From df0500e35f66592ef09f922968fe8261bc26f887 Mon Sep 17 00:00:00 2001 From: Volker Uhrig Date: Wed, 14 Sep 2011 16:15:58 +0200 Subject: * Added compatibility for Ubuntu 10.10 * Added nscd support * Added checks for required packages --- src/initramfs/scripts/bin/servconfig | 10 +- .../plugins/auth/OpenSLX/OSPlugin/auth.pm | 92 +++++++++-- src/os-plugins/plugins/auth/XX_auth.sh | 170 +++++++++++++-------- 3 files changed, 189 insertions(+), 83 deletions(-) (limited to 'src') diff --git a/src/initramfs/scripts/bin/servconfig b/src/initramfs/scripts/bin/servconfig index 84544e23..f3b00519 100755 --- a/src/initramfs/scripts/bin/servconfig +++ b/src/initramfs/scripts/bin/servconfig @@ -99,8 +99,10 @@ dlocale ############################################################################# # setup passwd and shadow for local system users like root, bin, daemon and # nobody if no user/admin provided passwd exists ... fixme: see #206 -[ ! -e /rootfs/etc/shadow ] && \ - basepasswd $(sed "/+::0/d;s/root://;s/:.*//" /rootfs/etc/shadow 2>/dev/null) +if [ ! -e /initramfs/plugin-conf/auth.conf ]; then + [ ! -e /rootfs/etc/shadow ] && \ + basepasswd $(sed "/+::0/d;s/root://;s/:.*//" /rootfs/etc/shadow 2>/dev/null) +fi ############################################################################# # dns and ip configuration @@ -174,8 +176,8 @@ config_udev # (check for runlevel scripts, passwd entries, directories ...) config_dreshal -# configure automounter (should be moved to plugin) -if [ "x$automnt" != "xno" ] ; then +# configure automounter if auth-plugin is not used +if [ "x$automnt" != "xno" -a ! -e /initramfs/plugin-conf/auth.conf ] ; then # check if there is some user provided configuration (only auto.master is # important) and skip automatic setup if [ ! -f /rootfs/etc/auto.master ] ; then diff --git a/src/os-plugins/plugins/auth/OpenSLX/OSPlugin/auth.pm b/src/os-plugins/plugins/auth/OpenSLX/OSPlugin/auth.pm index fdb48ebc..939223f1 100644 --- a/src/os-plugins/plugins/auth/OpenSLX/OSPlugin/auth.pm +++ b/src/os-plugins/plugins/auth/OpenSLX/OSPlugin/auth.pm @@ -289,12 +289,13 @@ sub installationPhase my $nfs4 = $self->{attrs}->{'auth::nfs4'}; my $passwd = $self->{attrs}->{'auth::passwd'}; my $krb = $self->{attrs}->{'auth::krb'}; + my $distro = (split('-',$self->{'os-plugin-engine'}->distroName()))[0]; # configure passwd if($passwd) { my $rootPwd = $self->{attrs}->{'auth::rootpwd'}; if($rootPwd eq "") { - print "root-password not set. Change auth::rootpwd and retry.\n"; + print "* root-password not set. Change auth::rootpwd and retry.\n"; exit 1; } @@ -303,32 +304,95 @@ sub installationPhase ); } + # configure ldap if ($ldap) { if ($self->{attrs}->{'auth::ldapuri'} eq '' || $self->{attrs}->{'auth::ldapbase'} eq '') { - print "auth::ldapuri and/or auth::ldapbase not defined. LDAP configuration canceld\n"; + print "* auth::ldapuri and/or auth::ldapbase not defined. LDAP configuration canceld\n"; exit 1; } - + if ($distro eq 'ubuntu' && ! -d "/usr/share/doc/libpam-ldap") { + if (! -d "/usr/share/doc/libpam-ldapd") { + # ubuntu 10.04 && 11.04 + print "* libpam-ldapd or libpam-ldap not installed but required.\n"; + print " libpam-ldap is preferred over libpam-ldapd!\n"; + print " Please install one of these packages and try again!\n"; + exit 1; + } + print "* libpam-ldapd installed but not recommended. If there are problems, be aware about\n"; + print " /etc/nslcd.conf which can differ from /etc/pam.conf syntax!\n"; + print " /etc/nslcd.conf can also be copied via auth::files\n"; + } + if ($distro eq 'suse' && ! -d "/usr/share/doc/packages/pam_ldap") { + if (! -d "/usr/share/doc/packages/nss-pam-ldapd") { + # suse 10.4 + print "* pam_ldap or nss-pam-ldapd not installed but required.