1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
###################################################################
#
# This script is a part of the pam_script_auth script
# and is not stand-alone!
#
# It will try to mount the common share as specified in the
# variables SLX_COMMON_SHARE_PATH and SLX_COMMON_SHARE_AUTH of
# the global slx config '/opt/openslx/config'. Supported AUTH
# are 'guest' and 'user'. First is self-explanatory, second
# will use the user's credentials to authorize the mount.
#
# Example:
# SLX_COMMON_SHARE_PATH='//windows.server/sharename'
# SLX_COMMON_SHARE_AUTH='user'
#
#
mount_common_share() {
# at this point we need the slx config to do anything
[ -e "/opt/openslx/config" ] || \
{ slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; }
# we have it as we should, source it
. /opt/openslx/config || \
{ slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; }
# lets check if we have our variables
[ "x${SLX_COMMON_SHARE_PATH}" != "x" ] || \
{ slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_PATH' found in config!"; return; }
[ "x${SLX_COMMON_SHARE_AUTH}" != "x" ] || \
{ slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_AUTH' found in config!"; return; }
# all good: now we can mount depending on the type
# supports: cifs?/nfs?
if [ "${SLX_COMMON_SHARE_PATH:0:2}" = "//" ]; then
# '//' prefixed, assume windows share
# prepare common mount options for either authentication type
MOUNT_OPTS="-t cifs -o nounix,uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,nobrl,noacl"
# flag for failure
SIGNAL=$(mktemp)
rm -f -- "${SIGNAL}"
# output of command
MOUNT_OUTPUT=$(mktemp)
# now see if the share needs credentials
if [ "${SLX_COMMON_SHARE_AUTH}" = "guest" ]; then
MOUNT_OPTS="${MOUNT_OPTS},guest,file_mode=0777,dir_mode=0777"
elif [ "${SLX_COMMON_SHARE_AUTH}" = "user" ]; then
export USER="{PAM_USER}"
export PASSWD="{PAM_AUTHTOK}"
MOUNT_OPTS="${MOUNT_OPTS},sec=ntlm,file_mode=0700,dir_mode=0700"
else
slxlog "pam-share-auth" "Auth type '${SLX_COMMON_SHARE_AUTH}' not supported."
return;
fi
# now try to mount it
( mount ${MOUNT_OPTS} "${SLX_COMMON_SHARE_PATH}" "${COMMON_SHARE_MOUNT_POINT}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) &
MOUNT_PID=$!
for COUNTER in 1 1 2 4; do
kill -0 "${MOUNT_PID}" 2>/dev/null || break
sleep "${COUNTER}"
done
# check for failures
if [ -e "${SIGNAL}" ]; then
slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}"
rm -f -- "${SIGNAL}"
elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}"
fi
( sleep 2; rm -f -- "${MOUNT_OUTPUT}" ) &
# always unset credentials
unset USER
unset PASSWD
fi
# TODO support more than CIFS? NFS maybe?
}
mount_common_share
|