initial domain-client feature

Based on m-p-d's domain-client pkglist and scripts from installer-feature-network-shares-client-stage3 package. Many thanks to boyarsh@ for his kind help to get this working. NB: this works on cubox but is not yet ready for installers!
2013-06-25 20:59:35 +04:00 · 2013-06-25 20:59:35 +04:00 · 5672e96c1f
commit 5672e96c1f
parent 91f0c4217c
6 changed files with 143 additions and 0 deletions
--- a/features.in/domain-client/README
+++ b/features.in/domain-client/README
@ -0,0 +1,3 @@
+Эта фича конфигурирует поддержку клиента домена ALT Linux.
+
+NB: не проверена на инсталяторах!
--- a/features.in/domain-client/config.mk
+++ b/features.in/domain-client/config.mk
@ -0,0 +1,4 @@
+use/domain-client: use/net/dhcp
+	@$(call add_feature)
+	@$(call add,THE_LISTS,domain-client)
+	@$(call add,DEFAULT_SERVICES_ENABLE,avahi-daemon)
--- a/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-dhcpcd.sh
+++ b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-dhcpcd.sh
@ -0,0 +1,10 @@
+#!/bin/sh -efu
+
+dhcpcd_conf="/etc/dhcpcd.conf"
+
+[ -f "$dhcpcd_conf" ] || exit 0
+
+grep -q '^option[[:blank:]]\+vendor_encapsulated_options' "$dhcpcd_conf" || {
+	echo "# added by 70-network-shares-dhcpcd.sh"
+	echo "option vendor_encapsulated_options"
+} >> "$dhcpcd_conf"
--- a/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-nscd.sh
+++ b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-nscd.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+# bump name services caching time up
+
+[ -s /etc/nscd.conf ] || exit 0
+
+sed -i 's/\(positive-time-to-live[^0-9]*\)[0-9]*$/\1 31536000/g' /etc/nscd.conf
--- a/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-samba.sh
+++ b/features.in/domain-client/rootfs/image-scripts.d/70-network-shares-samba.sh
@ -0,0 +1,117 @@
+#!/bin/sh -efu
+
+##
+# This script:
+#   1) updates pam_mount configuration
+#   2) updates pam configuration
+#
+# NB: network shares automounted only for a particular uid range
+
+. shell-error
+
+msg() {
+	printf "$* \n"
+}
+
+pmconf="/etc/security/pam_mount.conf.xml"
+pamconf="/etc/pam.d/system-auth-krb5"
+
+##
+# Update pam_mount configuration file
+#
+update_pmconf() {
+
+	local insert_at tmp_conf
+
+	tmp_conf="${pmconf}.new"
+
+	# no pam_mount: impossible(tm)
+	[ -w "$pmconf" ] || return 1
+
+	# already configured
+	grep -qs dnssd_lookup "$pmconf" 2>/dev/null && return 0
+
+	# configure pam_mount to use avahi
+	insert_at="$(sed -n '/<!-- Volume definitions -->/=' "$pmconf" \
+		| head -n 1)"
+
+	if [ -z "$insert_at" ]; then
+		msg "Can't find position for injection in $pmconf"
+		return 1
+	fi
+
+	# part 1 (head)
+	head -n $((insert_at-1)) "$pmconf" > "$tmp_conf"
+
+	# part 2 (inserted text)
+	cat >> "$tmp_conf" <<'__EOF__'
+
+<!-- # inserted by 70-network-shares-samba.sh ##################### -->
+
+<volume uid="5000-10000" fstype="cifs" dnssd_lookup="1" mountpoint="/home/%(USER)/share" options="sec=krb5,cruid=%(USERUID)" />
+<cifsmount>/sbin/mount.cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o %(OPTIONS)</cifsmount>
+<cifsumount>/sbin/umount.cifs %(MNTPT)</cifsumount>
+
+<!-- ############################################################## -->
+
+__EOF__
+
+	# part 3 (tail)
+	sed -n "$insert_at,\$p" "$pmconf" >> "$tmp_conf"
+
+	# update config
+	chown root:root "$tmp_conf"
+	chmod 644 "$tmp_conf"
+	mv -f "$tmp_conf" "$pmconf"
+
+	# XXX: REMOVE FOR RELEASE
+	# sed -i -e '/debug enable/ s/0/1/' "$pmconf"
+}
+
+##
+# Update pam configuration
+#
+update_pam() {
+	local append_after
+
+	# no pam-config: impossible(tm)
+	[ -w "$pamconf" ] || return 1
+
+	if [ -L "$pamconf" ]; then
+		pamconf="$(realpath "$pamconf")"
+	fi
+
+	# already configured
+	grep -qs pam_mount "$pamconf" && return 0
+
+	append_after="$(sed -n '/^auth[[:space:]]\+required/=' "$pamconf" \
+		| tail -n 1)"
+	[ -n "$append_after" ] &&
+		sed -i \
+		-e "$append_after a auth     optional       pam_mount.so" \
+		"$pamconf"
+
+	append_after="$(sed -n '/^session[[:space:]]\+required/=' "$pamconf" \
+		| tail -n 1)"
+	[ -n "$append_after" ] &&
+		sed -i \
+		-e "$append_after a session  optional       pam_mount.so" \
+		"$pamconf"
+	append_after="$(sed -n '/^auth[[:space:]]\+required/=' \
+		"$pamconf"_ccreds | tail -n 1)"
+
+	[ -n "$append_after" ] &&
+		sed -i \
+		-e "$append_after a auth     optional       pam_mount.so" \
+		"$pamconf"_ccreds
+
+	### set ccache to predicadable value (ouch!)
+	sed -i 's|pam_krb5.so use_first_pass$|pam_krb5.so use_first_pass ccache=/tmp/krb5cc_%u|' "$pamconf"
+}
+
+##
+# Start
+#
+update_pmconf &&
+update_pam
+
--- a/pkg.in/lists/domain-client
+++ b/pkg.in/lists/domain-client
@ -1,4 +1,6 @@
+pam-config
 pam_mount
+pam_ccreds

 samba4-client
 cifs-utils
@ -12,6 +14,7 @@ installer-feature-network-shares-client-stage3
 installer-feature-weak-passwd
 libnss-fallback
 libnss-mdns
+nss-ldapd

 settime-rfc867