diff options
Diffstat (limited to 'remote')
-rwxr-xr-x | remote/modules/pam/data/opt/openslx/scripts/pam_script_auth | 130 |
1 files changed, 76 insertions, 54 deletions
diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth index b8ed4166..0fe73cbd 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth @@ -26,40 +26,25 @@ TEMP_HOME_DIR="$USER_HOME" # check if PAM_USER is root and skip if it is the case [ "x${PAM_USER}" == "xroot" ] && exit 0 -# source the stuff in pam_script_auth.d, if it exists -if [ -d "/opt/openslx/scripts/pam_script_auth.d" ]; then - for HOOK in $(ls "/opt/openslx/scripts/pam_script_auth.d"); do - # source it, in case of failure do nothing since these scripts are non-critical - . "/opt/openslx/scripts/pam_script_auth.d/$HOOK" || slxlog "pam-source-hooks" "Could not source '$HOOK'." - done -fi - ############################################################################### # # Preparations for volatile /home/<user> # # # check if we already mounted the home directory -mount | grep -q " $TEMP_HOME_DIR " && exit 0 - -# no home, lets create it -if [ ! -d "${TEMP_HOME_DIR}" ]; then - mkdir -p "${TEMP_HOME_DIR}" || \ - { slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."; exit 1; } +if ! mount | grep -q -F " ${TEMP_HOME_DIR} "; then + # no home, lets create it + if ! mkdir -p "${TEMP_HOME_DIR}"; then + slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'." + exit 1 + fi + # now make it a tmpfs + if ! mount -t tmpfs -o mode=700,size=1024m tmpfs "${TEMP_HOME_DIR}"; then + slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}" + exit 1 + fi fi -# now make it a tmpfs -mount -t tmpfs -o mode=700,size=1024m tmpfs "${TEMP_HOME_DIR}" || \ - { slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; } - -# create a WARNING.txt for the user -cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF -ATTENTION: This is the non-persistent home directory! -Files saved here will be lost on shutdown. -Your real home is under /home/<user>/PERSISTENT. -Please save your files there. -EOF - ############################################################################### # # Preparations for /home/<user>/PERSISTENT @@ -72,25 +57,50 @@ PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_u # The user's persistent home directory mount point PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT" -# create the PERSISTENT directory -mkdir -p "${PERSISTENT_HOME_DIR}" || \ - { slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; } - -if ! chown -R "${USER_UID}:${USER_GID}" "${TEMP_HOME_DIR}"; then - slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'." - exit 1 -fi +# now lets see if we have a persistent directory mount script, and it's not already mounted +if [ -e "${PERSISTENT_MOUNT_SCRIPT}" ] && ! mount | grep -q -F " ${PERSISTENT_HOME_DIR} "; then + # seems we should try to mount... + # create the PERSISTENT directory and give to user + if ! mkdir -p "${PERSISTENT_HOME_DIR}"; then + slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'." + elif ! chown "${USER_UID}:${USER_GID}" "${TEMP_HOME_DIR}"; then + slxlog "pam-global-chpersistent" "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'." + else + # everything seems ok, call mount script + . "${PERSISTENT_MOUNT_SCRIPT}" \ + || slxlog "pam-global-sourcepersistent" "Could not source '${PERSISTENT_MOUNT_SCRIPT}'." + if [ -n "${REAL_ACCOUNT}" ]; then + echo "${REAL_ACCOUNT}" > "${TEMP_HOME_DIR}/.account" + chmod 0644 "${TEMP_HOME_DIR}/.account" + fi + fi +fi # end "mount-home-script-exists" -# now lets see if we have a persistent directory mount script -[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0 -# yes -. "${PERSISTENT_MOUNT_SCRIPT}" || \ - { slxlog "pam-global-sourcepersistent" "Could not source '${PERSISTENT_MOUNT_SCRIPT}'."; exit 1; } # Just try to delete the persistent dir. If the mount was successful, it will not work # If it was not successful, it will be removed so the user doesn't think he can store # anything in there -rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null +rmdir "${PERSISTENT_HOME_DIR}" 2> /dev/null + +# Write warning message to tmpfs home +if [ -d "${PERSISTENT_HOME_DIR}" ]; then + # create a WARNING.txt for the user with hint to PERSISTENT + cat > "${TEMP_HOME_DIR}/WARNING.txt" <<EOF +ATTENTION: This is the non-persistent home directory! +Files saved here will be lost on shutdown. +Your real home is under ${PERSISTENT_HOME_DIR} +Please save your files there. +EOF +else + # create a WARNING.txt for the user, no PERSISTENT :-( + cat > "${TEMP_HOME_DIR}/WARNING.txt" <<EOF +ATTENTION: This is a non-persistent home directory! +Files saved here will be lost on shutdown. +Please save your files on a USB drive or upload them +to some web service. +EOF +fi +chown "${USER_UID}" "${TEMP_HOME_DIR}/WARNING.txt" ############################################################################### # @@ -102,23 +112,35 @@ COMMON_SHARE_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_common_share" # User specific mount point for the common share COMMON_SHARE_MOUNT_POINT="${TEMP_HOME_DIR}/SHARE" -# create the SHARE directory -mkdir -p "${COMMON_SHARE_MOUNT_POINT}" || \ - { slxlog "pam-global-mkshare" "Could not create '${COMMON_SHARE_MOUNT_POINT}'."; exit 1; } - -# chown the new dir -chown "${USER_UID}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}" || \ - { slxlog "pam-global-chshare" "Could not chown '${COMMON_SHARE_MOUNT_POINT}' to '${PAM_USER}'."; exit 1; } - # check for common share mount script, exit if we don't have one -[ ! -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && exit 0 - -# we do! -COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" || \ - { slxlog "pam-global-sourceshare" "Could not source '${COMMON_SHARE_MOUNT_SCRIPT}'."; exit 1; } - +if [ -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && ! mount | grep -q -F " ${COMMON_SHARE_MOUNT_POINT} "; then + # create the SHARE directory + if ! mkdir -p "${COMMON_SHARE_MOUNT_POINT}"; then + slxlog "pam-global-mkshare" "Could not create '${COMMON_SHARE_MOUNT_POINT}'." + elif ! chown "${USER_UID}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}"; then + slxlog "pam-global-chshare" "Could not chown '${COMMON_SHARE_MOUNT_POINT}' to '${PAM_USER}'." + else + COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" \ + PAM_USER="${PAM_USER}" \ + PAM_AUTHTOK="${PAM_AUTHTOK}" \ + USER_UID="${USER_UID}" \ + USER_GID="${USER_GID}" \ + /bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" \ + || slxlog "pam-global-sourceshare" "Could not execute '${COMMON_SHARE_MOUNT_SCRIPT}'." + fi +fi # Just try to delete the common share dir. If the mount was successful, it will not work rmdir "${COMMON_SHARE_MOUNT_POINT}" 2> /dev/null +# +# source the stuff in pam_script_auth.d, if it exists +# +if [ -d "/opt/openslx/scripts/pam_script_auth.d" ]; then + for HOOK in $(ls "/opt/openslx/scripts/pam_script_auth.d"); do + # source it, in case of failure do nothing since these scripts are non-critical + . "/opt/openslx/scripts/pam_script_auth.d/$HOOK" || slxlog "pam-source-hooks" "Could not source '$HOOK'." + done +fi + exit 0 |