CentOS 7 learn used grub entry

With the major changes introduced in CentOS 7 from CentOS 6 (systemd, grub2, and more), determining exactly which grub menu entry will be used at next boot is a little more difficult than before.

I wrote a quick script that calculates this for you: learn-used-grub-entry

#!/bin/sh
# File: learn-used-grub-entry
# Location: /usr/bin
# Author: bgstack15
# Startdate: 2019-01-28 11:27
# Title: Script that Determines Which Grub Entry Will be Used
# Purpose:
# Package: bgscripts
# History:
# Usage:
#    for RHEL7/grub2
# Reference:
#    original research
# Improve:

test -z "${LUGE_GRUB_CFG}" && LUGE_GRUB_CFG=/boot/grub2/grub.cfg
test -z "${LUGE_ETC_DEFAULT_GRUB}" && LUGE_ETC_DEFAULT_GRUB=/etc/default/grub
# use option LUGE_OUTPUT which is one of ["kernel","","initram"]

grub_saved_name="$( grub2-editenv - list | awk -F'=' '{print $NF}' )"
use_number="$( awk -F'=' '/^GRUB_DEFAULT/{print $NF}' "${LUGE_ETC_DEFAULT_GRUB}" )"

use_entry=""
# calculate true value
if test "$( echo "${use_number}" | tr '[[:upper:]]' '[[:lower:]]' )" = "saved" ;
then
   # it is the saved value (which is same as last used)
   use_entry="${grub_saved_name}"
else
   # calculate used name from number
   use_entry="$( grep -E -e '^menuentry' "${LUGE_GRUB_CFG}" | sed -r -n -e "$(( use_number + 1 ))p" )"
fi

# calculate which value to display or just display name
LUGE_grep=1
case "${LUGE_OUTPUT:-${1}}" in

   "num" | "number" )
      # just show the number
      unset LUGE_grep
      echo "${use_number}"
      ;;

   "kernel"|"vmlinuz" )
      # show kernel
      LUGE_regex="linux(16|32|64)"
      LUGE_awk_val='$2'
      ;;

   "initram" | "initrd" | "initramfs" )
      # show initram
      LUGE_regex="initrd|initram"
      LUGE_awk_val='$2'
      ;;

   *)
      # DEFAULT VALUE, so mistyped or not defined
      unset LUGE_grep
      echo "${use_entry}"
      ;;
esac

# show complicated value if necessary
if test -n "${LUGE_grep}" ;
then
   sed -n -r -e "/${use_entry}/,/^\s*\}/p" "${LUGE_GRUB_CFG}" | awk "/${LUGE_regex}/{print ${LUGE_awk_val}}"
fi

# exit cleanly
true

And an ansible playbook for myself:

---
# File: luge-tasks.yml
# Purpose: provides common tasks for displaying output from learn-used-grub-entry.sh
# Dependencies:
#    vars:
#       luge_script: '/etc/ansible/files/learn-used-grub-entry.sh'

- name: LUGE - learn lvm.conf filter
  shell: grep -E -e "^\s*(global_)?filter" {{ lvm_conf_file | default('/etc/lvm/lvm.conf') }} ; true
  args:
    warn: no
  changed_when: false
  register: lvm_conf

- name: LUGE - learn /boot value in fstab
  shell: grep -hE -e '\/boot' {{ etc_fstab_file | default('/etc/fstab') }} | grep -viE '^\s*(#|$)' ; true
  args:
    warn: no
  changed_when: false
  register: etc_fstab

- name: LUGE - learn grub menuentry to be used
  script: "{{ luge_script | default('/etc/ansible/files/learn-used-grub-entry.sh') }}"
  environment:
    LUGE_OUTPUT: name
  changed_when: false
  register: luge_menuentry

- name: LUGE - learn grub menuentry initram to be used
  script: "{{ luge_script | default('/etc/ansible/files/learn-used-grub-entry.sh') }}"
  environment:
    LUGE_OUTPUT: initram
  changed_when: false
  register: luge_initram

# this one will fail if the file does not exist
- name: LUGE - fail if selected initram is not valid initram file
  shell: lsinitrd "/boot{{ luge_initram.stdout_lines[0] }}" 1>/dev/null
  args:
    warn: no
  changed_when: false

