diff options
Diffstat (limited to 'remote/modules/pam')
-rw-r--r-- | remote/modules/pam/data/etc/pam.d/common-session-noninteractive | 1 | ||||
-rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_auth | 2 | ||||
-rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close | 4 | ||||
-rw-r--r-- | remote/modules/pam/module.build | 18 | ||||
-rw-r--r-- | remote/modules/pam/module.conf | 4 | ||||
-rw-r--r-- | remote/modules/pam/module.conf.debian | 2 | ||||
-rw-r--r-- | remote/modules/pam/module.conf.opensuse.13.2 | 48 | ||||
-rw-r--r-- | remote/modules/pam/module.conf.ubuntu | 2 | ||||
-rw-r--r-- | remote/modules/pam/module.conf.ubuntu.14 | 16 | ||||
-rw-r--r-- | remote/modules/pam/templates/nslcd-systemd.service | 8 |
10 files changed, 52 insertions, 53 deletions
diff --git a/remote/modules/pam/data/etc/pam.d/common-session-noninteractive b/remote/modules/pam/data/etc/pam.d/common-session-noninteractive index d9bf071c..5e0fe3f8 100644 --- a/remote/modules/pam/data/etc/pam.d/common-session-noninteractive +++ b/remote/modules/pam/data/etc/pam.d/common-session-noninteractive @@ -26,5 +26,6 @@ session required pam_permit.so # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) +session [success=1 default=ignore] pam_succeed_if.so service in sudo quiet use_uid session required pam_unix.so # end of pam-auth-update config diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth index 3b8bf676..f9636ced 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth @@ -105,7 +105,7 @@ chown "${PAM_USER}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}" || \ [ ! -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && exit 0 # we do! -COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/bash "${COMMON_SHARE_MOUNT_SCRIPT}" || \ +COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" || \ { slxlog "pam-global-sourceshare" "Could not source '${COMMON_SHARE_MOUNT_SCRIPT}'."; exit 1; } # Just try to delete the common share dir. If the mount was successful, it will not work diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close index 4fc2ce6a..9332e0a6 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close @@ -26,7 +26,7 @@ if [ -d "/opt/openslx/scripts/pam_script_ses_close.d" ]; then done fi -OPENSESSION=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-) +OPENSESSION=$(loginctl show-user "$PAM_USER" 2>/dev/null| grep "Sessions=" | cut -c 10-) SESSIONCOUNT=$(echo "$OPENSESSION" | wc -w) # When using su/sudo there is no session created, so count up by one if [ "x$PAM_SERVICE" = "xsu" -o "x$PAM_SERVICE" = "xsudo" ]; then @@ -55,7 +55,7 @@ if [ "$SESSIONCOUNT" -le "1" ]; then done # just to be sure we check if there's no other open session in the meantime - OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-) + OPEN2=$(loginctl show-user "$PAM_USER" 2>/dev/null | grep "Sessions=" | cut -c 10-) if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then diff --git a/remote/modules/pam/module.build b/remote/modules/pam/module.build index b678fdd6..5c3dc8db 100644 --- a/remote/modules/pam/module.build +++ b/remote/modules/pam/module.build @@ -33,24 +33,6 @@ build() { cd "${MODULE_DIR}/src/pam-script-${REQUIRED_PAM_SCRIPT_VERSION}" || perror "Could not cd to ${MODULE_DIR}/src/pam-script-${REQUIRED_PAM_SCRIPT_VERSION}." ./configure --prefix=/ --sysconfdir=/etc/pam-script --libdir="$SYS_PAM_MODULES_PATH" || perror "pam-script: ./configure failed." make DESTDIR="${MODULE_BUILD_DIR}" install || perror "pam-script: make install to ${MODULE_BUILD_DIR} failed." - - - # openSuse 13.1 has no package nss-pam-ldapd. So, we compile it. - if [ -n "$REQUIRED_NSS_LDAPD_URL" ]; then - cd "${MODULE_DIR}/src/$REQUIRED_NSS_LDAPD_VERSION" - pinfo "compiling pam-nss-ldapd for openSuse 13.1 ..." - ./configure || perror "openSuse 13.1 - pam-nss-ldapd: ./configure failed." - make DESTDIR="${MODULE_BUILD_DIR}" install || perror "openSuse 13.1 - pam-nss-ldapd: make install to ${MODULE_BUILD_DIR} failed." - cd "$MODULE_BUILD_DIR" - local NSLCD_PATH=$(find . -executable -name "nslcd") # Not in path, so we 'find' below MODULE_BUILD_DIR - else - cd "$MODULE_BUILD_DIR" - local NSLCD_PATH=$(which nslcd) - fi - [[ $REQUIRED_BINARIES = *nslcd* ]] && [ -z "$NSLCD_PATH" ] && perror "Could