source: lmd-client/trunk/fuentes/install/usr/share/ldm/rc.d.diversions/X01-localapps.lliurex @ 2815

Last change on this file since 2815 was 2815, checked in by hectorgh, 3 years ago

adding samba mount support instead of sshfs

File size: 9.8 KB
Line 
1#!/bin/bash
2#
3# The following is a script to set up local apps support on LTSP through LDM
4#
5
6# This hook modifies /etc/group and /etc/passwd directly with user/group
7# information gathered from the server.
8
9# This will enable us to easily bypass the need for setting up local user
10# authentication, and instead leverage the authentication already set up on
11# the server.
12
13if boolean_is_true "$LOCAL_APPS" || boolean_is_true "$LTSP_FATCLIENT"; then
14
15    # Set up local uids/gids
16
17    LOCALAPPS_CACHE=/var/cache/ltsp-localapps
18    export LOCALAPPS_CACHE
19    mkdir -p ${LOCALAPPS_CACHE} 2>/dev/null
20
21    # Copy /etc/passwd and /etc/group to cache if it does not exist (should only happen on first login)
22    for i in passwd group; do
23        if [ ! -e "${LOCALAPPS_CACHE}/${i}" ]; then
24            cp /etc/${i} "${LOCALAPPS_CACHE}/${i}"
25        else
26            cp "${LOCALAPPS_CACHE}/${i}" /etc/${i}
27        fi
28    done
29
30    # Get logged in username if not set
31    [ -z "$LDM_USERNAME" ] && LDM_USERNAME=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} 'echo ${USER}')
32
33    # Get passwd info *just* for that user
34    ssh -S ${LDM_SOCKET} ${LDM_SERVER} "/usr/bin/getent passwd ${LDM_USERNAME}" | sed -e "s/${LDM_USERNAME}/${LDM_USERNAME}/i" >>/etc/passwd
35
36    # Get all group info and copy to COMBINED_GROUP
37    COMBINED_GROUP=${LOCALAPPS_CACHE}/group.combined
38    cp /etc/group ${COMBINED_GROUP}
39    ssh -S ${LDM_SOCKET} ${LDM_SERVER} "/usr/bin/getent group" >> ${COMBINED_GROUP}
40
41    # Get the system groups that the user belongs to, so we can add him back in
42    myGroups=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} /usr/bin/getent group|egrep "[,:]${LDM_USERNAME}(,|$)"|cut -d: -f1| tr '\n' ',' | sed -e 's/,$//g')
43
44    # (/usr/bin/id is only needed because getent evidently does not return groups
45    # added by pam_group (bug in pam_group?)
46
47    myGroups1=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} LANG=C LANGUAGE=C /usr/bin/id | sed -e 's/^.*groups=//' -e 's/) .*$/)/'|cut -d= -f2|sed -e 's/[0-9]*(//g' -e 's/)//g')
48
49    # concatenate groups from different sources, stripping off prefixed and
50    # trailing commas
51    myGroups=$(echo ${myGroups},${myGroups1} | sed -e 's/^,//g' -e 's/,$//g')
52
53    # Get the user's groups specifically (in case they weren't returned by "getent group")
54    myGroups_quoted=$(echo $myGroups | sed -e "s/^/\\\'/" -e "s/$/\\\'/" -e "s/,/\\\' \\\'/g")
55    ssh -S ${LDM_SOCKET} ${LDM_SERVER} LANG=C eval getent group ${myGroups_quoted} >> ${COMBINED_GROUP}
56    unset myGroups_quoted
57
58    # Now, some groups may have different gids on the server than the client chroot
59    # So, let's prune out all the dups
60    TMPGROUP="${LOCALAPPS_CACHE}/tmpgroup"
61    [ -f "${TMPGROUP}" ] && rm ${TMPGROUP}
62    gnames=""
63    gids=""
64    # those 2 variables are there because if group is rejected because of the gid we need to create this group.
65    dgnames=""
66    ngids=""
67
68    oldifs="${IFS-not set}"
69    IFS=":"
70    while read gname gpass gid gusers; do
71        match=
72        case $gnames in
73            *:"$gname":*|*:"$gname") 
74                # group name present in the list of groups already processed.
