libpam-mklocaluser-0.8/0002755000000000000000000000000012141171305012027 5ustar libpam-mklocaluser-0.8/debian/0002755000000000000000000000000012141171307013253 5ustar libpam-mklocaluser-0.8/debian/libpam-mklocaluser.prerm0000644000000000000000000000011311374277262020114 0ustar #! /bin/sh -e pam-auth-update --package --remove mklocaluser #DEBHELPER# libpam-mklocaluser-0.8/debian/README0000644000000000000000000000162011371043760014135 0ustar libpam-mklocalusre =================== PAM configuration to enable add users able to log in, presumably using some network directory information like NIS or LDAP, and when they log in a local users with the uid and gid information from the networked directory is created, and their password is cached on the local disk to allow them to log in also when disconnected from the net. For sites using a path to home directories on the form /site/hostname/partition/username/, it would be confusing if the local home directory with that path showed up on the local machine and not on the expected server. To avoid this problem, the local user is created with /home/username/ as the home directory, allowing the remote file system to be automounted on /site/hostname/partition/. This package depend on pam_python from http://www.stuart.id.au/russell/files/pam_python Submit patches to debian-edu@lists.debian.org. libpam-mklocaluser-0.8/debian/libpam-mklocaluser.postinst0000644000000000000000000000006611374300032020637 0ustar #! /bin/sh -e pam-auth-update --package #DEBHELPER# libpam-mklocaluser-0.8/debian/pam-auth-update/0002755000000000000000000000000012141171305016245 5ustar libpam-mklocaluser-0.8/debian/pam-auth-update/mklocaluser0000644000000000000000000000034411374725144020525 0ustar Name: Create local accounts and home directory on first time login Default: yes Priority: 0 Session-Interactive-Only: yes Session-Type: Additional Session-Final: required pam_python.so /usr/lib/libpam-mklocaluser/pam-python.py libpam-mklocaluser-0.8/debian/compat0000644000000000000000000000000211371043573014456 0ustar 7 libpam-mklocaluser-0.8/debian/changelog0000644000000000000000000000436512141171122015126 0ustar libpam-mklocaluser (0.8) unstable; urgency=low * Rewrite runcmd() to work with Python on Wheezy (Closes: #706753). -- Petter Reinholdtsen Sat, 04 May 2013 08:25:53 +0200 libpam-mklocaluser (0.7) unstable; urgency=low * Rewrite how Popen() is used to ensure the script wait for the subprocesses to start before looking for their status (Closes: #634829). Patch from Wolfgang Schulze-Zachau. * Update standards-version from 3.9.1 to 3.9.2. No changes needed. -- Petter Reinholdtsen Thu, 28 Jul 2011 19:20:32 +0200 libpam-mklocaluser (0.6) unstable; urgency=low * Make module more robust. Move group lookup into the code path where it is used, to avoid failing if the group is missing when the user is already available locally (Closes: #597174). * Add code to handle missing primary group information when creating the local user. * Change module to only run /usr/sbin/nscd if it exist (Closes: #597241). * Update standards-version from 3.8.4 to 3.9.1. No changes needed. -- Petter Reinholdtsen Sat, 18 Sep 2010 16:55:27 +0200 libpam-mklocaluser (0.5) unstable; urgency=low * Do not create local home directory if the directory mentioned in passwd already exist. -- Petter Reinholdtsen Fri, 23 Jul 2010 18:27:14 +0200 libpam-mklocaluser (0.4) unstable; urgency=low [ Morten Werner Forsbring ] * Do not add localuser if it already exist in /etc/passwd. * Add build-dependency on python-support. * Make sure that dh_pysupport is run during build. * Added myself as uploader. -- Petter Reinholdtsen Tue, 01 Jun 2010 21:01:16 +0200 libpam-mklocaluser (0.3) unstable; urgency=low * Make sure the path to the original home directory and the user name of the user logging in is passed on to the hook scripts. -- Petter Reinholdtsen Wed, 19 May 2010 14:38:03 +0200 libpam-mklocaluser (0.2) unstable; urgency=low * Correct typo in pam-configs entry causing the PAM module to fail. -- Petter Reinholdtsen Wed, 19 May 2010 11:08:19 +0200 libpam-mklocaluser (0.1) unstable; urgency=low * Initial release. -- Petter Reinholdtsen Mon, 17 May 2010 19:54:09 +0200 libpam-mklocaluser-0.8/debian/rules0000755000000000000000000000006311401254126014327 0ustar #!