Initial commit
This commit is contained in:
Tobias Herre
parent
b476ea2c6b
commit
e21b2a946c
|
|
@ -0,0 +1,77 @@
|
|||
#!/bin/sh
|
||||
|
||||
|
||||
if [ -f /etc/os-release ]; then
|
||||
. /etc/os-release
|
||||
DISTRO=$ID
|
||||
|
||||
if [ "$DISTRO" = "ubuntu" ] || [ "$DISTRO" = "debian" ]; then
|
||||
OS=DEBIAN
|
||||
elif [ "$DISTRO" = "fedora" ] || [ "$DISTRO" = "centos" ]; then
|
||||
OS=CENTOS
|
||||
else
|
||||
echo "OS not detected"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "/etc/os-release not found, cannot determine OS."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
PREFIX=/usr/local/bin/wmde
|
||||
|
||||
copy_files() {
|
||||
mkdir -p $PREFIX
|
||||
cp wmde-rp-init.sh $PREFIX/
|
||||
cp wmde-rp-check-pam-user.sh $PREFIX/
|
||||
#cp wmde-rp-unison-initial-sync-nfs.sh $PREFIX/
|
||||
cp wmde-rp-generate-known-hosts.sh $PREFIX/
|
||||
#cp wmde-rp-usersync-nfs.sh $PREFIX/
|
||||
cp wmde-rp-usersync-ssh.sh $PREFIX/
|
||||
cp wmde-rp-progress.sh $PREFIX/
|
||||
cp wmde-rp-common.sh $PREFIX/
|
||||
chmod 755 $PREFIX/*
|
||||
|
||||
cp wmde-rp-usersync.service /etc/systemd/user/wmde-rp-usersync.service
|
||||
mkdir -p /etc/systemd/user/default.target.wants
|
||||
rm -rf /etc/systemd/user/default.target.wants/wmde-rp-usersync.service
|
||||
ln -s /etc/systemd/user/wmde-rp-usersync.service /etc/systemd/user/default.target.wants/wmde-rp-usersync.service
|
||||
|
||||
cp wmde-rp-unison.prf /etc
|
||||
}
|
||||
|
||||
update_pam() {
|
||||
rm -rf /etc/authselect/custom/wmde
|
||||
authselect create-profile wmde -b sssd --symlink-meta
|
||||
|
||||
cp postlogin /etc/authselect/custom/wmde/postlogin
|
||||
|
||||
authselect select custom/wmde with-mkhomedir with-sudo
|
||||
authselect apply-changes
|
||||
}
|
||||
|
||||
if [ "$OS" = "CENTOS" ]; then
|
||||
dnf install -y unison
|
||||
copy_files
|
||||
update_pam
|
||||
fi
|
||||
|
||||
if [ "$OS" = "DEBIAN" ]; then
|
||||
apt purge -y unison
|
||||
mkdir -p unison_temp
|
||||
cd unison_temp
|
||||
wget https://github.com/bcpierce00/unison/releases/download/v2.53.7/unison-2.53.7-ubuntu-x86_64-static.tar.gz
|
||||
tar xvfz unison-2.53.7-ubuntu-x86_64-static.tar.gz
|
||||
cd bin
|
||||
chmod +x unison unison-fsmonitor
|
||||
sudo mv unison unison-fsmonitor /usr/local/bin/
|
||||
cd ..
|
||||
cd ..
