summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSebastian Schmelzer2011-12-22 10:34:40 +0100
committerSebastian Schmelzer2011-12-22 10:34:40 +0100
commit53d09c41346bbf8c9449991229ecc3fbc0922523 (patch)
tree74742c6d6c9e95399d9cd17182fcb0db9476c395
parenttypo (diff)
parentminor... (diff)
downloadcore-53d09c41346bbf8c9449991229ecc3fbc0922523.tar.gz
core-53d09c41346bbf8c9449991229ecc3fbc0922523.tar.xz
core-53d09c41346bbf8c9449991229ecc3fbc0922523.zip
Merge branch 'master' of openslx.org:openslx/core
-rw-r--r--src/os-plugins/plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm165
-rw-r--r--src/os-plugins/plugins/eduroam/XX_eduroam.sh47
-rw-r--r--src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth31
-rw-r--r--src/os-plugins/plugins/eduroam/files/lib/security/pam_script.sobin0 -> 9548 bytes
-rwxr-xr-xsrc/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_auth60
-rwxr-xr-xsrc/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_ses_close37
-rwxr-xr-xsrc/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_ses_open20
-rw-r--r--src/os-plugins/plugins/plymouth/XX_plymouth.sh4
-rw-r--r--src/os-plugins/plugins/plymouth/init-hooks/40-started-hw-config/plymouth.sh3
-rw-r--r--src/os-plugins/plugins/plymouth/init-hooks/95-handing-over/plymouth.sh4
10 files changed, 368 insertions, 3 deletions
diff --git a/src/os-plugins/plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm b/src/os-plugins/plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm
new file mode 100644
index 00000000..7c38a055
--- /dev/null
+++ b/src/os-plugins/plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm
@@ -0,0 +1,165 @@
+# Copyright (c) 2007..2011 - OpenSLX GmbH
+#
+# This program is free software distributed under the GPL version 2.
+# See http://openslx.org/COPYING
+#
+# If you have any feedback please consult http://openslx.org/feedback and
+# send your suggestions, praise, or complaints to feedback@openslx.org
+#
+# General information about OpenSLX can be found at http://openslx.org/
+# -----------------------------------------------------------------------------
+# eduroam.pm
+# -----------------------------------------------------------------------------
+package OpenSLX::OSPlugin::eduroam;
+
+use strict;
+use warnings;
+
+use base qw(OpenSLX::OSPlugin::Base);
+
+use File::Path;
+
+use OpenSLX::Basics;
+use OpenSLX::Utils;
+use OpenSLX::DistroUtils;
+
+sub new
+{
+ my $class = shift;
+
+ my $self = {
+ name => 'eduroam',
+ };
+
+ return bless $self, $class;
+}
+
+sub getInfo
+{
+ my $self = shift;
+
+ return {
+ description => unshiftHereDoc(<<' End-of-Here'),
+ Splashscreen for the boot process using eduroam.
+ End-of-Here
+ precedence => 30,
+ };
+}
+
+sub getAttrInfo
+{
+ my $self = shift;
+
+ return {
+ 'eduroam::active' => {
+ applies_to_systems => 1,
+ applies_to_clients => 1,
+ description => unshiftHereDoc(<<' End-of-Here'),
+ should the eduroam-plugin be executed during boot?