not 'which nslcd'" - # Build nslcd service file - mkdir -p "etc/systemd/system" - sed "s,%PATH%,$NSLCD_PATH,g" "$MODULE_DIR/templates/nslcd-systemd.service" > "etc/systemd/system/nslcd.service" || perror "Could not fill nslcd.service template" } post_copy() { diff --git a/remote/modules/pam/module.conf b/remote/modules/pam/module.conf index c0a21a79..4e2e01a1 100644 --- a/remote/modules/pam/module.conf +++ b/remote/modules/pam/module.conf @@ -1,6 +1,5 @@ REQUIRED_BINARIES=" ldapsearch - nslcd rpc.gssd rpc.idmapd sslconnect @@ -15,9 +14,6 @@ REQUIRED_LIBRARIES=" REQUIRED_DIRECTORIES=" /etc/security " -REQUIRED_FILES=" - /etc/systemd/system/nslcd.service -" REQUIRED_SYSTEM_FILES=" /etc/login.defs /etc/securetty diff --git a/remote/modules/pam/module.conf.debian b/remote/modules/pam/module.conf.debian index be237be2..e6661476 100644 --- a/remote/modules/pam/module.conf.debian +++ b/remote/modules/pam/module.conf.debian @@ -1,7 +1,6 @@ REQUIRED_INSTALLED_PACKAGES=" libpam-ldap libnss-ldapd - nslcd libpam-ck-connector libpam-cap krb5-user @@ -22,7 +21,6 @@ REQUIRED_CONTENT_PACKAGES=" libldap-2.4-2 libpam-ldapd libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 diff --git a/remote/modules/pam/module.conf.opensuse.13.2 b/remote/modules/pam/module.conf.opensuse.13.2 new file mode 100644 index 00000000..d4435999 --- /dev/null +++ b/remote/modules/pam/module.conf.opensuse.13.2 @@ -0,0 +1,48 @@ +REQUIRED_NSS_LDAPD_VERSION="nss-pam-ldapd-0.8.13" +REQUIRED_NSS_LDAPD_URL="http://arthurdejong.org/nss-pam-ldapd/$REQUIRED_NSS_LDAPD_VERSION.tar.gz" + +REQUIRED_BINARIES+=" + mkhomedir_helper +" + +REQUIRED_INSTALLED_PACKAGES=" + pam + pam_krb5 + pam-devel + pam-modules + nss-mdns + libopenssl-devel + openldap2-client + nfsidmap + nfs-client + glibc + pam-devel + openldap2-devel + krb5-devel +" +REQUIRED_CONTENT_PACKAGES=" + pam + pam_krb5 + pam-devel + pam-modules + nss-mdns + openldap2-client + nfsidmap + nfs-client + glibc +" +REQUIRED_LIBRARIES+=" + libnss_compat + libnss_db + libnss_dns + libnss_files + libnss_nis +" +REQUIRED_DIRECTORIES+=" + /$LIB64 + /usr/$LIB64 +" +REQUIRED_SYSTEM_FILES+=" + /$LIB64/security +" + diff --git a/remote/modules/pam/module.conf.ubuntu b/remote/modules/pam/module.conf.ubuntu index 4a3635fc..d675116c 100644 --- a/remote/modules/pam/module.conf.ubuntu +++ b/remote/modules/pam/module.conf.ubuntu @@ -1,7 +1,6 @@ REQUIRED_INSTALLED_PACKAGES=" libpam-ldap libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 @@ -20,7 +19,6 @@ REQUIRED_CONTENT_PACKAGES=" libldap-2.4-2 libpam-ldap libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 diff --git a/remote/modules/pam/module.conf.ubuntu.14 b/remote/modules/pam/module.conf.ubuntu.14 index 26307d84..64ead96a 100644 --- a/remote/modules/pam/module.conf.ubuntu.14 +++ b/remote/modules/pam/module.conf.ubuntu.14 @@ -2,7 +2,6 @@ REQUIRED_INSTALLED_PACKAGES=" libpam-ldap libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 @@ -20,7 +19,6 @@ REQUIRED_CONTENT_PACKAGES=" libldap-2.4-2 libpam-ldap libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 @@ -28,14 +26,8 @@ REQUIRED_CONTENT_PACKAGES=" libnfsidmap2 nfs-common cifs-utils - ncpfs " REQUIRED_BINARIES+=" - nwmsg - ncpmount - ncpumount - mount.ncp - mount.ncpfs mount.cifs " REQUIRED_DIRECTORIES+=" @@ -47,11 +39,3 @@ REQUIRED_SYSTEM_FILES+=" /etc/pam.conf /etc/default/locale " - -# For Ubuntu 14.04: Both packages were dropped from official repos. Do not change the -# order, as these packages will be installed via dpkg and depend on each other. -REQUIRED_DOWNLOAD_URLS=" - de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/libncp_2.2.6-9ubuntu1_amd64.deb - de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/libpam-ncp_2.2.6-9ubuntu1_amd64.deb - de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/ncpfs_2.2.6-9ubuntu1_amd64.deb -" diff --git a/remote/modules/pam/templates/nslcd-systemd.service b/remote/modules/pam/templates/nslcd-systemd.service deleted file mode 100644 index 540e67cd..00000000 --- a/remote/modules/pam/templates/nslcd-systemd.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Naming services LDAP client daemon -After=network.target - -[Service] -Type=forking -PIDFile=/var/run/nslcd/nslcd.pid -ExecStart=%PATH% |