Initial commit

8 files changed, 212 insertions, 0 deletions

diff --git a/data/ad/common-account b/data/ad/common-account
new file mode 100644
index 0000000..e06e539
--- /dev/null
+++ b/data/ad/common-account
@@ -0,0 +1,9 @@
+account	[success=2 new_authtok_reqd=done default=ignore]	pam_unix.so 
+account	[success=1 default=ignore]	pam_ldap.so 
+# here's the fallback if no module succeeds
+account	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account	required			pam_permit.so
+
diff --git a/data/ad/common-auth b/data/ad/common-auth
new file mode 100644
index 0000000..c83e66e
--- /dev/null
+++ b/data/ad/common-auth
@@ -0,0 +1,12 @@
+auth	[success=2 default=ignore]	pam_unix.so nullok_secure
+auth	[success=1 default=ignore]	pam_ldap.so use_first_pass
+# here's the fallback if no module succeeds
+auth	requisite			pam_deny.so
+auth	optional			pam_script.so expose=1
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+auth	optional			pam_cap.so 
+
diff --git a/data/ad/common-password b/data/ad/common-password
new file mode 100644
index 0000000..4cda16c
--- /dev/null
+++ b/data/ad/common-password
@@ -0,0 +1,11 @@
+password	[success=2 default=ignore]	pam_unix.so obscure sha512
+password	[success=1 user_unknown=ignore default=die]	pam_ldap.so use_authtok try_first_pass
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+password	optional	pam_gnome_keyring.so 
+
diff --git a/data/ad/common-session b/data/ad/common-session
new file mode 100644
index 0000000..942af33
--- /dev/null
+++ b/data/ad/common-session
@@ -0,0 +1,22 @@
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# The pam_umask module will set the umask according to the system default in
+# /etc/login.defs and user settings, solving the problem of different
+# umask settings with different shells, display managers, remote sessions etc.
+# See "man pam_umask".
+session optional			pam_umask.so
+session required       pam_systemd.so
+session optional        pam_env.so readenv=1
+session optional        pam_env.so readenv=1 envfile=/etc/default/locale
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 
+session	optional			pam_ldap.so 
+session sufficient			pam_script.so 
+session	optional			pam_xdg_support.so 
+session	optional			pam_ck_connector.so nox11
+
diff --git a/data/ad/common-session-noninteractive b/data/ad/common-session-noninteractive
new file mode 100644
index 0000000..0279a53
--- /dev/null
+++ b/data/ad/common-session-noninteractive
@@ -0,0 +1,17 @@
+session	[default=1]			pam_permit.so
+# here's the fallback if no module succeeds
+session	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session	required			pam_permit.so
+# The pam_umask module will set the umask according to the system default in
+# /etc/login.defs and user settings, solving the problem of different
+# umask settings with different shells, display managers, remote sessions etc.
+# See "man pam_umask".
+session optional			pam_umask.so
+# and here are more per-package modules (the "Additional" block)
+session	required	pam_unix.so 
+session	optional			pam_ldap.so 
+session	optional			pam_xdg_support.so 
+
diff --git a/data/ad/mountscript b/data/ad/mountscript
new file mode 100644
index 0000000..2256904
--- /dev/null
+++ b/data/ad/mountscript
@@ -0,0 +1,49 @@
+###################################################################
+#
+#       This script is a part of the pam_script_ses_open script
+#       and is not stand-alone!
+#
+
+if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
+	
+	# determine fileserver and share for home directories
+	touch "/tmp/ldapsearch.${PAM_USER}"
+	chmod 0600 "/tmp/ldapsearch.${PAM_USER}"
+	ldapsearch -x -LLL uid="${PAM_USER}" homeMount > "/tmp/ldapsearch.${PAM_USER}" || \
+	{ slxlog "pam-ad-ldapquery" "Could not query LDAP server for parameters of user '${PAM_USER}'."; exit 1; }
+	VOLUME=$(cat "/tmp/ldapsearch.${PAM_USER}" | grep ^homeMount | head -n 1 | cut -d" " -f2)
+	[ -z "${VOLUME}" ] && slxlog "pam-ad-ldapvolume" "LDAP server did not provide 'homeMount'. Aborting mount for ${PAM_USER}." && exit 1
+	
+	MOUNT_OPTS="-t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,sec=ntlm"
+	
+	SIGNAL=$(mktemp)
+	rm -f -- "${SIGNAL}"
+	
+	export USER="${PAM_USER}"
+	export PASSWD="${PAM_AUTHTOK}"
+	
+	( mount ${MOUNT_OPTS} "${VOLUME}" "${PERSISTENT_HOME_DIR}" > "/tmp/home.$PAM_USER" 2>&1 || touch "${SIGNAL}" ) &
+	MOUNT_PID=$!
