pam_script_ses_open 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. #!/bin/bash
  2. if grep "$PAM_USER" /etc/passwd > /dev/null; then
  3. exit 0;
  4. fi
  5. if ! [ -f /bin/mount.orig ]; then
  6. mv /bin/mount /bin/mount.orig
  7. ln -s /usr/local/bin/wrapper-mount /bin/mount
  8. fi
  9. LOGIN="${PAM_USER,,}"
  10. USER_GROUPS=($(groups "$LOGIN" | sed -e 's/^.*: //g'))
  11. PASSWORD="$PAM_AUTHTOK"
  12. USER_UID="$(getent passwd "$LOGIN" | awk -F ':' '{print $3}')"
  13. if [ "$PASSWORD" = "" ]; then
  14. PASSWORD="$(cat /dev/shm/.~pamgate."$LOGIN")"
  15. fi
  16. rm -f /dev/shm/.~pamgate."$LOGIN"
  17. PASSWD="$PASSWORD" # for mount.cifs
  18. export PASSWD
  19. SRV=172.16.0.3
  20. ROUTER=172.16.0.1
  21. if /sbin/route -n | grep ^192.168.100 > /dev/null; then
  22. SRV=192.168.100.206
  23. ROUTER=192.168.100.206
  24. fi
  25. if /sbin/route -n | grep ^192.168.0.0 > /dev/null; then
  26. SRV=192.168.2.2
  27. ROUTER=192.168.2.2
  28. fi
  29. if /sbin/route -n | grep ^10.4.67 > /dev/null; then
  30. SRV=10.4.67.9
  31. ROUTER=10.4.67.9
  32. fi
  33. export SRV
  34. export ROUTER
  35. safemount() {
  36. SHARE_NAME="$1"
  37. MOUNTPOINT="$2"
  38. OPTIONS="$3"
  39. if ! touch "$MOUNTPOINT" 2> /dev/null; then
  40. sudo route add -net 10.0.0.0/8 gw "$ROUTER" 2>/dev/null
  41. sudo mount.cifs -o "user=$LOGIN$OPTIONS" "//$SRV/$SHARE_NAME" "$MOUNTPOINT"
  42. fi
  43. }
  44. #echo $USER_GROUPS
  45. PRIMARY_GROUP="${USER_GROUPS[0]}"
  46. #if ! [ -d "/sys/fs/cgroup/systemd" ]; then
  47. # sudo mount -t cgroup cgroup /sys/fs/cgroup
  48. # sudo mount -t cgroup -o rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/x86_64-linux-gnu/systemd-shim-cgroup-release-agent,name=systemd systemd /sys/fs/cgroup/systemd
  49. #fi
  50. #if [ "$(stat -c%u /var/run/$USER_UID)" != "$USER_UID" ]; then
  51. # sudo mkdir "/var/run/$USER_UID"
  52. # #sudo mount -t tmpfs tmpfs "/var/run/$USER_UID"
  53. # sudo chown "$USER_UID:$PRIMARY_GROUP" "/var/run/$USER_UID"
  54. #fi
  55. if [ "$(stat -c%u /run/user/$USER_UID)" != "$USER_UID" ]; then
  56. sudo mkdir "/run/user/$USER_UID"
  57. #sudo mount -t tmpfs tmpfs "/run/user/$USER_UID"
  58. sudo chown "$USER_UID:$PRIMARY_GROUP" "/run/user/$USER_UID"
  59. fi
  60. if ! touch /home/"$LOGIN" 2> /dev/null; then
  61. safemount "$LOGIN" /home/"$LOGIN"
  62. for USER_GROUP in $USER_GROUPS; do
  63. safemount grp-"${USER_GROUP}" /mnt/opt/"${USER_GROUP}" ",uid=${USER_UID}"
  64. done
  65. sudo mount --bind /mnt/opt/"$PRIMARY_GROUP" /opt
  66. fi
  67. sudo /lib/live/config/0007-time >/dev/null 2>/dev/null &
  68. unset PASSWD
  69. mkdir /tmp/login_scripts
  70. cd /tmp/login_scripts
  71. # default pre scripts
  72. wget https://auth.clab.mephi.ru/scripts/default.sh -O default.sh
  73. chmod +x default.sh
  74. ./default.sh "$LOGIN"
  75. # downloading login scripts
  76. jq '.login_scripts | .[] | [.scriptname] | @csv' /dev/shm/.loginresult."$LOGIN" | while read t; do scriptname="$(eval "echo $t")"; wget https://auth.clab.mephi.ru/scripts/"$scriptname" -O "$scriptname"; chmod +x "$scriptname"; done
  77. # running login scripts
  78. PATH="/tmp/login_scripts:$PATH" jq '.login_scripts | .[] | [.scriptname, .arguments] | @sh' /dev/shm/.loginresult."$LOGIN" | while read t; do eval "eval \"./$t\""; done
  79. rm -rf /tmp/login_scripts
  80. cd /
  81. rm -f /dev/shm/.loginresult."$LOGIN"
  82. exit 0