Improve helper scripts, remove bugs

4 years ago · 3d9c818e5c
5 changed files with 25 additions and 164 deletions
--- a/bin/install.sh
+++ b/bin/install.sh
@ -1,157 +0,0 @@
 #! /bin/bash
 install_dir='/opt/yubilock/'
 logging_dir='/var/log/yubilock/'
 script_dir="$(dirname $(readlink -f $0))"
 # exit when any command fails
 set -e
 # Make sure running as root
 if [ `id -u` -ne 0 ]; then
   echo 'Please run as root'
   exit 1
 fi
 # Ask for user parameters
 echo "This installer is meant to install the yubilock service for one user. Please specifiy for wich user you want to install xscreensaver-yubilock"
 read -p 'Username: ' username
 userid=`id -u "$username" 2>/dev/null` || ( echo "$username is not a user on this system" && exit 1 )
 [ "$userid" -lt 1000 ] && echo "User $username seems to be a systemuser (uid: $userid). Please specify a normal user." && exit 1 
 echo "Allowed yubikey serials can be set systemwide in ${install_dir}config.ini, or per user in \$HOME/.yubilock. Do you wish to add one or more for $username now?"
 read -p "Add Yubikey serial? (Y/n) " add_serial
 [ -z "$add_serial" ] && add_serial='yes' # if no input, assume yes
 case ${add_serial:0:1} in
   y|Y|1 )
      add_serial='yes';;
   * )
      add_serial='no';;
 esac
 if [ "$add_serial" = 'yes' ]; then
   if  ! ykman -v >/dev/null 2>&1 ; then
      echo "yubikey-manager doesn't seem to be installed. Do you want to install it? ('no' means you'll have to add your yubikey serial manually later)"
      read -p "Install yubikey-manager? (Y/n) " install_ykman
      [ -z "$install_ykman" ] && install_ykman='yes' # if no input, assume yes
      case ${install_ykman:0:1} in
         y|Y|1 )
            apt-get install -y yubikey-manager;;
         * )
            break 3;;
      esac
   fi
   echo "Please make sure your yubikey(s) are plugged in. Then press any key to continue"
   read -n 1 -s -r
   serials=`ykman list | sed -e 's#.*:\ \(\)#\1#' | tr '\n' ','` # List all keys, get the serials, and comma separate them
   serials="${serials%?}" # Remove trailing comma
   echo "The following serial(s) will be added to your config file: $serials"
 fi
 echo "Do you want the daemon to be started by systemd? (you'll have to start it manually every login session if you choose no)"
 read -p "Use Systemd? (Y/n) " use_systemd
 [ -z "$use_systemd" ] && use_systemd='yes' # if no input, assume yes
 case ${use_systemd:0:1} in
   y|Y|1 )
      use_systemd='yes';;
   * )
      use_systemd='no';;
 esac
 echo "== Making sure python3 and virtualenv are installed =="
 python3 --version || apt-get install -y python3
 python3 -m venv -h >/dev/null 2>&1 || apt-get install -y python3-venv
 echo "== Create yubilock group =="
 addgroup --system yubilock
 echo "== Add $username to yubilock group =="
 usermod -a -G yubilock "$username"
 echo "== Create virualenv =="
 [ -f "$install_dir/venv/bin/activate" ] || python3 -m venv "$install_dir/venv"
 . "$install_dir/venv/bin/activate"
 pip install setuptools wheel
 pip install -r "$script_dir/requirements.txt"
 echo "== Copy over application files =="
 cp "$script_dir/bin/xscreensaver_yubilock.py" "$install_dir"
 cp "$script_dir/bin/uninstall.sh" "$install_dir"
 cp "$script_dir/bin/kill_screensaver_graphic_program.sh" "$install_dir"
 cp "$script_dir/bin/config_system.ini" "$install_dir/config.ini"
 chown -R root:yubilock "$install_dir"
 chmod 771 "$install_dir"
 # Add yubikey serials to config
 if [ -n "$serials" ]; then
   homedir=`eval echo ~"$username"`
   echo "Homedir: $homedir"
   [ -f "$homedir/.yubilock" ] || ( cp "$script_dir/bin/config_user.ini" "$homedir/.yubilock" && chown "$username:$username" "$homedir/.yubilock")
   sed -i "s+^yubikey_serial.*+yubikey_serial\ =\ $serials+g" "$homedir/.yubilock"
   echo "Add yubikey serial(s) to $homedir/.yubilock" 
 fi
 echo "== Create logging directory =="
 mkdir -p "$logging_dir"
 chown --from=root:root root:yubilock "$logging_dir"
 chmod 775 "$logging_dir"
 sed -i "s+^logfile\ =.*+logfile\ =\ ${logging_dir}daemon.log+g" "$install_dir/config.ini"
 echo "== Fix udev usb rights for yubilock group =="
 cp "$script_dir/debian/91-usbftdi.rules" '/etc/udev/rules.d/'
 chown root:root '/etc/udev/rules.d/91-usbftdi.rules'
 udevadm control --reload-rules
 if [ "$use_systemd" = 'yes' ]; then
   echo "== Enable as systemd service =="
   mkdir -p "/home/$username/.config/systemd/user"
   cp "$script_dir/debian/yubilock.service" "/home/$username/.config/systemd/user"
   sed -i "s+^ExecStart=.*+ExecStart=${install_dir}venv/bin/python ${install_dir}xscreensaver_yubilock.py -v+g" "/home/$username/.config/systemd/user/yubilock.service"
   su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user daemon-reload'
   su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user enable yubilock.service'
   # su is used for systemctl user units because systemctl matches executing uid to unit owner uid. See:
   # https://unix.stackexchange.com/questions/483948/inspect-unit-status-for-user-units-with-systemctl-as-root/485063#485063
 else
   # Make sure service is removed if previously installed
   su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user stop yubilock.service >/dev/null 2>&1'
   su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user disable yubilock.service >/dev/null 2>&1'
   rm "/home/$username/.config/systemd/user/yubilock.service" >/dev/null 2>&1
   su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user daemon-reload'
   su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user reset-failed'
 fi
 echo "== xscreensaver-yubilock is installed! =="