/usr/bin/make -f %: dh --with python_support $@ libpam-mklocaluser-0.8/debian/libpam-mklocaluser.install0000644000000000000000000000015311371044537020433 0ustar debian/pam-auth-update/mklocaluser usr/share/pam-configs debian/pam-python.py usr/lib/libpam-mklocaluser libpam-mklocaluser-0.8/debian/control0000644000000000000000000000216611613515735014673 0ustar Source: libpam-mklocaluser Section: misc Priority: optional Maintainer: Debian Edu Developers Uploaders: Petter Reinholdtsen , Morten Werner Forsbring Build-Depends: debhelper (>= 7), python-support Standards-Version: 3.9.2 Homepage: http://www.skolelinux.org/ Vcs-Browser: http://svn.debian.org/wsvn/debian-edu/trunk/src/libpam-mklocaluser/?rev=0&sc=0 Vcs-Svn: svn://svn.debian.org/debian-edu/trunk/src/libpam-mklocaluser/ Package: libpam-mklocaluser Architecture: all Depends: ${misc:Depends}, ${python:Depends}, libpam-python Suggests: libpam-ccreds (>= 10-4) | libpam-sss Description: Configure PAM to create a local user if it do not exist already When the user log in for the first time, a local user is created in /etc/passwd and primary group created in /etc/group, and a local home directory is created in /home. This is useful on roaming computers when the password is set up to be cached by for example libpam-ccreds or sssd to allow login without network connectivity using the password provided by a network authentication service like Kerberos or LDAP. libpam-mklocaluser-0.8/debian/copyright0000644000000000000000000000241711374301204015206 0ustar This package was debianized by Petter Reinholdtsen on Sat May 1 10:38:44 CEST 2010 It was downloaded from: http://svn.debian.org/wsvn/debian-edu/trunk/src/libpam-mklocaluser/ Created by Petter Reinholdtsen, upstream authors are the debian-edu team Copyright: 2010 Petter Reinholdtsen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License with the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL-2; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, the complete text of the GNU General Public License, version 2, can be found in /usr/share/common-licenses/GPL-2. The Debian packaging is copyright 2010 by Petter Reinholdtsen and licensed under the terms of the GNU General Public License version 2. libpam-mklocaluser-0.8/debian/pam-python.py0000755000000000000000000001331712141171177015734 0ustar #!/usr/bin/env python # # Create local user and redirected home directory. # If the local user logging in have uid >= 1000, create primary group # and user in /etc/passwd and /etc/group, and create a home directory # under /home/ if none exist already. import os import sys import pwd import grp import subprocess import shutil import math import time import syslog def runcmd(pamh, cmd): proc = subprocess.Popen(cmd, shell=True, \ stdout=subprocess.PIPE, \ stderr=subprocess.PIPE,) while proc.poll() == None: pass (resultstdout, resultstderr) = proc.communicate(input=None) if proc.returncode != 0: msg = "Command '%s' failed with %s" % ( cmd, resultstderr.strip()) syslog.syslog(msg) # print "output: %s" % msg def check_and_create_localuser(pamh, user): # Location of local users topdir = "/home" # Ignore users with uid below this one minimum_uid = 1000 # Create user entries with this shell shell = '/bin/bash' # File mode of new home directory dirmode = 0700 # Last password change, use today pwlastchange = math.floor(time.time() / (60 * 60 * 24 )) pwminage = 0 pwmaxage = 99999 pwwarn = 7 # Fetch current user and group info, possibly from LDAP or NIS. userinfo = pwd.getpwnam(user) uid = userinfo[2] gid = userinfo[3] gecos = userinfo[4] homedir = userinfo[5] # Ignore