+ End-of-Here
+ content_regex => qr{^(0|1)$},
+ content_descr => '1 means active - 0 means inactive',
+ default => '1',
+ },
+
+ 'eduroam::server_ip' => {
+ applies_to_systems => 1,
+ applies_to_clients => 1,
+ description => unshiftHereDoc(<<' End-of-Here'),
+ IP address of the eduroam backend server
+ End-of-Here
+ content_regex => qr{^.*$},
+ content_descr => 'valid IP address',
+ default => '1',
+ },
+
+ 'eduroam::server_secret' => {
+ applies_to_systems => 1,
+ applies_to_clients => 1,
+ description => unshiftHereDoc(<<' End-of-Here'),
+ shared secret for eduroam authentication
+ End-of-Here
+ content_regex => qr{^.*$},
+ content_descr => 'string of the shared secret',
+ default => '1',
+ },
+
+ };
+}
+
+sub suggestAdditionalKernelParams
+{
+ my $self = shift;
+ my $makeInitRamFSEngine = shift;
+
+ my @suggestedParams;
+
+ return @suggestedParams;
+}
+
+sub suggestAdditionalKernelModules
+{
+ my $self = shift;
+ my $makeInitRamFSEngine = shift;
+
+ my @suggestedModules;
+
+ return @suggestedModules;
+}
+
+sub installationPhase
+{
+ my $self = shift;
+ my $info = shift;
+
+ my $engine = $self->{'os-plugin-engine'};
+
+ # check if libpam-radius-package is already installed
+ my @installedPackages = $engine->getInstalledPackages();
+ my $found = 0;
+ foreach (@installedPackages) {
+ if ($_ eq "libpam-radius-auth") {
+ $found = 1;
+ }
+ }
+ # if not, install it
+ if ($found == 0) {
+ vlog(0, _tr("Missing package 'libpam-radius-auth', installing...\n"));
+ $engine->installPackages('libpam-radius-auth');
+ }
+
+ $self->{pluginRepositoryPath} = $info->{'plugin-repo-path'};
+ $self->{openslxBasePath} = $info->{'openslx-base-path'};
+
+ my $eduroamFilesPath = "$self->{openslxBasePath}/lib/plugins/eduroam/files";
+ my $pluginRepoPath = "$self->{pluginRepositoryPath}";
+
+ # copy the rest of the needed files:
+ # lib/security/pam_script.so - library needed by PAM-script module
+ # usr/share/libpam-script/* - scripts to create the local user if radius auth succeeded
+ # etc/pam.d/kdm/radius-auth - PAM-module for radius auth
+ copyDir("$eduroamFilesPath", "$pluginRepoPath");
+
+ return;
+}
+
+sub removalPhase
+{
+ my $self = shift;
+ my $info = shift;
+
+ return;
+}
+
+
+sub copyRequiredFilesIntoInitramfs
+{
+ my $self = shift;
+ my $targetPath = shift;
+ my $attrs = shift;
+ my $makeInitRamFSEngine = shift;
+
+ return;
+}
+
+1;
diff --git a/src/os-plugins/plugins/eduroam/XX_eduroam.sh b/src/os-plugins/plugins/eduroam/XX_eduroam.sh
new file mode 100644
index 00000000..d977a791
--- /dev/null
+++ b/src/os-plugins/plugins/eduroam/XX_eduroam.sh
@@ -0,0 +1,47 @@
+# Copyright (c) 2007..2008 - RZ Uni Freiburg
+# Copyright (c) 2008 - 2009 OpenSLX GmbH
+#
+# This program/file is free software distributed under the GPL version 2.
+# See http://openslx.org/COPYING
+#
+# If you have any feedback please consult http://openslx.org/feedback and
+# send your feedback to feedback@openslx.org
+#
+# General information about OpenSLX can be found at http://openslx.org
+#
+# stage3 part of 'eduroam' plugin
+#
+# script is included from init via the "." load function - thus it has all
+# variables and functions available
+
+if [ -e /initramfs/plugin-conf/eduroam.conf ]; then
+ . /initramfs/plugin-conf/eduroam.conf
+ if [ $eduroam_active -ne 0 ]; then
+ [ $DEBUGLEVEL -gt 0 ] && echo "executing the 'eduroam' plugin...";
+
+ # copy files
+ cd /mnt/opt/openslx/plugin-repo/eduroam/files
+ # better with tar, doesn't work however...
+ #tar c * | tar x -C /mnt
+ for f in $(find . -type f); do cp $f /mnt/$f; done
+
+ # delete old config, just to make sure there are no conflicts
+ pam_radius_conf=/mnt/etc/pam_radius_auth.conf
+ [ -f $pam_radius_conf ] && rm $pam_radius_conf
+
+ # hack to get the actual literal string from the config file...
+ secret=$(cat /initramfs/plugin-conf/eduroam.conf | grep secret | \
+ sed 's/eduroam_server_secret="//g' | sed 's/\(.*\)./\1/')
+
+ # write eduroam server config
+ echo -n "$eduroam_server_ip $secret 3" > $pam_radius_conf
+
+ # activate eduroam in kdm
+ # TODO: for other desktop managers
+ pam_kdm=/mnt/etc/pam.d/kdm
+ [ -f $pam_kdm ] && sed 's/@include common-auth/@include radius-auth/g' -i $pam_kdm
+
+ [ $DEBUGLEVEL -gt 0 ] && echo "done with the 'eduroam' plugin...";
+ fi
+fi
+
diff --git a/src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth b/src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth
new file mode 100644
index 00000000..97f005f4
--- /dev/null
+++ b/src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth
@@ -0,0 +1,31 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# try to authenticate with radius, if succeeds create local user.
