-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathproxy-setup.sh
executable file
·436 lines (369 loc) · 11.9 KB
/
proxy-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
#!/bin/bash
#
# Automation script to setup a Debian/Ubuntu style Linux host to work as
# expected over the Globocorp proxies.
#
# This script is minimally tested. Your bugfixes/contributions are very
# welcome!!
#
# 6/9/2012
# Jameson Williams <jameson@jamesonwilliams.com>
#
#
# Default val, to be overwritten by $0
program_name="proxy-setup"
#
# Settings specific to Globocorp, inc.
readonly globocorp_domain="globocorp.com"
readonly globocorp_proxy_host="proxy.${globocorp_domain}"
readonly globocorp_autoproxy_host="autoproxy.${globocorp_domain}"
# Used for Network Manager to test if we are on the LAN.
readonly globocorp_internal_host="internal-only.${globocorp_domain}"
readonly globocorp_proxy_port="80"
readonly globocorp_socks_port="1080"
#
# For autoproxy
readonly nm_hook_script='/etc/NetworkManager/dispatcher.d/99autoproxy'
#
# Location of system-wide configuration files and scripts.
readonly apt_conf_system="/etc/apt/apt.conf"
readonly ssh_conf_system="/etc/ssh/ssh_config"
readonly svn_conf_system="/etc/subversion/servers"
readonly shell_conf_system="/etc/environment"
readonly socks_gateway_script_system="/usr/local/bin/socks-gateway"
readonly tsocks_conf_system="/etc/tsocks.conf"
readonly sudoers_file="/etc/sudoers"
#
# Locations of per-user configuration files and scripts.
readonly apt_conf_user="$HOME/.aptitude/config"
readonly shell_conf_user="$HOME/.bashrc"
readonly socks_gateway_script_user="$HOME/bin/socks-gateway"
readonly ssh_conf_user="$HOME/.ssh/config"
readonly svn_conf_user="$HOME/.subversion/servers"
readonly tsocks_conf_user="$HOME/.tsocks.conf"
readonly tsocks_wrapper_script="$HOME/bin/tsocks"
#
# Default values for config files.
apt_conf="$apt_conf_system"
tsocks_conf="$tsocks_conf_system"
ssh_conf="$ssh_conf_system"
svn_conf="$svn_conf_system"
shell_conf="$shell_conf_system"
socks_gateway_script="$socks_gateway_script_system"
tsocks_conf="$tsocks_conf_system"
#
# Default values for the command line options.
config_dynamic=1
config_proxy_host="$globocorp_proxy_host"
config_static=0
config_system=1
config_user=0
config_verbose=0
function usage() {
cat >&2 <<- EOF
Globocorp Proxy Setup Script
Usage: $program_name [OPTION]...
--static Assume system is always on Intarnet. Default is
to configure for a system that may move on/off the Intranet.
--user Configure proxy settings only for the current
user. Default is to configure settings
system-wide, which requires root access.
--proxy-host <proxy_host>
Use <proxy_host> as the static proxy. (Default is
$globocorp_proxy_host)
--help Display this usage message
--verbose Show verbose output about commands being run
Report bugs to Jameson Williams <jameson@jamesonwilliams.com>
EOF
}
function die() {
echo -e $@ >&2
echo >&2
usage
exit 1
}
function setup_autoproxy() {
if [ $config_static -eq 1 ]; then
echo "Won't configure autoproxy toggle in static mode."
return
fi
if [ $config_user -eq 1 ]; then
echo "Can't configure autoproxy toggle hook in user mode."
return
fi
if [ ! -d "$(dirname $nm_hook_script)" ]; then
echo "hm, no /etc/NetworkManager/dispatcher.d, so skipping autoproxy config."
