source: lmd-client/trunk/fuentes/install/usr/share/ldm/rc.d.diversions/X01-localapps.lliurex @ 512

Last change on this file since 512 was 512, checked in by mabarracus, 5 years ago

copy trusty code

File size: 10.1 KB
Line 
1#!/bin/bash
2#
3# The following is a script to set up local apps support on LTSP through LDM
4#
5
6# This hook modifies /etc/group and /etc/passwd directly with user/group
7# information gathered from the server.
8
9# This will enable us to easily bypass the need for setting up local user
10# authentication, and instead leverage the authentication already set up on
11# the server.
12
13if boolean_is_true "$LOCAL_APPS" || boolean_is_true "$LTSP_FATCLIENT"; then
14
15    # Set up local uids/gids
16
17    LOCALAPPS_CACHE=/var/cache/ltsp-localapps
18    export LOCALAPPS_CACHE
19    mkdir -p ${LOCALAPPS_CACHE} 2>/dev/null
20
21    # Copy /etc/passwd and /etc/group to cache if it does not exist (should only happen on first login)
22    for i in passwd group; do
23        if [ ! -e "${LOCALAPPS_CACHE}/${i}" ]; then
24            cp /etc/${i} "${LOCALAPPS_CACHE}/${i}"
25        else
26            cp "${LOCALAPPS_CACHE}/${i}" /etc/${i}
27        fi
28    done
29
30    # Get logged in username if not set
31    [ -z "$LDM_USERNAME" ] && LDM_USERNAME=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} 'echo ${USER}')
32
33    # Get passwd info *just* for that user
34    ssh -S ${LDM_SOCKET} ${LDM_SERVER} "/usr/bin/getent passwd ${LDM_USERNAME}" | sed -e "s/${LDM_USERNAME}/${LDM_USERNAME}/i" >>/etc/passwd
35
36    # Get all group info and copy to COMBINED_GROUP
37    COMBINED_GROUP=${LOCALAPPS_CACHE}/group.combined
38    cp /etc/group ${COMBINED_GROUP}
39    ssh -S ${LDM_SOCKET} ${LDM_SERVER} "/usr/bin/getent group" >> ${COMBINED_GROUP}
40
41    # Get the system groups that the user belongs to, so we can add him back in
42    myGroups=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} /usr/bin/getent group|egrep "[,:]${LDM_USERNAME}(,|$)"|cut -d: -f1| tr '\n' ',' | sed -e 's/,$//g')
43
44    # (/usr/bin/id is only needed because getent evidently does not return groups
45    # added by pam_group (bug in pam_group?)
46
47    myGroups1=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} LANG=C LANGUAGE=C /usr/bin/id | sed -e 's/^.*groups=//' -e 's/) .*$/)/'|cut -d= -f2|sed -e 's/[0-9]*(//g' -e 's/)//g')
48
49    # concatenate groups from different sources, stripping off prefixed and
50    # trailing commas
51    myGroups=$(echo ${myGroups},${myGroups1} | sed -e 's/^,//g' -e 's/,$//g')
52
53    # Get the user's groups specifically (in case they weren't returned by "getent group")
54    myGroups_quoted=$(echo $myGroups | sed -e "s/^/\\\'/" -e "s/$/\\\'/" -e "s/,/\\\' \\\'/g")
55    ssh -S ${LDM_SOCKET} ${LDM_SERVER} LANG=C eval getent group ${myGroups_quoted} >> ${COMBINED_GROUP}
56    unset myGroups_quoted
57
58    # Now, some groups may have different gids on the server than the client chroot
59    # So, let's prune out all the dups
60    TMPGROUP="${LOCALAPPS_CACHE}/tmpgroup"
61    [ -f "${TMPGROUP}" ] && rm ${TMPGROUP}
62    gnames=""
63    gids=""
64    # those 2 variables are there because if group is rejected because of the gid we need to create this group.
65    dgnames=""
66    ngids=""
67
68    oldifs="${IFS-not set}"
69    IFS=":"
70    while read gname gpass gid gusers; do
71        match=
72        case $gnames in
73            *:"$gname":*|*:"$gname") 
74                # group name present in the list of groups already processed.
