$ cat /opt/ltsp/i386test1/usr/share/ldm/rc.d/X01-localapps ## The following

1. $ cat /opt/ltsp/i386test1/usr/share/ldm/rc.d/X01-localapps
2. #
3. # The following is a script to set up local apps support on LTSP through LDM
4. #
5.  
6. # This hook modifies /etc/group and /etc/passwd directly with user/group
7. # information gathered from the server.
8.  
9. # This will enable us to easily bypass the need for setting up local user
10. # authentication, and instead leverage the authentication already set up on
11. # the server.
12.  
13. if boolean_is_true "$LOCAL_APPS"; then
14.  
15. echo "HEREONE:" >> /var/log/ldm.log
16. printenv >> /var/log/ldm.log
17. id >> /var/log/ldm.log
18. echo "HERETWO:" >> /var/log/ldm.log
19. # Set up local uids/gids
20.  
21. LOCALAPPS_CACHE=/var/cache/ltsp-localapps
22. export LOCALAPPS_CACHE
23. mkdir -p ${LOCALAPPS_CACHE} 2>/dev/null
24.  
25. # Copy /etc/passwd and /etc/group to cache if it does not exist (should only happen on first login)
26. for i in passwd group; do
27. if [ ! -e "${LOCALAPPS_CACHE}/${i}" ]; then
28. cp /etc/${i} "${LOCALAPPS_CACHE}/${i}"
29. else
30. cp "${LOCALAPPS_CACHE}/${i}" /etc/${i}
31. fi
32. done
33.  
34. # Get logged in username if not set
35. [ -z "$LDM_USERNAME" ] && LDM_USERNAME=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} 'echo ${USER}')
36.  
37. # Get passwd info *just* for that user
38. ssh -S ${LDM_SOCKET} ${LDM_SERVER} "/usr/bin/getent passwd ${LDM_USERNAME}" | sed -e "s/${LDM_USERNAME}/${LDM_USERNAME}/i" >>/etc/passwd
39.  
40. # Get all group info and copy to COMBINED_GROUP
41. COMBINED_GROUP=${LOCALAPPS_CACHE}/group.combined
42. cp /etc/group ${COMBINED_GROUP}
43. ssh -S ${LDM_SOCKET} ${LDM_SERVER} "/usr/bin/getent group" >> ${COMBINED_GROUP}
44.  
45. # Get the system groups that the user belongs to, so we can add him back in
46. myGroups=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} /usr/bin/getent group|egrep "[,:]${LDM_USERNAME}(,|$)"|cut -d: -f1| tr '\n' ',' | sed -e 's/,$//g')
47.  
48. # (/usr/bin/id is only needed because getent evidently does not return groups
49. # added by pam_group (bug in pam_group?)
50.  
51. myGroups1=$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} LANG=C /usr/bin/id | sed -e 's/^.*groups=//' -e 's/) .*$/)/'|cut -d= -f2|sed -e 's/[0-9]*(//g' -e 's/)//g')
52.  
53. # concatenate groups from different sources, stripping off prefixed and
54. # trailing commas
55. myGroups=$(echo ${myGroups},${myGroups1} | sed -e 's/^,//g' -e 's/,$//g')
56.  
57. # Get the user's groups specifically (in case they weren't returned by "getent group")
58. myGroups_quoted=$(echo $myGroups | sed -e "s/^/\\\'/" -e "s/$/\\\'/" -e "s/,/\\\' \\\'/g")
59. ssh -S ${LDM_SOCKET} ${LDM_SERVER} LANG=C eval getent group ${myGroups_quoted} >> ${COMBINED_GROUP}
60. unset myGroups_quoted
61.  
62. # Now, some groups may have different gids on the server than the client chroot
63. # So, let's prune out all the dups
64. TMPGROUP="${LOCALAPPS_CACHE}/tmpgroup"
65. [ -f "${TMPGROUP}" ] && rm ${TMPGROUP}
66. gnames=""
67. gids=""
68. # those 2 variables are there because if group is rejected because of the gid we need to create this group.
69. dgnames=""
70. ngids=""
71.  
