From 4a00cc6290c7d29156e7bc204a704a4e48860c8f Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Wed, 7 Dec 2011 17:46:43 +0100
Subject: eduroam server IP and secret are ow attributes

---
 .../plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm    | 33 ++++++++++++++++++++--
 src/os-plugins/plugins/eduroam/XX_eduroam.sh       | 27 +++++++++++-------
 2 files changed, 47 insertions(+), 13 deletions(-)

(limited to 'src/os-plugins')

diff --git a/src/os-plugins/plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm b/src/os-plugins/plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm
index c5c74c17..7c38a055 100644
--- a/src/os-plugins/plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm
+++ b/src/os-plugins/plugins/eduroam/OpenSLX/OSPlugin/eduroam.pm
@@ -61,6 +61,29 @@ sub getAttrInfo
             content_descr => '1 means active - 0 means inactive',
             default => '1',
         },
+
+        'eduroam::server_ip' => {
+            applies_to_systems => 1,
+            applies_to_clients => 1,
+            description => unshiftHereDoc(<<'            End-of-Here'),
+                IP address of the eduroam backend server
+            End-of-Here
+            content_regex => qr{^.*$},
+            content_descr => 'valid IP address',
+            default => '1',
+        },
+
+        'eduroam::server_secret' => {
+            applies_to_systems => 1,
+            applies_to_clients => 1,
+            description => unshiftHereDoc(<<'            End-of-Here'),
+                shared secret for eduroam authentication
+            End-of-Here
+            content_regex => qr{^.*$},
+            content_descr => 'string of the shared secret',
+            default => '1',
+        },
+
     };
 }
 
@@ -90,6 +113,8 @@ sub installationPhase
     my $info = shift;
 
     my $engine = $self->{'os-plugin-engine'};
+
+    # check if libpam-radius-package is already installed
     my @installedPackages = $engine->getInstalledPackages();
     my $found = 0;
     foreach (@installedPackages) {
@@ -97,7 +122,7 @@ sub installationPhase
             $found = 1;
         }
     }
-    # if not found, install it
+    # if not, install it
     if ($found == 0) {
         vlog(0, _tr("Missing package 'libpam-radius-auth', installing...\n"));
         $engine->installPackages('libpam-radius-auth');
@@ -109,9 +134,11 @@ sub installationPhase
     my $eduroamFilesPath = "$self->{openslxBasePath}/lib/plugins/eduroam/files";
     my $pluginRepoPath = "$self->{pluginRepositoryPath}";
 
+    # copy the rest of the needed files:
+    #   lib/security/pam_script.so - library needed by PAM-script module
+    #   usr/share/libpam-script/*  - scripts to create the local user if radius auth succeeded
+    #   etc/pam.d/kdm/radius-auth  - PAM-module for radius auth
     copyDir("$eduroamFilesPath", "$pluginRepoPath");
-    #copyDir("$eduroamFilesPath/lib", "$pluginRepoPath");
-    #copyDir("$eduroamFilesPath/etc", "$pluginRepoPath");
 
     return;
 }
diff --git a/src/os-plugins/plugins/eduroam/XX_eduroam.sh b/src/os-plugins/plugins/eduroam/XX_eduroam.sh
index fe8bcef6..d977a791 100644
--- a/src/os-plugins/plugins/eduroam/XX_eduroam.sh
+++ b/src/os-plugins/plugins/eduroam/XX_eduroam.sh
@@ -20,19 +20,26 @@ if [ -e /initramfs/plugin-conf/eduroam.conf ]; then
     [ $DEBUGLEVEL -gt 0 ] && echo "executing the 'eduroam' plugin...";
 
     # copy files
-    
-    cp /mnt/opt/openslx/plugin-repo/eduroam/files/lib/security/pam_script.so \
-       /mnt/lib/security
-    cp /mnt/opt/openslx/plugin-repo/eduroam/files/etc/pam_radius_auth.conf \
-       /mnt/etc
-    cp /mnt/opt/openslx/plugin-repo/eduroam/files/etc/pam.d/radius-auth \
-       /mnt/etc/pam.d
-    cp -r /mnt/opt/openslx/plugin-repo/eduroam/files/usr/share \
-          /mnt/usr/share
+    cd /mnt/opt/openslx/plugin-repo/eduroam/files
+    # better with tar, doesn't work however...
+    #tar c * | tar x -C /mnt
+    for f in $(find . -type f); do cp $f /mnt/$f; done
+
+    # delete old config, just to make sure there are no conflicts
+    pam_radius_conf=/mnt/etc/pam_radius_auth.conf
+    [ -f $pam_radius_conf ] && rm $pam_radius_conf
+
+    # hack to get the actual literal string from the config file...
+    secret=$(cat /initramfs/plugin-conf/eduroam.conf | grep secret | \
+             sed 's/eduroam_server_secret="//g' | sed 's/\(.*\)./\1/')
+
+    # write eduroam server config
+    echo -n "$eduroam_server_ip $secret 3" > $pam_radius_conf
 
     # activate eduroam in kdm
     # TODO: for other desktop managers
-    sed 's/@include common-auth/@include radius-auth/g' -i /mnt/etc/pam.d/kdm
+    pam_kdm=/mnt/etc/pam.d/kdm
+    [ -f $pam_kdm ] && sed 's/@include common-auth/@include radius-auth/g' -i $pam_kdm
     
     [ $DEBUGLEVEL -gt 0 ] && echo "done with the 'eduroam' plugin...";
   fi
-- 
cgit v1.2.3-55-g7522