75                match=1
76                case $gusers in
77                    "$LDM_USERNAME"|*,"$LDM_USERNAME",*|*,"$LDM_USERNAME"|"$LDM_USERNAME",*) 
78                        dgnames="$dgnames $gname,"
79                        ;;
80                esac
81                ;;
82        esac
83        case $gids in
84            *:"$gid":*|*:"$gid") 
85                # gid present in the list of gids already processed.
86                match=1
87                case $gusers in
88                    "$LDM_USERNAME"|*,"$LDM_USERNAME",*|*,"$LDM_USERNAME"|"$LDM_USERNAME",*) 
89                        ngids="$ngids $gname,"
90                        ;;
91                esac
92                ;;
93        esac
94        if [ -z "$match" ]; then
95            echo "$gname:$gpass:$gid:$gusers" >>${TMPGROUP}
96            gnames="$gnames:$gname"
97            gids="$gids:$gid"
98        fi
99    done < ${COMBINED_GROUP}
100    test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
101    # cleanup
102    dgnames=$(echo ${dgnames} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
103    ngids=$(echo ${ngids} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
104    tocreate=""
105    oldifs="${IFS-not set}"
106    IFS=,
107    for e in $ngids; do
108        match=
109        for f in $dgnames; do
110            if [ "$e" = "$f" ]; then
111                match=1
112            fi
113        done
114        if [ -z "$match" ]; then
115            tocreate="$tocreate $e,"
116        fi
117    done
118    tocreate=$(echo ${tocreate} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//' | sed 's/^[[:blank:]]*//g')
119    test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
120
121    cp ${TMPGROUP} /etc/group
122    chmod 644 /etc/group
123
124
125    if [ -n "$myGroups" ]; then
126        if /usr/bin/test -w /etc ; then
127            oldifs="${IFS-not set}"
128            IFS=,
129            for ngroup in $tocreate; do
130                ngroup=$(echo ${ngroup} | sed -e 's/ /\\\ /g') # FIXME: Problem with AD. Space not permited here.
131                groupadd -r ${ngroup}
132            done
133            test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
134            for group in $(echo ${myGroups} | tr ',' '\n' | sort -u); do
135                /usr/sbin/usermod -a -G $group "${LDM_USERNAME}" 2>/dev/null
136            done
137        else
138            # FIXME: maybe add system groups: $tocreate into /etc/group
139            # Read-only /etc cannot use usermod
140            myGroups=$(echo ${myGroups} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
141            oldifs="${IFS-not set}"
142            IFS=,
143            cp /etc/group $TMPGROUP
144            for group in $myGroups ; do
145                # add user to each group manually
146                line="$(egrep ^${group}: $TMPGROUP | egrep -v [:,]${LDM_USERNAME}'(,|$)' )"
147                if [ -n "$line" ]; then
148                    # add the user to the group
149                    sed -i -e "s/^$line/$line,${LDM_USERNAME}/g" -e 's/:,/:/g' $TMPGROUP
150                fi
151            done
152            cp $TMPGROUP /etc/group
153            test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
154        fi
155    fi
156
157    # Now, let's mount the home directory
158    oldifs="${IFS-not set}"
159    IFS=":"
160    export LDM_HOME=""
161    export USER_UID=""
162    export USER_GID=""
163    while read user pass uid gid gecos home shell ; do
164        # First, make the mountpoint
165        LDM_HOME="$home"
166        USER_UID="$uid"
167        USER_GID="$gid"
168        mkdir -p ${LDM_HOME}
169        chown "$USER_UID":"$USER_GID" ${LDM_HOME}
170        if [ -n "${XAUTHORITY_DIR}" ]; then
171            chown "$USER_UID":"$USER_GID" ${XAUTHORITY_DIR}
172        fi
173    done <<EOF
174$(getent passwd "$LDM_USERNAME")
175EOF
176    test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
177
178    ## Maybe do this:
179    ## export HOME=${LOCALAPPS_CACHE}
180
181    if [ -z "$SSH_FOLLOW_SYMLINKS" ]; then
182        # By default, don't follow symlinks under $HOME for localapps, as
183        # that breaks some apps that try to create locks to other filesystems.
184        # But do follow symlinks for any extra mounts.
