[pam] changes: prepare home directory struct in pam-auth and not

session.

3 files changed, 68 insertions, 1 deletions

diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_auth b/server/modules/pam-freiburg/etc/pam-script/pam_script_auth
new file mode 120000
index 00000000..319fba0e
--- /dev/null
+++ b/server/modules/pam-freiburg/etc/pam-script/pam_script_auth
@@ -0,0 +1 @@
+/opt/openslx/scripts/pam_script_auth
\ No newline at end of file
diff --git a/server/modules/pam-freiburg/etc/pam.d/common-auth b/server/modules/pam-freiburg/etc/pam.d/common-auth
index 790afa1d..ec7e3d5c 100644
--- a/server/modules/pam-freiburg/etc/pam.d/common-auth
+++ b/server/modules/pam-freiburg/etc/pam.d/common-auth
@@ -14,7 +14,8 @@
 # pam-auth-update(8) for details.
 
 # here are the per-package modules (the "Primary" block)
-auth	[success=3 default=ignore]	pam_krb5.so minimum_uid=1000
+auth	[success=ok default=ignore]	pam_krb5.so minimum_uid=1000
+auth	[success=3 default=ignore]	pam_script.so expose=1
 auth	[success=2 default=ignore]	pam_unix.so try_first_pass
 auth	[success=1 default=ignore]	pam_ldap.so use_first_pass
 # here's the fallback if no module succeeds
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_auth b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_auth
new file mode 100755
index 00000000..611b565a
--- /dev/null
+++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_auth
@@ -0,0 +1,65 @@
+#!/bin/ash
+
+# Needed as pam_script clears PATH
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin"
+
+PASSWD=$(getent passwd "$PAM_USER")
+USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}')
+USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}')
+
+# Script to be sourced to mount the user's persistent home
+PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent"
+# Script to be run in the user's context iff the persistent home could be mounted successfully
+PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user"
+# The user's non-persistent home directory mount point, which should be their linux home
+TEMP_HOME_DIR="$USER_HOME"
+# The user's persistent home directory mount point
+PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
+
+# check if the script runs as root
+[ "x$(whoami)" != "xroot" ] && exit 0
+
+# check if PAM_USER is root and skip if it is the case
+[ "x${PAM_USER}" == "xroot" ] && exit 0
+
+# check if we already mounted the home directory
+mount | grep -q " $TEMP_HOME_DIR " && exit 0
+
+# no home, lets create it
+mkdir -p "${TEMP_HOME_DIR}" || \
+	{ slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."; exit 1; }
+
+# now make it a tmpfs
+mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \
+	{ slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; }
+
+# create a WARNING.txt for the user
+cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF
+ATTENTION: This is the non-persistant home directory!
+Files saved here will be lost on shutdown.
+Your real home is under /home/<user>/PERSISTENT.
+Please save your files there.
+EOF
+
+# create the PERSISTENT directory
+mkdir -p "${PERSISTENT_HOME_DIR}" || \
+	{ slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
+
+if ! chown -R "${PAM_USER}:${USER_GID}" "${TEMP_HOME_DIR}"; then
+	slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
+	exit 1
+fi
+
+# now lets see if we have a persistent directory mount script
+[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0
+# yes
+. "${PERSISTENT_MOUNT_SCRIPT}" || \
+	{ slxlog "pam-global-sourcepersistent" "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; }
+
+# Just try to delete the persistent dir. If the mount was successful, it will not work
+# If it was not successful, it will be removed so the user doesn't think he can store
+# anything in there
+rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null
+
+exit 0
+