From de67ad7f7b5d5b8b15c91df3609cc7d093888ce3 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Thu, 2 Apr 2015 16:31:08 +0200 Subject: [pam-common-share] removed bash specifics in pam-common-share scripts --- .../openslx/scripts/pam_script_mount_common_share | 96 +++++++++++++--------- .../pam/data/opt/openslx/scripts/pam_script_auth | 2 +- 2 files changed, 60 insertions(+), 38 deletions(-) (limited to 'remote/modules') diff --git a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share index 85a3fcc0..9600fa4d 100644 --- a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share +++ b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share @@ -1,36 +1,41 @@ ################################################################### # -# This script is a part of the pam_script_auth script -# and is not stand-alone! +# This script is a part of the pam_script_auth script +# and is not stand-alone! # -# It will try to mount the common shares specified in the -# variables of the global slx config '/opt/openslx/config'. -# A primary and a secondary share may be given. Every share -# require following bundle of variables: +# It will try to mount the common shares specified in the +# variables of the global slx config '/opt/openslx/config'. +# An arbitrary number of shares may be given. Every share +# requires following bundle of variables: # # -# SLX_SHARE_[0-9]_AUTH_TYPE [guest|user|pam] -# SLX_SHARE_[0-9]_AUTH_USER -# SLX_SHARE_[0-9]_AUTH_PASS -# SLX_SHARE_[0-9]_PERM [ro|rw] -# SLX_SHARE_[0-9]_PATH +# SLX_SHARE__AUTH_TYPE [guest|user|pam] +# SLX_SHARE__AUTH_USER +# SLX_SHARE__AUTH_PASS +# SLX_SHARE__PERM [ro|rw] +# SLX_SHARE__PATH # -# Example: -# SLX_SHARE_0_PATH='//windows.server/sharename' -# SLX_SHARE_0_AUTH_TYPE='user' -# SLX_SHARE_0_AUTH_USER='shareuser' -# SLX_SHARE_0_AUTH_PASS='sharepass' -# SLX_SHARE_0_PERM='rw' +# Note: is the identifier of the share. # -# Note: When AUTH_TYPE is set to 'pam' or 'guest', -# no need to specify AUTH_USER or AUTH_PASS. +# Example: +# SLX_SHARE_0_PATH='//windows.server/sharename' +# SLX_SHARE_0_AUTH_TYPE='user' +# SLX_SHARE_0_AUTH_USER='shareuser' +# SLX_SHARE_0_AUTH_PASS='sharepass' +# SLX_SHARE_0_PERM='rw' # +# Note: If AUTH_TYPE is set to 'pam' or 'guest', then +# there is no need to specify AUTH_USER or AUTH_PASS +# as it is obviously not needed. # -# usage: mount_share +################################################################### +# +# Internal helper function to mount a share +# usage: mount_share mount_share() { - # only want two arguments + # since we are (hopefully) the only one using this function, we know we need excatly 6 args [ $# -ne 6 ] && { slxlog "pam-share-args" "Wrong number of arguments given! Need 6, $# given."; return; } - + # lets check if we have our variables local SHARE_AUTH_TYPE="$1" local SHARE_AUTH_USER="$2" @@ -43,7 +48,7 @@ mount_share() { [ "x${SHARE_PERM}" != "xrw" ] && SHARE_PERM='ro' # all good: now we can mount depending on the type - # supports: cifs?/nfs? + # supports: cifs?