185        follow_extra_symlinks="follow_symlinks,"
186    elif boolean_is_true "$SSH_FOLLOW_SYMLINKS"; then
187        follow_home_symlinks="follow_symlinks,"
188        follow_extra_symlinks="follow_symlinks,"
189    fi
190    # If the user's home directory is not located in the root cow device, assume
191    # that it has already been mounted with other means, e.g. with FSTAB_x.
192    if [ "$(stat -c %m "$LDM_HOME")" != "/" ]; then
193        unset SSHFS_HOME
194    else
195        unset SSHFS_HOME
196       
197        # BEGIN LLX HACK
198        #export SSHFS_HOME=true
199        #sshfs -o ${follow_home_symlinks}allow_other,ControlPath=${LDM_SOCKET} ${LDM_SERVER}:${LDM_HOME} ${LDM_HOME}
200       
201      # Create Vars
202        GRP_USER="$(id -ng ${LDM_USERNAME})"
203        NET_HOME="/net/server-sync/home/${GRP_USER}/${LDM_USERNAME}"
204
205        # Create UserFiles Structure
206        #mkdir ${LDM_HOME}/UserFiles
207        #chown -R ${LDM_USERNAME}:${GRP_USER} ${LDM_HOME}/UserFiles
208
209        # Mount SSHFS net/server-sync/home...
210        #sshfs -o ${follow_home_symlinks}allow_other,ControlPath=${LDM_SOCKET} ${LDM_USERNAME}@${LDM_SERVER}:${NET_HOME}/UserFiles ${LDM_HOME}/UserFiles
211        #echo "anem a muntar /net" > /tmp/homelinker2
212       
213       
214        if [ ! -d "/net" ] ; then
215                mkdir /net
216        fi
217       
218        sshfs -o nonempty,${follow_home_symlinks}allow_other,ControlPath=${LDM_SOCKET} ${LDM_USERNAME}@${LDM_SERVER}:/net /net
219       
220               
221        #for folder in Documents Groups Music Videos Pictures Share; do
222        #    if [ -h "${LDM_HOME}/${folder}" ]; then
223        #        echo "LLX LDM: ${LDM_HOME}/${folder} already exists" >> /var/log/ldm.log
224        #        echo "LLX LDM: ${LDM_HOME}/${folder} already exists" >> /tmp/ldm.log
225        #    else
226        #        ln -s ${LDM_HOME}/UserFiles/${folder}/ ${LDM_HOME}/${folder}
227        #        chown -R ${LDM_USERNAME}:${GRP_USER} ${LDM_HOME}/${folder}
228        #    fi 
229        #done
230
231        # END LLX HACK
232
233    fi
234
235    # Mount other directories
236    if [ -n "${LOCAL_APPS_EXTRAMOUNTS}" ]; then
237        oldifs="${IFS-not set}"
238        IFS=","
239        for extradir in ${LOCAL_APPS_EXTRAMOUNTS}; do
240            mkdir -p "${extradir}"
241            sshfs -o "${follow_extra_symlinks}allow_other,nonempty,ControlPath=${LDM_SOCKET}" "${LDM_SERVER}:${extradir}" "${extradir}"
242        done
243        test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
244    fi
245
246    # /etc/cups is usually not shipped by the cups-client package, so attempt
247    # to create it (it might fail if bind mounts are used).
248    if [ ! -d /etc/cups ]; then
249        mkdir /etc/cups || true
250    fi
251
252    # if cups is installed in the chroot, use LDM_SERVER for printing,
253    # unless the user has enabled remote printer browsing via CUPS.
254    if [ -d /etc/cups ]; then
255        if [ -n "${CUPS_SERVER}" ]; then
256            echo "ServerName ${CUPS_SERVER}" > /etc/cups/client.conf
257        elif ! grep -qsi "^Browsing on" /etc/cups/cupsd.conf; then
258       
259            # LLIUREX CHANGES #
260           
261            IP=$(getent hosts server | awk '{print $1}')
262            if [ "$IP" != "" ]; then
263                echo "ServerName ${IP}" > /etc/cups/client.conf
264            else
265                echo "ServerName ${LDM_SERVER}" > /etc/cups/client.conf
266            fi
267   
268            # #
269       
270
271        fi
272    fi
273   
274    n4d-modules enable-plugin /etc/n4d/conf.d/TeacherShare || true
275
276fi
Note: See TracBrowser for help on using the repository browser.