|
||||
rm -rf unison_temp
|
||||
|
||||
copy_files
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
auth required pam_env.so
|
||||
auth required pam_faildelay.so delay=2000000
|
||||
auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"}
|
||||
auth required pam_faillock.so preauth silent {include if "with-faillock"}
|
||||
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
|
||||
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
|
||||
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
|
||||
auth [default=1 ignore=ignore success=ok] pam_localuser.so
|
||||
auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
||||
auth sufficient pam_systemd_home.so {include if "with-systemd-homed"}
|
||||
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
|
||||
auth sufficient pam_sss.so forward_pass
|
||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
||||
auth optional pam_gnome_keyring.so auto_start {include if "with-pam-gnome-keyring"}
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_access.so {include if "with-pamaccess"}
|
||||
account required pam_faillock.so {include if "with-faillock"}
|
||||
account sufficient pam_systemd_home.so {include if "with-systemd-homed"}
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so {exclude if "with-files-access-provider"}
|
||||
account sufficient pam_usertype.so issystem
|
||||
account [default=bad success=ok user_unknown=ignore] pam_sss.so
|
||||
account required pam_permit.so
|
||||
|
||||
password sufficient pam_systemd_home.so {include if "with-systemd-homed"}
|
||||
password requisite pam_pwquality.so local_users_only
|
||||
password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"}
|
||||
password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"}
|
||||
password sufficient pam_unix.so yescrypt shadow {if not "without-nullok":nullok} use_authtok
|
||||
password [success=1 default=ignore] pam_localuser.so
|
||||
password sufficient pam_sss.so use_authtok
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||
session optional pam_systemd_home.so {include if "with-systemd-homed"}
|
||||
-session optional pam_systemd.so
|
||||
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||
session optional pam_exec.so /usr/local/bin/wmde/wmde-rp-init-nfs.sh
|
||||
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
session optional pam_sss.so
|
||||
session optional pam_gnome_keyring.so auto_start {include if "with-pam-gnome-keyring"}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||
|
||||
password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||
session required pam_exec.so stdout /usr/local/bin/wmde/wmde-rp-init.sh
|
||||
|
||||
session optional pam_umask.so silent
|
||||
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
||||
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
||||
session optional pam_lastlog.so silent noupdate showfailed
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
CONFIGDIRS="\
|
||||
-path .config \
|
||||
-path .local/share/backgrounds \
|
||||
-path testdir1 \
|
||||
-path testdir2"
|
||||
|
||||
echo $CONFIGDIRS
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
#authselect select sssd with-mkhomedir with-sudo
|
||||
#authselect apply-changes
|
||||
|
||||
PREFIX=/usr/local/bin/wmde
|
||||
|
||||
rm -rf $FREFIX
|
||||
|
||||
rm -f /etc/systemd/user/wmde-rp-usersync-nfs.service
|
||||
rm -f /etc/systemd/user/wmde-rp-usersync-ssh.service
|
||||
rm -f /etc/systemd/user/wmde-rp-usersync.service
|
||||
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
#!/bin/sh
|
||||
|
||||
|
||||
# we want only initialize with unison if session is starting
|
||||
if [ "$PAM_TYPE" != "open_session" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
. /etc/wmde-rp.conf
|
||||
|
||||
USER_UID=$(id -u "$PAM_USER" 2>/dev/null)
|
||||
|
||||
# do not run for uid < $MIN_USER_ID
|
||||
if [ -z "$USER_UID" ] || [ "$USER_UID" -lt $MIN_USER_ID ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# do not run for any admin users
|
||||
for user in $ADMIN_USERS; do
|
||||
if [ "$PAM_USER" = "$user" ]; then
|
||||
exit 0
|
||||
fi
|
||||
done
|
||||
|
||||
FQDN=$(hostname -f)
|
||||
DOMAIN=$(hostname -d)
|
||||
|
||||
for group in $NETGROUPS; do
|
||||
OUTPUT=$(getent netgroup "$group" "$FQDN" "$PAM_USER" "$DOMAIN" 2>/dev/null)
|
||||
echo "$OUTPUT" | grep -q "1$"
|
||||
if [ $? -eq 0 ]; then
|
||||
PRGROUPFOUND=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $PRGROUPFOUND -ne 1 ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
||||
# Get all users groups
|
||||
#USER_GROUPS=$(id -nG "$PAM_USER")
|
||||
|
||||
#RPGROUPFOUND=0
|
||||
#for GROUP in $RPGROUPS; do
|
||||
# for USERGROUP in $USER_GROUPS; do
|
||||
