Home Explore contacts
Sign In
dyokunev
/
mephi-edu-linux
Watch 1
Star 1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: bdf40ebaac
Branches Tags
mephi-edu-li...
/
config
/
includes.chroot
/
usr
/
share
/
libpam-script
/
pam_script_ses_open

pam_script_ses_open 2.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. #!/bin/bash
    2. 

  2. 

  3. if grep "$PAM_USER" /etc/passwd > /dev/null; then
    4. 

  4. 	exit 0;
    5. 

  5. fi
    6. 

  6. 

  7. if ! [ -f /bin/mount.orig ]; then
    8. 

  8. 	mv /bin/mount /bin/mount.orig
    9. 

  9. 	ln -s /usr/local/bin/wrapper-mount /bin/mount
    10. 

  10. fi
    11. 

  11. 

  12. LOGIN="${PAM_USER,,}"
    13. 

  13. USER_GROUPS=($(groups "$LOGIN" | sed -e 's/^.*: //g'))
    14. 

  14. PASSWORD="$PAM_AUTHTOK"
    15. 

  15. USER_UID="$(getent passwd "$LOGIN" | awk -F ':' '{print $3}')"
    16. 

  16. 

  17. if [ "$PASSWORD" = "" ]; then
    18. 

  18. 	PASSWORD="$(cat /dev/shm/.~pamgate."$LOGIN")"
    19. 

  19. fi
    20. 

  20. rm -f /dev/shm/.~pamgate."$LOGIN"
    21. 

  21. 

  22. PASSWD="$PASSWORD"	# for mount.cifs
    23. 

  23. export PASSWD
    24. 

  24. 

  25. SRV=172.16.0.3
    26. 

  26. ROUTER=172.16.0.1
    27. 

  27. if /sbin/route -n | grep ^192.168.100 > /dev/null; then
    28. 

  28. 	SRV=192.168.100.206
    29. 

  29. 	ROUTER=192.168.100.206
    30. 

  30. fi
    31. 

  31. if /sbin/route -n | grep ^192.168.0.0 > /dev/null; then
    32. 

  32. 	SRV=192.168.2.2
    33. 

  33. 	ROUTER=192.168.2.2
    34. 

  34. fi
    35. 

  35. if /sbin/route -n | grep ^10.4.67 > /dev/null; then
    36. 

  36. 	SRV=10.4.67.9
    37. 

  37. 	ROUTER=10.4.67.9
    38. 

  38. fi
    39. 

  39. 

  40. export SRV
    41. 

  41. export ROUTER
    42. 

  42. 

  43. safemount() {
    44. 

  44. 	SHARE_NAME="$1"
    45. 

  45. 	MOUNTPOINT="$2"
    46. 

  46. 	OPTIONS="$3"
    47. 

  47. 

  48. 	if ! touch "$MOUNTPOINT" 2> /dev/null; then
    49. 

  49. 		sudo route add -net 10.0.0.0/8 gw "$ROUTER" 2>/dev/null
    50. 

  50. 		sudo mount.cifs -o "user=$LOGIN$OPTIONS" "//$SRV/$SHARE_NAME" "$MOUNTPOINT"
    51. 

  51. 	fi
    52. 

  52. }
    53. 

  53. 

  54. #echo $USER_GROUPS
    55. 

  55. 

  56. PRIMARY_GROUP="${USER_GROUPS[0]}"
    57. 

  57. 

  58. #if ! [ -d "/sys/fs/cgroup/systemd" ]; then
    59. 

  59. #	sudo mount -t cgroup cgroup /sys/fs/cgroup
    60. 

  60. #	sudo mount -t cgroup -o rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/x86_64-linux-gnu/systemd-shim-cgroup-release-agent,name=systemd systemd /sys/fs/cgroup/systemd
    61. 

  61. #fi
    62. 

  62. 

  63. #if [ "$(stat -c%u /var/run/$USER_UID)" != "$USER_UID" ]; then
    64. 

  64. #	sudo mkdir "/var/run/$USER_UID"
    65. 

  65. #	#sudo mount -t tmpfs tmpfs "/var/run/$USER_UID"
    66. 

  66. #	sudo chown "$USER_UID:$PRIMARY_GROUP" "/var/run/$USER_UID"
    67. 

  67. #fi
    68. 

  68. 

  69. if [ "$(stat -c%u /run/user/$USER_UID)" != "$USER_UID" ]; then
    70. 

  70. 	sudo mkdir "/run/user/$USER_UID"
    71. 

  71. 	#sudo mount -t tmpfs tmpfs "/run/user/$USER_UID"
    72. 

  72. 	sudo chown "$USER_UID:$PRIMARY_GROUP" "/run/user/$USER_UID"
    73. 

  73. fi
    74. 

  74. 

  75. if ! touch /home/"$LOGIN" 2> /dev/null; then
    76. 

  76. 	safemount "$LOGIN" /home/"$LOGIN"
    77. 

  77. 

  78. 	for USER_GROUP in $USER_GROUPS; do
    79. 

  79. 		safemount grp-"${USER_GROUP}" /mnt/opt/"${USER_GROUP}" ",uid=${USER_UID}"
    80. 

  80. 	done
    81. 

  81. 

  82. 	sudo mount --bind /mnt/opt/"$PRIMARY_GROUP" /opt
    83. 

  83. fi
    84. 

  84. 

  85. sudo /lib/live/config/0007-time >/dev/null 2>/dev/null &
    86. 

  86. 

  87. unset PASSWD
    88. 

  88. 

  89. mkdir /tmp/login_scripts
    90. 

  90. cd /tmp/login_scripts
    91. 

  91. 

  92. # default pre scripts
    93. 

  93. wget https://auth.clab.mephi.ru/scripts/default.sh -O default.sh
    94. 

  94. chmod +x default.sh
    95. 

  95. ./default.sh "$LOGIN"
    96. 

  96. 

  97. # downloading login scripts
    98. 

  98. jq '.login_scripts | .[] | [.scriptname] | @csv' /dev/shm/.loginresult."$LOGIN" | while read t; do scriptname="$(eval "echo $t")"; wget https://auth.clab.mephi.ru/scripts/"$scriptname" -O "$scriptname"; chmod +x "$scriptname"; done
    99. 

  99. 

  100. # running login scripts
    101. 

  101. PATH="/tmp/login_scripts:$PATH" jq '.login_scripts | .[] | [.scriptname, .arguments] | @sh' /dev/shm/.loginresult."$LOGIN" | while read t; do eval "eval \"./$t\""; done
    102. 

  102. 

  103. rm -rf /tmp/login_scripts
    104. 

  104. cd /
    105. 

  105. 

  106. rm -f /dev/shm/.loginresult."$LOGIN"
    107. 

  107. 

  108. exit 0
    109. 

  109.