- name: LUGE - capture raw info
  shell: echo "{{ item }}"
  loop:
  - "lvm.conf: {{ lvm_conf.stdout }}"
  - "fstab: {{ etc_fstab.stdout }}"
  - "menuentry: {{ luge_menuentry.stdout }}"
  - "initram: {{ luge_initram.stdout }}"
  register: stdout1
  changed_when: false

- name: LUGE - show useful info
  debug:
    msg: "{{ stdout1.results|map(attribute='stdout_lines')|flatten(levels=1) }}"

# info that is useful that is generated by the above statements
# - "{{ lvm_conf.stdout }}"
# - "{{ etc_fstab.stdout }}"
# - "{{ luge_menuentry.stdout }}"
# - "{{ luge_initram.stdout }}"

Run game in dosbox and make nice menu icon for it

When I want to play an old-school DOS game, I use the emulator DOSBox. I discovered that DOSBox has its own icon and uses its title in the window, and not the name of the game running inside. I now have a solution to change the icon and title that I want.

First of all, I make my .desktop file call my shell script.

$ cat ~/.local/share/applications/st25.desktop
[Desktop Entry]
Version=1.0
Name=Star Trek 25th Anniversary
Comment=1993 DOS computer game
Keywords=Game;Star Trek;
Exec=/usr/share/st25/st25.sh
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/usr/share/st25/st25.png
Categories=Game;AdventureGame;

The shell script calls dosbox with the custom batch file (from the olden days of non-free operating systems)

$ cat /usr/share/st25/st25.sh
#!/bin/sh
# Star Trek: 25th Anniversary game
GAMEDIR=/usr/share/st25
ICONFILE="${GAMEDIR}/st25.png"
cd "${GAMEDIR}"
dosbox ST25.BAT &
sleep 1
tid="$( xwininfo -root -children -all | grep -iE "dosbox.*STARTREK" | awk '{print $1}' )"
echo "modifying id ${tid}"
xseticon -id "${tid}" "${ICONFILE}"
xdotool set_window --name "STARTREK" "${tid}"
xdotool search --name "STARTREK" set_window --classname "STARTREK" --class "STARTREK" windowunmap windowmap

The above shell script is where the magic happens. The main emulator is executed and placed in the background. After a short delay, some X tools are used to find the specific application’s window ID.
A custom application named xseticon (available in my Fedora copr) written by Paul Evans is used to change the icon used by the window.
The more easily available xdotool (probably already bundled by your distro) can change the window name.
Additionally, xdotool can hide and re-show the window, to make the window manager and panel recognize the new icon and name!

And just for completeness’s sake, here is the batch file.

$ cat /usr/share/st25/ST25.BAT
REM ST25.BAT
REM Star Trek: 25th Anniversary game

MOUNT C /usr/share/st25
C:
STARTREK.EXE
exit

Conclusion

This is my preferred way to run a DOS-based application: desktop file, shell script, batch file. Yes, it spawns the extra process with the shell script, but I want to be able to call an application from the command line easily.

How do you make your DOS programs accessible to users on cli or the desktop?

References

For a complete list of Internet resources used to build this process, see my other post, X11 change application titlebar and icon in window manager panel.

Convert Local to AD Users

Project CLADU

CLADU stands for Convert Local to AD User.

When you want to take local accounts and remove them and have the AD user with the exact same name take its place, use cladu.

usage: cladu.sh [-duV] [-gr] [--ng] [--nr] user1 [ user2 user3 ... ]
version 2018-03-09a
-d debug Show debugging info, including parsed variables.
-u usage Show this usage block.
-V version Show script version number.
-g groups Add the AD user to the local groups of the local user. Default is to skip this action.
--ng Do not perform the -g action
-r report Generate report in each user homedir.
--nr Do not perform the -r action
Environment variables:
Parameters override environment variables
CLADU_USERINFO_SCRIPT=/usr/share/bgscripts/work/userinfo.sh
CLADU_USER_REPORT any non-null value will perform the -r action.
CLADU_USER_REPORT_FILENAME=converted.txt File to save report to in each homedir
CLADU_GROUPS any non-null value will perform the -g action.
Return values:
0 Normal
1 Help or version info displayed
2 Count or type of flaglessvals is incorrect
3 Incorrect OS type
4 Unable to find dependency
5 Not run as root or sudo

Go check out the entire source to look at the flow of the script.

Automated certreq for GNU/Linux

Last updated 2018-11-14

Background

Microsoft provides the certreq utility for its non-free operating system. This tool makes it easy to get certificates from the Microsoft sub-CA on your network.

