Skip to content
Snippets Groups Projects
Commit c343e51c authored by Samuel Bancal's avatar Samuel Bancal
Browse files

keep_cred and epfl_roaming as deployed in ENAC on 2016-09

parents
No related branches found
No related tags found
No related merge requests found
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_sss.so use_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
auth optional pam_exec.so expose_authtok quiet log=/var/log/epfl_keep_cred.log /usr/local/bin/keep_cred.py
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_sss.so
session optional pam_systemd.so
# end of pam-auth-update config
session optional pam_exec.so log=/var/log/epfl_roaming2.log /usr/local/bin/epfl_roaming.py --pam
[Desktop Entry]
Type=Application
Exec=/usr/local/bin/epfl_roaming.py --session
Terminal=false
Hidden=false
NoDisplay=false
X-GNOME-Autostart-enabled=true
Name[en_US]=epfl_roaming
Name=epfl_roaming
Comment[en_US]=EPFL Roaming - GConf, DConf
Comment=EPFL Roaming - GConf, DConf
[Unit]
Description=Run epfl_roaming on shutdown to make sure everything is repatriated
# After= ... makes sure network is still available during ExecStop execution
After=network.target
[Service]
ExecStart=/bin/true
ExecStop=/usr/local/bin/epfl_roaming.py --on_halt
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
This diff is collapsed.
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Author : Bancal Samuel
# Created : 100831
# Updates : 110103
# Requisite :
# Description :
# - get username/password
# - encode it
# - store it to tmp file
import os
import sys
import pwd
import pickle
import ldap
import re
SERVICE = os.environ["PAM_SERVICE"]
TYPE = os.environ["PAM_TYPE"]
USERNAME = os.environ["PAM_USER"]
class UserIdentity():
"""
Become user or back to root
"""
def __init__(self):
pass
def __enter__(self):
pw = pwd.getpwnam(USERNAME)
os.seteuid(pw.pw_uid)
def __exit__(self, type, value, traceback):
os.seteuid(0)
#~ DOMAIN = get_domain()
#TTY = os.environ["PAM_TTY"]
print "USERNAME %s" % USERNAME
print "SERVICE %s" % SERVICE
print "TYPE %s" % TYPE
CRED_FILENAME = "/tmp/%s_epfl_cred" % USERNAME
if TYPE != "auth":
sys.exit(0)
PASSWORD = sys.stdin.readline().rstrip(chr(0))
def save_credentials(username = USERNAME, password = PASSWORD):
# Encode credential
def encode(username, password):
username = unicode(username, 'utf-8')
password = unicode(password, 'utf-8')
factor = len(password) / len(username) + 1
key = username * factor
enc_password = "".join([unichr(ord(password[i]) + ord(key[i])) for i in range(0, len(password)) ])
return enc_password
try:
with open(CRED_FILENAME, "wb") as f:
enc_password = encode(username, password)
pickle.dump(enc_password, f)
except IOError:
print "Error: Could not write to file %s" % CRED_FILENAME
sys.exit(1)
save_credentials(USERNAME, PASSWORD)
pw = pwd.getpwnam(USERNAME)
os.chown(CRED_FILENAME, pw.pw_uid, pw.pw_gid)
os.chmod(CRED_FILENAME, 0600)
sys.exit(0)
# ---------------------------------------------------------------------------- #
### MOUNT ###
# explicit nfsv4
# mount -t nfs4 files_SCIPER_DIGIT_.epfl.ch:/dit-files_SCIPER_DIGIT_-t1/data/_USERNAME_ /home/_USERNAME_/Desktop/MyFiles -o proto=tcp,sec=krb5,port=2049
# implicit (out of LDAP's "automountInformation" field)
# mount -t _FSTYPE_ _HOST_:_PATH_ /home/_USERNAME_/Desktop/MyFiles -o _OPTIONS_
# explicit cifs
mount -t cifs //files_SCIPER_DIGIT_.epfl.ch/data/_USERNAME_ /home/_USERNAME_/Desktop/MyFiles -o user=_USERNAME_,domain=intranet,uid=_UID_,gid=_GID_,file_mode=0750,dir_mode=0750,rw,nobrl,noserverino,iocharset=utf8
