blob: 99d5716e7d4bece0517b0678cf0ca0e96b14d65d (
plain) (
tree)
|
|
# Copyright (c) 2010 - OpenSLX GmbH
#
# This program/file is free software distributed under the GPL version 2.
# See http://openslx.org/COPYING
#
# If you have any feedback please consult http://openslx.org/feedback and
# send your feedback to feedback@openslx.org
#
# General information about OpenSLX can be found at http://openslx.org
#
# script is included from init via the "." load function - thus it has all
# variables and functions available
# check if the configuration file is available
if [ -e /initramfs/plugin-conf/auth.conf ]; then
. /etc/openslx.conf
ETCDIR=/mnt/${OPENSLX_DEFAULT_CONFDIR}
PLUGINCONFDIR=${ETCDIR}/plugins/auth
BINDIR=/mnt/${OPENSLX_DEFAULT_BINDIR}
PLUGINDIR=/mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth
VIRTDIR=/mnt/${OPENSLX_DEFAULT_VIRTDIR}
# load needed variables
. /initramfs/plugin-conf/auth.conf
# get distribution info; has also version if needed...
. /etc/slxsystem.conf
distro=$slxconf_distro_name
distro_version=$slxconf_distro_ver
# Test if this plugin is activated... more or less useless with the
# new plugin system
if [ $auth_active -ne 0 ]; then
[ $DEBUGLEVEL -gt 0 ] && echo "executing the 'auth' os-plugin ...";
# load general configuration
. /initramfs/machine-setup
# Passwd: todo: move somewhere else
chown root:shadow /mnt/etc/shadow
chmod 0640 /mnt/etc/shadow
chown root:root /mnt/etc/paswd
chmod 0644 /mnt/etc/passwd
#sed -i 's/auth_rootpwd.*/auth_rootpwd=*********/' $PLUGINCONFDIR/auth.conf
# set authentication to passwd and group which is default
sed -i 's/^passwd:.*/passwd: files/' /mnt/etc/nsswitch.conf
sed -i 's/^group:.*/group: files/' /mnt/etc/nsswitch.conf
if [ $auth_ldap -eq 1 ]; then
cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/ldap/ldap.conf
cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/openldap/ldap.conf # required for openSUSE 11.4
# even if their syntax can differ, we copy them (and hope no nss_* attributes where used)
cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/nslcd.conf # required for openSUSE 11.4
cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/ldap.conf
# PAM: add ldap conf before pam_unix(2).so; SuSE: ...-pc
sed -i \
'/^account.*req.*pam_unix/ s/^/account sufficient pam_ldap.so\n/' \
/mnt/etc/pam.d/common-account /mnt/etc/pam.d/common-account-pc
sed -i \
'/^auth.*req.*pam_unix/ s/^/auth sufficient pam_ldap.so\n/' \
/mnt/etc/pam.d/common-auth /mnt/etc/pam.d/common-auth-pc
sed -i 's/^\(passwd:.*\)/\1 ldap/' /mnt/etc/nsswitch.conf
sed -i 's/^\(group:.*\)/\1 ldap/' /mnt/etc/nsswitch.conf
case "$distro" in
suse)
rllinker "nslcd" 20 8 # req. with OpenSuSE 11.4
;;