GNU Linux hosts do not get that tool, so a viable alternative is to script the interaction with the website. My content in this post is shamelessly ripped from a StackOverflow post and beefed up.

In my research, I came across a question: “How to submit certificate request from red hat to windows ca“.

The solution

Dependencies

Certreq needs the framework.sh shell library available from my bgscripts package. At the very least, you need framework.sh, which you can place either in the same directory as certreq.sh or you can modify the framework lookup paths in the script to point to where you placed it.
This will solve the issue “certreq.sh: validateparams: not found.”

The script

I present my shell script, certreq.sh.
This shell script:

  • Generates CSR and submits it to the Microsoft Sub-CA.
  • Saves private key, public key (the certificate), and cert chain to a temporary directory
  • Removes the temp directory after 5 minutes automatically to remove the private key
  • Sends to standard out the file names and purposes, for consumption by automation tool, e.g., ansible

Code walkthrough

Instead of copying and pasting the whole code here, I will discuss only snippets.
Here is the usage block.

usage: certreq.sh [-dhV] [-u username] [-p password] [-w tempdir] [-t template] [--cn CN] [--ca ]
version ${certreqversion}
 -d debug   Show debugging info, including parsed variables.
 -h usage   Show this usage block.
 -V version Show script version number.
 -u username User to connect via ntlm to CA. Can be "username" or "domain\\username"
 -p password
 -w workdir  Temp directory to work in. Default is a (mktemp -d).
 -t template Template to request from CA. Default is "ConfigMgrLinuxClientCertificate"
 --cn        CN to request. Default is the \$( hostname -f )
 --ca        CA hostname or base URL. Example: ca2.example.com
Return values under 1000: A non-zero value is the sum of the items listed here:
 0 Everything worked
 1 Cert file is still a CSR
 2 Cert file is html, probably due to permissions/credentials issue
 4 Return code of curl statement that saves cert file is non-zero
 8 Cert file does not contain whole certificate
16 Cert does not contain an issuer
Return values above 1000:
1001 Help or version info displayed
1002 Count or type of flaglessvals is incorrect
1003 Incorrect OS type
1004 Unable to find dependency
1005 Not run as root or sudo

All the magic happens at line 239, the main loop. These blocks perform the different web requests, and are the real meat of this script.

Block GENERATE PRIVATE KEY makes the csr and saves in to the file that will eventually hold the cert.

   # GENERATE PRIVATE KEY
   openssl req -new -nodes \
      -out "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" \
      -keyout "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.key" \
      -subj "${CERTREQ_SUBJECT}"
   CERT="$( cat "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" | tr -d '\n\r' )"
   DATA="Mode=newreq&CertRequest=${CERT}&C&TargetStoreFlags=0&SaveCert=yes"
   CERT="$( echo ${CERT} | sed -e 's/+/%2B/g' | tr -s ' ' '+' )"
   CERTATTRIB="CertificateTemplate:${CERTREQ_TEMPLATE}"

SUBMIT CERTIFICATE SIGNING REQUEST submits the CSR to the website

   # SUBMIT CERTIFICATE SIGNING REQUEST
   OUTPUTLINK="$( curl -k -u "${CERTREQ_USER}:${CERTREQ_PASS}" --ntlm \
      "${CERTREQ_CA}/certsrv/certfnsh.asp" \
      -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
      -H 'Accept-Encoding: gzip, deflate' \
      -H 'Accept-Language: en-US,en;q=0.5' \
      -H 'Connection: keep-alive' \
      -H "Host: ${CERTREQ_CAHOST}" \
      -H "Referer: ${CERTREQ_CA}/certsrv/certrqxt.asp" \
      -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko' \
      -H 'Content-Type: application/x-www-form-urlencoded' \
      --data "Mode=newreq&CertRequest=${CERT}&CertAttrib=${CERTATTRIB}&TargetStoreFlags=0&SaveCert=yes&ThumbPrint=" | grep -A 1 'function handleGetCert() {' | tail -n 1 | cut -d '"' -f 2 )"
   CERTLINK="${CERTREQ_CA}/certsrv/${OUTPUTLINK}"

FETCH SIGNED CERTIFICATE downloads the cert that the previous page links to.

