175 lines
6.2 KiB
Bash
175 lines
6.2 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
SUPPORT_KEY="x2Dmw3hLRDPQa1sg59fAx2Dmw3hLRDPQa1sg59fA"
|
||
|
SUPPORT_URL="http://192.168.50.2:5000"
|
||
|
SUPPORT_SSHSERVER="192.168.50.2"
|
||
|
|
||
|
function error() {
|
||
|
id="$1"
|
||
|
echo $id
|
||
|
zenity --error --title="Erreur" --text="Une erreur s'est produite... Mais rien de grave !\nVous pouvez envoyez un mail à contact@lis67.eu en précisant l'erreur suivante : $id\n\nVous pouvez aussi essayer de quitter le support en relançant le logiciel, puis recommencer en le relançant à nouveau." --no-wrap
|
||
|
exit 1
|
||
|
}
|
||
|
|
||
|
if [[ $EUID -ne 0 ]]; then
|
||
|
error "lis67.uid.ne.zero"
|
||
|
fi
|
||
|
|
||
|
########################### UNINSTALL
|
||
|
if id lis67_support > /dev/null; then
|
||
|
if zenity --question --title="LIS67 support à distance" --text="Voulez-vous désactiver le dépannage à distance ?" --no-wrap; then
|
||
|
# uninstall packets
|
||
|
(
|
||
|
export DEBIAN_FRONTEND=noninteractive
|
||
|
# apt-get remove -yq autossh openssh-server
|
||
|
echo "100"
|
||
|
) | zenity --progress --title="LIS67 support à distance" --text="Désinstallation des paquets..." --auto-close --pulsate
|
||
|
|
||
|
# grap pubkey
|
||
|
pubkey=$(sudo -u lis67_support /bin/bash -c "cat /home/lis67_support/.ssh/id_rsa.pub")
|
||
|
|
||
|
# remove service and kill process
|
||
|
service lis67_autossh stop
|
||
|
pkill -9 autossh
|
||
|
service ssh stop
|
||
|
rm /etc/systemd/system/lis67_autossh.service
|
||
|
|
||
|
# delete user
|
||
|
userdel -r -f lis67_support
|
||
|
|
||
|
# inform webapp
|
||
|
curl -s -X DELETE -H "Content-Type: application/json" "$SUPPORT_URL/end" -d "{\"key\": \"${SUPPORT_KEY}\", \"pubKey\": \"${pubkey}\"}"
|
||
|
|
||
|
# done!
|
||
|
zenity --info --title="LIS67 support à distance" --text="Le support a été désactivé. Plus aucune personne au LIS67 ne pourra accéder à votre ordinateur tant que vous ne réactiverez pas le support." --no-wrap
|
||
|
exit 0
|
||
|
else
|
||
|
exit 0
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
########################### INSTALL
|
||
|
if zenity --question --title="LIS67 support à distance" --text="Voulez-vous activer le support dépannage à distance?\nSeules les personnes habilitées au LIS pourront accéder à votre ordinateur. Envoyer un mail à contact@lis67.eu pour savoir qui est autorisé.\n\nPour mettre fin au support, relancez ce logiciel." --no-wrap
|
||
|
then
|
||
|
# install packages
|
||
|
(
|
||
|
export DEBIAN_FRONTEND=noninteractive
|
||
|
apt-get install -yq jq autossh openssh-server > /dev/null 2>&1
|
||
|
echo "100"
|
||
|
) | zenity --progress --title="LIS67 support à distance" --text="Installation des paquets..." --auto-close --pulsate