75                match=1
76                case $gusers in
77                    "$LDM_USERNAME"|*,"$LDM_USERNAME",*|*,"$LDM_USERNAME"|"$LDM_USERNAME",*) 
78                        dgnames="$dgnames $gname,"
79                        ;;
80                esac
81                ;;
82        esac
83        case $gids in
84            *:"$gid":*|*:"$gid") 
85                # gid present in the list of gids already processed.
86                match=1
87                case $gusers in
88                    "$LDM_USERNAME"|*,"$LDM_USERNAME",*|*,"$LDM_USERNAME"|"$LDM_USERNAME",*) 
89                        ngids="$ngids $gname,"
90                        ;;
91                esac
92                ;;
93        esac
94        if [ -z "$match" ]; then
95            echo "$gname:$gpass:$gid:$gusers" >>${TMPGROUP}
96            gnames="$gnames:$gname"
97            gids="$gids:$gid"
98        fi
99    done < ${COMBINED_GROUP}
100    test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
101    # cleanup
102    dgnames=$(echo ${dgnames} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
103    ngids=$(echo ${ngids} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
104    tocreate=""
105    oldifs="${IFS-not set}"
106    IFS=,
107    for e in $ngids; do
108        match=
109        for f in $dgnames; do
110            if [ "$e" = "$f" ]; then
111                match=1
112            fi
113        done
114        if [ -z "$match" ]; then
115            tocreate="$tocreate $e,"
116        fi
117    done
118    tocreate=$(echo ${tocreate} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//' | sed 's/^[[:blank:]]*//g')
119    test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
120
121    cp ${TMPGROUP} /etc/group
122    chmod 644 /etc/group
123
124
125    if [ -n "$myGroups" ]; then
126        if /usr/bin/test -w /etc ; then
127            oldifs="${IFS-not set}"
128            IFS=,
129            for ngroup in $tocreate; do
130                ngroup=$(echo ${ngroup} | sed -e 's/ /\\\ /g') # FIXME: Problem with AD. Space not permited here.
131                groupadd -r ${ngroup}
132            done
133            test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
134            for group in $(echo ${myGroups} | tr ',' '\n' | sort -u); do
135                /usr/sbin/usermod -a -G $group "${LDM_USERNAME}" 2>/dev/null
136            done
137        else
138            # FIXME: maybe add system groups: $tocreate into /etc/group
139            # Read-only /etc cannot use usermod
140            myGroups=$(echo ${myGroups} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
141            oldifs="${IFS-not set}"
142            IFS=,
143            cp /etc/group $TMPGROUP
144            for group in $myGroups ; do
145                # add user to each group manually
146                line="$(egrep ^${group}: $TMPGROUP | egrep -v [:,]${LDM_USERNAME}'(,|$)' )"
147                if [ -n "$line" ]; then
148                    # add the user to the group
149                    sed -i -e "s/^$line/$line,${LDM_USERNAME}/g" -e 's/:,/:/g' $TMPGROUP
150                fi
151            done
152            cp $TMPGROUP /etc/group
153            test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
154        fi
155    fi
156
157    # Now, let's mount the home directory
158    oldifs="${IFS-not set}"
159    IFS=":"
160    export LDM_HOME=""
161    export USER_UID=""
162    export USER_GID=""
163    while read user pass uid gid gecos home shell ; do
164        # First, make the mountpoint
165        LDM_HOME="$home"
166        USER_UID="$uid"
167        USER_GID="$gid"
168        mkdir -p ${LDM_HOME}
169       
170        # LLIUREX HACK
171        rsync -ax /etc/skel/ ${LDM_HOME}
172        chown -R "$USER_UID":"$USER_GID" ${LDM_HOME}
173
174        if [ -n "${XAUTHORITY_DIR}" ]; then
175            chown "$USER_UID":"$USER_GID" ${XAUTHORITY_DIR}
176        fi
177    done <<EOF
178$(getent passwd "$LDM_USERNAME")
179EOF
180    test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
181
182    ## Maybe do this:
183    ## export HOME=${LOCALAPPS_CACHE}
184
185    if [ -z "$SSH_FOLLOW_SYMLINKS" ]; then
186        # By default, don't follow symlinks under $HOME for localapps, as
187        # that breaks some apps that try to create locks to other filesystems.
