Burathar
/
xscreensaver-yubilock
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Improve helper scripts, remove bugs

master
Burathar 4 years ago
parent
fbcd275d4a
commit
3d9c818e5c
5 changed files with 25 additions and 164 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 157
      bin/install.sh
  2. 6
      bin/kill_screensaver_graphic_program.sh
  3. 11
      bin/seconds_since_wakeup.sh
  4. 11
      bin/xscreensaver_yubilock.py
  5. 4
      install.sh

157
bin/install.sh
Unescape View File

@ -1,157 +0,0 @@ @@ -1,157 +0,0 @@
#! /bin/bash
install_dir='/opt/yubilock/'
logging_dir='/var/log/yubilock/'
script_dir="$(dirname $(readlink -f $0))"
# exit when any command fails
set -e
# Make sure running as root
if [ `id -u` -ne 0 ]; then
echo 'Please run as root'
exit 1
fi
# Ask for user parameters
echo "This installer is meant to install the yubilock service for one user. Please specifiy for wich user you want to install xscreensaver-yubilock"
read -p 'Username: ' username
userid=`id -u "$username" 2>/dev/null` || ( echo "$username is not a user on this system" && exit 1 )
[ "$userid" -lt 1000 ] && echo "User $username seems to be a systemuser (uid: $userid). Please specify a normal user." && exit 1
echo "Allowed yubikey serials can be set systemwide in ${install_dir}config.ini, or per user in \$HOME/.yubilock. Do you wish to add one or more for $username now?"
read -p "Add Yubikey serial? (Y/n) " add_serial
[ -z "$add_serial" ] && add_serial='yes' # if no input, assume yes
case ${add_serial:0:1} in
y|Y|1 )
add_serial='yes';;
* )
add_serial='no';;
esac
if [ "$add_serial" = 'yes' ]; then
if ! ykman -v >/dev/null 2>&1 ; then
echo "yubikey-manager doesn't seem to be installed. Do you want to install it? ('no' means you'll have to add your yubikey serial manually later)"
read -p "Install yubikey-manager? (Y/n) " install_ykman
[ -z "$install_ykman" ] && install_ykman='yes' # if no input, assume yes
case ${install_ykman:0:1} in
y|Y|1 )
apt-get install -y yubikey-manager;;
* )
break 3;;
esac
fi
echo "Please make sure your yubikey(s) are plugged in. Then press any key to continue"
read -n 1 -s -r
serials=`ykman list | sed -e 's#.*:\ \(\)#\1#' | tr '\n' ','` # List all keys, get the serials, and comma separate them
serials="${serials%?}" # Remove trailing comma
echo "The following serial(s) will be added to your config file: $serials"
fi
echo "Do you want the daemon to be started by systemd? (you'll have to start it manually every login session if you choose no)"
read -p "Use Systemd? (Y/n) " use_systemd
[ -z "$use_systemd" ] && use_systemd='yes' # if no input, assume yes
case ${use_systemd:0:1} in
y|Y|1 )
use_systemd='yes';;
* )
use_systemd='no';;
esac
echo "== Making sure python3 and virtualenv are installed =="
python3 --version || apt-get install -y python3
python3 -m venv -h >/dev/null 2>&1 || apt-get install -y python3-venv
echo "== Create yubilock group =="
addgroup --system yubilock
echo "== Add $username to yubilock group =="
usermod -a -G yubilock "$username"
echo "== Create virualenv =="
[ -f "$install_dir/venv/bin/activate" ] || python3 -m venv "$install_dir/venv"
. "$install_dir/venv/bin/activate"
pip install setuptools wheel
pip install -r "$script_dir/requirements.txt"
echo "== Copy over application files =="
cp "$script_dir/bin/xscreensaver_yubilock.py" "$install_dir"
cp "$script_dir/bin/uninstall.sh" "$install_dir"
cp "$script_dir/bin/kill_screensaver_graphic_program.sh" "$install_dir"
cp "$script_dir/bin/config_system.ini" "$install_dir/config.ini"
chown -R root:yubilock "$install_dir"
chmod 771 "$install_dir"
# Add yubikey serials to config
if [ -n "$serials" ]; then
homedir=`eval echo ~"$username"`
echo "Homedir: $homedir"
[ -f "$homedir/.yubilock" ] || ( cp "$script_dir/bin/config_user.ini" "$homedir/.yubilock" && chown "$username:$username" "$homedir/.yubilock")
sed -i "s+^yubikey_serial.*+yubikey_serial\ =\ $serials+g" "$homedir/.yubilock"
echo "Add yubikey serial(s) to $homedir/.yubilock"
fi
echo "== Create logging directory =="
mkdir -p "$logging_dir"
chown --from=root:root root:yubilock "$logging_dir"
chmod 775 "$logging_dir"
sed -i "s+^logfile\ =.*+logfile\ =\ ${logging_dir}daemon.log+g" "$install_dir/config.ini"
echo "== Fix udev usb rights for yubilock group =="
cp "$script_dir/debian/91-usbftdi.rules" '/etc/udev/rules.d/'
chown root:root '/etc/udev/rules.d/91-usbftdi.rules'
udevadm control --reload-rules
if [ "$use_systemd" = 'yes' ]; then
echo "== Enable as systemd service =="
mkdir -p "/home/$username/.config/systemd/user"
cp "$script_dir/debian/yubilock.service" "/home/$username/.config/systemd/user"
sed -i "s+^ExecStart=.*+ExecStart=${install_dir}venv/bin/python ${install_dir}xscreensaver_yubilock.py -v+g" "/home/$username/.config/systemd/user/yubilock.service"
su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user daemon-reload'
su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user enable yubilock.service'
# su is used for systemctl user units because systemctl matches executing uid to unit owner uid. See:
# https://unix.stackexchange.com/questions/483948/inspect-unit-status-for-user-units-with-systemctl-as-root/485063#485063
else
# Make sure service is removed if previously installed
su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user stop yubilock.service >/dev/null 2>&1'
su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user disable yubilock.service >/dev/null 2>&1'
rm "/home/$username/.config/systemd/user/yubilock.service" >/dev/null 2>&1
su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user daemon-reload'
su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user reset-failed'
fi
echo "== xscreensaver-yubilock is installed! =="
echo "== to enable yubilock, please restart your device ==
exit 0
# Due to loginctl not updating user groups, the user has to restart before the service can be started.
if [ "$use_systemd" = 'yes' ]; then
echo "Do you wish to start the daemon now? WARNING: If the specified yubikey is not plugged in, your machine will lock. Alternatively, you can start the service using 'sudo systemctl start yubilock.service' or wait for next login."
read -p "Start daemon? (y/N) " start_daemon
[ -z "$start_daemon" ] && start_daemon='no' # if no input, assume no
case ${start_daemon:0:1} in
n|N|0 )
;;
* )
su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user start yubilock.service';;
esac
fi
exit 0
#(Uninstall script)

