[4333] | 1 | #!/bin/sh |
---|
| 2 | # Script to bounce the packs on an Athena workstation |
---|
| 3 | # |
---|
[22075] | 4 | # $Id: reactivate.sh,v 1.80 2005-07-07 15:19:02 ghudson Exp $ |
---|
[4333] | 5 | |
---|
[15992] | 6 | # Ignore various terminating signals. |
---|
| 7 | trap "" HUP INT QUIT PIPE ALRM TERM USR1 USR2 |
---|
[4333] | 8 | |
---|
[16617] | 9 | PATH=/bin:/etc/athena:/bin/athena:/usr/bin:/usr/sbin:/usr/ucb:/usr/bsd:/sbin; export PATH |
---|
[10741] | 10 | HOSTTYPE=`/bin/athena/machtype`; export HOSTTYPE |
---|
[4333] | 11 | |
---|
[15992] | 12 | pidfile=/var/athena/reactivate.pid |
---|
| 13 | countfile=/var/athena/reactivate.count |
---|
| 14 | nologin=/etc/nologin |
---|
| 15 | made_nologin=false |
---|
[16383] | 16 | afsconfig=/afs/athena.mit.edu/system/config/afs |
---|
[15992] | 17 | |
---|
| 18 | umask 22 |
---|
| 19 | . /etc/athena/rc.conf |
---|
| 20 | |
---|
| 21 | # Quit now if in the middle of an update. |
---|
[16700] | 22 | if [ -f /var/athena/update.running ]; then |
---|
[15992] | 23 | # In an update, quit now. |
---|
| 24 | echo "reactivate: This workstation is in the middle of an update." |
---|
| 25 | exit 1 |
---|
[16700] | 26 | fi |
---|
[15992] | 27 | |
---|
| 28 | if [ "$1" = -prelogin ]; then |
---|
| 29 | echo "Cleaning up..." >> /dev/console |
---|
| 30 | full=false |
---|
| 31 | else |
---|
| 32 | full=true |
---|
| 33 | fi |
---|
| 34 | |
---|
| 35 | # Quit now if another reactivate process is running. |
---|
| 36 | if [ -s $pidfile ]; then |
---|
| 37 | pid=`cat $pidfile 2>/dev/null` |
---|
| 38 | if [ -n "$pid" -a "$pid" -ne 0 ]; then |
---|
| 39 | kill -0 $pid 2>/dev/null |
---|
| 40 | if [ $? -eq 0 ]; then |
---|
| 41 | echo "Another reactivate process is running ($pid)." |
---|
| 42 | exit 0 |
---|
| 43 | fi |
---|
| 44 | fi |
---|
| 45 | fi |
---|
| 46 | |
---|
| 47 | echo $$ > $pidfile |
---|
| 48 | |
---|
| 49 | # Define a function to clean up at exit. |
---|
| 50 | # We want to ensure that we don't leave logins disabled. |
---|
| 51 | # This function also removes our pid file. |
---|
| 52 | # (Note that terminating signals are ignored, above). |
---|
| 53 | cleanexit() |
---|
| 54 | { |
---|
| 55 | if [ true = "${made_nologin}" ]; then |
---|
| 56 | rm -f $nologin |
---|
| 57 | fi |
---|
| 58 | rm -f $pidfile |
---|
| 59 | } |
---|
| 60 | |
---|
| 61 | trap cleanexit EXIT |
---|
| 62 | |
---|
| 63 | # See if anyone is logged in. We check for stale utmp entries, by |
---|
| 64 | # doing a kill -0 on the session leader's pid. |
---|
| 65 | # The Linux who does not give the pid, so we must use ps to figure |
---|
| 66 | # it out. |
---|
| 67 | if [ "$full" = true ]; then |
---|
| 68 | if [ linux = "$HOSTTYPE" ]; then |
---|
| 69 | pids= |
---|
[16275] | 70 | # Use w instead of who, since it ignores stale utmp entries. |
---|
| 71 | for tty in `w -h -s | awk '{ print $2; }'` ; do |
---|
[16243] | 72 | pids="$pids `ps --no-heading -j -t $tty 2>/dev/null | \ |
---|
[15992] | 73 | awk '($1 == $3) { print $1; }'`" |
---|
| 74 | done |
---|
| 75 | else |
---|
| 76 | pids=`who -u | awk '{ print $7; }'` |
---|
| 77 | fi |
---|
| 78 | |
---|
[16252] | 79 | # If any session leader pid is current, quit now. Ignore dm |
---|