# if [ "$GROUP" = "$USERGROUP" ]; then
|
||||
# RPGROUPFOUND=1
|
||||
# fi
|
||||
# done
|
||||
#done
|
||||
|
||||
#if [ "$RPGROUPFOUND" -eq 0 ]; then
|
||||
# exit 0
|
||||
#fi
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
|
||||
|
||||
LOGFILE=$HOMEDIR/.wmdesync/usersync.log
|
||||
PIDFILE=$HOMEDIR/.wmdesync/usersync.pid
|
||||
FIRSTSYNC=$HOMEDIR/.wmdesync/firstsync-done
|
||||
FULLSYNC=$HOMEDIR/.wmdesync/fullsync-done
|
||||
CONFIGSYNC=$HOMEDIR/.wmdesync/configsync-done
|
||||
SMALLFILESSYNC=$HOMEDIR/.wmdesync/smallfilessync-done
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
. /etc/wmde-rp.conf
|
||||
|
||||
set -e
|
||||
set -o pipefail
|
||||
ipa host-show $NFSSERVER --all | grep "SSH public key:" | sed 's/.*SSH public key: //;s/, /\n/g' | sed "s/^\([^[:space:]]\+\s\+.*\)$/$NFSSERVER \1/" #> "$HOMEDIR/.wmdesync/known_hosts"
|
||||
|
||||
|
|
@ -0,0 +1,169 @@
|
|||
#!/bin/sh
|
||||
|
||||
PREFIX=/usr/local/bin/wmde
|
||||
|
||||
. /etc/wmde-rp.conf
|
||||
|
||||
#set -x
|
||||
#set -e
|
||||
|
||||
cd /tmp
|
||||
|
||||
. $PREFIX/wmde-rp-check-pam-user.sh #exit if user does not belong to rp criteria
|
||||
|
||||
|
||||
|
||||
#echo "WMDE Roaming Profile"
|
||||
|
||||
export HOMEDIR=$(getent passwd "$PAM_USER" | cut -d: -f6)
|
||||
export WMDE_UNISONARGS="-auto -log -prefer newer -batch"
|
||||
export UNISON=$HOMEDIR/.unison-wmde
|
||||
export PAM_USER=$PAM_USER
|
||||
export SSHARGS="-o UserKnownHostsFile=$HOMEDIR/.wmdesync/known_hosts"
|
||||
|
||||
|
||||
|
||||
. $PREFIX/wmde-rp-common.sh
|
||||
|
||||
TIMEOUT=30
|
||||
|
||||
|
||||
|
||||
#if [ -f "$FIFULLSYNC" ]; then
|
||||
# exit 0
|
||||
#fi
|
||||
|
||||
if [ ! -f "$FIRSTSYNC" ]; then
|
||||
FIRSTRUN="first"
|
||||
else
|
||||
FIRSTRUN="no"
|
||||
|
||||
fi
|
||||
|
||||
echo "FIRST $FIRSTRUN" >> /tmp/wtforsyc.txt
|
||||
|
||||
|
||||
if [ "$WAIT_FOR_CONFIG" = "never" ] && [ "$WAIT_FOR_FULLSYNC" = "never" ] && [ "$WAIT_FOR_SMALLFILESSYNC" = "never" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# wait for pid file to be created (max 30 seconds)
|
||||
i=0
|
||||
while [ $i -lt $TIMEOUT ]; do
|
||||
echo "WAITING FOR PIDFILE $i" >> /tmp/wtforsyc.txt
|
||||
if [ -f "$PIDFILE" ]; then
|
||||
echo "FOUND PID FILE" >> /tmp/wtforsyc.txt
|
||||
PID=`cat $PIDFILE`
|
||||
if kill -0 "$PID" 2>/dev/null; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
sleep 1
|
||||
i=$((i + 1))
|
||||
done
|
||||
if [ $i -eq $TIMEOUT ]; then
|
||||
echo "NO PIDFILE - ERROR" >> /tmp/wtforsyc.txt
|
||||
exit 1
|
||||
fi
|
||||
echo "PID is $PID my PID $$" >> /tmp/wtforsyc.txt
|
||||
|
||||
|
||||
echo "Loading roaming profile, please be patient ..."
|
||||
|
||||
wait_for_sync() {
|
||||
# $1 dir to watch
|
||||
# $2 pid_file
|
||||
|
||||
while kill -0 "$PID" 2>/dev/null && [ "$PID" != "`cat $2`" ]; do
|
||||
size=$(du -sh $1 2>/dev/null | cut -f1)
|
||||
#echo "Loading roaming profile: $size / $xsize"
|
||||
echo "$3 $size $4"
|
||||
echo "PID: $PID in file $2: `cat $2`" >> /tmp/wtforsyc.txt
|
||||
sleep 3
|
||||
done
|
||||
echo "FINAL PID: $PID in file $2: `cat $2`" >> /tmp/wtforsyc.txt
|
||||
|
||||
|
||||
# echo "Parameter 1: $1"
|
||||
# echo "Parameter 2: $2"
|
||||
}
|
||||
|
||||
if [ "$WAIT_FOR_CONFIG" = "always" ] || [ "$WAIT_FOR_CONFIG" = "$FIRSTRUN" ]; then
|
||||
echo "Wait for Config" >> /tmp/wtforsyc.txt
|
||||
wait_for_sync $HOMEDIR/.config $CONFIGSYNC "Loading config:" ""
|
||||
fi
|
||||
|
||||
if [ "$WAIT_FOR_SMALLFILESSYNC" = "always" ] || [ "$WAIT_FOR_SMALLFILESSYNC" = "$FIRSTRUN" ]; then
|
||||
echo "Wait for Small files" >> /tmp/wtforsyc.txt
|
||||
wait_for_sync $HOMEDIR $SMALLFILESSYNC "Loading small files:" ""
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
if [ "$WAIT_FOR_FULLSYNC" = "always" ] || [ "$WAIT_FOR_FULLSYNC" = "$FIRSTRUN" ]; then
|
||||
|
||||
echo "Wait for fullsync" >> /tmp/wtforsyc.txt
|
||||
i=0
|
||||
while [ $i -lt $TIMEOUT ]; do
|
||||
if [ -f "$HOMEDIR/.wmdesync/known_hosts" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=$((i + 1))
|
||||
done
|
||||
|
||||
if [ $i -eq $TIMEOUT ]; then
|
||||
xsize="unknown"
|
||||
else
|
||||
xsize=$(sudo -E -u $PAM_USER ssh $SSHARGS $NFSSERVER "du -sh $HOMDIR | cut -f1")
|
||||
fi
|
||||
|
||||
|
||||
wait_for_sync $HOMEDIR/ $FULLSYNC "Loading profile:" "/$xsize"
|
||||
fi
|
||||
|
||||
echo "Finished" >> /tmp/wtforsyc.txt
|
||||
exit 0
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
PID=`cat $PIDFILE`
|
||||
while kill -0 "$PID" 2>/dev/null; do
|
||||
if [ -f "$FULLSYNC" ]; then
|
||||
exit 0
|
||||
fi
|
||||
size=$(du -sh $HOMEDIR | cut -f1)
|
||||
echo "Loading roaming profile: $size / $xsize"
|
||||
sleep 3
|
||||
done
|
||||
|
||||
echo "Failed to initialize roaming profile."