/nfs? if [ "${SHARE_PATH:0:2}" = "//" ]; then # '//' prefixed, assume windows share # prepare common mount options for either authentication type @@ -104,9 +109,14 @@ mount_share() { # always unset credentials unset USER unset PASSWD + elid fi } +################################################################### +# +# MAIN SCRIPT +# # at this point we need the slx config to do anything [ -e "/opt/openslx/config" ] || \ { slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; } @@ -115,28 +125,40 @@ mount_share() { . /opt/openslx/config || \ { slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; } +# +# +# # Since many shares can be specified, we need to identify how many we have first. -# We just go over all SLX_SHARE_* variables and check for those ending in _PATH +# We just go over all SLX_SHARE_* variables and check for those ending in _PATH. +# So e.g. for SLX_SHARE_0_PATH= the SHARE variable would be equal to 'SLX_SHARE_0_PATH' # For each of those, a share was specified and we will try to mount it. -for SHARE in ${!SLX_SHARE_*}; do - # skip if the variable doesn't end in _PATH - [[ "$SHARE" =~ .*_PATH$ ]] || continue - # first let's check if we have already mounted it, since we don't have to - # do anything is it already is. - if mount | grep -q "${SHARE}"; then - # already mounted, just skip. +for SHARE in $(grep -E '^SLX_SHARE_[0-9]+_PATH=.*$' /opt/openslx/config); do + # first let's check if we have already mounted it and skip if it is + # TODO: this should be good enough? stronger checks? + if mount | grep -q "$(echo ${SHARE} | awk -F '=' '{print $2}' | tr -d \'\")"; then + # already mounted, just skip + # this should not happen anyway, since the pam_script_auth script also exits + # if the temporary home user directory is already mounted... continue fi - # ok so we have a path in $SHARE, let's extract the number of the share + # ok so we have the full declaration command in $SHARE, + # let's extract the number of the share. # i.e. SLX_SHARE_0_PATH -> share number 0 - # first strip the leading SLX_SHARE_ - SHARE=${SHARE#SLX_SHARE_} + # first just cut everything after '=' + SHARE_NUM="$(echo $SHARE | awk -F '=' '{print $1}')" + # now strip the leading SLX_SHARE_ + SHARE_NUM=${SHARE_NUM#SLX_SHARE_} # now remove the trailing _PATH - SHARE=${SHARE%_PATH} + SHARE_NUM=${SHARE_NUM%_PATH} # now it should be a number, TODO accept more than numbers? Doesn't really matter... # this check is mostly to be sure that the variable splitting worked as it should - [[ "$SHARE" =~ ^[0-9]+$ ]] || continue - eval mount_share \""\$SLX_SHARE_${SHARE}_AUTH_TYPE"\" \""\$SLX_SHARE_${SHARE}_AUTH_USER"\" \""\$SLX_SHARE_${SHARE}_AUTH_PASS"\" \""\$SLX_SHARE_${SHARE}_PERM"\" \""\$SLX_SHARE_${SHARE}_PATH"\" \""$SHARE"\" + # ugly cause we need to be ash compatible ... + if ! echo "${SHARE_NUM}" | grep -q -E '^[0-9]+$'; then + continue + fi + + # now do try to mount the share using the helper function defined on the top of this script + eval mount_share \""\$SLX_SHARE_${SHARE_NUM}_AUTH_TYPE"\" \""\$SLX_SHARE_${SHARE_NUM}_AUTH_USER"\" \""\$SLX_SHARE_${SHARE_NUM}_AUTH_PASS"\" \""\$SLX_SHARE_${SHARE_NUM}_PERM"\" \""\$SLX_SHARE_${SHARE_NUM}_PATH"\" \""$SHARE_NUM"\" ## unset USER and PASSWD just in case mount_share returned due to an error. unset USER unset PASSWD diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth index 3b8bf676..f9636ced 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth @@ -105,7 +105,7 @@ chown "${PAM_USER}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}" || \ [ ! -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && exit 0 # we do! -COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/bash "${COMMON_SHARE_MOUNT_SCRIPT}" || \ +COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" || \ { slxlog "pam-global-sourceshare" "Could not source '${COMMON_SHARE_MOUNT_SCRIPT}'."; exit 1; } # Just try to delete the common share dir. If the mount was successful, it will not work -- cgit v1.2.3-55-g7522