\n"; + print " pam_ldap is preferred over nss-pam-ldapd!\n"; + print " Please install one of these packages and try again!\n"; + exit 1; + } + print "* nss-pam-ldapd installed but not recommended. If there are problems, be aware about\n"; + print " /etc/nslcd.conf which can differ from /etc/pam.conf syntax!\n"; + print " /etc/nslcd.conf can also be copied via auth::files\n"; + } $self->_writeLdapConf(); #write ldap.conf } # configure automount if ($automount) { if ($self->{attrs}->{'auth::automnt_src'} eq '' && $self->{attrs}->{'auth::automnt_script'} eq '') { - print "auth::automnt_src and auth::automnt_script not defined. Automount configuration canceld\n"; + print "* auth::automnt_src and auth::automnt_script not defined. Automount configuration canceld\n"; exit 1; } if ($self->{attrs}->{'auth::automnt_dir'} eq '') { - print "auth::automnt_dir not defined. Automount configuration canceld\n"; + print "* auth::automnt_dir not defined. Automount configuration canceld\n"; exit 1; } + if ($distro eq 'ubuntu') { + #both package names: ubuntu 10.04&11.04 + if ( ! -d "/usr/share/doc/nfs-common") { + print "* Package nfs-common not installed, but is required.\n"; + print " Please install first.\n"; + exit 1; + } + if (! -d "/usr/share/doc/autofs5") { + print "* Package autofs/autofs5 not installed, but are required.\n"; + print " Please install first.\n"; + exit 1; + } + } + if ($distro eq 'suse') { + if (! -f "/etc/init.d/nfs") { + # suse 11.4 (no ../doc file, but testable through init.d file) + print "* Package nfs-client not installed, but are required.\n"; + print " Please install first.\n"; + exit 1; + } + if (! -d "/usr/share/doc/packages/autofs") { + # suse 11.4 + print "* Package autofs not installed, but are required.\n"; + print " Please install first.\n"; + exit 1; + } + } $self->_writeAutomountConf(); } # configure kerberOS. Biggest part in preInstallationPhase()! if ($krb) { + if ($distro eq 'ubuntu' && ! -d "/usr/share/doc/libpam-krb5") { + #ubuntu 11.04&10.04 + print "* Package libpam-krb5 not installed but required.\n"; + print " Please install first!\n"; + exit 1; + } + if ($distro eq 'suse' && ! -d "/usr/share/doc/packages/pam_krb5") { + #ubuntu 11.04&10.04 + print "* Package pam_krb5 not installed but required.\n"; + print " Please install first!\n"; + exit 1; + } $self->_krbConf(); } @@ -373,19 +437,19 @@ sub preInstallationPhase() my $automntScript = $self->{attrs}->{'auth::automnt_script'}; if ($krb && !-d $files) { - print "KerberOS enabled, but path $files from auth::files not found. Configuration canceld.\n"; + print "* KerberOS enabled, but path $files from auth::files not found. Configuration canceld.\n"; exit 1; } if ($krb && ! -e "$files/krb5.conf") { - print "KerberOS enabled, but needed Configfile $files/krb5.conf not found. Installation stopped.\n"; + print "* KerberOS enabled, but needed Configfile $files/krb5.conf not found. Installation stopped.\n"; exit 1; } if ($krb && $krbScript ne '' && ! -e "$files/$krbScript") { - print "KerberOS enabled, but needed Configfile $files/$krbScript not found. Installation stopped.\n"; + print "* KerberOS enabled, but needed Configfile $files/$krbScript not found. Installation stopped.\n"; exit 1; } if ($autoMount && $automntScript ne '' && ! -e "$files/$automntScript") { - print "auth::automnt_script $files/$automntScript not found. Installation stopped.\n"; + print "* auth::automnt_script $files/$automntScript not found. Installation stopped.