reimplement without ssh

Makefile

@@ -1,16 +1,27 @@
-SBINDIR ?= /usr/sbin
+PREFIX ?= /usr
+BINDIR ?= $(PREFIX)/bin
+SYSCONFDIR ?= /etc
 UNITDIR ?= /lib/systemd/system
 
+# TODO: make a custom location with a separate web server
+CGI_DIR ?= /var/www/cgi-bin
+
 install:
-	mkdir -p --mode=0755 $(DESTDIR)$(SBINDIR)
+	# TODO: make a custom location with separate web server
-	install -m0755 doskast-sshd-keygen.sh $(DESTDIR)$(SBINDIR)/doskast-sshd-keygen
+	mkdir -p --mode=0755 $(DESTDIR)$(CGI_DIR)
-	mkdir -p --mode=0755 $(DESTDIR)/etc/doskast
+	install -m0755 doskast-trigger-connect.cgi $(DESTDIR)$(CGI_DIR)
-	mkdir -p --mode=0700 $(DESTDIR)/etc/doskast/ssh
+
 	mkdir -p --mode=0755 $(DESTDIR)$(UNITDIR)
-	install -m0644 doskast-sshd.service $(DESTDIR)$(UNITDIR)
+	install -m0644 doskast-student.service $(DESTDIR)$(UNITDIR)
-	install -m0644 doskast-sshd-keygen.service $(DESTDIR)$(UNITDIR)
+
-	# nothing secret here, no need in 0600
+	mkdir -p --mode=0755 $(DESTDIR)/etc/systemd/system/doskast-student.service.d
-	install -m0644 doskast-sshd.conf $(DESTDIR)/etc/doskast/doskast-sshd.conf
+	install -m0644 doskast-student-firewall.conf $(DESTDIR)/etc/systemd/system/doskast-student.service.d
+
+	mkdir -p --mode=0755 $(DESTDIR)$(BINDIR)
+	install -m0755 doskast-server-watcher.sh $(DESTDIR)$(BINDIR)/doskast-server-watcher
+
+	mkdir -p --mode=0755 $(DESTDIR)$(SYSCONFDIR)/xdg/autostart
+	install -m0644 doskast-server-watcher.desktop $(DESTDIR)$(SYSCONFDIR)/xdg/autostart
 
 rpm:
 	rpmbuild --define "_sourcedir $$PWD" -bb doskast.spec

doskast-server-watcher.desktop

@@ -0,0 +1,4 @@
+[Desktop Entry]
+Name=Doskast Processor of Connection Queue
+Type=Application
+Exec=doskast-server-watcher

doskast-server-watcher.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -e
+set -f
+set -u
+set -o pipefail
+
+_safe_param_stdin() {
+	tr -d '$`<>"%;)(&+'"'"
+}
+
+_main_server_watcher(){
+	inotifywait --event close_write --format '%f' --monitor "$dir" | \
+	while read -r line
+	do
+		# TODO: validate IP/hostname
+		local target
+		target="$(head -n 1 "$line" | _safe_param_stdin)"
+		test -n "$target"
+		xpra attach tcp://"$target":4648 &
+	done
+}
+
+if [ "${SOURCED:-0}" != 1 ]; then
+	readonly dir='/var/spool/doskast'
+	_main_server_watcher "$@"
+fi

doskast-sshd-keygen.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=OpenSSH Server Key Generation
-ConditionPathExists=|!/etc/doskast/ssh/ssh_host_rsa_key
-ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ecdsa_key
-ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ed25519_key
-PartOf=doskast-sshd.service
-
-[Service]
-ExecStart=/usr/sbin/doskast-sshd-keygen
-Type=oneshot
-RemainAfterExit=yes