return
fi
cat > "$nm_hook_script" <<- EOF
#!/bin/bash
#
# Globocorp Autoproxy Hook for NetworkManager
# Currently supports GNOME 2.x, 3.x.
#
# Jameson Williams <jameson@jamesonwilliams.com>
# Generated from ./proxy-setup.sh on $(date)
#
#
autoproxy="http://$globocorp_autoproxy_host"
mode='none'
ping -c 1 -w 1 -q $globocorp_internal_host &> /dev/null
if [ \$? -eq 0 ]; then
# Aha, were on the Intranet. So set for autoproxy.
mode='auto'
fi
# Get all the active GNOME sessions on the machine
sessions=\$(pgrep gnome-session)
if [ -z "\$sessions" ]; then
# There's no GNOME session running, not really an error, but we
# should probably bail.
exit 0
fi
for pid in \$sessions; do
#
# By default, assume the much simpler GNOME 3:
cmd_base="dbus-launch gsettings set org.gnome.system.proxy"
mode_cmd="\$cmd_base mode \$mode"
autoproxy_cmd="\$cmd_base autoconfig-url \$autoproxy"
#
# Determine the user who owns the GNOME session:
user=\$(stat --format "%U" /proc/\$pid/)
#
# Test to see if gsettings is installed. If it's not, then we're
# probably in GNOME 2.
test -x "\$(which gsettings)"
if [ \$? -eq 1 ]; then
#
# For GNOME 2, a bunch more work. Get the user's home dir, and
# then get a handle to the DBUS address of the running session.
home=\$(awk -F\: "/\$user/ { print \\\$6 }" /etc/passwd)
dbus_addr=\$(cat \$home/.dbus/session-bus/*-0 | \\
grep -v '\#' | \\
grep BUS_ADDRESS | \\
cut -d '=' -f 2-)
[ -z "\$dbus_addr" ] && continue;
dbus_base="DBUS_SESSION_BUS_ADDRESS=\"\$dbus_addr\""
cmd_base="\$dbus_base gconftool-2 --type string --set "
mode_cmd="\$cmd_base /system/proxy/mode \$mode"
autoproxy_cmd="\$cmd_base /system/proxy/autoconfig_url \$autoproxy"
fi
if [ "x\$EUID" = "x\$(id -u \$user)" ]; then
# If we're running as our own user, we can only fix our own session
# up.
#
# eval to get rid of some quotation funkiness.
eval \$mode_cmd
eval \$autoproxy_cmd
elif [ \$EUID -eq 0 ]; then
#
# OTOH, if we're running as root, we can su and fix all of the
# gnome-sessions.
su "\$user" -c "\$mode_cmd"
su "\$user" -c "\$autoproxy_cmd"
fi
done
exit 0
EOF
chmod ugo+x "$nm_hook_script"
# And fix our current vals now!
$nm_hook_script
}
function remove_vals_if_present() {
target=$1
shift
[ ! -f "$target" ] && return
while [ "$1x" != "x" ]; do
sed -i "/^$1.*/d" $target
shift
done
}
function setup_shell() {
remove_vals_if_present "$shell_conf" \
http_proxy https_proxy ftp_proxy \
socks_proxy no_proxy GIT_PROXY_COMMAND
cat >> "$shell_conf" <<- EOF
GIT_PROXY_COMMAND="$socks_gateway_script"
ftp_proxy="http://$config_proxy_host:$globalcorp_proxy_port"
http_proxy="http://$config_proxy_host:$globalcorp_proxy_port"
https_proxy="http://$config_proxy_host:$globalcorp_proxy_port"
no_proxy="$globocorp_domain,*.$globocorp_domain,10.0.0.0/8,192.168.0.0/16,127.0.0.0/8,localhost"
socks_proxy="http://$config_proxy_host:$globocorp_socks_port"
EOF
if [ $config_user -eq 1 ]; then
remove_vals_if_present "$shell_conf" 'export.*_proxy'
echo "export GIT_PROXY_COMMAND http_proxy https_proxy no_proxy socks_proxy ftp_proxy" >> "$shell_conf"
fi
}
function setup_socks_gateway() {
if [ ! -x "$(which nc.openbsd)" ]; then
if [ $config_user -eq 1 ]; then
die "No netcat-openbsd is installed."
else
apt-get install -y netcat-openbsd
fi
fi
mkdir -p $(dirname $socks_gateway_script) &>/dev/null
cat > "$socks_gateway_script" <<- EOF
#!/bin/bash
case \$1 in
*.$globocorp_domain|192.168.*|127.0.*|localhost|10.*)
METHOD="-X connect"
;;
*)
METHOD="-X 5 -x $config_proxy_host:$globocorp_socks_port"
;;
esac
/bin/nc.openbsd \$METHOD \$*
EOF
chmod ugo+x "$socks_gateway_script"
}
function setup_ssh() {
if [ ! -x "$(which ssh)" ]; then
echo "ssh not found, skipping config..."