   # FETCH SIGNED CERTIFICATE
   curl -k -u "${CERTREQ_USER}:${CERTREQ_PASS}" --ntlm $CERTLINK \
      -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
      -H 'Accept-Encoding: gzip, deflate' \
      -H 'Accept-Language: en-US,en;q=0.5' \
      -H 'Connection: keep-alive' \
      -H "Host: ${CERTREQ_CAHOST}" \
      -H "Referer: ${CERTREQ_CA}/certsrv/certrqxt.asp" \
      -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko' \
      -H 'Content-Type: application/x-www-form-urlencoded' > "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt"
   finaloutput=$?

My additions to this secret sauce start with GET NUMBER OF CURRENT CA CERT. I needed the cert chain, so I automated fetching it from the server.
You have to find out how many different CA certs are being offered by this server, and then use the latest.

   # GET NUMBER OF CURRENT CA CERT
   RESPONSE="$( curl -s -k -u "${CERTREQ_USER}:${CERTREQ_PASS}" --ntlm \
      "${CERTREQ_CA}/certsrv/certcarc.asp" \
      -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
      -H 'Accept-Encoding: gzip, deflate' \
      -H 'Accept-Language: en-US,en;q=0.5' \
      -H 'Connection: keep-alive' \
      -H "Host: ${CERTREQ_CAHOST}" \
      -H "Referer: ${CERTREQ_CA}/certsrv/certrqxt.asp" \
      -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko' \
      -H 'Content-Type: application/x-www-form-urlencoded' )"
   CURRENTNUM="$( echo "${RESPONSE}" | grep -cE 'Option' )"

   # GET LATEST CA CERT CHAIN
   CURRENT_P7B="$( curl -s -k -u "${CERTREQ_USER}:${CERTREQ_PASS}" --ntlm \
      "${CERTREQ_CA}/certsrv/certnew.p7b?ReqID=CACert&Renewal=${CURRENTNUM}" \
      -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
      -H 'Accept-Encoding: gzip, deflate' \
      -H 'Accept-Language: en-US,en;q=0.5' \
      -H 'Connection: keep-alive' \
      -H "Host: ${CERTREQ_CAHOST}" \
      -H "Referer: ${CERTREQ_CA}/certsrv/certrqxt.asp" \
      -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko' \
      -H 'Content-Type: application/x-www-form-urlencoded' )"

   # CONVERT TO PEM
   echo "${CURRENT_P7B}" | openssl pkcs7 -print_certs -out "${CERTREQ_TEMPFILE}"

I like having the domain name in the filename, so this last part renames the cert chain.

   # RENAME TO PROPER FILENAME
   # will read only the first cert, so get domain of issuer of it.
   CA_DOMAIN="$( openssl x509 -in "${CERTREQ_TEMPFILE}" -noout -issuer 2>&1 | sed -r -e 's/^.*CN=[A-Za-z0-9]+\.//;' )"
   CHAIN_FILE="chain-${CA_DOMAIN}.crt"
   mv -f "${CERTREQ_TEMPFILE}" "${CERTREQ_WORKDIR}/${CHAIN_FILE}" 1>/dev/null 2>&1

The ansible role

I needed this task deployed to my whole environment, so I rolled it into an ansible role saved to gitlab and also added another feature, where it converts the generated cert files into a pcks12 (pfx) file for a specific application’s need.

References

Weblinks

  1. https://technet.microsoft.com/en-us/library/dn296456(v=ws.11).aspx
  2. https://serverfault.com/questions/538270/how-to-submit-certificate-request-from-red-hat-to-windows-ca
  3. https://stackoverflow.com/questions/31283476/submitting-base64-csr-to-a-microsoft-ca-via-curl/39722983#39722983
  4. https://gitlab.com/bgstack15/certreq/blob/master/files/certreq.sh
  5. https://gitlab.com/bgstack15/certreq
  6. Manipulating ssl certificates

Update yum repo with an easy script

Similar to how you can Build an apt repository on CentOS and update it with new packages with a simple script, you can do the same with a yum rpm repository.

cat <<'EOFUPDATE' > ./update-yumrepo.sh
#!/bin/sh

# working directory
repodir=/mnt/mirror/bgscripts/
cd ${repodir}
chmod 0644 *rpm 1>/dev/null 2>&1

# create the package index
createrepo .
EOFUPDATE
chmod u+x ./update-yumrepo.sh

Bash shell script that reads RDP files – updated

The story

last updated 2017-01-18

In my migration to linux, I wanted a shell script that can read the Microsoft rdp file format. I still need to connect to my Windows systems. There are multiple packages that can do the task of connecting (I went with xfreerdp), but none that can intrinsically read the rdp files that the mstsc tool can save. So, I wrote one.

