#!/bin/bash -e # # Univention Home Mounter # mount the homedir # # Copyright 2004-2013 Univention GmbH # # http://www.univention.de/ # # All rights reserved. # # The source code of this program is made available # under the terms of the GNU Affero General Public License version 3 # (GNU AGPL V3) as published by the Free Software Foundation. # # Binary versions of this program provided by Univention to you as # well as other copyrighted, protected or trademarked materials like # Logos, graphics, fonts, specific documentations and configurations, # cryptographic keys etc. are subject to a license agreement between # you and Univention and not subject to the GNU AGPL V3. # # In the case you use this program under the terms of the GNU AGPL V3, # the program is provided in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public # License with the Debian GNU/Linux or Univention distribution in file # /usr/share/common-licenses/AGPL-3; if not, see # . username="${1:-${USER:?neither \$1 nor \$USER}}" eval "$(univention-config-registry shell ldap/hostdn)" # Get the passwd line for current user. # If a user has a numerical username, getent would treat the name # as the uid and deliver consequently a wrong or an empty result. case "$username" in [0-9]*) if ldap_result=$(ldapsearch -x -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -LLL uid="$username" homeDirectory uidNumber gidNumber | ldapsearch-wrap | ldapsearch-decode64) then pw_dir="$(echo "$ldap_result" | sed -ne 's|^homeDirectory: ||p')" pw_uid="$(echo "$ldap_result" | sed -ne 's|uidNumber: ||p')" pw_gid="$(echo "$ldap_result" | sed -ne 's|gidNumber: ||p')" else IFS=: read _ _ pw_uid pw_gid _ pw_dir _ <<<"$(awk -F: -v U="$username" '$1==U {print}' /etc/passwd)" fi ;; *) IFS=: read _ _ pw_uid pw_gid _ pw_dir _ <<<"$(getent passwd "$username")" ;; esac [ -z "$pw_dir" ] && exit 1 [ "$pw_uid" -lt 1000 ] && exit 0 if REALHOME="$(readlink -f "$pw_dir")" then mountpoint -q "$REALHOME" && exit 0 else REALHOME="$pw_dir" fi homeattr="$(ldapsearch -x -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -z 1 "(&(objectClass=posixAccount)(objectClass=automount)(uid=$username))" automountInformation -LLL | ldapsearch-wrapper | sed -ne 's/^automountInformation: //p')" if [ -n "$homeattr" ] then homeattr="${homeattr#-r[ow] }" host="${homeattr%%:*}" path="${homeattr#*:}" if [ -z "$host" ] || [ -z "$path" ] then logger "Bad information in LDAP. Not mounting home directory." exit 1 fi if ( [ "$host" = "$(hostname -f)" ] || [ "$host" = "$(hostname -s)" ] ) && \ [ "$(readlink -f "$path")" = "$REALHOME" ] then logger "Home directory is local." exit 0 fi fi if ! [ -e "$REALHOME" ] then logger "Create homdir $REALHOME" # Use the username as owner instead of the uid. # In case a numerical username identical with the # given uid exists, chown would set the numerical username # as owner. install -d -o "$username" -g "$pw_gid" -m 0711 "$REALHOME" fi [ -z "$homeattr" ] && exit 0 if mount -t nfs "$host:$path" "$REALHOME" then dotlockfile -l /var/lib/univention-home-mounter/mounts.lock echo "$REALHOME $(date +%s)" >> /var/lib/univention-home-mounter/mounts dotlockfile -u /var/lib/univention-home-mounter/mounts.lock else logger "Failed to mount home directory: $pw_dir" exit 1 fi