+auth optional pam_script.so radius
+auth [success=ok user_unknown=1 default=1] pam_radius_auth.so debug
+auth [success=3 default=ignore] pam_script.so create_user
+auth optional pam_script.so unix
+auth [success=1 new_authtok_reqd=ok user_unknown=die default=ignore] pam_unix.so nullok_secure debug try_first_pass
+
+# here's the fallback if no module succeeds
+auth requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+#auth optional pam_mount.so
+# end of pam-auth-update config
diff --git a/src/os-plugins/plugins/eduroam/files/lib/security/pam_script.so b/src/os-plugins/plugins/eduroam/files/lib/security/pam_script.so
new file mode 100644
index 00000000..f1af8245
--- /dev/null
+++ b/src/os-plugins/plugins/eduroam/files/lib/security/pam_script.so
Binary files differ
diff --git a/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_auth b/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_auth
new file mode 100755
index 00000000..6f3e7ec6
--- /dev/null
+++ b/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_auth
@@ -0,0 +1,60 @@
+#!/bin/bash
+# pam_script_auth
+
+# file to write authentification method to
+file=/var/run/eduroam_auth_method
+
+# check given argument
+case "$1" in
+
+ "radius" )
+ # auth method, write it to file
+ echo "[$PAM_TYPE] Verifying credentials (through $1)..."
+ #echo "$1" > $file.$PAM_USER
+ ;;
+
+ "create_user" )
+ # create user
+ # check if user exists
+ if [ "x$(cat /etc/passwd | grep ^$PAM_USER | wc -l)" == "x1" ]
+ then
+ # user exists
+ echo "[$PAM_TYPE] User $PAM_USER exists already."
+ else
+ # user does not exists, create it.
+ echo "[$PAM_TYPE] User $PAM_USER does not exist."
+ echo "[$PAM_TYPE] Creating user $PAM_USER ..."
+
+ uid_file=/var/run/eduroam_lastuid
+ # check for /var/run/eduroam_lastuid
+ [ ! -f $uid_file ] && echo "234299000" > $uid_file
+
+ # set user information
+ uid=$(($(cat $uid_file)+1))
+ gid=1001
+ homedir=/home/$PAM_USER
+ uinfo="Eduroam Guest"
+ ushell=/bin/bash
+
+ # create home directory
+ mkdir $homedir
+ chown $uid:$gid $homedir
+
+ # create /etc/passwd entry
+ echo "$PAM_USER:x:$uid:$gid:$uinfo:$homedir:$ushell" >> /etc/passwd
+
+ # create /etc/shadow entry
+ # set today's date for last pw change
+ pwlastchange=$(($(date +%s) / 60 / 60 / 24))
+ echo "$PAM_USER:x:$pwlastchange:0:99999:7:::" >> /etc/shadow
+
+ # user creation done, adjust uid_file
+ echo "$uid" > $uid_file
+ fi
+ ;;
+
+ * )
+ echo "[$PAM_TYPE] $0 unrecognized parameter: $1 (ignoring)."
+ ;;
+
+esac
diff --git a/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_ses_close b/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_ses_close
new file mode 100755
index 00000000..0568fd64
--- /dev/null
+++ b/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_ses_close
@@ -0,0 +1,37 @@
+#!/bin/bash
+# pam_script_ses_close
+# ran by root after user closes session
+
+echo "[$PAM_TYPE] Closing session for $PAM_USER..."
+# minimal uid: users with uid under this wont get deleted.
+MIN_UID=234299000
+
+# remove local user & home dir
+# only execute for uid > MIN_UID
+#if [ $(id -u $PAM_USER) -gt $MIN_UID -a "x$(cat /var/run/eduroam_auth_method.$PAM_USER)" == "xradius" ]
+if [ $(id -u $PAM_USER) -gt $MIN_UID ]
+then
+ #[ -f /var/run/eduroam_auth_method.$PAM_USER ] && rm /var/run/eduroam_auth_method.$PAM_USER
+
+ # decrement session
+ session_counter=/tmp/$PAM_USER.sessioncount
+ session_count=$(cat $session_counter)
+ echo "$(($session_count-1))" > $session_counter
+
+ # home dir ugly purge ... (log to debug...)