| 80 | # (which is the session leader on the console tty), in case of |
---|
| 81 | # a stale utmp entry from a console login. |
---|
| 82 | dmpid=`cat /var/athena/dm.pid 2>/dev/null` |
---|
[15992] | 83 | for pid in $pids ; do |
---|
[16252] | 84 | if [ "$pid" != "$dmpid" ]; then |
---|
| 85 | kill -0 $pid 2>/dev/null |
---|
| 86 | if [ $? -eq 0 ]; then |
---|
| 87 | rm -f $countfile |
---|
| 88 | exit 0 |
---|
| 89 | fi |
---|
[15992] | 90 | fi |
---|
| 91 | done |
---|
| 92 | |
---|
[19933] | 93 | # Also quit if there are screen processes running. |
---|
| 94 | if [ false = "$PUBLIC" ] && pgrep '^screen' > /dev/null; then |
---|
| 95 | exit 0 |
---|
| 96 | fi |
---|
| 97 | |
---|
[15992] | 98 | # Check for valid Athena session records; these get created for |
---|
| 99 | # remote shells, etc., which may not have an associated utmp entry. |
---|
| 100 | # Quit if any are found. |
---|
| 101 | |
---|
| 102 | # We need to use nawk on Solaris in parsing the sessions file below. |
---|
| 103 | case "$HOSTTYPE" in |
---|
| 104 | sun4) |
---|
| 105 | awk=nawk |
---|
| 106 | ;; |
---|
| 107 | *) |
---|
| 108 | awk=awk |
---|
| 109 | ;; |
---|
| 110 | esac |
---|
| 111 | |
---|
| 112 | for i in /var/athena/sessions/* ; do |
---|
| 113 | if [ -s $i ]; then |
---|
| 114 | for pid in ` \ |
---|
| 115 | $awk -F : ' \ |
---|
| 116 | FNR == 5 \ |
---|
| 117 | { \ |
---|
| 118 | for (i = 1; i <= NF; i++) \ |
---|
| 119 | if (int($i) != 0) \ |
---|
| 120 | print $i; \ |
---|
| 121 | }' $i` ; do |
---|
| 122 | kill -0 $pid 2>/dev/null |
---|
| 123 | if [ $? -eq 0 ]; then |
---|
| 124 | rm -f $countfile |
---|
| 125 | exit 0 |
---|
| 126 | fi |
---|
| 127 | done |
---|
| 128 | fi |
---|
| 129 | done |
---|
[16279] | 130 | |
---|
| 131 | local-menus |
---|
[15992] | 132 | fi |
---|
| 133 | |
---|
| 134 | # There are no current logins or sessions, so proceed. We disable |
---|
| 135 | # logins for the duration, by creating /etc/nologin, unless it |
---|
| 136 | # already exists. |
---|
| 137 | if [ ! -f $nologin ]; then |
---|
| 138 | made_nologin=true |
---|
| 139 | echo "Workstation is reactivating." > $nologin |
---|
| 140 | fi |
---|
| 141 | |
---|
[11336] | 142 | # Usage: nuke directoryname |
---|
| 143 | # Do the equivalent of rm -rf directoryname/*, except using saferm. |
---|
| 144 | nuke() |
---|
| 145 | { |
---|
| 146 | ( |
---|
| 147 | cd $1 |
---|
| 148 | if [ $? -eq 0 ]; then |
---|
| 149 | find * ! -type d -exec saferm {} \; |
---|
| 150 | find * -depth -type d -exec rmdir {} \; |
---|
| 151 | fi |
---|
| 152 | ) |
---|
| 153 | } |
---|
| 154 | |
---|
[19729] | 155 | # Begin section for actions to be performed in all cases, including |
---|
| 156 | # for a private machine during prelogin. |
---|
| 157 | |
---|
| 158 | # Remove any mozilla component and chrome registries, created if |
---|
| 159 | # mozilla is run as root. The resulting component registry may |
---|
| 160 | # be corrupted, preventing mozilla from starting subsequently. |
---|
| 161 | # See http://bugzilla.mozilla.org/show_bug.cgi?id=197516 |
---|
| 162 | rm -rf /usr/athena/lib/mozilla/components/compreg.dat |
---|
| 163 | rm -rf /usr/athena/lib/mozilla/components/xpti.dat |
---|
| 164 | rm -rf /usr/athena/lib/mozilla/chrome/chrome.rdf |