|
||||
sleep 5
|
||||
exit 1
|
||||
|
||||
|
||||
|
||||
if [ ! -f "$HOMEDIR/.wmdesync/known_hosts" ]; then
|
||||
#sudo -E -u $PAM_USER /bin/sh -c "$PREFIX/wmde-rp-unison-initial-sync-nfs.sh"
|
||||
sudo -E -u $PAM_USER /bin/sh -c "$PREFIX/wmde-rp-usersync-ssh.sh pam"
|
||||
LASTERROR=$?
|
||||
if [ $LASTERROR -ne 0 ]; then
|
||||
echo "Initial sync with WMDE roaming profile failed. $LASTERROR"
|
||||
sleep 20
|
||||
rm -f "$HOMEDIR/.wmdesync/known_hosts"
|
||||
exit $LASTERROR
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
#if [ ! -f "$HOMEDIR/.config/systemd/user/default.target.wants/wmde-rp-usersync.service" ]; then
|
||||
|
||||
# sudo -E -u $PAM_USER mkdir -p $HOMEDIR/.config/systemd/user/default.target.wants #2>>/tmp/login.txt
|
||||
# sudo -E -u $PAM_USER ln -s /etc/systemd/user/wmde-rp-usersync.service $HOMEDIR/.config/systemd/user/default.target.wants/wmde-rp-usersync.service #2>>/tmp/login.txt
|
||||
#fi
|
||||
#sudo -E -u $PAM_USER systemctl --user start wmde-rp-usersync.service
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
|
||||
while true; do
|
||||
size=$(du -sh $1 | cut -f1)
|
||||
echo "Loading roaming profile: $size of $2."
|
||||
sleep 3
|
||||
done
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
echo "hallo" >> /tmp/tobias
|
||||
sleep 60
|
||||
echo "sart hallo" >> /tmp/tobias
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable wmde-rp-usersync-nfs.service
|
||||
systemctl --user start wmde-rp-usersync-nfs.service
|
||||
|
||||
echo "end hallo" >> /tmp/tobias
|
||||
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
#!/bin/sh
|
||||
|
||||
. /etc/wmde-rp.conf
|
||||
|
||||
KNOWNHOSTS=`$PREFIX/wmde-rp-generate-known-hosts.sh`
|
||||
LASTERROR=$? if [ $LASTERROR -ne 0 ]; then exit $LASTERROR fi
|
||||
|
||||
mkdir -p $HOMEDIR/.wmdesync
|
||||
LASTERROR=$? if [ $LASTERROR -ne 0 ]; then exit $LASTERROR fi
|
||||
|
||||
|
||||
echo $KNOWNHOSTS > "$HOMEDIR/.wmdesync/known_hosts"
|
||||
LASTERROR=$? if [ $LASTERROR -ne 0 ]; then exit $LASTERROR fi
|
||||
|
||||
ssh $SSHARGS $PAM_USER@$NFSSERVER /usr/bin/true
|
||||
LASTERROR=$? if [ $LASTERROR -ne 0 ]; then exit $LASTERROR fi
|
||||
|
||||
|
||||
|
||||
ls $NFSHOMES/$PAM_USER/
|
||||
|
||||
#mkdir -p $HOMEDIR/.config
|
||||
#mkdir -p $NFSHOMES/$PAM_USER/.config
|
||||
#unison $HOMEDIR/.config $NFSHOMES/$PAM_USER/.config $WMDE_UNISONARGS -ignore "Path .unison-wmde"
|
||||
|
||||
#mkdir -p $HOMEDIR/.local/share/backgrounds
|
||||
#mkdir -p $NFSHOMES/$PAM_USER/.local/share/backgrounds
|
||||
#unison $HOMEDIR/.local/share/backgrounds $NFSHOMES/$PAM_USER/.local/share/backgrounds $WMDE_UNISONARGS -ignore "Path .unison-wmde"
|
||||
|
||||
|
||||
|
||||
IGNORES="-ignore 'Path .wmdesync' "
|
||||
OTHERARGS="-auto -log -prefer newer -fastcheck true -maxerrors 5000 "
|
||||
|
||||
|
||||
export UNISON=$HOMEDIR/.wmdesync/unison
|
||||
export UNISONLOCALHOSTNAME=`hostname`
|
||||
|
||||
mkdir -p $UNISON
|
||||
WMDE_UNISON_PRF=/etc/wmde-rp-unison.prf
|
||||
if [ -e "$WMDE_UNISON_PRF" ]; then cp "$WMDE_UNISON_PRF" "$UNISON/default.prf"; fi
|
||||
|
||||
echo "Doing initial profile sync, be patient ..."
