[pam*] Add user-context script execution on session open

2 files changed, 54 insertions, 16 deletions

diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent
index d8808f66..f6b71527 100644
--- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent
+++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent
@@ -1,5 +1,5 @@
 ###################################################################
-# 
+#
 #       This script is a part of the pam_script_ses_open script
 #       and is not stand-alone!
 #
@@ -9,26 +9,26 @@
 
 # Only run this if the user is a student
 # These have a gid > 1000
-if [ $(id -g ${PAM_USER}) -ge 1000 ]; then
+if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
 
-    # generate keytab
-    sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \
-        { slxlog "pam-freiburg-sslconnect" "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; }
+	# generate keytab
+	sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \
+		{ slxlog "pam-freiburg-sslconnect" "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; }
 
-    chmod 600 /etc/krb5.keytab || \
-        { slxlog "pam-freiburg-keytab" "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; }
+	chmod 600 /etc/krb5.keytab || \
+		{ slxlog "pam-freiburg-keytab" "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; }
 
-    # determine fileserver and share for home directories
-    ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \
-        { slxlog "pam-freiburg-ldapquery" "Could not query LDAP server for 'homeDirectory' and 'rufFileserver' parameters of user '${PAM_USER}'."; exit 1; }
+	# determine fileserver and share for home directories
+	ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \
+	{ slxlog "pam-freiburg-ldapquery" "Could not query LDAP server for 'homeDirectory' and 'rufFileserver' parameters of user '${PAM_USER}'."; exit 1; }
 
-    FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2)
-    VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2)
+	FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2)
+	VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2)
 
-    [ -z "${FILESERVER}" ] && slxlog "pam-freiburg-ldapfs" "LDAP server did not provide 'rufFileserver'. Aborting mount for ${PAM_USER}." && exit 1
-    [ -z "${VOLUME}" ] && slxlog "pam-freiburg-ldapvolume" "LDAP server did not provide 'homeDirectory'. Aborting mount for ${PAM_USER}." && exit 1
+	[ -z "${FILESERVER}" ] && slxlog "pam-freiburg-ldapfs" "LDAP server did not provide 'rufFileserver'. Aborting mount for ${PAM_USER}." && exit 1
+	[ -z "${VOLUME}" ] && slxlog "pam-freiburg-ldapvolume" "LDAP server did not provide 'homeDirectory'. Aborting mount for ${PAM_USER}." && exit 1
 
-    # now we can mount the home directory!
+	# now we can mount the home directory!
 
 	MOUNT_OPTS="-t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy"
 	if echo "$FILESERVER" | grep -q "sunfs6"; then
@@ -46,10 +46,15 @@ if [ $(id -g ${PAM_USER}) -ge 1000 ]; then
 		sleep "${COUNTER}"
 	done
 
-	if [ -e "${SIGNAL}" ] || kill -9 "${MOUNT_PID}" 2>/dev/null; then
+	if [ -e "${SIGNAL}" ]; then
 		slxlog "pam-freiburg" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "/tmp/home.$PAM_USER"
 		rm -f -- "${SIGNAL}"
+	elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
+		slxlog "pam-freiburg" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "/tmp/home.$PAM_USER"
+	else
+		PERSISTENT_OK=yes
 	fi
 	rm -f -- "/tmp/home.$PAM_USER"
+
 fi
 
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user
new file mode 100644
index 00000000..cf86a0a3
--- /dev/null
+++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user
@@ -0,0 +1,33 @@
+# Sourced by pam_script_mount_persistent
+# run as the user that is opening a session
+
+# Persistent home was mounted, take care of some conveinience
+# Dirs
+for file in .vim .mozilla .config/chromium .config/htop .config/openslx; do
+	if [ "x$(dirname "$file")" != "x." ]; then
+		mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")"
+		chown -R "$PAM_USER:$PAM_GROUP" "$TEMP_HOME_DIR/${file%%/*}"
+	fi
+	if [ ! -d "$PERSISTENT_HOME_DIR/$file" ]; then
+		mkdir -p "$PERSISTENT_HOME_DIR/$file"
+		chown -R "$PAM_USER:$PAM_GROUP" "$PERSISTENT_HOME_DIR/${file%%/*}"
+	fi
+	ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
+done
+# Files
+for file in .bashrc .profile .vimrc .gitconfig; do
+	if [ "x$(dirname "$file")" != "x." ]; then
+		mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")"
+		chown -R "$PAM_USER:$PAM_GROUP" "$TEMP_HOME_DIR/${file%%/*}"
+	fi
+	if [ ! -d "$PERSISTENT_HOME_DIR/$file" ]; then
+		mkdir -p "$PERSISTENT_HOME_DIR/$file"
+		chown -R "$PAM_USER:$PAM_GROUP" "$PERSISTENT_HOME_DIR/${file%%/*}"
+	fi
+	ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
+done
+# Check if user has autostart script and run it (so they can create more symlinks etc.)
+if [ -x "$PERSISTENT_HOME_DIR/AUTOSTART" ]; then
+	"$PERSISTENT_HOME_DIR/AUTOSTART"
+fi
+