source: flash-java-insecure-perms/trunk/fuentes/flash-java-insecure-perms/usr/bin/flash-java-insecure-perms @ 2708

Last change on this file since 2708 was 2708, checked in by mabarracus, 4 years ago

Add new settings

  • Property svn:executable set to *
File size: 6.8 KB
Line 
1#!/bin/bash
2#0 = autosize
3HEIGHT=0
4WIDTH=0
5LIST_HEIGHT=0
6
7
8ICED=$(which itweb-settings)
9KEYTOOL=$(which keytool)
10IAM=$(id -u)
11MYNAME=$(id -un)
12
13if [ "${IAM}" = "0" ]; then
14    USERS=$(getent passwd |cut -d: -f4|sort -h|uniq|egrep ^[0-9]{4}|xargs -n1 getent passwd|cut -d: -f1)
15    if [ "x$1" = "xinstall" ]; then
16
17        OLDIFS=$IFS;
18        IFS=$'\n'
19        for x in ${USERS} ; do 
20            #str+=( $(printf '%10.10s' $x) $(printf '%30.30s' " ") $(printf '%10.10s' "on"))
21            str+=( $x  " " off )
22        done
23
24        DIALOG=$(whiptail --separate-output --title "Users selection" --checklist "Select users to modify flash/java settings" $HEIGHT $WIDTH $LIST_HEIGHT ${str[@]} 3>&1 1>&2 2>&3)
25        ret=$?
26
27        IFS=$OLDIFS;
28   
29        if [ $ret != 0 ]; then
30        echo Canceled!
31        fi
32    fi
33else
34    USERS=${MYNAME}
35    DIALOG=${MYNAME}
36fi
37
38CERTPATHS=".config/icedtea-web/security .java/deployment/security"
39DONE=0
40if [ "x$1" = "xinstall" ]; then
41
42for user in ${DIALOG}; do
43    DATE=$(date '+%Y%m%d%H%M%S')
44
45    if [ ! -f "/home/$user/.config/unsec_settings_on" ]; then
46        # JAVA
47        if [ ! -z "${ICED}" ]; then
48            if [ "${IAM}" = "0" ];then
49                sudo su $user bash -c "${ICED} -headless set deployment.security.level ALLOW_UNSIGNED" 
50            else
51                ${ICED} -headless set deployment.security.level ALLOW_UNSIGNED
52            fi
53        fi
54        for cert in $(find /usr/share/flash-java-insecure-perms/ -name '*.cert');do 
55            certname=$(basename ${cert%%.cert})
56            #echo Importing into trusted.certs ${certname}.cert
57            for certpath in ${CERTPATHS}; do 
58                if [ ! -f "/home/$user/${certpath}/trusted.certs" ]; then
59                    mkdir -p /home/$user/${certpath}
60                    ${KEYTOOL} -genkey -alias recursos -keyalg RSA -keystore /home/$user/${certpath}/trusted.certs -keypass changeit -storepass changeit -keysize 2048 -dname "CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" > /dev/null 2> /dev/null
61                    ${KEYTOOL} -delete -alias recursos -keystore /home/$user/${certpath}/trusted.certs -storepass changeit > /dev/null 2> /dev/null
62                    if [ "${IAM}" = "0" ]; then
63                        chown -R ${user}:${user} /home/$user/${certpath}/
64                    fi
65                fi
66                $KEYTOOL -importcert -trustcacerts -storepass "changeit" -keystore /home/$user/${certpath}/trusted.certs -file ${cert} -alias ${certname} -noprompt > /dev/null 2> /dev/null
67            done
68        done
69        #FLASH
70        if [ ! -d "/home/$user/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys" ]; then
71            mkdir -p /home/$user/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys
72        fi
73        if [ ! -d "/home/$user/.macromedia/Flash_Player/#Security/FlashPlayerTrust" ]; then
74            mkdir -p "/home/$user/.macromedia/Flash_Player/#Security/FlashPlayerTrust"
75        fi
76        if [ -f "/home/$user/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol" ]; then
77            mv /home/$user/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol /home/$user/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings-${DATE}.sol
78        fi
79        if [ -f "/home/$user/.macromedia/Flash_Player/#Security/FlashPlayerTrust/recursos.cfg" ]; then
80            mv "/home/$user/.macromedia/Flash_Player/#Security/FlashPlayerTrust/recursos.cfg" "/home/$user/.macromedia/Flash_Player/#Security/FlashPlayerTrust/recursos-${DATE}.cfg"
81        fi
82        cp /usr/share/flash-java-insecure-perms/settings.sol /home/$user/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys
83        cp /usr/share/flash-java-insecure-perms/recursos.cfg "/home/$user/.macromedia/Flash_Player/#Security/FlashPlayerTrust/recursos.cfg"
84        chown -R ${user}:${user} /home/$user/.macromedia
