1 | #!/bin/sh |
---|
2 | # Script to bounce the packs on an Athena workstation |
---|
3 | # |
---|
4 | # $Id: reactivate.sh,v 1.79 2005-06-20 21:12:19 zacheiss Exp $ |
---|
5 | |
---|
6 | # Ignore various terminating signals. |
---|
7 | trap "" HUP INT QUIT PIPE ALRM TERM USR1 USR2 |
---|
8 | |
---|
9 | PATH=/bin:/etc/athena:/bin/athena:/usr/bin:/usr/sbin:/usr/ucb:/usr/bsd:/sbin; export PATH |
---|
10 | HOSTTYPE=`/bin/athena/machtype`; export HOSTTYPE |
---|
11 | |
---|
12 | pidfile=/var/athena/reactivate.pid |
---|
13 | countfile=/var/athena/reactivate.count |
---|
14 | nologin=/etc/nologin |
---|
15 | made_nologin=false |
---|
16 | afsconfig=/afs/athena.mit.edu/system/config/afs |
---|
17 | |
---|
18 | umask 22 |
---|
19 | . /etc/athena/rc.conf |
---|
20 | |
---|
21 | # Quit now if in the middle of an update. |
---|
22 | if [ -f /var/athena/update.running ]; then |
---|
23 | # In an update, quit now. |
---|
24 | echo "reactivate: This workstation is in the middle of an update." |
---|
25 | exit 1 |
---|
26 | fi |
---|
27 | |
---|
28 | if [ "$1" = -prelogin ]; then |
---|
29 | echo "Cleaning up..." >> /dev/console |
---|
30 | full=false |
---|
31 | else |
---|
32 | full=true |
---|
33 | fi |
---|
34 | |
---|
35 | # Quit now if another reactivate process is running. |
---|
36 | if [ -s $pidfile ]; then |
---|
37 | pid=`cat $pidfile 2>/dev/null` |
---|
38 | if [ -n "$pid" -a "$pid" -ne 0 ]; then |
---|
39 | kill -0 $pid 2>/dev/null |
---|
40 | if [ $? -eq 0 ]; then |
---|
41 | echo "Another reactivate process is running ($pid)." |
---|
42 | exit 0 |
---|
43 | fi |
---|
44 | fi |
---|
45 | fi |
---|
46 | |
---|
47 | echo $$ > $pidfile |
---|
48 | |
---|
49 | # Define a function to clean up at exit. |
---|
50 | # We want to ensure that we don't leave logins disabled. |
---|
51 | # This function also removes our pid file. |
---|
52 | # (Note that terminating signals are ignored, above). |
---|
53 | cleanexit() |
---|
54 | { |
---|
55 | if [ true = "${made_nologin}" ]; then |
---|
56 | rm -f $nologin |
---|
57 | fi |
---|
58 | rm -f $pidfile |
---|
59 | } |
---|
60 | |
---|
61 | trap cleanexit EXIT |
---|
62 | |
---|
63 | # See if anyone is logged in. We check for stale utmp entries, by |
---|
64 | # doing a kill -0 on the session leader's pid. |
---|
65 | # The Linux who does not give the pid, so we must use ps to figure |
---|
66 | # it out. |
---|
67 | if [ "$full" = true ]; then |
---|
68 | if [ linux = "$HOSTTYPE" ]; then |
---|
69 | pids= |
---|
70 | # Use w instead of who, since it ignores stale utmp entries. |
---|
71 | for tty in `w -h -s | awk '{ print $2; }'` ; do |
---|
72 | pids="$pids `ps --no-heading -j -t $tty 2>/dev/null | \ |
---|
73 | awk '($1 == $3) { print $1; }'`" |
---|
74 | done |
---|
75 | else |
---|
76 | pids=`who -u | awk '{ print $7; }'` |
---|
77 | fi |
---|
78 | |
---|
79 | # If any session leader pid is current, quit now. Ignore dm |
---|
80 | # (which is the session leader on the console tty), in case of |
---|
81 | # a stale utmp entry from a console login. |
---|
82 | dmpid=`cat /var/athena/dm.pid 2>/dev/null` |
---|
83 | for pid in $pids ; do |
---|
84 | if [ "$pid" != "$dmpid" ]; then |
---|
85 | kill -0 $pid 2>/dev/null |
---|
86 | if [ $? -eq 0 ]; then |
---|
87 | rm -f $countfile |
---|
88 | exit 0 |
---|
89 | fi |
---|
90 | fi |
---|
91 | done |
---|
92 | |
---|
93 | # Also quit if there are screen processes running. |
---|
94 | if [ false = "$PUBLIC" ] && pgrep '^screen' > /dev/null; then |