---|
| 165 | rm -rf /usr/athena/lib/mozilla/chrome/overlayinfo |
---|
| 166 | |
---|
| 167 | # End section for actions to be performed in all cases. |
---|
| 168 | |
---|
| 169 | if [ "$PUBLIC" = false -a "$full" = false ]; then |
---|
| 170 | exit 0 |
---|
| 171 | fi |
---|
| 172 | |
---|
[15091] | 173 | if [ -f /var/athena/clusterinfo.bsh ] ; then |
---|
| 174 | . /var/athena/clusterinfo.bsh |
---|
| 175 | fi |
---|
[4333] | 176 | |
---|
[15992] | 177 | # Determine where the config files live |
---|
[16700] | 178 | THISVERS=`awk '{a=$5} END{print a}' /etc/athena/version` |
---|
[15354] | 179 | if [ "$HOSTTYPE" = linux -a -n "$SYSPREFIX" ]; then |
---|
[15091] | 180 | config=$SYSPREFIX/config/$THISVERS |
---|
[20362] | 181 | pwconfig=$config/etc |
---|
[15091] | 182 | else |
---|
| 183 | config=/srvd |
---|
[20362] | 184 | pwconfig=/afs/athena.mit.edu/system/config/passwd/`machtype -S` |
---|
[15091] | 185 | fi |
---|
| 186 | |
---|
[15992] | 187 | # We don't want to detach all filesystems on every invocation, so |
---|
| 188 | # we keep a count file, and only detach all every tenth invocation, |
---|
| 189 | # or when the -detach option is specified. |
---|
| 190 | count=`cat $countfile 2>/dev/null` |
---|
| 191 | if [ -z "$count" ]; then |
---|
| 192 | count=0 |
---|
| 193 | fi |
---|
| 194 | if [ "$1" = -detach -o `expr $count % 10` -eq 0 ]; then |
---|
[10741] | 195 | dflags="" |
---|
| 196 | else |
---|
| 197 | dflags="-clean" |
---|
| 198 | fi |
---|
[5526] | 199 | |
---|
[15992] | 200 | if [ ! -t 0 ]; then |
---|
[4333] | 201 | quiet=-q |
---|
| 202 | else |
---|
[10741] | 203 | echo "Reactivating workstation..." |
---|
| 204 | quiet="" |
---|
[4333] | 205 | fi |
---|
| 206 | |
---|
| 207 | # Flush all NFS uid mappings |
---|
[4334] | 208 | /bin/athena/fsid $quiet -p -a |
---|
[4333] | 209 | |
---|
| 210 | # Tell the Zephyr hostmanager to reset state |
---|
[10741] | 211 | if [ -f /var/athena/zhm.pid -a "$ZCLIENT" = true ] ; then |
---|
[9804] | 212 | /bin/kill -HUP `/bin/cat /var/athena/zhm.pid` |
---|
[4333] | 213 | fi |
---|
| 214 | |
---|
[11336] | 215 | # Zero any ticket files in /tmp that may have escaped other methods |
---|
| 216 | # of destruction, before we clear /tmp. We must cd there since saferm |
---|
| 217 | # will not follow symbolic links. |
---|
| 218 | (cd /tmp; saferm -z tkt* krb5cc*) > /dev/null 2>&1 |
---|
[7503] | 219 | |
---|
[16330] | 220 | # Clean up occasional leavings of emacs and esd. |
---|
| 221 | rm -rf /var/tmp/!!!SuperLock!!! /tmp/.esd |
---|
[12067] | 222 | |
---|
[16414] | 223 | # Remove utmp and wtmp so Solaris doesn't complain. |
---|
| 224 | if [ sun4 = "$HOSTTYPE" ]; then |
---|
| 225 | rm -rf /var/adm/utmp /var/adm/wtmp |
---|
| 226 | fi |
---|
| 227 | |
---|
[16610] | 228 | # Clean up socket files left by sawfish. |
---|
| 229 | rm -rf /tmp/.sawfish-* |
---|
| 230 | |
---|
[19157] | 231 | # Clean up per-session temporary directories. |
---|
| 232 | rm -rf /tmp/session-* |
---|
| 233 | |
---|
[10741] | 234 | if [ "$full" = true ]; then |
---|
| 235 | # Clean temporary areas (including temporary home directories) |
---|
[15992] | 236 | if [ "$PUBLIC" = true ]; then |
---|
