diff options
Diffstat (limited to 'src/os-plugins/plugins/auth/XX_auth.sh')
| -rw-r--r-- | src/os-plugins/plugins/auth/XX_auth.sh | 170 |
1 files changed, 105 insertions, 65 deletions
diff --git a/src/os-plugins/plugins/auth/XX_auth.sh b/src/os-plugins/plugins/auth/XX_auth.sh index 99d5716e..1dcbd26d 100644 --- a/src/os-plugins/plugins/auth/XX_auth.sh +++ b/src/os-plugins/plugins/auth/XX_auth.sh @@ -1,4 +1,4 @@ - # Copyright (c) 2010 - OpenSLX GmbH +# Copyright (c) 2010 - OpenSLX GmbH # # This program/file is free software distributed under the GPL version 2. # See http://openslx.org/COPYING @@ -47,12 +47,21 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then sed -i 's/^passwd:.*/passwd: files/' /mnt/etc/nsswitch.conf sed -i 's/^group:.*/group: files/' /mnt/etc/nsswitch.conf + # general requirement + rllinker "nscd" 16 8 + + ###### + # LDAP + ###### if [ $auth_ldap -eq 1 ]; then - cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/ldap/ldap.conf - cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/openldap/ldap.conf # required for openSUSE 11.4 - # even if their syntax can differ, we copy them (and hope no nss_* attributes where used) - cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/nslcd.conf # required for openSUSE 11.4 cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/ldap.conf + ln -sf /etc/ldap.conf /mnt/etc/openldap/ldap.conf # required for openSUSE 11.4 + # even if their syntax can differ, we copy them + # (and hope no nss_* attributes where used) + echo "# Created by XX_auth.sh (auth-plugin) for compatibility reasons" \ + > /mnt/etc/nslcd.conf + cat ${PLUGINDIR}/ldap.conf.slx >> /mnt/etc/nslcd.conf # required for openSUSE 11.4 + ln -sf /etc/ldap.conf /mnt/etc/ldap/ldap.conf # PAM: add ldap conf before pam_unix(2).so; SuSE: ...-pc sed -i \ @@ -74,22 +83,24 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then # just to be on the save side... usually nslcd isn't used. sed -i "s/^\(nss_.*\)/#XX_auth.sh#\1/" /mnt/etc/nslcd.conf - # hack. if we want to have totally custom ldap.conf files... if [ -f ${PLUGINDIR}/ldap.conf ]; then - cp ${PLUGINDIR}/ldap.conf /mnt/etc/ldap.conf - cp ${PLUGINDIR}/ldap.conf /mnt/etc/ldap/ldap.conf - cp ${PLUGINDIR}/ldap.conf /mnt/etc/openldap/ldap.conf # required for openSUSE 11.4 - chmod 644 /mnt/etc/ldap.conf /mnt/etc/ldap/ldap.conf + echo "# copied from auth::files (default: /root/auth-plugin)" \ + > /mnt/etc/ldap.conf + cat ${PLUGINDIR}/ldap.conf >> /mnt/etc/ldap.conf fi # similiar to ldap.conf, but just similiar if [ -f ${PLUGINDIR}/nslcd.conf ]; then - cp ${PLUGINDIR}/nslcd.conf /mnt/etc/nslcd.conf # openSUSE 11.4 + echo "# copied from auth::files (default: /root/auth-plugin)" \ + > /mnt/etc/nslcd.conf + cat ${PLUGINDIR}/nslcd.conf >> /mnt/etc/nslcd.conf # openSUSE 11.4 fi fi - # configure automount + ######################## + # AUTOMOUNT, NFS partial + ######################## if [ $auth_automount -eq 1 ]; then cp ${PLUGINDIR}/auto.master /mnt/etc cp ${PLUGINDIR}/auto.slx /mnt/etc @@ -97,68 +108,94 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then mkdir -p /mnt/$auth_automnt_dir fi - config_portmap # distro specific configuration :( - config_automount # distro specific configuration :( - config_nfs # distro specific config... activates gssd and idmapd +# config_portmap # distro specific configuration :( +# config_automount # distro specific configuration :( +# config_nfs # distro specific config... activates gssd and idmapd - #maybe we need the following, same at auth_nfs4. also OS depending - #rllinker "autofs" 15 7 - - # hack for ubuntu - if [ $distro = "ubuntu" ]; then - sed -e 's,start on ,start on filesystem #,' \ - -i /mnt/etc/init/statd.conf - echo -e "alias autofs autofs4" >>/mnt/etc/modprobe.d/aliases.conf - fi + # ubuntu + case $distro in + ubuntu) + sed -e 's,start on ,start on filesystem #,' \ + -i /mnt/etc/init/statd.conf + echo -e "alias autofs autofs4" >>/mnt/etc/modprobe.d/aliases.conf + # no nfs-common initscirpt at 10.04, but other ones + # statd not required for NFSv4.. + sed -i 's/^NEED_STATD=.*/NEED_STATD=yes/' /mnt/etc/default/nfs-common + # optional, but helps in the future to move stuff out of OpenSLX to distri-tools + rllinker "portmap" 12 8 # required 10.04+11.04 with nfs to start rpc.statd + rllinker "portmap-wait" 12 8 # required 10.04+11.04 with nfs to start rpc.statd + rllinker "rpc_pipefs" 14 8 + rllinker "statd" 13 8 #fails + rllinker "autofs" 14 8 + # workaround for not starting statd. 