summaryrefslogtreecommitdiffstats
path: root/data
diff options
context:
space:
mode:
authorSimon Rettberg2018-01-29 12:16:53 +0100
committerSimon Rettberg2018-01-29 12:16:53 +0100
commit106d94fa8dfc599e425700f3d28e5f903e39c3c8 (patch)
treeb3c708965e8221f3dde2e28737b426f7672bf2c5 /data
parent[https/backup] Store cert only in separate .pem for further use (diff)
downloadtmlite-bwlp-106d94fa8dfc599e425700f3d28e5f903e39c3c8.tar.gz
tmlite-bwlp-106d94fa8dfc599e425700f3d28e5f903e39c3c8.tar.xz
tmlite-bwlp-106d94fa8dfc599e425700f3d28e5f903e39c3c8.zip
mount-script: Better timeout, try domain guessing, logging, cleanup
Diffstat (limited to 'data')
-rw-r--r--data/ad/mountscript76
1 files changed, 51 insertions, 25 deletions
diff --git a/data/ad/mountscript b/data/ad/mountscript
index 3cf286d..810eed6 100644
--- a/data/ad/mountscript
+++ b/data/ad/mountscript
@@ -10,6 +10,7 @@ RESULT=
REAL_ACCOUNT=
WAIT=
TMPDEL=
+LOGFILES=
if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
if which gawk &>/dev/null; then
un64() {
@@ -42,11 +43,11 @@ if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
fi
rm -f -- "${PW}"
VOLUME=$(cat "${RESULT}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2-)
- [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${RESULT}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2)
+ [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${RESULT}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2-)
fi
[ -z "$VOLUME" ] && VOLUME=$(cat "${SEARCH}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2-)
[ -z "$VOLUME" ] && slxlog "pam-ad-ldapvolume" "AD/Proxy did not provide 'homeMount'. Aborting mount for ${PAM_USER}." "${RESULT}"
- [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${SEARCH}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2)
+ [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${SEARCH}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2-)
[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT="${PAM_USER}"
fi
@@ -54,6 +55,21 @@ if [ -n "${VOLUME}" ]; then
isHomeMounted() {
grep -Fuq " ${PERSISTENT_HOME_DIR} " /proc/mounts
}
+ # Most servers can work without, but some don't
+ XDOMAIN=
+ if [ -s "/opt/openslx/inc/shares" ]; then
+ . /opt/openslx/inc/shares
+ XDOMAIN="${SHARE_DOMAIN}"
+ fi
+ if [ -z "$XDOMAIN" ]; then
+ XDOMAIN=$(<"/etc/ldap.conf" grep -m1 -i '^BASE\s.*DC=' | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
+ fi
+ if [ -z "$XDOMAIN" ]; then
+ XDOMAIN=$(<"/etc/sssd/sssd.conf" grep -m1 -i '^ldap_search_base\s*=.*DC=' | grep -o -E -i 'DC=[^,;]+' | head -n 1 | cut -c 4-)
+ fi
+ if [ "x$XDOMAIN" = "x#" ]; then
+ XDOMAIN=
+ fi
# Remember for hooks in pam_script_auth.d
export PERSISTENT_NETPATH=$(echo "$VOLUME" | tr '/' '\')
@@ -64,42 +80,52 @@ if [ -n "${VOLUME}" ]; then
CNT=0
PIDS=
for opt in "vers=3.0,sec=ntlmssp" "vers=2.1,sec=ntlmssp" "vers=1.0,sec=ntlm" "vers=3.0,sec=ntlmv2" "vers=1.0,sec=ntlmv2" "vers=3.0,sec=ntlm" "vers=2.0,sec=ntlmssp"; do
- CNT=$(( CNT + 1 ))
- FILEVAR="LOG$CNT"
- FILE=$(mktemp)
- eval "${FILEVAR}=$FILE"
- TMPDEL="$TMPDEL $FILE"
- MOUNT_OPTS="-v -t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,${opt},nounix,file_mode=0700,dir_mode=0700,noacl,nobrl"
- echo " * Trying '$opt'" > "$FILE"
- mount ${MOUNT_OPTS} "${VOLUME}" "${PERSISTENT_HOME_DIR}" >> "${FILE}" 2>&1 &
- PID=$!
- PIDS="$PIDS $PID" # Remember all PIDs
- usleep 250000
- kill -0 "$PID" && usleep 250000
- kill -0 "$PID" && usleep 250000
- kill -0 "$PID" && usleep 250000
- isHomeMounted && break
+ # Also we try with and without explicit domain argument
+ for dom in "#" $XDOMAIN; do # No quotes
+ [ "x$dom" != "x#" ] && opt="${opt},domain=$dom"
+ CNT=$(( CNT + 1 ))
+ FILE=$(mktemp)
+ LOGFILES="$LOGFILES $FILE"
+ MOUNT_OPTS="-v -t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,${opt},nounix,file_mode=0700,dir_mode=0700,noacl,nobrl"
+ echo " ****** Trying '$opt'" > "$FILE"
+ mount ${MOUNT_OPTS} "${VOLUME}" "${PERSISTENT_HOME_DIR}" >> "${FILE}" 2>&1 &
+ PID=$!
+ # Wait max. 1 second; remember PID if this mount call seems to be running after we stop waiting
+ for waits in 1 2 3 4; do
+ usleep 250000
+ if isHomeMounted; then
+ # A previously invoked mount call might have succeeded while this one is still running; try to stop it right away
+ kill "$PID" &> /dev/null
+ break 3
+ fi
+ kill -0 "$PID" || break
+ done
+ kill -0 "$PID" && PIDS="$PIDS $PID" # Remember all PIDs
+ done
done
- while ! isHomeMounted && [ "$CNT" -lt 10 ] && kill -0 $PIDS; do # No quotes
- sleep 1
- CNT=$(( CNT + 1 ))
- done
- kill -9 $PIDS # Kill any leftovers; No quotes
+ if [ -n "$PIDS" ]; then
+ CNT=0
+ while ! isHomeMounted && [ "$CNT" -lt 10 ] && kill -0 $PIDS; do # No quotes
+ usleep 333000
+ CNT=$(( CNT + 1 ))
+ done
+ kill -9 $PIDS # Kill any leftovers; No quotes
+ fi
if ! isHomeMounted; then
LOG_COMBINED=$(mktemp)
- cat "$LOG1" "$LOG2" "$LOG3" "$LOG4" "$LOG5" "$LOG6" > "$LOG_COMBINED"
+ [ -n "$LOGFILES" ] && cat ${LOGFILES} > "$LOG_COMBINED" # No quotes
slxlog --delete "pam-ad-mount" "Mount of '${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed." "${LOG_COMBINED}"
else
PERSISTENT_OK=yes
- #chmod -R u+rwX "${PERSISTENT_HOME_DIR}" 2>/dev/null TODO: Still needed? Use & maybe?
+ #chmod -R u+rwX "${PERSISTENT_HOME_DIR}" 2>/dev/null TODO: Still needed? Use '&' maybe?
fi
unset USER
unset PASSWD
fi
-[ -n "${TMPDEL}" ] && rm -f -- ${TMPDEL} # No quotes
+[ -n "${TMPDEL}${LOGFILES}" ] && rm -f -- ${TMPDEL} ${LOGFILES} # No quotes
true