diff options
Diffstat (limited to 'remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share')
-rw-r--r-- | remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share | 111 |
1 files changed, 78 insertions, 33 deletions
diff --git a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share index 5ffb1205..5c034824 100644 --- a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share +++ b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share @@ -3,59 +3,82 @@ # This script is a part of the pam_script_auth script # and is not stand-alone! # -# It will try to mount the common share as specified in the -# variables SLX_COMMON_SHARE_PATH and SLX_COMMON_SHARE_AUTH of -# the global slx config '/opt/openslx/config'. Supported AUTH -# are 'guest' and 'user'. First is self-explanatory, second -# will use the user's credentials to authorize the mount. +# It will try to mount the common shares specified in the +# variables of the global slx config '/opt/openslx/config'. +# A primary and a secondary share may be given. Every share +# require following bundle of variables: +# +# +# SLX_SHARE_[0-9]_AUTH_TYPE [guest|user|pam] +# SLX_SHARE_[0-9]_AUTH_USER <username> +# SLX_SHARE_[0-9]_AUTH_PASS <password> +# SLX_SHARE_[0-9]_PERM [ro|rw] +# SLX_SHARE_[0-9]_PATH <path_to_share> # # Example: -# SLX_COMMON_SHARE_PATH='//windows.server/sharename' -# SLX_COMMON_SHARE_AUTH='user' +# SLX_SHARE_0_PATH='//windows.server/sharename' +# SLX_SHARE_0_AUTH_TYPE='user' +# SLX_SHARE_0_AUTH_USER='shareuser' +# SLX_SHARE_0_AUTH_PASS='sharepass' +# SLX_SHARE_0_PERM='rw' # +# Note: When AUTH_TYPE is set to 'pam' or 'guest', +# no need to specify AUTH_USER or AUTH_PASS. # - -mount_common_share() { - # at this point we need the slx config to do anything - [ -e "/opt/openslx/config" ] || \ - { slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; } - - # we have it as we should, source it - . /opt/openslx/config || \ - { slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; } +# +# usage: mount_share <auth_type> <auth_user> <auth_password> <permissions> <path> <share> +mount_share() { + # only want two arguments + [ $# -ne 6 ] && { slxlog "pam-share-args" "Wrong number of arguments given! Need 6, $# given."; return; } # lets check if we have our variables - [ "x${SLX_COMMON_SHARE_PATH}" != "x" ] || \ - { slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_PATH' found in config!"; return; } - [ "x${SLX_COMMON_SHARE_AUTH}" != "x" ] || \ - { slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_AUTH' found in config!"; return; } - + local SHARE_AUTH_TYPE="$1" + local SHARE_AUTH_USER="$2" + local SHARE_AUTH_PASS="$3" + local SHARE_PERM="$4" + local SHARE_PATH="$5" + local SHARE_NUM="$6" + + # unless specified otherwise, mount the share read-only + [ "x${SHARE_PERM}" != "xrw" ] && SHARE_PERM='ro' + # all good: now we can mount depending on the type # supports: cifs?/nfs? - if [ "${SLX_COMMON_SHARE_PATH:0:2}" = "//" ]; then + if [ "${SHARE_PATH:0:2}" = "//" ]; then # '//' prefixed, assume windows share # prepare common mount options for either authentication type - MOUNT_OPTS="-t cifs -o nounix,uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,nobrl,noacl" + MOUNT_OPTS="-t cifs -o nounix,uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,nobrl,noacl,$SHARE_PERM" # flag for failure SIGNAL=$(mktemp) rm -f -- "${SIGNAL}" # output of command MOUNT_OUTPUT=$(mktemp) - # now see if the share needs credentials - if [ "${SLX_COMMON_SHARE_AUTH}" = "guest" ]; then + # now construct the mount options depending on the type of the share. + if [ "${SHARE_AUTH_TYPE}" = "guest" ]; then MOUNT_OPTS="${MOUNT_OPTS},guest,file_mode=0777,dir_mode=0777" - elif [ "${SLX_COMMON_SHARE_AUTH}" = "user" ]; then + elif [ "${SHARE_AUTH_TYPE}" = "pam" ]; then export USER="{PAM_USER}" export PASSWD="{PAM_AUTHTOK}" MOUNT_OPTS="${MOUNT_OPTS},sec=ntlm,file_mode=0700,dir_mode=0700" + elif [ "${SHARE_AUTH_TYPE}" = "user" ]; then + # check if credentials are set + [ ! -z "${SHARE_AUTH_USER}" ] || \ + { slxlog "pam-share-noauthuser" "Share${SHARE_NUM}: No variable 'SLX_SHARE_${SHARE_NUM}_AUTH_USER' found in config!"; return; } + # now export them to the env + export USER="${SHARE_AUTH_USER}" + export PASSWD="${SHARE_AUTH_PASS}" + MOUNT_OPTS="${MOUNT_OPTS},sec=ntlm,file_mode=0700,dir_mode=0700" else - slxlog "pam-share-auth" "Auth type '${SLX_COMMON_SHARE_AUTH}' not supported." + slxlog "pam-share-auth" "Share${SHARE_NUM}: Auth type '${SHARE_AUTH_TYPE}' not supported." return; fi + # now create the subdir within $COMMON_SHARE_MOUNT_POINT + mkdir -p "${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}" || \ + { slxlog "pam-share-mkdirfail" "Share${SHARE_NUM}: Could not create directory '${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}'."; return; } # now try to mount it - ( mount ${MOUNT_OPTS} "${SLX_COMMON_SHARE_PATH}" "${COMMON_SHARE_MOUNT_POINT}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) & + ( mount ${MOUNT_OPTS} "${SHARE_PATH}" "${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) & MOUNT_PID=$! for COUNTER in 1 1 2 4; do kill -0 "${MOUNT_PID}" 2>/dev/null || break @@ -64,10 +87,10 @@ mount_common_share() { # check for failures if [ -e "${SIGNAL}" ]; then - slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" + slxlog "pam-share-mount" "Mount of '${SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" rm -f -- "${SIGNAL}" elif kill -9 "${MOUNT_PID}" 2>/dev/null; then - slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" + slxlog "pam-share-mount" "Mount of '${SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}/${SHARE_NUM}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" fi ( sleep 2; rm -f -- "${MOUNT_OUTPUT}" ) & @@ -75,8 +98,30 @@ mount_common_share() { unset USER unset PASSWD fi - - # TODO support more than CIFS? NFS maybe? } -mount_common_share +# at this point we need the slx config to do anything +[ -e "/opt/openslx/config" ] || \ + { slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; } + +# we have it as we should, source it +. /opt/openslx/config || \ + { slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; } + +# Since many shares can be specified, we need to identify how many we have first. +# We just go over all SLX_SHARE_* variables and check for those ending in _PATH +# For each of those, a share was specified and we will try to mount it. +for SHARE in ${!SLX_SHARE_*}; do + # skip if the variable doesn't end in _PATH + [[ "$SHARE" =~ .*_PATH$ ]] || continue + # ok so we have a path in S, let's extract the number of the share + # i.e. SLX_SHARE_0_PATH -> share number 0 + # first strip the leading SLX_SHARE_ + SHARE=${SHARE#SLX_SHARE_} + # now remove the trailing _PATH + SHARE=${SHARE%_PATH} + # now it should be a number, TODO accept more than numbers? Doesn't really matter... + # this check is mostly to be sure that the variable splitting worked as it should + [[ "$SHARE" =~ ^[0-9]+$ ]] || continue + eval mount_share \""\$SLX_SHARE_${SHARE}_AUTH_TYPE"\" \""\$SLX_SHARE_${SHARE}_AUTH_USER"\" \""\$SLX_SHARE_${SHARE}_AUTH_PASS"\" \""\$SLX_SHARE_${SHARE}_PERM"\" \""\$SLX_SHARE_${SHARE}_PATH"\" \""$SHARE"\" +done |