[debian-edu-commits] debian-edu/upstream/ 01/71: First draft of pam module creating local users and authenticating them using libpam-ccreds.

Petter Reinholdtsen pere at moszumanska.debian.org
Mon Jun 9 18:25:34 UTC 2014 

This is an automated email from the git hooks/post-receive script.

pere pushed a commit to branch master
in repository libpam-mklocaluser.

commit 35c1853f95e7e26d1f78c4158b12f1e6a6fe3bdd
Author: Petter Reinholdtsen <pere at hungry.com>
Date:   Sat May 1 09:36:06 2010 +0000

    First draft of pam module creating local users and authenticating them using libpam-ccreds.
---
 debian/README                          | 10 ++++++
 debian/changelog                       |  5 +++
 debian/compat                          |  1 +
 debian/control                         | 21 ++++++++++++
 debian/copyright                       | 32 ++++++++++++++++++
 debian/libpam-localoffline.install     |  4 +++
 debian/libpam-localoffline.postinst    |  7 ++++
 debian/libpam-localoffline.prerm       |  6 ++++
 debian/pam-auth-update/lo-ccreds-check |  7 ++++
 debian/pam-auth-update/lo-ccreds-save  |  6 ++++
 debian/pam-auth-update/localoffline    |  6 ++++
 debian/pam-python.py                   | 60 ++++++++++++++++++++++++++++++++++
 debian/rules                           |  3 ++
 13 files changed, 168 insertions(+)

