persistent home directory mount point, which should be their linux home -TEMP_HOME_DIR="/home/${PAM_USER}" +TEMP_HOME_DIR="$USER_HOME" # The user's persistent home directory mount point -PERSISTENT_HOME_DIR="/home/${PAM_USER}/PERSISTENT" - -PAM_GROUP=$(id -ng "$PAM_USER") +PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT" # NSA needs to know if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then @@ -48,19 +50,7 @@ EOF mkdir -p "${PERSISTENT_HOME_DIR}" || \ { slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; } -# always warn the user that his files won't be saved persistently -cat > "${PERSISTENT_HOME_DIR}/WARNING.txt" << EOF -Your home directory contents is unavailable. -DO NOT SAVE ANYTHING HERE AS ALL WILL BE LOST UPON REBOOT! -EOF -# Try to get the user's attention (probably unsuccessful anyways) -for ext in doc xls ppt odt; do - for fname in WARNING ACHTUNG ATTENTION; do - ln "${PERSISTENT_HOME_DIR}/WARNING.txt" "${PERSISTENT_HOME_DIR}/${fname}.${ext}" - done -done - -if ! chown -R "${PAM_USER}" "${TEMP_HOME_DIR}"; then +if ! chown -R "${PAM_USER}:${USER_GID}" "${TEMP_HOME_DIR}"; then slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'." exit 1 fi @@ -71,14 +61,10 @@ fi . "${PERSISTENT_MOUNT_SCRIPT}" || \ { slxlog "pam-global-sourcepersistent" "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; } -# If there is a user mount script and mounting was successful, run it -if [ -n "$PERSISTENT_OK" -a -x "$PERSISTENT_MOUNT_USER_SCRIPT" ]; then - if which sudo 2> /dev/null; then - sudo -u "$PAM_USER" "$PERSISTENT_MOUNT_USER_SCRIPT" - else - su -l -c "$PERSISTENT_MOUNT_USER_SCRIPT" "$PAM_USER" - fi -fi +# Just try to delete the persistent dir. If the mount was successful, it will not work +# If it was not successful, it will be removed so the user doesn't think he can store +# anything in there +rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null exit 0 |