source: epoptes/trunk/fuentes/epoptes-client/epoptes-client @ 3148

Last change on this file since 3148 was 3148, checked in by daduve, 3 years ago

Updated from trusty

  • Property svn:executable set to *
File size: 12.2 KB
Line 
1#!/bin/bash
2
3###########################################################################
4# Connects to a remote server and offers it a local shell.
5# Usage: epoptes [server] [port]
6#
7# Copyright (C) 2010-2012 Alkis Georgopoulos <alkisg@gmail.com>
8#
9# This program is free software: you can redistribute it and/or modify
10# it under the terms of the GNU General Public License as published by
11# the Free Software Foundation, either version 3 of the License, or
12# (at your option) any later version.
13#
14# This program is distributed in the hope that it will be useful,
15# but WITHOUT ANY WARRANTY; without even the implied warranty of
16# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17# GNU General Public License for more details.
18#
19# You should have received a copy of the GNU General Public License
20# along with this program.  If not, see <http://www.gnu.org/licenses/>.
21#
22# On Debian GNU/Linux systems, the complete text of the GNU General
23# Public License can be found in `/usr/share/common-licenses/GPL'.
24###########################################################################
25
26# epoptes-client may be called either as root, to control the client, or as a
27# user, to control the user session.
28# As root, epoptes-client starts from if-up.d on standalone clients.
29# Unfortunately, thin and fat clients don't get if-up.d events, so just for
30# this case we're using a helper sysvinit script.
31# As a user, epoptes-client runs from /etc/xdg/autostart.
32# Users can cancel that from their System > Preferences > Services gnome menu.
33VERSION=$(lliurex-version)
34echo "$VERSION" >> /tmp/epoptes.txt
35discover() {
36        echo "  - Dentro de funcion discover -  " >> /tmp/epoptes.txt
37        echo >> /tmp/epoptes.txt
38        MATCH=""
39        if [[ "$VERSION" == *server* ]]
40        then
41                LIGHT=` echo "$DISPLAY" | cut -d ":" -f1`
42                if [[ -z "$LIGHT" ]]; then 
43                        MATCH="servidor"
44                else
45                        MATCH="ligero"
46                fi
47        else
48                if grep "client" /tmp/.epoptes-fat.txt > /dev/nul
49                then
50                        if [[ -z "$LTSP_FATCLIENT" ]]; then
51                                MATCH="Pesado"
52                        else
53                                MATCH="Semiligero"
54                        fi
55                fi
56        fi
57        echo >> epoptes.txt
58        echo "** Soy un $MATCH **" >> /tmp/epoptes.txt
59        echo >> /tmp/epoptes.txt
60} 
61
62
63
64die() {
65    echo "epoptes-client ERROR: $@" >&2
66    exit 1
67}
68
69# The "boolean_is_true" name is used as a sentinel that prevents ltsp_config
70# from sourcing ltsp_common_functions. So we're using a different name.
71my_boolean_is_true() {
72    case "$1" in
73       # match all cases of true|y|yes
74       [Tt][Rr][Uu][Ee]|[Yy]|[Yy][Ee][Ss]) return 0 ;;
75       *) return 1 ;;
76    esac
77}
78
79# Return true if we're in a chroot.
80chrooted() {
81    # The result is cached in a variable with the same name as the function :P
82    test -n "$chrooted" && return "$chrooted"
83    test -n "$UID" || UID=$(id -u)
84    if [ "$UID" -gt 0 ]; then
85        chrooted=1
86    elif [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]
87    then
88        # the devicenumber/inode pair of / is the same as that of /sbin/init's
89        # root, so we're *not* in a chroot and hence return false.
90        chrooted=1
91    else
92        chrooted=0
93    fi
94    return "$chrooted"
95}
96
97# Get $UID and $TYPE of the client, and the default $SERVER and $PORT.
98basic_info() {
99    test -n "$UID" || UID=$(id -u)
100
101    # We temporarily need LTSP_CLIENT and LTSP_FATCLIENT to decide TYPE.