10.04 affected, 11.04 not affected!?! + echo " # auth-plugin: workaround for statd + #mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs + rpc.statd -L" \ + >> /mnt/etc/init.d/boot.slx + rllinker "boot.slx" 2 20 + ;; + suse) + # enable generall nfs support + sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs + rllinker "rpcbind" 4 21 + rllinker "nfs" 14 20 + rllinker "autofs" 18 4 + ;; + esac fi - # configure nfs4 + ####### + # NFSv4 + ####### if [ $auth_nfs4 -eq 1 ]; then - testmkd /mnt/var/lib/nfs/rpc_pipefs - echo -e "rpc_pipefs\t/var/lib/nfs/rpc_pipefs rpc_pipefs defaults\t 0 0 nfsd\t\t/proc/fs/nfsd\tnfsd\t\tdefaults\t 0 0" >>/etc/fstab - echo -e "rpc_pipefs\t/var/lib/nfs/rpc_pipefs rpc_pipefs defaults\t 0 0 nfsd\t\t/proc/fs/nfsd\tnfsd\t\tdefaults\t 0 0" >>/mnt/etc/fstab - mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs - mount -t nfsd nfsd /proc/fs/nfsd - touch /mnt/var/lib/nfs/state - config_portmap # distro specific config. maybe double usage with automount - #rllinker "portmap" 2 20 - - # starts rpc.idmapd, maybe portmap... nfs-init.d-hell... + + # /etc/init-hell case "$distro" in suse) - rllinker "nfs" 14 8 + # for idmap + sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs + # optional, but may help in the future to move stuff out of OpenSLX to distri-tools + rllinker "rpcbind" 4 21 + rllinker "nfs" 14 8 # handles idmap & gssd ;; ubuntu) - rllinker "nfs-common" 14 8 + # nfs-common: somewhere before 10.04, not available with 10.04ff + rllinker "nfs-common" 16 8 + # enable idmapd sed -i 's/^NEED_IDMAPD=.*/NEED_IDMAPD=yes/' /mnt/etc/default/nfs-common - ;; - *) - # we don't know it, so lets use all... hopefully one will work ;-) - rllinker "nfs" 14 8 - rllinker "nfs-common" 14 8 + # rpc_pipefs, portmap and idmap rllinker are optional + # but may help in the future to move stuff out of OpenSLX to distri-tools + rllinker "rpc_pipefs" 13 8 #doenst work somehow. could be mount/not mounted quirks + rllinker "portmap" 14 8 + # optional, but helps in the future to move stuff out of OpenSLX to distri-tools + rllinker "idmapd" 17 8 + # somehow idmapd doesnt want to start, because rpc_pipefs, even if enabled, doesn't + # mount the required path. happend with a cloned ubuntu 10.04. therefore a workaround + echo " # auth-plugin: workaround for idmapd + mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs + # doesn't matter if already running + echo \"start idmapd (again)\" + service idmapd start" \ + >> /mnt/etc/init.d/boot.slx + rllinker "boot.slx" 2 20 ;; esac sed -i \ "s/^Domain.*/Domain = ${auth_idmap_domain}/" \ /mnt/etc/idmapd.conf - - - #maybe we need the following, same at auth_nfs4. also OS depending - #rllinker "autofs" 15 7 fi # configure automnt_script if [ $auth_automnt_script ]; then - chmod 755 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_automnt_script + chmod 700 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_automnt_script fi - - # configure KerberOS if [ $auth_krb -eq 1 ]; then - cp ${PLUGINDIR}/krb5.conf /mnt/etc - chmod 644 /mnt/etc/krb5.conf + echo "# copied from auth::files (default: /root/auth-plugin)" \ + > /mnt/etc/krb5.conf + cat ${PLUGINDIR}/krb5.conf >> /mnt/etc/krb5.conf # PAM: add krb conf after pam_unix(2).so; SuSE: ...-pc sed -i \ @@ -173,22 +210,28 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then # script to get keytab or do other magic things if [ -n $auth_krbscript ]; then echo "# auth-plugin: start custom kerberOS script + echo "Start krbscript" /${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_krbscript chmod 600 /etc/krb5.keytab # if a user forget to change it the $auth_krbscript" \ >> /mnt/etc/init.d/boot.slx - chmod 755 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_krbscript + chmod 700 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_krbscript # just krb5.conf perm rllinker "boot.slx" 2 20 fi # maybe not needed in every case. depends how $HOME gets mounted... but required for nfs & automount at least with nfsv4 - if [ $distro = "ubuntu" ]; then - sed -i 's/^NEED_GSSD.*/NEED_GSSD=yes/' /mnt/etc/default/nfs-common - fi - if [ $distro = "suse" ]; then - sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs - sed -i 's/^NFS_SECURITY_GSS.*/NFS_SECURITY_GSS="yes"/' /mnt/etc/sysconfig/nfs - fi + case "$distro" in + ubuntu) + sed -i 's/^NEED_GSSD.*/NEED_GSSD=yes/' /mnt/etc/default/nfs-common + # optional, but wont hurt if the previous fails + rllinker "gssd" 16 8 + ;; + suse) + # for idmap and gss + sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs + sed -i 's/^NFS_SECURITY_GSS.*/NFS_SECURITY_GSS="yes"/' /mnt/etc/sysconfig/nfs + ;; + esac fi @@ -201,14 +244,11 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then # hack. if we want to have totally custom nsswitch.conf file... if [ -f ${PLUGINDIR}/nsswitch.conf ]; then - cp ${PLUGINDIR}/nsswitch.conf /mnt/etc/nsswitch.conf - chmod 644 /mnt/etc/nsswitch.conf + echo "# copied from auth::files (default: /root/auth-plugin)" \ + > /mnt/etc/nsswitch.conf + cat ${PLUGINDIR}/nsswitch.conf >> /mnt/etc/nsswitch.conf fi - - # just for development purpose, can be deleted later - rllinker "syslog" 2 20 - else [ $DEBUGLEVEL -gt 0 ] && echo " * Configuration of auth plugin failed" fi |