diff --git a/debian/README b/debian/README
new file mode 100644
index 0000000..7309878
--- /dev/null
+++ b/debian/README
@@ -0,0 +1,10 @@
+libpam-localoffline
+===================
+
+PAM configuration to enable add users able to log in, presumably using
+some network directory information like NIS or LDAP, and when they log
+in a local users with the uid and gid information from the networed
+directory is created, and their password is cached on the local disk
+to allow them to log in also when disconnected from the net.
+
+Submit patches to debian-edu at lists.debian.org.
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..83b098b
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+libpam-localoffline (0.0.1) UNRELEASED; urgency=low
+
+  * Initial release.
+
+ -- Petter Reinholdtsen <pere at debian.org>  Sat, 01 May 2010 11:31:26 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..7f8f011
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+7
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..307cd3f
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,21 @@
+Source: libpam-localoffline
+Section: misc
+Priority: optional
+Maintainer: Debian Edu Developers <debian-edu at lists.debian.org>
+Uploaders: Petter Reinholdtsen <pere at debian.org>
+Build-Depends: debhelper (>= 7), cdbs
+Standards-Version: 3.8.4
+Homepage: http://www.skolelinux.org/
+Vcs-Browser: http://svn.debian.org/wsvn/debian-edu/trunk/src/libpam-localoffline/?rev=0&sc=0
+Vcs-Svn: svn://svn.debian.org/debian-edu/trunk/src/libpam-localoffline/
+
+Package: libpam-localoffline
+Architecture: all
+Depends: ${misc:Depends}, libpam-ccreds, libpam-python
+Description: Configure PAM to create a local user and do offline authentication
+ When the user log in for the first time, a local user is created in
+ /etc/passwd and primary group created in /etc/group, and a local home
+ directory is created in /home.  The password is set up to be cached
+ by libpam-ccreds to allow login without network connection using the
+ password provided by some network authentication service like
+ Kerberos or LDAP.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..70b334f
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,32 @@
+This package was debianized by Petter Reinholdtsen on
+Sat May  1 10:38:44 CEST 2010
+
+The current Debian maintainer is Petter Reinholdtsen
+
+It was downloaded from:
+  http://svn.debian.org/wsvn/debian-edu/trunk/src/libpam-localoffline/
+
+Created by Petter Reinholdtsen, upstream authors are the debian-edu
+  team <debian-edu at lists.debian.org>
+
+Copyright: 2010 Petter Reinholdtsen
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License with
+ the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL;
+ if not, write to the Free Software Foundation, Inc., 51 Franklin Street, 
+ Fifth Floor, Boston, MA 02110-1301 USA
+
+On Debian systems, the complete text of the GNU General Public
+License, version 2, can be found in /usr/share/common-licenses/GPL-2.
+
+The Debian packaging is copyright 2010 by Petter Reinholdtsen and
+licensed under the terms of the GNU General Public License version 2.
diff --git a/debian/libpam-localoffline.install b/debian/libpam-localoffline.install
new file mode 100644
index 0000000..dd864c0
--- /dev/null
+++ b/debian/libpam-localoffline.install
@@ -0,0 +1,4 @@
+debian/pam-auth-update/lo-ccreds-check	usr/share/pam-configs
+debian/pam-auth-update/lo-ccreds-save	usr/share/pam-configs
+debian/pam-auth-update/localoffline	usr/share/pam-configs
+debian/pam-python.py			usr/lib/libpam-localoffline
diff --git a/debian/libpam-localoffline.postinst b/debian/libpam-localoffline.postinst
new file mode 100644
index 0000000..14ec6ce
--- /dev/null
+++ b/debian/libpam-localoffline.postinst
@@ -0,0 +1,7 @@
+#! /bin/sh -e
+
+pam-auth-update --package
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/libpam-localoffline.prerm b/debian/libpam-localoffline.prerm
new file mode 100644
index 0000000..70d2a99
--- /dev/null
+++ b/debian/libpam-localoffline.prerm
@@ -0,0 +1,6 @@
+#! /bin/sh -e
+
+pam-auth-update --package --remove ccreds-check
+pam-auth-update --package --remove ccreds-save
+
+#DEBHELPER#
diff --git a/debian/pam-auth-update/lo-ccreds-check b/debian/pam-auth-update/lo-ccreds-check
new file mode 100644
index 0000000..0e931f4
--- /dev/null
+++ b/debian/pam-auth-update/lo-ccreds-check
@@ -0,0 +1,7 @@
+Name: Ccreds credential caching - password checking
+Default: yes
+Priority: 0
+Auth-Type: Primary
+Auth:
+	[success=end default=ignore]	pam_ccreds.so action=validate use_first_pass
+	[default=ignore]		pam_ccreds.so action=update
diff --git a/debian/pam-auth-update/lo-ccreds-save b/debian/pam-auth-update/lo-ccreds-save
new file mode 100644
index 0000000..53d8c0b
--- /dev/null
+++ b/debian/pam-auth-update/lo-ccreds-save
@@ -0,0 +1,6 @@
+Name: Ccreds credential caching - password saving
+Default: yes
+Priority: 512
+Auth-Type: Additional
+Auth:
+	optional			pam_ccreds.so action=store
diff --git a/debian/pam-auth-update/localoffline b/debian/pam-auth-update/localoffline
new file mode 100644
index 0000000..97e6f37
--- /dev/null
+++ b/debian/pam-auth-update/localoffline
@@ -0,0 +1,6 @@
+Name: Create local accounts and home directory on first time login
+Default: yes
+Priority: 0
+Session-Type: Additional
+Session-Final:
+	required pam_python.so /usr/lib/libpam-localoffline/pam-python.py"
diff --git a/debian/pam-python.py b/debian/pam-python.py
new file mode 100755
index 0000000..b550635
--- /dev/null
+++ b/debian/pam-python.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+#
+# Create local user and redirected home directory.
+# If the local user logging in have uid >= 1000, create primary group
+# and user in /etc/passwd and /etc/group, and create a home directory
+# under /home/ if none exist already.
+
+import sys
+import pwd
+
+def check_and_create_localuser(pamh, user):
+  userinfo = pwd.getpwnam(user)
+  # Run adduser --disabled-password --homedir /home/$user $user
+  # set $HOME to /home/$user
+  pamh.putenv("HOME=/home/user")
+  return pamh.PAM_SUCCESS
+
+def pam_sm_setcred(pamh, flags, argv):
+  return pamh.PAM_SUCCESS
+
+def pam_sm_authenticate(pamh, flags, argv):
+  return pamh.PAM_SUCCESS
+
+def pam_sm_acct_mgmt(pamh, flags, argv):
+  return pamh.PAM_SUCCESS
+
+def pam_sm_open_session(pamh, flags, argv):
+  try:
+    user = pamh.get_user(None)
+  except pamh.exception, e:
+    return e.pam_result
+  if user == None:
+    print "No user, ignoring pam-python for localoffline"
+    return pamh.PAM_USER_UNKNOWN
+  try:
+    return check_and_create_localuser(pamh, user)
+  except KeyError, e:
+    print "Unknown username, should never happen"
+    return pamh.PAM_USER_UNKNOWN
+  except Exception, e:
+    print "Unexpected exception, should never happen"
+    return pamh.PAM_SYSTEM_ERR
+
+def pam_sm_close_session(pamh, flags, argv):
+  return pamh.PAM_SUCCESS
+
+def pam_sm_chauthtok(pamh, flags, argv):
+  return pamh.PAM_SUCCESS
+
+# Test if the code work.  Argument is username to simulate login for.
+if __name__ == '__main__':
+  class pam_handler:
+    PAM_SUCCESS = 1
+    PAM_USER_UNKNOWN = 2
+    PAM_SYSTEM_ERR = 3
+    def putenv(selv, value):
+        print "Update environment: %s" % (value)
+  pamh = pam_handler()
+  user = sys.argv[1]
+  check_and_create_localuser(pamh, user)
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..e6192f6
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,3 @@
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/upstream/libpam-mklocaluser.git

More information about the debian-edu-commits mailing list