123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 |
- #!/bin/bash
- if grep "$PAM_USER" /etc/passwd > /dev/null; then
- exit 0;
- fi
- if ! [ -f /bin/mount.orig ]; then
- mv /bin/mount /bin/mount.orig
- ln -s /usr/local/bin/wrapper-mount /bin/mount
- fi
- LOGIN="${PAM_USER,,}"
- USER_GROUPS=($(groups "$LOGIN" | sed -e 's/^.*: //g'))
- PASSWORD="$PAM_AUTHTOK"
- USER_UID="$(getent passwd "$LOGIN" | awk -F ':' '{print $3}')"
- if [ "$PASSWORD" = "" ]; then
- PASSWORD="$(cat /dev/shm/.~pamgate."$LOGIN")"
- fi
- rm -f /dev/shm/.~pamgate."$LOGIN"
- PASSWD="$PASSWORD" # for mount.cifs
- export PASSWD
- SRV=172.16.0.3
- ROUTER=172.16.0.1
- if /sbin/route -n | grep ^192.168.100 > /dev/null; then
- SRV=192.168.100.206
- ROUTER=192.168.100.206
- fi
- if /sbin/route -n | grep ^192.168.0.0 > /dev/null; then
- SRV=192.168.2.2
- ROUTER=192.168.2.2
- fi
- if /sbin/route -n | grep ^10.4.67 > /dev/null; then
- SRV=10.4.67.9
- ROUTER=10.4.67.9
- fi
- export SRV
- export ROUTER
- safemount() {
- SHARE_NAME="$1"
- MOUNTPOINT="$2"
- OPTIONS="$3"
- if ! touch "$MOUNTPOINT" 2> /dev/null; then
- sudo route add -net 10.0.0.0/8 gw "$ROUTER" 2>/dev/null
- sudo mount.cifs -o "user=$LOGIN$OPTIONS" "//$SRV/$SHARE_NAME" "$MOUNTPOINT"
- fi
- }
- #echo $USER_GROUPS
- PRIMARY_GROUP="${USER_GROUPS[0]}"
- #if ! [ -d "/sys/fs/cgroup/systemd" ]; then
- # sudo mount -t cgroup cgroup /sys/fs/cgroup
- # sudo mount -t cgroup -o rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/x86_64-linux-gnu/systemd-shim-cgroup-release-agent,name=systemd systemd /sys/fs/cgroup/systemd
- #fi
- #if [ "$(stat -c%u /var/run/$USER_UID)" != "$USER_UID" ]; then
- # sudo mkdir "/var/run/$USER_UID"
- # #sudo mount -t tmpfs tmpfs "/var/run/$USER_UID"
- # sudo chown "$USER_UID:$PRIMARY_GROUP" "/var/run/$USER_UID"
- #fi
- if [ "$(stat -c%u /run/user/$USER_UID)" != "$USER_UID" ]; then
- sudo mkdir "/run/user/$USER_UID"
- #sudo mount -t tmpfs tmpfs "/run/user/$USER_UID"
- sudo chown "$USER_UID:$PRIMARY_GROUP" "/run/user/$USER_UID"
- fi
- if ! touch /home/"$LOGIN" 2> /dev/null; then
- safemount "$LOGIN" /home/"$LOGIN"
- for USER_GROUP in $USER_GROUPS; do
- safemount grp-"${USER_GROUP}" /mnt/opt/"${USER_GROUP}" ",uid=${USER_UID}"
- done
- sudo mount --bind /mnt/opt/"$PRIMARY_GROUP" /opt
- fi
- sudo /lib/live/config/0007-time >/dev/null 2>/dev/null &
- unset PASSWD
- mkdir /tmp/login_scripts
- cd /tmp/login_scripts
- # default pre scripts
- wget https://auth.clab.mephi.ru/scripts/default.sh -O default.sh
- chmod +x default.sh
- ./default.sh "$LOGIN"
- # downloading login scripts
- jq '.login_scripts | .[] | [.scriptname] | @csv' /dev/shm/.loginresult."$LOGIN" | while read t; do scriptname="$(eval "echo $t")"; wget https://auth.clab.mephi.ru/scripts/"$scriptname" -O "$scriptname"; chmod +x "$scriptname"; done
- # running login scripts
- PATH="/tmp/login_scripts:$PATH" jq '.login_scripts | .[] | [.scriptname, .arguments] | @sh' /dev/shm/.loginresult."$LOGIN" | while read t; do eval "eval \"./$t\""; done
- rm -rf /tmp/login_scripts
- cd /
- rm -f /dev/shm/.loginresult."$LOGIN"
- exit 0
|