diff options
Diffstat (limited to 'pam_script_ses_open')
| -rwxr-xr-x | pam_script_ses_open | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/pam_script_ses_open b/pam_script_ses_open deleted file mode 100755 index 731e250..0000000 --- a/pam_script_ses_open +++ /dev/null @@ -1,65 +0,0 @@ -#! /bin/bash -# Copyright 2017 Cumulus Networks, Inc. All rights reserved -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -# This script is invoked via pam_script.so for session open, used for mapping -# RADIUS usernames to the mapped uid, for libnss_mapuser getpwuid() entry -# point. - -# auid is currently unused, but must match the uid of the mapped_user -# in the libnss_mapuser database for this to be valid - -# For this to work, pam_loginuid.so must be used, so both the -# loginuid and the sessionid are unique values > 0 - -umask 022 # want everything world-readable. - -dbdir=/run/mapuser -mkdir -p $dbdir - -read sess < /proc/$$/sessionid -read auid < /proc/$$/loginuid - -# for debugging, if needed -# logger -t mapuser $0 called with $PAM_USER pid=$$ session="$sess" auid="$auid" - -# never map root user, or when loginuid isn't set, or when -# we aren't doing mapping (env variable not set) -if [ "$auid" -eq 0 ]; then exit 0; fi - -# handle this one differently, since it means something is -# configured wrong. -if [ "$sess" -le 0 ] ; then - logger -t $0 sessionid not set, no mapping possible for \ - PID $$ user $PAM_USER - exit 0 # still allow the session -fi - -# if user's home directory doesn't exist, create it and populate -# it with the standard skeleton files. -hdir=$(eval echo ~$PAM_USER) -[ -d "$hdir" ] || /sbin/mkhomedir_helper $PAM_USER - -# don't overwrite if it already exists. Happens when sudo or su -# is run from an existing mapped session. -[ -s $dbdir/$sess ] || \ - date +"%FT%T.%N%nuser=$PAM_USER%npid=$$%nauid=$auid%nsession=$sess%nhome=$hdir" \ - > $dbdir/$sess - -# always succeed, this should not block sessions on errors -exit 0 - |