|
||
|
|
||
|
# loop until the user understands what we expect...
|
||
|
while [[ -z $nom || -z $prenom || ${#nom} -le 3 || ${#prenom} -le 3 ]]; do
|
||
|
# ask nom et prenom
|
||
|
form_result=$(zenity --forms --title="Informations" --separator=";" --text="Entrez vos informations pour le support" --add-entry="Votre nom:" --add-entry="Votre prénom:")
|
||
|
|
||
|
if [[ $? -ne 0 ]]; then
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
IFS=';' read -ra FORM_ARR <<< "$form_result"
|
||
|
nom="${FORM_ARR[0]}"
|
||
|
prenom="${FORM_ARR[1]}"
|
||
|
|
||
|
if [[ -z $nom || -z $prenom ]]; then
|
||
|
zenity --error --title="Erreur" --text="Veuillez rentrer votre nom et prénom." --no-wrap
|
||
|
elif [[ ${#nom} -le 3 || ${#prenom} -le 3 ]]; then
|
||
|
zenity --error --title="Erreur" --text="Veuillez rentrer un nom et prénom un peu plus grand..." --no-wrap
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
# création du user
|
||
|
adduser --system --shell /bin/bash --gecos 'LIS67 support user' --group --disabled-password --home /home/lis67_support lis67_support
|
||
|
if [[ $? -ne 0 ]]; then
|
||
|
error "lis67.adduser"
|
||
|
fi
|
||
|
|
||
|
# add to sudo group
|
||
|
echo "lis67_support ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/lis67_support
|
||
|
|
||
|
# generate ssh key
|
||
|
if [[ -f /home/lis67_support/.ssh/id_rsa ]]; then
|
||
|
rm /home/lis67_support/.ssh/id_rsa /home/lis67_support/.ssh/id_rsa > /dev/null 2>&1
|
||
|
fi
|
||
|
sudo -u lis67_support /bin/bash -c "cd /home/lis67_support && ssh-keygen -q -t rsa -f /home/lis67_support/.ssh/id_rsa -N \"\""
|
||
|
if [[ $? -ne 0 ]]; then
|
||
|
error "lis67.ssh_keygen"
|
||
|
fi
|
||
|
|
||
|
# get ssh_key value
|
||
|
pubkey=$(sudo -u lis67_support /bin/bash -c "cat /home/lis67_support/.ssh/id_rsa.pub")
|
||
|
if [[ $? -ne 0 || -z $pubkey ]]; then
|
||
|
error "lis67.pubkey_read"
|
||
|
fi
|
||
|
|
||
|
# push pubkey on server
|
||
|
server_ret=$(curl -X POST -H "Content-Type: application/json" "$SUPPORT_URL/request" -d "{\"key\": \"${SUPPORT_KEY}\", \"pubKey\": \"${pubkey}\", \"nom\": \"${nom}\", \"prenom\": \"${prenom}\"}")
|
||
|
if [[ $? -ne 0 ]]; then error "lis67.srv_err.curl"; fi
|
||
|
if [[ -z $server_ret ]]; then error "lis67.srv_err.empty_resp"; fi
|
||
|
|
||
|
status=$(echo "$server_ret" | jq .status -r)
|
||
|
if [[ $? -ne 0 ]]; then error "lis67.jqstatus.ret"; fi
|
||
|
if [[ "$status" != "ok" ]]; then error "lis67.status.notok"; fi
|
||
|
|
||
|
lis67_pubkeys=$(echo "$server_ret" | jq .pubkeys -r)
|
||
|
if [[ $? -ne 0 ]]; then error "lis67.jqpubkeys.ret"; fi
|
||
|
if [[ -z $lis67_pubkeys ]]; then error "lis67.pubkeys.empty"; fi
|
||
|
|
||
|
remote_port=$(echo "$server_ret" | jq .remoteport -r)
|
||
|
if [[ $? -ne 0 ]]; then error "lis67.jqremoteport.ret"; fi
|
||
|
if [[ -z $remote_port ]]; then error "lis67.remoteport.empty"; fi
|
||
|
|
||
|
remote_user=$(echo "$server_ret" | jq .remoteuser -r)
|
||
|
if [[ $? -ne 0 ]]; then error "lis67.jqremoteuser.ret"; fi
|
||
|
if [[ -z $remote_user ]]; then error "lis67.remoteuser.empty"; fi
|
||
|
|
||
|
# write lis67 keys to authorized
|
||
|
echo -e "$lis67_pubkeys" > /home/lis67_support/.ssh/authorized_keys
|
||
|
|
||
|
# start autossh service
|
||
|
cat << EOF > /etc/systemd/system/lis67_autossh.service
|
||
|
[Unit]
|
||
|
Description=Reverse SSH tunnel
|
||
|
After=network-online.target
|
||
|
|
||
|
[Service]
|
||
|
ExecStart=/home/lis67_support/autossh.sh
|
||
|
TimeoutSec=infinity
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
EOF
|
||
|
|
||
|
cat << EOF > /home/lis67_support/autossh.sh
|
||
|
#!/bin/bash
|
||
|
while [ 1 ]; do
|
||
|
/usr/bin/autossh -i /home/lis67_support/.ssh/id_rsa -p 22967 -o StrictHostKeyChecking=no -NR $remote_port:localhost:22 $remote_user@$SUPPORT_SSHSERVER
|
||
|
done
|
||
|
EOF
|
||
|
|
||
|
cat << EOF > /home/lis67_support/as_user.sh
|
||
|
#!/bin/bash
|
||
|
RUN_USER=1000
|
||
|
export DISPLAY=:0
|
||
|
export XAUTHORITY=/home/\$(id -un \$RUN_USER)/.Xauthority
|
||
|
export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/\$RUN_USER/bus
|
||
|
sudo -u \$(id -un \$RUN_USER) -E \$@
|
||
|
EOF
|
||
|
chmod +x /home/lis67_support/as_user.sh
|
||
|
|
||
|
cat << EOF > /home/lis67_support/welcome.sh
|
||
|
#!/bin/bash
|
||
|
/home/lis67_support/as_user.sh zenity --notification --text "LIS67 support: votre ordinateur est pris en charge à distance."
|
||
|
EOF
|
||
|
chmod +x /home/lis67_support/as_user.sh
|
||
|
|
||
|
service ssh start
|
||
|
|
||
|
chmod +x /home/lis67_support/autossh.sh
|
||
|
systemctl enable lis67_autossh
|
||
|
service lis67_autossh start
|
||
|
|
||
|
# done!
|
||
|
zenity --info --title="Succès" --text="Support activé !" --no-wrap
|
||
|
fi
|