pam_script_ses_open 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. #!/bin/bash
  2. if grep "$PAM_USER" /etc/passwd > /dev/null; then
  3. exit 0;
  4. fi
  5. if ! [ -f /bin/mount.orig ]; then
  6. mv /bin/mount /bin/mount.orig
  7. ln -s /usr/local/bin/wrapper-mount /bin/mount
  8. fi
  9. LOGIN="${PAM_USER,,}"
  10. USER_GROUPS=($(groups "$LOGIN" | sed -e 's/^.*: //g'))
  11. PASSWORD="$PAM_AUTHTOK"
  12. USER_UID="$(getent passwd "$LOGIN" | awk -F ':' '{print $3}')"
  13. if [ "$PASSWORD" = "" ]; then
  14. PASSWORD="$(cat /dev/shm/.~pamgate."$LOGIN" 2>/dev/null)"
  15. fi
  16. rm -f /dev/shm/.~pamgate."$LOGIN"
  17. PASSWD="$PASSWORD" # for mount.cifs
  18. if [ "$PASSWD" = "" ]; then
  19. exit 0
  20. fi
  21. export LOGIN
  22. export PASSWD
  23. SRV=172.16.0.3
  24. ROUTER=172.16.0.1
  25. if [ "$(cat /sys/class/net/eth1/address 2>/dev/null)" != "52:54:00:31:14:02" -a "$(cat /sys/class/net/eth1/address 2>/dev/null)" != "52:54:01:31:14:02" ]; then
  26. if /sbin/route -n | grep ^192.168.100 > /dev/null; then
  27. SRV=192.168.100.206
  28. ROUTER=192.168.100.206
  29. fi
  30. if /sbin/route -n | grep ^192.168.0.0 > /dev/null; then
  31. SRV=192.168.2.2
  32. ROUTER=192.168.2.2
  33. fi
  34. if /sbin/route -n | grep ^10.4.67 > /dev/null; then
  35. SRV=10.4.67.9
  36. ROUTER=10.4.67.9
  37. fi
  38. fi
  39. export SRV
  40. export ROUTER
  41. safemount() {
  42. SHARE_NAME="$1"
  43. MOUNTPOINT="$2"
  44. OPTIONS="$3"
  45. if ! touch "$MOUNTPOINT" 2> /dev/null; then
  46. sudo route add -net 10.0.0.0/8 gw "$ROUTER" 2>/dev/null
  47. sudo mount.cifs -o "user=$LOGIN,cache=loose,actimeo=10,fsc$OPTIONS" "//$SRV/$SHARE_NAME" "$MOUNTPOINT"
  48. fi
  49. }
  50. #echo $USER_GROUPS
  51. PRIMARY_GROUP="${USER_GROUPS[0]}"
  52. #if ! [ -d "/sys/fs/cgroup/systemd" ]; then
  53. # sudo mount -t cgroup cgroup /sys/fs/cgroup
  54. # sudo mount -t cgroup -o rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/x86_64-linux-gnu/systemd-shim-cgroup-release-agent,name=systemd systemd /sys/fs/cgroup/systemd
  55. #fi
  56. #if [ "$(stat -c%u /var/run/$USER_UID)" != "$USER_UID" ]; then
  57. # sudo mkdir "/var/run/$USER_UID"
  58. # #sudo mount -t tmpfs tmpfs "/var/run/$USER_UID"
  59. # sudo chown "$USER_UID:$PRIMARY_GROUP" "/var/run/$USER_UID"
  60. #fi
  61. if [ "$(stat -c%u /run/user/$USER_UID 2>/dev/null)" != "$USER_UID" ]; then
  62. sudo mkdir -p "/run/user/$USER_UID"
  63. #sudo mount -t tmpfs tmpfs "/run/user/$USER_UID"
  64. sudo chown "$USER_UID:$PRIMARY_GROUP" "/run/user/$USER_UID"
  65. fi
  66. if ! touch /home/"$LOGIN" 2> /dev/null; then
  67. safemount "$LOGIN" /home/"$LOGIN" ",noperm"
  68. for USER_GROUP in $USER_GROUPS; do
  69. safemount grp-"${USER_GROUP}" /mnt/opt/"${USER_GROUP}" ",uid=${USER_UID}"
  70. done
  71. sudo mount --bind /mnt/opt/"$PRIMARY_GROUP" /opt
  72. fi
  73. sudo /lib/live/config/0007-time >/dev/null 2>/dev/null &
  74. unset PASSWD
  75. mkdir /tmp/.login_scripts-"$LOGIN"
  76. cd /tmp/.login_scripts-"$LOGIN"
  77. # default pre scripts
  78. wget https://auth.clab.mephi.ru/scripts/default.sh -O default.sh -o /dev/null
  79. chmod +x default.sh
  80. ./default.sh "$LOGIN"
  81. # downloading login scripts
  82. jq '.login_scripts | .[] | [.scriptname] | @csv' /dev/shm/.loginresult."$LOGIN" | while read t; do scriptname="$(eval "echo $t")"; wget https://auth.clab.mephi.ru/scripts/"$scriptname" -O "$scriptname" -o /dev/null; chmod +x "$scriptname"; done
  83. # running login scripts
  84. PATH="/tmp/login_scripts-$LOGIN:$PATH" jq '.login_scripts | .[] | [.scriptname, .arguments] | @sh' /dev/shm/.loginresult."$LOGIN" | while read t; do eval "eval \"./$t\""; done
  85. rm -rf /tmp/.login_scripts-"$LOGIN"
  86. cd /
  87. rm -f /dev/shm/.loginresult."$LOGIN"
  88. exit 0