libpam-mklocaluser-git/0002755000000000000000000000000012345400720012307 5ustar libpam-mklocaluser-git/debian/0002755000000000000000000000000012373127145013541 5ustar libpam-mklocaluser-git/debian/rules0000755000000000000000000000005412373126670014620 0ustar #!/usr/bin/make -f %: dh --with python2 $@ libpam-mklocaluser-git/debian/pam-auth-update/0002755000000000000000000000000012345400003016517 5ustar libpam-mklocaluser-git/debian/pam-auth-update/mklocaluser0000644000000000000000000000034412345400003020762 0ustar Name: Create local accounts and home directory on first time login Default: yes Priority: 0 Session-Interactive-Only: yes Session-Type: Additional Session-Final: required pam_python.so /usr/lib/libpam-mklocaluser/pam-python.py libpam-mklocaluser-git/debian/README0000644000000000000000000000162012345400003014400 0ustar libpam-mklocalusre =================== PAM configuration to enable add users able to log in, presumably using some network directory information like NIS or LDAP, and when they log in a local users with the uid and gid information from the networked directory is created, and their password is cached on the local disk to allow them to log in also when disconnected from the net. For sites using a path to home directories on the form /site/hostname/partition/username/, it would be confusing if the local home directory with that path showed up on the local machine and not on the expected server. To avoid this problem, the local user is created with /home/username/ as the home directory, allowing the remote file system to be automounted on /site/hostname/partition/. This package depend on pam_python from http://www.stuart.id.au/russell/files/pam_python Submit patches to debian-edu@lists.debian.org. libpam-mklocaluser-git/debian/changelog0000644000000000000000000000736512373127133015421 0ustar libpam-mklocaluser (0.10) unstable; urgency=high * Using urgency high to fix RC bug quickly. * Make sure to add trailing newline when updating /etc/passwd and /etc/shadow. This is an RC bug blocking the package from working. * Change priority from extra to optional to match the archive override file. * Switch from python-support to dh-python. -- Petter Reinholdtsen Thu, 14 Aug 2014 14:40:23 +0200 libpam-mklocaluser (0.9) unstable; urgency=low * Update standard-version from 3.9.2 to 3.9.5. No changes needed. * Make PAM module more robust: * Add to /etc/passwd and /etc/shadow using python code instead of calling "echo 'something' >> /etc/file" in a subshell. * Do not try to syslog an exception, as a string is needed in newer python versions. * Do not call chown -R, implement it in python instead. * Correct test pam_handler function arguments and make it output more info during testing. * Make sure syslog message make it clear that both passwd and shadow is updated by the module. * Change priority from optional to extra, as it depend on libpam-python which is priority extra, to avoid priority inversion. * Source is moved to git. Update Vcs-* control file fields. -- Petter Reinholdtsen Mon, 09 Jun 2014 20:49:55 +0200 libpam-mklocaluser (0.8) unstable; urgency=low * Rewrite runcmd() to work with Python on Wheezy (Closes: #706753). -- Petter Reinholdtsen Sat, 04 May 2013 08:25:53 +0200 libpam-mklocaluser (0.8~deb7u1) wheezy; urgency=low * Rewrite runcmd() to work with Python on Wheezy (Closes: #706753). -- Petter Reinholdtsen Sat, 04 May 2013 08:25:53 +0200 libpam-mklocaluser (0.7) unstable; urgency=low * Rewrite how Popen() is used to ensure the script wait for the subprocesses to start before looking for their status (Closes: #634829). Patch from Wolfgang Schulze-Zachau. * Update standards-version from 3.9.1 to 3.9.2. No changes needed. -- Petter Reinholdtsen Thu, 28 Jul 2011 19:20:32 +0200 libpam-mklocaluser (0.6) unstable; urgency=low * Make module more robust. Move group lookup into the code path where it is used, to avoid failing if the group is missing when the user is already available locally (Closes: #597174). * Add code to handle missing primary group information when creating the local user. * Change module to only run /usr/sbin/nscd if it exist (Closes: #597241). * Update standards-version from 3.8.4 to 3.9.1. No changes needed. -- Petter Reinholdtsen Sat, 18 Sep 2010 16:55:27 +0200 libpam-mklocaluser (0.5) unstable; urgency=low * Do not create local home directory if the directory mentioned in passwd already exist. -- Petter Reinholdtsen Fri, 23 Jul 2010 18:27:14 +0200 libpam-mklocaluser (0.4) unstable; urgency=low [ Morten Werner