\n"; exit 1; } @@ -516,14 +580,14 @@ sub _writeAutomountConf my $autoConf; if ($automntSrc ne '' && $automntScript ne '') { - print "auth::automnt_src and auth::automnt_script enabled. Both won't work together."; - print "You need to disable (set the value to '' (empty) one of them!"; - print "Automount configuration failed."; + print "* auth::automnt_src and auth::automnt_script enabled. Both won't work together."; + print " You need to disable (set the value to '' (empty) one of them!"; + print " Automount configuration failed."; exit 1; } # nfs - if ($autoProto eq 'nfs') { + if ($autoProto eq 'nfs' && ! $nfs4) { my $autoConf = "# created by auth-Plugin\n"; $autoConf .= "* -fstype=nfs,rsize=32768,wsize=32768,rw $autoHost:$autoSrcPath/&\n"; spitFile("$self->{'pluginRepositoryPath'}/auto.slx", $autoConf); @@ -541,7 +605,7 @@ sub _writeAutomountConf $autoConf .= "# not used, because we use auth::authmnt_script\n"; spitFile("$self->{'pluginRepositoryPath'}/auto.slx", $autoConf); } else { - print "Automount Configuration failed. Unknown protocol in auth::automnt_src, auth::nfs4 or auth::idmap_domain not enabled.\n"; + print "* Automount Configuration failed. Unknown protocol in auth::automnt_src or auth::nfs4 and auth::idmap_domain not enabled.\n"; exit 1; } diff --git a/src/os-plugins/plugins/auth/XX_auth.sh b/src/os-plugins/plugins/auth/XX_auth.sh index 99d5716e..1dcbd26d 100644 --- a/src/os-plugins/plugins/auth/XX_auth.sh +++ b/src/os-plugins/plugins/auth/XX_auth.sh @@ -1,4 +1,4 @@ - # Copyright (c) 2010 - OpenSLX GmbH +# Copyright (c) 2010 - OpenSLX GmbH # # This program/file is free software distributed under the GPL version 2. # See http://openslx.org/COPYING @@ -47,12 +47,21 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then sed -i 's/^passwd:.*/passwd: files/' /mnt/etc/nsswitch.conf sed -i 's/^group:.*/group: files/' /mnt/etc/nsswitch.conf + # general requirement + rllinker "nscd" 16 8 + + ###### + # LDAP + ###### if [ $auth_ldap -eq 1 ]; then - cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/ldap/ldap.conf - cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/openldap/ldap.conf # required for openSUSE 11.4 - # even if their syntax can differ, we copy them (and hope no nss_* attributes where used) - cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/nslcd.conf # required for openSUSE 11.4 cp ${PLUGINDIR}/ldap.conf.slx /mnt/etc/ldap.conf + ln -sf /etc/ldap.conf /mnt/etc/openldap/ldap.conf # required for openSUSE 11.4 + # even if their syntax can differ, we copy them + # (and hope no nss_* attributes where used) + echo "# Created by XX_auth.sh (auth-plugin) for compatibility reasons" \ + > /mnt/etc/nslcd.conf + cat ${PLUGINDIR}/ldap.conf.slx >> /mnt/etc/nslcd.conf # required for openSUSE 11.4 + ln -sf /etc/ldap.conf /mnt/etc/ldap/ldap.conf # PAM: add ldap conf before pam_unix(2).so; SuSE: ...-pc sed -i \ @@ -74,22 +83,24 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then # just to be on the save side... usually nslcd isn't used. sed -i "s/^\(nss_.*\)/#XX_auth.sh#\1/" /mnt/etc/nslcd.conf - # hack. if we want to have totally custom ldap.conf files... if [ -f ${PLUGINDIR}/ldap.conf ]; then - cp ${PLUGINDIR}/ldap.conf /mnt/etc/ldap.conf - cp ${PLUGINDIR}/ldap.conf /mnt/etc/ldap/ldap.conf - cp ${PLUGINDIR}/ldap.conf /mnt/etc/openldap/ldap.conf # required for openSUSE 11.4 - chmod 644 /mnt/etc/ldap.conf /mnt/etc/ldap/ldap.conf + echo "# copied from auth::files (default: /root/auth-plugin)" \ + > /mnt/etc/ldap.conf + cat ${PLUGINDIR}/ldap.conf >> /mnt/etc/ldap.conf fi # similiar to ldap.conf, but just similiar if [ -f ${PLUGINDIR}/nslcd.conf ]; then - cp ${PLUGINDIR}/nslcd.conf /mnt/etc/nslcd.conf # openSUSE 11.4 + echo "# copied from auth::files (default: /root/auth-plugin)" \ + > /mnt/etc/nslcd.conf + cat ${PLUGINDIR}/nslcd.conf >> /mnt/etc/nslcd.conf # openSUSE 11.4 fi fi - # configure automount + ######################## + # AUTOMOUNT, NFS partial + ######################## if [ $auth_automount -eq 1 ]; then cp ${PLUGINDIR}/auto.master /mnt/etc cp ${PLUGINDIR}/auto.slx /mnt/etc @@ -97,68 +108,94 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then mkdir -p /mnt/$auth_automnt_dir fi - config_portmap # distro specific configuration :( - config_automount # distro specific configuration :( - config_nfs # distro specific config... activates gssd and idmapd +# config_portmap # distro specific configuration :( +# config_automount # distro specific configuration :( +# config_nfs # distro specific config... activates gssd and idmapd - #maybe we need the following, same at auth_nfs4. also OS depending - #rllinker "autofs" 15 7 - - # hack for ubuntu - if [ $distro = "ubuntu" ]; then - sed -e 's,start on ,start on filesystem #,' \ - -i /mnt/etc/init/statd.conf - echo -e "alias autofs autofs4" >>/mnt/etc/modprobe.d/aliases.conf - fi + # ubuntu + case $distro in + ubuntu) + sed -e 's,start on ,start on filesystem #,' \ + -i /mnt/etc/init/statd.conf + echo -e "alias autofs autofs4" >>/mnt/etc/modprobe.d/aliases.conf + # no nfs-common initscirpt at 10.04, but other ones + # statd not required for NFSv4.. + sed -i 's/^NEED_STATD=.*/NEED_STATD=yes/' /mnt/etc/default/nfs-common + # optional, but helps in the future to move stuff out of OpenSLX to distri-tools + rllinker "portmap" 12 8 # required 10.04+11.04 with nfs to start rpc.statd + rllinker "portmap-wait" 12 8 # required 10.04+11.04 with nfs to start rpc.statd + rllinker "rpc_pipefs" 14 8 + rllinker "statd" 13 8 #fails + rllinker "autofs" 14 8 + # workaround for not starting statd. 10.04 affected, 11.04 not affected!?! + echo " # auth-plugin: workaround for statd + #mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs + rpc.statd -L" \ + >> /mnt/etc/init.d/boot.slx + rllinker "boot.slx" 2 20 + ;; + suse) + # enable generall nfs support + sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs + rllinker "rpcbind" 4 21 + rllinker "nfs" 14 20 + rllinker "autofs" 18 4 + ;; + esac fi - # configure nfs4 + ####### + # NFSv4 + ####### if [ $auth_nfs4 -eq 1 ]; then - testmkd /mnt/var/lib/nfs/rpc_pipefs - echo -e "rpc_pipefs\t/var/lib/nfs/rpc_pipefs rpc_pipefs defaults\t 0 0 nfsd\t\t/proc/fs/nfsd\tnfsd\t\tdefaults\t 0 0" >>/etc/fstab - echo -e "rpc_pipefs\t/var/lib/nfs/rpc_pipefs rpc_pipefs defaults\t 0 0 nfsd\t\t/proc/fs/nfsd\tnfsd\t\tdefaults\t 0 0" >>/mnt/etc/fstab - mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs - mount -t nfsd nfsd /proc/fs/nfsd - touch /mnt/var/lib/nfs/state - config_portmap # distro specific config. maybe double usage with automount - #rllinker "portmap" 2 20 - - # starts rpc.idmapd, maybe portmap... nfs-init.d-hell... + + # /etc/init-hell case "$distro" in suse) - rllinker "nfs" 14 8 + # for idmap + sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs + # optional, but may help in the future to move stuff out of OpenSLX to distri-tools + rllinker "rpcbind" 4 21 + rllinker "nfs" 14 8 # handles idmap & gssd ;; ubuntu) - rllinker "nfs-common" 14 8 + # nfs-common: somewhere before 10.04, not available with 10.04ff + rllinker "nfs-common" 16 8 + # enable idmapd sed -i 's/^NEED_IDMAPD=.