Applications
/
ublinux-init
10
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Fix bugs

Browse Source
master v2.68
Dmitry Razumov 2 years ago
parent 468b47ff29
commit adbdb034c0
Signed by: asmeron
GPG Key ID: 50BC1DB583B79706
6 changed files with 66 additions and 54 deletions
Show Stats Download Patch File Download Diff File

6
ublinux/default
Unescape View File

@ -220,7 +220,11 @@ MKSQFS_OPTS="-b 32K -comp gzip"
SAMBA_USERSHARE=enable SAMBA_USERSHARE=enable
AUTHPAM[minimal]=with-faillock,with-time,with-systemd-homed AUTHPAM[minimal]="with-faillock,with-time,with-systemd-homed,with-mkhomedir-simple,with-pamaccess"
AUTHPAM[nis]="with-faillock,with-time,with-systemd-homed,with-mkhomedir-simple,with-pamaccess"
AUTHPAM[winbind]="with-faillock,with-time,with-systemd-homed,with-mkhomedir-simple,with-pamaccess"
AUTHPAM[sssd]="with-faillock,with-time,with-systemd-homed,with-mkhomedir-simple,with-pamaccess,with-sudo,with-mdns4,with-mdns6,with-files-domain"
AUTHPAM=minimal
JOURNALD[Storage]=persistent JOURNALD[Storage]=persistent
JOURNALD[Compress]=yes JOURNALD[Compress]=yes

4
ublinux/functions
Unescape View File

@ -825,6 +825,8 @@ ubconfig_exec_system(){
${ROOTFS}/usr/lib/ublinux/rc.preinit.d/20-services exec_services_enabledisable "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}" ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/20-services exec_services_enabledisable "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}"
${ROOTFS}/usr/lib/ublinux/rc.preinit.d/20-services exec_services_startstop_live "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}" ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/20-services exec_services_startstop_live "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}"
;; ;;
AUTHPAM) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/40-authpam "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}" ;;
AUTHPAM\[*\]) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/40-authpam "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}" ;;
*) NO_FIND_EXCUTE=1 ;; *) NO_FIND_EXCUTE=1 ;;
esac esac
;; ;;
@ -912,7 +914,7 @@ ubconfig_exec_system(){
;; ;;
"[${SYSCONF}/network]"|"[network]") "[${SYSCONF}/network]"|"[network]")
case "${NAME_VAR}" in case "${NAME_VAR}" in
DOMAIN) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/23-realmd domain_live "${COMMAND_MODE_VAR}" ;; DOMAIN) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/23-realmd exec_domain "${COMMAND_MODE_VAR}" ;;
DOMAIN\[*\]) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/23-realmd domain_configure_live "${COMMAND_MODE_VAR}" ;; DOMAIN\[*\]) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/23-realmd domain_configure_live "${COMMAND_MODE_VAR}" ;;
REALM_SSSD\[*\]) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/23-realmd domain_configure_live "${COMMAND_MODE_VAR}" ;; REALM_SSSD\[*\]) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/23-realmd domain_configure_live "${COMMAND_MODE_VAR}" ;;
REALM_PERMIT_USER) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/23-realmd domain_configure_live "${COMMAND_MODE_VAR}" ;; REALM_PERMIT_USER) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/23-realmd domain_configure_live "${COMMAND_MODE_VAR}" ;;

