source: epoptes/trunk/fuentes/epoptes-client/epoptes-client @ 4095

Last change on this file since 4095 was 4095, checked in by daduve, 3 years ago

Fix bug writing log

  • Property svn:executable set to *
File size: 12.1 KB
Line 
1#!/bin/bash
2
3###########################################################################
4# Connects to a remote server and offers it a local shell.
5# Usage: epoptes [server] [port]
6#
7# Copyright (C) 2010-2012 Alkis Georgopoulos <alkisg@gmail.com>
8#
9# This program is free software: you can redistribute it and/or modify
10# it under the terms of the GNU General Public License as published by
11# the Free Software Foundation, either version 3 of the License, or
12# (at your option) any later version.
13#
14# This program is distributed in the hope that it will be useful,
15# but WITHOUT ANY WARRANTY; without even the implied warranty of
16# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17# GNU General Public License for more details.
18#
19# You should have received a copy of the GNU General Public License
20# along with this program.  If not, see <http://www.gnu.org/licenses/>.
21#
22# On Debian GNU/Linux systems, the complete text of the GNU General
23# Public License can be found in `/usr/share/common-licenses/GPL'.
24###########################################################################
25
26# epoptes-client may be called either as root, to control the client, or as a
27# user, to control the user session.
28# As root, epoptes-client starts from if-up.d on standalone clients.
29# Unfortunately, thin and fat clients don't get if-up.d events, so just for
30# this case we're using a helper sysvinit script.
31# As a user, epoptes-client runs from /etc/xdg/autostart.
32# Users can cancel that from their System > Preferences > Services gnome menu.
33VERSION=$(lliurex-version)
34LOG_EPOPTES="/tmp/.epoptes_log.txt"
35echo "$VERSION" >> $LOG_EPOPTES
36discover() {
37        echo "  - Dentro de funcion discover -  " >> $LOG_EPOPTES
38        echo >> $LOG_EPOPTES
39        MATCH=""
40        if [[ "$VERSION" == *server* ]]
41        then
42                LIGHT=` echo "$DISPLAY" | cut -d ":" -f1`
43                if [[ -z "$LIGHT" ]]; then
44                        MATCH="servidor"
45                else
46                        MATCH="ligero"
47                fi
48        else
49                if grep "client" /tmp/.epoptes.txt > /dev/null
50                then
51                        if [[ -z "$LTSP_FATCLIENT" ]]; then
52                                MATCH="Pesado"
53                        else
54                                MATCH="Semiligero"
55                        fi
56                fi
57        fi
58        echo >> $LOG_EPOPTES
59        echo "** Soy un $MATCH **" >> $LOG_EPOPTES
60        echo >> $LOG_EPOPTES
61} 
62
63
64
65die() {
66    echo "epoptes-client ERROR: $@" >&2
67    exit 1
68}
69
70# The "boolean_is_true" name is used as a sentinel that prevents ltsp_config
71# from sourcing ltsp_common_functions. So we're using a different name.
72my_boolean_is_true() {
73    case "$1" in
74       # match all cases of true|y|yes
75       [Tt][Rr][Uu][Ee]|[Yy]|[Yy][Ee][Ss]) return 0 ;;
76       *) return 1 ;;
77    esac
78}
79
80# Return true if we're in a chroot.
81chrooted() {
82    # The result is cached in a variable with the same name as the function :P
83    test -n "$chrooted" && return "$chrooted"
84    test -n "$UID" || UID=$(id -u)
85    if [ "$UID" -gt 0 ]; then
86        chrooted=1
87    elif [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]
88    then
89        # the devicenumber/inode pair of / is the same as that of /sbin/init's
90        # root, so we're *not* in a chroot and hence return false.
91        chrooted=1
92    else
93        chrooted=0
94    fi
95    return "$chrooted"
96}
97
98# Get $UID and $TYPE of the client, and the default $SERVER and $PORT.
99basic_info() {
100    test -n "$UID" || UID=$(id -u)
101
102    # We temporarily need LTSP_CLIENT and LTSP_FATCLIENT to decide TYPE.