| 237 | if [ sun4 = "$HOSTTYPE" -a -f /tmp/ps_data ]; then |
---|
| 238 | cp -p /tmp/ps_data /var/athena/ps_data |
---|
| 239 | nuke /tmp > /dev/null 2>&1 |
---|
| 240 | cp -p /var/athena/ps_data /tmp/ps_data |
---|
| 241 | rm -f /var/athena/ps_data |
---|
| 242 | else |
---|
| 243 | nuke /tmp > /dev/null 2>&1 |
---|
| 244 | fi |
---|
[14869] | 245 | fi |
---|
[11336] | 246 | nuke /var/athena/tmphomedir > /dev/null 2>&1 |
---|
[10741] | 247 | fi |
---|
[6662] | 248 | |
---|
[18029] | 249 | # Copy in a few config files |
---|
[10741] | 250 | if [ "$PUBLIC" = true ]; then |
---|
[20362] | 251 | if [ -d $pwconfig ]; then |
---|
| 252 | syncupdate -c /etc/passwd.local.new $pwconfig/passwd \ |
---|
[14206] | 253 | /etc/passwd.local |
---|
[20362] | 254 | syncupdate -c /etc/shadow.local.new $pwconfig/shadow \ |
---|
[14206] | 255 | /etc/shadow.local |
---|
[20362] | 256 | syncupdate -c /etc/group.local.new $pwconfig/group \ |
---|
[15992] | 257 | /etc/group.local |
---|
[20362] | 258 | fi |
---|
| 259 | if [ -d $config ]; then |
---|
[22066] | 260 | cp $config/etc/athena/athinfo.access /etc/athena |
---|
| 261 | cp $config/etc/athena/local-lockers.conf /etc/athena |
---|
[14592] | 262 | fi |
---|
[13152] | 263 | rm -rf /etc/athena/access >/dev/null 2>&1 |
---|
[8380] | 264 | fi |
---|
| 265 | |
---|
[5526] | 266 | # Restore password and group files |
---|
[13645] | 267 | if [ -s /etc/passwd.local ] ; then |
---|
[14206] | 268 | syncupdate -c /etc/passwd.new /etc/passwd.local /etc/passwd |
---|
[10741] | 269 | fi |
---|
[13645] | 270 | if [ -s /etc/shadow.local ] ; then |
---|
[14206] | 271 | syncupdate -c /etc/shadow.new /etc/shadow.local /etc/shadow |
---|
[10741] | 272 | fi |
---|
[13645] | 273 | if [ -s /etc/group.local ] ; then |
---|
[14206] | 274 | syncupdate -c /etc/group.new /etc/group.local /etc/group |
---|
[10741] | 275 | fi |
---|
[5355] | 276 | |
---|
[10741] | 277 | if [ "$full" = true ]; then |
---|
| 278 | # Reconfigure AFS state |
---|
| 279 | if [ "$AFSCLIENT" != "false" ]; then |
---|
| 280 | /etc/athena/config_afs > /dev/null 2>&1 & |
---|
| 281 | fi |
---|
[16383] | 282 | # If the encrypt file doesn't exist, disable AFS encryption. |
---|
[17192] | 283 | # Don't do this on Irix because we're not running OpenAFS there. |
---|
| 284 | if [ sgi != "$HOSTTYPE" ]; then |
---|
[16383] | 285 | if [ -f $afsconfig/encrypt ]; then |
---|
| 286 | /bin/athena/fs setcrypt on |
---|
| 287 | else |
---|
| 288 | /bin/athena/fs setcrypt off |
---|
| 289 | fi |
---|
| 290 | fi |
---|
[4333] | 291 | fi |
---|
| 292 | |
---|
[10741] | 293 | # Punt any processes owned by users not in /etc/passwd. |
---|
[4333] | 294 | /etc/athena/cleanup -passwd |
---|
| 295 | |
---|
[10741] | 296 | if [ "$full" = true ]; then |
---|
[10876] | 297 | # Remove session files. |
---|
| 298 | for i in /var/athena/sessions/*; do |
---|
| 299 | # Sanity check. |
---|
| 300 | if [ -s $i ]; then |
---|
| 301 | logger -p user.notice "Non-empty session record $i" |
---|
| 302 | fi |
---|
| 303 | rm -f $i |
---|
[11057] | 304 | done |
---|
[10876] | 305 | |
---|
[10741] | 306 | # Detach all remote filesystems |
---|
| 307 | /bin/athena/detach -O -h -n $quiet $dflags -a |
---|
[4333] | 308 | |
---|
[10741] | 309 | # Now start activate again |