34
ublinux/rc.preinit.d/23-realmd
Unescape View File

@ -39,35 +39,29 @@ SOURCE=${SYSCONF}/network; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
#fi #fi
exec_domain(){ exec_domain(){
if [[ -n ${DOMAIN} && ${DOMAIN[client]} == "realmd_sssd" ]]; then
${CMD_CHROOT} /usr/bin/ubdomain-client --quiet configure
if [[ -f ${ROOTFS}/etc/krb5.keytab ]]; then
#[[ -f ${ROOTFS}/etc/krb5.conf && -f ${ROOTFS}/etc/sssd/sssd.conf ]] || ${CMD_CHROOT} /usr/bin/ubdomain-client --quite configure 2>/dev/null
[[ -f ${ROOTFS}/usr/lib/systemd/system/sssd.service ]] && ln -sf /usr/lib/systemd/system/sssd.service ${ROOTFS}/etc/systemd/system/multi-user.target.wants/sssd.service
fi
elif [[ -n ${DOMAIN} && ${DOMAIN[client]} == "realmd_winbind" ]]; then
true
elif [[ -n ${DOMAIN} && ${DOMAIN[client]} == "samba" ]]; then
true
fi
}
domain_live(){
# Если выполнение в initrd, то выход
[[ -z ${ROOTFS} ]] || return 0
[[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && COMMAND=$1 && shift [[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && COMMAND=$1 && shift
[[ -n ${COMMAND} ]] || COMMAND="set=" [[ -n ${COMMAND} ]] || COMMAND="set="
local PARAM="$@" local PARAM="$@"
[[ $(declare -p DOMAIN 2>/dev/null) =~ "declare -A" ]] || declare -A DOMAIN
if [[ -n ${PARAM} ]]; then if [[ -n ${PARAM} ]]; then
unset DOMAIN unset DOMAIN
declare -A DOMAIN declare -A DOMAIN
[[ ${PARAM%%=*} =~ [!\$%\&()*+,./:\;\<\=\>?\@\^\{|\}~-] ]] || eval "${PARAM%%=*}=\${PARAM#*=}" [[ ${PARAM%%=*} =~ [!\$%\&()*+,./:\;\<\=\>?\@\^\{|\}~-] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
fi fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
[[ -z ${DOMAIN} ]] && return 0 if [[ -n ${DOMAIN} && ${DOMAIN[client]} == "realmd_sssd" ]]; then
${ROOTFS}/usr/bin/ubdomain-client configure if [[ -f ${ROOTFS}/etc/krb5.keytab ]]; then
${CMD_CHROOT} /usr/bin/ubdomain-client --quiet configure
#[[ -f ${ROOTFS}/etc/krb5.conf && -f ${ROOTFS}/etc/sssd/sssd.conf ]] || ${CMD_CHROOT} /usr/bin/ubdomain-client --quite configure #2>/dev/null
[[ -f ${ROOTFS}/usr/lib/systemd/system/sssd.service ]] && ln -sf /usr/lib/systemd/system/sssd.service ${ROOTFS}/etc/systemd/system/multi-user.target.wants/sssd.service
fi
elif [[ -n ${DOMAIN} && ${DOMAIN[client]} == "realmd_winbind" ]]; then
true
elif [[ -n ${DOMAIN} && ${DOMAIN[client]} == "samba" ]]; then
true
fi
elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then
${ROOTFS}/usr/bin/ubdomain-client unconfigure ${CMD_CHROOT} /usr/bin/ubdomain-client unconfigure
fi fi
} }
@ -80,9 +74,11 @@ domain_configure_live(){
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
[[ -z ${DOMAIN} ]] && return 0 [[ -z ${DOMAIN} ]] && return 0
${ROOTFS}/usr/bin/ubdomain-client configure ${ROOTFS}/usr/bin/ubdomain-client configure
systemctl restart sssd.service
elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then
[[ -z ${DOMAIN} ]] && return 0 [[ -z ${DOMAIN} ]] && return 0
${ROOTFS}/usr/bin/ubdomain-client configure ${ROOTFS}/usr/bin/ubdomain-client configure
systemctl restart sssd.service
fi fi
} }

