From ed1db384f7e6a36742a67abbb58428b69db4261b Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 24 Feb 2016 16:48:01 +0100
Subject: [pam] Clean up pam_script_auth, don't exit on noncritical errors

---
 .../pam/data/opt/openslx/scripts/pam_script_auth   | 130 ++++++++++++---------
 1 file changed, 76 insertions(+), 54 deletions(-)

diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth
index b8ed4166..0fe73cbd 100755
--- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth
+++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth
@@ -26,40 +26,25 @@ TEMP_HOME_DIR="$USER_HOME"
 # check if PAM_USER is root and skip if it is the case
 [ "x${PAM_USER}" == "xroot" ] && exit 0
 
-# source the stuff in pam_script_auth.d, if it exists
-if [ -d "/opt/openslx/scripts/pam_script_auth.d" ]; then
-	for HOOK in $(ls "/opt/openslx/scripts/pam_script_auth.d"); do
-		# source it, in case of failure do nothing since these scripts are non-critical
-		. "/opt/openslx/scripts/pam_script_auth.d/$HOOK" || slxlog "pam-source-hooks" "Could not source '$HOOK'."
-	done
-fi
-
 ###############################################################################
 #
 #                    Preparations for volatile /home/<user>
 #
 #
 # check if we already mounted the home directory
-mount | grep -q " $TEMP_HOME_DIR " && exit 0
-
-# no home, lets create it
-if [ ! -d "${TEMP_HOME_DIR}" ]; then
-	mkdir -p "${TEMP_HOME_DIR}" || \
-		{ slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."; exit 1; }
+if ! mount | grep -q -F " ${TEMP_HOME_DIR} "; then
+	# no home, lets create it
+	if ! mkdir -p "${TEMP_HOME_DIR}"; then
+		slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."
+		exit 1
+	fi
+	# now make it a tmpfs
+	if ! mount -t tmpfs -o mode=700,size=1024m tmpfs "${TEMP_HOME_DIR}"; then
+		slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"
+		exit 1
+	fi
 fi
 
-# now make it a tmpfs
-mount -t tmpfs -o mode=700,size=1024m tmpfs "${TEMP_HOME_DIR}" || \
-	{ slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; }
-
-# create a WARNING.txt for the user
-cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF
-ATTENTION: This is the non-persistent home directory!
-Files saved here will be lost on shutdown.
-Your real home is under /home/<user>/PERSISTENT.
-Please save your files there.
-EOF
-
 ###############################################################################
 #
 #                    Preparations for /home/<user>/PERSISTENT
@@ -72,25 +57,50 @@ PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_u
 # The user's persistent home directory mount point
 PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
 
-# create the PERSISTENT directory
-mkdir -p "${PERSISTENT_HOME_DIR}" || \
-	{ slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
-
-if ! chown -R "${USER_UID}:${USER_GID}" "${TEMP_HOME_DIR}"; then
-	slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
-	exit 1
-fi
+# now lets see if we have a persistent directory mount script, and it's not already mounted
+if [ -e "${PERSISTENT_MOUNT_SCRIPT}" ] && ! mount | grep -q -F " ${PERSISTENT_HOME_DIR} "; then
+	# seems we should try to mount...
+	# create the PERSISTENT directory and give to user
+	if ! mkdir -p "${PERSISTENT_HOME_DIR}"; then
+		slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."
+	elif ! chown "${USER_UID}:${USER_GID}" "${TEMP_HOME_DIR}"; then
+		slxlog "pam-global-chpersistent" "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
+	else
+		# everything seems ok, call mount script
+		. "${PERSISTENT_MOUNT_SCRIPT}" \
+			|| slxlog "pam-global-sourcepersistent" "Could not source '${PERSISTENT_MOUNT_SCRIPT}'."
+		if [ -n "${REAL_ACCOUNT}" ]; then
+			echo "${REAL_ACCOUNT}" > "${TEMP_HOME_DIR}/.account"
+			chmod 0644 "${TEMP_HOME_DIR}/.account"
+		fi
+	fi
+fi # end "mount-home-script-exists"
 