I’m sure someday I will have a github or gitlab account for hosting my stuff. But for now, here’s some WordPress <pre> code for you.

You can find this rdp.sh script in my bgscripts package on github. Go check it out!

The RDP.sh script

#!/bin/sh
# Filename: RDP.sh
# Location:
# Author: bgstack15@gmail.com
# Startdate: 2016-02-08 11:55:31
# Title: Script that Opens RDP Connections Based on RDP Files
# Purpose:
# Package:
# History:
# Usage:
# Reference: ftemplate.sh 2016-02-02a; framework.sh 2016-02-02a
#   https://github.com/FreeRDP/FreeRDP/wiki/CommandLineInterface
# Improve:
#    Warning: Some systems don't like the clipboard sharing, including Hulk.
fiversion="2016-02-02a"
RDPversion="2016-02-08a"

usage() {
   less -F >&2 <<ENDUSAGE
usage: RDP.sh [-duV] [-i infile1]
version ${RDPversion}
 -d debug   Show debugging info, including parsed variables.
 -u usage   Show this usage block.
 -V version Show script version number.
 -i infile  Overrides default infile value. Default is none.
Return values:
0 Normal
1 Help or version info displayed
2 Count or type of flaglessvals is incorrect
3 Incorrect OS type
4 Unable to find dependency
5 Not run as root or sudo
ENDUSAGE
}

# DEFINE FUNCTIONS
function getscreensize {
   # call: getscreensize thisheight thiswidth
   # assigns W and H to the 2 variables sent to the function
   calledvar1=${1-thiswidth}
   calledvar2=${2-thisheight}
   thisfile=$(mktemp -u)
  
   # exact methods will differ depending on available packages and distros
   # Korora 22
   grep -qiE "(Fedora|Korora).*(22|23)" /etc/redhat-release 2>/dev/null && \
      xdpyinfo | grep -oiE "dimensions.*[0-9]{3,4}x[0-9]{3,4} pi" | tr -d '[A-Za-wyz ():]' | tr 'x' ' ' > ${thisfile}
   read myx myy < ${thisfile}
   eval "${calledvar1}=\${myx}"
   eval "${calledvar2}=\${myy}"
   rm -rf ${thisfile}
}

function getuser {
   # call: getuser "${userfile}" thisuser thispassword
   # read fstab credentials file "userfile" and place in strings thisuser and thispassword
   # Note: This gets user in domain\username format.

   calledvar1=${2-thisuser}
   calledvar2=${3-thispassword}

   [[ -n "$1" ]] && thisinfile="$1"
   if [[ -f "${thisinfile}" ]];
   then
      for word in $( fsudo grep -viE "^$|^#" "${thisinfile}" );
      do
         item="${word%%=*}"
         value="${word##*=}"
         case "${item}" in
            domain) usertemp="${value}\\${usertemp}";;
            username|user) usertemp="${usertemp}${value}";;
            password) passtemp="${value}";;
            *) [ ];; #other item is useless
         esac
      done
   else
      # not a valid file, so get username from environment
      domain=$( hostname -d )
      usertemp="${domain}\\$USER"
   fi

   eval "$calledvar1=\$usertemp"
   eval "$calledvar2=\$passtemp"

}

# DEFINE TRAPS

function clean_RDP {
   #rm -f $logfile >/dev/null 2>&1
   [ ] #use at end of entire script if you need to clean up tmpfiles
}

function CTRLC {
   #trap "CTRLC" 2
   [ ] #useful for controlling the ctrl+c keystroke
}

function CTRLZ {
   #trap "CTRLZ" 18
   [ ] #useful for controlling the ctrl+z keystroke
}

function parseFlag {
   flag=$1
   hasval=0
   case $flag in
      # INSERT FLAGS HERE
      "d" | "debug" | "DEBUG" | "dd" ) setdebug; ferror "debug level ${debug}";;
      "u" | "usage" | "help") usage; exit 1;;
      "V" | "fcheck" | "version") ferror "${scriptfile} version ${RDPversion}"; exit 1;;
      #"i" | "infile" | "inputfile") getval;infile1=$tempval;;
   esac
  
   debuglev 10 && { [[ hasval -eq 1 ]] && ferror "flag: $flag = $tempval" || ferror "flag: $flag"; }
}