7
ublinux/rc.preinit.d/30-network-hostname
Unescape View File

@ -63,11 +63,10 @@ set_hostname_live(){
hostnamectl set-hostname "${SET_HOSTNAME}" hostnamectl set-hostname "${SET_HOSTNAME}"
## Если меняется имя хоста в запущенных X, то новое имя добавляем в xauth ## Если меняется имя хоста в запущенных X, то новое имя добавляем в xauth
who | grep "(:[0-9.]*)$" | cut -d' ' -f1 | xargs -ri su {} -c "xauth list | sed 's|^.*/|su {} -c \\\\\"xauth add ${SET_HOSTNAME}/|;s|$|\\\\\"|'" | xargs -ri sh -c '{}' who | grep "(:[0-9.]*)$" | cut -d' ' -f1 | xargs -ri su {} -c "xauth list | sed 's|^.*/|su {} -c \\\\\"xauth add ${SET_HOSTNAME}/|;s|$|\\\\\"|'" | xargs -ri sh -c '{}'
# Если указан задан домен в имени хоста и не соответствует DOMAIN, то задаём переменную DOMAIN= # Если указан задан домен в имени хоста и не соответствует DOMAIN, то задаём переменную DOMAIN=
[[ ${DOMAIN} != ${SET_DOMAIN} ]] && ubconfig set network DOMAIN="${SET_DOMAIN}" #[[ ${DOMAIN} != ${SET_DOMAIN} ]] && ubconfig --noexecute set network DOMAIN="${SET_DOMAIN}"
# При условии, что в имене хоста домен указан отличный от DOMAIN # При условии, что в имене хоста домен указан отличный от DOMAIN
[[ ${HOSTNAME} != ${SET_HOSTNAME} ]] && ubconfig --target global [system] HOSTNAME="${SET_HOSTNAME}" [[ ${HOSTNAME} == ${SET_HOSTNAME} ]] || ubconfig --target global [system] HOSTNAME="${SET_HOSTNAME}"
} }
exec_hostname(){ exec_hostname(){
@ -83,7 +82,7 @@ exec_hostname(){
# Если в имени хоста указан домен, то зададим на сеанс DOMAIN # Если в имени хоста указан домен, то зададим на сеанс DOMAIN
[[ ${HOSTNAME} != ${HOSTNAME#*.} ]] && SET_DOMAIN="${HOSTNAME#*.}" [[ ${HOSTNAME} != ${HOSTNAME#*.} ]] && SET_DOMAIN="${HOSTNAME#*.}"
fi fi
set_hostname "${SET_HOSTNAME}" "${SET_DOMAIN}" # set_hostname "${SET_HOSTNAME}" "${SET_DOMAIN}"
# Если выполнение в initrd, то пропустить # Если выполнение в initrd, то пропустить
[[ -n ${ROOTFS} ]] || set_hostname_live "${SET_HOSTNAME}" "${SET_DOMAIN}" [[ -n ${ROOTFS} ]] || set_hostname_live "${SET_HOSTNAME}" "${SET_DOMAIN}"
} }

54
ublinux/rc.preinit.d/40-authpam
Unescape View File

@ -20,30 +20,30 @@ SYSCONF="${ROOTFS}${SYSCONF}"
SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
[[ -n $1 && -n $2 ]] && AUTHPAM[$1]="$2" exec_authpam(){
if [[ -n ${AUTHPAM[@]} && ${AUTHPAM[@],,} != @(disable|no|none|off) ]]; then [[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && COMMAND=$1 && shift
# TODO: Сделать отработку по параметру загруженному, убрать парсинг [[ -n ${COMMAND} ]] || COMMAND="set="
AUTHPAM_PROFILE=$(grep -h '^AUTHPAM\[' ${ROOTFS}/usr/lib/ublinux/default ${ROOTFS}/etc/ublinux/system | tail -1 | sed -E 's/AUTHPAM\[([a-z]*)\].*/\1/') #' [[ $(declare -p AUTHPAM 2>/dev/null) =~ "declare -A" ]] || declare -A AUTHPAM
PROFILE_FEATURE=$(tr ',;' " " <<< ${AUTHPAM[${AUTHPAM_PROFILE}]}) local PARAM="$@"
${CMD_CHROOT} /usr/bin/authselect select ${AUTHPAM_PROFILE} ${PROFILE_FEATURE} --force --nobackup --quiet AUTHSELECT_LIST_ALL=$(${CMD_CHROOT} /usr/bin/authselect list)
fi AUTHPAM_FEATURE=${AUTHPAM[${AUTHPAM[0]}]//,/ }; AUTHPAM_FEATURE=${AUTHPAM_FEATURE//;/ }
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
# if [[ -n ${AUTHPAM[@]} && ${AUTHPAM[@],,} != "disable" && ${AUTHPAM} != "-" && ${AUTHPAM,} != "no" && ${AUTHPAM,,} != "off" && ${SYSTEMBOOT_STATEMODE,,} =~ ^"sandbox" ]]; then if [[ ${AUTHPAM[0]} != @(""|disable|no|none|off) ]] \
# [[ ${#AUTHPAM[@]} -gt 1 ]] && unset AUTHPAM[minimal] && [[ ${AUTHSELECT_LIST_ALL} =~ (^|$'\n')([^$'\n'$])+[[:blank:]]+${AUTHPAM[0]}[[:blank:]]+([^$'\n'$])+($'\n'|$) ]] \
# for AUTHPAM_PROFILE in "${!AUTHPAM[@]}"; do && [[ ${PARAM} =~ '['${AUTHPAM[0]}']=' || ${PARAM} =~ ^'AUTHPAM='${AUTHPAM[0]}$ ]]; then
# AUTHPAM_CURRENT_PROFILE=$(authselect current --raw) ${CMD_CHROOT} /usr/bin/authselect select ${AUTHPAM[0]} ${AUTHPAM_FEATURE} --force --nobackup --quiet
# [[ $? != 0 ]] && unset AUTHPAM_CURRENT_PROFILE fi
# read -a AUTHPAM_CURRENT_PROFILE <<< ${AUTHPAM_CURRENT_PROFILE} elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then
# PROFILE_FEATURE=$(tr ',;' " " <<< ${AUTHPAM[${AUTHPAM_PROFILE}]}) if [[ ${AUTHPAM[0]} != @(""|disable|no|none|off) ]]; then
# if [[ -z ${AUTHPAM_CURRENT_PROFILE} ]]; then ${CMD_CHROOT} /usr/bin/authselect select ${AUTHPAM[0]} ${AUTHPAM_FEATURE} --force --nobackup --quiet
# authselect select ${AUTHPAM_PROFILE} ${PROFILE_FEATURE} --force --nobackup --quiet fi
# else fi
# if [[ ${AUTHPAM_PROFILE} == ${AUTHPAM_CURRENT_PROFILE[0]} ]]; then
# authselect enable-feature ${PROFILE_FEATURE} --force --nobackup --quiet }
# else
# authselect select ${AUTHPAM_PROFILE} ${PROFILE_FEATURE} --force --nobackup --quiet
# fi ################
# ##### MAIN #####
# fi ################
# done
# fi exec_authpam $@

