diff --git a/checktrust/checktrust b/checktrust/checktrust new file mode 100755 index 0000000..ba55e28 --- /dev/null +++ b/checktrust/checktrust @@ -0,0 +1,12 @@ +#! /usr/bin/bash + +for host in wtf afk pummelfee; do + reply="$(netcat -w 1 $host 236 /node/issue.d/notrust.issue <, phone: -1708 ** + +EOF +else + rm -f /node/issue.d/notrust.issue +fi diff --git a/checktrust/getty-checktrust.service b/checktrust/getty-checktrust.service new file mode 100644 index 0000000..2d301e3 --- /dev/null +++ b/checktrust/getty-checktrust.service @@ -0,0 +1,11 @@ +[Unit] +Description=Check Mariux64 trust for getty +Before=getty@.service + +[Install] +WantedBy=getty@.service + +[Service] +Type=oneshot +ExecStart=/usr/libexec/getty-checktrust +RemainAfterExit=yes diff --git a/checktrust/lightdm-greeter-wrapper b/checktrust/lightdm-greeter-wrapper new file mode 100755 index 0000000..1e47ada --- /dev/null +++ b/checktrust/lightdm-greeter-wrapper @@ -0,0 +1,3 @@ +#! /bin/bash +(/usr/libexec/lightdm-show-trust-warning &) +exec "$@" diff --git a/checktrust/lightdm-show-trust-warning b/checktrust/lightdm-show-trust-warning new file mode 100755 index 0000000..ed738c0 --- /dev/null +++ b/checktrust/lightdm-show-trust-warning @@ -0,0 +1,28 @@ +#! /usr/bin/bash + +while true; do + reply="$(/usr/sbin/checktrust)" + if [ "$reply" = "trusted" ]; then + break + elif [ "$reply" = "not trusted" ]; then + if [ -z "$XDOPID" ]; then + (while true; do xdotool search --sync --name bla windowraise; sleep 1; done) & + XDOPID=$! + fi + xdotool search --sync --name bla windowraise & + zenity --width 400 --error --title bla --text \ +"Loss of trust detected! + +Looks like your machine lost the trust of our network. Maybe it was offline for too long. + +You won't be able to log in. + +Please contact IT Helpdesk + +helpdesk@molgen.mpg.de +phone: -1708" + continue + fi + sleep 5 +done +test -n "$XDOPID" && kill $XDOPID diff --git a/checktrust/lightdm-use-wrapper.conf b/checktrust/lightdm-use-wrapper.conf new file mode 100644 index 0000000..80af383 --- /dev/null +++ b/checktrust/lightdm-use-wrapper.conf @@ -0,0 +1,2 @@ +[Seat:*] +greeter-wrapper=/usr/libexec/lightdm-greeter-wrapper diff --git a/clusterd/clusterd b/clusterd/clusterd index 96741a8..f6c7dc2 100755 --- a/clusterd/clusterd +++ b/clusterd/clusterd @@ -1794,6 +1794,31 @@ sub cmd_push { #------------------------------------------------------------ +our $TRUSTCHECK_PORT=236; +our $trustcheck_listen_socket; + +sub trustcheck_init { + $trustcheck_listen_socket=new IO::Socket::INET(LocalPort=>$TRUSTCHECK_PORT,Proto=>'tcp',Listen=>10,ReuseAddr=>1); + defined $trustcheck_listen_socket or die "$!\n"; + My::Select::reader($trustcheck_listen_socket,\&trustcheck_connect_request); +} + +sub trustcheck_connect_request { + My::Select::reader_requeue(); + my $socket=$trustcheck_listen_socket->accept(); + $socket->blocking(0); + my $hostname = gethostbyaddr(inet_aton($socket->peerhost()), AF_INET); + system 'hostconfig','--host',$hostname,'amd'; + if ($? == 0) { + $socket->send("I trust you\n", 0); + } elsif ($? == 256) { + $socket->send("I don't trust you\n", 0); + } + close($socket); +} + +#------------------------------------------------------------ + use constant USAGE => <<'__EOF__'; usage: $0 [options] @@ -1901,6 +1926,7 @@ if (defined $options{'push'}) { init_area(); mgmt_init(); clp_init(); + trustcheck_init(); sync_cluster_pw() or warn "$CLUSTER_PW_FILE: $!\n"; diff --git a/install.sh b/install.sh index 1543cc8..44c8e89 100755 --- a/install.sh +++ b/install.sh @@ -76,6 +76,13 @@ function install_cron() install_if "$1" "$2" $INSTALL_CRON } +function install_symlink() +{ + if [ "$(readlink "$2")" != "$1" ]; then + ln -sfv "$1" "$2" + fi +} + umask 022; mkdir -p "$DESTDIR$usr_bindir" @@ -159,4 +166,13 @@ install_data misc_etc_files/rsyslog.conf "$DESTDIR$sysconfdir/rsyslog.conf" install_data crashkernel/crashkernel.service "$DESTDIR$systemdunitdir/crashkernel.service" install_exec crashkernel/crash-recovery.sh "$DESTDIR$root_sbindir/crash-recovery.sh" install_data misc_systemd_units/admin-sshd.service "$DESTDIR$systemdunitdir/admin-sshd.service" +install_exec checktrust/checktrust "$DESTDIR$usr_sbindir/checktrust" +mkdir -p "$DESTDIR$sysconfdir/xdg/lightdm/lightdm.conf.d" +install_data checktrust/lightdm-use-wrapper.conf "$DESTDIR$sysconfdir/xdg/lightdm/lightdm.conf.d/50-use-wrapper.conf" +install_exec checktrust/lightdm-greeter-wrapper "$DESTDIR$usr_exec_prefix/libexec/lightdm-greeter-wrapper" +install_exec checktrust/lightdm-show-trust-warning "$DESTDIR$usr_exec_prefix/libexec/lightdm-show-trust-warning" +mkdir -p "$DESTDIR$sysconfdir/issue.d/" +install_symlink /node/issue.d/notrust.issue "$DESTDIR$sysconfdir/issue.d/notrust.issue" +install_data checktrust/getty-checktrust.service "$DESTDIR$systemdunitdir/getty-checktrust.service" +install_exec checktrust/getty-checktrust "$DESTDIR$usr_exec_prefix/libexec/getty-checktrust" exit