103    # Unfortunately, when epoptes-client is ran as a system service, they're
104    # not in our environment, and we need to source ltsp_config.
105    # But we don't want to pollute the environment with any of its other vars.
106    if [ "$UID" -eq 0 ] && [ -f /usr/share/ltsp/ltsp_config ] && ! chrooted &&
107        egrep -qs 'ltsp|nfs|nbd' /proc/cmdline
108    then
109        export $(
110            . /usr/share/ltsp/ltsp_config >/dev/null
111            echo "LTSP_CLIENT=$LTSP_CLIENT"
112            echo "LTSP_FATCLIENT=$LTSP_FATCLIENT"
113            echo "EPOPTES_CLIENT_VERIFY_CERTIFICATE=$EPOPTES_CLIENT_VERIFY_CERTIFICATE")
114        # LTSP_CLIENT may not be available in system sesssions, if so fake it
115        LTSP_CLIENT=${LTSP_CLIENT:-127.0.0.1}
116    fi
117
118    # LTSP_FATCLIENT may not be available in user sessions, autodetect it
119    if [ -n "$LTSP_CLIENT" ] && [ -z "$LTSP_FATCLIENT" ] &&
120        [ "$UID" -gt 0 ] && [ -x /usr/bin/getltscfg ] &&
121        egrep -qs 'ltsp|nfs|nbd' /proc/cmdline
122    then
123        LTSP_FATCLIENT=True
124    fi
125
126    if my_boolean_is_true "$LTSP_FATCLIENT"; then
127        TYPE="fat"
128    elif [ -n "$LTSP_CLIENT" ]; then
129        TYPE="thin"
130    else
131        TYPE="standalone"
132    fi
133
134    if ( [ "$TYPE" = "thin" ] && [ "$UID" -gt 0 ] ) || chrooted; then
135        SERVER=localhost
136    else
137        SERVER=server
138    fi
139    PORT=789
140
141    export UID TYPE SERVER PORT
142}
143
144fetch_certificate()
145{
146    test "$UID" -eq 0 || die "Need to be root to fetch the certificate"
147    mkdir -p /etc/epoptes
148    openssl s_client -connect $SERVER:$PORT < /dev/null \
149        | sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d' \
150        > /etc/epoptes/server.crt
151    if [ -s /etc/epoptes/server.crt ]; then
152        echo "Successfully fetched certificate from $SERVER:$PORT"
153        exit 0
154    else
155        die "Failed to fetch certificate from $SERVER:$PORT"
156    fi
157}
158
159
160# Main.############################################
161
162if [ ! -f $LOG_EPOPTES ]; then
163        touch $LOG_EPOPTES
164fi
165chmod 777 $LOG_EPOPTES
166
167echo "">> $LOG_EPOPTES
168echo "*******DEPURANDO SCRIPT /USR/SBIN/EPOPTES PARA EL *************    USUARIO : $USER      ******">> $LOG_EPOPTES
169echo "">> $LOG_EPOPTES
170date >> $LOG_EPOPTES
171echo "">> $LOG_EPOPTES
172discover
173echo "*************** Presesion Lightdm ************"  >> $LOG_EPOPTES
174ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" >> $LOG_EPOPTES
175USERS_SOCAT=`ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" | awk '{print $2}' | uniq | wc -l `
176echo "USERS_SOCAT = $USERS_SOCAT">> $LOG_EPOPTES;
177if [[ "$MATCH" != ligero  ]]; then
178        if (("$USERS_SOCAT" > 2 )); then
179                echo "Estoy dentro del if matando procesos.......">> $LOG_EPOPTES
180                for i in `ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v grep | awk '{print $2}' | uniq`; do
181                        echo "Dentro del FOR para .......">> $LOG_EPOPTES
182                        ps -aux | grep $i >> $LOG_EPOPTES
183                        echo "Matando el proceso $i"  >> $LOG_EPOPTES
184                        kill -9 $i >> $LOG_EPOPTES
185                done
186        fi
187fi
188
189echo "_________MAIN_____________">> $LOG_EPOPTES
190
191
192export VERSION="0.5.7" # Automatically updated by mkdst
193
194# Check the first parameter as it may turn out we don't need to run at all
195case "$1" in
196    -v|--version)
197        echo "$VERSION"
198        exit
199        ;;
200    -h|--help)
201        if [ -x /usr/bin/man ]; then
202            exec man epoptes-client
203        else
204            echo "Usage: $0 [-c|-h|-v] [SERVER] [PORT]"
205            exit 0
206        fi
207        ;;
208    -c|--certificate)
209        need_certificate=true
210        shift
211        ;;
212esac
213
214# When called from /etc/xdg/autostart, /sbin is not in the system path.
