From ecc54d31394b758b6404530c9d883cf44fdd2038 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Fri, 15 Apr 2022 13:55:53 +0300 Subject: [PATCH] reimplement without ssh --- Makefile | 31 +++++--- doskast-server-watcher.desktop | 4 ++ doskast-server-watcher.sh | 27 +++++++ doskast-sshd-keygen.service | 11 --- doskast-sshd-keygen.sh | 125 --------------------------------- doskast-sshd.conf | 22 ------ doskast-sshd.service | 17 ----- doskast-student-firewall.conf | 4 ++ doskast-student.service | 21 ++++++ doskast-trigger-connect.cgi | 35 +++++++++ doskast.spec | 61 ++++++++++++---- 11 files changed, 158 insertions(+), 200 deletions(-) create mode 100644 doskast-server-watcher.desktop create mode 100755 doskast-server-watcher.sh delete mode 100644 doskast-sshd-keygen.service delete mode 100755 doskast-sshd-keygen.sh delete mode 100644 doskast-sshd.conf delete mode 100644 doskast-sshd.service create mode 100644 doskast-student-firewall.conf create mode 100644 doskast-student.service create mode 100755 doskast-trigger-connect.cgi diff --git a/Makefile b/Makefile index 990d0f0..6477661 100644 --- a/Makefile +++ b/Makefile @@ -1,16 +1,27 @@ -SBINDIR ?= /usr/sbin +PREFIX ?= /usr +BINDIR ?= $(PREFIX)/bin +SYSCONFDIR ?= /etc UNITDIR ?= /lib/systemd/system +# TODO: make a custom location with a separate web server +CGI_DIR ?= /var/www/cgi-bin + install: - mkdir -p --mode=0755 $(DESTDIR)$(SBINDIR) - install -m0755 doskast-sshd-keygen.sh $(DESTDIR)$(SBINDIR)/doskast-sshd-keygen - mkdir -p --mode=0755 $(DESTDIR)/etc/doskast - mkdir -p --mode=0700 $(DESTDIR)/etc/doskast/ssh - mkdir -p --mode=0755 $(DESTDIR)$(UNITDIR) - install -m0644 doskast-sshd.service $(DESTDIR)$(UNITDIR) - install -m0644 doskast-sshd-keygen.service $(DESTDIR)$(UNITDIR) - # nothing secret here, no need in 0600 - install -m0644 doskast-sshd.conf $(DESTDIR)/etc/doskast/doskast-sshd.conf + # TODO: make a custom location with separate web server + mkdir -p --mode=0755 $(DESTDIR)$(CGI_DIR) + install -m0755 doskast-trigger-connect.cgi $(DESTDIR)$(CGI_DIR) + + mkdir -p --mode=0755 $(DESTDIR)$(UNITDIR) + install -m0644 doskast-student.service $(DESTDIR)$(UNITDIR) + + mkdir -p --mode=0755 $(DESTDIR)/etc/systemd/system/doskast-student.service.d + install -m0644 doskast-student-firewall.conf $(DESTDIR)/etc/systemd/system/doskast-student.service.d + + mkdir -p --mode=0755 $(DESTDIR)$(BINDIR) + install -m0755 doskast-server-watcher.sh $(DESTDIR)$(BINDIR)/doskast-server-watcher + + mkdir -p --mode=0755 $(DESTDIR)$(SYSCONFDIR)/xdg/autostart + install -m0644 doskast-server-watcher.desktop $(DESTDIR)$(SYSCONFDIR)/xdg/autostart rpm: rpmbuild --define "_sourcedir $$PWD" -bb doskast.spec diff --git a/doskast-server-watcher.desktop b/doskast-server-watcher.desktop new file mode 100644 index 0000000..08a6df0 --- /dev/null +++ b/doskast-server-watcher.desktop @@ -0,0 +1,4 @@ +[Desktop Entry] +Name=Doskast Processor of Connection Queue +Type=Application +Exec=doskast-server-watcher diff --git a/doskast-server-watcher.sh b/doskast-server-watcher.sh new file mode 100755 index 0000000..e66aa2a --- /dev/null +++ b/doskast-server-watcher.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +set -e +set -f +set -u +set -o pipefail + +_safe_param_stdin() { + tr -d '$`<>"%;)(&+'"'" +} + +_main_server_watcher(){ + inotifywait --event close_write --format '%f' --monitor "$dir" | \ + while read -r line + do + # TODO: validate IP/hostname + local target + target="$(head -n 1 "$line" | _safe_param_stdin)" + test -n "$target" + xpra attach tcp://"$target":4648 & + done +} + +if [ "${SOURCED:-0}" != 1 ]; then + readonly dir='/var/spool/doskast' + _main_server_watcher "$@" +fi diff --git a/doskast-sshd-keygen.service b/doskast-sshd-keygen.service deleted file mode 100644 index bcc3fbc..0000000 --- a/doskast-sshd-keygen.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=OpenSSH Server Key Generation -ConditionPathExists=|!