diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-04-18 23:49:21 -0400 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-04-18 23:49:21 -0400 |
| commit | 63d6f82c5b3436a62b3bd035b70139cfcff683e0 (patch) | |
| tree | 9ee5786f6d985e2b8abbbc2cea576586d8ab30ef /roles/local_homedirs | |
| parent | 8f1961a8aa9f8194368d3a0c761443fd66eb6a10 (diff) | |
| download | selfhosted-63d6f82c5b3436a62b3bd035b70139cfcff683e0.tar.gz selfhosted-63d6f82c5b3436a62b3bd035b70139cfcff683e0.zip | |
local_homedirs: fixes for kwallet
Diffstat (limited to 'roles/local_homedirs')
| -rw-r--r-- | roles/local_homedirs/files/usr/local/sbin/sync-kwallet-salt.sh | 13 | ||||
| -rw-r--r-- | roles/local_homedirs/tasks/main.yml | 22 | ||||
| -rw-r--r-- | roles/local_homedirs/vars/main.yml | 1 |
3 files changed, 36 insertions, 0 deletions
diff --git a/roles/local_homedirs/files/usr/local/sbin/sync-kwallet-salt.sh b/roles/local_homedirs/files/usr/local/sbin/sync-kwallet-salt.sh new file mode 100644 index 0000000..591e697 --- /dev/null +++ b/roles/local_homedirs/files/usr/local/sbin/sync-kwallet-salt.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +PAM_UID=$(id -u "$PAM_USER") + +LOCAL_SALT="/usr/local/home/${PAM_USER}/.local/share/kwalletd/kdewallet.salt" +NFS_SALT="/home/${PAM_USER}/.local/share/kwalletd/kdewallet.salt" + +if (( PAM_UID >= 1000 )) && [ -f "$NFS_SALT" ]; then + install -o "$PAM_USER" -g "$PAM_USER" -m 0755 -d "/usr/local/home/${PAM_USER}/.local" + install -o "$PAM_USER" -g "$PAM_USER" -m 0755 -d "/usr/local/home/${PAM_USER}/.local/share" + install -o "$PAM_USER" -g "$PAM_USER" -m 0755 -d "/usr/local/home/${PAM_USER}/.local/share/kwalletd" + install -o "$PAM_USER" -g "$PAM_USER" -m 0600 "$NFS_SALT" "$LOCAL_SALT" +fi diff --git a/roles/local_homedirs/tasks/main.yml b/roles/local_homedirs/tasks/main.yml index 7e90959..2a5859f 100644 --- a/roles/local_homedirs/tasks/main.yml +++ b/roles/local_homedirs/tasks/main.yml @@ -26,6 +26,20 @@ when: local_homedir_sefcontext.changed tags: selinux +- name: copy kwallet script + copy: + src: '{{ local_homedir_kwallet_script[1:] }}' + dest: '{{ local_homedir_kwallet_script }}' + mode: 0555 + setype: xdm_unconfined_exec_t + +- name: set xdm_unconfined_exec_t sefcontext on kwallet script + sefcontext: + target: '{{ local_homedir_kwallet_script }}' + state: present + setype: xdm_unconfined_exec_t + tags: selinux + - name: copy profile script copy: src: etc/profile.d/local-homedirs.sh @@ -65,6 +79,14 @@ - auth optional pam_env.so conffile={{ local_homedir_pam_env_path }} when: "'sddm' in ansible_facts.packages" +- name: modify sddm PAM configuration for kwallet + lineinfile: + path: /etc/pam.d/sddm + line: auth optional pam_exec.so {{ local_homedir_kwallet_script }} + insertafter: auth\s+optional\s+pam_kwallet\.so$ + state: present + when: "'sddm' in ansible_facts.packages" + - name: modify pam configs for sshd lineinfile: path: /etc/pam.d/sshd diff --git a/roles/local_homedirs/vars/main.yml b/roles/local_homedirs/vars/main.yml index 46ee9b6..820c5b8 100644 --- a/roles/local_homedirs/vars/main.yml +++ b/roles/local_homedirs/vars/main.yml @@ -1,3 +1,4 @@ local_homedir_script_sddm: /usr/local/sbin/create-local-homedir-gdm.sh local_homedir_script_ssh: /usr/local/sbin/create-local-homedir-ssh.sh +local_homedir_kwallet_script: /usr/local/sbin/sync-kwallet-script.sh local_homedir_pam_env_path: /etc/security/pam_env_xdg.conf |