215PATH="$PATH:/sbin:/usr/sbin"
216
217# When launched as a service, LANG might not be set.
218if [ -z "$LANG" ] && [ -r /etc/default/locale ]; then
219    . /etc/default/locale
220    export LANG
221fi
222
223basic_info
224echo "Capturo basic info UID:$UID TYPE:$TYPE SERVER:$SERVER PORT:$PORT">> $LOG_EPOPTES
225# The configuration file overrides the default values
226if [ -f /etc/default/epoptes-client ]; then
227    . /etc/default/epoptes-client
228fi
229# And the command line parameters override the configuration file
230export SERVER=${1:-$SERVER}
231export PORT=${2:-$PORT}
232
233# Provide an easy way to fetch the server certificate
234test -n "$need_certificate" && fetch_certificate
235
236# We don't want the epoptes-client system service running on the epoptes server
237if ( [ $UID -eq 0 ] && [ $TYPE = "standalone" ] && [ -x /usr/bin/epoptes ] ) ||
238    chrooted
239then
240    lliurex-version -t client || exit 0
241fi
242
243# Go to the scripts directory, so that we can run them with ./xxx
244cd $(dirname "$0")
245if [ -d ../epoptes-client ]; then
246    cd ../epoptes-client
247else
248    cd /usr/share/epoptes-client
249fi
250
251# Source the lsb init functions, for log_begin_msg.
252# Unfortunately it seems that Centos and Fedora don't have that file.
253if [ -f /lib/lsb/init-functions ]; then
254    . /lib/lsb/init-functions
255else
256    alias log_begin_msg="echo -n"
257fi
258log_begin_msg "Epoptes-client connecting to $SERVER:$PORT..."
259echo "Epoptes-client connecting to $SERVER:$PORT..."
260# Call chain:
261#  * if-up.d executes /usr/sbin/epoptes-client
262#  * then socat is called
263#  * after a successful connection, socat exec's /bin/sh
264#  * and the daemon sends /usr/share/epoptes/client-functions to that shell
265
266# Kill all ghost instances of epoptes-client of the same user.
267# That may happen if network connectivity is lost for a while.
268# Standalone workstations don't hang if the network is down, and nbd might cope
269# with that for LTSP clients, but epoptes kills disconnected epoptes-clients.
270# The current epoptes-client is excluded because it starts with /bin/sh.
271echo "pkill de $UID"
272pkill -U $UID -f '^epoptes-client$'
273
274# Remember the stdout descriptor to use it in the second phase.
275# stdio will be redirected to the server, but stderr will be kept in the
276# local console, to avoid possible noise from applications started in the
277# background.
278# If the callee needs to grab stderr, it can use `cmd 2>&1`.
279exec 5>&1
280
281# Bash supports launching a program with a different zeroth argument,
282# this makes pgrep'ing for epoptes-client easier.
283cmdline='bash -c \"exec -a epoptes-client sh\"'
284
285# Offer an lts.conf (or environment) variable to disable cert verification.
286if my_boolean_is_true "${EPOPTES_CLIENT_VERIFY_CERTIFICATE:-True}"; then
287    cert_param="cafile=/etc/epoptes/server.crt"
288else
289    cert_param="verify=0"
290fi
291
292# Connect to the server, or keep retrying until the server gets online
293# (for standalone workstations booted before the server).