# DETERMINE LOCATION OF FRAMEWORK
while read flocation; do if [[ -x $flocation ]] && [[ $( $flocation --fcheck ) -ge 20151123 ]]; then frameworkscript=$flocation; break; fi; done <<EOFLOCATIONS
./framework.sh
${scriptdir}/framework.sh
~/bin/bgscripts/framework.sh
~/bin/framework.sh
~/bgscripts/framework.sh
~/framework.sh
/usr/local/bin/bgscripts/framework.sh
/usr/local/bin/framework.sh
/usr/bin/bgscripts/framework.sh
/usr/bin/framework.sh
/usr/bgscripts/framework.sh
/usr/framework.sh
/bin/bgscripts/framework.sh
/bin/framework.sh
/mnt/scripts/bgscripts/framework.sh
EOFLOCATIONS
[[ -z "$frameworkscript" ]] && echo "$0: framework not found. Aborted." 1>&2 && exit 4

# REACT TO OPERATING SYSTEM TYPE
case $( uname -s ) in
   AIX) [ ];;
   Linux) [ ];;
   *) echo "$scriptfile: 3. Indeterminate OS: $( uname -s )" 1>&2 && exit 3;;
esac

# INITIALIZE VARIABLES
# variables set in framework:
# today server thistty scriptdir scriptfile scripttrim
# is_cronjob stdin_piped stdout_piped stderr_piped sendsh sendopts
. ${frameworkscript} || echo "$0: framework did not run properly. Continuing..." 1>&2
infile1=
outfile1=
logfile=${scriptdir}/${scripttrim}.${today}.out
interestedparties="bgstack15@example.com"
rdpcommand=/usr/bin/xfreerdp
alloptions="/sec-rdp"; #where defaults go. Will be added to by infile1 options
userfile=~/.bgstack15.example.com
fullscreenborder=80px;

## REACT TO ROOT STATUS
#case $is_root in
#   1) # proper root
#      [ ] ;;
#   sudo) # sudo to root
#      [ ] ;;
#   "") # not root at all
#      #ferror "${scriptfile}: 5. Please run as root or sudo. Aborted."
#      #exit 5
#      [ ]
#      ;;
#esac

# SET CUSTOM SCRIPT AND VALUES
#setval 1 sendsh sendopts<<EOFSENDSH      # if $1="1" then setvalout="critical-fail" on failure
#/usr/local/bin/bgscripts/send.sh -hs     #                setvalout maybe be "fail" otherwise
#/usr/local/bin/send.sh -hs               # on success, setvalout="valid-sendsh"
#/usr/bin/mail -s
#EOFSENDSH
#[[ "$setvalout" = "critical-fail" ]] && ferror "${scriptfile}: 4. mailer not found. Aborted." && exit 4

# VALIDATE PARAMETERS
# objects before the dash are options, which get filled with the optvals
# to debug flags, use option DEBUG. Variables set in framework: fallopts
validateparams infile1 - "$@"

# CONFIRM TOTAL NUMBER OF FLAGLESSVALS IS CORRECT
if [[ $thiscount -lt 1 ]];
then
   ferror "${scriptfile}: 2. Fewer than 1 flaglessvals. Aborted."
   exit 2
fi

