Changeset 6030


Ignore:
Timestamp:
Oct 13, 2017, 12:54:13 PM (2 years ago)
Author:
daduve
Message:

Adding new function to force server certified download if it does not exists in client

Location:
epoptes/trunk/fuentes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • epoptes/trunk/fuentes/debian/changelog

    r6026 r6030  
     1epoptes (0.5.9-lliurex33) xenial; urgency=high
     2
     3  * Adding new function to force server certified download if it does not exists in client
     4
     5 -- Daniel Duran Vecino <daduve@gmail.com>  Fri, 13 Oct 2017 12:52:41 +0200
     6
    17epoptes (0.5.9-lliurex32) xenial; urgency=high
    28
  • epoptes/trunk/fuentes/epoptes-client/epoptes-client

    r6026 r6030  
    3333log_file="/tmp/.epoptes_log"
    3434VERSION=$(lliurex-version)
     35download_certificate=False
    3536
    3637if [ ! -f $log_file ]; then
     
    4041
    4142
    42 echo "$VERSION" >> $log_file
    4343discover() {
    4444        echo "  - Dentro de funcion discover -  " >> $log_file
     
    154154fetch_certificate()
    155155{
    156     echo "Comprobando el certificado">> $log_file
    157     echo "Debe ser 0 sino muere, UID : $UID" >> $log_file
    158     test "$UID" -eq 0 || die "Need to be root to fetch the certificate" >> $log_file
     156    echo "[fetch_certificate] Comprobando el certificado: epoptes-client -c">> $log_file
     157    echo "[fetch_certificate]Debe ser 0 sino muere, UID : $UID" >> $log_file
     158    test "$UID" -eq 0 || die "[fetch_certificate] Need to be root to fetch the certificate" >> $log_file
    159159    mkdir -p /etc/epoptes
    160160    openssl s_client -connect $SERVER:$PORT < /dev/null \
     
    162162        > /etc/epoptes/server.crt
    163163    if [ -s /etc/epoptes/server.crt ]; then
    164         echo "Successfully fetched certificate from $SERVER:$PORT" >> $log_file
    165         echo "Successfully fetched certificate from $SERVER:$PORT"
     164        echo "[fetch_certificate] Successfully fetched certificate from $SERVER:$PORT" >> $log_file
     165        echo "[fetch_certificate] Successfully fetched certificate from $SERVER:$PORT"
    166166        exit 0
    167167    else
    168         echo  "FIRST Failed to fetch certificate from $SERVER:$PORT" >> $log_file
     168        echo  "[fetch_certificate] FIRST Failed to fetch certificate from $SERVER:$PORT" >> $log_file
    169169        sleep 10
    170170        openssl s_client -connect $SERVER:$PORT < /dev/null \
     
    172172        > /etc/epoptes/server.crt
    173173         if [ -s /etc/epoptes/server.crt ]; then
    174                 echo "Successfully fetched certificate from $SERVER:$PORT" >> $log_file
    175                 echo "Successfully fetched certificate from $SERVER:$PORT"
     174                echo "[fetch_certificate] Successfully fetched certificate from $SERVER:$PORT" >> $log_file
     175                echo "[fetch_certificate] Successfully fetched certificate from $SERVER:$PORT"
    176176                exit 0
    177177        else
    178                 die "SECOND Failed to fetch certificate from $SERVER:$PORT"
     178                die "[fetch_certificate] SECOND Failed to fetch certificate from $SERVER:$PORT"
    179179        fi
    180180       
     
    182182}
    183183
     184fetch_certificate_download()
     185{
     186    echo "[fetch_certificate_download] FORZANDO EL DOWNLOAD DEL CERTIFICADO">> $log_file
     187    echo "[fetch_certificate_download] Comprobando el certificado">> $log_file
     188    echo "[fetch_certificate_download] Debe ser 0 sino muere, UID : $UID" >> $log_file
     189    test "$UID" -eq 0 || die "[fetch_certificate_download] Need to be root to fetch the certificate" >> $log_file
     190    mkdir -p /etc/epoptes
     191    openssl s_client -connect $SERVER:$PORT < /dev/null \
     192        | sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d' \
     193        > /etc/epoptes/server.crt
     194    if [ -s /etc/epoptes/server.crt ]; then
     195        echo "[fetch_certificate_download] Successfully fetched certificate from $SERVER:$PORT" >> $log_file
     196        echo "[fetch_certificate_download] Successfully fetched certificate from $SERVER:$PORT"
     197    else
     198        echo  "[fetch_certificate_download] FIRST Failed to fetch certificate from $SERVER:$PORT" >> $log_file
     199        sleep 10
     200        openssl s_client -connect $SERVER:$PORT < /dev/null \
     201        | sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d' \
     202        > /etc/epoptes/server.crt
     203         if [ -s /etc/epoptes/server.crt ]; then
     204                echo "[fetch_certificate_download] Successfully fetched certificate from $SERVER:$PORT" >> $log_file
     205                echo "[fetch_certificate_download] Successfully fetched certificate from $SERVER:$PORT"
     206        else
     207                die "[fetch_certificate_download] SECOND Failed to fetch certificate from $SERVER:$PORT"
     208        fi
     209       
     210    fi
     211}
     212
    184213
    185214# Main.############################################
    186 
    187 echo "">> $log_file
    188 echo "*******DEPURANDO SCRIPT /USR/SBIN/EPOPTES PARA EL *************    USUARIO : $USER      ******">> $log_file
    189 echo "">> $log_file
    190 date >> $log_file
    191 echo "">> $log_file
    192 discover
    193 echo "*************** Presesion Lightdm ************"  >> $log_file
    194 ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" >> $log_file
    195 USERS_SOCAT=`ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" | awk '{print $2}' | uniq | wc -l `
    196 echo "USERS_SOCAT = $USERS_SOCAT">> $log_file;
    197 if [[ "$MATCH" != ligero  ]]; then
    198         if (("$USERS_SOCAT" > 2 )); then
    199                 echo "Estoy dentro del if matando procesos.......">> $log_file
    200                 for i in `ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v grep | awk '{print $2}' | uniq`; do
    201                         echo "Dentro del FOR para .......">> $log_file
    202                         ps -aux | grep $i >> $log_file
    203                         echo "Matando el proceso $i"  >> $log_file
    204                         kill -9 $i >> $log_file
    205                 done
    206         fi
    207 fi
    208 
    209 echo "_________MAIN_____________">> $log_file
    210 
    211 
    212 export VERSION="0.5.7" # Automatically updated by mkdst
    213215
    214216# Check the first parameter as it may turn out we don't need to run at all
     