72. oldifs="${IFS-not set}"
73. IFS=":"
74. while read gname gpass gid gusers; do
75. match=
76. case $gnames in
77. *:"$gname":*|*:"$gname")
78. # group name present in the list of groups already processed.
79. match=1
80. case $gusers in
81. "$LDM_USERNAME"|*,"$LDM_USERNAME",*|*,"$LDM_USERNAME"|"$LDM_USERNAME",*)
82. dgnames="$dgnames $gname,"
83. ;;
84. esac
85. ;;
86. esac
87. case $gids in
88. *:"$gid":*|*:"$gid")
89. # gid present in the list of gids already processed.
90. match=1
91. case $gusers in
92. "$LDM_USERNAME"|*,"$LDM_USERNAME",*|*,"$LDM_USERNAME"|"$LDM_USERNAME",*)
93. ngids="$ngids $gname,"
94. ;;
95. esac
96. ;;
97. esac
98. if [ -z "$match" ]; then
99. echo "$gname:$gpass:$gid:$gusers" >>${TMPGROUP}
100. gnames="$gnames:$gname"
101. gids="$gids:$gid"
102. fi
103. done < ${COMBINED_GROUP}
104. test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
105. # cleanup
106. dgnames=$(echo ${dgnames} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
107. ngids=$(echo ${ngids} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
108. tocreate=""
109. oldifs="${IFS-not set}"
110. IFS=,
111. for e in $ngids; do
112. match=
113. for f in $dgnames; do
114. if [ "$e" = "$f" ]; then
115. match=1
116. fi
117. done
118. if [ -z "$match" ]; then
119. tocreate="$tocreate $e,"
120. fi
121. done
122. tocreate=$(echo ${tocreate} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//' | sed 's/^[[:blank:]]*//g')
123. test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
124.  
125. cp ${TMPGROUP} /etc/group
126. chmod 644 /etc/group
127.  
128.  
129. if [ -n "$myGroups" ]; then
130. if [ -w /etc ]; then
131. oldifs="${IFS-not set}"
132. IFS=,
133. for ngroup in $tocreate; do
134. ngroup=$(echo ${ngroup} | sed -e 's/ /\\\ /g') # FIXME: Problem with AD. Space not permited here.
135. groupadd -r ${ngroup}
136. done
137. test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
138. for group in $(echo ${myGroups} | tr ',' '\n' | sort -u); do
139. /usr/sbin/usermod -a -G $group "${LDM_USERNAME}" 2>/dev/null
140. done
141. else
142. # FIXME: maybe add system groups: $tocreate into /etc/group
143. # Read-only /etc cannot use usermod
144. myGroups=$(echo ${myGroups} | tr ',' '\n' | sort -u | tr '\n' ',' | sed 's/,$//')
145. oldifs="${IFS-not set}"
146. IFS=,
147. cp /etc/group $TMPGROUP
148. for group in $myGroups ; do
149. # add user to each group manually
150. line="$(egrep ^${group}: $TMPGROUP | egrep -v [:,]${LDM_USERNAME}'(,|$)' )"
151. if [ -n "$line" ]; then
152. # add the user to the group
153. sed -i -e "s/^$line/$line,${LDM_USERNAME}/g" -e 's/:,/:/g' $TMPGROUP
154. fi
155. done
156. cp $TMPGROUP /etc/group
157. test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
158. fi
159. fi
160.  
161. # Now, let's mount the home directory
162. oldifs="${IFS-not set}"
163. IFS=":"
164. export LDM_HOME=""
165. export USER_UID=""
166. export USER_GID=""
167. TMP_USER_PASSWD=${LOCALAPPS_CACHE}/passwd.user
168. getent passwd ${LDM_USERNAME} > ${TMP_USER_PASSWD}
169. while read user pass uid gid gecos home shell ; do
170. # First, make the mountpoint
171. LDM_HOME="$home"
172. USER_UID="$uid"
173. USER_GID="$gid"
174. mkdir -p ${LDM_HOME}
175. chown "$USER_UID":"$USER_GID" ${LDM_HOME}
176. if [ -n "${XAUTHORITY_DIR}" ]; then
177. chown "$USER_UID":"$USER_GID" ${XAUTHORITY_DIR}
178. fi
179. done < ${TMP_USER_PASSWD}
180. test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
181. rm ${TMP_USER_PASSWD}
182.  
