[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. debian/0.11-7-gcdf9d5c

Andreas B. Mundt andi at debian.org
Sun May 26 16:45:53 UTC 2013 

The following commit has been merged in the master branch:
commit f3968d02d3acb7a5f35342e84355f6a1d28fc09d
Author: Andreas B. Mundt <andi at debian.org>
Date:   Sun May 26 18:31:29 2013 +0200

    Make 'pam_script_auth' work for complex home directory structures.
    
    Take into account that a user's home directory is not necessarily
    '/home/<username>', fetch the path with 'getent'.  Move
    '/usr/share/libpam-script/pam_script_auth' to extra files.  Prefer
    'cut' instead of 'awk'.

diff --git a/fai/config/files/usr/local/sbin/debian-lan/SERVER_A b/fai/config/files/usr/local/sbin/debian-lan/SERVER_A
index b337123..80414fb 100755
--- a/fai/config/files/usr/local/sbin/debian-lan/SERVER_A
+++ b/fai/config/files/usr/local/sbin/debian-lan/SERVER_A
@@ -70,7 +70,7 @@ adduserLDAP(){
 deluserLDAP(){
     if getent passwd $1 ; then
         ## First, fetch user's home directory and tagg it for removal:
-        HOMEDIR=`getent passwd $1 | awk -F : '{print $6}'`
+        HOMEDIR=`getent passwd $1 | cut -d : -f 6`
         RM_HOMEDIR=`dirname $HOMEDIR`"/rm_"`date "+%Y%m%d"`"_"`basename $HOMEDIR`
         echo "Tagging $1's home directory $HOMEDIR for removal:"
         if mv -v $HOMEDIR $RM_HOMEDIR;  then
diff --git a/fai/config/files/usr/share/libpam-script/pam_script_auth/DISKLESS_CLIENT b/fai/config/files/usr/share/libpam-script/pam_script_auth/DISKLESS_CLIENT
new file mode 100755
index 0000000..d1cc49f
--- /dev/null
+++ b/fai/config/files/usr/share/libpam-script/pam_script_auth/DISKLESS_CLIENT
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+#  Use Kerberos key as machine key if machine key is unavailable.
+#
+
+set -e
+
+FILE="/tmp/krb5cc_diskless"
+
+if [ "$PAM_USER" = "root" ] || [ -e /etc/krb5.keytab ] || [ -e $FILE ] ; then
+    exit 0
+fi
+
+cp -v /tmp/krb5cc_pam_* $FILE
+/etc/init.d/autofs restart > /dev/null
+
+exit 0
diff --git a/fai/config/files/usr/share/libpam-script/pam_script_auth/ROAMING b/fai/config/files/usr/share/libpam-script/pam_script_auth/ROAMING
new file mode 100755
index 0000000..7e41234
--- /dev/null
+++ b/fai/config/files/usr/share/libpam-script/pam_script_auth/ROAMING
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+#  Create user's local home directory if it does not exist.
+#  Use Kerberos key as machine key if machine key is unavailable.
+#
+
+set -e
+
+FILE="/tmp/krb5cc_roaming"
+NFSHOMES="/lan/mainserver/home0/"
+## Find path of user's local home directory:
+HOMEDIR=$(getent passwd "$PAM_USER" | cut -d : -f 6 | sed "s:$NFSHOMES:/home/:")
+
+if [ "$PAM_USER" = "root" ] ; then
+    exit 0
+elif [ -n "$HOMEDIR" ] && [ ! -d "$HOMEDIR" ] ; then
+    ## Create local home directory:
+    umask 0022
+    mkdir -p $(dirname "$HOMEDIR")
+    cp -pR /etc/skel "$HOMEDIR"
+    chmod 750 "$HOMEDIR"
+    chown -R $PAM_USER:$PAM_USER "$HOMEDIR"
+    echo "Successfully created off-line home directory '$HOMEDIR' for user '$PAM_USER'."
+elif [ -e /etc/krb5.keytab ] || [ -e "$FILE" ] ; then
+    exit 0
+fi
+
+ID=$(id -u "$PAM_USER")
+cp -v /tmp/krb5cc_${ID}_* $FILE
+/etc/init.d/autofs restart > /dev/null
+
+exit 0
diff --git a/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5 b/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5
index ec422e2..ecf26fd 100755
--- a/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5
+++ b/fai/config/scripts/DISKLESS_CLIENT/30-nfs4_krb5
@@ -2,25 +2,6 @@
 #
 set -e
 
-FILE=${target}/usr/share/libpam-script/pam_script_auth
-
 ainsl /etc/default/nfs-common 'RPCGSSDOPTS="-n"'
 ainsl /etc/pam.d/common-auth  'auth    optional  pam_script.so'
-
-cat > $FILE <<EOF
-#!/bin/sh
-#
-set -e
-FILE=/tmp/krb5cc_diskless
-
-if [ "\$PAM_USER" = "root" ] || [ -e /etc/krb5.keytab ] || [ -e \$FILE ] ; then
-    exit 0
-fi
-
-cp -v /tmp/krb5cc_pam_* \$FILE
-/etc/init.d/autofs restart > /dev/null
-
-exit 0
-EOF
-
-chmod 0755 $FILE
+fcopy -m root,root,0755 /usr/share/libpam-script/pam_script_auth
diff --git a/fai/config/scripts/ROAMING/10-home_nfs4_krb5 b/fai/config/scripts/ROAMING/10-home_nfs4_krb5
index 03e6938..ecf26fd 100755
--- a/fai/config/scripts/ROAMING/10-home_nfs4_krb5
+++ b/fai/config/scripts/ROAMING/10-home_nfs4_krb5
@@ -2,33 +2,6 @@
 #
 set -e
 
-FILE=${target}/usr/share/libpam-script/pam_script_auth
-
-ainsl /etc/default/nfs-common   'RPCGSSDOPTS="-n"'
-ainsl /etc/pam.d/common-auth    'auth    optional  pam_script.so'
-
-cat > $FILE <<EOF
-#!/bin/sh
-#
-set -e
-FILE=/tmp/krb5cc_roaming
-HOMEDIR=/home/\$PAM_USER
-
-if [ "\$PAM_USER" = "root" ] ; then
-    exit 0
-elif [ ! -d \$HOMEDIR ] ; then
-    cp -pR /etc/skel \$HOMEDIR
-    chmod 750 \$HOMEDIR
-    chown -R \$PAM_USER:\$PAM_USER \$HOMEDIR
-    echo "Successfully created off-line home directory '\$HOMEDIR' for user '\$PAM_USER'."
-elif [ -e /etc/krb5.keytab ] || [ -e \$FILE ] ; then
-    exit 0
-fi
-ID=\$(id -u \$PAM_USER)
-cp -v /tmp/krb5cc_\${ID}_* \$FILE
-/etc/init.d/autofs restart > /dev/null
-
-exit 0
-EOF
-
-chmod 0755 $FILE
+ainsl /etc/default/nfs-common 'RPCGSSDOPTS="-n"'
+ainsl /etc/pam.d/common-auth  'auth    optional  pam_script.so'
+fcopy -m root,root,0755 /usr/share/libpam-script/pam_script_auth

-- 
Debian-LAN development and packaging

More information about the debian-lan-devel mailing list