summaryrefslogtreecommitdiffstats
path: root/data
diff options
context:
space:
mode:
authorSimon Rettberg2014-06-03 16:47:36 +0200
committerSimon Rettberg2014-06-03 16:47:36 +0200
commit32dc5354e2916387a2c62eadae0a4568023f1151 (patch)
tree7fd9a0173d6073e86d1d48e545646b1bc8c1a5eb /data
downloadtmlite-bwlp-32dc5354e2916387a2c62eadae0a4568023f1151.tar.gz
tmlite-bwlp-32dc5354e2916387a2c62eadae0a4568023f1151.tar.xz
tmlite-bwlp-32dc5354e2916387a2c62eadae0a4568023f1151.zip
Initial commit
Diffstat (limited to 'data')
-rw-r--r--data/ad/common-account9
-rw-r--r--data/ad/common-auth12
-rw-r--r--data/ad/common-password11
-rw-r--r--data/ad/common-session22
-rw-r--r--data/ad/common-session-noninteractive17
-rw-r--r--data/ad/mountscript49
-rw-r--r--data/ad/nsswitch.conf14
-rw-r--r--data/pxemenu.template78
8 files changed, 212 insertions, 0 deletions
diff --git a/data/ad/common-account b/data/ad/common-account
new file mode 100644
index 0000000..e06e539
--- /dev/null
+++ b/data/ad/common-account
@@ -0,0 +1,9 @@
+account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
+account [success=1 default=ignore] pam_ldap.so
+# here's the fallback if no module succeeds
+account requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account required pam_permit.so
+
diff --git a/data/ad/common-auth b/data/ad/common-auth
new file mode 100644
index 0000000..c83e66e
--- /dev/null
+++ b/data/ad/common-auth
@@ -0,0 +1,12 @@
+auth [success=2 default=ignore] pam_unix.so nullok_secure
+auth [success=1 default=ignore] pam_ldap.so use_first_pass
+# here's the fallback if no module succeeds
+auth requisite pam_deny.so
+auth optional pam_script.so expose=1
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+auth optional pam_cap.so
+
diff --git a/data/ad/common-password b/data/ad/common-password
new file mode 100644
index 0000000..4cda16c
--- /dev/null
+++ b/data/ad/common-password
@@ -0,0 +1,11 @@
+password [success=2 default=ignore] pam_unix.so obscure sha512
+password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
+# here's the fallback if no module succeeds
+password requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+password optional pam_gnome_keyring.so
+
diff --git a/data/ad/common-session b/data/ad/common-session
new file mode 100644
index 0000000..942af33
--- /dev/null
+++ b/data/ad/common-session
@@ -0,0 +1,22 @@
+session [default=1] pam_permit.so
+# here's the fallback if no module succeeds
+session requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session required pam_permit.so
+# The pam_umask module will set the umask according to the system default in
+# /etc/login.defs and user settings, solving the problem of different
+# umask settings with different shells, display managers, remote sessions etc.
+# See "man pam_umask".
+session optional pam_umask.so
+session required pam_systemd.so
+session optional pam_env.so readenv=1
+session optional pam_env.so readenv=1 envfile=/etc/default/locale
+# and here are more per-package modules (the "Additional" block)
+session required pam_unix.so
+session optional pam_ldap.so
+session sufficient pam_script.so
+session optional pam_xdg_support.so
+session optional pam_ck_connector.so nox11
+
diff --git a/data/ad/common-session-noninteractive b/data/ad/common-session-noninteractive
new file mode 100644
index 0000000..0279a53
--- /dev/null
+++ b/data/ad/common-session-noninteractive
@@ -0,0 +1,17 @@
+session [default=1] pam_permit.so
+# here's the fallback if no module succeeds
+session requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session required pam_permit.so
+# The pam_umask module will set the umask according to the system default in
+# /etc/login.defs and user settings, solving the problem of different
+# umask settings with different shells, display managers, remote sessions etc.
+# See "man pam_umask".
+session optional pam_umask.so
+# and here are more per-package modules (the "Additional" block)
+session required pam_unix.so
+session optional pam_ldap.so
+session optional pam_xdg_support.so
+
diff --git a/data/ad/mountscript b/data/ad/mountscript
new file mode 100644
index 0000000..2256904
--- /dev/null
+++ b/data/ad/mountscript
@@ -0,0 +1,49 @@
+###################################################################
+#
+# This script is a part of the pam_script_ses_open script
+# and is not stand-alone!
+#
+
+if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
+
+ # determine fileserver and share for home directories
+ touch "/tmp/ldapsearch.${PAM_USER}"
+ chmod 0600 "/tmp/ldapsearch.${PAM_USER}"
+ ldapsearch -x -LLL uid="${PAM_USER}" homeMount > "/tmp/ldapsearch.${PAM_USER}" || \
+ { slxlog "pam-ad-ldapquery" "Could not query LDAP server for parameters of user '${PAM_USER}'."; exit 1; }
+ VOLUME=$(cat "/tmp/ldapsearch.${PAM_USER}" | grep ^homeMount | head -n 1 | cut -d" " -f2)
+ [ -z "${VOLUME}" ] && slxlog "pam-ad-ldapvolume" "LDAP server did not provide 'homeMount'. Aborting mount for ${PAM_USER}." && exit 1
+
+ MOUNT_OPTS="-t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,sec=ntlm"
+
+ SIGNAL=$(mktemp)
+ rm -f -- "${SIGNAL}"
+
+ export USER="${PAM_USER}"
+ export PASSWD="${PAM_AUTHTOK}"
+
+ ( mount ${MOUNT_OPTS} "${VOLUME}" "${PERSISTENT_HOME_DIR}" > "/tmp/home.$PAM_USER" 2>&1 || touch "${SIGNAL}" ) &
+ MOUNT_PID=$!
