From 5672e96c1f3ae3020a2184e2a89926dbc466112e Mon Sep 17 00:00:00 2001
From: Michael Shigorin <mike@altlinux.org>
Date: Tue, 25 Jun 2013 20:59:35 +0400
Subject: [PATCH] initial domain-client feature

Based on m-p-d's domain-client pkglist and scripts from
installer-feature-network-shares-client-stage3 package.

Many thanks to boyarsh@ for his kind help to get this working.

NB: this works on cubox but is not yet ready for installers!
---
 features.in/domain-client/README              |   3 +
 features.in/domain-client/config.mk           |   4 +
 .../70-network-shares-dhcpcd.sh               |  10 ++
 .../image-scripts.d/70-network-shares-nscd.sh |   6 +
 .../70-network-shares-samba.sh                | 117 ++++++++++++++++++
 pkg.in/lists/domain-client                    |   3 +
 6 files changed, 143 insertions(+)
 create mode 100644 features.in/domain-client/README
 create mode 100644 features.in/domain-client/config.mk
 create mode 100755 features.in/domain-client/rootfs/image-scripts.d/70-network-shares-dhcpcd.sh
 create mode 100755 features.in/domain-client/rootfs/image-scripts.d/70-network-shares-nscd.sh
 create mode 100755 features.in/domain-client/rootfs/image-scripts.d/70-network-shares-samba.sh