102    # Unfortunately, when epoptes-client is ran as a system service, they're
103    # not in our environment, and we need to source ltsp_config.
104    # But we don't want to pollute the environment with any of its other vars.
105    if [ "$UID" -eq 0 ] && [ -f /usr/share/ltsp/ltsp_config ] && ! chrooted &&
106        egrep -qs 'ltsp|nfs|nbd' /proc/cmdline
107    then
108        export $(
109            . /usr/share/ltsp/ltsp_config >/dev/null
110            echo "LTSP_CLIENT=$LTSP_CLIENT"
111            echo "LTSP_FATCLIENT=$LTSP_FATCLIENT"
112            echo "EPOPTES_CLIENT_VERIFY_CERTIFICATE=$EPOPTES_CLIENT_VERIFY_CERTIFICATE")
113        # LTSP_CLIENT may not be available in system sesssions, if so fake it
114        LTSP_CLIENT=${LTSP_CLIENT:-127.0.0.1}
115    fi
116
117    # LTSP_FATCLIENT may not be available in user sessions, autodetect it
118    if [ -n "$LTSP_CLIENT" ] && [ -z "$LTSP_FATCLIENT" ] &&
119        [ "$UID" -gt 0 ] && [ -x /usr/bin/getltscfg ] &&
120        egrep -qs 'ltsp|nfs|nbd' /proc/cmdline
121    then
122        LTSP_FATCLIENT=True
123    fi
124
125    if my_boolean_is_true "$LTSP_FATCLIENT"; then
126        TYPE="fat"
127    elif [ -n "$LTSP_CLIENT" ]; then
128        TYPE="thin"
129    else
130        TYPE="standalone"
131    fi
132
133    if ( [ "$TYPE" = "thin" ] && [ "$UID" -gt 0 ] ) || chrooted; then
134        SERVER=localhost
135    else
136        SERVER=server
137    fi
138    PORT=789
139
140    export UID TYPE SERVER PORT
141}
142
143fetch_certificate()
144{
145    test "$UID" -eq 0 || die "Need to be root to fetch the certificate"
146    mkdir -p /etc/epoptes
147    openssl s_client -connect $SERVER:$PORT < /dev/null \
148        | sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d' \
149        > /etc/epoptes/server.crt
150    if [ -s /etc/epoptes/server.crt ]; then
151        echo "Successfully fetched certificate from $SERVER:$PORT"
152        exit 0
153    else
154        die "Failed to fetch certificate from $SERVER:$PORT"
155    fi
156}
157
158
159# Main.############################################
160
161if [ ! -f /tmp/epoptes.txt ]; then
162        touch /tmp/epoptes.txt
163fi
164chmod 777 /tmp/epoptes.txt
165
166echo "">> /tmp/epoptes.txt
167echo "*******DEPURANDO SCRIPT /USR/SBIN/EPOPTES PARA EL *************    USUARIO : $USER      ******">> /tmp/epoptes.txt
168echo "">> /tmp/epoptes.txt
169date >> /tmp/epoptes.txt
170echo "">> /tmp/epoptes.txt
171discover
172echo "*************** Presesion Lightdm ************"  >> /tmp/epoptes.txt
173ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" >> /tmp/epoptes.txt
174USERS_SOCAT=`ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" | awk '{print $2}' | uniq | wc -l `
175echo "USERS_SOCAT = $USERS_SOCAT">> /tmp/epoptes.txt;
176if [[ "$MATCH" != ligero  ]]; then
177        if (("$USERS_SOCAT" > 2 )); then
178                echo "Estoy dentro del if matando procesos.......">> /tmp/epoptes.txt
179                for i in `ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v grep | awk '{print $2}' | uniq`; do
180                        echo "Dentro del FOR para .......">> /tmp/epoptes.txt
181                        ps -aux | grep $i >> /tmp/epoptes.txt
182                        echo "Matando el proceso $i"  >> /tmp/epoptes.txt
183                        kill -9 $i >> /tmp/epoptes.txt
184                done
185        fi
186fi
187
188echo "_________MAIN_____________">> /tmp/epoptes.txt
189
190
191export VERSION="0.5.7" # Automatically updated by mkdst
192
193# Check the first parameter as it may turn out we don't need to run at all
194case "$1" in
195    -v|--version)
196        echo "$VERSION"
197        exit
198        ;;
199    -h|--help)
200        if [ -x /usr/bin/man ]; then
201            exec man epoptes-client
202        else
203            echo "Usage: $0 [-c|-h|-v] [SERVER] [PORT]"
204            exit 0
205        fi
206        ;;
207    -c|--certificate)
208        need_certificate=true
209        shift
210        ;;
211esac
212
213# When called from /etc/xdg/autostart, /sbin is not in the system path.