---|
95 | exit 0 |
---|
96 | fi |
---|
97 | |
---|
98 | # Check for valid Athena session records; these get created for |
---|
99 | # remote shells, etc., which may not have an associated utmp entry. |
---|
100 | # Quit if any are found. |
---|
101 | |
---|
102 | # We need to use nawk on Solaris in parsing the sessions file below. |
---|
103 | case "$HOSTTYPE" in |
---|
104 | sun4) |
---|
105 | awk=nawk |
---|
106 | ;; |
---|
107 | *) |
---|
108 | awk=awk |
---|
109 | ;; |
---|
110 | esac |
---|
111 | |
---|
112 | for i in /var/athena/sessions/* ; do |
---|
113 | if [ -s $i ]; then |
---|
114 | for pid in ` \ |
---|
115 | $awk -F : ' \ |
---|
116 | FNR == 5 \ |
---|
117 | { \ |
---|
118 | for (i = 1; i <= NF; i++) \ |
---|
119 | if (int($i) != 0) \ |
---|
120 | print $i; \ |
---|
121 | }' $i` ; do |
---|
122 | kill -0 $pid 2>/dev/null |
---|
123 | if [ $? -eq 0 ]; then |
---|
124 | rm -f $countfile |
---|
125 | exit 0 |
---|
126 | fi |
---|
127 | done |
---|
128 | fi |
---|
129 | done |
---|
130 | |
---|
131 | local-menus |
---|
132 | fi |
---|
133 | |
---|
134 | # There are no current logins or sessions, so proceed. We disable |
---|
135 | # logins for the duration, by creating /etc/nologin, unless it |
---|
136 | # already exists. |
---|
137 | if [ ! -f $nologin ]; then |
---|
138 | made_nologin=true |
---|
139 | echo "Workstation is reactivating." > $nologin |
---|
140 | fi |
---|
141 | |
---|
142 | # Usage: nuke directoryname |
---|
143 | # Do the equivalent of rm -rf directoryname/*, except using saferm. |
---|
144 | nuke() |
---|
145 | { |
---|
146 | ( |
---|
147 | cd $1 |
---|
148 | if [ $? -eq 0 ]; then |
---|
149 | find * ! -type d -exec saferm {} \; |
---|
150 | find * -depth -type d -exec rmdir {} \; |
---|
151 | fi |
---|
152 | ) |
---|
153 | } |
---|
154 | |
---|
155 | # Begin section for actions to be performed in all cases, including |
---|
156 | # for a private machine during prelogin. |
---|
157 | |
---|
158 | # Remove any mozilla component and chrome registries, created if |
---|
159 | # mozilla is run as root. The resulting component registry may |
---|
160 | # be corrupted, preventing mozilla from starting subsequently. |
---|
161 | # See http://bugzilla.mozilla.org/show_bug.cgi?id=197516 |
---|
162 | rm -rf /usr/athena/lib/mozilla/components/compreg.dat |
---|
163 | rm -rf /usr/athena/lib/mozilla/components/xpti.dat |
---|
164 | rm -rf /usr/athena/lib/mozilla/chrome/chrome.rdf |
---|
165 | rm -rf /usr/athena/lib/mozilla/chrome/overlayinfo |
---|
166 | |
---|
167 | # End section for actions to be performed in all cases. |
---|
168 | |
---|
169 | if [ "$PUBLIC" = false -a "$full" = false ]; then |
---|
170 | exit 0 |
---|
171 | fi |
---|
172 | |
---|
173 | if [ -f /var/athena/clusterinfo.bsh ] ; then |
---|
174 | . /var/athena/clusterinfo.bsh |
---|
175 | fi |
---|
176 | |
---|
177 | # Determine where the config files live |
---|
178 | THISVERS=`awk '{a=$5} END{print a}' /etc/athena/version` |
---|
179 | if [ "$HOSTTYPE" = linux -a -n "$SYSPREFIX" ]; then |
---|
180 | config=$SYSPREFIX/config/$THISVERS |
---|
181 | pwconfig=$config/etc |
---|
182 | else |
---|
183 | config=/srvd |
---|
184 | pwconfig=/afs/athena.mit.edu/system/config/passwd/`machtype -S` |
---|
185 | fi |
---|
186 | |
---|
187 | # We don't want to detach all filesystems on every invocation, so |
---|
188 | # we keep a count file, and only detach all every tenth invocation, |
---|
