diff --git a/server/modules/local-accounts-ecrypt/lib/security/pam_ecryptfs.so b/server/modules/local-accounts-ecrypt/lib/security/pam_ecryptfs.so new file mode 100644 index 0000000000000000000000000000000000000000..d9025642564612c2409ae54afb036b84cb3b20dd Binary files /dev/null and b/server/modules/local-accounts-ecrypt/lib/security/pam_ecryptfs.so differ diff --git a/server/modules/local-accounts-ecrypt/opt/openslx/scripts/local-accounts.d/insert.d/00.sh b/server/modules/local-accounts-ecrypt/opt/openslx/scripts/local-accounts.d/insert.d/00.sh new file mode 100755 index 0000000000000000000000000000000000000000..bb22e9a9cfeb63215a2a1b2be54c431555290a4f --- /dev/null +++ b/server/modules/local-accounts-ecrypt/opt/openslx/scripts/local-accounts.d/insert.d/00.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# This binds the ecryptfs and private directories to +# the one on pendrive + + # $0 this script +$username= $1 # $1 the username +$mountpath= $2 # $2 the mount path of the pendrive + + +if [ -d "${mountpath}/Openslx/.ecryptfs/${username}" ]; then + #binds the .ecryptfs folder directory to each user ecryptfs + mkdir -p /home/.ecryptfs/${username}/ + mount --bind ${mountpath}/Openslx/.ecryptfs/${username} /home/.ecryptfs/${username} + ln -s /home/.ecryptfs/${username}/.ecryptfs /home/${username}/ + ln -s /home/.ecryptfs/${username}/.Private /home/${username}/ + chown -R ${username}:${username} /home/${username}/.ecryptfs + chown -R ${username}:${username} /home/.ecryptfs/${username} + +fi diff --git a/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnss3.so b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnss3.so new file mode 100644 index 0000000000000000000000000000000000000000..25680359792b1c47736b46cc9b4c45ae05d7fcbb Binary files /dev/null and b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnss3.so differ diff --git a/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnss3.so.1d b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnss3.so.1d new file mode 120000 index 0000000000000000000000000000000000000000..cce8ed64ec1acba9c73264385897976080771e8b --- /dev/null +++ b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnss3.so.1d @@ -0,0 +1 @@ +libnss3.so \ No newline at end of file diff --git a/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnssutil3.so b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnssutil3.so new file mode 100644 index 0000000000000000000000000000000000000000..fbc0bea54455b3f8d4544775d465cd6c91338d3f Binary files /dev/null and b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnssutil3.so differ diff --git a/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnssutil3.so.1d b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnssutil3.so.1d new file mode 120000 index 0000000000000000000000000000000000000000..95abaa5f6ba2f4b6d42d3c743ee3c541f63c9840 --- /dev/null +++ b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libnssutil3.so.1d @@ -0,0 +1 @@ +libnssutil3.so \ No newline at end of file diff --git a/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libplc4.so b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libplc4.so new file mode 100644 index 0000000000000000000000000000000000000000..f308a52ce1f9c652a62ba353787e9aae220e8b78 Binary files /dev/null and b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libplc4.so differ diff --git a/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libplds4.so b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libplds4.so new file mode 100644 index 0000000000000000000000000000000000000000..ab9509c98fe7813e22c012ac2685ef3fd184cf6f Binary files /dev/null and b/server/modules/local-accounts-ecrypt/usr/lib/x86_64-linux-gnu/libplds4.so differ diff --git a/server/modules/local-accounts/opt/openslx/scripts/adduser.sh b/server/modules/local-accounts/opt/openslx/scripts/adduser.sh index 828e0ec393cf194126f42599b509947ebf7f0239..80d0d1c10ee3b0f09793d13c8d001f4ca8e0f963 100755 --- a/server/modules/local-accounts/opt/openslx/scripts/adduser.sh +++ b/server/modules/local-accounts/opt/openslx/scripts/adduser.sh @@ -1,5 +1,8 @@ #!/bin/ash +#Source path properties +. /opt/openslx/scripts/local-accounts_path.sh + #Errors Codes: #defaults: # 0 Tudo certo @@ -135,7 +138,7 @@ remove_user(){ } #This script can only be executed by a root/sudoer user -if [ "$(/usr/bin/id -r -u)" != "0" ]; then +if [ "$(id -r -u)" != "0" ]; then echo $0": Você não possue as permissoes necessárias para realizar essa operação" exit 1 fi diff --git a/server/modules/local-accounts/opt/openslx/scripts/local-accounts.sh b/server/modules/local-accounts/opt/openslx/scripts/local-accounts.sh index 6771121d1fd2cd69ac665be48a7c40c2f2ed4a9a..e5b81a047db5e81f1e42754a82e27fb1edebf982 100755 --- a/server/modules/local-accounts/opt/openslx/scripts/local-accounts.sh +++ b/server/modules/local-accounts/opt/openslx/scripts/local-accounts.sh @@ -1,7 +1,10 @@ #!