214PATH="$PATH:/sbin:/usr/sbin"
215
216# When launched as a service, LANG might not be set.
217if [ -z "$LANG" ] && [ -r /etc/default/locale ]; then
218    . /etc/default/locale
219    export LANG
220fi
221
222basic_info
223echo "Capturo basic info UID:$UID TYPE:$TYPE SERVER:$SERVER PORT:$PORT">> /tmp/epoptes.txt
224# The configuration file overrides the default values
225if [ -f /etc/default/epoptes-client ]; then
226    . /etc/default/epoptes-client
227fi
228# And the command line parameters override the configuration file
229export SERVER=${1:-$SERVER}
230export PORT=${2:-$PORT}
231
232# Provide an easy way to fetch the server certificate
233test -n "$need_certificate" && fetch_certificate
234
235# We don't want the epoptes-client system service running on the epoptes server
236if ( [ $UID -eq 0 ] && [ $TYPE = "standalone" ] && [ -x /usr/bin/epoptes ] ) ||
237    chrooted
238then
239    lliurex-version -t client || exit 0
240fi
241
242# Go to the scripts directory, so that we can run them with ./xxx
243cd $(dirname "$0")
244if [ -d ../epoptes-client ]; then
245    cd ../epoptes-client
246else
247    cd /usr/share/epoptes-client
248fi
249
250# Source the lsb init functions, for log_begin_msg.
251# Unfortunately it seems that Centos and Fedora don't have that file.
252if [ -f /lib/lsb/init-functions ]; then
253    . /lib/lsb/init-functions
254else
255    alias log_begin_msg="echo -n"
256fi
257log_begin_msg "Epoptes-client connecting to $SERVER:$PORT..."
258echo "Epoptes-client connecting to $SERVER:$PORT..."
259# Call chain:
260#  * if-up.d executes /usr/sbin/epoptes-client
261#  * then socat is called
262#  * after a successful connection, socat exec's /bin/sh
263#  * and the daemon sends /usr/share/epoptes/client-functions to that shell
264
265# Kill all ghost instances of epoptes-client of the same user.
266# That may happen if network connectivity is lost for a while.
267# Standalone workstations don't hang if the network is down, and nbd might cope
268# with that for LTSP clients, but epoptes kills disconnected epoptes-clients.
269# The current epoptes-client is excluded because it starts with /bin/sh.
270echo "pkill de $UID"
271pkill -U $UID -f '^epoptes-client$'
272
273# Remember the stdout descriptor to use it in the second phase.
274# stdio will be redirected to the server, but stderr will be kept in the
275# local console, to avoid possible noise from applications started in the
276# background.
277# If the callee needs to grab stderr, it can use `cmd 2>&1`.
278exec 5>&1
279
280# Bash supports launching a program with a different zeroth argument,
281# this makes pgrep'ing for epoptes-client easier.
282cmdline='bash -c \"exec -a epoptes-client sh\"'
283
284# Offer an lts.conf (or environment) variable to disable cert verification.
285if my_boolean_is_true "${EPOPTES_CLIENT_VERIFY_CERTIFICATE:-True}"; then
286    cert_param="cafile=/etc/epoptes/server.crt"
287else
288    cert_param="verify=0"
289fi
290
291# Connect to the server, or keep retrying until the server gets online
292# (for standalone workstations booted before the server).
