#!/usr/bin/env bash # SPDX-FileCopyrightText: Daniel Pätzold # SPDX-License-Identifier: AGPL-3.0-or-later # # User logon script for KDE Environement # source $(dirname "$0")/setup_system.inc.sh elog_init "User Logon Script" elog_add "==================" elog_add "" elog_add `date` elog_add "Logging to File ${LOGFILE}" if [ "$EUID" -eq 0 ]; then elog_add "Error: Cannot run this script as root." echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi # Check DNS resolution before proceeding - logon depends on IPA and Nextcloud being reachable _dns_target="${SERVERFQDN_IPA}" while ! getent hosts "${_dns_target}" >/dev/null 2>&1; do elog_add "Warning: DNS resolution failed for ${_dns_target} - network or DNS not ready." echo "" echo "Warning: DNS resolution failed for ${_dns_target}." echo "Please check your network connection and DNS settings before continuing." echo "" printf " [R]etry [C]ontinue anyway [Q]uit: " read -r _dns_choice case "${_dns_choice}" in [Cc]) elog_add "Continuing despite DNS failure (user choice)."; break ;; [Qq]) elog_add "Script aborted by user due to DNS failure."; exit 1 ;; *) elog_add "Retrying DNS check for ${_dns_target}..." ;; esac done #Check for needed python-modules #For WEBDAV python -c "import webdav3">/dev/null 2>&1 if [[ $? -ne 0 ]]; then echo "Installing pip module webdav3" pip install webdavclient3>/dev/null fi #For IPA (system package python3-ipaclient, cannot be pip-installed) python -c "import ipalib">/dev/null 2>&1 if [[ $? -ne 0 ]]; then echo "Error: python3-ipaclient is not installed. Please install it via: sudo dnf install python3-ipaclient" fi if [ "${XDG_CURRENT_DESKTOP}" = "KDE" ]; then # Start each session empty (not restoring previous apps) - avoids stale mounts and autostart conflicts kwriteconfig5 --file ksmserverrc --group General --key loginMode 2 >/dev/null 2>&1 # Make kdesu use sudo kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo >/dev/null 2>&1 fi # Mount the private Directory elog_add_command "${SYSCONFIGPATH}/system_setup/mount_ecrypt_home.sh" if [ $? -ne 0 ]; then elog_add "Some Error when running/mounting private Directory, cannot continue. Your Data will not be available." elog_add "If the File was not found: The mount script was searched in directory ${SYSCONFIGPATH} which is defined by SYSCONFIGPATH in your config." elog_add "Please check if your setup is correct." elog_add "If you want to redo this script here, execute ${SCRIPTPATH}/${SCRIPTNAME}" echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi #Get WEBDAV TOKEN from Nextcloud get_nc_token if [ $? -ne 0 ]; then elog_add "Some Error when getting WEBDAV token. Cannot continue. Your Data will not be available." echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi elog_add "Successfully obtained Token for User ${DAVTOKEN_USER}" #Install Software elog_add "" elog_add "Update and install client software" #Set global to enable git git config --global --add safe.directory /opt/sys_config # Pre check for old configuration parameters, will be removed in the future if [ ! -z "${CLIENT_SOFTWARE_DST}" ] || [ ! -z "${CLIENT_SOFTWARE_SRC}" ]; then elog_add " ====================" elog_add "" elog_add "WARNING: Your company/setup has still CLIENT_SOFTWARE_DST or CLIENT_SOFTWARE_SRC set." elog_add "These parameters are obsolete and must be removed! The new parameters are CLIENT_SOFTWARE_CUST_DST and CLIENT_SOFTWARE_CUST_SRC" elog_add "as the software repository has been split into customer software and distributed software." elog_add "Please try to relog first. If this problem reoccures, contact your system admins to correct it." elog_add "Will continue with the new path. Press any key to continue." elog_add "" elog_add " ====================" read -n 1 -s -r fi # First, check the sudo rule elog_add "Check the matching client rule:" #Somewhat strange "sudo -l" will *sometimes* ask for password instead of just checking if the rule can be found, so it needs -n to be silent # The behaviour will be: # A. If "sudo -l" wants a password (some installations!): # If a matching rule with !authenticate is found, no passwd will be asked and retno is 0 # If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the # error "a password is needed" an retno is 1 # If there is no sudo rule at all, it will only set retno to 1 #-> Anyway, returning > 0 means the user is not allowed to run sw installation, which is fine. Print Message and skip installation. # # B. If "sudo -l" doesn't not want a password, then # RETNO = 0 , but the Output of "sudo -l -l" must als be