epoptes-client 0.5.7-1 / usr / sbin / epoptes-client

This file is indexed.

/usr/sbin/epoptes-client is in epoptes-client 0.5.7-1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
#!/bin/sh

###########################################################################
# Connects to a remote server and offers it a local shell.
# Usage: epoptes [server] [port]
#
# Copyright (C) 2010-2012 Alkis Georgopoulos <alkisg@gmail.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
# On Debian GNU/Linux systems, the complete text of the GNU General
# Public License can be found in `/usr/share/common-licenses/GPL'.
###########################################################################

# epoptes-client may be called either as root, to control the client, or as a
# user, to control the user session.
# As root, epoptes-client starts from if-up.d on standalone clients.
# Unfortunately, thin and fat clients don't get if-up.d events, so just for
# this case we're using a helper sysvinit script.
# As a user, epoptes-client runs from /etc/xdg/autostart.
# Users can cancel that from their System > Preferences > Services gnome menu.

die() {
    echo "epoptes-client ERROR: $@" >&2
    exit 1
}

# The "boolean_is_true" name is used as a sentinel that prevents ltsp_config
# from sourcing ltsp_common_functions. So we're using a different name.
my_boolean_is_true() {
    case "$1" in
       # match all cases of true|y|yes
       [Tt][Rr][Uu][Ee]|[Yy]|[Yy][Ee][Ss]) return 0 ;;
       *) return 1 ;;
    esac
}

# Return true if we're in a chroot.
chrooted() {
    # The result is cached in a variable with the same name as the function :P
    test -n "$chrooted" && return "$chrooted"
    test -n "$UID" || UID=$(id -u)
    if [ "$UID" -gt 0 ]; then
        chrooted=1
    elif [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ]
    then
        # the devicenumber/inode pair of / is the same as that of /sbin/init's
        # root, so we're *not* in a chroot and hence return false.
        chrooted=1
    else
        chrooted=0
    fi
    return "$chrooted"
}

# Get $UID and $TYPE of the client, and the default $SERVER and $PORT.
basic_info() {
    test -n "$UID" || UID=$(id -u)

    # We temporarily need LTSP_CLIENT and LTSP_FATCLIENT to decide TYPE.
    # Unfortunately, when epoptes-client is ran as a system service, they're
    # not in our environment, and we need to source ltsp_config.
    # But we don't want to pollute the environment with any of its other vars.
    if [ "$UID" -eq 0 ] && [ -f /usr/share/ltsp/ltsp_config ] && ! chrooted &&
        egrep -qs 'ltsp|nfs|nbd' /proc/cmdline
    then
        export $(
            . /usr/share/ltsp/ltsp_config >/dev/null
            echo "LTSP_CLIENT=$LTSP_CLIENT"
            echo "LTSP_FATCLIENT=$LTSP_FATCLIENT"
            echo "EPOPTES_CLIENT_VERIFY_CERTIFICATE=$EPOPTES_CLIENT_VERIFY_CERTIFICATE")
        # LTSP_CLIENT may not be available in system sesssions, if so fake it
        LTSP_CLIENT=${LTSP_CLIENT:-127.0.0.1}
    fi

    # LTSP_FATCLIENT may not be available in user sessions, autodetect it
    if [ -n "$LTSP_CLIENT" ] && [ -z "$LTSP_FATCLIENT" ] &&
        [ "$UID" -gt 0 ] && [ -x /usr/bin/getltscfg ] &&
        egrep -qs 'ltsp|nfs|nbd' /proc/cmdline
    then
        LTSP_FATCLIENT=True
    fi

    if my_boolean_is_true "$LTSP_FATCLIENT"; then
        TYPE="fat"
    elif [ -n "$LTSP_CLIENT" ]; then
        TYPE="thin"
    else
        TYPE="standalone"
    fi

    if ( [ "$TYPE" = "thin" ] && [ "$UID" -gt 0 ] ) || chrooted; then
        SERVER=localhost
    else
        SERVER=server
    fi
    PORT=789

    export UID TYPE SERVER PORT
}

fetch_certificate()
{
    test "$UID" -eq 0 || die "Need to be root to fetch the certificate"
    mkdir -p /etc/epoptes
    openssl s_client -connect $SERVER:$PORT < /dev/null \
        | sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d' \
        > /etc/epoptes/server.crt
    if [ -s /etc/epoptes/server.crt ]; then
        echo "Successfully fetched certificate from $SERVER:$PORT"
        exit 0
    else
        die "Failed to fetch certificate from $SERVER:$PORT"
    fi
}


