blob: 65eefcdcbf580a9559e37c936985a4ae7e79000a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#!/bin/ash
# Needed as pam_script clears PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin"
touch "/tmp/ldapsearch.${PAM_USER}"
chmod 0600 "/tmp/ldapsearch.${PAM_USER}"
if ldapsearch -l 3 -o nettimeout=3 -x -LLL uid="${PAM_USER}" uid homeMount realAccount > "/tmp/ldapsearch.${PAM_USER}" 2>/dev/null; then
VOLUME=$(cat "/tmp/ldapsearch.${PAM_USER}" | grep "^homeMount:" | head -n 1 | cut -d" " -f2)
REAL_ACCOUNT=$(cat "/tmp/ldapsearch.${PAM_USER}" | grep "^realAccount:" | head -n 1 | cut -d" " -f2)
PCASE=$(cat "/tmp/ldapsearch.${PAM_USER}" | grep "^uid:" | head -n 1 | cut -d" " -f2)
[ -n "$PCASE" ] && PAM_USER=$PCASE
fi
PASSWD=$(/usr/bin/getent passwd "$PAM_USER")
USER_UID=$(echo "$PASSWD" | awk -F ':' '{print $3}')
USER_GID=$(echo "$PASSWD" | awk -F ':' '{print $4}')
USER_HOME=$(echo "$PASSWD" | awk -F ':' '{print $6}')
[ -z "$USER_UID" ] && USER_UID=$(/usr/bin/id -u "$PAM_USER")
[ -z "$USER_GID" ] && USER_GID=$(/usr/bin/id -g "$PAM_USER")
[ -z "$USER_HOME" ] && USER_HOME="/home/$PAM_USER"
if [ -z "$USER_UID" -o -z "$USER_GID" ]; then
slxlog "pam-get-ids" "Could not determine UID or GID for user '$PAM_USER'."
exit 1
fi
# The user's non-persistent home directory mount point, which should be their linux home
TEMP_HOME_DIR="$USER_HOME"
# check if the script runs as root
[ "x$(/usr/bin/whoami)" != "xroot" ] && exit 0
# check if PAM_USER is root and skip if it is the case
[ "x${PAM_USER}" == "xroot" ] && exit 0
# source the stuff in pam_script_auth.d, if it exists
if [ -d "/opt/openslx/scripts/pam_script_auth.d" ]; then
for HOOK in $(ls "/opt/openslx/scripts/pam_script_auth.d"); do
# source it, in case of failure do nothing since these scripts are non-critical
. "/opt/openslx/scripts/pam_script_auth.d/$HOOK" || slxlog "pam-source-hooks" "Could not source '$HOOK'."
done
fi
###############################################################################
#
# Preparations for volatile /home/<user>
#
#
# check if we already mounted the home directory
mount | grep -q " $TEMP_HOME_DIR " && exit 0
# no home, lets create it
if [ ! -d "${TEMP_HOME_DIR}" ]; then
mkdir -p "${TEMP_HOME_DIR}" || \
{ slxlog "pam-global-mktemphome" "Could not create '${TEMP_HOME_DIR}'."; exit 1; }
fi
# now make it a tmpfs
mount -t tmpfs -o mode=700,size=1024m tmpfs "${TEMP_HOME_DIR}" || \
{ slxlog "pam-global-tmpfstemphome" "Could not make a tmpfs on ${TEMP_HOME_DIR}"; exit 1; }
# create a WARNING.txt for the user
cat > "${TEMP_HOME_DIR}/WARNING.txt" << EOF
ATTENTION: This is the non-persistent home directory!
Files saved here will be lost on shutdown.
Your real home is under /home/<user>/PERSISTENT.
Please save your files there.
EOF
###############################################################################
#
# Preparations for /home/<user>/PERSISTENT
#
#
# Script to be sourced to mount the user's persistent home
PERSISTENT_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent"
# Script to be run in the user's context iff the persistent home could be mounted successfully
PERSISTENT_MOUNT_USER_SCRIPT="/opt/openslx/scripts/pam_script_mount_persistent_user"
# The user's persistent home directory mount point
PERSISTENT_HOME_DIR="${TEMP_HOME_DIR}/PERSISTENT"
# create the PERSISTENT directory
mkdir -p "${PERSISTENT_HOME_DIR}" || \
{ slxlog "pam-global-mkpersistent" "Could not create '${PERSISTENT_HOME_DIR}'."; exit 1; }
if ! chown -R "${USER_UID}:${USER_GID}" "${TEMP_HOME_DIR}"; then
slxlog "pam-global-chpersistent " "Could not chown '${TEMP_HOME_DIR}' to '${PAM_USER}'."
exit 1
fi
# now lets see if we have a persistent directory mount script
[ ! -e "${PERSISTENT_MOUNT_SCRIPT}" ] && exit 0
# yes
. "${PERSISTENT_MOUNT_SCRIPT}" || \
{ slxlog "pam-global-sourcepersistent" "Could not source '${PERSISTENT_MOUNT_SCRIPT}'."; exit 1; }
# Just try to delete the persistent dir. If the mount was successful, it will not work
# If it was not successful, it will be removed so the user doesn't think he can store
# anything in there
rmdir "$PERSISTENT_HOME_DIR" 2> /dev/null
###############################################################################
#
# Preparations for /home/<user>/SHARE
#
#
# Script to be sourced to mount the common share folder
COMMON_SHARE_MOUNT_SCRIPT="/opt/openslx/scripts/pam_script_mount_common_share"
# User specific mount point for the common share
COMMON_SHARE_MOUNT_POINT="${TEMP_HOME_DIR}/SHARE"
# create the SHARE directory
mkdir -p "${COMMON_SHARE_MOUNT_POINT}" || \
{ slxlog "pam-global-mkshare" "Could not create '${COMMON_SHARE_MOUNT_POINT}'."; exit 1; }
# chown the new dir
chown "${USER_UID}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}" || \
{ slxlog "pam-global-chshare" "Could not chown '${COMMON_SHARE_MOUNT_POINT}' to '${PAM_USER}'."; exit 1; }
# check for common share mount script, exit if we don't have one
[ ! -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && exit 0
# we do!
COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" || \
{ slxlog "pam-global-sourceshare" "Could not source '${COMMON_SHARE_MOUNT_SCRIPT}'."; exit 1; }
# Just try to delete the common share dir. If the mount was successful, it will not work
rmdir "${COMMON_SHARE_MOUNT_POINT}" 2> /dev/null
exit 0
|