|
||||
eval unison $HOMEDIR $NFSHOMES/$PAM_USER $OTHERARGS -batch $IGNORES > /tmp/login.txt 2>&1
|
||||
echo "Profile is now ready."
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
ignore = Path Local
|
||||
ignore = Name .cache
|
||||
ignore = Name .cache2
|
||||
ignore = Path .thunderbird/*/ImapMail
|
||||
ignore = Path .mozilla/firefox/*/storage
|
||||
ignore = Path .mozilla/firefox/*/lock
|
||||
ignore = Path snap/firefox/common/.mozilla/firefox/*/storage
|
||||
ignore = Path .config/goa-1.0/accounts.conf
|
||||
ignore = Path .config/sipgate-softphone/Cache
|
||||
|
||||
|
|
@ -0,0 +1,109 @@
|
|||
#!/bin/sh
|
||||
|
||||
. /etc/wmde-rp.conf
|
||||
|
||||
set -x
|
||||
USER=`whoami`
|
||||
PAM_USER=$USER
|
||||
PAM_TYPE=open_session
|
||||
|
||||
. $PREFIX/wmde-rp-check-pam-user.sh
|
||||
|
||||
|
||||
HOMEDIR=$(getent passwd "$USER" | cut -d: -f6)
|
||||
|
||||
IGNORES="-ignore 'Path .wmdesync'"
|
||||
OTHERARGS="-auto -log -prefer newer -fastcheck true -maxerrors 5000"
|
||||
|
||||
|
||||
export UNISON=$HOMEDIR/.wmdesync/unison
|
||||
export UNISONLOCALHOSTNAME=`hostname`
|
||||
WMDE_UNISON_PRF=/etc/wmde-rp-unison.prf
|
||||
if [ -e "$WMDE_UNISON_PRF" ]; then cp "$WMDE_UNISON_PRF" "$UNISON/default.prf"; fi
|
||||
|
||||
eval unison $HOMEDIR $NFSHOMES/$USER $OTHERARGS -repeat watch+60 -watch -batch $IGNORES
|
||||
|
||||
echo "$HOMEDIR"
|
||||
exit 0
|
||||
|
||||
|
||||
|
||||
exit 0
|
||||
|
||||
echo "Login as $PAM_USER with type $PAM_TYPE" >> /tmp/login.txt
|
||||
|
||||
export NFSSERVER="nfsserver.lan.gs.wikimedia.de"
|
||||
export HOMEDIR=$(getent passwd "$PAM_USER" | cut -d: -f6)
|
||||
|
||||
export OTHERARGS_CONF="-auto -log -prefer newer "
|
||||
export PIDFILE="$HOMEDIR/.wmdesync/unison.pid"
|
||||
|
||||
|
||||
|
||||
|
||||
GROUP="wmde"
|
||||
|
||||
if id -nG "$PAM_USER" | grep -qw "$GROUP"; then
|
||||
echo "$PAM_USER is member of $GROUP." >> /tmp/login.txt
|
||||
else
|
||||
echo "$PAM_USER is not member of $GROUP." >> /tmp/login.txt
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Action begins" >> /tmp/login.txt
|
||||
echo "Homedir for $PAM_USER is $HOMEDIR." >> /tmp/login.txt
|
||||
|
||||
|
||||
generate_known_hosts() {
|
||||
|
||||
echo "SUBFUNC $HOMEDIR, $NFSSERVER" >> /tmp/login.txt
|
||||
ipa host-show nfsserver.lan.gs.wikimedia.de --all | grep "SSH public key:" | sed 's/.*SSH public key: //;s/, /\n/g' | sed "s/^\([^[:space:]]\+\s\+.*\)$/$NFSSERVER \1/" > "$HOMEDIR/.wmdesync/known_hosts"
|
||||
}
|
||||
|
||||
oioioioisync_config() {
|
||||
rm -rf $HOMEDIR/.unison
|
||||
unison $HOMEDIR/.config ssh://$NFSSERVER/$HOMEDIR/.config -sshargs "$SSHARGS" $OTHERARGS_CONF -batch # & echo $! > $PIDFILE
|
||||
mkdir -p $HOMEDIR/.local/share/backgrounds
|
||||
unison $HOMEDIR/.local/share/backgrounds ssh://$NFSSERVER/$HOMEDIR/.local/share/backgrounds -sshargs "$SSHARGS" $OTHERARGS_CONF -batch # & echo $! > $PIDFILE
|
||||
|
||||
}
|
||||
|
||||
sync_all() {
|
||||
#Prüfen, ob PID-Datei existiert
|
||||
if -f "$PIDFILE" ; then
|
||||
PID=$(cat "$PIDFILE")