# ---------------------------------------------------------------------------- #
### DIRS & FILES ###
# Dirs syntax : "Desktop/MyFiles/epfl_roaming/enacit/it1/.mozilla/"
# Keys syntax : "Desktop/MyFiles/epfl_roaming/enacit/it1/.bashrc"
# link "+Desktop/MyFiles/My Documents/" "Desktop/My Documents/"
# Use local disk as scratch
su_link "+/local_temp/_USERNAME_/" "Desktop/local_temp/"
# Bash
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.bashrc" ".bashrc"
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.bash_history" ".bash_history"
# Geany
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.config/geany/" ".config/geany/"
# Atom
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.atom/" ".atom/"
# LibreOffice
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.config/libreoffice/" ".config/libreoffice/"
# Firefox
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.mozilla/" ".mozilla/"
# Unity shows shortcuts on login
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.cache/unity/first_run.stamp" ".cache/unity/first_run.stamp"
# ssh - S. Bancal
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.ssh/" ".ssh/"
# Octave - J.D. Bonjour
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.octave_hist" ".octave_hist"
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.octaverc" ".octaverc"
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.config/octave/" ".config/octave/"
# FreeMat - J.D. Bonjour
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.config/FreeMat/" ".config/FreeMat/"
# Matlab - j.D. Bonjour
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.matlab/" ".matlab/"
# Emacs - S. Takahama
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.emacs" ".emacs"
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.emacs.d/" ".emacs.d/"
# R - S. Takahama
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.Rprofile" ".Rprofile"
# Qgis LASIG S. Duruz
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.qgis2/" ".qgis2/"
# ENACdrives - S. Bancal
link "Desktop/MyFiles/epfl_roaming/enacit/it1/.enacdrives.conf" ".enacdrives.conf"
# ---------------------------------------------------------------------------- #
### DCONF TREES & KEYS ###
# Dirs syntax : "/org/gnome/desktop/background/"
# Keys syntax : "/desktop/unity/launcher/favorites"
dconf_file "Desktop/MyFiles/epfl_roaming/enacit/it1/dconf"
# Background settings (image + colors ...) - J.D. Bonjour
dconf "/org/gnome/desktop/background/"
# Gedit settings - J.D. Bonjour
dconf "/org/gnome/gedit/"
# System Settings > Brightnesse & Lock > Turn screen off when inactive for - J.D. Bonjour
dconf "/org/gnome/desktop/session/idle-delay"
# System Settings > Appearance > Look > Launcher Icon Size (2 keys) - J.D. Bonjour
dconf "/org/compiz/profiles/unity/plugins/unityshell/icon-size"
dconf "/org/compiz/profiles/unity/plugins/expo/x-offset"
# System Settings > Time & Date > Clock - J.D. Bonjour
dconf "/com/canonical/indicator/datetime/"
# System Load Indicator preferences - J.D. Bonjour
dconf "/apps/indicators/multiload/"
# ---------------------------------------------------------------------------- #
#~ ### GCONF TREES & KEYS ###
#~
#~ !!! GCONF COULDN'T MAKE IT WORK ON 12.04 !!!
#~
#~ # Dirs syntax : "/desktop/gnome/background/"
#~ # Keys syntax : "/apps/metacity/general/focus_mode"
#~
#~ gconf_file "Desktop/MyFiles/epfl_roaming/enacit/it1/gconf"
#~
#~ # Windows selection - SB
#~ gconf "/apps/metacity/general/focus_mode"
#~
#~ # GNOME Terminal Prefs (including profiles) - JDB
#~ gconf "/apps/gnome-terminal/"
#~
#~ # Gedit settings - JDB
#~ gconf "/apps/gedit-2/"
# ---------------------------------------------------------------------------- #
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment