You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
170 lines
3.1 KiB
170 lines
3.1 KiB
#!/sbin/openrc-run
|
|
|
|
extra_commands="check add_hostkey check_verbose update_checksum"
|
|
|
|
CHECKSUM_FILE=${CHECKSUM_FILE:-/var/lib/calculate/access_checksum}
|
|
|
|
depend()
|
|
{
|
|
need net
|
|
keyword -timeout
|
|
}
|
|
|
|
ask_keystore() {
|
|
if [[ $1 =~ : ]]
|
|
then
|
|
host=${1/:*/}
|
|
port=${1/*:/}
|
|
else
|
|
host=$1
|
|
port=22
|
|
fi
|
|
if [[ $host =~ @ ]]
|
|
then
|
|
user=${host/@*/}
|
|
host=${host/*@/}
|
|
else
|
|
user=access
|
|
fi
|
|
what=$2
|
|
strict=${3:-yes}
|
|
/usr/bin/ssh -o KbdInteractiveAuthentication=no \
|
|
-o ControlPath=none \
|
|
-o ControlMaster=no \
|
|
-o ConnectTimeout=${CONNECT_TIMEOUT:-20} \
|
|
-o StrictHostKeyChecking=${strict} \
|
|
-o PasswordAuthentication=no \
|
|
-o BatchMode=yes \
|
|
-o PreferredAuthentications=publickey \
|
|
-p $port -T \
|
|
-i ${KEYFILE:-/var/lib/calculate/access_key} \
|
|
$user@$host $what
|
|
}
|
|
|
|
add_hostkey() {
|
|
for host in ${ACCESSHOST:-access}
|
|
do
|
|
ask_keystore $host "" no 2>&1 | grep -oP "Permanently added.*"
|
|
done
|
|
}
|
|
|
|
check() {
|
|
for host in ${ACCESSHOST:-access}
|
|
do
|
|
ebegin "Host: $host"
|
|
(ask_keystore $host access | tar tjf -) 2>&1 | grep -q ^start
|
|
eend $?
|
|
done
|
|
}
|
|
|
|
update_host_checksum() {
|
|
SHA512=$(ask_keystore $host access 2>/dev/null |
|
|
tar xjOf - start 2>/dev/null |
|
|
sha512sum | awk '{print $1}';exit ${PIPESTATUS[1]})
|
|
if [[ $? -ne 0 ]]
|
|
then
|
|
return 1
|
|
fi
|
|
sed -i "s/$host .*/$host $SHA512/" $CHECKSUM_FILE &>/dev/null || echo $host $SHA512 >>$CHECKSUM_FILE
|
|
return 0
|
|
}
|
|
|
|
wordremove() {
|
|
local word=$1;
|
|
sed -r "s/(^$word ?|$word | ?$word\$)//g";
|
|
}
|
|
|
|
check_host_data() {
|
|
host=$1
|
|
file=$2
|
|
sum=$(sha512sum $file | awk '{print $1}')
|
|
if ! grep -q "$host $sum" $CHECKSUM_FILE &>/dev/null
|
|
then
|
|
if grep -q "$host " $CHECKSUM_FILE &>/dev/null
|
|
then
|
|
ACCESSHOST=$(echo ${ACCESSHOST} | wordremove $host)
|
|
eerror "Wrong checksum"
|
|
return 1
|
|
fi
|
|
echo $host $sum >>$CHECKSUM_FILE
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
update_checksum() {
|
|
#rm -f /var/lib/calculate/access_checksum
|
|
for host in ${ACCESSHOST:-access}
|
|
do
|
|
ebegin "Host: $host"
|
|
update_host_checksum $host
|
|
eend $?
|
|
done
|
|
}
|
|
|
|
check_verbose() {
|
|
for host in ${ACCESSHOST:-access}
|
|
do
|
|
ebegin "Host: $host"
|
|
(ask_keystore $host access | tar tjf -) 2>&1
|
|
eend $?
|
|
done
|
|
}
|
|
|
|
try_access() {
|
|
for host in ${ACCESSHOST:-access}
|
|
do
|
|
echo "Host: $host"
|
|
ask_keystore $host access | tar xjf - -C /dev/shm/access 2>/dev/null
|
|
if [[ ${PIPESTATUS[0]} -eq 0 ]]
|
|
then
|
|
if check_host_data $host /dev/shm/access/start
|
|
then
|
|
return 0
|
|
fi
|
|
fi
|
|
done
|
|
return 1
|
|
}
|
|
|
|
start() {
|
|
ebegin "Starting access"
|
|
if [[ -d /dev/shm/access ]]
|
|
then
|
|
rm -rf /dev/shm/access
|
|
fi
|
|
mkdir /dev/shm/access
|
|
local try=${RETRY:-6}
|
|
local stopfile=/run/stop_access
|
|
local res=1
|
|
while ! [[ -f $stopfile ]] && [[ $try -ne 0 ]]
|
|
do
|
|
|
|
if try_access
|
|
then
|
|
chmod 0700 /dev/shm/access
|
|
/bin/bash /dev/shm/access/start
|
|
res=$?
|
|
rm -rf /dev/shm/access/start /dev/shm/access/[0-9]*
|
|
break
|
|
else
|
|
res=1
|
|
fi
|
|
if [[ $try -gt 0 ]]
|
|
then
|
|
try=$(( $try - 1 ))
|
|
fi
|
|
done
|
|
rm -f $stopfile
|
|
eend $res "Failed to start access"
|
|
}
|
|
|
|
stop() {
|
|
ebegin "Stopping access"
|
|
if [[ -f /dev/shm/access/stop ]]
|
|
then
|
|
/bin/bash /dev/shm/access/stop
|
|
fi
|
|
rm -rf /dev/shm/access
|
|
eend 0 "Failed to stop access"
|
|
}
|