Forsbring ] * Do not add localuser if it already exist in /etc/passwd. * Add build-dependency on python-support. * Make sure that dh_pysupport is run during build. * Added myself as uploader. -- Petter Reinholdtsen Tue, 01 Jun 2010 21:01:16 +0200 libpam-mklocaluser (0.3) unstable; urgency=low * Make sure the path to the original home directory and the user name of the user logging in is passed on to the hook scripts. -- Petter Reinholdtsen Wed, 19 May 2010 14:38:03 +0200 libpam-mklocaluser (0.2) unstable; urgency=low * Correct typo in pam-configs entry causing the PAM module to fail. -- Petter Reinholdtsen Wed, 19 May 2010 11:08:19 +0200 libpam-mklocaluser (0.1) unstable; urgency=low * Initial release. -- Petter Reinholdtsen Mon, 17 May 2010 19:54:09 +0200 libpam-mklocaluser-git/debian/compat0000644000000000000000000000000212345400003014717 0ustar 7 libpam-mklocaluser-git/debian/pam-python.py0000755000000000000000000001413412373126131016205 0ustar #!/usr/bin/env python # # Create local user and redirected home directory. # If the local user logging in have uid >= 1000, create primary group # and user in /etc/passwd and /etc/group, and create a home directory # under /home/ if none exist already. import os import sys import pwd import grp import subprocess import shutil import math import time import syslog def append_line(filename, line): f = open(filename, 'a') f.write(line) f.close() def chown_recursive(path, uid, gid): os.chown(path, uid, gid) for root, dirs, files in os.walk(path): for dirname in dirs: os.chown(os.path.join(root, dirname), uid, gid) for filename in files: os.chown(os.path.join(root, filename), uid, gid) def runcmd(pamh, cmd): proc = subprocess.Popen(cmd, shell=True, \ stdout=subprocess.PIPE, \ stderr=subprocess.PIPE,) while proc.poll() == None: pass (resultstdout, resultstderr) = proc.communicate(input=None) if proc.returncode != 0: msg = "Command '%s' failed with %s" % ( cmd, resultstderr.strip()) syslog.syslog(msg) # print "output: %s" % msg def check_and_create_localuser(pamh, user): # Location of local users topdir = "/home" # Ignore users with uid below this one minimum_uid = 1000 # Create user entries with this shell shell = '/bin/bash' # File mode of new home directory dirmode = 0700 # Last password change, use today pwlastchange = math.floor(time.time() / (60 * 60 * 24 )) pwminage = 0 pwmaxage = 99999 pwwarn = 7 # Fetch current user and group info, possibly from LDAP or NIS. userinfo = pwd.getpwnam(user) uid = userinfo[2] gid = userinfo[3] gecos = userinfo[4] homedir = userinfo[5] # Ignore users with uid < 1000 if userinfo[2] < minimum_uid: return pamh.PAM_SUCCESS # Ignore users with existing entry in /etc/passwd cmd = "/bin/grep \"^%s:\" /etc/passwd >/dev/null" % user proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, ) while proc.poll() == None: pass result = proc.communicate(input=None)[0] if proc.returncode == 0: return pamh.PAM_SUCCESS if None == homedir: syslog.syslog("Home directory is not set for user %s" % user) return pamh.PAM_USER_UNKNOWN newhomedir = os.path.join(topdir, user) if not os.path.isdir(homedir) and not os.path.isdir(newhomedir): try: groupinfo = grp.getgrgid(gid) groupname = groupinfo[0] except KeyError, e: syslog.syslog("Unknown primary group with gid %d" % gid) groupname = "[unknown]" syslog.syslog("Creating local passwd/shadow entry uid=%d(%s) gid=%d(%s) gecos='%s' home=%s" % (uid, user, gid, groupname, gecos, newhomedir)) try: # Add user entry with overridden home directory in /etc/passwd. # Can not use adduser, as it refuses to add a user if it already # is visible via NSS. append_line('/etc/passwd', \ "%s:x:%d:%d:%s:%s:%s\n" % \ (user, uid, gid, gecos, newhomedir, shell)) # Add shadow entry too. # FIXME Should only add it if it is missing. append_line('/etc/shadow', \ "%s:x:%d:%d:%d:%d:::\n" \ % (user, pwlastchange, pwminage, pwmaxage, pwwarn)) syslog.syslog("Creating local home directory for user '%s'" % user) # Copy content of /etc/skel shutil.copytree("/etc/skel/.", newhomedir, True) # Change perm of new home dir os.chmod(newhomedir, dirmode) chown_recursive(newhomedir, uid, gid) # Flush nscd cache to get rid of original user entry if os.access("/usr/sbin/nscd", os.X_OK): runcmd(pamh, "/usr/sbin/nscd -i passwd") # Hook for adjusting the freshly created home directory # FIXME Should be rewritten in python, I guess runcmd(pamh, "if [ -d /etc/mklocaluser.d ]; then ORIGHOMEDIR='%s' USER='%s' /bin/run-parts /etc/mklocaluser.d ; fi" % (homedir, user)) # Let the user know what is