summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xremote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open58
l---------server/modules/pam-freiburg/etc/pam-script/pam_script_auth1
-rw-r--r--server/modules/pam-freiburg/etc/pam.d/common-auth3
-rwxr-xr-xserver/modules/pam-freiburg/opt/openslx/scripts/pam_script_auth65
4 files changed, 68 insertions, 59 deletions
diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
index 75065ec8..519aea55 100755
--- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
+++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
@@ -3,19 +3,6 @@
# Needed as pam_script clears PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin"
-PASSWD=$(getent passwd "$PAM_USER")
-USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}')
-USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}')
-
-# Script to be sourced to mount the user's persistent home
-PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent"
-# Script to be run in the user's context iff the persistent home could be mounted successfully
-PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user"
-# The user's non-persistent home directory mount point, which should be their linux home
-TEMP_HOME_DIR="$USER_HOME"
-# The user's persistent home directory mount point
-PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
-
# NSA needs to know
if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then
. /opt/openslx/config
@@ -26,50 +13,5 @@ if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then
fi
fi
-# check if the script runs as root
-[ "x$(whoami)" != "xroot" ] && exit 0
-
-# check if PAM_USER is root and skip if it is the case
-[ "x${PAM_USER}" == "xroot" ] && exit 0
-
-# check if we already mounted the home directory
-mount | grep -q " $TEMP_HOME_DIR " && exit 0
-
-# no home, lets create it
-mkdir -p "${TEMP_HOME_DIR}" || \
- { slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."; exit 1; }
-
-# now make it a tmpfs
-mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \
- { slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; }
-
-# create a WARNING.txt for the user
-cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF
-ATTENTION: This is the non-persistant home directory!
-Files saved here will be lost on shutdown.
-Your real home is under /home/<user>/PERSISTENT.
-Please save your files there.
-EOF
-
-# create the PERSISTENT directory
-mkdir -p "${PERSISTENT_HOME_DIR}" || \
- { slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
-
-if ! chown -R "${PAM_USER}:${USER_GID}" "${TEMP_HOME_DIR}"; then
- slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
- exit 1
-fi
-
-# now lets see if we have a persistent directory mount script
-[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0
-# yes
-. "${PERSISTENT_MOUNT_SCRIPT}" || \
- { slxlog "pam-global-sourcepersistent" "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; }
-
-# Just try to delete the persistent dir. If the mount was successful, it will not work
-# If it was not successful, it will be removed so the user doesn't think he can store
-# anything in there
-rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null
-
exit 0
diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_auth b/server/modules/pam-freiburg/etc/pam-script/pam_script_auth
new file mode 120000
index 00000000..319fba0e
--- /dev/null
+++ b/server/modules/pam-freiburg/etc/pam-script/pam_script_auth
@@ -0,0 +1 @@
+/opt/openslx/scripts/pam_script_auth \ No newline at end of file
diff --git a/server/modules/pam-freiburg/etc/pam.d/common-auth b/server/modules/pam-freiburg/etc/pam.d/common-auth
index 790afa1d..ec7e3d5c 100644
--- a/server/modules/pam-freiburg/etc/pam.d/common-auth
+++ b/server/modules/pam-freiburg/etc/pam.d/common-auth
@@ -14,7 +14,8 @@
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
-auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
+auth [success=ok default=ignore] pam_krb5.so minimum_uid=1000
+auth [success=3 default=ignore] pam_script.so expose=1
auth [success=2 default=ignore] pam_unix.so try_first_pass
auth [success=1 default=ignore] pam_ldap.so use_first_pass
# here's the fallback if no module succeeds
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_auth b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_auth
new file mode 100755
index 00000000..611b565a
--- /dev/null
+++ b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_auth
@@ -0,0 +1,65 @@
+#!/bin/ash
+
+# Needed as pam_script clears PATH
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin"
+
+PASSWD=$(getent passwd "$PAM_USER")
+USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}')
+USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}')
+
+# Script to be sourced to mount the user's persistent home
+PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent"
+# Script to be run in the user's context iff the persistent home could be mounted successfully
+PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user"
+# The user's non-persistent home directory mount point, which should be their linux home
+TEMP_HOME_DIR="$USER_HOME"
+# The user's persistent home directory mount point
+PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
+
+# check if the script runs as root
+[ "x$(whoami)" != "xroot" ] && exit 0
+
+# check if PAM_USER is root and skip if it is the case
+[ "x${PAM_USER}" == "xroot" ] && exit 0
+
+# check if we already mounted the home directory
+mount | grep -q " $TEMP_HOME_DIR " && exit 0
+
+# no home, lets create it
+mkdir -p "${TEMP_HOME_DIR}" || \
+ { slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."; exit 1; }
+
+# now make it a tmpfs
+mount -t tmpfs -o size=100m tmpfs "${TEMP_HOME_DIR}" || \
+ { slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; }
+
+# create a WARNING.txt for the user
+cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF
+ATTENTION: This is the non-persistant home directory!
+Files saved here will be lost on shutdown.
+Your real home is under /home/<user>/PERSISTENT.
+Please save your files there.
+EOF
+
+# create the PERSISTENT directory
+mkdir -p "${PERSISTENT_HOME_DIR}" || \
+ { slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
+
+if ! chown -R "${PAM_USER}:${USER_GID}" "${TEMP_HOME_DIR}"; then
+ slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
+ exit 1
+fi
+
+# now lets see if we have a persistent directory mount script
+[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0
+# yes
+. "${PERSISTENT_MOUNT_SCRIPT}" || \
+ { slxlog "pam-global-sourcepersistent" "Could not source ${PERSISTENT_MOUNT_SCRIPT}."; exit 1; }
+
+# Just try to delete the persistent dir. If the mount was successful, it will not work
+# If it was not successful, it will be removed so the user doesn't think he can store
+# anything in there
+rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null
+
+exit 0
+
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-01 04:41:31 +0100