/etc/doskast/ssh/ssh_host_rsa_key -ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ecdsa_key -ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ed25519_key -PartOf=doskast-sshd.service - -[Service] -ExecStart=/usr/sbin/doskast-sshd-keygen -Type=oneshot -RemainAfterExit=yes diff --git a/doskast-sshd-keygen.sh b/doskast-sshd-keygen.sh deleted file mode 100755 index c352d2d..0000000 --- a/doskast-sshd-keygen.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash - -# Create the host keys for the OpenSSH server. -# -# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment -# variable. - -# OpenSSH 7.0 depreceated DSA keys. We don't create DSA be default, but you can add 'DSA' to the list bellow. -AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519" -FAIL='0' - -# Some functions to make the below more readable -KEYGEN=/usr/bin/ssh-keygen -DIR=/etc/doskast/ssh -RSA_KEY="$DIR"/ssh_host_rsa_key -DSA_KEY="$DIR"/ssh_host_dsa_key -ECDSA_KEY="$DIR"/ssh_host_ecdsa_key -ED25519_KEY="$DIR"/ssh_host_ed25519_key - -do_rsa_keygen() { - if [ ! -s $RSA_KEY ]; then - echo -n $"Generating SSH2 RSA host key: " - rm -f $RSA_KEY - # XXX use umask 077 here! - if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA_KEY - chmod 644 $RSA_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $RSA_KEY{,.pub} - fi - echo "RSA key $RSA_KEY generated." - return 0 - else - echo "Failed to generate RSA key $RSA_KEY!" - FAIL='1' - return 1 - fi - fi -} - -do_dsa_keygen() { - if [ ! -s $DSA_KEY ]; then - echo -n $"Generating SSH2 DSA host key: " - rm -f $DSA_KEY - if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $DSA_KEY - chmod 644 $DSA_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $DSA_KEY{,.pub} - fi - echo "DSA key $DSA_KEY generated." - return 0 - else - echo "Failed to generate DSA key $DSA_KEY!" - FAIL='1' - return 1 - fi - fi -} - -do_ecdsa_keygen() { - if [ ! -s $ECDSA_KEY ]; then - echo -n $"Generating SSH2 ECDSA host key: " - rm -f $ECDSA_KEY - if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $ECDSA_KEY - chmod 644 $ECDSA_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $ECDSA_KEY{,.pub} - fi - echo "ECDSA key $ECDSA_KEY generated." - return 0 - else - echo "Failed to generate ECDSA key $ECDSA_KEY!" - FAIL='1' - return 1 - fi - fi -} - -do_ed25519_keygen() { - if [ ! -s $ED25519_KEY ]; then - echo -n $"Generating SSH2 ED25519 host key: " - rm -f "$ED25519_KEY" - if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then - chmod 600 $ED25519_KEY - chmod 644 $ED25519_KEY.pub - if [ -x /sbin/restorecon ]; then - /sbin/restorecon $ED25519_KEY{,.pub} - fi - echo "ED25519 key $ED25519_KEY generated." - return 0 - else - echo "Failed to generate ED25519 key $ED25519_KEY!" - FAIL='1' - return 1 - fi - fi -} - -if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then - exit 0 -fi - -# legacy options -case $AUTOCREATE_SERVER_KEYS in - NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; - RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";; - YES) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; -esac - -for KEY in $AUTOCREATE_SERVER_KEYS; do - case "$KEY" in - DSA) do_dsa_keygen;; - RSA) do_rsa_keygen;; - ECDSA) do_ecdsa_keygen;; - ED25519) do_ed25519_keygen;; - esac -done - -# not zero return code if any error has ever occured to make systemd service sshd-keygen.service failed in case of any errors -if [ "$FAIL" = '1' ] - then exit 1 - else exit 0 -fi diff --git a/doskast-sshd.conf b/doskast-sshd.conf deleted file mode 100644 index ef2a657..0000000 --- a/doskast-sshd.conf +++ /dev/null @@ -1,22 +0,0 @@ -Port 6260 - -HostKey /etc/doskast/ssh/ssh_host_rsa_key -HostKey /etc/doskast/ssh/ssh_host_ecdsa_key -HostKey /etc/doskast/ssh/ssh_host_ed25519_key - -PermitRootLogin no -PubkeyAuthentication yes -# keeping this default for compatibility with ssh-copy-id -AuthorizedKeysFile .ssh/authorized_keys -PasswordAuthentication no -KerberosAuthentication no -GSSAPIAuthentication no -# XXX Is PAM needed? -UsePAM no -AllowUsers doscast - -AllowAgentForwarding no -AllowTcpForwarding no -GatewayPorts no -X11Forwarding no -PidFile /run/doskast-sshd.pid diff --git a/doskast-sshd.service b/doskast-sshd.service deleted file mode 100644 index 72f1920..0000000 --- a/doskast-sshd.