|
||||
# Prüfen, ob Prozess läuft und Unison ist
|
||||
if ps -p "$PID" > /dev/null 2>&1; then
|
||||
# Ist es auch wirklich ein Unison-Prozess?
|
||||
if ps -p "$PID" -o comm= | grep -q "^unison$"; then
|
||||
echo "Unison läuft bereits mit PID $PID."
|
||||
exit 0
|
||||
else
|
||||
echo "PID $PID gehört nicht zu Unison. Ignoriere PID-Datei."
|
||||
fi
|
||||
else
|
||||
echo "PID $PID läuft nicht mehr. Starte Unison neu."
|
||||
fi
|
||||
fi
|
||||
|
||||
unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -sshargs "$SSHARGS" $OTHERARGS -batch -ignore 'Path .unison' -ignore 'Path .cache' & echo $! > $PIDFILE
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
sudo -E -u $PAM_USER mkdir -p $HOMEDIR/.wmdesync
|
||||
sudo -E -u $PAM_USER bash -c "$(declare -f generate_known_hosts); generate_known_hosts" 2>>/tmp/login.txt
|
||||
sudo -E -u $PAM_USER bash -c "$(declare -f sync_config); sync_config" 2>>/tmp/login.txt
|
||||
sudo -E -u $PAM_USER bash -c "$(declare -f sync_all); sync_all" 2>>/tmp/login.txt
|
||||
|
||||
#sudo -u "$PAM_USER" bash -c "NFSSERVER='$NFSSERVER' HOMEDIR='$HOMEDIR' $(declare -f generate_known_hosts); generate_known_hosts" 2>>/tmp/login.txt
|
||||
|
||||
#sudo -u "$PAM_USER" bash -c "NFSSERVER='$NFSSERVER' HOMEDIR='$HOMEDIR' SSHARGS='$SSHARGS' OTHERARGS='$OTHERARGS_CONF'; $(declare -f sync_config); sync_config" 2>>/tmp/login.txt
|
||||
|
||||
|
||||
|
||||
echo "RESULT $?" >> /tmp/login.txt
|
||||
echo "Done" >> /tmp/login.txt
|
||||
|
||||
|
|
@ -0,0 +1,210 @@
|
|||
#!/bin/sh
|
||||
|
||||
. /etc/wmde-rp.conf
|
||||
|
||||
#exec > >(tee /dev/null) 2>&1
|
||||
|
||||
USER=`whoami`
|
||||
PAM_USER=$USER
|
||||
PAM_TYPE=open_session
|
||||
#exec >> /tmp/mys-$USER.txt 2>&1
|
||||
#set -x
|
||||
|
||||
. $PREFIX/wmde-rp-check-pam-user.sh
|
||||
|
||||
#echo `who am i` > /tmp/usersync-session.txt
|
||||
|
||||
|
||||
HOMEDIR=$(getent passwd "$PAM_USER" | cut -d: -f6)
|
||||
SSHARGS="-o UserKnownHostsFile=$HOMEDIR/.wmdesync/known_hosts"
|
||||
|
||||
. $PREFIX/wmde-rp-common.sh
|
||||
|
||||
mkdir -p $HOMEDIR/.wmdesync
|
||||
LASTERROR=$?
|
||||
if [ $LASTERROR -ne 0 ]; then
|
||||
echo $$ > $CONFIGSYNC
|
||||
echo $$ > $FULLSYNC
|
||||
exit $LASTERROR
|
||||
fi
|
||||
|
||||
|
||||
#LOGFILE=$HOMEDIR/.wmdesync/usersync.log
|
||||
#PIDFILE=$HOMEDIR/.wmdesync/usersync.pid
|
||||
#FIRSTSYNC=$HOMEDIR/.wmdesync/firstsync-done
|
||||
#FULLSYNC=$HOMEDIR/.wmdesync/fullsync-done
|
||||
#CONFIGSYNC=$HOMEDIR/.wmdesync/configsync-done
|
||||
|
||||
. $PREFIX/wmde-rp-common.sh
|
||||
|
||||
if [ -f "$PIDFILE" ]; then
|
||||
OLD_PID=`cat "$PIDFILE"`
|
||||
if kill -0 "$OLD_PID" 2> /dev/null; then
|
||||
echo "Usersync already running." >> $LOGFILE
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
echo 0 > $CONFIGSYNC
|
||||
echo 0 > $FULLSYNC
|
||||
echo 0 > $SMALLFILESSYNC
|
||||
echo $$ > $PIDFILE
|
||||
|
||||
|
||||
|
||||
|
||||
KNOWNHOSTS=`$PREFIX/wmde-rp-generate-known-hosts.sh`
|
||||
LASTERROR=$?