188        # But do follow symlinks for any extra mounts.
189        follow_extra_symlinks="follow_symlinks,"
190    elif boolean_is_true "$SSH_FOLLOW_SYMLINKS"; then
191        follow_home_symlinks="follow_symlinks,"
192        follow_extra_symlinks="follow_symlinks,"
193    fi
194    # If the user's home directory is not located in the root cow device, assume
195    # that it has already been mounted with other means, e.g. with FSTAB_x.
196    if [ "$(stat -c %m "$LDM_HOME")" != "/" ]; then
197        unset SSHFS_HOME
198    else
199        unset SSHFS_HOME
200
201
202      # Create Vars
203        GRP_USER="$(id -ng ${LDM_USERNAME})"
204        NET_HOME="/net/server-sync/home/${GRP_USER}/${LDM_USERNAME}"
205
206        ## OLD SSHFS MOUNT ## #######
207
208        #if [ ! -d "/net" ] ; then
209        #       mkdir /net
210        #fi
211       
212        #sshfs -o nonempty,${follow_home_symlinks}allow_other,ControlPath=${LDM_SOCKET} ${LDM_USERNAME}@${LDM_SERVER}:/net /net
213       
214               
215        ## ##################### ####
216
217    fi
218
219    # Mount other directories
220    if [ -n "${LOCAL_APPS_EXTRAMOUNTS}" ]; then
221        oldifs="${IFS-not set}"
222        IFS=","
223        for extradir in ${LOCAL_APPS_EXTRAMOUNTS}; do
224            mkdir -p "${extradir}"
225            sshfs -o "${follow_extra_symlinks}allow_other,nonempty,ControlPath=${LDM_SOCKET}" "${LDM_SERVER}:${extradir}" "${extradir}"
226        done
227        test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
228    fi
229
230    # /etc/cups is usually not shipped by the cups-client package, so attempt
231    # to create it (it might fail if bind mounts are used).
232    if [ ! -d /etc/cups ]; then
233        mkdir /etc/cups || true
234    fi
235
236    # if cups is installed in the chroot, use LDM_SERVER for printing,
237    # unless the user has enabled remote printer browsing via CUPS.
238    if [ -d /etc/cups ]; then
239        if [ -n "${CUPS_SERVER}" ]; then
240            echo "ServerName ${CUPS_SERVER}" > /etc/cups/client.conf
241        elif ! grep -qsi "^Browsing on" /etc/cups/cupsd.conf; then
242       
243            # LLIUREX CHANGES #
244           
245            IP=$(getent hosts server | awk '{print $1}')
246            if [ "$IP" != "" ]; then
247                echo "ServerName ${IP}" > /etc/cups/client.conf
248            else
249                echo "ServerName ${LDM_SERVER}" > /etc/cups/client.conf
250            fi
251   
252            # #
253       
254
255        fi
256    fi
257   
258    n4d-modules enable-plugin /etc/n4d/conf.d/TeacherShare || true
259
260    if boolean_is_true "$LTSP_FATCLIENT"; then
261
262            mkdir -p /run/$LDM_USERNAME/home
263            mkdir -p /run/$LDM_USERNAME/share
264            mkdir -p /run/$LDM_USERNAME/groups_share
265            mkdir -p /run/$LDM_USERNAME/teachers_share
266
267            mount //server/home /run/$LDM_USERNAME/home -o username=$LDM_USERNAME,password=$LDM_PASSWORD
268            mount //server/share /run/$LDM_USERNAME/share -o username=$LDM_USERNAME,password=$LDM_PASSWORD
269            mount //server/groups_share /run/$LDM_USERNAME/groups_share -o username=$LDM_USERNAME,password=$LDM_PASSWORD
270            mount //server/teachers_share /run/$LDM_USERNAME/teachers_share -o username=$LDM_USERNAME,password=$LDM_PASSWORD
271
272    fi
273
274    unset LDM_PASSWORD
275
276
277fi
Note: See TracBrowser for help on using the repository browser.