    232234esac
    233235
     236echo "">> $log_file
     237echo "*******DEPURANDO SCRIPT /USR/SBIN/EPOPTES PARA EL *************    USUARIO : $USER      ******">> $log_file
     238echo "">> $log_file
     239date >> $log_file
     240echo "">> $log_file
     241echo "$VERSION" >> $log_file
     242echo "">> $log_file
     243echo "_________MAIN_____________">> $log_file
     244discover
     245echo "Presesion Lightdm.........."  >> $log_file
     246echo "">> $log_file
     247ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" >> $log_file
     248USERS_SOCAT=`ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" | awk '{print $2}' | uniq | wc -l `
     249echo "USERS_SOCAT = $USERS_SOCAT">> $log_file;
     250if [[ "$MATCH" != ligero  ]]; then
     251        if (("$USERS_SOCAT" > 2 )); then
     252                echo "Estoy dentro del if matando procesos.......">> $log_file
     253                for i in `ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v grep | awk '{print $2}' | uniq`; do
     254                        echo "Dentro del FOR para .......">> $log_file
     255                        ps -aux | grep $i >> $log_file
     256                        echo "Matando el proceso $i"  >> $log_file
     257                        kill -9 $i >> $log_file
     258                done
     259        fi
     260fi
     261
     262
     263export VERSION="0.5.7" # Automatically updated by mkdst
     264
     265
     266
    234267# When called from /etc/xdg/autostart, /sbin is not in the system path.
    235268PATH="$PATH:/sbin:/usr/sbin"
     
    252285
    253286# Provide an easy way to fetch the server certificate
    254 echo "Necesito el certificado -> $need_certificate" >> $log_file
    255287test -n "$need_certificate" && fetch_certificate
    256288
     289#Nos aseguramos de tener el certificado del server
     290echo "Necesito el certificado -> $download_certificate" >> $log_file
     291BAJAR_CERT=True
     292if [ $download_certificate  =  $BAJAR_CERT ];then
     293        echo "Compruebo si el certificado existe..... ">> $log_file
     294        if [ ! -s /etc/epoptes/server.crt ]; then
     295               echo "FORZADO -> No tengo el certificado debo adquirirlo del server" >> $log_file
     296               fetch_certificate_download
     297        else
     298                echo "Tengo el certificado continua la ejecucion....." >> $log_file
     299        fi
     300fi
    257301
    258302# We don't want the epoptes-client system service running on the epoptes server
     
    348392trap salida KILL TERM QUIT INT STOP EXIT
    349393
    350 
     394echo "-- Funcion Principal para abrir el SOCAT --" >> $log_file
    351395if [ -s /etc/epoptes/server.crt ] || [ "$cert_param" = "verify=0" ]; then
    352396   echo "Dentro del if antes del while 1 del usuario $USER" >> $log_file
     
    354398        ALIVE=$(ps ax|grep $PPID|grep -v grep|wc -l)
    355399        echo "Dentro del While porque el RUN es $RUN para usuario $USER">> $log_file
    356         echo "Haciendo el wait.....Ahora nop" >> $log_file
    357400        USERS_SOCAT_POST=`ps aux | grep /usr/sbin/epoptes | grep -v root | grep -v "grep" | awk '{print $2}' | uniq | wc -l `
    358         echo "Calculado el USERS_SOCAT_POST: $USERS_SOCAT_POST" >> $log_file
     401        echo "Calculando el USERS_SOCAT_POST: $USERS_SOCAT_POST" >> $log_file
    359402        if (("$USERS_SOCAT_POST" < 3 )) || [[ "$MATCH" == "ligero" ]]; then
    360403                echo "-----SOCAT se va a ejecutar para el usuario: $USER -----">> $log_file
Note: See TracChangeset for help on using the changeset viewer.