6
bin/kill_screensaver_graphic_program.sh
Unescape View File

@ -43,3 +43,9 @@ echo "graphic_processes: $graphic_processes" @@ -43,3 +43,9 @@ echo "graphic_processes: $graphic_processes"
[ "$dummy" = 'true' ] && exit 0
process_count=`echo $graphic_processes | wc -w`
kill $graphic_processes && echo "killed $process_count screensaver graphic processes for $username"
sleep 1
for pid in `ps -U "$username" | grep "$graphic_program_name" | awk '{$1=$1};1' | cut -d ' ' -f 1`; do
echo "Grahpic with PID $pid didn't exit, sending SIGKILL"
kill -9 "$pid"
done

11
bin/seconds_since_wakeup.sh
Unescape View File

@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
#! /bin/bash
last_wakeup_str=`grep "Enabling non-boot CPUs ..." /var/log/kern.log | tail -n 1 | cut -d ' ' -f 1-3`
[ -z "$last_wakeup_str" ] && echo -1 && exit 1
wakeup_unix="$(date --date="$last_wakeup_str" +%s)"
now_unix="$(date +%s)"
delta_s=$(( now_unix - wakeup_unix ))
echo "$delta_s"
exit 0

11
bin/xscreensaver_yubilock.py
Unescape View File

@ -51,9 +51,11 @@ def execute(command: str, shell_on: bool = False, background: bool = False): @@ -51,9 +51,11 @@ def execute(command: str, shell_on: bool = False, background: bool = False):
def screensaver_running():
graphic_program_instances = execute(f"{script_dir}/kill_screensaver_graphic_program.sh -d | grep graphic_processes | wc -l", shell_on=True)
if int(graphic_program_instances) > 0:
return True
return False
return int(graphic_program_instances) > 0
def just_woke_up():
seconds_since_wakeup = execute(f"{script_dir}/seconds_since_wakeup.sh", shell_on=True)
return int(seconds_since_wakeup) < 60
def lock_screen():
if args.dummy :
@ -100,7 +102,7 @@ def get_yubikey_serials() -> int: @@ -100,7 +102,7 @@ def get_yubikey_serials() -> int:
def update_lock_state():
if any(serial in yubikey_serials for serial in get_yubikey_serials()):
if screensaver_running():
if screensaver_running() or just_woke_up():
logger.debug('screen will be unlocked')
unlock_screen()
else:
@ -167,7 +169,6 @@ def get_hid_event_monitor(): @@ -167,7 +169,6 @@ def get_hid_event_monitor():
if __name__ == "__main__":
args = get_args()
execute('id > /tmp/id.txt &', shell_on=True, background = True)
setup_logger(config.get("HOSTCONFIG", "logfile",
fallback="log.log"))

4
install.sh
Unescape View File

@ -86,6 +86,7 @@ echo "== Copy over application files ==" @@ -86,6 +86,7 @@ echo "== Copy over application files =="
cp "$script_dir/bin/xscreensaver_yubilock.py" "$install_dir"
cp "$script_dir/bin/uninstall.sh" "$install_dir"
cp "$script_dir/bin/kill_screensaver_graphic_program.sh" "$install_dir"
cp "$script_dir/bin/seconds_since_wakeup.sh" "$install_dir"
cp "$script_dir/bin/config_system.ini" "$install_dir/config.ini"
chown -R root:yubilock "$install_dir"
@ -137,7 +138,7 @@ else @@ -137,7 +138,7 @@ else
fi
echo "== xscreensaver-yubilock is installed! =="
echo "== to enable yubilock, please restart your device ==
echo "== to enable yubilock, please restart your device =="
exit 0
# Due to loginctl not updating user groups, the user has to restart before the service can be started.
@ -154,4 +155,3 @@ if [ "$use_systemd" = 'yes' ]; then @@ -154,4 +155,3 @@ if [ "$use_systemd" = 'yes' ]; then
fi
exit 0
#(Uninstall script)

Write Preview
Loading…
Cancel
Save