return
fi
remove_vals_if_present "$ssh_conf" ProxyCommand
mkdir -p $(dirname "$ssh_conf") &>/dev/null
cat >> "$ssh_conf" <<- EOF
ProxyCommand $socks_gateway_script %h %p
EOF
}
function setup_svn() {
if [ ! -x "$(which svn)" ]; then
echo "svn not found, skipping config..."
return
fi
remove_vals_if_present "$svn_conf" \
store-plaintext-passwords \
http-proxy-exceptions \
http-proxy-host \
http-proxy-port
mkdir -p $(dirname "$svn_conf") &>/dev/null
cat >> "$svn_conf" <<- EOF
store-plaintext-passwords = no
http-proxy-exceptions = *.$globocorp_domain
http-proxy-host = $config_proxy_host
http-proxy-port = $globalcorp_proxy_port
EOF
}
function setup_sudo() {
if [ ! -x "$(which sudo)" ]; then
echo "sudo not found, skipping config..."
return
fi
remove_vals_if_present "$sudoers_file" \
'Defaults.*env_keep'
keeps="http_proxy https_proxy ftp_proxy no_proxy socks_proxy"
new_content="Defaults env_keep=\"$keeps\""
sed -i "/^Defaults.*env_reset$/ a\
$new_content
" $sudoers_file
}
function setup_apt() {
if [ ! -x "$(which apt-get)" ]; then
echo "apt-get not found, skipping config..."
return
fi
remove_vals_if_present "$apt_conf" \
'Acquire::http::Proxy'
cat >> "$apt_conf" <<- EOF
Acquire::http::Proxy "http://$config_proxy_host:$globalcorp_proxy_port";
EOF
}
function setup_tsocks() {
if [ ! -x "$(which tsocks)" ]; then
echo "tsocks not found, skipping config..."
return
fi
# tsocks doesn't work with hostnames, WTF. So get the IP for the spec'd hostname.
config_proxy_host_ip=$(host -t A $config_proxy_host | awk '/address / { print $NF }')
remove_vals_if_present "$tsocks_conf" \
"local" "server"
cat >> "$tsocks_conf" <<- EOF
local = 192.168.0.0/255.255.255.0
local = 134.134.0.0/255.255.0.0
local = 10.0.0.0/255.0.0.0
server = $config_proxy_host_ip
server_type = 5
server_port = $globocorp_socks_port
EOF
if [ $config_user -eq 1 ]; then
cat > "$tsocks_wrapper_script" <<- EOF
#!/bin/sh
TSOCKS_CONF_FILE=\$HOME/.tsocks.conf
export TSOCKS_CONF_FILE
exec /usr/bin/tsocks "\$@"
EOF
chmod ugo+x "$tsocks_wrapper_script"
fi
}
function main() {
program_name=$0
set -- $@
while [ "$1x" != "x" ]; do
case $1 in
--user)
config_user=1
config_system=0
shift
;;
--static)
config_static=1
config_dynamic=0
shift
;;
--verbose)
echo '--verbose flag is not implemented. Submit a patch?' >&2
config_verbose=1
shift
;;
--help)
usage
exit 0
;;
--proxy-host)
shift
[ -z "$1" ] && die "--proxy-host requires an option argument."
config_proxy_host="$1"
shift
;;
*)
die "Uknown argument: $1"
;;
esac
done
if [ $config_system -eq 1 -a $EUID -ne 0 ]; then
die "You need root privileges to set system-wide proxy settings.
\nEither re-run with sudo, or look at the --user option, if you
\ncan't get root access (not preffered.)"
fi
if [ $config_user -eq 1 ]; then
# Actually, use the user's config files.
apt_conf="$apt_conf_user"
tsocks_conf="$tsocks_conf_user"
ssh_conf="$ssh_conf_user"
svn_conf="$svn_conf_user"
shell_conf="$shell_conf_user"
socks_gateway_script="$socks_gateway_script_user"
tsocks_conf="$tsocks_conf_user"
fi
# Do basic settings
setup_autoproxy
setup_socks_gateway
setup_shell
# Setup a few particular programs
setup_ssh
setup_svn
setup_tsocks
# If we're doing a system config, we probably want to setup sudo, as
# well.
if [ $config_system -eq 1 ]; then
setup_sudo
fi
# If we're doing a static config, it's safe to hard code the apt
# proxy values.
if [ $config_static -eq 1 ]; then
setup_apt
fi
}
main $@