189 | # or when the -detach option is specified. |
---|
190 | count=`cat $countfile 2>/dev/null` |
---|
191 | if [ -z "$count" ]; then |
---|
192 | count=0 |
---|
193 | fi |
---|
194 | if [ "$1" = -detach -o `expr $count % 10` -eq 0 ]; then |
---|
195 | dflags="" |
---|
196 | else |
---|
197 | dflags="-clean" |
---|
198 | fi |
---|
199 | |
---|
200 | if [ ! -t 0 ]; then |
---|
201 | quiet=-q |
---|
202 | else |
---|
203 | echo "Reactivating workstation..." |
---|
204 | quiet="" |
---|
205 | fi |
---|
206 | |
---|
207 | # Flush all NFS uid mappings |
---|
208 | /bin/athena/fsid $quiet -p -a |
---|
209 | |
---|
210 | # Tell the Zephyr hostmanager to reset state |
---|
211 | if [ -f /var/athena/zhm.pid -a "$ZCLIENT" = true ] ; then |
---|
212 | /bin/kill -HUP `/bin/cat /var/athena/zhm.pid` |
---|
213 | fi |
---|
214 | |
---|
215 | # Zero any ticket files in /tmp that may have escaped other methods |
---|
216 | # of destruction, before we clear /tmp. We must cd there since saferm |
---|
217 | # will not follow symbolic links. |
---|
218 | (cd /tmp; saferm -z tkt* krb5cc*) > /dev/null 2>&1 |
---|
219 | |
---|
220 | # Clean up occasional leavings of emacs and esd. |
---|
221 | rm -rf /var/tmp/!!!SuperLock!!! /tmp/.esd |
---|
222 | |
---|
223 | # Remove utmp and wtmp so Solaris doesn't complain. |
---|
224 | if [ sun4 = "$HOSTTYPE" ]; then |
---|
225 | rm -rf /var/adm/utmp /var/adm/wtmp |
---|
226 | fi |
---|
227 | |
---|
228 | # Clean up socket files left by sawfish. |
---|
229 | rm -rf /tmp/.sawfish-* |
---|
230 | |
---|
231 | # Clean up per-session temporary directories. |
---|
232 | rm -rf /tmp/session-* |
---|
233 | |
---|
234 | if [ "$full" = true ]; then |
---|
235 | # Clean temporary areas (including temporary home directories) |
---|
236 | if [ "$PUBLIC" = true ]; then |
---|
237 | if [ sun4 = "$HOSTTYPE" -a -f /tmp/ps_data ]; then |
---|
238 | cp -p /tmp/ps_data /var/athena/ps_data |
---|
239 | nuke /tmp > /dev/null 2>&1 |
---|
240 | cp -p /var/athena/ps_data /tmp/ps_data |
---|
241 | rm -f /var/athena/ps_data |
---|
242 | else |
---|
243 | nuke /tmp > /dev/null 2>&1 |
---|
244 | fi |
---|
245 | fi |
---|
246 | nuke /var/athena/tmphomedir > /dev/null 2>&1 |
---|
247 | fi |
---|
248 | |
---|
249 | # Copy in a few config files |
---|
250 | if [ "$PUBLIC" = true ]; then |
---|
251 | if [ -d $pwconfig ]; then |
---|
252 | syncupdate -c /etc/passwd.local.new $pwconfig/passwd \ |
---|
253 | /etc/passwd.local |
---|
254 | syncupdate -c /etc/shadow.local.new $pwconfig/shadow \ |
---|
255 | /etc/shadow.local |
---|
256 | syncupdate -c /etc/group.local.new $pwconfig/group \ |
---|
257 | /etc/group.local |
---|
258 | fi |
---|
259 | if [ -d $config ]; then |
---|
260 | cp $config/etc/athena/athinfo.access /etc/athena |
---|
261 | cp $config/etc/athena/local-lockers.conf /etc/athena |
---|
262 | fi |
---|
263 | rm -rf /etc/athena/access >/dev/null 2>&1 |
---|
264 | fi |
---|
265 | |
---|
266 | # Restore password and group files |
---|
267 | if [ -s /etc/passwd.local ] ; then |
---|
268 | syncupdate -c /etc/passwd.new /etc/passwd.local /etc/passwd |
---|
269 | fi |
---|
270 | if [ -s /etc/shadow.local ] ; then |
---|
271 | syncupdate -c /etc/shadow.new /etc/shadow.local /etc/shadow |
---|
272 | fi |
---|
273 | if [ -s /etc/group.local ] ; then |
---|
274 | syncupdate -c /etc/group.new /etc/group.local /etc/group |
---|
275 | fi |
---|
276 | |
---|
277 | if [ "$full" = true ]; then |
---|
278 | # Reconfigure AFS state |
---|