# Main.
export VERSION="0.5.7" # Automatically updated by mkdst

# Check the first parameter as it may turn out we don't need to run at all
case "$1" in
    -v|--version)
        echo "$VERSION"
        exit
        ;;
    -h|--help)
        if [ -x /usr/bin/man ]; then
            exec man epoptes-client
        else
            echo "Usage: $0 [-c|-h|-v] [SERVER] [PORT]"
            exit 0
        fi
        ;;
    -c|--certificate)
        need_certificate=true
        shift
        ;;
esac

# When called from /etc/xdg/autostart, /sbin is not in the system path.
PATH="$PATH:/sbin:/usr/sbin"

# When launched as a service, LANG might not be set.
if [ -z "$LANG" ] && [ -r /etc/default/locale ]; then
    . /etc/default/locale
    export LANG
fi

basic_info
# The configuration file overrides the default values
if [ -f /etc/default/epoptes-client ]; then
    . /etc/default/epoptes-client
fi
# And the command line parameters override the configuration file
export SERVER=${1:-$SERVER}
export PORT=${2:-$PORT}

# Provide an easy way to fetch the server certificate
test -n "$need_certificate" && fetch_certificate

# We don't want the epoptes-client system service running on the epoptes server
if ( [ $UID -eq 0 ] && [ $TYPE = "standalone" ] && [ -x /usr/bin/epoptes ] ) ||
    chrooted
then
    exit 0
fi

# Go to the scripts directory, so that we can run them with ./xxx
cd $(dirname "$0")
if [ -d ../epoptes-client ]; then
    cd ../epoptes-client
else
    cd /usr/share/epoptes-client
fi

# Source the lsb init functions, for log_begin_msg.
# Unfortunately it seems that Centos and Fedora don't have that file.
if [ -f /lib/lsb/init-functions ]; then
    . /lib/lsb/init-functions
else
    alias log_begin_msg="echo -n"
fi
log_begin_msg "Epoptes-client connecting to $SERVER:$PORT..."

# Call chain:
#  * if-up.d executes /usr/sbin/epoptes-client
#  * then socat is called
#  * after a successful connection, socat exec's /bin/sh
#  * and the daemon sends /usr/share/epoptes/client-functions to that shell

# Kill all ghost instances of epoptes-client of the same user.
# That may happen if network connectivity is lost for a while.
# Standalone workstations don't hang if the network is down, and nbd might cope
# with that for LTSP clients, but epoptes kills disconnected epoptes-clients.
# The current epoptes-client is excluded because it starts with /bin/sh.
pkill -U $UID -f '^epoptes-client$'

# Remember the stdout descriptor to use it in the second phase.
# stdio will be redirected to the server, but stderr will be kept in the
# local console, to avoid possible noise from applications started in the
# background.
# If the callee needs to grab stderr, it can use `cmd 2>&1`.
exec 5>&1

# Bash supports launching a program with a different zeroth argument,
# this makes pgrep'ing for epoptes-client easier.
cmdline='bash -c \"exec -a epoptes-client sh\"'

# Offer an lts.conf (or environment) variable to disable cert verification.
if my_boolean_is_true "${EPOPTES_CLIENT_VERIFY_CERTIFICATE:-True}"; then
    cert_param="cafile=/etc/epoptes/server.crt"
else
    cert_param="verify=0"
fi

# Connect to the server, or keep retrying until the server gets online
# (for standalone workstations booted before the server).
if [ -s /etc/epoptes/server.crt ] || [ "$cert_param" = "verify=0" ]; then
    exec socat openssl-connect:$SERVER:$PORT,$cert_param,interval=60,forever EXEC:"$cmdline"
elif [ -f /etc/epoptes/server.crt ]; then
   exec socat tcp:$SERVER:$PORT,interval=60,forever EXEC:"$cmdline",nofork
else
    die "
The epoptes certificate file, /etc/epoptes/server.crt, doesn't exist.
You can fetch the server certificate by running:
$0 -c"
fi

APT Browse - Built by Thomas Orozco.