15
ublinux/templates/ublinux-data.ini
Unescape View File

@ -108,7 +108,7 @@ SERVICES_ENABLE=dbus-broker,NetworkManager,sshd,systemd-swap,cups,cockpit.socket
#ENVIROMENT[profile:VAR_PROFILE]="my value for all users" #ENVIROMENT[profile:VAR_PROFILE]="my value for all users"
#ENVIROMENT[superadmin:VAR_USER]="my value for select user" #ENVIROMENT[superadmin:VAR_USER]="my value for select user"
## Профиль конфигурации PAM авторизации, authselect. Профили /usr/share/authselect/default ## Настройки профиля конфигурации PAM авторизации, authselect. Профили /usr/share/authselect/default
## AUTHPAM[<profile>]=<feature>|disable|no|off ## AUTHPAM[<profile>]=<feature>|disable|no|off
## <profile> # Профиль ## <profile> # Профиль
## *minimal # Local users only for minimal installations, default ## *minimal # Local users only for minimal installations, default
@ -124,7 +124,18 @@ SERVICES_ENABLE=dbus-broker,NetworkManager,sshd,systemd-swap,cups,cockpit.socket
## Информация о профиле: authselect show sssd ## Информация о профиле: authselect show sssd
#AUTHPAM[minimal]=with-faillock,with-time,with-systemd-homed #AUTHPAM[minimal]=with-faillock,with-time,with-systemd-homed
#AUTHPAM[sssd]=with-faillock,with-time,with-systemd-homed,with-mkhomedir-simple #AUTHPAM[sssd]=with-faillock,with-time,with-systemd-homed,with-mkhomedir-simple
#AUTHPAM=disable
## Тип используемого профиля конфигурации PAM авторизации, authselect. Профили /usr/share/authselect/default
## AUTHPAM=<profile>|disable|no|off
## <profile> # Профиль
## *minimal # Local users only for minimal installations, default
## nis # Enable NIS for system authentication
## sssd # Enable SSSD for system authentication (also for local users only)
## winbind # Enable winbind for system authentication
## AUTHPAM=minimal
## AUTHPAM=disable
#AUTHPAM=sssd
## Алгоритм сжатия модулей по умолчанию ## Алгоритм сжатия модулей по умолчанию
#MKSQFS_OPTS="-b 512K -comp xz -Xbcj x86" #MKSQFS_OPTS="-b 512K -comp xz -Xbcj x86"

Write Preview
Loading…
Cancel
Save