From 42aa5bd745cbb4c62200bf74d4a1240841fae06f Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 5 Nov 2015 10:23:08 +0100
Subject: [mountscript] More debug and fallback

---
 data/ad/mountscript | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/data/ad/mountscript b/data/ad/mountscript
index 31011ff..95048af 100644
--- a/data/ad/mountscript
+++ b/data/ad/mountscript
@@ -5,13 +5,18 @@
 #
 
 VOLUME=
+SEARCH=
 RESULT=
 REAL_ACCOUNT=
+WAIT=
 if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
 	# determine fileserver and share for home directories
-	BINDDN=$(ldapsearch -l 3 -o nettimeout=3 -o ldif-wrap=no -x -LLL uid="${PAM_USER}" dn distinguishedName | grep -E '^(dn|distinguishedName):' | head -n 1 | cut -d ' ' -f 2)
+	SEARCH=$(mktemp)
+	ldapsearch -l 3 -o nettimeout=3 -o ldif-wrap=no -x -LLL uid="${PAM_USER}" dn distinguishedName homeMount realAccount > "${SEARCH}" 2>&1
+	BINDDN=$(cat "${SEARCH}" | grep -E '^(dn|distinguishedName):' | head -n 1 | cut -d ' ' -f 2-)
 	if [ -z "$BINDDN" ]; then
-		slxlog "pam-ad-ldapquery" "Could not query DN of user ${PAM_USER}. No home directory available"
+		slxlog "pam-ad-ldapquery" "Could not query DN of user ${PAM_USER}. No home directory available" "${SEARCH}"
+		WAIT=1
 	else
 		RESULT=$(mktemp)
 		PW="/tmp/pw.${RANDOM}.${RANDOM}.${PAM_USER}.${RANDOM}"
@@ -19,14 +24,18 @@ if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
 		(
 			echo -n "${PAM_AUTHTOK}" > "${PW}"
 		) &
-		ldapsearch -y "${PW}" -D "$BINDDN" -l 5 -o nettimeout=5 -o ldif-wrap=no -x -LLL uid="${PAM_USER}" homeMount realAccount > "${RESULT}" 2>&1 \
-			|| slxlog "pam-ad-ldapquery" "Could not query LDAP-AD-Proxy for parameters of user '${PAM_USER}'." "${RESULT}"
+		if ! ldapsearch -y "${PW}" -D "$BINDDN" -l 5 -o nettimeout=5 -o ldif-wrap=no -x -LLL uid="${PAM_USER}" homeMount realAccount > "${RESULT}" 2>&1; then
+			slxlog "pam-ad-ldapquery" "Could not query LDAP-AD-Proxy for parameters of user '${PAM_USER}' (${BINDDN})." "${RESULT}"
+			WAIT=1
+		fi
 		rm -f -- "${PW}"
-		VOLUME=$(cat "${RESULT}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2)
-		[ -z "${VOLUME}" ] && slxlog "pam-ad-ldapvolume" "AD/Proxy did not provide 'homeMount'. Aborting mount for ${PAM_USER}." "${RESULT}"
+		VOLUME=$(cat "${RESULT}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2-)
 		[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${RESULT}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2)
-		[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT="${PAM_USER}"
 	fi
+	[ -z "$VOLUME" ] && VOLUME=$(cat "${SEARCH}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2-)
+	[ -z "$VOLUME" ] && slxlog "pam-ad-ldapvolume" "AD/Proxy did not provide 'homeMount'. Aborting mount for ${PAM_USER}." "${RESULT}"
+	[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${SEARCH}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2)
+	[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT="${PAM_USER}"
 fi
 
 if [ -n "${VOLUME}" ]; then
@@ -45,11 +54,11 @@ if [ -n "${VOLUME}" ]; then
 
 	if [ -e "${SIGNAL}" ]; then
 		slxlog "pam-ad-mount" "Mount of '${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Args: ${MOUNT_OPTS})" "${RESULT}"
-		sleep 1
+		WAIT=1
 		rm -f -- "${SIGNAL}"
 	elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
 		slxlog "pam-ad-mount" "Mount of '${VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "${RESULT}"
-		sleep 1
+		WAIT=1
 	else
 		PERSISTENT_OK=yes
 		chmod -R u+rwX "${PERSISTENT_HOME_DIR}" 2>/dev/null
@@ -59,6 +68,8 @@ if [ -n "${VOLUME}" ]; then
 	unset PASSWD
 fi
 
+[ "$WAIT" = "1" ] && sleep 1
 [ -n "${RESULT}" ] && rm -f -- "${RESULT}"
+[ -n "${SEARCH}" ] && rm -f -- "${SEARCH}"
 true
 
-- 
cgit v1.2.3-55-g7522