From 9c388786c9071e7fc2f37d146bdde558a2a7499a Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Tue, 7 Oct 2014 16:22:18 +0200
Subject: [pam-common-share] dummy module with pam-script file to mount a
 common share

---
 .../openslx/scripts/pam_script_mount_common_share  | 82 ++++++++++++++++++++++
 remote/modules/pam-common-share/module.build       | 11 +++
 remote/modules/pam-common-share/module.conf        |  3 +
 3 files changed, 96 insertions(+)
 create mode 100644 remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share
 create mode 100644 remote/modules/pam-common-share/module.build
 create mode 100644 remote/modules/pam-common-share/module.conf

diff --git a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share
new file mode 100644
index 00000000..e11a3681
--- /dev/null
+++ b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share
@@ -0,0 +1,82 @@
+###################################################################
+#
+#       This script is a part of the pam_script_auth script
+#       and is not stand-alone!
+#
+#       It will try to mount the common share as specified in the
+#       variables SLX_COMMON_SHARE_PATH and SLX_COMMON_SHARE_AUTH of
+#       the global slx config '/opt/openslx/config'. Supported AUTH
+#       are 'guest' and 'user'. First is self-explanatory, second 
+#       will use the user's credentials to authorize the mount.
+#
+#       Example:
+#                 SLX_COMMON_SHARE_PATH='//windows.server/sharename'
+#                 SLX_COMMON_SHARE_AUTH='user'
+#
+#
+
+mount_common_share {
+	# at this point we need the slx config to do anything
+	[ -e "/opt/openslx/config" ] || \
+		{ slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; }
+	
+	# we have it as we should, source it
+	. /opt/openslx/config || \
+		{ slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; }
+	
+	# lets check if we have our variables
+	[ "x${SLX_COMMON_SHARE_PATH}" != "x" ] || \
+		{ slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_PATH' found in config!"; return; }
+	[ "x${SLX_COMMON_SHARE_AUTH}" != "x" ] || \
+		{ slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_AUTH' found in config!"; return; }
+	
+	# all good: now we can mount depending on the type
+	# supports: cifs?/nfs? 
+	if [ "${SLX_COMMON_SHARE_PATH:0:2}" = "//" ]; then
+		# '//' prefixed, assume windows share
+		# prepare common mount options for either authentication type
+		MOUNT_OPTS="-t cifs"
+
+		# flag for failure
+		SIGNAL=$(mktemp)
+		rm -f -- "${SIGNAL}"
+		# output of command
+		MOUNT_OUTPUT=$(mktemp)
+		# now see if the share needs credentials
+		if [ "${SLX_COMMON_SHARE_AUTH}" = "guest" ]; then
+			MOUNT_OPTS="${MOUNT_OPTS} -o guest"
+		elif [ "${SLX_COMMON_SHARE_AUTH}" = "user" ]; then
+			export USER="{PAM_USER}"
+			export PASSWD="{PAM_AUTHTOK}"
+			MOUNT_OPTS="${MOUNT_OPTS} -o uid=${USER_GID},gid=${USER_GID},forceuid,forcegid,nobrl,noacl"
+		else
+			slxlog "pam-share-auth" "Auth type '${SLX_COMMON_SHARE_AUTH}' not supported."
+			return;
+		fi
+
+		# now try to mount it
+		( mount ${MOUNT_OPTS} "${SLX_COMMON_SHARE_PATH}" "${COMMON_SHARE_MOUNT_POINT}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) &
+		MOUNT_PID=$!
+		for COUNTER in 1 1 2 4; do
+			kill -0 "${MOUNT_PID}" 2>/dev/null || break
+			sleep "${COUNTER}"
+		done
+
+		# check for failures
+		if [ -e "${SIGNAL}" ]; then
+			slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}"
+			rm -f -- "${SIGNAL}"
+		elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
+			slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}"
+		fi
+		( sleep 2; rm -f -- "${MOUNT_OUTPUT}" ) &
+
+		# always unset credentials
+		unset USER
+		unset PASSWD
+	fi
+
+	# TODO support more than CIFS? NFS maybe?
+}
+
+mount_common_share
diff --git a/remote/modules/pam-common-share/module.build b/remote/modules/pam-common-share/module.build
new file mode 100644
index 00000000..62d96224
--- /dev/null
+++ b/remote/modules/pam-common-share/module.build
@@ -0,0 +1,11 @@
+fetch_source() {
+	:
+}
+
+build() {
+	pinfo "Static module, nothing to build."
+}
+
+post_copy() {
+	:
+}
diff --git a/remote/modules/pam-common-share/module.conf b/remote/modules/pam-common-share/module.conf
new file mode 100644
index 00000000..0cd03752
--- /dev/null
+++ b/remote/modules/pam-common-share/module.conf
@@ -0,0 +1,3 @@
+REQUIRED_BINARIES=""
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""
-- 
cgit v1.2.3-55-g7522