diff options
| author | Simon Rettberg | 2013-12-16 19:15:36 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2013-12-16 19:15:36 +0100 |
| commit | 440a3d3f4c0e73ead497338963b0978422453cb5 (patch) | |
| tree | 1c238a31d6fc3ba4d93934cfbd300ebe9f16e1b3 /remote | |
| parent | debug-shell module that spwans a root shell on tty9 after switching to stage3.2 (diff) | |
| download | tm-scripts-440a3d3f4c0e73ead497338963b0978422453cb5.tar.gz tm-scripts-440a3d3f4c0e73ead497338963b0978422453cb5.tar.xz tm-scripts-440a3d3f4c0e73ead497338963b0978422453cb5.zip | |
[pam*] Add user-context script execution on session open
Diffstat (limited to 'remote')
| -rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close | 10 | ||||
| -rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open | 33 |
2 files changed, 33 insertions, 10 deletions
diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close index 198d2efe..f7a10fef 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close @@ -4,7 +4,9 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin" # NSA needs to know -slxlog "session-close" "$PAM_USER logged out on $PAM_TTY" +if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then + slxlog "session-close" "$PAM_USER logged out on $PAM_TTY" +fi # do not kill all root processes :) [ "x${PAM_USER}" = "xroot" ] && exit 0 @@ -41,10 +43,10 @@ if [ "$SESSIONCOUNT" = "1" ]; then OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-) if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then # unmount the home directory structure - umount -l "/home/${PAM_USER}/PERSISTENT" || \ + umount -l -f "/home/${PAM_USER}/PERSISTENT" || \ echo "Could not unmount '/home/${PAM_USER}/PERSISTENT'." - - umount -l "/home/${PAM_USER}" || \ + + umount -l -f "/home/${PAM_USER}" || \ echo "Could not unmount '/home/${PAM_USER}'." fi fi diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open index 84a51473..66cda56c 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open @@ -3,12 +3,21 @@ # Needed as pam_script clears PATH export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin" +# Script to be sourced to mount the user's persistent home PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent" +# Script to be run in the user's context iff the persistent home could be mounted successfully +PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user" +# The user's non-persistent home directory mount point, which should be their linux home TEMP_HOME_DIR="/home/${PAM_USER}" +# The user's persistent home directory mount point PERSISTENT_HOME_DIR="/home/${PAM_USER}/PERSISTENT" +PAM_GROUP=$(id -ng "$PAM_USER") + # NSA needs to know -slxlog "session-open" "$PAM_USER logged in on $PAM_TTY" +if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then + slxlog "session-open" "$PAM_USER logged in on $PAM_TTY" +fi # check if the script runs as root [ "x$(whoami)" != "xroot" ] && exit 0 @@ -17,7 +26,7 @@ slxlog "session-open" "$PAM_USER logged in on $PAM_TTY" [ "x${PAM_USER}" == "xroot" ] && exit 0 # check if we already mounted the home directory -mount | grep -q "$TEMP_HOME_DIR" && exit 0 +mount | grep -q " $TEMP_HOME_DIR " && exit 0 # no home, lets create it mkdir -p "${TEMP_HOME_DIR}" || \ @@ -51,13 +60,25 @@ for ext in doc xls ppt odt; do done done -chown -R "${PAM_USER}" "${TEMP_HOME_DIR}" || \ - { slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."; exit 1; } +if ! chown -R "${PAM_USER}" "${TEMP_HOME_DIR}"; then + slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'." + exit 1 +fi -# now lets see if we have a persistent directory +# now lets see if we have a persistent directory mount script [ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0 +# yes . "${PERSISTENT_MOUNT_SCRIPT}" || \ { slxlog "pam-global-sourcepersistent" "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; } -# TODO: Symlinks mkdirs for certain programs etc. +# If there is a user mount script and mounting was successful, run it +if [ -n "$PERSISTENT_OK" -a -x "$PERSISTENT_MOUNT_USER_SCRIPT" ]; then + if which sudo 2> /dev/null; then + sudo -u "$PAM_USER" "$PERSISTENT_MOUNT_USER_SCRIPT" + else + su -l -c "$PERSISTENT_MOUNT_USER_SCRIPT" "$PAM_USER" + fi +fi + exit 0 + |