+ for COUNTER in 1 2 4 4; do
+ kill -0 "${MOUNT_PID}" 2>/dev/null || break
+ sleep "${COUNTER}"
+ done
+
+ if [ -e "${SIGNAL}" ]; then
+ slxlog "pam-reutlingen" "Mount of '${FILESERVER}/${PAM_USER}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "/tmp/home.$PAM_USER"
+ sleep 1
+ rm -f -- "${SIGNAL}"
+ elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
+ slxlog "pam-reutlingen" "Mount of '${FILESERVER}/${PAM_USER}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "/tmp/home.$PAM_USER"
+ sleep 1
+ else
+ PERSISTENT_OK=yes
+ chmod -R u+rw "${PERSISTENT_HOME_DIR}" 2>/dev/null
+ fi
+
+ unset USER
+ unset PASSWD
+
+ rm -f -- "/tmp/home.$PAM_USER"
+fi
+
diff --git a/data/ad/nsswitch.conf b/data/ad/nsswitch.conf
new file mode 100644
index 0000000..1909d49
--- /dev/null
+++ b/data/ad/nsswitch.conf
@@ -0,0 +1,14 @@
+passwd: compat ldap
+group: compat ldap
+shadow: compat
+
+hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
+networks: files
+
+protocols: db files
+services: db files
+ethers: db files
+rpc: db files
+
+netgroup: nis
+
diff --git a/data/pxemenu.template b/data/pxemenu.template
new file mode 100644
index 0000000..2fcc88e
--- /dev/null
+++ b/data/pxemenu.template
@@ -0,0 +1,78 @@
+DEFAULT vesamenu.c32
+
+NOESCAPE 1
+PROMPT 0
+
+MENU BACKGROUND openslx.png
+MENU WIDTH 78
+MENU MARGIN 9
+MENU PASSWORDMARGIN 9
+MENU ROWS 10
+MENU TABMSGROW 16
+MENU CMDLINEROW 16
+MENU ENDROW -1
+MENU PASSWORDROW 16
+MENU TIMEOUTROW 20
+MENU HELPMSGROW 16
+MENU HELPMSGENDROW -1
+MENU HSHIFT 0
+MENU VSHIFT 7
+
+menu color screen 37;40 #80ffffff #00000000 std
+menu color border 37;40 #40000000 #ff8093a1 std
+menu color title 1;37;40 #ffff8b00 #ff8093a1 std
+menu color unsel 37;40 #fff0f0f0 #ff8093a1 std
+menu color hotkey 1;37;40 #ffff8b00 #ff8093a1 std
+menu color sel 7;37;40 #ff1c2a33 #667799bb all
+menu color hotsel 1;7;37;40 #ffff8b00 #667799bb all
+menu color disabled 1;37;40 #ffff8b00 #ff8093a1 std
+menu color scrollbar 37;40 #40000000 #ee000000 std
+menu color tabmsg 37;40 #ffff8b00 #ff8093a1 std
+menu color cmdmark 1;37;40 #ffff8b00 #ff8093a1 std
+menu color cmdline 37;40 #fff0f0f0 #ff8093a1 std
+menu color pwdborder 37;40 #40000000 #ff8093a1 std
+menu color pwdheader 37;40 #ffff8b00 #ff8093a1 std
+menu color pwdentry 37;40 #ffff8b00 #ff8093a1 std
+menu color timeout_msg 37;40 #fff0f0f0 #ff8093a1 std
+menu color timeout 1;37;40 #ffff8b00 #ff8093a1 std
+menu color help 37;40 #ff1c2a33 #00000000 none
+MENU MSGCOLOR #ff1c2a33 #00000000 none
+
+
+TIMEOUT %timeout%
+TOTALTIMEOUT %totaltimeout%
+MENU TITLE bwLehrpool BETA VERSION
+MENU CLEAR
+ONTIMEOUT %default%
+
+
+LABEL shutdown
+ MENU HIDE
+ KERNEL kernel-shutdown
+ APPEND initrd=initramfs-shutdown quiet
+
+
+LABEL net
+ MENU LABEL ^bwLehrpool-Umgebung starten
+ KERNEL http://%ip%/boot/default/kernel
+ INITRD http://%ip%/boot/default/initramfs-stage31
+ APPEND slxsrv=%ip% slxbase=boot/default vga=current quiet splash
+ IPAPPEND 3
+ %default-net%
+
+
+LABEL hdd
+ MENU LABEL ^Lokales System starten
+ LOCALBOOT 0
+ %default-hdd%
+
+
+LABEL openslx-debug
+ MENU LABEL ^bwLehrpool-Umgebung starten (nosplash, debug)
+ KERNEL http://%ip%/boot/default/kernel
+ INITRD http://%ip%/boot/default/initramfs-stage31
+ APPEND slxsrv=%ip% slxbase=boot/default
+ IPAPPEND 3
+
+%custom%
+