183. ## Maybe do this:
184. ## export HOME=${LOCALAPPS_CACHE}
185.  
186. if boolean_is_true "$SSH_FOLLOW_SYMLINKS" || [ -z "$SSH_FOLLOW_SYMLINKS" ]; then
187. SSH_FOLLOW_SYMLINKS="follow_symlinks,"
188. else
189. unset SSH_FOLLOW_SYMLINKS
190. fi
191. # Mount the home directory
192. sshfs -o ${SSH_FOLLOW_SYMLINKS}allow_other,ControlPath=${LDM_SOCKET} ${LDM_SERVER}:${LDM_HOME} ${LDM_HOME}
193.  
194. echo "WTFONE:" >> /var/log/ldm.log
195. printenv >> /var/log/ldm.log
196. id >> /var/log/ldm.log
197. echo "WTFTWO:" >> /var/log/ldm.log
198. # Mount other directories
199. if [ -n "${LOCAL_APPS_EXTRAMOUNTS}" ]; then
200. oldifs="${IFS-not set}"
201. IFS=","
202. for extradir in ${LOCAL_APPS_EXTRAMOUNTS}; do
203. mkdir -p "${extradir}"
204. sshfs -o ${SSH_FOLLOW_SYMLINKS}allow_other,ControlPath=${LDM_SOCKET} ${LDM_SERVER}:${extradir} ${extradir}
205. done
206. test "$oldifs" = "not set" && unset IFS || IFS="$oldifs"
207. fi
208.  
209. # Create tmpdir for localapps menu
210. if boolean_is_true "$LOCAL_APPS_MENU" && [ -x "/usr/bin/ltsp-genmenu" ]; then
211. # get a temporary directory on the server
212. TMP_XDG_MENU="$(ssh -S ${LDM_SOCKET} ${LDM_SERVER} mktemp -d /tmp/ltsp-localapps-${LDM_USERNAME}-XXXXXX)"
213. export TMP_XDG_MENU
214. CLIENT_ENV="${CLIENT_ENV} XDG_DATA_DIRS=${TMP_XDG_MENU}/:/usr/local/share/:/usr/share/"
215.  
216. # Make the local temporary directory
217. TMP_XDG_DIR_LOCAL="$(mktemp -d /tmp/ltsp-localapps-${LDM_USERNAME}-XXXXXX)"
218. export TMP_XDG_DIR_LOCAL
219.  
220. # chown the tmpdir to be owned by the user
221. chown -R $USER_UID:$USER_GID ${TMP_XDG_DIR_LOCAL}
222.  
223. # Generate the localapp menu
224. su - ${LDM_USERNAME} -c "LOCAL_APPS_MENU_ITEMS=${LOCAL_APPS_MENU_ITEMS} TMP_XDG_DIR_LOCAL=${TMP_XDG_DIR_LOCAL} /usr/bin/ltsp-genmenu install"
225.  
226. # now, scp the directory to the /tmp dir on the server
227. scp -r -o "ControlPath $LDM_SOCKET" -o "User $LDM_USERNAME" ${TMP_XDG_DIR_LOCAL}/* ${LDM_SERVER}:${TMP_XDG_MENU}
228.  
229. # Clean up local
230. rm -rf ${TMP_XDG_DIR_LOCAL} || true
231. fi
232.  
233. # attempt to create cups dir if not present
234. if [ ! -d /etc/cups ]; then
235. mkdir /etc/cups || true
236. fi
237.  
238. # if cups is installed in the chroot, use LDM_SERVER for printing
239. if [ -d /etc/cups ]; then
240. if [ -n "${CUPS_SERVER}" ]; then
241. echo "ServerName ${CUPS_SERVER}" > /etc/cups/client.conf
242. else
243. echo "ServerName ${LDM_SERVER}" > /etc/cups/client.conf
244. fi
245. fi
246.  
247. fi