+	for COUNTER in 1 2 4 4; do
+		kill -0 "${MOUNT_PID}" 2>/dev/null || break
+		sleep "${COUNTER}"
+	done
+	
+	if [ -e "${SIGNAL}" ]; then
+		slxlog "pam-reutlingen" "Mount of '${FILESERVER}/${PAM_USER}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "/tmp/home.$PAM_USER"
+		sleep 1
+		rm -f -- "${SIGNAL}"
+	elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
+		slxlog "pam-reutlingen" "Mount of '${FILESERVER}/${PAM_USER}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "/tmp/home.$PAM_USER"
+		sleep 1
+	else
+		PERSISTENT_OK=yes
+		chmod -R u+rw "${PERSISTENT_HOME_DIR}" 2>/dev/null
+	fi
+	
+	unset USER
+	unset PASSWD
+	
+	rm -f -- "/tmp/home.$PAM_USER"
+fi
+
diff --git a/data/ad/nsswitch.conf b/data/ad/nsswitch.conf
new file mode 100644
index 0000000..1909d49
--- /dev/null
+++ b/data/ad/nsswitch.conf
@@ -0,0 +1,14 @@
+passwd:         compat ldap
+group:          compat ldap
+shadow:         compat
+
+hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+
diff --git a/data/pxemenu.template b/data/pxemenu.template
new file mode 100644
index 0000000..2fcc88e
--- /dev/null
+++ b/data/pxemenu.template
@@ -0,0 +1,78 @@
+DEFAULT vesamenu.c32
+
+NOESCAPE 1
+PROMPT 0
+
+MENU BACKGROUND openslx.png
+MENU WIDTH 78
+MENU MARGIN 9
+MENU PASSWORDMARGIN 9
+MENU ROWS 10
+MENU TABMSGROW 16
+MENU CMDLINEROW 16
+MENU ENDROW -1
+MENU PASSWORDROW 16
+MENU TIMEOUTROW 20
+MENU HELPMSGROW 16
+MENU HELPMSGENDROW -1
+MENU HSHIFT 0
+MENU VSHIFT 7
+
+menu color screen       37;40           #80ffffff #00000000 std
+menu color border       37;40           #40000000 #ff8093a1 std
+menu color title        1;37;40         #ffff8b00 #ff8093a1 std
+menu color unsel        37;40           #fff0f0f0 #ff8093a1 std
+menu color hotkey       1;37;40         #ffff8b00 #ff8093a1 std
+menu color sel          7;37;40         #ff1c2a33 #667799bb all
+menu color hotsel       1;7;37;40       #ffff8b00 #667799bb all
+menu color disabled     1;37;40         #ffff8b00 #ff8093a1 std
+menu color scrollbar    37;40           #40000000 #ee000000 std
+menu color tabmsg       37;40           #ffff8b00 #ff8093a1 std
+menu color cmdmark      1;37;40         #ffff8b00 #ff8093a1 std
+menu color cmdline      37;40           #fff0f0f0 #ff8093a1 std
+menu color pwdborder    37;40           #40000000 #ff8093a1 std
+menu color pwdheader    37;40           #ffff8b00 #ff8093a1 std
+menu color pwdentry     37;40           #ffff8b00 #ff8093a1 std
+menu color timeout_msg  37;40           #fff0f0f0 #ff8093a1 std
+menu color timeout      1;37;40         #ffff8b00 #ff8093a1 std
+menu color help         37;40           #ff1c2a33 #00000000 none
+MENU MSGCOLOR                           #ff1c2a33 #00000000 none
+
+
+TIMEOUT %timeout%
+TOTALTIMEOUT %totaltimeout%
+MENU TITLE bwLehrpool BETA VERSION
+MENU CLEAR
+ONTIMEOUT %default%
+
+
+LABEL shutdown
+	MENU HIDE
+	KERNEL kernel-shutdown
+	APPEND initrd=initramfs-shutdown quiet
+
+
+LABEL net
+	MENU LABEL ^bwLehrpool-Umgebung starten
+	KERNEL http://%ip%/boot/default/kernel
+	INITRD http://%ip%/boot/default/initramfs-stage31
+	APPEND slxsrv=%ip% slxbase=boot/default vga=current quiet splash
+	IPAPPEND 3
+	%default-net%
+
+
+LABEL hdd
+	MENU LABEL ^Lokales System starten
+	LOCALBOOT  0
+	%default-hdd%
+
+
+LABEL openslx-debug
+	MENU LABEL ^bwLehrpool-Umgebung starten (nosplash, debug)
+	KERNEL http://%ip%/boot/default/kernel
+	INITRD http://%ip%/boot/default/initramfs-stage31
+	APPEND slxsrv=%ip% slxbase=boot/default
+	IPAPPEND 3
+
+%custom%
+