unbrot/fedora-OEMDRV
1
0
Fork 0
forked from obel1x/fedora-OEMDRV
Code Pull Requests Activity
Files
8e2cd35eb4fcd4484dc05f92d58a13d46226f812
fedora-OEMDRV/system_setup/logon_script.sh
T
Daniel unbrot Pätzold 8e2cd35eb4 logon_script: check DNS resolution before proceeding 
If the IPA server FQDN cannot be resolved at startup (e.g. due to a
DNSSEC outage or network not yet ready), the logon script would silently
fail later. The new check prompts the user to retry, continue anyway, or
quit, so the problem is immediately visible.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-07 10:11:10 +02:00

144 lines
6.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# User logon script for KDE Environement
#
source $(dirname "$0")/setup_system.inc.sh
elog_init "User Logon Script"
elog_add "=================="
elog_add ""
elog_add `date`
elog_add "Logging to File ${LOGFILE}"
if [ "$EUID" -eq 0 ]; then
elog_add "Error: Cannot run this script as root."
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
# Check DNS resolution before proceeding - logon depends on IPA and Nextcloud being reachable
_dns_target="${SERVERFQDN_IPA}"
while ! getent hosts "${_dns_target}" >/dev/null 2>&1; do
elog_add "Warning: DNS resolution failed for ${_dns_target} - network or DNS not ready."
echo ""
echo "Warning: DNS resolution failed for ${_dns_target}."
echo "Please check your network connection and DNS settings before continuing."
echo ""
printf " [R]etry [C]ontinue anyway [Q]uit: "
read -r _dns_choice
case "${_dns_choice}" in
[Cc]) elog_add "Continuing despite DNS failure (user choice)."; break ;;
[Qq]) elog_add "Script aborted by user due to DNS failure."; exit 1 ;;
*) elog_add "Retrying DNS check for ${_dns_target}..." ;;
esac
done
#Check for needed python-modules
#For WEBDAV
python -c "import webdav3">/dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "Installing pip module webdav3"
pip install webdavclient3>/dev/null
fi
#For IPA (system package python3-ipaclient, cannot be pip-installed)
python -c "import ipalib">/dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "Error: python3-ipaclient is not installed. Please install it via: sudo dnf install python3-ipaclient"
fi
#TODO C: Check if Desktop is KDE/Plasma and support other Displays
# Make kdesu use sudo
kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo >/dev/null 2>&1
# Mount the private Directory
elog_add_command "${SYSCONFIGPATH}/system_setup/mount_ecrypt_home.sh"
if [ $? -ne 0 ]; then
elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available."
elog_add "The script was searched by SYSCONFIGPATH in directory ${SYSCONFIGPATH}, please check if your setup is correct."
elog_add "If you want to redo this script here, execute ${SCRIPTPATH}/${SCRIPTNAME}"
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
#Get WEBDAV TOKEN from Nextcloud
get_nc_token
if [ $? -ne 0 ]; then
elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available."
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
elog_add "Successfully obtained Token for User ${DAVTOKEN_USER}"
#Install Software
elog_add ""
elog_add "Update and install client software"
#Set global to enable git
git config --global --add safe.directory /opt/sys_config
# First, check the sudo rule
elog_add "Check the matching client rule:"
#Somewhat strange "sudo -l" will *sometimes* ask for password instead of just checking if the rule can be found, so it needs -n to be silent
# The behaviour will be:
# A. If "sudo -l" wants a password (some installations!):
# If a matching rule with !authenticate is found, no passwd will be asked and retno is 0
# If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the
# error "a password is needed" an retno is 1
# If there is no sudo rule at all, it will only set retno to 1
#-> Anyway, returning > 0 means the user is not allowed to run sw installation, which is fine. Print Message and skip installation.
#
# B. If "sudo -l" doesn't not want a password, then
# RETNO = 0 , but the Output of "sudo -l -l" must als be checked, if there is an Option !authenticate in the returnung string, otherwise a failed installation cannot be
# divided from a missing sudo-rule
#
elog_add_command_subshell "/usr/bin/sudo -n -l -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
if [[ $RETNO -ne 0 ]]; then
elog_add "Error was no $RETNO"
elog_add "No matching IPA sudo rule found for the setup- script of this user, so the user is not allowed to run software setup."
elog_add "This will not work, because necessary steps cannot be executed."
elog_add "Please check the sudo rules in ipa and your group membership to make this work."
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
elog_add "Skipping SW setup."
echo "Press any key to continue" && read -n 1 -s -r && exit 1
else
# Check, if the rule is with Option !authenticate
if [[ $RETTXT != *"!authenticate"* ]]; then
elog_add "The above IPA rule found for this user and the install script, but it has not the right options to be executed without password."
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
elog_add "Skipping SW Install."
else
# Rule seems to be ok, executing script
elog_add "Matching Sudo rule found."
elog_add ""
elog_add "Running client software sync..."
elog_add_command "/usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install $1"
#ERRTXT=$( { /usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install > >(tee -a ${LOGFILE}); } 2>&1 )
#ERR=$?
if [[ $RETNO -ne 0 ]]; then
elog_add "Errorcode was $RETNO"
elog_add "Error executing software sync and install, please check your output!"
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
fi
fi
echo ""
#Anyway run user scripts if existent
elog_add_command "${CLIENT_SOFTWARE_DST}/user_run.sh $1"
if [ $? -ne 0 ]; then
exit 1
fi
elog_add ""
#SYNC Firefox + Thunderbird Profile
${SYSCONFIGPATH}/system_setup/mozilla_starter.sh firefox sync && ${SYSCONFIGPATH}/system_setup/mozilla_starter.sh thunderbird sync
elog_add "Successfully synced Mozilla profiles (log in another file)."
elog_add "Sucessfully run logon script (Wait 3 seconds)"
sleep 3
#read -n 1 -s -r -p "Press any key to continue"
#echo ""
exit 0
View Git Blame Copy Permalink