diff options
author | Simon Rettberg | 2018-01-29 12:16:53 +0100 |
---|---|---|
committer | Simon Rettberg | 2018-01-29 12:16:53 +0100 |
commit | 106d94fa8dfc599e425700f3d28e5f903e39c3c8 (patch) | |
tree | b3c708965e8221f3dde2e28737b426f7672bf2c5 /data | |
parent | [https/backup] Store cert only in separate .pem for further use (diff) | |
download | tmlite-bwlp-106d94fa8dfc599e425700f3d28e5f903e39c3c8.tar.gz tmlite-bwlp-106d94fa8dfc599e425700f3d28e5f903e39c3c8.tar.xz tmlite-bwlp-106d94fa8dfc599e425700f3d28e5f903e39c3c8.zip |
mount-script: Better timeout, try domain guessing, logging, cleanup
Diffstat (limited to 'data')
-rw-r--r-- | data/ad/mountscript | 76 |
1 files changed, 51 insertions, 25 deletions
diff --git a/data/ad/mountscript b/data/ad/mountscript index 3cf286d..810eed6 100644 --- a/data/ad/mountscript +++ b/data/ad/mountscript @@ -10,6 +10,7 @@ RESULT= REAL_ACCOUNT= WAIT= TMPDEL= +LOGFILES= if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then if which gawk &>/dev/null; then un64() { @@ -42,11 +43,11 @@ if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then fi rm -f -- "${PW}" VOLUME=$(cat "${RESULT}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2-) - [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${RESULT}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2) + [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${RESULT}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2-) fi [ -z "$VOLUME" ] && VOLUME=$(cat "${SEARCH}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2-) [ -z "$VOLUME" ] && slxlog "pam-ad-ldapvolume" "AD/Proxy did not provide 'homeMount'. Aborting mount for ${PAM_USER}." "${RESULT}" - [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${SEARCH}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2) + [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${SEARCH}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2-) [ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT="${PAM_USER}" fi @@ -54,6 +55,21 @@ if [ -n "${VOLUME}" ]; then isHomeMounted() { grep -Fuq " ${PERSISTENT_HOME_DIR} " /proc/mounts } + # Most servers can work without, but some don't + XDOMAIN= + if [ -s "/opt/openslx/inc/shares" ]; then + . /opt/openslx/inc/shares + XDOMAIN="${SHARE_DOMAIN}" + fi + if [ -z "$XDOMAIN" ]; then + XDOMAIN=$(<"/etc/ldap.conf" grep -m1 -i '^BASE\s.*DC=' | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-) + fi + if [ -z "$XDOMAIN" ]; then + XDOMAIN=$(<"/etc/sssd/sssd.conf" grep -m1 -i '^ldap_search_base\s*=.*DC=' | grep -o -E -i 'DC=[^,;]+' | head -n 1 | cut -c 4-) + fi + if [ "x$XDOMAIN" = "x#" ]; then + XDOMAIN= + fi # Remember for hooks in pam_script_auth.d export PERSISTENT_NETPATH=$(echo "$VOLUME" | tr '/' '\') @@ -64,42 +80,52 @@ if [ -n "${VOLUME}" ]; then CNT=0 PIDS= for opt in "vers=3.0,sec=ntlmssp" "vers=2.1,sec=ntlmssp" "vers=1.0,sec=ntlm" "vers=3.0,sec=ntlmv2" "vers=1.0,sec=ntlmv2" "vers=3.0,sec=ntlm" "vers=2.0,sec=ntlmssp"; do - CNT=$(( CNT + 1 )) - FILEVAR="LOG$CNT" - FILE=$(mktemp) - eval "${FILEVAR}=$FILE" - TMPDEL="$TMPDEL $FILE" - MOUNT_OPTS="-v -t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,${opt},nounix,file_mode=0700,dir_mode=0700,noacl,nobrl" - echo " * Trying '$opt'" > "$FILE" - mount ${MOUNT_OPTS} "${VOLUME}" "${PERSISTENT_HOME_DIR}" >> "${FILE}" 2>&1 & - PID=$! - PIDS="$PIDS $PID" # Remember all PIDs - usleep 250000 - kill -0 "$PID" && usleep 250000 - kill -0 "$PID" && usleep 250000 - kill -0 "$PID" && usleep 250000 - isHomeMounted && break + # Also we try with and without explicit domain argument + for dom in "#" $XDOMAIN; do # No quotes + [ "x$dom" != "x#" ] && opt="${opt},domain=$dom" + CNT=$(( CNT + 1 )) + FILE=$(mktemp) + LOGFILES="$LOGFILES $FILE" + MOUNT_OPTS="-v -t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,${opt},nounix,file_mode=0700,dir_mode=0700,noacl,nobrl" + echo " ****** Trying '$opt'" > "$FILE" + mount ${MOUNT_OPTS} "${VOLUME}" "${PERSISTENT_HOME_DIR}" >> "${FILE}" 2>&1 & + PID=$! + # Wait max. 1 second; remember PID if this mount call seems to be running after we stop waiting + for waits in 1 2 3 4; do + usleep 250000 + if isHomeMounted; then + # A previously invoked mount call might have succeeded while this one is still running; try to stop it right away + kill "$PID" &> /dev/null + break 3 + fi + kill -0 "$PID" || break + done + kill -0 "$PID" && PIDS="$PIDS $PID" # Remember all PIDs + done done - while ! isHomeMounted && [ "$CNT" -lt 10 ] && kill -0 $PIDS; do # No quotes - sleep 1 - CNT=$(( CNT + 1 )) - done - kill -9 $PIDS # Kill any leftovers; No quotes + if [ -n "$PIDS" ]; then + CNT=0 + while ! isHomeMounted && [ "$CNT" -lt 10 ] && kill -0 $PIDS; do # No quotes + usleep 333000 + CNT=$(( CNT + 1 )) + done + kill -9 $PIDS # Kill any leftovers; No quotes + fi if ! isHomeMounted; then LOG_COMBINED=$(mktemp) - cat "$LOG1" "$LOG2" "$LOG3" "$LOG4" "$LOG5" "$LOG6" > "$LOG_COMBINED" + [ -n "$LOGFILES" ] && cat ${LOGFILES} > "$LOG_COMBINED" # No quotes slxlog --delete "pam-ad-mount" "Mount of '${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed." "${LOG_COMBINED}" else PERSISTENT_OK=yes - #chmod -R u+rwX "${PERSISTENT_HOME_DIR}" 2>/dev/null TODO: Still needed? Use & maybe? + #chmod -R u+rwX "${PERSISTENT_HOME_DIR}" 2>/dev/null TODO: Still needed? Use '&' maybe? fi unset USER unset PASSWD fi -[ -n "${TMPDEL}" ] && rm -f -- ${TMPDEL} # No quotes +[ -n "${TMPDEL}${LOGFILES}" ] && rm -f -- ${TMPDEL} ${LOGFILES} # No quotes true |