---|
| 310 | /etc/athena/save_cluster_info |
---|
[4333] | 311 | |
---|
[10741] | 312 | if [ -f /var/athena/clusterinfo.bsh ] ; then |
---|
| 313 | . /var/athena/clusterinfo.bsh |
---|
[22075] | 314 | # Set up /etc/noroot as appropriate. |
---|
| 315 | if [ -n "$CLUSTER" ]; then |
---|
| 316 | touch /var/athena/iscluster |
---|
| 317 | echo "Use su to gain root access to cluster machines" \ |
---|
| 318 | "or quickstations." > /etc/noroot |
---|
| 319 | chmod 644 /var/athena/iscluster /etc/noroot |
---|
| 320 | else |
---|
| 321 | rm -f /var/athena/iscluster /etc/noroot |
---|
| 322 | fi |
---|
[10741] | 323 | elif [ "$RVDCLIENT" = true ]; then |
---|
| 324 | echo "Can't determine system packs location." |
---|
[4333] | 325 | exit 1 |
---|
| 326 | fi |
---|
| 327 | |
---|
[10741] | 328 | if [ "$RVDCLIENT" = true ]; then |
---|
[14213] | 329 | /bin/athena/attach $quiet -h -n -O $SYSLIB |
---|
[10741] | 330 | fi |
---|
[4333] | 331 | |
---|
[10741] | 332 | # Perform an update if appropriate |
---|
[14259] | 333 | update_ws -a reactivate |
---|
[8529] | 334 | |
---|
[10741] | 335 | if [ "$PUBLIC" = true -a -f /srvd/.rvdinfo ]; then |
---|
| 336 | NEWVERS=`awk '{a=$5} END{print a}' /srvd/.rvdinfo` |
---|
| 337 | if [ "$NEWVERS" = "$THISVERS" ]; then |
---|
[16623] | 338 | case "$HOSTTYPE" in |
---|
| 339 | sun4) |
---|
[20426] | 340 | /srvd/usr/athena/etc/verify-pkgs |
---|
[16623] | 341 | ;; |
---|
| 342 | *) |
---|
| 343 | /usr/athena/etc/track -q |
---|
| 344 | ;; |
---|
| 345 | esac |
---|
[10741] | 346 | cf=`cat /srvd/usr/athena/lib/update/configfiles` |
---|
| 347 | for i in $cf; do |
---|
| 348 | if [ -f /srvd$i ]; then |
---|
[14206] | 349 | src=/srvd$i |
---|
[10741] | 350 | else |
---|
[14206] | 351 | src=/os$i |
---|
[10741] | 352 | fi |
---|
[14206] | 353 | syncupdate -c $i.new $src $i |
---|
[10741] | 354 | done |
---|
[10830] | 355 | ps -e | awk '$4=="inetd" {print $1}' | xargs kill -HUP |
---|
[10741] | 356 | fi |
---|
[14847] | 357 | fi |
---|
[16918] | 358 | fi |
---|
| 359 | |
---|
| 360 | if [ "$PUBLIC" = true ]; then |
---|
[17446] | 361 | rm -f /etc/athena/reactivate.local /etc/ssh_host_* /etc/ssh_random_seed |
---|
[16918] | 362 | if [ -r /var/athena/sshd.pid ]; then |
---|
| 363 | # public machines shouldn't be running an sshd |
---|
| 364 | kill `cat /var/athena/sshd.pid` |
---|
[10643] | 365 | fi |
---|
[17998] | 366 | rm -rf /etc/athena/orbitrc |
---|
[19157] | 367 | # Clean up Mozilla cache directories. |
---|
| 368 | rm -rf /var/tmp/Mozilla-* |
---|
[10643] | 369 | fi |
---|
[4334] | 370 | |
---|
[11401] | 371 | if [ "$ACCESSON" = true -a -f /usr/athena/bin/access_on ]; then |
---|
| 372 | /usr/athena/bin/access_on |
---|
| 373 | elif [ "$ACCESSON" != true -a -f /usr/athena/bin/access_off ]; then |
---|
[10741] | 374 | /usr/athena/bin/access_off |
---|
| 375 | fi |
---|
[4333] | 376 | |
---|
[10741] | 377 | if [ "$full" = true ]; then |
---|
| 378 | if [ -f /etc/athena/reactivate.local ]; then |
---|
| 379 | /etc/athena/reactivate.local |
---|
| 380 | fi |
---|
[15992] | 381 | # Update our invocation count. |
---|
| 382 | echo `expr $count + 1` > $countfile |
---|
[4333] | 383 | fi |
---|
| 384 | |
---|
| 385 | exit 0 |
---|