diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..97db70d --- /dev/null +++ b/install.sh @@ -0,0 +1,77 @@ +#!/bin/sh + + +if [ -f /etc/os-release ]; then + . /etc/os-release + DISTRO=$ID + + if [ "$DISTRO" = "ubuntu" ] || [ "$DISTRO" = "debian" ]; then + OS=DEBIAN + elif [ "$DISTRO" = "fedora" ] || [ "$DISTRO" = "centos" ]; then + OS=CENTOS + else + echo "OS not detected" + exit 1 + fi +else + echo "/etc/os-release not found, cannot determine OS." + exit 1 +fi + + +PREFIX=/usr/local/bin/wmde + +copy_files() { + mkdir -p $PREFIX + cp wmde-rp-init.sh $PREFIX/ + cp wmde-rp-check-pam-user.sh $PREFIX/ + #cp wmde-rp-unison-initial-sync-nfs.sh $PREFIX/ + cp wmde-rp-generate-known-hosts.sh $PREFIX/ + #cp wmde-rp-usersync-nfs.sh $PREFIX/ + cp wmde-rp-usersync-ssh.sh $PREFIX/ + cp wmde-rp-progress.sh $PREFIX/ + cp wmde-rp-common.sh $PREFIX/ + chmod 755 $PREFIX/* + + cp wmde-rp-usersync.service /etc/systemd/user/wmde-rp-usersync.service + mkdir -p /etc/systemd/user/default.target.wants + rm -rf /etc/systemd/user/default.target.wants/wmde-rp-usersync.service + ln -s /etc/systemd/user/wmde-rp-usersync.service /etc/systemd/user/default.target.wants/wmde-rp-usersync.service + + cp wmde-rp-unison.prf /etc +} + +update_pam() { + rm -rf /etc/authselect/custom/wmde + authselect create-profile wmde -b sssd --symlink-meta + + cp postlogin /etc/authselect/custom/wmde/postlogin + + authselect select custom/wmde with-mkhomedir with-sudo + authselect apply-changes +} + +if [ "$OS" = "CENTOS" ]; then + dnf install -y unison + copy_files + update_pam +fi + +if [ "$OS" = "DEBIAN" ]; then + apt purge -y unison + mkdir -p unison_temp + cd unison_temp + wget https://github.com/bcpierce00/unison/releases/download/v2.53.7/unison-2.53.7-ubuntu-x86_64-static.tar.gz + tar xvfz unison-2.53.7-ubuntu-x86_64-static.tar.gz + cd bin + chmod +x unison unison-fsmonitor + sudo mv unison unison-fsmonitor /usr/local/bin/ + cd .. + cd .. + rm -rf unison_temp + + copy_files +fi + + + diff --git a/password-auth b/password-auth new file mode 100644 index 0000000..fc6ce9c --- /dev/null +++ b/password-auth @@ -0,0 +1,46 @@ +auth required pam_env.so +auth required pam_faildelay.so delay=2000000 +auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"} +auth required pam_faillock.so preauth silent {include if "with-faillock"} +auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} +auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} +auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular +auth [default=1 ignore=ignore success=ok] pam_localuser.so +auth sufficient pam_unix.so {if not "without-nullok":nullok} +auth sufficient pam_systemd_home.so {include if "with-systemd-homed"} +auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular +auth sufficient pam_sss.so forward_pass +auth required pam_faillock.so authfail {include if "with-faillock"} +auth optional pam_gnome_keyring.so auto_start {include if "with-pam-gnome-keyring"} +auth required pam_deny.so + +account required pam_access.so {include if "with-pamaccess"} +account required pam_faillock.so {include if "with-faillock"} +account sufficient pam_systemd_home.so {include if "with-systemd-homed"} +account required pam_unix.so +account sufficient pam_localuser.so {exclude if "with-files-access-provider"} +account sufficient pam_usertype.so issystem +account [default=bad success=ok user_unknown=ignore] pam_sss.so +account required pam_permit.so + +password sufficient pam_systemd_home.so {include if "with-systemd-homed"} +password requisite pam_pwquality.so local_users_only +password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} +password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} +password sufficient pam_unix.so yescrypt shadow {if not "without-nullok":nullok} use_authtok +password [success=1 default=ignore] pam_localuser.so +password sufficient pam_sss.so use_authtok +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} +session optional pam_systemd_home.so {include if "with-systemd-homed"} +-session optional pam_systemd.so +session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} +session optional pam_exec.so /usr/local/bin/wmde/wmde-rp-init-nfs.sh + +session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid +session required pam_unix.so +session optional pam_sss.so +session optional pam_gnome_keyring.so auto_start {include if "with-pam-gnome-keyring"} diff --git a/postlogin b/postlogin new file mode 100644 index 0000000..0303c10 --- /dev/null +++ b/postlogin @@ -0,0 +1,10 @@ +auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} + +password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} +session required pam_exec.so stdout /usr/local/bin/wmde/wmde-rp-init.sh + +session optional pam_umask.so silent +session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet +session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed} +session optional pam_lastlog.so silent noupdate showfailed + diff --git a/rm.sh b/rm.sh new file mode 100644 index 0000000..ce2ef3c --- /dev/null +++ b/rm.sh @@ -0,0 +1,2 @@ +rm -f /tmp/tobias.herre.txz +rm -rf /home/tobias.herre diff --git a/test.sh b/test.sh new file mode 100644 index 0000000..52b9847 --- /dev/null +++ b/test.sh @@ -0,0 +1,8 @@ +CONFIGDIRS="\ + -path .config \ + -path .local/share/backgrounds \ + -path testdir1 \ + -path testdir2" + +echo $CONFIGDIRS + diff --git a/uninstall.sh b/uninstall.sh new file mode 100755 index 0000000..2b1dcb1 --- /dev/null +++ b/uninstall.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +#authselect select sssd with-mkhomedir with-sudo +#authselect apply-changes + +PREFIX=/usr/local/bin/wmde + +rm -rf $FREFIX + +rm -f /etc/systemd/user/wmde-rp-usersync-nfs.service +rm -f /etc/systemd/user/wmde-rp-usersync-ssh.service +rm -f /etc/systemd/user/wmde-rp-usersync.service + diff --git a/wmde-rp-check-pam-user.sh b/wmde-rp-check-pam-user.sh new file mode 100755 index 0000000..f75bf04 --- /dev/null +++ b/wmde-rp-check-pam-user.sh @@ -0,0 +1,58 @@ +#!