+ log=/var/log/eduroam
+ [ -f $log ] && rm $log
+ if [ -d /home/$PAM_USER ]
+ then
+ umount -fl /home/$PAM_USER/.gvfs &>> $log
+ chown -R root:root /home/$PAM_USER &>> $log
+ chmod -R a+rwx /home/$PAM_USER &>> $log
+ rm -rf /home/$PAM_USER &>> $log
+ fi
+ find /tmp -user $PAM_USER -delete
+ sed -i "/^$PAM_USER/d" /etc/passwd
+ sed -i "/^$PAM_USER/d" /etc/shadow
+ echo "[$PAM_TYPE] Local user deleted."
+fi
+
+echo "[$PAM_TYPE] Hope you enjoyed your stay $PAM_USER."
diff --git a/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_ses_open b/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_ses_open
new file mode 100755
index 00000000..4ca474b9
--- /dev/null
+++ b/src/os-plugins/plugins/eduroam/files/usr/share/libpam-script/pam_script_ses_open
@@ -0,0 +1,20 @@
+#!/bin/bash
+# pam_script session open script.
+# This script is executed by root when a new session is opened.
+echo "[$PAM_TYPE] Creating new session for $PAM_USER."
+
+min_uid=234299000
+[ $(id -u $PAM_USER) -gt $min_uid ] || exit 0
+
+session_counter=/tmp/$PAM_USER.sessioncount
+num_user_proc=$(ps aux|grep $PAM_USER -c|grep -v grep)
+
+if [ $num_user_proc -eq 0 ]
+then
+ # no running session, write 1 since we are creating a new session.
+ echo "1" > $session_counter
+else
+ # running session, increment
+ current_count=$(cat $session_counter)
+ echo "$(($current_count+1))" > $session_counter
+fi
diff --git a/src/os-plugins/plugins/plymouth/XX_plymouth.sh b/src/os-plugins/plugins/plymouth/XX_plymouth.sh
index f9927eae..f1b99511 100644
--- a/src/os-plugins/plugins/plymouth/XX_plymouth.sh
+++ b/src/os-plugins/plugins/plymouth/XX_plymouth.sh
@@ -21,9 +21,9 @@ if [ -e /initramfs/plugin-conf/plymouth.conf ]; then
if [ -f /mnt/etc/init/kdm.conf ];
then
- sed 's/exec kdm/plymouth quit \n exec kdm/g' -i /mnt/etc/init/kdm.conf
+ sed 's/exec kdm/$(sleep 0.5 \&\& plymouth quit) \&\n exec kdm/g' -i /mnt/etc/init/kdm.conf
else
- sed 's/exec kdm/plymouth quit \n exec kdm/g' -i /mnt/etc/init.inactive/kdm.conf
+ sed 's/exec kdm/$(sleep 0.5 \&\& plymouth quit) \&\n exec kdm/g' -i /mnt/etc/init.inactive/kdm.conf
fi
[ $DEBUGLEVEL -gt 0 ] && echo "done with the 'plymouth' plugin...";
fi
diff --git a/src/os-plugins/plugins/plymouth/init-hooks/40-started-hw-config/plymouth.sh b/src/os-plugins/plugins/plymouth/init-hooks/40-started-hw-config/plymouth.sh
index 19c26862..54a86774 100644
--- a/src/os-plugins/plugins/plymouth/init-hooks/40-started-hw-config/plymouth.sh
+++ b/src/os-plugins/plugins/plymouth/init-hooks/40-started-hw-config/plymouth.sh
@@ -1,4 +1,5 @@
# only start with no debug level
if [ $DEBUGLEVEL -eq 0 ]; then
- plymouthd && plymouth show-splash
+ /sbin/plymouthd --mode=boot --attach-to-session
+ /bin/plymouth show-splash
fi
diff --git a/src/os-plugins/plugins/plymouth/init-hooks/95-handing-over/plymouth.sh b/src/os-plugins/plugins/plymouth/init-hooks/95-handing-over/plymouth.sh
new file mode 100644
index 00000000..d7f27411
--- /dev/null
+++ b/src/os-plugins/plugins/plymouth/init-hooks/95-handing-over/plymouth.sh
@@ -0,0 +1,4 @@
+# only start with no debug level
+if [ $DEBUGLEVEL -eq 0 ]; then
+ /bin/plymouth update-root-fs --new-root-dir=/mnt
+fi