forked from obel1x/fedora-OEMDRV
129 lines
4.9 KiB
Bash
Executable File
129 lines
4.9 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
# SPDX-FileCopyrightText: Daniel Pätzold
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
#
|
|
# Kwallet Setup to Secure Directory
|
|
#
|
|
# Kwallet will be used for storing passwords for most KDE- Applications, like for Nextcloud- Client, Talk app and many more.
|
|
# Usually Kwallet will set your first logon password for the wallet to have good encryption of your wallet file.
|
|
# But when the logon Password changes on the Domain, after new logon you will be asked and you need to know the OLD password
|
|
# If the old password was lost. This is a very bad situation, because you cannot recover your passwords.
|
|
# Instead we will use Walletfiles without a password, so stored data won't be lost.
|
|
# This requires to have them encrypted at a secure place by the domain-encryption that we always use for our Data
|
|
#
|
|
# Basically, this script checks, if the Walletfile can be used without password and if it is located in the encrypted directory for security.
|
|
# Otherwise it will setup a the Walletfile into the encrypted Data-Directory and make it useable.
|
|
#
|
|
echo "Setup KWallet Password- Service."
|
|
|
|
#Check for root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo."
|
|
exit 1
|
|
fi
|
|
|
|
#Check Token
|
|
if [ "${DAVTOKEN_USER}." == "." ]; then
|
|
echo "Error: Script cannot be executed standalone and needs a prereserved Environment. Quit."
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -z $(wmctrl -m | grep "KWin") ]]; then
|
|
# No KDE here - Cinnamon in Test
|
|
exit 0
|
|
fi
|
|
|
|
#Local Vars
|
|
WALLETNAME="kdewallet"
|
|
WALLETFILE="${WALLETNAME}.kwl"
|
|
WALLETPATH="${DECRYPTEDDATADIR}/kwallet"
|
|
WALLETPATH_CFG="$SUDO_HOME/.local/share/kwalletd"
|
|
|
|
# Stop the daemon anyway if running
|
|
# kwallet and kwalletmanager are optional and only started when an app has been using them already
|
|
WALLET_PID=$( pgrep -u $SUDO_USER kwalletd6 )
|
|
if [[ ! -z ${WALLET_PID} ]]; then
|
|
MANAGER_PID=$( pgrep -u $SUDO_USER kwalletmanager5 )
|
|
if [[ ! -z ${MANAGER_PID} ]]; then
|
|
echo "Stopping kwalletmanager5 with PID ${MANAGER_PID}"
|
|
kill ${MANAGER_PID}
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Service could not be stopped, please check why."
|
|
exit 1
|
|
fi
|
|
fi
|
|
echo "Stopping kwalletd6 with PID ${WALLET_PID}"
|
|
kill ${WALLET_PID} && sleep 0.5
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Kwallet Service could not be stopped, please check why."
|
|
exit 1
|
|
fi
|
|
fi
|
|
# ksecret is the basic daemon now, it needs to be stopped last
|
|
SECTRETS_PID=$( pgrep -u $SUDO_USER ksecretd )
|
|
if [[ ! -z ${SECTRETS_PID} ]]; then
|
|
echo "Stopping ksecretd with PID ${SECTRETS_PID}"
|
|
kill ${SECTRETS_PID} && sleep 0.5
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Service could not be stopped, please check why."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
#Setup encrypted path if not existing already
|
|
mkdir -p ${WALLETPATH}
|
|
#Check, if wallet ist already setup in encryted dir. If not, copy our empty deafult wallets to it
|
|
if [ ! -f "${WALLETPATH}/${WALLETNAME}.kwl" ]; then
|
|
echo "Wallet ${WALLETNAME} was not found, setting it up from scratch."
|
|
rm -f ${WALLETPATH}/*
|
|
cp ${WALLETNAME}.* ${WALLETPATH}
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Error: Copy of files for Wallet ${WALLETNAME} failed."
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "Will use existing encrypted Wallet in ${WALLETPATH}/${WALLETNAME}.kwl"
|
|
fi
|
|
chown $SUDO_USER:$SUDO_USER ${WALLETPATH} -R
|
|
chmod u=rwX,og-rwx ${WALLETPATH} -R
|
|
|
|
#Unmount to have free vision to Directory
|
|
if grep -q ""${WALLETPATH_CFG}"" "/etc/mtab"; then
|
|
echo "Umount of Wallet-Config ${WALLETPATH_CFG}"
|
|
umount ${WALLETPATH_CFG}
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Error in unmount. Please check."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
#With every new start of KDE the Files will be recreated in ${WALLETPATH_CFG} containing no passwords but enrcypted with current user password
|
|
#We cannot use this wallet, so drop it
|
|
rm -f ${WALLETPATH_CFG}/*.*
|
|
|
|
#Restore initial configuration with defaults and make a backup of the old one
|
|
#Only do this once!
|
|
if [[ ! -f "$SUDO_HOME/.config/kwalletrc" ]]; then
|
|
#New install, never create rc file before -> use predefined
|
|
cp -f $(dirname "0")/kwalletrc $SUDO_HOME/.config/
|
|
chown $SUDO_USER:$SUDO_USER $SUDO_HOME/.config/kwalletrc
|
|
chmod u=rw,og-rwx $SUDO_HOME/.config/kwalletrc
|
|
fi
|
|
if [[ ! -f "$SUDO_HOME/.config/kwalletrc.bak" ]]; then
|
|
# If something else was installed before and no bak is existent, make a bakup and reinstall (could also be the predefined version)
|
|
cp $SUDO_HOME/.config/kwalletrc $SUDO_HOME/.config/kwalletrc.bak
|
|
cp -f $(dirname "0")/kwalletrc $SUDO_HOME/.config/
|
|
chown $SUDO_USER:$SUDO_USER $SUDO_HOME/.config/kwalletrc
|
|
chmod u=rw,og-rwx $SUDO_HOME/.config/kwalletrc
|
|
fi
|
|
|
|
#Bind mount secure folder to wallet directory
|
|
echo "Mounting secure ${WALLETPATH} to wallet-directory ${WALLETPATH_CFG}"
|
|
mount --bind ${WALLETPATH} ${WALLETPATH_CFG}
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Error bind mounting secure Files to Wallet. Please check what went wrong."
|
|
exit 1
|
|
fi
|
|
echo "Done setting up kwallet from secure user folder."
|
|
exit 0
|