-# now lets see if we have a persistent directory mount script
-[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0
-# yes
-. "${PERSISTENT_MOUNT_SCRIPT}" || \
-	{ slxlog "pam-global-sourcepersistent" "Could not source '${PERSISTENT_MOUNT_SCRIPT}'."; exit 1; }
 
 # Just try to delete the persistent dir. If the mount was successful, it will not work
 # If it was not successful, it will be removed so the user doesn't think he can store
 # anything in there
-rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null
+rmdir "${PERSISTENT_HOME_DIR}" 2> /dev/null
+
+# Write warning message to tmpfs home
+if [ -d "${PERSISTENT_HOME_DIR}" ]; then
+	# create a WARNING.txt for the user with hint to PERSISTENT
+	cat > "${TEMP_HOME_DIR}/WARNING.txt" <<EOF
+ATTENTION: This is the non-persistent home directory!
+Files saved here will be lost on shutdown.
+Your real home is under ${PERSISTENT_HOME_DIR}
+Please save your files there.
+EOF
+else
+	# create a WARNING.txt for the user, no PERSISTENT :-(
+	cat > "${TEMP_HOME_DIR}/WARNING.txt" <<EOF
+ATTENTION: This is a non-persistent home directory!
+Files saved here will be lost on shutdown.
+Please save your files on a USB drive or upload them
+to some web service.
+EOF
+fi
+chown "${USER_UID}" "${TEMP_HOME_DIR}/WARNING.txt"
 
 ###############################################################################
 #
@@ -102,23 +112,35 @@ COMMON_SHARE_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_common_share"
 # User specific mount point for the common share
 COMMON_SHARE_MOUNT_POINT="${TEMP_HOME_DIR}/SHARE"
 
-# create the SHARE directory
-mkdir -p "${COMMON_SHARE_MOUNT_POINT}" || \
-	{ slxlog "pam-global-mkshare" "Could not create '${COMMON_SHARE_MOUNT_POINT}'."; exit 1; }
-
-# chown the new dir
-chown "${USER_UID}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}" || \
-	{ slxlog "pam-global-chshare" "Could not chown '${COMMON_SHARE_MOUNT_POINT}' to '${PAM_USER}'."; exit 1; }
-
 # check for common share mount script, exit if we don't have one
-[ ! -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && exit 0
-
-# we do!
-COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" || \
-	{ slxlog "pam-global-sourceshare" "Could not source '${COMMON_SHARE_MOUNT_SCRIPT}'."; exit 1; }
-
+if [ -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && ! mount | grep -q -F " ${COMMON_SHARE_MOUNT_POINT} "; then
+	# create the SHARE directory
+	if ! mkdir -p "${COMMON_SHARE_MOUNT_POINT}"; then
+		slxlog "pam-global-mkshare" "Could not create '${COMMON_SHARE_MOUNT_POINT}'."
+	elif ! chown "${USER_UID}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}"; then
+		slxlog "pam-global-chshare" "Could not chown '${COMMON_SHARE_MOUNT_POINT}' to '${PAM_USER}'."
+	else
+		COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" \
+			PAM_USER="${PAM_USER}" \
+			PAM_AUTHTOK="${PAM_AUTHTOK}" \
+			USER_UID="${USER_UID}" \
+			USER_GID="${USER_GID}" \
+			/bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" \
+			|| slxlog "pam-global-sourceshare" "Could not execute '${COMMON_SHARE_MOUNT_SCRIPT}'."
+	fi
+fi
 # Just try to delete the common share dir. If the mount was successful, it will not work
 rmdir "${COMMON_SHARE_MOUNT_POINT}" 2> /dev/null
 
+#
+# source the stuff in pam_script_auth.d, if it exists
+#
+if [ -d "/opt/openslx/scripts/pam_script_auth.d" ]; then
+	for HOOK in $(ls "/opt/openslx/scripts/pam_script_auth.d"); do
+		# source it, in case of failure do nothing since these scripts are non-critical
+		. "/opt/openslx/scripts/pam_script_auth.d/$HOOK" || slxlog "pam-source-hooks" "Could not source '$HOOK'."
+	done
+fi
+
 exit 0
 
-- 
cgit v1.2.3-55-g7522