esac
# just to be on the save side... usually nslcd isn't used.
sed -i "s/^\(nss_.*\)/#XX_auth.sh#\1/" /mnt/etc/nslcd.conf
# hack. if we want to have totally custom ldap.conf files...
if [ -f ${PLUGINDIR}/ldap.conf ]; then
cp ${PLUGINDIR}/ldap.conf /mnt/etc/ldap.conf
cp ${PLUGINDIR}/ldap.conf /mnt/etc/ldap/ldap.conf
cp ${PLUGINDIR}/ldap.conf /mnt/etc/openldap/ldap.conf # required for openSUSE 11.4
chmod 644 /mnt/etc/ldap.conf /mnt/etc/ldap/ldap.conf
fi
# similiar to ldap.conf, but just similiar
if [ -f ${PLUGINDIR}/nslcd.conf ]; then
cp ${PLUGINDIR}/nslcd.conf /mnt/etc/nslcd.conf # openSUSE 11.4
fi
fi
# configure automount
if [ $auth_automount -eq 1 ]; then
cp ${PLUGINDIR}/auto.master /mnt/etc
cp ${PLUGINDIR}/auto.slx /mnt/etc
if [! -d /mnt/$auth_automnt_dir ]; then
mkdir -p /mnt/$auth_automnt_dir
fi
config_portmap # distro specific configuration :(
config_automount # distro specific configuration :(
config_nfs # distro specific config... activates gssd and idmapd
#maybe we need the following, same at auth_nfs4. also OS depending
#rllinker "autofs" 15 7
# hack for ubuntu
if [ $distro = "ubuntu" ]; then
sed -e 's,start on ,start on filesystem #,' \
-i /mnt/etc/init/statd.conf
echo -e "alias autofs autofs4" >>/mnt/etc/modprobe.d/aliases.conf
fi
fi
# configure nfs4
if [ $auth_nfs4 -eq 1 ]; then
testmkd /mnt/var/lib/nfs/rpc_pipefs
echo -e "rpc_pipefs\t/var/lib/nfs/rpc_pipefs rpc_pipefs defaults\t 0 0 nfsd\t\t/proc/fs/nfsd\tnfsd\t\tdefaults\t 0 0" >>/etc/fstab
echo -e "rpc_pipefs\t/var/lib/nfs/rpc_pipefs rpc_pipefs defaults\t 0 0 nfsd\t\t/proc/fs/nfsd\tnfsd\t\tdefaults\t 0 0" >>/mnt/etc/fstab
mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs
mount -t nfsd nfsd /proc/fs/nfsd
touch /mnt/var/lib/nfs/state
config_portmap # distro specific config. maybe double usage with automount
#rllinker "portmap" 2 20
# starts rpc.idmapd, maybe portmap... nfs-init.d-hell...
case "$distro" in
suse)
rllinker "nfs" 14 8
;;
ubuntu)
rllinker "nfs-common" 14 8
sed -i 's/^NEED_IDMAPD=.*/NEED_IDMAPD=yes/' /mnt/etc/default/nfs-common
;;
*)
# we don't know it, so lets use all... hopefully one will work ;-)
rllinker "nfs" 14 8
rllinker "nfs-common" 14 8
;;
esac
sed -i \
"s/^Domain.*/Domain = ${auth_idmap_domain}/" \
/mnt/etc/idmapd.conf
#maybe we need the following, same at auth_nfs4. also OS depending
#rllinker "autofs" 15 7
fi
# configure automnt_script
if [ $auth_automnt_script ]; then
chmod 755 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_automnt_script
fi
# configure KerberOS
if [ $auth_krb -eq 1 ]; then
cp ${PLUGINDIR}/krb5.conf /mnt/etc
chmod 644 /mnt/etc/krb5.conf
# PAM: add krb conf after pam_unix(2).so; SuSE: ...-pc
sed -i \
'/^account.*req.*pam_unix/ s/^/account [success=ok new_authtok_reqd=ok ignore=ignore default=bad user_unknown=ignore] pam_krb5.so use_first_pass\n/' \
/mnt/etc/pam.d/common-account /mnt/etc/pam.d/common-account-pc
sed -i \
'/^account.*req.*pam_unix/ s/^/auth sufficient pam_krb5.so use_first_pass\n/' \
/mnt/etc/pam.d/common-account /mnt/etc/pam.d/common-auth-pc
echo "session optional pam_krb5.so" >> /mnt/etc/pam.d/common-session
echo "session optional pam_krb5.so" >> /mnt/etc/pam.d/common-session-pc
# script to get keytab or do other magic things
if [ -n $auth_krbscript ]; then
echo "# auth-plugin: start custom kerberOS script
/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_krbscript
chmod 600 /etc/krb5.keytab # if a user forget to change it the $auth_krbscript" \
>> /mnt/etc/init.d/boot.slx
chmod 755 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_krbscript
# just krb5.conf perm
rllinker "boot.slx" 2 20
fi
# maybe not needed in every case. depends how $HOME gets mounted... but required for nfs & automount at least with nfsv4
if [ $distro = "ubuntu" ]; then
sed -i 's/^NEED_GSSD.*/NEED_GSSD=yes/' /mnt/etc/default/nfs-common
fi
if [ $distro = "suse" ]; then
sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs
sed -i 's/^NFS_SECURITY_GSS.*/NFS_SECURITY_GSS="yes"/' /mnt/etc/sysconfig/nfs
fi
fi
fi
# hack. if we want to have totally custom pam-files...
if [ -d ${PLUGINDIR}/pam.d/ ]; then
cp ${PLUGINDIR}/pam.d/* /mnt/etc/pam.d/
fi
# hack. if we want to have totally custom nsswitch.conf file...
if [ -f ${PLUGINDIR}/nsswitch.conf ]; then
cp ${PLUGINDIR}/nsswitch.conf /mnt/etc/nsswitch.conf
chmod 644 /mnt/etc/nsswitch.conf
fi
# just for development purpose, can be deleted later
rllinker "syslog" 2 20
else
[ $DEBUGLEVEL -gt 0 ] && echo " * Configuration of auth plugin failed"
fi
|