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Doskast OpenSSH server -After=network.target doskast-sshd-keygen.service -Wants=doskast-sshd-keygen.service - -[Service] -ExecStart=/usr/sbin/sshd \ - -D \ - -4 \ - -f /etc/doskast/doskast-sshd.conf -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -RestartSec=42s - -[Install] -WantedBy=multi-user.target diff --git a/doskast-student-firewall.conf b/doskast-student-firewall.conf new file mode 100644 index 0000000..302a058 --- /dev/null +++ b/doskast-student-firewall.conf @@ -0,0 +1,4 @@ +[Service] +IPAddressDeny=any +# IP-адрес доски +IPAddressAllow=192.168.0.0 diff --git a/doskast-student.service b/doskast-student.service new file mode 100644 index 0000000..e7c0596 --- /dev/null +++ b/doskast-student.service @@ -0,0 +1,21 @@ +[Unit] +Description=Xpra Socket on Student's computer (server) +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/xpra \ + --bind-tcp=0.0.0.0:4648 \ + --pidfile=/run/xpra/proxy/server.pid \ + --daemon=no \ + shadow +#rely on SIGKILL which returns 128+15=143 +SuccessExitStatus=0 143 +Restart=always +PIDFile=/run/xpra/proxy/server.pid +ProtectKernelTunables=true +ProtectControlGroups=true + +[Install] +WantedBy=multi-user.target +# based on xpra.service from upstream of xpra diff --git a/doskast-trigger-connect.cgi b/doskast-trigger-connect.cgi new file mode 100755 index 0000000..2310989 --- /dev/null +++ b/doskast-trigger-connect.cgi @@ -0,0 +1,35 @@ +#!/bin/bash +# Клиент (компьютер ученика) стучится на этот скрипт через веб-сервер +# и тем самым заставляет доску (сервер) соединиться с его компьютером + +set -e +set -f +set -u + +_main_trigger_connect(){ + local umask_old + local tmp + tmp="$(umask 077 && mktemp --tmpdir="$dir" connect.XXXXX)" + test -f "$tmp" + echo "$REMOTE_ADDR" > "$tmp" +} + +# $1: HTTP_STATUS_CODE +# $2: HTTP_STATUS_DESCRIPTION +# $3: text of responce +_response_text(){ + if [ -z "$*" ]; then + echo_err "Empty args of html_reposnse" + exit 1 + fi + echo "Status: $1 $2" + #echo "Access-Control-Allow-Origin: *" + echo "Content-Type: text/plain; charset=utf-8" + echo -e "\n$3" +} + +if [ "${SOURCED:-0}" != 1 ]; then + readonly dir='/var/spool/doskast' + _main_trigger_connect "$@" + _response_text 200 OK OK +fi diff --git a/doskast.spec b/doskast.spec index 295a4fa..dbf8913 100644 --- a/doskast.spec +++ b/doskast.spec @@ -5,28 +5,59 @@ Group: Graphical desktop/Other Url: https://osmesh.ru Version: 0.1 Release: 1 -Source1: doskast-sshd.conf -Source2: doskast-sshd.service -Source3: doskast-sshd-keygen.service -Source4: doskast-sshd-keygen.sh -Source5: Makefile - +Source10: Makefile +Source11: doskast-server-watcher.desktop +Source12: doskast-server-watcher.sh +Source13: doskast-student.service +Source15: doskast-student-firewall.conf +Source16: doskast-trigger-connect.cgi +BuildArch: noarch BuildRequires: make +BuildRequires: desktop-file-utils %description +%SUMMARY + +#-------------------------------------------------------------- + +%package board +Summary: Doskast for server (board) +Requires: xpra +Requires: httpd + +%description board +%summary + +%files board +/var/www/cgi-bin/doskast-trigger-connect.cgi +%{_bindir}/doskast-server-watcher +/etc/xdg/autostart/doskast-server-watcher.desktop + +#-------------------------------------------------------------- + +%package student +Summary: Doskast for client (student) +Requires: xpra +Requires: curl + +%description student %summary +%files student +%{_unitdir}/doskast-student.service +%config(noreplace) %{_sysconfdir}/systemd/system/doskast-student.service.d/doskast-student-firewall.conf + +%post student +%systemd_post doskast-student.socket doskast-student.service + +%preun student +%systemd_preun doskast-student.socket doskast-student.service + +#-------------------------------------------------------------- + %prep %build %install cp %sources . +desktop-file-validate *.desktop %makeinstall_std - -%files -%_unitdir/doskast-sshd.service -%_unitdir/doskast-sshd-keygen.service -%_sbindir/doskast-sshd-keygen -%dir /etc/doskast -%dir /etc/doskast/ssh -# not "noreplace" -%config /etc/doskast/doskast-sshd.conf