293RUN=1
294salida(){
295        RUN=0
296        echo "Estoy en la funcion de SALIDA de $USER" >> /tmp/epoptes.txt
297        date >> /tmp/epoptes.txt
298        echo "Quiero matar el proceso $BASHPID" >> /tmp/epoptes.txt
299        #kill -9 $BASHPID
300}
301echo "RUN = $RUN"
302test_conn(){
303    if [ -z ${LTSP_CLIENT} ]; then
304        echo "Testeando la funcion CONN $USER">> /tmp/epoptes.txt
305        #exit 0
306        #RUN=0
307        return 0
308    fi
309    ping -c 2 ${LTSP_CLIENT}
310    if [ $? -eq 0 ]; then
311        echo "Estamos en if del ping -c">> /tmp/epoptes.txt
312        exit 0
313    fi
314    echo "vamos a salida">> /tmp/epoptes.txt
315    salida
316}
317
318trap salida KILL TERM QUIT INT STOP EXIT
319
320if [ -s /etc/epoptes/server.crt ] || [ "$cert_param" = "verify=0" ]; then
321   echo "Dentro del if antes del while 1 del usuario $USER" >> /tmp/epoptes.txt
322   while [ ${RUN} -eq 1 ] && sleep 1; do
323        ALIVE=$(ps ax|grep $PPID|grep -v grep|wc -l)
324        echo "Dentro del While porque el RUN es $RUN para usuario $USER">> /tmp/epoptes.txt
325        echo "Haciendo el wait.....Ahora nop" >> /tmp/epoptes.txt
326        USERS_SOCAT_POST=`ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" | awk '{print $2}' | uniq | wc -l `
327        echo "Calculado el USERS_SOCAT_POST: $USERS_SOCAT_POST" >> /tmp/epoptes.txt
328        if (("$USERS_SOCAT_POST" < 3 )) || [[ "$MATCH" == "ligero" ]]; then
329                echo "-----SOCAT se va a ejecutar para el usuario: $USER -----">> /tmp/epoptes.txt
330                echo 'socat openssl-connect:$SERVER:$PORT,$cert_param,interval=60,forever EXEC:"$cmdline",sigint,sigquit,sigterm' >> /tmp/epoptes.txt
331                socat openssl-connect:$SERVER:$PORT,$cert_param,interval=60,forever EXEC:"$cmdline",sigint,sigquit
332                echo "Muere el SOCAT de $USER: ">> /tmp/epoptes.txt
333                date >> /tmp/epoptes.txt
334        fi
335       
336        if [ "x${ALIVE}" != "x1" ]; then 
337                echo "Se aborta el script para el usuario $USER debido al AlIVE">> /tmp/epoptes.txt
338                exit 1
339        fi
340        echo "Paso del ALIVE y continuo porque RUN: $RUN del usuario $USER">> /tmp/epoptes.txt
341        test_conn
342        SESSION_GNOME=`ps aux | grep gnome-session | wc -l `
343        if (("$SESSION_GNOME" < 2 )); then
344                date >> /tmp/epoptes.txt
345                echo "La sesion no esta activa me quedo en la sesion SESSION_GNOME: $SESSION_GNOME modifico el RUN" >> /tmp/epoptes.txt
346                RUN=0
347        fi
348    done;
349elif [ -f /etc/epoptes/server.crt ]; then
350        echo "Antes del while2 del user: $USER" >> /tmp/epoptes.txt
351    while [ ${RUN} -eq 1 ] && sleep 1; do
352        ALIVE=$(ps ax|grep $PPID|grep -v grep|wc -l)
353        socat tcp:$SERVER:$PORT,interval=60,forever EXEC:"$cmdline",nofork
354        if [ "x${ALIVE}" != "x1" ]; then 
355            exit 1
356        fi
357        echo "RUN en ELIF es $RUN del usuario $USER">> /tmp/epoptes.txt
358        test_conn
359    done;
360else
361        echo "en el else del usuario $USER">> /tmp/epoptes.txt
362    $0 -c
363    exec $0
364fi
365echo "____________FIN_______SCRIPT____________">> /tmp/epoptes.txt
Note: See TracBrowser for help on using the repository browser.