 echo "== to enable yubilock, please restart your device ==
 exit 0
 # Due to loginctl not updating user groups, the user has to restart before the service can be started.
 if [ "$use_systemd" = 'yes' ]; then
   echo "Do you wish to start the daemon now? WARNING: If the specified yubikey is not plugged in, your machine will lock. Alternatively, you can start the service using 'sudo systemctl start yubilock.service' or wait for next login."
   read -p "Start daemon? (y/N) " start_daemon
   [ -z "$start_daemon" ] && start_daemon='no' # if no input, assume no
   case ${start_daemon:0:1} in
      n|N|0 )
         ;;
      * )
         su "$username" -c 'XDG_RUNTIME_DIR=/run/user/$UID systemctl --user start yubilock.service';;
   esac
 fi
 exit 0
 #(Uninstall script)
--- a/bin/kill_screensaver_graphic_program.sh
+++ b/bin/kill_screensaver_graphic_program.sh
@ -43,3 +43,9 @@ echo "graphic_processes: $graphic_processes"
 [ "$dummy" = 'true' ] && exit 0
 process_count=`echo $graphic_processes | wc -w`
 kill $graphic_processes && echo "killed $process_count screensaver graphic processes for $username"
 sleep 1
 for pid in `ps -U "$username" | grep "$graphic_program_name" | awk '{$1=$1};1' | cut -d ' ' -f 1`; do
   echo "Grahpic with PID $pid didn't exit, sending SIGKILL"
   kill -9 "$pid"
 done
--- a/bin/seconds_since_wakeup.sh
+++ b/bin/seconds_since_wakeup.sh
@ -0,0 +1,11 @@
 #! /bin/bash
 last_wakeup_str=`grep "Enabling non-boot CPUs ..." /var/log/kern.log | tail -n 1 | cut -d ' ' -f 1-3`
 [ -z "$last_wakeup_str" ] &&  echo -1 && exit 1
 wakeup_unix="$(date --date="$last_wakeup_str" +%s)"
 now_unix="$(date +%s)"
 delta_s=$(( now_unix - wakeup_unix ))
 echo "$delta_s"
 exit 0
--- a/bin/xscreensaver_yubilock.py
+++ b/bin/xscreensaver_yubilock.py
@ -51,9 +51,11 @@ def execute(command: str, shell_on: bool = False, background: bool = False):
 def screensaver_running():
    graphic_program_instances = execute(f"{script_dir}/kill_screensaver_graphic_program.sh -d | grep graphic_processes | wc -l", shell_on=True)
-    if int(graphic_program_instances) > 0:
+    return int(graphic_program_instances) > 0
-        return True
+
-    return False
+def just_woke_up():
    seconds_since_wakeup = execute(f"{script_dir}/seconds_since_wakeup.sh", shell_on=True)
    return int(seconds_since_wakeup) < 60
 def lock_screen():
    if args.dummy :
@ -100,7 +102,7 @@ def get_yubikey_serials() -> int:
 def update_lock_state():
    if any(serial in yubikey_serials for serial in get_yubikey_serials()):
-        if screensaver_running():
+        if screensaver_running() or just_woke_up(): 
            logger.debug('screen will be unlocked')
            unlock_screen()
    else:
@ -167,7 +169,6 @@ def get_hid_event_monitor():
 if __name__ == "__main__":
    args = get_args()
    execute('id > /tmp/id.txt &', shell_on=True, background = True)
    setup_logger(config.get("HOSTCONFIG", "logfile",
        fallback="log.log"))
--- a/install.sh
+++ b/install.sh
@ -86,6 +86,7 @@ echo "== Copy over application files =="
 cp "$script_dir/bin/xscreensaver_yubilock.py" "$install_dir"
 cp "$script_dir/bin/uninstall.sh" "$install_dir"
 cp "$script_dir/bin/kill_screensaver_graphic_program.sh" "$install_dir"
 cp "$script_dir/bin/seconds_since_wakeup.sh" "$install_dir"
 cp "$script_dir/bin/config_system.ini" "$install_dir/config.ini"
 chown -R root:yubilock "$install_dir"
@ -137,7 +138,7 @@ else
 fi
 echo "== xscreensaver-yubilock is installed! =="
-echo "== to enable yubilock, please restart your device ==
+echo "== to enable yubilock, please restart your device =="
 exit 0
 # Due to loginctl not updating user groups, the user has to restart before the service can be started.
@ -154,4 +155,3 @@ if [ "$use_systemd" = 'yes' ]; then
 fi
 exit 0
 #(Uninstall script)