294RUN=1
295salida(){
296        RUN=0
297        echo "Estoy en la funcion de SALIDA de $USER" >> $LOG_EPOPTES
298        date >> $LOG_EPOPTES
299        echo "Quiero matar el proceso $BASHPID" >> $LOG_EPOPTES
300        #kill -9 $BASHPID
301}
302echo "RUN = $RUN"
303test_conn(){
304    if [ -z ${LTSP_CLIENT} ]; then
305        echo "Testeando la funcion CONN $USER">> $LOG_EPOPTES
306        #exit 0
307        #RUN=0
308        return 0
309    fi
310    ping -c 2 ${LTSP_CLIENT}
311    if [ $? -eq 0 ]; then
312        echo "Estamos en if del ping -c">> $LOG_EPOPTES
313        exit 0
314    fi
315    echo "vamos a salida">> $LOG_EPOPTES
316    salida
317}
318
319trap salida KILL TERM QUIT INT STOP EXIT
320
321if [ -s /etc/epoptes/server.crt ] || [ "$cert_param" = "verify=0" ]; then
322   echo "Dentro del if antes del while 1 del usuario $USER" >> $LOG_EPOPTES
323   while [ ${RUN} -eq 1 ] && sleep 1; do
324        ALIVE=$(ps ax|grep $PPID|grep -v grep|wc -l)
325        echo "Dentro del While porque el RUN es $RUN para usuario $USER">> $LOG_EPOPTES
326        echo "Haciendo el wait.....Ahora nop" >> $LOG_EPOPTES
327        USERS_SOCAT_POST=`ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" | awk '{print $2}' | uniq | wc -l `
328        echo "Calculado el USERS_SOCAT_POST: $USERS_SOCAT_POST" >> $LOG_EPOPTES
329        if (("$USERS_SOCAT_POST" < 3 )) || [[ "$MATCH" == "ligero" ]]; then
330                echo "-----SOCAT se va a ejecutar para el usuario: $USER -----">> $LOG_EPOPTES
331                echo 'socat openssl-connect:$SERVER:$PORT,$cert_param,interval=60,forever EXEC:"$cmdline",sigint,sigquit,sigterm' >> $LOG_EPOPTES
332                socat openssl-connect:$SERVER:$PORT,$cert_param,interval=60,forever EXEC:"$cmdline",sigint,sigquit
333                echo "Muere el SOCAT de $USER: ">> $LOG_EPOPTES
334                date >> $LOG_EPOPTES
335        fi
336       
337        if [ "x${ALIVE}" != "x1" ]; then
338                echo "Se aborta el script para el usuario $USER debido al AlIVE">> $LOG_EPOPTES
339                exit 1
340        fi
341        echo "Paso del ALIVE y continuo porque RUN: $RUN del usuario $USER">> $LOG_EPOPTES
342        test_conn
343        SESSION_GNOME=`ps aux | grep gnome-session | wc -l `
344        if (("$SESSION_GNOME" < 2 )); then
345                date >> $LOG_EPOPTES
346                echo "La sesion no esta activa me quedo en la sesion SESSION_GNOME: $SESSION_GNOME modifico el RUN" >> $LOG_EPOPTES
347                RUN=0
348        fi
349    done;
350elif [ -f /etc/epoptes/server.crt ]; then
351        echo "Antes del while2 del user: $USER" >> $LOG_EPOPTES
352    while [ ${RUN} -eq 1 ] && sleep 1; do
353        ALIVE=$(ps ax|grep $PPID|grep -v grep|wc -l)
354        socat tcp:$SERVER:$PORT,interval=60,forever EXEC:"$cmdline",nofork
355        if [ "x${ALIVE}" != "x1" ]; then
356            exit 1
357        fi
358        echo "RUN en ELIF es $RUN del usuario $USER">> $LOG_EPOPTES
359        test_conn
360    done;
361else
362        echo "en el else del usuario $USER">> $LOG_EPOPTES
363    $0 -c
364    exec $0
365fi
366echo "____________FIN_______SCRIPT____________">> $LOG_EPOPTES
Note: See TracBrowser for help on using the repository browser.