279 | if [ "$AFSCLIENT" != "false" ]; then |
---|
280 | /etc/athena/config_afs > /dev/null 2>&1 & |
---|
281 | fi |
---|
282 | # If the encrypt file doesn't exist, disable AFS encryption. |
---|
283 | # Don't do this on Irix because we're not running OpenAFS there. |
---|
284 | if [ sgi != "$HOSTTYPE" ]; then |
---|
285 | if [ -f $afsconfig/encrypt ]; then |
---|
286 | /bin/athena/fs setcrypt on |
---|
287 | else |
---|
288 | /bin/athena/fs setcrypt off |
---|
289 | fi |
---|
290 | fi |
---|
291 | fi |
---|
292 | |
---|
293 | # Punt any processes owned by users not in /etc/passwd. |
---|
294 | /etc/athena/cleanup -passwd |
---|
295 | |
---|
296 | if [ "$full" = true ]; then |
---|
297 | # Remove session files. |
---|
298 | for i in /var/athena/sessions/*; do |
---|
299 | # Sanity check. |
---|
300 | if [ -s $i ]; then |
---|
301 | logger -p user.notice "Non-empty session record $i" |
---|
302 | fi |
---|
303 | rm -f $i |
---|
304 | done |
---|
305 | |
---|
306 | # Detach all remote filesystems |
---|
307 | /bin/athena/detach -O -h -n $quiet $dflags -a |
---|
308 | |
---|
309 | # Now start activate again |
---|
310 | /etc/athena/save_cluster_info |
---|
311 | |
---|
312 | if [ -f /var/athena/clusterinfo.bsh ] ; then |
---|
313 | . /var/athena/clusterinfo.bsh |
---|
314 | elif [ "$RVDCLIENT" = true ]; then |
---|
315 | echo "Can't determine system packs location." |
---|
316 | exit 1 |
---|
317 | fi |
---|
318 | |
---|
319 | if [ "$RVDCLIENT" = true ]; then |
---|
320 | /bin/athena/attach $quiet -h -n -O $SYSLIB |
---|
321 | fi |
---|
322 | |
---|
323 | # Perform an update if appropriate |
---|
324 | update_ws -a reactivate |
---|
325 | |
---|
326 | if [ "$PUBLIC" = true -a -f /srvd/.rvdinfo ]; then |
---|
327 | NEWVERS=`awk '{a=$5} END{print a}' /srvd/.rvdinfo` |
---|
328 | if [ "$NEWVERS" = "$THISVERS" ]; then |
---|
329 | case "$HOSTTYPE" in |
---|
330 | sun4) |
---|
331 | /srvd/usr/athena/etc/verify-pkgs |
---|
332 | ;; |
---|
333 | *) |
---|
334 | /usr/athena/etc/track -q |
---|
335 | ;; |
---|
336 | esac |
---|
337 | cf=`cat /srvd/usr/athena/lib/update/configfiles` |
---|
338 | for i in $cf; do |
---|
339 | if [ -f /srvd$i ]; then |
---|
340 | src=/srvd$i |
---|
341 | else |
---|
342 | src=/os$i |
---|
343 | fi |
---|
344 | syncupdate -c $i.new $src $i |
---|
345 | done |
---|
346 | ps -e | awk '$4=="inetd" {print $1}' | xargs kill -HUP |
---|
347 | fi |
---|
348 | fi |
---|
349 | fi |
---|
350 | |
---|
351 | if [ "$PUBLIC" = true ]; then |
---|
352 | rm -f /etc/athena/reactivate.local /etc/ssh_host_* /etc/ssh_random_seed |
---|
353 | if [ -r /var/athena/sshd.pid ]; then |
---|
354 | # public machines shouldn't be running an sshd |
---|
355 | kill `cat /var/athena/sshd.pid` |
---|
356 | fi |
---|
357 | rm -rf /etc/athena/orbitrc |
---|
358 | # Clean up Mozilla cache directories. |
---|
359 | rm -rf /var/tmp/Mozilla-* |
---|
360 | fi |
---|
361 | |
---|
362 | if [ "$ACCESSON" = true -a -f /usr/athena/bin/access_on ]; then |
---|
363 | /usr/athena/bin/access_on |
---|
364 | elif [ "$ACCESSON" != true -a -f /usr/athena/bin/access_off ]; then |
---|
365 | /usr/athena/bin/access_off |
---|
366 | fi |
---|
367 | |
---|
368 | if [ "$full" = true ]; then |
---|
369 | if [ -f /etc/athena/reactivate.local ]; then |
---|
370 | /etc/athena/reactivate.local |
---|
371 | fi |
---|
372 | # Update our invocation count. |
---|
373 | echo `expr $count + 1` > $countfile |
---|
374 | fi |
---|
375 | |
---|
376 | exit 0 |
---|