[pam-freiburg] improved the pam-script scripts: each user now gets a

tmpfs home directory and the script then tries to mount the persistent
home as scripted in pam_script_mount_persistent

2 files changed, 83 insertions, 65 deletions

diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent
new file mode 100644
index 00000000..b5b23327
--- /dev/null
+++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent
@@ -0,0 +1,58 @@
+###################################################################
+# 
+#       This script is a part of the pam_script_ses_open script
+#       and is not stand-alone!
+#
+#       It will try to mount the home directories of students
+#       under /home/<user>/PERSISTENT using kerberos.
+#
+
+PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
+
+# Only run this if the user is a student
+# These have a gid > 1000
+if [ $(id -g ${PAM_USER}) -ge 1000 ]; then
+
+    # create the PERSISTENT directory
+    mkdir -p "${PERSISTENT_HOME_DIR}" || \
+        { echo "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
+    chown -R "${PAM_USER}" "${PERSISTENT_HOME_DIR}" || \
+        { echo "Could not chown '${PERSISTENT_HOME_DIR}' to '${PAM_USER}'."; exit 1; }
+
+    # generate keytab
+    sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \
+        { echo "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; }
+
+    chmod 600 /etc/krb5.keytab || \
+        { echo "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; }
+
+    # determine fileserver and share for home directories
+    ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \
+        { echo "Could not search LDAP server for 'homeDirectory' and 'rufFileserver' parameters."; exit 1; }
+
+    FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2)
+    VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2)
+
+    [ -z "${FILESERVER}" ] && echo "[${PAM_TYPE}] Could not determine fileserver for home directories. Aborting mount for ${PAM_USER}." && exit 1
+    [ -z "${VOLUME}" ] && echo "[${PAM_TYPE}] Could not determine volume to mount. Aborting mount for ${PAM_USER}." && exit 1
+
+    # now we can mount the home directory!
+
+    SIGNAL=$(mktemp)
+    rm -f -- "$SIGNAL"
+    (mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER:$VOLUME" "${PERSISTENT_HOME_DIR}" || touch "$SIGNAL") &
+    MOUNT_PID=$!
+    for COUNTER in 1 2 4 4; do
+        kill -0 "$MOUNT_PID" 2>/dev/null || break
+        sleep "$COUNTER"
+    done
+
+    if [ -e "$SIGNAL" ] || kill -9 "$MOUNT_PID" 2>/dev/null; then
+        echo "Your home directory contents is unavailable. DO NOT SAVE ANYTHING HERE AS ALL WILL BE LOST UPON REBOOT!" > "${PERSISTENT_HOME_DIR}/WARNING.txt"
+        rm -f -- "$SIGNAL"
+    else
+        echo "Mounting of $FILESERVER:$VOLUME on ${PERSISTENT_HOME_DIR} succeeded."
+        exit 0
+    fi
+fi
+
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open
index 6c8784a7..6f0e0f9b 100755
--- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open
+++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open
@@ -4,77 +4,37 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o
 
 echo "[${PAM_TYPE}] Opening session for ${PAM_USER}"
 
-if [ ! -z "$(mount|grep ${PAM_USER}|grep home)" ]; then
+PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent"
+TEMP_HOME_DIR="/home/${PAM_USER}"
+
+# check if we already mounted the home directory
+if [ ! -z "$(mount|grep ${TEMP_HOME_DIR})" ]; then
 	echo "[${PAM_TYPE}] Home directory of '${PAM_USER}' is already mounted."
 	exit 0
 fi
 
-# simple directory for demo user
-[ "x${PAM_USER}" == "xdemo" ] && mkdir -p /home/demo && chown demo:demo /home/demo && exit 0
-
-TEMP_HOME_DIR="/home/${PAM_USER}"
-PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
-
-#
-# All users with gid >= 1000 are students, so try to get their home directory.
-#
-if [ $(id -g ${PAM_USER}) -ge 1000 ]; then
-    
-    # create the home directory
-	mkdir -p "${TEMP_HOME_DIR}" || \
-        { echo "Could not create '${TEMP_HOME_DIR}'."; exit 1; }
-	chown -R "${PAM_USER}" "${TEMP_HOME_DIR}" || \
-        { echo "Could not chown '${TEMP_HOME_DIR}' to ${PAM_USER}."; exit 1; }
-
-    # now make it a tmpfs
-    mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \
-        { echo "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; }
+# no home, lets create it
+mkdir -p "${TEMP_HOME_DIR}" || \
+    { echo "Could not create '${TEMP_HOME_DIR}'."; exit 1; }
+chown -R "${PAM_USER}" "${TEMP_HOME_DIR}" || \
+    { echo "Could not chown '${TEMP_HOME_DIR}' to ${PAM_USER}."; exit 1; }
 
-    echo "ATTENTION: This is the non-persistant home directory! Files saved here will be lost on shutdown. Your real home is under /home/<user>/PERSISTENT. Please save your files there." > "${TEMP_HOME_DIR}/README.txt"
+# now make it a tmpfs
+mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \
+    { echo "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; }
 
-    mkdir -p "${PERSISTENT_HOME_DIR}" || \
-        { echo "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
-    chown -R "${PAM_USER}" "${PERSISTENT_HOME_DIR}" || \
-        { echo "Could not chown '${PERSISTENT_HOME_DIR}' to '${PAM_USER}'."; exit 1; }
-        
-
-    ##############################
-    # 
-    #       KERBEROS MOUNT
-    #
-	# generate keytab
-	sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \
-        { echo "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; }
-        
-	chmod 600 /etc/krb5.keytab || \
-        { echo "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; }
-
-	# determine fileserver and share for home directories
-	ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \
-        { echo "Could not search LDAP server for 'homeDirectory' and 'rufFileserver' parameters."; exit 1; }
-
-	FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2)
-	VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2)
-
-	[ -z "${FILESERVER}" ] && echo "[${PAM_TYPE}] Could not determine fileserver for home directories. Aborting mount for ${PAM_USER}." && exit 1
-	[ -z "${VOLUME}" ] && echo "[${PAM_TYPE}] Could not determine volume to mount. Aborting mount for ${PAM_USER}." && exit 1
-	
-	# now we can mount the home directory!
-
-	SIGNAL=$(mktemp)
-	rm -f -- "$SIGNAL"
-	(mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER:$VOLUME" "${PERSISTENT_HOME_DIR}" || touch "$SIGNAL") &
-	MOUNT_PID=$!
-	for COUNTER in 1 2 4 4; do
-		kill -0 "$MOUNT_PID" 2>/dev/null || break
-		sleep "$COUNTER"
-	done
-	if [ -e "$SIGNAL" ] || kill -9 "$MOUNT_PID" 2>/dev/null; then
-		echo "Your home directory contents is unavailable. DO NOT SAVE ANYTHING HERE AS ALL WILL BE LOST UPON REBOOT!" > "${PERSISTENT_HOME_DIR}/WARNING.txt"
-		rm -f -- "$SIGNAL"
-	fi
-fi
+# create a WARNING.txt for the user
+cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF
+ATTENTION: This is the non-persistant home directory!
+Files saved here will be lost on shutdown.
+Your real home is under /home/<user>/PERSISTENT.
+Please save your files there.
+EOF
 
+# now lets see if we have a persistent directory
+[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0
 
-exit 0
+. "${PERSISTENT_MOUNT_SCRIPT}" || \
+    { echo "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; }
 
+   # PERSISTENT_MOUNT_SCRIPT must decide on the return code.