diff options
author | Jonathan Bauer | 2014-05-19 14:49:58 +0200 |
---|---|---|
committer | Jonathan Bauer | 2014-05-19 14:49:58 +0200 |
commit | 3f5ede120167e29a0f193aa2cc54f68e990eb075 (patch) | |
tree | 94385550550774dd9494479b6dca2e8f0596bc17 /server | |
parent | [rfss31/2] moved vxlan from s31 to s32 (diff) | |
download | tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.tar.gz tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.tar.xz tm-scripts-3f5ede120167e29a0f193aa2cc54f68e990eb075.zip |
[pam-freiburg] updated pam_script_mount_persistent to CIFS
Diffstat (limited to 'server')
-rw-r--r-- | server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent | 86 |
1 files changed, 61 insertions, 25 deletions
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent index 9f48d98d..67fc88a2 100644 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent @@ -4,44 +4,30 @@ # and is not stand-alone! # # It will try to mount the home directories of students -# under /home/<user>/PERSISTENT using kerberos. +# under /home/<user>/PERSISTENT using cifs/kerberos. # -# Only run this if the user is a student -# These have a gid > 1000 +# Only run this if PAM_USER is not a local user. if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then - # generate keytab (try twice :)) - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ - { slxlog "pam-freiburg-sslconnect" "Could not get /etc/krb5.keytab from npserv.ruf.uni-freiburg.de"; [ ! -s /etc/krb5.keytab ] && exit 1; } - - chmod 600 /etc/krb5.keytab || \ - { slxlog "pam-freiburg-keytab" "Could not run 'chmod 600 /etc/krb5.keytab'"; exit 1; } - # determine fileserver and share for home directories - ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \ + ldapsearch -x -LLL uid="${PAM_USER}" rufHomepath homeDirectory rufFileserver> "/tmp/ldapsearch.${PAM_USER}" || \ { slxlog "pam-freiburg-ldapquery" "Could not query LDAP server for parameters of user '${PAM_USER}'."; exit 1; } - FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2) + CIFS_VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufHomepath | cut -d" " -f2 | tr '\\' '/') - [ -z "${FILESERVER}" ] && slxlog "pam-freiburg-ldapfs" "LDAP server did not provide 'rufFileserver'. Aborting mount for ${PAM_USER}." && exit 1 - [ -z "${VOLUME}" ] && slxlog "pam-freiburg-ldapvolume" "LDAP server did not provide 'homeDirectory'. Aborting mount for ${PAM_USER}." && exit 1 + [ -z "${CIFS_VOLUME}" ] && slxlog "pam-freiburg-ldap-cifs-volume" "LDAP server did not provide 'rufHomepath'. Aborting mount for ${PAM_USER}." && exit 1 # now we can mount the home directory! - MOUNT_OPTS="-t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy" - if echo "$FILESERVER" | grep -q "sunfs6"; then - MOUNT_OPTS="${MOUNT_OPTS},sec=krb5i" - else - MOUNT_OPTS="${MOUNT_OPTS},sec=krb5p" - fi + MOUNT_OPTS="-t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,file_mode=0600,dir_mode=0700" + export USER="${PAM_USER}" + export PASSWD="${PAM_AUTHTOK}" SIGNAL=$(mktemp) MOUNT_OUTPUT=$(mktemp) rm -f -- "${SIGNAL}" - ( mount ${MOUNT_OPTS} "${FILESERVER}:${VOLUME}" "${PERSISTENT_HOME_DIR}" > "$MOUNT_OUTPUT" 2>&1 || touch "${SIGNAL}" ) & + ( mount ${MOUNT_OPTS} "${CIFS_VOLUME}" "${PERSISTENT_HOME_DIR}" > "$MOUNT_OUTPUT" 2>&1 || touch "${SIGNAL}" ) & MOUNT_PID=$! for COUNTER in 1 2 4 4; do kill -0 "${MOUNT_PID}" 2>/dev/null || break @@ -49,14 +35,64 @@ if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then done if [ -e "${SIGNAL}" ]; then - slxlog "pam-freiburg" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT" + slxlog "pam-freiburg-cifs" "Mount of '${CIFS_VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT" rm -f -- "${SIGNAL}" elif kill -9 "${MOUNT_PID}" 2>/dev/null; then - slxlog "pam-freiburg" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT" + slxlog "pam-freiburg-cifs" "Mount of '${CIFS_VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT" else PERSISTENT_OK=yes fi ( sleep 2; rm -f -- "$MOUNT_OUTPUT" ) & + # unset credentials + unset USER + unset PASSWD + + # check if cifs mount worked. + if [ "$PERSISTENT_OK" != "yes" ]; then + + # determine the server and paths to the user's home directory + FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2) + + [ -z "${FILESERVER}" ] && slxlog "pam-freiburg-ldapfs" "LDAP server did not provide 'rufFileserver'. Aborting mount for ${PAM_USER}." && exit 1 + [ -z "${VOLUME}" ] && slxlog "pam-freiburg-ldapvolume" "LDAP server did not provide 'homeDirectory'. Aborting mount for ${PAM_USER}." && exit 1 + + # generate keytab (try twice :)) + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ + { slxlog "pam-freiburg-sslconnect" "Could not get /etc/krb5.keytab from npserv.ruf.uni-freiburg.de"; [ ! -s /etc/krb5.keytab ] && exit 1; } + + chmod 600 /etc/krb5.keytab || \ + { slxlog "pam-freiburg-keytab" "Could not run 'chmod 600 /etc/krb5.keytab'"; exit 1; } + + MOUNT_OPTS="-t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy" + + if echo "$FILESERVER" | grep -q "sunfs6"; then + MOUNT_OPTS="${MOUNT_OPTS},sec=krb5i" + else + MOUNT_OPTS="${MOUNT_OPTS},sec=krb5p" + fi + + SIGNAL=$(mktemp) + MOUNT_OUTPUT=$(mktemp) + rm -f -- "${SIGNAL}" + ( mount ${MOUNT_OPTS} "${FILESERVER}:${VOLUME}" "${PERSISTENT_HOME_DIR}" > "$MOUNT_OUTPUT" 2>&1 || touch "${SIGNAL}" ) & + MOUNT_PID=$! + for COUNTER in 1 2 4 4; do + kill -0 "${MOUNT_PID}" 2>/dev/null || break + sleep "${COUNTER}" + done + + if [ -e "${SIGNAL}" ]; then + slxlog "pam-freiburg-krb" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT" + rm -f -- "${SIGNAL}" + elif kill -9 "${MOUNT_PID}" 2>/dev/null; then + slxlog "pam-freiburg-krb" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "$MOUNT_OUTPUT" + else + PERSISTENT_OK=yes + fi + ( sleep 2; rm -f -- "$MOUNT_OUTPUT" ) & + fi fi |