blob: 567b72391f52c163c25adbde14c85da20c6d5061 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
pre_install () {
BACKUP_DIR=/etc/forticlient/.old
FCT_CONFIG_DB=/etc/forticlient/config.db
FCT_CONFIG=/etc/forticlient/config.xml
EC_CONFIG=/opt/forticlient/XMLs/ecdata.xml
# Backup old XML configurations if they exist so they can
# be imported on start up if upgrading from an older FCT version
if [ -f $FCT_CONFIG_DB ] || [ -f $FCT_CONFIG ] || [ -f $EC_CONFIG ]; then
mkdir $BACKUP_DIR && chmod 0600 $BACKUP_DIR
else
exit 0
fi
if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG_DB ]; then
cp $FCT_CONFIG_DB $BACKUP_DIR
fi
if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $FCT_CONFIG ]; then
cp $FCT_CONFIG $BACKUP_DIR
fi
if [ -d $BACKUP_DIR ] && [ $(stat -c "%a" $BACKUP_DIR) -eq 600 ] && [ -f $EC_CONFIG ]; then
cp $EC_CONFIG $BACKUP_DIR
fi
exit 0
}
pre_upgrade () {
# Remove old symlink when upgrading from older versions
if [ -f /usr/bin/FortiClient ]; then
pkill -f /usr/bin/FortiClient
rm -rf /usr/bin/FortiClient
fi
}
post_install() {
# Remove older version directories and files when upgrading
if [ -d /usr/bin/forticlient ]; then
pkill -f /usr/bin/forticlient
rm -rf /usr/bin/forticlient
fi
# Remove old configuration files when upgrading from older versions
if [ -f /etc/forticlient/config.xml ]; then
rm -rf /etc/forticlient/config.xml
fi
if [ -f /etc/forticlient/config_backup.xml ]; then
rm -rf /etc/forticlient/config_backup.xml
fi
# Remove old pid lock
if [ -f /tmp/.forticlient/fortivpn.pid ]; then
rm -rf /tmp/.forticlient/fortivpn.pid
fi
if [ -f /etc/forticlient/servers.conf ]; then
chmod 600 /etc/forticlient/servers.conf
fi
# Create GUI symlink to launch from terminal
if [ -f /opt/forticlient/gui/FortiClient-linux-x64/FortiClient ]; then
ln -sf /opt/forticlient/gui/FortiClient-linux-x64/FortiClient /usr/bin/forticlient
fi
# Launch fortitray
if [ -f /opt/forticlient/fortitraylauncher ]; then
if [ ! -z "$(logname 2>/dev/null)" ]; then
user="$(logname 2>/dev/null)"
elif [ ! -z "$SUDO_USER" ]; then
user="$SUDO_USER"
else
user=$(users 2>/dev/null | cut -d ' ' -f1)
fi
# Need to find the user DBUS address, otherwise Fortitray icon won't show
DBUS_SESSION_BUS_ADDRESS=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DBUS_SESSION_BUS_ADDRESS=')
DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS#*=}
# XAUTHORITY and DISPLAY needed by Fortitray to run
XAUTHORITY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XAUTHORITY=')
XAUTHORITY=${XAUTHORITY#*=}
DISPLAY=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^DISPLAY=')
DISPLAY=${DISPLAY#*=}
XDG_RUNTIME_DIR=$(ps -u $(id -u $user) -o pid= | xargs -I{} cat /proc/{}/environ 2>/dev/null | tr '\0' '\n' 2>/dev/null | grep -m1 '^XDG_RUNTIME_DIR=')
XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR#*=}
# Start fortitraylauncher while forwarding environment variables needed by Fortitray
su ${user} -c "env XAUTHORITY=$XAUTHORITY \
DISPLAY=$DISPLAY \
DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS \
XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
setsid /opt/forticlient/fortitraylauncher &>/dev/null &"
fi
# Update icons cache so icon will show correctly
if [ -f /usr/share/icons/hicolor/48x48/apps/forticlient.png ]; then
gtk-update-icon-cache -f /usr/share/icons/hicolor || true
fi
# Setup forticlient protocol handler
if [ -f /usr/share/applications/forticlient-register.desktop ]; then
update-desktop-database
fi
}
post_upgrade() {
cat << EOF
==> After upgrade, to restore your config, copy old file from /etc/forticlient/.old/ to /etc/forticlient/
EOF
}
pre_remove() {
# Check if forticlient is registered to EMS if it's an uninstall
if [ -f /opt/forticlient/.fct_ec_registered ] && [ "$action" != "upgrade" ]; then
echo "Error: Unable to uninstall forticlient while connected to EMS"
exit 1
fi
# Stop fortitray
if [ -f /tmp/.forticlient/fortitraylauncher ]; then
echo "terminate" > /tmp/.forticlient/fortitraylauncher || true
fi
# Remove ZTNA browser certificates
if [ -f /usr/bin/certutil ]; then
find /home /root -regextype posix-extended \
-regex '(/home/[^/]*|/root)/(.pki/nssdb|.mozilla/firefox/[^/]*default(-release)?)' \
-maxdepth 5 -print0 2>/dev/null |
while IFS= read -r -d $'\0' p; do
/usr/bin/certutil -F -n FCT_ZTNA -d sql:"$p" 2>/dev/null || true;
/usr/bin/certutil -D -n FCT_ZTNA_CA -d sql:"$p" 2>/dev/null || true;
done
fi
pkill -f /opt/forticlient
exit 0
}
post_remove() {
# Remove shared memory
rm -rf /var/run/fctc.s || true
# Remove fortitraylauncher fifo
rm -rf /tmp/.forticlient/fortitraylauncher || true
}
|