checked, if there is an Option !authenticate in the returnung string, otherwise a failed installation cannot be # divided from a missing sudo-rule # elog_add_command_subshell "/usr/bin/sudo -n -l -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh" if [[ $RETNO -ne 0 ]]; then elog_add "Error was no $RETNO" elog_add "No matching IPA sudo rule found for the setup- script of this user, so the user is not allowed to run software setup." elog_add "This will not work, because necessary steps cannot be executed." elog_add "Please check the sudo rules in ipa and your group membership to make this work." elog_add "Hint: the rule must contain the !authenticate and setenv option to work." elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$' elog_add "Skipping SW setup." echo "Press any key to continue" && read -n 1 -s -r && exit 1 else # Check, if the rule is with Option !authenticate if [[ $RETTXT != *"!authenticate"* ]]; then elog_add "The above IPA rule found for this user and the install script, but it has not the right options to be executed without password." elog_add "Hint: the rule must contain the !authenticate and setenv option to work." elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$' elog_add "Skipping SW Install." else # Rule seems to be ok, executing script elog_add "Matching Sudo rule found." elog_add "" elog_add "Running ${SYSCONFIGPATH}/system_setup/sync_client_software.sh" elog_add_command "/usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install $1" if [[ $RETNO -ne 0 ]]; then elog_add "Errorcode was $RETNO" elog_add "Error executing software sync and install, please check your output!" echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi fi fi #Anyway run user scripts if existent elog_add "Running scripts in user- context." #1. Run the scripts, that are delivered by the package maintainers elog_add "Pre installed scripts" for DIR in $(ls -d ${SYSCONFIGPATH}/client_software/*/ | sort); # list directories in the form "/tmp/dirname/" do DIR=${DIR%*/} # remove the trailing "/" if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then #search for string in dir elog_add "Skipping ${DIR} while not in search parameter ( $1 )." continue fi if [ -f "${DIR}/user_run.sh" ]; then elog_add " >>> Running ${DIR}/user_run.sh" cd ${DIR} elog_add_command "${DIR}/user_run.sh" if [ $? -ne 0 ]; then elog_add " ====================" elog_add "Some Error in script, will not continue. Please check." elog_add "Press any key to continue." read -n 1 -s -r exit 1 fi elog_add " ====================" fi done elog_add "Done running pre installed scripts" #2. Run the scripts, that are delivered by the package maintainers # To run scripts, the tepository path must always be set right (but maybe empty, which is fine) if [ "${CLIENT_SOFTWARE_CUST_DST}" != "${SYSCONFIGPATH}/client_software_cust" ]; then echo "Error in config: Required parameter CLIENT_SOFTWARE_CUST_DST is missing or set wrong." echo "Please relog and if the problem reoccures, contact your system admins to correct the Values." read -n 1 -s -r -p "Press any key to continue" else elog_add "Running company delivered scripts in ${CLIENT_SOFTWARE_CUST_DST}" for DIR in $(ls -d ${CLIENT_SOFTWARE_CUST_DST}/*/ | sort); # list directories in the form "/tmp/dirname/" do DIR=${DIR%*/} # remove the trailing "/" if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then #search for string in dir elog_add "Skipping ${DIR} while not in search parameter ( $1 )." continue fi if [ -f "${DIR}/user_run.sh" ]; then elog_add " >>> Running ${DIR}/user_run.sh" cd ${DIR} elog_add_command "${DIR}/user_run.sh" if [ $? -ne 0 ]; then elog_add " ====================" elog_add "Some Error in script, will not continue. Please check." elog_add "Press any key to continue." read -n 1 -s -r exit 1 fi elog_add " ====================" fi done elog_add "Done running company scripts" fi elog_add "Completed user scripts." elog_add "" # Remove unused flatpak user installed software and data flatpak uninstall --unused -y --user flatpak uninstall --delete-data -y #SYNC Firefox + Thunderbird Profile if [ ! -z "${PROFILE_FIREFOX_SRC}" ]; then ${SYSCONFIGPATH}/system_setup/mozilla_starter.sh firefox sync fi if [ $? -eq 0 ] && [ ! -z "${PROFILE_TB_SRC}" ]; then ${SYSCONFIGPATH}/system_setup/mozilla_starter.sh thunderbird sync if [ $? -eq 0 ]; then elog_add "Successfully synced Mozilla profiles (log in another file)." fi fi elog_add "Sucessfully run logon script (Wait 3 seconds)" sleep 3 #read -n 1 -s -r -p "Press any key to continue" #echo "" exit 0