[pam-freiburg] updated pam_script_mount_persistent to CIFS

author: Jonathan Bauer 2014-05-19 14:49:58 +0200
committer: Jonathan Bauer 2014-05-19 14:49:58 +0200
commit: 3f5ede120167e29a0f193aa2cc54f68e990eb075 (patch)
tree: 94385550550774dd9494479b6dca2e8f0596bc17 /server
parent: [rfss31/2] moved vxlan from s31 to s32 (diff)
download: tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.tar.gz
tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.tar.xz
tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.zip
1 files changed, 61 insertions, 25 deletions
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent
index 9f48d98d..67fc88a2 100644
--- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent
+++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent
@@ -4,44 +4,30 @@
 #       and is not stand-alone!
 #
 #       It will try to mount the home directories of students
-#       under /home/<user>/PERSISTENT using kerberos.
+#       under /home/<user>/PERSISTENT using cifs/kerberos.
 #
 
-# Only run this if the user is a student
-# These have a gid > 1000
+# Only run this if PAM_USER is not a local user.
 if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
 
-	# generate keytab (try twice :))
-	sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \
-		sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \
-		{ slxlog "pam-freiburg-sslconnect" "Could not get /etc/krb5.keytab from npserv.ruf.uni-freiburg.de"; [ ! -s /etc/krb5.keytab ] && exit 1; }
-
-	chmod 600 /etc/krb5.keytab || \
-		{ slxlog "pam-freiburg-keytab" "Could not run 'chmod 600 /etc/krb5.keytab'"; exit 1; }
-
 	# determine fileserver and share for home directories
-	ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \
+	ldapsearch -x -LLL uid="${PAM_USER}" rufHomepath homeDirectory rufFileserver> "/tmp/ldapsearch.${PAM_USER}" || \
 		{ slxlog "pam-freiburg-ldapquery" "Could not query LDAP server for parameters of user '${PAM_USER}'."; exit 1; }
 
-	FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2)
-	VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2)
+	CIFS_VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufHomepath | cut -d" " -f2 | tr '\\' '/')
 
-	[ -z "${FILESERVER}" ] && slxlog "pam-freiburg-ldapfs" "LDAP server did not provide 'rufFileserver'. Aborting mount for ${PAM_USER}." && exit 1
-	[ -z "${VOLUME}" ] && slxlog "pam-freiburg-ldapvolume" "LDAP server did not provide 'homeDirectory'. Aborting mount for ${PAM_USER}." && exit 1
+	[ -z "${CIFS_VOLUME}" ] && slxlog "pam-freiburg-ldap-cifs-volume" "LDAP server did not provide 'rufHomepath'. Aborting mount for ${PAM_USER}." && exit 1
 
 	# now we can mount the home directory!
 
-	MOUNT_OPTS="-t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy"
-	if echo "$FILESERVER" | grep -q "sunfs6"; then
-		MOUNT_OPTS="${MOUNT_OPTS},sec=krb5i"
-	else
-		MOUNT_OPTS="${MOUNT_OPTS},sec=krb5p"
-	fi
+	MOUNT_OPTS="-t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,file_mode=0600,dir_mode=0700"
+	export USER="${PAM_USER}"
+	export PASSWD="${PAM_AUTHTOK}"
 
 	SIGNAL=$(mktemp)
 	MOUNT_OUTPUT=$(mktemp)
 	rm -f -- "${SIGNAL}"
-	( mount ${MOUNT_OPTS} "${FILESERVER}:${VOLUME}" "${PERSISTENT_HOME_DIR}" > "$MOUNT_OUTPUT" 2>&1 || touch "${SIGNAL}" ) &
+	( mount ${MOUNT_OPTS} "${CIFS_VOLUME}" "${PERSISTENT_HOME_DIR}" > "$MOUNT_OUTPUT" 2>&1 || touch "${SIGNAL}" ) &
 	MOUNT_PID=$!
 	for COUNTER in 1 2 4 4; do
 		kill -0 "${MOUNT_PID}" 2>/dev/null || break
@@ -49,14 +35,64 @@ if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
 	done
 
 	if [ -e "${SIGNAL}" ]; then
-		slxlog "pam-freiburg" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT"
+		slxlog "pam-freiburg-cifs" "Mount of '${CIFS_VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT"
 		rm -f -- "${SIGNAL}"
 	elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
-		slxlog "pam-freiburg" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT"
+		slxlog "pam-freiburg-cifs" "Mount of '${CIFS_VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT"
 	else
 		PERSISTENT_OK=yes
 	fi
 	( sleep 2; rm -f -- "$MOUNT_OUTPUT" ) &
 
+	# unset credentials
+	unset USER
+	unset PASSWD
+
+	# check if cifs mount worked.
+	if [ "$PERSISTENT_OK" != "yes" ]; then
+
+		# determine the server and paths to the user's home directory
+		FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2)
+		VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2)
+
+		[ -z "${FILESERVER}" ] && slxlog "pam-freiburg-ldapfs" "LDAP server did not provide 'rufFileserver'. Aborting mount for ${PAM_USER}." && exit 1
+		[ -z "${VOLUME}" ] && slxlog "pam-freiburg-ldapvolume" "LDAP server did not provide 'homeDirectory'. Aborting mount for ${PAM_USER}." && exit 1
+
+		# generate keytab (try twice :))
+		sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \
+			sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \
+			{ slxlog "pam-freiburg-sslconnect" "Could not get /etc/krb5.keytab from npserv.ruf.uni-freiburg.de"; [ ! -s /etc/krb5.keytab ] && exit 1; }
+
+		chmod 600 /etc/krb5.keytab || \
+			{ slxlog "pam-freiburg-keytab" "Could not run 'chmod 600 /etc/krb5.keytab'"; exit 1; }
+
+		MOUNT_OPTS="-t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy"
+
+		if echo "$FILESERVER" | grep -q "sunfs6"; then
+			MOUNT_OPTS="${MOUNT_OPTS},sec=krb5i"
+		else
+			MOUNT_OPTS="${MOUNT_OPTS},sec=krb5p"
+		fi
+
+		SIGNAL=$(mktemp)
+		MOUNT_OUTPUT=$(mktemp)
+		rm -f -- "${SIGNAL}"
+		( mount ${MOUNT_OPTS} "${FILESERVER}:${VOLUME}" "${PERSISTENT_HOME_DIR}" > "$MOUNT_OUTPUT" 2>&1 || touch "${SIGNAL}" ) &
+		MOUNT_PID=$!
+		for COUNTER in 1 2 4 4; do
+			kill -0 "${MOUNT_PID}" 2>/dev/null || break
+			sleep "${COUNTER}"
+		done
+
+		if [ -e "${SIGNAL}" ]; then
+			slxlog "pam-freiburg-krb" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT"
+			rm -f -- "${SIGNAL}"
+		elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
+			slxlog "pam-freiburg-krb" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT"
+		else
+			PERSISTENT_OK=yes
+		fi
+		( sleep 2; rm -f -- "$MOUNT_OUTPUT" ) &
+	fi
 fi
author	Jonathan Bauer	2014-05-19 14:49:58 +0200
committer	Jonathan Bauer	2014-05-19 14:49:58 +0200
commit	3f5ede120167e29a0f193aa2cc54f68e990eb075 (patch)
tree	94385550550774dd9494479b6dca2e8f0596bc17 /server
parent	[rfss31/2] moved vxlan from s31 to s32 (diff)
download	tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.tar.gz tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.tar.xz tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.zip