/bin/sh + + +# we want only initialize with unison if session is starting +if [ "$PAM_TYPE" != "open_session" ]; then + exit 0 +fi + +. /etc/wmde-rp.conf + +USER_UID=$(id -u "$PAM_USER" 2>/dev/null) + +# do not run for uid < $MIN_USER_ID +if [ -z "$USER_UID" ] || [ "$USER_UID" -lt $MIN_USER_ID ]; then + exit 0 +fi + +# do not run for any admin users +for user in $ADMIN_USERS; do + if [ "$PAM_USER" = "$user" ]; then + exit 0 + fi +done + +FQDN=$(hostname -f) +DOMAIN=$(hostname -d) + +for group in $NETGROUPS; do + OUTPUT=$(getent netgroup "$group" "$FQDN" "$PAM_USER" "$DOMAIN" 2>/dev/null) + echo "$OUTPUT" | grep -q "1$" + if [ $? -eq 0 ]; then + PRGROUPFOUND=1 + break + fi +done + +if [ $PRGROUPFOUND -ne 1 ]; then + exit 0 +fi + + +# Get all users groups +#USER_GROUPS=$(id -nG "$PAM_USER") + +#RPGROUPFOUND=0 +#for GROUP in $RPGROUPS; do +# for USERGROUP in $USER_GROUPS; do +# if [ "$GROUP" = "$USERGROUP" ]; then +# RPGROUPFOUND=1 +# fi +# done +#done + +#if [ "$RPGROUPFOUND" -eq 0 ]; then +# exit 0 +#fi + + diff --git a/wmde-rp-common.sh b/wmde-rp-common.sh new file mode 100644 index 0000000..ba126cc --- /dev/null +++ b/wmde-rp-common.sh @@ -0,0 +1,11 @@ + + + +LOGFILE=$HOMEDIR/.wmdesync/usersync.log +PIDFILE=$HOMEDIR/.wmdesync/usersync.pid +FIRSTSYNC=$HOMEDIR/.wmdesync/firstsync-done +FULLSYNC=$HOMEDIR/.wmdesync/fullsync-done +CONFIGSYNC=$HOMEDIR/.wmdesync/configsync-done +SMALLFILESSYNC=$HOMEDIR/.wmdesync/smallfilessync-done + + diff --git a/wmde-rp-generate-known-hosts.sh b/wmde-rp-generate-known-hosts.sh new file mode 100755 index 0000000..0117053 --- /dev/null +++ b/wmde-rp-generate-known-hosts.sh @@ -0,0 +1,7 @@ +#!/bin/bash +. /etc/wmde-rp.conf + +set -e +set -o pipefail +ipa host-show $NFSSERVER --all | grep "SSH public key:" | sed 's/.*SSH public key: //;s/, /\n/g' | sed "s/^\([^[:space:]]\+\s\+.*\)$/$NFSSERVER \1/" #> "$HOMEDIR/.wmdesync/known_hosts" + diff --git a/wmde-rp-init.sh b/wmde-rp-init.sh new file mode 100755 index 0000000..1fdca6f --- /dev/null +++ b/wmde-rp-init.sh @@ -0,0 +1,169 @@ +#!/bin/sh + +PREFIX=/usr/local/bin/wmde + +. /etc/wmde-rp.conf + +#set -x +#set -e + +cd /tmp + +. $PREFIX/wmde-rp-check-pam-user.sh #exit if user does not belong to rp criteria + + + +#echo "WMDE Roaming Profile" + +export HOMEDIR=$(getent passwd "$PAM_USER" | cut -d: -f6) +export WMDE_UNISONARGS="-auto -log -prefer newer -batch" +export UNISON=$HOMEDIR/.unison-wmde +export PAM_USER=$PAM_USER +export SSHARGS="-o UserKnownHostsFile=$HOMEDIR/.wmdesync/known_hosts" + + + +. $PREFIX/wmde-rp-common.sh + +TIMEOUT=30 + + + +#if [ -f "$FIFULLSYNC" ]; then +# exit 0 +#fi + +if [ ! -f "$FIRSTSYNC" ]; then + FIRSTRUN="first" +else + FIRSTRUN="no" + +fi + +echo "FIRST $FIRSTRUN" >> /tmp/wtforsyc.txt + + +if [ "$WAIT_FOR_CONFIG" = "never" ] && [ "$WAIT_FOR_FULLSYNC" = "never" ] && [ "$WAIT_FOR_SMALLFILESSYNC" = "never" ]; then + exit 0 +fi + +# wait for pid file to be created (max 30 seconds) +i=0 +while [ $i -lt $TIMEOUT ]; do + echo "WAITING FOR PIDFILE $i" >> /tmp/wtforsyc.txt + if [ -f "$PIDFILE" ]; then + echo "FOUND PID FILE" >> /tmp/wtforsyc.txt + PID=`cat $PIDFILE` + if kill -0 "$PID" 2>/dev/null; then + break + fi + fi + sleep 1 + i=$((i + 1)) +done +if [ $i -eq $TIMEOUT ]; then + echo "NO PIDFILE - ERROR" >> /tmp/wtforsyc.txt + exit 1 +fi +echo "PID is $PID my PID $$" >> /tmp/wtforsyc.txt + + +echo "Loading roaming profile, please be patient ..." + +wait_for_sync() { + # $1 