*/NEED_IDMAPD=yes/' /mnt/etc/default/nfs-common - ;; - *) - # we don't know it, so lets use all... hopefully one will work ;-) - rllinker "nfs" 14 8 - rllinker "nfs-common" 14 8 + # rpc_pipefs, portmap and idmap rllinker are optional + # but may help in the future to move stuff out of OpenSLX to distri-tools + rllinker "rpc_pipefs" 13 8 #doenst work somehow. could be mount/not mounted quirks + rllinker "portmap" 14 8 + # optional, but helps in the future to move stuff out of OpenSLX to distri-tools + rllinker "idmapd" 17 8 + # somehow idmapd doesnt want to start, because rpc_pipefs, even if enabled, doesn't + # mount the required path. happend with a cloned ubuntu 10.04. therefore a workaround + echo " # auth-plugin: workaround for idmapd + mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs + # doesn't matter if already running + echo \"start idmapd (again)\" + service idmapd start" \ + >> /mnt/etc/init.d/boot.slx + rllinker "boot.slx" 2 20 ;; esac sed -i \ "s/^Domain.*/Domain = ${auth_idmap_domain}/" \ /mnt/etc/idmapd.conf - - - #maybe we need the following, same at auth_nfs4. also OS depending - #rllinker "autofs" 15 7 fi # configure automnt_script if [ $auth_automnt_script ]; then - chmod 755 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_automnt_script + chmod 700 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_automnt_script fi - - # configure KerberOS if [ $auth_krb -eq 1 ]; then - cp ${PLUGINDIR}/krb5.conf /mnt/etc - chmod 644 /mnt/etc/krb5.conf + echo "# copied from auth::files (default: /root/auth-plugin)" \ + > /mnt/etc/krb5.conf + cat ${PLUGINDIR}/krb5.conf >> /mnt/etc/krb5.conf # PAM: add krb conf after pam_unix(2).so; SuSE: ...-pc sed -i \ @@ -173,22 +210,28 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then # script to get keytab or do other magic things if [ -n $auth_krbscript ]; then echo "# auth-plugin: start custom kerberOS script + echo "Start krbscript" /${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_krbscript chmod 600 /etc/krb5.keytab # if a user forget to change it the $auth_krbscript" \ >> /mnt/etc/init.d/boot.slx - chmod 755 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_krbscript + chmod 700 /mnt/${OPENSLX_DEFAULT_DIR}/plugin-repo/auth/$auth_krbscript # just krb5.conf perm rllinker "boot.slx" 2 20 fi # maybe not needed in every case. depends how $HOME gets mounted... but required for nfs & automount at least with nfsv4 - if [ $distro = "ubuntu" ]; then - sed -i 's/^NEED_GSSD.*/NEED_GSSD=yes/' /mnt/etc/default/nfs-common - fi - if [ $distro = "suse" ]; then - sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs - sed -i 's/^NFS_SECURITY_GSS.*/NFS_SECURITY_GSS="yes"/' /mnt/etc/sysconfig/nfs - fi + case "$distro" in + ubuntu) + sed -i 's/^NEED_GSSD.*/NEED_GSSD=yes/' /mnt/etc/default/nfs-common + # optional, but wont hurt if the previous fails + rllinker "gssd" 16 8 + ;; + suse) + # for idmap and gss + sed -i 's/^NFS_START_SERVICES.*/NFS_START_SERVICES="yes"/' /mnt/etc/sysconfig/nfs + sed -i 's/^NFS_SECURITY_GSS.*/NFS_SECURITY_GSS="yes"/' /mnt/etc/sysconfig/nfs + ;; + esac fi @@ -201,14 +244,11 @@ if [ -e /initramfs/plugin-conf/auth.conf ]; then # hack. if we want to have totally custom nsswitch.conf file... if [ -f ${PLUGINDIR}/nsswitch.conf ]; then - cp ${PLUGINDIR}/nsswitch.conf /mnt/etc/nsswitch.conf - chmod 644 /mnt/etc/nsswitch.conf + echo "# copied from auth::files (default: /root/auth-plugin)" \ + > /mnt/etc/nsswitch.conf + cat ${PLUGINDIR}/nsswitch.conf >> /mnt/etc/nsswitch.conf fi - - # just for development purpose, can be deleted later - rllinker "syslog" 2 20 - else [ $DEBUGLEVEL -gt 0 ] && echo " * Configuration of auth plugin failed" fi -- cgit v1.2.3-55-g7522