|
||||
if [ $LASTERROR -ne 0 ]; then
|
||||
echo $$ > $CONFIGSYNC
|
||||
echo $$ > $FULLSYNC
|
||||
exit $LASTERROR
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
echo $KNOWNHOSTS > "$HOMEDIR/.wmdesync/known_hosts"
|
||||
LASTERROR=$?
|
||||
if [ $LASTERROR -ne 0 ]; then
|
||||
echo $$ > $CONFIGSYNC
|
||||
echo $$ > $FULLSYNC
|
||||
exit $LASTERROR
|
||||
fi
|
||||
|
||||
# The following creates users home directory on the nfs server if not already exists
|
||||
ssh $SSHARGS $PAM_USER@$NFSSERVER /usr/bin/true
|
||||
LASTERROR=$?
|
||||
if [ $LASTERROR -ne 0 ]; then
|
||||
echo $$ > $CONFIGSYNC
|
||||
echo $$ > $FULLSYNC
|
||||
exit $LASTERROR
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
IGNORES="-ignore 'Path .wmdesync'"
|
||||
OTHERARGS="-auto -log -prefer newer -maxerrors 500000"
|
||||
#-fastcheck"
|
||||
|
||||
export UNISONLOCALHOSTNAME=`hostname`
|
||||
export UNISON=$HOMEDIR/.wmdesync/unison-$UNISONLOCALHOSTNAME
|
||||
WMDE_UNISON_PRF=/etc/wmde-rp-unison.prf
|
||||
SERVERCMD="UNISONLOCALHOSTNAME=$UNISONLOCALHOSTNAME UNISON=$UNISON unison"
|
||||
|
||||
mkdir -p $UNISON
|
||||
LASTERROR=$?
|
||||
if [ $LASTERROR -ne 0 ]; then
|
||||
echo $$ > $CONFIGSYNC
|
||||
echo $$ > $FULLSYNC
|
||||
exit $LASTERROR
|
||||
fi
|
||||
|
||||
ssh $SSHARGS $NFSSERVER "mkdir -p $UNISON"
|
||||
LASTERROR=$?
|
||||
if [ $LASTERROR -ne 0 ]; then
|
||||
echo $$ > $CONFIGSYNC
|
||||
echo $$ > $FULLSYNC
|
||||
exit $LASTERROR
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
REMOTEDIR="$UNISON"
|
||||
LOCALDIR="$UNISON"
|
||||
REMOTEFILES=$(ssh $SSHARGS $PAM_USER@$NFSSERVER find "$REMOTEDIR" -maxdepth 1 -type f -name 'ar*' -printf '%f\\n' | sort)
|
||||
LOCALFILES=$(find "$LOCALDIR" -maxdepth 1 -type f -name 'ar*' -printf '%f\n' | sort)
|
||||
|
||||
#echo $REMOTEFILES
|
||||
#echo $LOCALFILES
|
||||
|
||||
|
||||
rm -f $LOCALDIR/lk*
|
||||
rm -f $LOCALDIR/fp*
|
||||
ssh $SSHARGS $PAM_USER@$NFSSERVER rm -f $REMOTEDIR/lk*
|
||||
ssh $SSHARGS $PAM_USER@$NFSSERVER rm -f $REMOTEDIR/fp*
|
||||
|
||||
|
||||
if [ "$REMOTEFILES" = "$LOCALFILES" ]; then
|
||||
echo "ok" > /dev/null
|
||||
|
||||
else
|
||||
# echo "Unison archives differ, removing them "
|
||||
rm -f $LOCALDIR/ar*
|
||||
ssh $SSHARGS $PAM_USER@$NFSSERVER rm -f $REMOTEDIR/ar*
|
||||
fi
|
||||
|
||||
|
||||
for file in $LOCALDIR/ar*; do
|
||||
[ -e "$file" ] || continue # Falls kein Match, "ar*" bleibt als String erhalten
|
||||
if [ ! -s "$file" ]; then
|
||||
rm -f "$file"
|
||||
ssh $SSHARGS $PAM_USER@$NFSSERVER rm -f "$file"
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
#if [ -e "$WMDE_UNISON_PRF" ]; then
|
||||
cp "$WMDE_UNISON_PRF" "$UNISON/default.prf";
|
||||
cat "$WMDE_UNISON_PRF" | ssh $SSHARGS $NFSSERVER "cat > $UNISON/default.prf"
|
||||
#fi
|
||||
|
||||
if [ "$1" = "pam" ]; then
|
||||
echo "Loading roaming profile, please be patient ..."