dir to watch + # $2 pid_file + + while kill -0 "$PID" 2>/dev/null && [ "$PID" != "`cat $2`" ]; do + size=$(du -sh $1 2>/dev/null | cut -f1) + #echo "Loading roaming profile: $size / $xsize" + echo "$3 $size $4" + echo "PID: $PID in file $2: `cat $2`" >> /tmp/wtforsyc.txt + sleep 3 + done + echo "FINAL PID: $PID in file $2: `cat $2`" >> /tmp/wtforsyc.txt + + +# echo "Parameter 1: $1" +# echo "Parameter 2: $2" +} + +if [ "$WAIT_FOR_CONFIG" = "always" ] || [ "$WAIT_FOR_CONFIG" = "$FIRSTRUN" ]; then + echo "Wait for Config" >> /tmp/wtforsyc.txt + wait_for_sync $HOMEDIR/.config $CONFIGSYNC "Loading config:" "" +fi + +if [ "$WAIT_FOR_SMALLFILESSYNC" = "always" ] || [ "$WAIT_FOR_SMALLFILESSYNC" = "$FIRSTRUN" ]; then + echo "Wait for Small files" >> /tmp/wtforsyc.txt + wait_for_sync $HOMEDIR $SMALLFILESSYNC "Loading small files:" "" +fi + + + + +if [ "$WAIT_FOR_FULLSYNC" = "always" ] || [ "$WAIT_FOR_FULLSYNC" = "$FIRSTRUN" ]; then + + echo "Wait for fullsync" >> /tmp/wtforsyc.txt + i=0 + while [ $i -lt $TIMEOUT ]; do + if [ -f "$HOMEDIR/.wmdesync/known_hosts" ]; then + break + fi + sleep 1 + i=$((i + 1)) + done + + if [ $i -eq $TIMEOUT ]; then + xsize="unknown" + else + xsize=$(sudo -E -u $PAM_USER ssh $SSHARGS $NFSSERVER "du -sh $HOMDIR | cut -f1") + fi + + + wait_for_sync $HOMEDIR/ $FULLSYNC "Loading profile:" "/$xsize" +fi + +echo "Finished" >> /tmp/wtforsyc.txt +exit 0 + + + + + +PID=`cat $PIDFILE` +while kill -0 "$PID" 2>/dev/null; do + if [ -f "$FULLSYNC" ]; then + exit 0 + fi + size=$(du -sh $HOMEDIR | cut -f1) + echo "Loading roaming profile: $size / $xsize" + sleep 3 +done + +echo "Failed to initialize roaming profile." +sleep 5 +exit 1 + + + +if [ ! -f "$HOMEDIR/.wmdesync/known_hosts" ]; then + #sudo -E -u $PAM_USER /bin/sh -c "$PREFIX/wmde-rp-unison-initial-sync-nfs.sh" + sudo -E -u $PAM_USER /bin/sh -c "$PREFIX/wmde-rp-usersync-ssh.sh pam" + LASTERROR=$? + if [ $LASTERROR -ne 0 ]; then + echo "Initial sync with WMDE roaming profile failed. $LASTERROR" + sleep 20 + rm -f "$HOMEDIR/.wmdesync/known_hosts" + exit $LASTERROR + fi + +fi + +#if [ ! -f "$HOMEDIR/.config/systemd/user/default.target.wants/wmde-rp-usersync.service" ]; then + +# sudo -E -u $PAM_USER mkdir -p $HOMEDIR/.config/systemd/user/default.target.wants #2>>/tmp/login.txt +# sudo -E -u $PAM_USER ln -s /etc/systemd/user/wmde-rp-usersync.service $HOMEDIR/.config/systemd/user/default.target.wants/wmde-rp-usersync.service #2>>/tmp/login.txt +#fi +#sudo -E -u $PAM_USER systemctl --user start wmde-rp-usersync.service + + diff --git a/wmde-rp-progress.sh b/wmde-rp-progress.sh new file mode 100755 index 0000000..e514aae --- /dev/null +++ b/wmde-rp-progress.sh @@ -0,0 +1,11 @@ +#!/bin/sh + + +while true; do + size=$(du -sh $1 | cut -f1) + echo "Loading roaming profile: $size of $2." + sleep 3 +done + + + diff --git a/wmde-rp-start-usersync.sh b/wmde-rp-start-usersync.sh new file mode 100755 index 0000000..403110f --- /dev/null +++ b/wmde-rp-start-usersync.