85        touch /home/$user/.config/unsec_settings_on
86        #FIREFOX
87        if [ ! -d "/home/$user/.mozilla" ]; then 
88            mkdir -p /home/$user/.mozilla
89            if [ "${IAM}" = "0" ]; then
90                chown -R ${user}:${user} /home/$user/.mozilla
91                sudo su $user bash -c "firefox" &
92            else
93                firefox &
94            fi
95            sleep 2
96        fi
97        $(pkill -u $user --signal 9 firefox >/dev/null 2>/dev/null) >/dev/null 2>/dev/null
98        for pref in $(find /home/$user/.mozilla -name 'prefs.js'); do
99            sed -i -r 's%.*plugin\.state\.java.*%%' $pref
100            sed -i -r 's%.*plugin\.state\.flash.*%%' $pref
101            sed -i -r 's%.*plugins\.click_to_play.*%%' $pref
102            sed -i -r 's%.*plugins\.hide_infobar_for_outdated_plugin.*%%' $pref
103            sed -i -r 's%.*extensions\.blocklist\.enabled.*%%' $pref
104            # USE ECHO WHEN THERE ISN'T SOME SETTING INTO FILE
105            echo 'user_pref("plugin.state.java",2);' >> $pref
106            echo 'user_pref("plugin.state.flash",2);' >> $pref
107            echo 'user_pref("plugins.click_to_play",false);' >> $pref
108            echo 'user_pref("plugins.hide_infobar_for_outdated_plugin",true);' >> $pref
109            echo 'user_pref("extensions.blocklist.enabled",false);' >> $pref
110        done
111    else
112            echo Already configured!
113    fi
114done
115
116DONE=1
117fi
118
119if [ "x$1" = "xdeinstall" ]; then
120
121    for user in ${USERS}; do
122        if [ -f "/home/$user/.config/unsec_settings_on" ]; then
123            echo Deconfiguring $user!
124            #FLASH
125            file1=$(find /home/$user/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys -maxdepth 1 -name '*.sol'|grep 'settings-'|sort -h|uniq|head -1)
126            if [ ! -z "$file1" ]; then
127                mv $file1 /home/$user/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol
128            fi
129            if [ -f "/home/$user/.macromedia/Flash_Player/#Security/FlashPlayerTrust/recursos.cfg" ]; then 
130                rm -f "/home/$user/.macromedia/Flash_Player/#Security/FlashPlayerTrust/recursos.cfg"
131            fi
132            #JAVA
133            if [ ! -z "${ICED}" ]; then
134                if [ "${IAM}" = "0" ];then
135                    sudo su $user bash -c "${ICED} -headless reset deployment.security.level" 
136                else
137                    ${ICED} -headless reset deployment.security.level
138                fi
139            fi
140            for cert in $(find /usr/share/flash-java-insecure-perms/ -name '*.cert');do 
141                certname=$(basename ${cert%%.cert})
142                #echo Deleting ${certname}.cert from trusted.certs
143                for certpath in ${CERTPATHS}; do 
144                    if [ -f "/home/$user/${certpath}/trusted.certs" ]; then
145                        $KEYTOOL -delete -storepass "changeit" -keystore /home/$user/${certpath}/trusted.certs -alias ${certname} > /dev/null 2> /dev/null
146                    fi
147                done
148            done
149            rm /home/$user/.config/unsec_settings_on
150            $(pkill -u $user --signal 9 firefox  >/dev/null 2>/dev/null) >/dev/null 2>/dev/null
151            for pref in $(find /home/$user/.mozilla -name 'prefs.js'); do
152                sed -i -r 's%.*plugin\.state\.java.*%user_pref("plugin.state.java",1);%' $pref
153                sed -i -r 's%.*plugin\.state\.flash.*%user_pref("plugin.state.flash",1);%' $pref
154                sed -i -r 's%.*plugins\.click_to_play.*%user_pref("plugins.click_to_play",true);%' $pref
155                sed -i -r 's%.*plugins\.hide_infobar_for_outdated_plugin.*%user_pref("plugins.hide_infobar_for_outdated_plugin",false);%' $pref
156                sed -i -r 's%.*extensions\.blocklist\.enabled.*%user_pref("extensions.blocklist.enabled",true);%' $pref
157            done
158        fi
159    done
160DONE=1
161fi
162
163if [ ${DONE} -eq 0 ]; then
164    echo "$(basename $0) help"
165    echo "$(basename $0) [ install | deinstall ]"
166    echo "Changes permission to allow some educational resources with java/flash"
167fi
Note: See TracBrowser for help on using the repository browser.