# CONFIGURE VARIABLES AFTER PARAMETERS

# READ CONFIG FILE
remember_IFS="${IFS}"; IFS=$'\n'
the_raw_data=($(cat "${infile1}"))
IFS="${remember_IFS}"

unhandled="unhandled:";
sizes=0;
#grep -viE "^$|^#" "${infile1}" | sed "s/[^\]#.*$//;' | while read line
#BASH BELOW
#while read -r line
for line in "${the_raw_data[@]}"
do
   debuglev 5 && ferror "$line"
   value=$( echo "${line##*:}" | tr -d '\r' )
   #read -p "Please type something here:" response < $thistty
   #echo "$response"
   case "${line}" in
      *screen\ mode\ id*)    screenmode="${value}";;
      use\ multimon*)        multimon="${value}";;
      desktopwidth*)        desktopwidth="${value}";((sizes+=10));;
      desktopheight*)        desktopheight="${value}";((sizes+=1));;
      session\ bpp*)        sessionbpp="${value}";;
      full\ address*)        fulladdress="${value}";; #should include port if necessary
      compression*)        compression="${value}";;
      displayconnectionbar*)    displayconnectionbar="${value}";; # guessing that this is /disp
      audiomode*)        audiomode="${value}";;
      audiocapturemode*)    audiocapturemode="${value}";;
      keyboardhook*)        unhandled="${unhandled}\n${line}";; #cannot find implementation in freerdp
      redirectclipboard*)    clipboard="${value}";;
      disable\ wallpaper*)    wallpaper="${value}";;
      allow\ font\ smoothing*)    fontsmoothing="${value}";;
      allow\ desktop\ composition*)    unhandled="${unhandled}\n${line}";; # provides aero but I never ever use aero
      disable\ full\ window\ drag*)    windowdrag="${value}";;
      disable\ menu\ anims*)    menuanims="${value}";;
      disable\ themes*)        themes="${value}";;
      *) debuglev 4 && ferror "Unknown option: ${line}";;
   esac
done
#BASH BELOW
#done < <( grep -viE "^$|^#" "${infile1}" | sed 's/[^\]#.*$//g;' )

#GET USER
getuser "${userfile}" thisuser thispassword

#FINISH PARSING DIRECTIVES FOR freerdp
[[ "${multimon}" = "1" ]] && alloptions="${alloptions} /multimon"
echo "screenmode=${screenmode}"
if [[ "${screenmode}" = "1" ]];
then
   # screenmode 1 windowed
   case sizes in
      0) screenmode=2;; #abort and just do fullscreen
      1) alloptions="${alloptions} /h:${desktopheight}";;
      10) alloptions="${alloptions} /w:${desktopwidth}";;
      11) alloptions="${alloptions} /size:${desktopwidth}x${desktopheight}";;
      *) ferror "Did not understand sizing. Emulating fullscreen." && screenmode=2;;
   esac
fi
if [[ "${screenmode}" = "2" ]];
then
   # screenmode 2 fullscreen

   # on linux make that windowed but 20px border around window
   # xfreerdp has the "/f" flag though if I want to change it in the future
   getscreensize thiswidth thisheight
   fullscreenborder=${fullscreenborder%%px}
   ((thiswidth-=fullscreenborder)) && ((thisheight -=fullscreenborder))
   

   alloptions="${alloptions} /size:${thiswidth}x${thisheight}"
fi
[[ -n "${sessionbpp}" ]] && alloptions="${alloptions} /bpp:${sessionbpp}"
[[ -n "${fulladdress}" ]] && alloptions="${alloptions} /v:${fulladdress}"
[[ -n "${compression}" ]] && alloptions="${alloptions} -z"
[[ "${displayconnectionbar}" = "1" ]] && alloptions="${alloptions} /disp"
[[ -n "${audiomode}" ]] && alloptions="${alloptions} /audio-mode:${audiomode}"
[[ -n "${audiocapturemode}" ]] && alloptions="${alloptions} /mic"
[[ "${clipboard}" = "1" ]] && alloptions="${alloptions} +clipboard"
[[ "${wallpaper}" = "0" ]] && alloptions="${alloptions} /wallpaper" #because it is actually a disable-wallpaper flag
[[ "${fontsmoothing}" = "1" ]] && alloptions="${alloptions} /fonts"
[[ "${windowdrag}" = "0" ]] && alloptions="${alloptions} /window-drag"
[[ "${menuanims}" = "0" ]] && alloptions="${alloptions} /menu-anims"
[[ "${themes}" = "0" ]] && alloptions="${alloptions} /themes"
alloptions="${alloptions} /u:${thisuser} /p:${thispassword}"

alloptions="${alloptions# }" # to trim leading space just to look nicer

## REACT TO BEING A CRONJOB
#if [[ $is_cronjob -eq 1 ]];
#then
#   [ ]
#else
#   [ ]
#fi

# SET TRAPS
#trap "CTRLC" 2
#trap "CTRLZ" 18
#trap "clean_RDP" 0

# MAIN LOOP
#{
   debuglev 1 && echo ${rdpcommand} ${alloptions} || \
      ${rdpcommand} ${alloptions}
   [ ]
#} | tee -a $logfile

# EMAIL LOGFILE
#$sendsh $sendopts "$server $scriptfile out" $logfile $interestedparties