users with uid < 1000 if userinfo[2] < minimum_uid: return pamh.PAM_SUCCESS # Ignore users with existing entry in /etc/passwd cmd = "/bin/grep \"^%s:\" /etc/passwd >/dev/null" % user proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, ) while proc.poll() == None: pass result = proc.communicate(input=None)[0] if proc.returncode == 0: return pamh.PAM_SUCCESS if None == homedir: syslog.syslog("Home directory is not set for user %s" % user) return pamh.PAM_USER_UNKNOWN newhomedir = os.path.join(topdir, user) if not os.path.isdir(homedir) and not os.path.isdir(newhomedir): try: groupinfo = grp.getgrgid(gid) groupname = groupinfo[0] except KeyError, e: syslog.syslog("Unknown primary group with gid %d" % gid) groupname = "[unknown]" syslog.syslog("Creating local passwd entry uid=%d(%s) gid=%d(%s) gecos='%s' home=%s" % (uid, user, gid, groupname, gecos, newhomedir)) try: # Add user entry with overridden home directory in /etc/passwd. # Can not use adduser, as it refuses to add a user if it already # is visible via NSS. cmd = "/bin/echo '%s:x:%d:%d:%s:%s:%s' >> /etc/passwd" \ % (user, uid, gid, gecos, newhomedir, shell) runcmd(pamh, cmd) # Add shadow entry too. # XXX Should only add it if it is missing cmd = "/bin/echo '%s:x:%d:%d:%d:%d:::' >> /etc/shadow" \ % (user, pwlastchange, pwminage, pwmaxage, pwwarn) runcmd(pamh, cmd) syslog.syslog("Creating local home directory for user '%s'" % user) # Copy content of /etc/skel shutil.copytree("/etc/skel/.", newhomedir, True) # Change perm of new home dir os.chmod(newhomedir, dirmode) # os.chown(newhomedir, uid, gid) - not recursive runcmd(pamh, "/bin/chown -R %d:%d '%s'" % (uid, gid, newhomedir)) # Flush nscd cache to get rid of original user entry if os.access("/usr/sbin/nscd", os.X_OK): runcmd(pamh, "/usr/sbin/nscd -i passwd") # Hook for adjusting the freshly created home directory # XXX Should be rewritten in python, I guess runcmd(pamh, "if [ -d /etc/mklocaluser.d ]; then ORIGHOMEDIR='%s' USER='%s' /bin/run-parts /etc/mklocaluser.d ; fi" % (homedir, user)) # Let the user know what is going on msg = pamh.Message(pamh.PAM_TEXT_INFO, "Local user created in /home/, please log in again to start using it.") pamh.conversation(msg) # Throw out user, as the log process cached the home directory # and need to be restarted. return pamh.PAM_TRY_AGAIN except Exception, e: syslog.syslog(e) pass return pamh.PAM_SUCCESS def pam_sm_setcred(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_authenticate(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_acct_mgmt(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_open_session(pamh, flags, argv): syslog.openlog("pam_mklocaluser", syslog.LOG_PID, syslog.LOG_AUTH) try: user = pamh.get_user(None) except pamh.exception, e: return e.pam_result if user == None: syslog.syslog("No user, ignoring pam-python for mklocaluser") return pamh.PAM_USER_UNKNOWN # Only create local users for console logins try: if pamh.rhost != None and 0 != len(pamh.rhost): syslog.syslog("Remote login, ignoring pam-python for mklocaluser") return pamh.PAM_SUCCESS except pamh.exception, e: return e.pam_result try: return check_and_create_localuser(pamh, user) except KeyError, e: syslog.syslog("Unknown username, should never happen: %s" % e) return pamh.PAM_USER_UNKNOWN except Exception, e: syslog.syslog("Unexpected exception, should never happen: %s" % e) return pamh.PAM_SYSTEM_ERR def pam_sm_close_session(pamh, flags, argv): return pamh.PAM_SUCCESS def pam_sm_chauthtok(pamh, flags, argv): return pamh.PAM_SUCCESS # Test if the code work. Argument is username to simulate login for. if __name__ == '__main__': syslog.openlog("pam_mklocaluser", syslog.LOG_PID, syslog.LOG_AUTH) class pam_handler: PAM_SUCCESS = 1 PAM_USER_UNKNOWN = 2 PAM_SYSTEM_ERR = 3 PAM_TRY_AGAIN = 4 PAM_TEXT_INFO = 5 def Message(tag, str): return def conversation(msg): return pamh = pam_handler() user = sys.argv[1] check_and_create_localuser(pamh, user)