checktrust: Alert user on greeter if workstation lost trust

Install three new files into the system: - /etc/xdg/lightdm/lightdm.conf.d/50-use-wrapper.conf - /usr/libexec/lightdm-greeter-wrapper - /usr/libexec/lightdm-show-trust-warning The first file adds a configuration option to lightdm to invoke the greeter via a wrapper. The second file is the wrapper script, which forks of the third script before exec-ing into the greeter. The third script uses /usr/sbin/trustcheck to find out whether we lost trust of the other nodes. If it gets a negative verdict, it shows a dialog on top of the login screen to alert the user about the condition. If it doesn't get a verdict, it keeps asking (e.g. when the network is not plugged in). xdotool is used to raise the dialog above the (full screen) login window. This has to be done in a loop, because we don't know how long the login windows needs to appear and pop up in front of the dialog.
mariux64 · Jul 9, 2020 · 56266fe · 56266fe
1 parent cebbd07
commit 56266fe
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 0 deletions.
diff --git a/checktrust/lightdm-greeter-wrapper b/checktrust/lightdm-greeter-wrapper
@@ -0,0 +1,3 @@
+#! /bin/bash
+(/usr/libexec/lightdm-show-trust-warning &)
+exec "$@"
diff --git a/checktrust/lightdm-show-trust-warning b/checktrust/lightdm-show-trust-warning
@@ -0,0 +1,28 @@
+#! /usr/bin/bash
+
+while true; do
+    reply="$(/usr/sbin/checktrust)"
+    if [ "$reply" = "trusted" ]; then
+        break
+    elif [ "$reply" = "not trusted" ]; then
+        if [ -z "$XDOPID" ]; then
+            (while true; do xdotool search --sync --name bla windowraise; sleep 1; done) &
+            XDOPID=$!
+        fi
+        xdotool search --sync --name bla windowraise &
+        zenity --width 400 --error --title bla --text \
+"<b>Loss of trust detected!</b>
+
+Looks like your machine lost the trust of our network. Maybe it was offline for too long.
+
+<i>You won't be able to log in.</i>
+
+<b>Please contact IT Helpdesk</b>
+
+helpdesk@molgen.mpg.de
+phone: -1708"
+        continue
+    fi
+    sleep 5
+done
+test -n "$XDOPID" && kill $XDOPID
diff --git a/checktrust/lightdm-use-wrapper.conf b/checktrust/lightdm-use-wrapper.conf
@@ -0,0 +1,2 @@
+[Seat:*]
+greeter-wrapper=/usr/libexec/lightdm-greeter-wrapper
diff --git a/install.sh b/install.sh
@@ -167,4 +167,8 @@ install_data crashkernel/crashkernel.service              "$DESTDIR$systemdunitd
 install_exec crashkernel/crash-recovery.sh                "$DESTDIR$root_sbindir/crash-recovery.sh"
 install_data misc_systemd_units/admin-sshd.service        "$DESTDIR$systemdunitdir/admin-sshd.service"
 install_exec checktrust/checktrust                        "$DESTDIR$usr_sbindir/checktrust"
+mkdir -p "$DESTDIR$sysconfdir/xdg/lightdm/lightdm.conf.d"
+install_data checktrust/lightdm-use-wrapper.conf          "$DESTDIR$sysconfdir/xdg/lightdm/lightdm.conf.d/50-use-wrapper.conf"
+install_exec checktrust/lightdm-greeter-wrapper           "$DESTDIR$usr_exec_prefix/libexec/lightdm-greeter-wrapper"
+install_exec checktrust/lightdm-show-trust-warning        "$DESTDIR$usr_exec_prefix/libexec/lightdm-show-trust-warning"
 exit