|
||||
size=$(ssh $SSHARGS $NFSSERVER "du -sh $HOMDIR | cut -f1")
|
||||
$PREFIX/wmde-rp-progress.sh $HOMEDIR $size &
|
||||
PRPID=$!
|
||||
|
||||
unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -times -sshargs "$SSHARGS" -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync' -silent > /dev/null 2>&1
|
||||
|
||||
kill $PRPID
|
||||
echo "Raoming profile loaded."
|
||||
else
|
||||
# Sync config
|
||||
|
||||
for item in $CONFIGDIRS; do
|
||||
CONFIGDIRSARGS="$CONFIGDIRSARGS -path $item"
|
||||
done
|
||||
|
||||
unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -times -sshargs "$SSHARGS" -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync' $CONFIGDIRSARGS
|
||||
echo "$$" > $CONFIGSYNC
|
||||
|
||||
|
||||
PROFILE=$UNISON/wmde.prf
|
||||
REMOTE_BASE=$HOMEDIR
|
||||
|
||||
IGNORE_RULES=$(
|
||||
ssh "$SSHARGS" $NFSSERVER "find '$REMOTE_BASE' -type f -size +$SMALLFILESSIZE" |
|
||||
while IFS= read -r filepath; do
|
||||
# Pfad relativieren zum REMOTE_BASE
|
||||
relpath="${filepath#$REMOTE_BASE/}"
|
||||
echo "ignore = Path $relpath"
|
||||
done
|
||||
)
|
||||
generate_profile() {
|
||||
echo "root = $HOMEDIR" > $PROFILE
|
||||
echo "root = ssh://$NFSSERVER/$HOMEDIR" >> $PROFILE
|
||||
printf "%s\n" "$1" >> $PROFILE
|
||||
cat /etc/wmde-rp-unison.prf >> $PROFILE
|
||||
}
|
||||
|
||||
generate_profile "$IGNORE_RULES"
|
||||
unison wmde -sshargs "$SSHARGS" -times -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync'
|
||||
echo "$$" > $SMALLFILESSYNC
|
||||
|
||||
# Sync all
|
||||
unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -times -sshargs "$SSHARGS" -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync'
|
||||
echo "$$" > $FULLSYNC
|
||||
echo "$$" > $FIRSTSYNC
|
||||
|
||||
# Sync all & repeat
|
||||
unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -times -sshargs "$SSHARGS" -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync' -repeat watch+60
|
||||
|
||||
fi
|
||||
|
||||
|
||||
|
||||
exit 0
|
||||
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=WMDE RP User Sync
|
||||
After=default.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/bin/bash -c 'exec /usr/local/bin/wmde/wmde-rp-usersync-ssh.sh'
|
||||
Restart=always
|
||||
RestartSec=20
|
||||
TimeoutStopSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
#!/bin/sh
|
||||
NFSSERVER=nfsserver.gs.wikimedia.de
|
||||
NFSHOMES=/mnt/home
|
||||
|
||||
PREFIX=/usr/local/bin/wmde
|
||||
|
||||
|
||||
ADMIN_USERS="admin root" # never run roaming profiles for this users
|
||||
MIN_USER_ID=10000 # no roaming users with id < 10000 (non-IPA-users)
|
||||
RPGROUPS=wmde-rp-users
|
||||
|
||||
NETGROUPS="wmde-rp-general"
|
||||
|
||||
|
||||
WAIT_FOR_CONFIG=always # always, first or never
|
||||
WAIT_FOR_SMALLFILESSYNC=first # always, first or never
|
||||
WAIT_FOR_FULLSYNC=never # always, first or never
|
||||
|
||||
|
||||
CONFIGDIRS=".config \
|
||||
.local/share/backgrounds"
|
||||
|
||||
|
||||
SMALLFILESSIZE=1024
|
||||
CONFIGFILESSIZE=1024
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
[Desktop Entry]
|
||||
Type=Application
|
||||
Exec=/bin/bash -c 'exec /usr/local/bin/wmde-rp-usersync.sh'
|
||||
Hidden=false
|
||||
NoDisplay=false
|
||||
X-GNOME-Autostart-enabled=true
|
||||
Name=WMDE Userprofile Sync
|
||||
Comment=Sync WMDE user profiles
|
||||
Loading…
Reference in New Issue