====== Auto-Lock X11 ======
===== Urls =====
* [[http://john.nachtimwald.com/2010/07/25/yubikey-auto-lock-in-gnome/]]
* [[http://thomas.duboucher.free.fr/index.php?post/2011/04/Utilisation-avanc%C3%A9e-d-une-Yubikey-sous-Linux-%28Partie-I%29]]
Il faut coupler cela aux scripts plus bas... (source a redefinir !!!)
===== Scripts =====
==== Lock ====
adlp@wurzel:/usr/local/bin$ cat gnome-screensaver-lock
#!/bin/sh
getXuser() {
user=`finger| grep -m1 ":$displaynum " | awk '{print $1}'`
if [ x"$user" = x"" ]; then
user=`finger| grep -m1 ":$displaynum" | awk '{print $1}'`
fi
if [ x"$user" != x"" ]; then
userhome=`getent passwd $user | cut -d: -f6`
export XAUTHORITY=$userhome/.Xauthority
else
export XAUTHORITY=""
fi
}
for x in /tmp/.X11-unix/*; do
displaynum=`echo $x | sed s#/tmp/.X11-unix/X##`
getXuser
if [ x"$XAUTHORITY" != x"" ]; then
# extract current state
export DISPLAY=":$displaynum"
fi
done
logger "YubiKey Removed - Locking Workstation"
su $user -c "/usr/bin/gnome-screensaver-command --lock"
==== Unlock ====
adlp@wurzel:/usr/local/bin$ cat gnome-screensaver-unlock
#!/bin/sh
getXuser() {
user=`finger| grep -m1 ":$displaynum " | awk '{print $1}'`
if [ x"$user" = x"" ]; then
user=`finger| grep -m1 ":$displaynum" | awk '{print $1}'`
fi
if [ x"$user" != x"" ]; then
userhome=`getent passwd $user | cut -d: -f6`
export XAUTHORITY=$userhome/.Xauthority
else
export XAUTHORITY=""
fi
}
for x in /tmp/.X11-unix/*; do
displaynum=`echo $x | sed s#/tmp/.X11-unix/X##`
getXuser
if [ x"$XAUTHORITY" != x"" ]; then
# extract current state
export DISPLAY=":$displaynum"
fi
done
logger "YubiKey Inserted - Unlocking Workstation"
su $user -c "/usr/bin/gnome-screensaver-command --poke"
adlp@wurzel:/usr/local/bin$
===== Action! =====
adlp@wurzel:/usr/local/bin$ cat /etc/udev/rules.d/85-yubikey.rules
ACTION=="remove", ENV{ID_VENDOR}=="Yubico", RUN+="/usr/local/bin/gnome-screensaver-lock"
ACTION=="add", ENV{ID_VENDOR}=="Yubico", RUN+="/usr/local/bin/gnome-screensaver-unlock"