/bin/ash +#Source path properties +. /opt/openslx/scripts/local-accounts_path.sh + #Check if the user running this code has permissoes to run it -if [ "$(/opt/openslx/bin/id -u)" != "0" ]; then +if [ "$(id -u)" != "0" ]; then echo $0": Você não possue as permissoes necessárias para realizar essa operação" exit 1 else @@ -136,3 +139,4 @@ for pen in $(ls -tr /dev/disk/by-id/usb*); do /opt/openslx/scripts/local-accounts_insert-data.sh "$dev" #echo "$dev" done +exit 0 diff --git a/server/modules/local-accounts/opt/openslx/scripts/local-accounts_insert-data.sh b/server/modules/local-accounts/opt/openslx/scripts/local-accounts_insert-data.sh index 4b1c0001ebd78509f1b3b96229e673302ee964d8..d7d3973b2fc9f9e1c2f0599e8ede20fdfd4390a7 100755 --- a/server/modules/local-accounts/opt/openslx/scripts/local-accounts_insert-data.sh +++ b/server/modules/local-accounts/opt/openslx/scripts/local-accounts_insert-data.sh @@ -1,5 +1,9 @@ #!/bin/ash +#Source path properties +. /opt/openslx/scripts/local-accounts_path.sh + + # EXIT CODES # 0 SUCCESS # 1 DEVICE COULD NOT BE MOUNTED @@ -55,6 +59,12 @@ dev="$1" prepare_usb "$dev" #returns at $mountpath # will only continue if the device that triggered is a valid openslx device echo "$0: an openslx ready drive is mounted at: $mountpath" +if [ ! -e "/home/openslx/usb_slx" ]; then + mkdir -p "/home/openslx/usb_slx"; +fi +# Create a file that makes sure that this drive is a openslx users +# to be used to umount it +touch "/home/openslx/usb_slx/$dev" unset IFS users=$(cat "$mountpath/Openslx/.config"); @@ -101,6 +111,18 @@ while (( [ $# -gt 0 ] )); do #Add to a file what pendrive this user is from mount --bind $mountpath/Openslx/$username /home/$username echo "/dev/$dev" > "/home/openslx/usb_users/$username" + + #if ext4, change owner to new user and create ecrypted + #home if the user has the necessary files + drive_type=$(cat /proc/self/mountinfo | grep "/dev/$dev" | head -n1 | cut -d' ' -f9) + if ( [ "$drive_type" = "ext4" ] );then + echo "$username is on an ext4 drive, thus crypting"; + chown -R $username:$groupname $mountpath/Openslx/$username + chown -R $username:$groupname /home/$username + + script=$(ls /opt/openslx/scripts/local-accounts.d/insert.d/* | head -n1) + source $script $username $mountpath + fi fi fi done diff --git a/server/modules/local-accounts/opt/openslx/scripts/local-accounts_path.sh b/server/modules/local-accounts/opt/openslx/scripts/local-accounts_path.sh new file mode 100755 index 0000000000000000000000000000000000000000..5dc6889641826a376f112dedf12d4d16e880cf58 --- /dev/null +++ b/server/modules/local-accounts/opt/openslx/scripts/local-accounts_path.sh @@ -0,0 +1,3 @@ +if $(echo $PATH | grep "/opt/openslx/bin" -vq); then + PATH=$PATH":/opt/openslx/bin" +fi diff --git a/server/modules/local-accounts/opt/openslx/scripts/local-accounts_remove-udev.sh b/server/modules/local-accounts/opt/openslx/scripts/local-accounts_remove-udev.sh index ce693081a40d0859ecb5e3fce8ea9e09a167178b..922bb951f2e4b4469545ed093503a54b2f245de6 100755 --- a/server/modules/local-accounts/opt/openslx/scripts/local-accounts_remove-udev.sh +++ b/server/modules/local-accounts/opt/openslx/scripts/local-accounts_remove-udev.sh @@ -1,5 +1,8 @@ #!/bin/sh +#Source path properties +. /opt/openslx/scripts/local-accounts_path.sh + remove (){ #exec 1<&- @@ -9,11 +12,13 @@ remove (){ #set -x user_drive="/dev/$1" - + dev=$1 #check if this is a openslx drive mountpath=$(mount | sed 's/ type.*//' | grep -w $dev | cut -d' ' -f3- | head -n1) - if [ -e "$mountpath/Openslx/.config" ]; then + #if [ -e "$mountpath/Openslx/.config" ]; then + if [ -e "/home/openslx/usb_slx/$dev" ]; then echo "$0: /dev/$dev is an openslx ready drive" + rm "/home/openslx/usb_slx/$dev" else echo "$0: /dev/$dev is not ready to be used as an openslx drive" exit 2 # stops openslx users_pendrive execution for this dev diff --git a/server/modules/local-accounts/opt/openslx/scripts/logout.sh b/server/modules/local-accounts/opt/openslx/scripts/logout.sh new file mode 100644 index 0000000000000000000000000000000000000000..4d1c72cfdc996d74d5f16242708b9fb5130a27a8 --- /dev/null +++ b/server/modules/local-accounts/opt/openslx/scripts/logout.sh @@ -0,0 +1,6 @@ +#!/bin/ash + +# runs on logout of users + +sync +echo "syncing" diff --git a/server/modules/local-accounts/opt/openslx/scripts/systemd-local_accounts b/server/modules/local-accounts/opt/openslx/scripts/systemd-local_accounts index b42ac8191fb1153b2f62c6d49e6e36d39297bb51..f7f9b807a6d68baba003de64061b66ab6b20eb15 100755 --- a/server/modules/local-accounts/opt/openslx/scripts/systemd-local_accounts +++ b/server/modules/local-accounts/opt/openslx/scripts/systemd-local_accounts @@ -1,10 +1,11 @@ #!/bin/ash +echo "trap \"/opt/openslx/scripts/logout.sh\" 0" >> /etc/profile mkdir -p /home/openslx/localaccounts/bak for file in passwd group shadow; do echo $0": making backup of "$file cp /etc/$file /home/openslx/localaccounts/bak/$file done -/opt/openslx/scripts/local_accounts.sh +/opt/openslx/scripts/local-accounts.sh