diff options
author | Simon Rettberg | 2013-12-16 19:15:36 +0100 |
---|---|---|
committer | Simon Rettberg | 2013-12-16 19:15:36 +0100 |
commit | 440a3d3f4c0e73ead497338963b0978422453cb5 (patch) | |
tree | 1c238a31d6fc3ba4d93934cfbd300ebe9f16e1b3 /server | |
parent | debug-shell module that spwans a root shell on tty9 after switching to stage3.2 (diff) | |
download | tm-scripts-440a3d3f4c0e73ead497338963b0978422453cb5.tar.gz tm-scripts-440a3d3f4c0e73ead497338963b0978422453cb5.tar.xz tm-scripts-440a3d3f4c0e73ead497338963b0978422453cb5.zip |
[pam*] Add user-context script execution on session open
Diffstat (limited to 'server')
-rw-r--r-- | server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent | 37 | ||||
-rw-r--r-- | server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user | 33 |
2 files changed, 54 insertions, 16 deletions
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent index d8808f66..f6b71527 100644 --- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent @@ -1,5 +1,5 @@ ################################################################### -# +# # This script is a part of the pam_script_ses_open script # and is not stand-alone! # @@ -9,26 +9,26 @@ # Only run this if the user is a student # These have a gid > 1000 -if [ $(id -g ${PAM_USER}) -ge 1000 ]; then +if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then - # generate keytab - sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ - { slxlog "pam-freiburg-sslconnect" "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; } + # generate keytab + sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab || \ + { slxlog "pam-freiburg-sslconnect" "Could not get /etc/kr5b.keytab from npserver.ruf.uni-freiburg.de"; exit 1; } - chmod 600 /etc/krb5.keytab || \ - { slxlog "pam-freiburg-keytab" "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; } + chmod 600 /etc/krb5.keytab || \ + { slxlog "pam-freiburg-keytab" "Could not run 'chmod 600 /etc/kr5b.keytab'"; exit 1; } - # determine fileserver and share for home directories - ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \ - { slxlog "pam-freiburg-ldapquery" "Could not query LDAP server for 'homeDirectory' and 'rufFileserver' parameters of user '${PAM_USER}'."; exit 1; } + # determine fileserver and share for home directories + ldapsearch -x -LLL uid="${PAM_USER}" homeDirectory rufFileserver > "/tmp/ldapsearch.${PAM_USER}" || \ + { slxlog "pam-freiburg-ldapquery" "Could not query LDAP server for 'homeDirectory' and 'rufFileserver' parameters of user '${PAM_USER}'."; exit 1; } - FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2) - VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2) + FILESERVER=$(cat /tmp/ldapsearch.${PAM_USER} | grep rufFileserver | cut -d" " -f2) + VOLUME=$(cat /tmp/ldapsearch.${PAM_USER} | grep homeDirectory | cut -d" " -f2) - [ -z "${FILESERVER}" ] && slxlog "pam-freiburg-ldapfs" "LDAP server did not provide 'rufFileserver'. Aborting mount for ${PAM_USER}." && exit 1 - [ -z "${VOLUME}" ] && slxlog "pam-freiburg-ldapvolume" "LDAP server did not provide 'homeDirectory'. Aborting mount for ${PAM_USER}." && exit 1 + [ -z "${FILESERVER}" ] && slxlog "pam-freiburg-ldapfs" "LDAP server did not provide 'rufFileserver'. Aborting mount for ${PAM_USER}." && exit 1 + [ -z "${VOLUME}" ] && slxlog "pam-freiburg-ldapvolume" "LDAP server did not provide 'homeDirectory'. Aborting mount for ${PAM_USER}." && exit 1 - # now we can mount the home directory! + # now we can mount the home directory! MOUNT_OPTS="-t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy" if echo "$FILESERVER" | grep -q "sunfs6"; then @@ -46,10 +46,15 @@ if [ $(id -g ${PAM_USER}) -ge 1000 ]; then sleep "${COUNTER}" done - if [ -e "${SIGNAL}" ] || kill -9 "${MOUNT_PID}" 2>/dev/null; then + if [ -e "${SIGNAL}" ]; then slxlog "pam-freiburg" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "/tmp/home.$PAM_USER" rm -f -- "${SIGNAL}" + elif kill -9 "${MOUNT_PID}" 2>/dev/null; then + slxlog "pam-freiburg" "Mount of '${FILESERVER}:${VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "/tmp/home.$PAM_USER" + else + PERSISTENT_OK=yes fi rm -f -- "/tmp/home.$PAM_USER" + fi diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user new file mode 100644 index 00000000..cf86a0a3 --- /dev/null +++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_mount_persistent_user @@ -0,0 +1,33 @@ +# Sourced by pam_script_mount_persistent +# run as the user that is opening a session + +# Persistent home was mounted, take care of some conveinience +# Dirs +for file in .vim .mozilla .config/chromium .config/htop .config/openslx; do + if [ "x$(dirname "$file")" != "x." ]; then + mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")" + chown -R "$PAM_USER:$PAM_GROUP" "$TEMP_HOME_DIR/${file%%/*}" + fi + if [ ! -d "$PERSISTENT_HOME_DIR/$file" ]; then + mkdir -p "$PERSISTENT_HOME_DIR/$file" + chown -R "$PAM_USER:$PAM_GROUP" "$PERSISTENT_HOME_DIR/${file%%/*}" + fi + ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file" +done +# Files +for file in .bashrc .profile .vimrc .gitconfig; do + if [ "x$(dirname "$file")" != "x." ]; then + mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")" + chown -R "$PAM_USER:$PAM_GROUP" "$TEMP_HOME_DIR/${file%%/*}" + fi + if [ ! -d "$PERSISTENT_HOME_DIR/$file" ]; then + mkdir -p "$PERSISTENT_HOME_DIR/$file" + chown -R "$PAM_USER:$PAM_GROUP" "$PERSISTENT_HOME_DIR/${file%%/*}" + fi + ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file" +done +# Check if user has autostart script and run it (so they can create more symlinks etc.) +if [ -x "$PERSISTENT_HOME_DIR/AUTOSTART" ]; then + "$PERSISTENT_HOME_DIR/AUTOSTART" +fi + |