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +echo "hallo" >> /tmp/tobias +sleep 60 +echo "sart hallo" >> /tmp/tobias +systemctl --user daemon-reload +systemctl --user enable wmde-rp-usersync-nfs.service +systemctl --user start wmde-rp-usersync-nfs.service + +echo "end hallo" >> /tmp/tobias + diff --git a/wmde-rp-unison-initial-sync-nfs.sh b/wmde-rp-unison-initial-sync-nfs.sh new file mode 100755 index 0000000..0677e22 --- /dev/null +++ b/wmde-rp-unison-initial-sync-nfs.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +. /etc/wmde-rp.conf + +KNOWNHOSTS=`$PREFIX/wmde-rp-generate-known-hosts.sh` +LASTERROR=$? if [ $LASTERROR -ne 0 ]; then exit $LASTERROR fi + +mkdir -p $HOMEDIR/.wmdesync +LASTERROR=$? if [ $LASTERROR -ne 0 ]; then exit $LASTERROR fi + + +echo $KNOWNHOSTS > "$HOMEDIR/.wmdesync/known_hosts" +LASTERROR=$? if [ $LASTERROR -ne 0 ]; then exit $LASTERROR fi + +ssh $SSHARGS $PAM_USER@$NFSSERVER /usr/bin/true +LASTERROR=$? if [ $LASTERROR -ne 0 ]; then exit $LASTERROR fi + + + +ls $NFSHOMES/$PAM_USER/ + +#mkdir -p $HOMEDIR/.config +#mkdir -p $NFSHOMES/$PAM_USER/.config +#unison $HOMEDIR/.config $NFSHOMES/$PAM_USER/.config $WMDE_UNISONARGS -ignore "Path .unison-wmde" + +#mkdir -p $HOMEDIR/.local/share/backgrounds +#mkdir -p $NFSHOMES/$PAM_USER/.local/share/backgrounds +#unison $HOMEDIR/.local/share/backgrounds $NFSHOMES/$PAM_USER/.local/share/backgrounds $WMDE_UNISONARGS -ignore "Path .unison-wmde" + + + +IGNORES="-ignore 'Path .wmdesync' " +OTHERARGS="-auto -log -prefer newer -fastcheck true -maxerrors 5000 " + + +export UNISON=$HOMEDIR/.wmdesync/unison +export UNISONLOCALHOSTNAME=`hostname` + +mkdir -p $UNISON +WMDE_UNISON_PRF=/etc/wmde-rp-unison.prf +if [ -e "$WMDE_UNISON_PRF" ]; then cp "$WMDE_UNISON_PRF" "$UNISON/default.prf"; fi + +echo "Doing initial profile sync, be patient ..." +eval unison $HOMEDIR $NFSHOMES/$PAM_USER $OTHERARGS -batch $IGNORES > /tmp/login.txt 2>&1 +echo "Profile is now ready." + + diff --git a/wmde-rp-unison.prf b/wmde-rp-unison.prf new file mode 100644 index 0000000..a6200bd --- /dev/null +++ b/wmde-rp-unison.prf @@ -0,0 +1,10 @@ +ignore = Path Local +ignore = Name .cache +ignore = Name .cache2 +ignore = Path .thunderbird/*/ImapMail +ignore = Path .mozilla/firefox/*/storage +ignore = Path .mozilla/firefox/*/lock +ignore = Path snap/firefox/common/.mozilla/firefox/*/storage +ignore = Path .config/goa-1.0/accounts.conf +ignore = Path .config/sipgate-softphone/Cache + diff --git a/wmde-rp-usersync-nfs.sh b/wmde-rp-usersync-nfs.sh new file mode 100755 index 0000000..029c65a --- /dev/null +++ b/wmde-rp-usersync-nfs.sh @@ -0,0 +1,109 @@ +#!/bin/sh + +. /etc/wmde-rp.conf + +set -x +USER=`whoami` +PAM_USER=$USER +PAM_TYPE=open_session + +. $PREFIX/wmde-rp-check-pam-user.sh + + +HOMEDIR=$(getent passwd "$USER" | cut -d: -f6) + +IGNORES="-ignore 'Path .wmdesync'" +OTHERARGS="-auto -log -prefer newer -fastcheck true -maxerrors 5000" + + +export UNISON=$HOMEDIR/.wmdesync/unison +export UNISONLOCALHOSTNAME=`hostname` +WMDE_UNISON_PRF=/etc/wmde-rp-unison.prf +if [ -e "$WMDE_UNISON_PRF" ]; then cp "$WMDE_UNISON_PRF" "$UNISON/default.prf"; fi + +eval unison $HOMEDIR $NFSHOMES/$USER $OTHERARGS -repeat watch+60 -watch -batch $IGNORES + +echo "$HOMEDIR" +exit 0 + + + +exit 0 + +echo "Login as $PAM_USER with type $PAM_TYPE" >> /tmp/login.txt + +export NFSSERVER="nfsserver.lan.gs.wikimedia.de" +export HOMEDIR=$(getent passwd "$PAM_USER" | cut -d: -f6) + +export OTHERARGS_CONF="-auto -log -prefer newer " +export PIDFILE="$HOMEDIR/.wmdesync/unison.pid" + + + + +GROUP="wmde" + +if id -nG "$PAM_USER" | grep -qw "$GROUP"; then + echo "$PAM_USER is member of $GROUP." >> /tmp/login.txt +else + echo "$PAM_USER is not member of $GROUP." >> /tmp/login.txt + exit 0 +fi + +echo "Action begins" >> /tmp/login.txt +echo "Homedir for $PAM_USER is $HOMEDIR." >> /tmp/login.txt + + +generate_known_hosts() { + + echo "SUBFUNC $HOMEDIR, $NFSSERVER" >> /tmp/login.txt + ipa host-show nfsserver.lan.gs.wikimedia.de --all | grep "SSH public key:" | sed 's/.*SSH public key: //;s/, /\n/g' | sed "s/^\([^[:space:]]\+\s\+.*\)$/$NFSSERVER \1/" > "$HOMEDIR/.wmdesync/known_hosts" +} + +oioioioisync_config() { + rm -rf $HOMEDIR/.unison + unison $HOMEDIR/.config ssh://$NFSSERVER/$HOMEDIR/.config -sshargs "$SSHARGS" $OTHERARGS_CONF -batch # & echo $! > $PIDFILE + mkdir -p $HOMEDIR/.local/share/backgrounds + unison $HOMEDIR/.local/share/backgrounds ssh://$NFSSERVER/$HOMEDIR/.local/share/backgrounds -sshargs "$SSHARGS" $OTHERARGS_CONF -batch # & echo $! > $PIDFILE + +} + +sync_all() { +#Prüfen, ob PID-Datei existiert +if -f "$PIDFILE" ; then + PID=$(cat "$PIDFILE") + # Prüfen, ob Prozess läuft und Unison ist + if ps -p "$PID" > /dev/null 2>&1; then + # Ist es auch wirklich ein Unison-Prozess? + if ps -p "$PID" -o comm= | grep -q "^unison$"; then + echo "Unison läuft bereits mit PID $PID." + exit 0 + else + echo "PID $PID gehört nicht zu Unison. Ignoriere PID-Datei." + fi + else + echo "PID $PID läuft nicht mehr. Starte Unison neu." + fi +fi + +unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -sshargs "$SSHARGS" $OTHERARGS -batch -ignore 'Path .unison' -ignore 'Path .cache' & echo $! > $PIDFILE + + +} + + + +sudo -E -u $PAM_USER mkdir -p $HOMEDIR/.wmdesync +sudo -E -u $PAM_USER bash -c "$(declare -f generate_known_hosts); generate_known_hosts" 2>>/tmp/login.txt +sudo -E -u $PAM_USER bash -c "$(declare -f sync_config); sync_config" 2>>/tmp/login.txt +sudo -E -u $PAM_USER bash -c "$(declare -f sync_all); sync_all" 2>>/tmp/login.txt + +#sudo -u "$PAM_USER" bash -c "NFSSERVER='$NFSSERVER' HOMEDIR='$HOMEDIR' $(declare -f generate_known_hosts); generate_known_hosts" 2>>/tmp/login.txt + +#sudo -u "$PAM_USER" bash -c "NFSSERVER='$NFSSERVER' HOMEDIR='$HOMEDIR' SSHARGS='$SSHARGS' OTHERARGS='$OTHERARGS_CONF'; $(declare -f sync_config); sync_config" 2>>/tmp/login.txt + + + +echo "RESULT $?" >> /tmp/login.txt +echo "Done" >> /tmp/login.txt + diff --git a/wmde-rp-usersync-ssh.sh b/wmde-rp-usersync-ssh.sh new file mode 100755 index 0000000..c6d0ed3 --- /dev/null +++ b/wmde-rp-usersync-ssh.sh @@ -0,0 +1,210 @@ +#!