blob: 656d9a01b375ae403919f3573838694f83e09f5d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#!/bin/ash
# Needed as pam_script clears PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin"
PASSWD=$(getent passwd "$PAM_USER")
USER_UID=$(echo "$PASSWD" | awk -F ':' '{print $3}')
USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}')
USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}')
# The user's non-persistent home directory mount point, which should be their linux home
TEMP_HOME_DIR="$USER_HOME"
# check if the script runs as root
[ "x$(whoami)" != "xroot" ] && exit 0
# check if PAM_USER is root and skip if it is the case
[ "x${PAM_USER}" == "xroot" ] && exit 0
# source the stuff in pam_script_auth.d, if it exists
if [ -d "/opt/openslx/scripts/pam_script_auth.d" ]; then
for HOOK in $(ls "/opt/openslx/scripts/pam_script_auth.d"); do
# source it, in case of failure do nothing since these scripts are non-critical
. "/opt/openslx/scripts/pam_script_auth.d/$HOOK" || slxlog "pam-source-hooks" "Could not source '$HOOK'."
done
fi
###############################################################################
#
# Preparations for volatile /home/<user>
#
#
# check if we already mounted the home directory
mount | grep -q " $TEMP_HOME_DIR " && exit 0
# no home, lets create it
if [ ! -d "${TEMP_HOME_DIR}" ]; then
mkdir -p "${TEMP_HOME_DIR}" || \
{ slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."; exit 1; }
fi
# now make it a tmpfs
mount -t tmpfs -o mode=700,size=1024m tmpfs "${TEMP_HOME_DIR}" || \
{ slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; }
# create a WARNING.txt for the user
cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF
ATTENTION: This is the non-persistent home directory!
Files saved here will be lost on shutdown.
Your real home is under /home/<user>/PERSISTENT.
Please save your files there.
EOF
###############################################################################
#
# Preparations for /home/<user>/PERSISTENT
#
#
# Script to be sourced to mount the user's persistent home
PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent"
# Script to be run in the user's context iff the persistent home could be mounted successfully
PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user"
# The user's persistent home directory mount point
PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
# create the PERSISTENT directory
mkdir -p "${PERSISTENT_HOME_DIR}" || \
{ slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
if ! chown -R "${PAM_USER}:${USER_GID}" "${TEMP_HOME_DIR}"; then
slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
exit 1
fi
# now lets see if we have a persistent directory mount script
[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0
# yes
. "${PERSISTENT_MOUNT_SCRIPT}" || \
{ slxlog "pam-global-sourcepersistent" "Could not source '${PERSISTENT_MOUNT_SCRIPT}'."; exit 1; }
# Just try to delete the persistent dir. If the mount was successful, it will not work
# If it was not successful, it will be removed so the user doesn't think he can store
# anything in there
rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null
###############################################################################
#
# Preparations for /home/<user>/SHARE
#
#
# Script to be sourced to mount the common share folder
COMMON_SHARE_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_common_share"
# User specific mount point for the common share
COMMON_SHARE_MOUNT_POINT="${TEMP_HOME_DIR}/SHARE"
# create the SHARE directory
mkdir -p "${COMMON_SHARE_MOUNT_POINT}" || \
{ slxlog "pam-global-mkshare" "Could not create '${COMMON_SHARE_MOUNT_POINT}'."; exit 1; }
# chown the new dir
chown "${PAM_USER}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}" || \
{ slxlog "pam-global-chshare" "Could not chown '${COMMON_SHARE_MOUNT_POINT}' to '${PAM_USER}'."; exit 1; }
# check for common share mount script, exit if we don't have one
[ ! -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && exit 0
# we do!
. "${COMMON_SHARE_MOUNT_SCRIPT}" || \
{ slxlog "pam-global-sourceshare" "Could not source '${COMMON_SHARE_MOUNT_SCRIPT}'."; exit 1; }
# Just try to delete the common share dir. If the mount was successful, it will not work
rmdir "${COMMON_SHARE_MOUNT_POINT}" 2> /dev/null
exit 0
|
