Skip to content

Commit

Permalink
Merge pull request #130 from mariux64/check-trust
Browse files Browse the repository at this point in the history
Check trust
  • Loading branch information
donald authored Jul 10, 2020
2 parents 9c3aedb + a018d40 commit c96ad4b
Show file tree
Hide file tree
Showing 8 changed files with 112 additions and 0 deletions.
12 changes: 12 additions & 0 deletions checktrust/checktrust
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#! /usr/bin/bash

for host in wtf afk pummelfee; do
reply="$(netcat -w 1 $host 236 </dev/null)"
if [ "$reply" = "I trust you" ]; then
echo "trusted"
exit
elif [ "$reply" = "I don't trust you" ]; then
echo "not trusted"
exit
fi
done
14 changes: 14 additions & 0 deletions checktrust/getty-checktrust
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#! /usr/bin/bash

if [ "$(/usr/sbin/checktrust)" = "not trusted" ]; then
mkdir -p /node/issue.d
cat > /node/issue.d/notrust.issue <<EOF
** WARNING: Loss of trust detected **
** Looks like your machine lost the trust of our network. Maybe it was offline for too long. **
** You won't be able to log in. **
** Please contact IT Helpdesk: <helpdesk@molgen.mpg.de>, phone: -1708 **
EOF
else
rm -f /node/issue.d/notrust.issue
fi
11 changes: 11 additions & 0 deletions checktrust/getty-checktrust.service
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[Unit]
Description=Check Mariux64 trust for getty
Before=getty@.service

[Install]
WantedBy=getty@.service

[Service]
Type=oneshot
ExecStart=/usr/libexec/getty-checktrust
RemainAfterExit=yes
3 changes: 3 additions & 0 deletions checktrust/lightdm-greeter-wrapper
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#! /bin/bash
(/usr/libexec/lightdm-show-trust-warning &)
exec "$@"
28 changes: 28 additions & 0 deletions checktrust/lightdm-show-trust-warning
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#! /usr/bin/bash

while true; do
reply="$(/usr/sbin/checktrust)"
if [ "$reply" = "trusted" ]; then
break
elif [ "$reply" = "not trusted" ]; then
if [ -z "$XDOPID" ]; then
(while true; do xdotool search --sync --name bla windowraise; sleep 1; done) &
XDOPID=$!
fi
xdotool search --sync --name bla windowraise &
zenity --width 400 --error --title bla --text \
"<b>Loss of trust detected!</b>
Looks like your machine lost the trust of our network. Maybe it was offline for too long.
<i>You won't be able to log in.</i>
<b>Please contact IT Helpdesk</b>
helpdesk@molgen.mpg.de
phone: -1708"
continue
fi
sleep 5
done
test -n "$XDOPID" && kill $XDOPID
2 changes: 2 additions & 0 deletions checktrust/lightdm-use-wrapper.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[Seat:*]
greeter-wrapper=/usr/libexec/lightdm-greeter-wrapper
26 changes: 26 additions & 0 deletions clusterd/clusterd
Original file line number Diff line number Diff line change
Expand Up @@ -1794,6 +1794,31 @@ sub cmd_push {

#------------------------------------------------------------

our $TRUSTCHECK_PORT=236;
our $trustcheck_listen_socket;

sub trustcheck_init {
$trustcheck_listen_socket=new IO::Socket::INET(LocalPort=>$TRUSTCHECK_PORT,Proto=>'tcp',Listen=>10,ReuseAddr=>1);
defined $trustcheck_listen_socket or die "$!\n";
My::Select::reader($trustcheck_listen_socket,\&trustcheck_connect_request);
}

sub trustcheck_connect_request {
My::Select::reader_requeue();
my $socket=$trustcheck_listen_socket->accept();
$socket->blocking(0);
my $hostname = gethostbyaddr(inet_aton($socket->peerhost()), AF_INET);
system 'hostconfig','--host',$hostname,'amd';
if ($? == 0) {
$socket->send("I trust you\n", 0);
} elsif ($? == 256) {
$socket->send("I don't trust you\n", 0);
}
close($socket);
}

#------------------------------------------------------------

use constant USAGE => <<'__EOF__';
usage: $0 [options]
Expand Down Expand Up @@ -1901,6 +1926,7 @@ if (defined $options{'push'}) {
init_area();
mgmt_init();
clp_init();
trustcheck_init();

sync_cluster_pw() or warn "$CLUSTER_PW_FILE: $!\n";

Expand Down
16 changes: 16 additions & 0 deletions install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,13 @@ function install_cron()
install_if "$1" "$2" $INSTALL_CRON
}

function install_symlink()
{
if [ "$(readlink "$2")" != "$1" ]; then
ln -sfv "$1" "$2"
fi
}

umask 022;

mkdir -p "$DESTDIR$usr_bindir"
Expand Down Expand Up @@ -159,4 +166,13 @@ install_data misc_etc_files/rsyslog.conf "$DESTDIR$sysconfdir/rsyslog.conf"
install_data crashkernel/crashkernel.service "$DESTDIR$systemdunitdir/crashkernel.service"
install_exec crashkernel/crash-recovery.sh "$DESTDIR$root_sbindir/crash-recovery.sh"
install_data misc_systemd_units/admin-sshd.service "$DESTDIR$systemdunitdir/admin-sshd.service"
install_exec checktrust/checktrust "$DESTDIR$usr_sbindir/checktrust"
mkdir -p "$DESTDIR$sysconfdir/xdg/lightdm/lightdm.conf.d"
install_data checktrust/lightdm-use-wrapper.conf "$DESTDIR$sysconfdir/xdg/lightdm/lightdm.conf.d/50-use-wrapper.conf"
install_exec checktrust/lightdm-greeter-wrapper "$DESTDIR$usr_exec_prefix/libexec/lightdm-greeter-wrapper"
install_exec checktrust/lightdm-show-trust-warning "$DESTDIR$usr_exec_prefix/libexec/lightdm-show-trust-warning"
mkdir -p "$DESTDIR$sysconfdir/issue.d/"
install_symlink /node/issue.d/notrust.issue "$DESTDIR$sysconfdir/issue.d/notrust.issue"
install_data checktrust/getty-checktrust.service "$DESTDIR$systemdunitdir/getty-checktrust.service"
install_exec checktrust/getty-checktrust "$DESTDIR$usr_exec_prefix/libexec/getty-checktrust"
exit

0 comments on commit c96ad4b

Please sign in to comment.