diff --git a/features.in/domain-client/README b/features.in/domain-client/README
new file mode 100644
index 00000000..ced2263b
--- /dev/null
+++ b/features.in/domain-client/README
@@ -0,0 +1,3 @@
+Эта фича конфигурирует поддержку клиента домена ALT Linux.
+
+NB: не проверена на инсталяторах!
diff --git a/features.in/domain-client/config.mk b/features.in/domain-client/config.mk
new file mode 100644
index 00000000..36e4f265
--- /dev/null
+++ b/features.in/domain-client/config.mk
@@ -0,0 +1,4 @@
+use/domain-client: use/net/dhcp
+	@$(call add_feature)
+	@$(call add,THE_LISTS,domain-client)
+	@$(call add,DEFAULT_SERVICES_ENABLE,avahi-daemon)
diff --git a/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-dhcpcd.sh b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-dhcpcd.sh
new file mode 100755
index 00000000..c7341fa7
--- /dev/null
+++ b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-dhcpcd.sh
@@ -0,0 +1,10 @@
+#!/bin/sh -efu
+
+dhcpcd_conf="/etc/dhcpcd.conf"
+
+[ -f "$dhcpcd_conf" ] || exit 0
+
+grep -q '^option[[:blank:]]\+vendor_encapsulated_options' "$dhcpcd_conf" || {
+	echo "# added by 70-network-shares-dhcpcd.sh"
+	echo "option vendor_encapsulated_options"
+} >> "$dhcpcd_conf"
diff --git a/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-nscd.sh b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-nscd.sh
new file mode 100755
index 00000000..1f5a8c77
--- /dev/null
+++ b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-nscd.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+# bump name services caching time up
+
+[ -s /etc/nscd.conf ] || exit 0
+
+sed -i 's/\(positive-time-to-live[^0-9]*\)[0-9]*$/\1 31536000/g' /etc/nscd.conf
diff --git a/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-samba.sh b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-samba.sh
new file mode 100755
index 00000000..4fc7619d
--- /dev/null
+++ b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-samba.sh
@@ -0,0 +1,117 @@
+#!/bin/sh -efu
+
+##
+# This script:
+#   1) updates pam_mount configuration
+#   2) updates pam configuration
+#
+# NB: network shares automounted only for a particular uid range
+
+. shell-error
+
+msg() {
+	printf "$* \n"
+}
+
+pmconf="/etc/security/pam_mount.conf.xml"
+pamconf="/etc/pam.d/system-auth-krb5"
+
+##
+# Update pam_mount configuration file
+#
+update_pmconf() {
+
+	local insert_at tmp_conf
+
+	tmp_conf="${pmconf}.new"
+
+	# no pam_mount: impossible(tm)
+	[ -w "$pmconf" ] || return 1
+
+	# already configured
+	grep -qs dnssd_lookup "$pmconf" 2>/dev/null && return 0
+
+	# configure pam_mount to use avahi
+	insert_at="$(sed -n '/<!-- Volume definitions -->/=' "$pmconf" \
+		| head -n 1)"
+
+	if [ -z "$insert_at" ]; then
+		msg "Can't find position for injection in $pmconf"
+		return 1
+	fi
+
+	# part 1 (head)
+	head -n $((insert_at-1)) "$pmconf" > "$tmp_conf"
+
+	# part 2 (inserted text)
+	cat >> "$tmp_conf" <<'__EOF__'
+
+<!-- # inserted by 70-network-shares-samba.sh ##################### -->
+
+<volume uid="5000-10000" fstype="cifs" dnssd_lookup="1" mountpoint="/home/%(USER)/share" options="sec=krb5,cruid=%(USERUID)" />
+<cifsmount>/sbin/mount.cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o %(OPTIONS)</cifsmount>
+<cifsumount>/sbin/umount.cifs %(MNTPT)</cifsumount>
+
+<!-- ############################################################## -->
+
+__EOF__
+
+	# part 3 (tail)
+	sed -n "$insert_at,\$p" "$pmconf" >> "$tmp_conf"
+
+	# update config
+	chown root:root "$tmp_conf"
+	chmod 644 "$tmp_conf"
+	mv -f "$tmp_conf" "$pmconf"
+
+	# XXX: REMOVE FOR RELEASE
+	# sed -i -e '/debug enable/ s/0/1/' "$pmconf"
+}
+
+##
+# Update pam configuration
+#
+update_pam() {
+	local append_after
+
+	# no pam-config: impossible(tm)
+	[ -w "$pamconf" ] || return 1
+
+	if [ -L "$pamconf" ]; then
+		pamconf="$(realpath "$pamconf")"
+	fi
+
+	# already configured
+	grep -qs pam_mount "$pamconf" && return 0
+
+	append_after="$(sed -n '/^auth[[:space:]]\+required/=' "$pamconf" \
+		| tail -n 1)"
+	[ -n "$append_after" ] &&
+		sed -i \
+		-e "$append_after a auth     optional       pam_mount.so" \
+		"$pamconf"
+
+	append_after="$(sed -n '/^session[[:space:]]\+required/=' "$pamconf" \
+		| tail -n 1)"
+	[ -n "$append_after" ] &&
+		sed -i \
+		-e "$append_after a session  optional       pam_mount.so" \
+		"$pamconf"
+	append_after="$(sed -n '/^auth[[:space:]]\+required/=' \
+		"$pamconf"_ccreds | tail -n 1)"
+
+	[ -n "$append_after" ] &&
+		sed -i \
+		-e "$append_after a auth     optional       pam_mount.so" \
+		"$pamconf"_ccreds
+
+	### set ccache to predicadable value (ouch!)
+	sed -i 's|pam_krb5.so use_first_pass$|pam_krb5.so use_first_pass ccache=/tmp/krb5cc_%u|' "$pamconf"
+}
+
+##
+# Start
+#
+update_pmconf &&
+update_pam
+
diff --git a/pkg.in/lists/domain-client b/pkg.in/lists/domain-client
index 39260df7..fadb5f40 100644
--- a/pkg.in/lists/domain-client
+++ b/pkg.in/lists/domain-client
@@ -1,4 +1,6 @@
+pam-config
 pam_mount
+pam_ccreds
 
 samba4-client
 cifs-utils
@@ -12,6 +14,7 @@ installer-feature-network-shares-client-stage3
 installer-feature-weak-passwd
 libnss-fallback
 libnss-mdns
+nss-ldapd
 
 settime-rfc867