Debian packages needed: cifs-utils, libpam-script, libnss-extrausers
.
passwd: compat extrausers
.
#!/usr/bin/python
import sys,re
n = sys.argv[1]
file = open("/etc/kalinx/netusers","r")
for line in file:
s = line.rstrip()
if re.match(s + "$", n): sys.exit(0)
sys.exit(1)
[a-z]\.[a-z]+
gast
fileserver.local workgroup
for i in auth passwd ses_close ses_open; do
ln -s /etc/kalinx/pam_script_cifs /usr/share/libpam-script/pam_script_$i
done
#!/bin/bash
test "$PAM_USER" = root && exit 1
/etc/kalinx/is_netuser $PAM_USER || exit 1
log() {
out=$ka/log
test $id != 0 && out=/run/user/$id/kalinx.log
echo $1 >>$out
}
ka=/run/kalinx
id=$(id -ur)
name=$(basename $0)
#-----------------------------------------------------------------------
if test $name = pam_script_auth; then
mkdir -p $ka
log "AUTH $PAM_USER - $(date) - $id - $PAM_SERVICE"
if test -e $ka/md_$PAM_USER; then
# screensaver oder sudo
read s md x <$ka/md_$PAM_USER
mdx=$(echo "$s$PAM_AUTHTOK" | md5sum | cut -c1-32)
test $mdx = "$md" && exit 0
exit 1
fi
test $id != 0 && exit 1
if test ! -O /u; then
log "/u is already mounted"
exit 1
fi
if test "$PAM_USER" = gast -a "$PAM_AUTHTOK" = g; then
mount -t tmpfs tmpfs /u
chown 5001:5001 /u
chmod og-wt /u
ok=1
else
uid=5000
set $(cat /etc/kalinx/netserver)
srv=$1
test $2 && ox="domain=$2,"
oy="mfsymlinks,dir_mode=0700,file_mode=0700,cache=loose,",
o="$oy$ox$o,user=$PAM_USER,uid=$uid,gid=5000"
PASSWD="$PAM_AUTHTOK" mount.cifs //$srv/homes /u -o $o 2>>$ka/log
test $? = 0 -o $? = 16 && ok=1
fi
if test -z $ok; then
log "Mount failed: $?"
exit 1
fi
h=/u/LinuxHome
uid=$(ls -dln /u | cut -d' ' -f3)
gid=$(ls -dln /u | cut -d' ' -f4)
echo "$PAM_USER:dummy:$uid:$gid:,,,:$h:/bin/bash" >/var/lib/extrausers/passwd
echo 0 > $ka/cnt_$PAM_USER
s=$(dd if=/dev/urandom count=8 bs=1 2>/dev/null | base64)
md=$(echo "$s$PAM_AUTHTOK" | md5sum | cut -c1-32)
umask 077
echo $s $md >$ka/md_$PAM_USER
chown $PAM_USER $ka/md_$PAM_USER
#-----------------------------------------------------------------------
elif test $name = pam_script_passwd; then
log "PASSWD $PAM_USER - $(date) - $id - $PAM_SERVICE"
exit 1
#-----------------------------------------------------------------------
elif test $name = pam_script_ses_open; then
test $PAM_SERVICE = systemd-user && exit 1
test -e $ka/cnt_$PAM_USER || exit 0
log "OPEN $PAM_USER - $(date) - $id - $PAM_SERVICE"
n=$(cat $ka/cnt_$PAM_USER)
echo $(($n+1)) > $ka/cnt_$PAM_USER
if test $n = 0; then
h=$(eval echo ~$PAM_USER)
runuser "$PAM_USER" <<EOF
if test ! -d $h; then
mkdir $h
chmod 700 $h
fi
mkdir -p /tmp/cache-$PAM_USER
rm -rf $h/.cache
ln -s /tmp/cache-$PAM_USER $h/.cache
EOF
fi
elif test $name = pam_script_ses_close; then
test -e $ka/cnt_$PAM_USER || exit 0
log "CLOSE $PAM_USER - $(date) - $id - $PAM_SERVICE"
n=$(($(cat $ka/cnt_$PAM_USER) - 1))
echo $n > $ka/cnt_$PAM_USER
if test $n = 0; then
umount -l /u
rm $ka/cnt_$PAM_USER $ka/md_$PAM_USER /var/lib/extrausers/passwd
log "CLOSE cleaned"
fi
fi
exit 0