diff options
| author | Jonathan Bauer | 2014-01-23 15:09:10 +0100 |
|---|---|---|
| committer | Jonathan Bauer | 2014-01-23 15:09:10 +0100 |
| commit | d3b1924e2cab9955db53e7bf950188650cfe8ab5 (patch) | |
| tree | a1a02c7800e1fa99b94cbcfc7ffbd5039eedc873 /remote | |
| parent | [pam] added cifs support to pam module. This is ugly. TODO: split pam (diff) | |
| download | tm-scripts-d3b1924e2cab9955db53e7bf950188650cfe8ab5.tar.gz tm-scripts-d3b1924e2cab9955db53e7bf950188650cfe8ab5.tar.xz tm-scripts-d3b1924e2cab9955db53e7bf950188650cfe8ab5.zip | |
[pam] moved pam_script_auth to generic pam module
Diffstat (limited to 'remote')
| -rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_auth | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth new file mode 100755 index 00000000..611b565a --- /dev/null +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth @@ -0,0 +1,65 @@ +#!/bin/ash + +# Needed as pam_script clears PATH +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin" + +PASSWD=$(getent passwd "$PAM_USER") +USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}') +USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}') + +# Script to be sourced to mount the user's persistent home +PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent" +# Script to be run in the user's context iff the persistent home could be mounted successfully +PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user" +# The user's non-persistent home directory mount point, which should be their linux home +TEMP_HOME_DIR="$USER_HOME" +# The user's persistent home directory mount point +PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT" + +# check if the script runs as root +[ "x$(whoami)" != "xroot" ] && exit 0 + +# check if PAM_USER is root and skip if it is the case +[ "x${PAM_USER}" == "xroot" ] && exit 0 + +# check if we already mounted the home directory +mount | grep -q " $TEMP_HOME_DIR " && exit 0 + +# no home, lets create it +mkdir -p "${TEMP_HOME_DIR}" || \ + { slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."; exit 1; } + +# now make it a tmpfs +mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \ + { slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; } + +# create a WARNING.txt for the user +cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF +ATTENTION: This is the non-persistant home directory! +Files saved here will be lost on shutdown. +Your real home is under /home/<user>/PERSISTENT. +Please save your files there. +EOF + +# create the PERSISTENT directory +mkdir -p "${PERSISTENT_HOME_DIR}" || \ + { slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; } + +if ! chown -R "${PAM_USER}:${USER_GID}" "${TEMP_HOME_DIR}"; then + slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'." + exit 1 +fi + +# now lets see if we have a persistent directory mount script +[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0 +# yes +. "${PERSISTENT_MOUNT_SCRIPT}" || \ + { slxlog "pam-global-sourcepersistent" "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; } + +# Just try to delete the persistent dir. If the mount was successful, it will not work +# If it was not successful, it will be removed so the user doesn't think he can store +# anything in there +rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null + +exit 0 + |