going on msg = pamh.Message(pamh.PAM_TEXT_INFO, "Local user created in /home/, please log in again to start using it.") pamh.conversation(msg) # Throw out user, as the log process cached the home directory # and need to be restarted. return pamh.PAM_TRY_AGAIN except Exception, e: syslog.syslog("Failure while creating local user: %s " % (e)) pass return pamh.PAM_SUCCESS def pam_sm_setcred(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_authenticate(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_acct_mgmt(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_open_session(pamh, flags, argv): syslog.openlog("pam_mklocaluser", syslog.LOG_PID, syslog.LOG_AUTH) try: user = pamh.get_user(None) except pamh.exception, e: return e.pam_result if user == None: syslog.syslog("No user, ignoring pam-python for mklocaluser") return pamh.PAM_USER_UNKNOWN # Only create local users for console logins try: if pamh.rhost != None and 0 != len(pamh.rhost): syslog.syslog("Remote login, ignoring pam-python for mklocaluser") return pamh.PAM_SUCCESS except pamh.exception, e: return e.pam_result try: return check_and_create_localuser(pamh, user) except KeyError, e: syslog.syslog("Unknown username, should never happen: %s" % e) return pamh.PAM_USER_UNKNOWN except Exception, e: syslog.syslog("Unexpected exception, should never happen: %s" % e) return pamh.PAM_SYSTEM_ERR def pam_sm_close_session(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_chauthtok(pamh, flags, argv): return pamh.PAM_SUCCESS # Test if the code work. Argument is username to simulate login for. if __name__ == '__main__': syslog.openlog("pam_mklocaluser", syslog.LOG_PID, syslog.LOG_AUTH) class pam_handler: PAM_SUCCESS = 1 PAM_USER_UNKNOWN = 2 PAM_SYSTEM_ERR = 3 PAM_TRY_AGAIN = 4 PAM_TEXT_INFO = 5 def Message(self, tag, str): return str def conversation(self, msg): print "PAM conversation: " + msg return pamh = pam_handler() user = sys.argv[1] check_and_create_localuser(pamh, user) libpam-mklocaluser-git/debian/libpam-mklocaluser.postinst0000644000000000000000000000006612345400003021113 0ustar #! /bin/sh -e pam-auth-update --package #DEBHELPER# libpam-mklocaluser-git/debian/control0000644000000000000000000000221412373126741015142 0ustar Source: libpam-mklocaluser Section: misc Priority: optional Maintainer: Debian Edu Developers Uploaders: Petter Reinholdtsen , Morten Werner Forsbring Build-Depends: debhelper (>= 7), python, dh-python Standards-Version: 3.9.5 Homepage: http://www.skolelinux.org/ Vcs-Browser: http://anonscm.debian.org/gitweb/?p=debian-edu/upstream/libpam-mklocaluser.git;a=summary Vcs-Git: git://alioth.debian.org/git/debian-edu/upstream/libpam-mklocaluser.git Package: libpam-mklocaluser Architecture: all Depends: ${misc:Depends}, ${python:Depends}, libpam-python Suggests: libpam-ccreds (>= 10-4) | libpam-sss Description: Configure PAM to create a local user if it do not exist already When the user log in for the first time, a local user is created in /etc/passwd and primary group created in /etc/group, and a local home directory is created in /home. This is useful on roaming computers when the password is set up to be cached by for example libpam-ccreds or sssd to allow login without network connectivity using the password provided by a network authentication service like Kerberos or LDAP. libpam-mklocaluser-git/debian/copyright0000644000000000000000000000241712345400003015460 0ustar This package was debianized by Petter Reinholdtsen on Sat May 1 10:38:44 CEST 2010 It was downloaded from: http://svn.debian.org/wsvn/debian-edu/trunk/src/libpam-mklocaluser/ Created by Petter Reinholdtsen, upstream authors are the debian-edu team Copyright: 2010 Petter Reinholdtsen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License with the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL-2; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, the complete text of the GNU General Public License, version 2, can be found in /usr/share/common-licenses/GPL-2. The Debian packaging is copyright 2010 by Petter Reinholdtsen and licensed under the terms of the GNU General Public License version 2. libpam-mklocaluser-git/debian/libpam-mklocaluser.prerm0000644000000000000000000000011312345400003020346 0ustar #! /bin/sh -e pam-auth-update --package --remove mklocaluser #DEBHELPER# libpam-mklocaluser-git/debian/libpam-mklocaluser.install0000644000000000000000000000015312345400003020673 0ustar debian/pam-auth-update/mklocaluser usr/share/pam-configs debian/pam-python.py usr/lib/libpam-mklocaluser