/bin/sh + +. /etc/wmde-rp.conf + +#exec > >(tee /dev/null) 2>&1 + +USER=`whoami` +PAM_USER=$USER +PAM_TYPE=open_session +#exec >> /tmp/mys-$USER.txt 2>&1 +#set -x + +. $PREFIX/wmde-rp-check-pam-user.sh + +#echo `who am i` > /tmp/usersync-session.txt + + +HOMEDIR=$(getent passwd "$PAM_USER" | cut -d: -f6) +SSHARGS="-o UserKnownHostsFile=$HOMEDIR/.wmdesync/known_hosts" + +. $PREFIX/wmde-rp-common.sh + +mkdir -p $HOMEDIR/.wmdesync +LASTERROR=$? +if [ $LASTERROR -ne 0 ]; then + echo $$ > $CONFIGSYNC + echo $$ > $FULLSYNC + exit $LASTERROR +fi + + +#LOGFILE=$HOMEDIR/.wmdesync/usersync.log +#PIDFILE=$HOMEDIR/.wmdesync/usersync.pid +#FIRSTSYNC=$HOMEDIR/.wmdesync/firstsync-done +#FULLSYNC=$HOMEDIR/.wmdesync/fullsync-done +#CONFIGSYNC=$HOMEDIR/.wmdesync/configsync-done + +. $PREFIX/wmde-rp-common.sh + +if [ -f "$PIDFILE" ]; then + OLD_PID=`cat "$PIDFILE"` + if kill -0 "$OLD_PID" 2> /dev/null; then + echo "Usersync already running." >> $LOGFILE + exit 0 + fi +fi + +echo 0 > $CONFIGSYNC +echo 0 > $FULLSYNC +echo 0 > $SMALLFILESSYNC +echo $$ > $PIDFILE + + + + +KNOWNHOSTS=`$PREFIX/wmde-rp-generate-known-hosts.sh` +LASTERROR=$? +if [ $LASTERROR -ne 0 ]; then + echo $$ > $CONFIGSYNC + echo $$ > $FULLSYNC + exit $LASTERROR +fi + + + + +echo $KNOWNHOSTS > "$HOMEDIR/.wmdesync/known_hosts" +LASTERROR=$? +if [ $LASTERROR -ne 0 ]; then + echo $$ > $CONFIGSYNC + echo $$ > $FULLSYNC + exit $LASTERROR +fi + +# The following creates users home directory on the nfs server if not already exists +ssh $SSHARGS $PAM_USER@$NFSSERVER /usr/bin/true +LASTERROR=$? +if [ $LASTERROR -ne 0 ]; then + echo $$ > $CONFIGSYNC + echo $$ > $FULLSYNC + exit $LASTERROR +fi + + + + +IGNORES="-ignore 'Path .wmdesync'" +OTHERARGS="-auto -log -prefer newer -maxerrors 500000" +#-fastcheck" + +export UNISONLOCALHOSTNAME=`hostname` +export UNISON=$HOMEDIR/.wmdesync/unison-$UNISONLOCALHOSTNAME +WMDE_UNISON_PRF=/etc/wmde-rp-unison.prf +SERVERCMD="UNISONLOCALHOSTNAME=$UNISONLOCALHOSTNAME UNISON=$UNISON unison" + +mkdir -p $UNISON +LASTERROR=$? +if [ $LASTERROR -ne 0 ]; then + echo $$ > $CONFIGSYNC + echo $$ > $FULLSYNC + exit $LASTERROR +fi + +ssh $SSHARGS $NFSSERVER "mkdir -p $UNISON" +LASTERROR=$? +if [ $LASTERROR -ne 0 ]; then + echo $$ > $CONFIGSYNC + echo $$ > $FULLSYNC + exit $LASTERROR +fi + + + + +REMOTEDIR="$UNISON" +LOCALDIR="$UNISON" +REMOTEFILES=$(ssh $SSHARGS $PAM_USER@$NFSSERVER find "$REMOTEDIR" -maxdepth 1 -type f -name 'ar*' -printf '%f\\n' | sort) +LOCALFILES=$(find "$LOCALDIR" -maxdepth 1 -type f -name 'ar*' -printf '%f\n' | sort) + +#echo $REMOTEFILES +#echo $LOCALFILES + + +rm -f $LOCALDIR/lk* +rm -f $LOCALDIR/fp* +ssh $SSHARGS $PAM_USER@$NFSSERVER rm -f $REMOTEDIR/lk* +ssh $SSHARGS $PAM_USER@$NFSSERVER rm -f $REMOTEDIR/fp* + + +if [ "$REMOTEFILES" = "$LOCALFILES" ]; then + echo "ok" > /dev/null + +else +# echo "Unison archives differ, removing them " + rm -f $LOCALDIR/ar* + ssh $SSHARGS $PAM_USER@$NFSSERVER rm -f $REMOTEDIR/ar* +fi + + +for file in $LOCALDIR/ar*; do + [ -e "$file" ] || continue # Falls kein Match, "ar*" bleibt als String erhalten + if [ ! -s "$file" ]; then + rm -f "$file" + ssh $SSHARGS $PAM_USER@$NFSSERVER rm -f "$file" + fi +done + + +#if [ -e "$WMDE_UNISON_PRF" ]; then + cp "$WMDE_UNISON_PRF" "$UNISON/default.prf"; + cat "$WMDE_UNISON_PRF" | ssh $SSHARGS $NFSSERVER "cat > $UNISON/default.prf" +#fi + +if [ "$1" = "pam" ]; then + echo "Loading roaming profile, please be patient ..." + size=$(ssh $SSHARGS $NFSSERVER "du -sh $HOMDIR | cut -f1") + $PREFIX/wmde-rp-progress.sh $HOMEDIR $size & + PRPID=$! + + unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -times -sshargs "$SSHARGS" -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync' -silent > /dev/null 2>&1 + + kill $PRPID + echo "Raoming profile loaded." +else + # Sync config + + for item in $CONFIGDIRS; do + CONFIGDIRSARGS="$CONFIGDIRSARGS -path $item" + done + + unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -times -sshargs "$SSHARGS" -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync' $CONFIGDIRSARGS + echo "$$" > $CONFIGSYNC + + + PROFILE=$UNISON/wmde.prf + REMOTE_BASE=$HOMEDIR + +IGNORE_RULES=$( + ssh "$SSHARGS" $NFSSERVER "find '$REMOTE_BASE' -type f -size +$SMALLFILESSIZE" | + while IFS= read -r filepath; do + # Pfad relativieren zum REMOTE_BASE + relpath="${filepath#$REMOTE_BASE/}" + echo "ignore = Path $relpath" + done +) +generate_profile() { + echo "root = $HOMEDIR" > $PROFILE + echo "root = ssh://$NFSSERVER/$HOMEDIR" >> $PROFILE + printf "%s\n" "$1" >> $PROFILE + cat /etc/wmde-rp-unison.prf >> $PROFILE +} + + generate_profile "$IGNORE_RULES" + unison wmde -sshargs "$SSHARGS" -times -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync' + echo "$$" > $SMALLFILESSYNC + + # Sync all + unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -times -sshargs "$SSHARGS" -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync' + echo "$$" > $FULLSYNC + echo "$$" > $FIRSTSYNC + + # Sync all & repeat + unison $HOMEDIR ssh://$NFSSERVER/$HOMEDIR -times -sshargs "$SSHARGS" -servercmd "$SERVERCMD" $OTHERARGS -batch -ignore 'Path .wmdesync' -repeat watch+60 + +fi + + + +exit 0 + diff --git a/wmde-rp-usersync.service b/wmde-rp-usersync.service new file mode 100644 index 0000000..5ea5f17 --- /dev/null +++ b/wmde-rp-usersync.service @@ -0,0 +1,12 @@ +[Unit] +Description=WMDE RP User Sync +After=default.target + +[Service] +ExecStart=/bin/bash -c 'exec /usr/local/bin/wmde/wmde-rp-usersync-ssh.sh' +Restart=always +RestartSec=20 +TimeoutStopSec=5 + +[Install] +WantedBy=default.target diff --git a/wmde-rp.conf b/wmde-rp.conf new file mode 100644 index 0000000..5cc1f09 --- /dev/null +++ b/wmde-rp.conf @@ -0,0 +1,26 @@ +#!/bin/sh +NFSSERVER=nfsserver.gs.wikimedia.de +NFSHOMES=/mnt/home + +PREFIX=/usr/local/bin/wmde + + +ADMIN_USERS="admin root" # never run roaming profiles for this users +MIN_USER_ID=10000 # no roaming users with id < 10000 (non-IPA-users) +RPGROUPS=wmde-rp-users + +NETGROUPS="wmde-rp-general" + + +WAIT_FOR_CONFIG=always # always, first or never +WAIT_FOR_SMALLFILESSYNC=first # always, first or never +WAIT_FOR_FULLSYNC=never # always, first or never + + +CONFIGDIRS=".config \ + .local/share/backgrounds" + + +SMALLFILESSIZE=1024 +CONFIGFILESSIZE=1024 + diff --git a/wmde-usersync.desktop b/wmde-usersync.desktop new file mode 100644 index 0000000..6683bac --- /dev/null +++ b/wmde-usersync.desktop @@ -0,0 +1,8 @@ +[Desktop Entry] +Type=Application +Exec=/bin/bash -c 'exec /usr/local/bin/wmde-rp-usersync.sh' +Hidden=false +NoDisplay=false +X-GNOME-Autostart-enabled=true +Name=WMDE Userprofile Sync +Comment=Sync WMDE user profiles