doskast-sshd-keygen.sh

@@ -1,125 +0,0 @@
-#!/bin/bash
-
-# Create the host keys for the OpenSSH server.
-#
-# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
-# variable.
-
-# OpenSSH 7.0 depreceated DSA keys. We don't create DSA be default, but you can add 'DSA' to the list bellow.
-AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
-FAIL='0'
-
-# Some functions to make the below more readable
-KEYGEN=/usr/bin/ssh-keygen
-DIR=/etc/doskast/ssh
-RSA_KEY="$DIR"/ssh_host_rsa_key
-DSA_KEY="$DIR"/ssh_host_dsa_key
-ECDSA_KEY="$DIR"/ssh_host_ecdsa_key
-ED25519_KEY="$DIR"/ssh_host_ed25519_key
-
-do_rsa_keygen() {
-	if [ ! -s $RSA_KEY ]; then
-		echo -n $"Generating SSH2 RSA host key: "
-		rm -f $RSA_KEY
-		# XXX use umask 077 here!
-		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA_KEY
-			chmod 644 $RSA_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $RSA_KEY{,.pub}
-			fi
-			echo "RSA key $RSA_KEY generated."
-			return 0
-		else
-			echo "Failed to generate RSA key $RSA_KEY!"
-			FAIL='1'
-			return 1
-		fi
-	fi
-}
-
-do_dsa_keygen() {
-	if [ ! -s $DSA_KEY ]; then
-		echo -n $"Generating SSH2 DSA host key: "
-		rm -f $DSA_KEY
-		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $DSA_KEY
-			chmod 644 $DSA_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $DSA_KEY{,.pub}
-			fi
-			echo "DSA key $DSA_KEY generated."
-			return 0
-		else
-			echo "Failed to generate DSA key $DSA_KEY!"
-			FAIL='1'
-			return 1
-		fi
-	fi
-}
-
-do_ecdsa_keygen() {
-	if [ ! -s $ECDSA_KEY ]; then
-		echo -n $"Generating SSH2 ECDSA host key: "
-		rm -f $ECDSA_KEY
-		if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $ECDSA_KEY
-			chmod 644 $ECDSA_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $ECDSA_KEY{,.pub}
-			fi
-			echo "ECDSA key $ECDSA_KEY generated."
-			return 0
-		else
-			echo "Failed to generate ECDSA key $ECDSA_KEY!"
-			FAIL='1'
-			return 1
-		fi
-	fi
-}
-
-do_ed25519_keygen() {
-	if [ ! -s $ED25519_KEY ]; then
-		echo -n $"Generating SSH2 ED25519 host key: "
-		rm -f "$ED25519_KEY"
-		if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $ED25519_KEY
-			chmod 644 $ED25519_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $ED25519_KEY{,.pub}
-			fi
-			echo "ED25519 key $ED25519_KEY generated."
-			return 0
-		else
-			echo "Failed to generate ED25519 key $ED25519_KEY!"
-			FAIL='1'
-			return 1
-		fi
-	fi
-}
-
-if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then
-	exit 0
-fi
-
-# legacy options
-case $AUTOCREATE_SERVER_KEYS in
-	NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
-	RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";;
-	YES) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
-esac
-
-for KEY in $AUTOCREATE_SERVER_KEYS; do
-	case "$KEY" in
-		DSA) do_dsa_keygen;;
-		RSA) do_rsa_keygen;;
-		ECDSA) do_ecdsa_keygen;;
-		ED25519) do_ed25519_keygen;;
-	esac
-done
-
-# not zero return code if any error has ever occured to make systemd service sshd-keygen.service failed in case of any errors
-if [ "$FAIL" = '1' ]
-	then exit 1
-	else exit 0
-fi

doskast-sshd.conf

@@ -1,22 +0,0 @@
-Port 6260
-
-HostKey /etc/doskast/ssh/ssh_host_rsa_key
-HostKey /etc/doskast/ssh/ssh_host_ecdsa_key
-HostKey /etc/doskast/ssh/ssh_host_ed25519_key
-
-PermitRootLogin no
-PubkeyAuthentication yes
-# keeping this default for compatibility with ssh-copy-id
-AuthorizedKeysFile	.ssh/authorized_keys
-PasswordAuthentication no
-KerberosAuthentication no
-GSSAPIAuthentication no
-# XXX Is PAM needed?
-UsePAM no
-AllowUsers doscast
-
-AllowAgentForwarding no
-AllowTcpForwarding no
-GatewayPorts no
-X11Forwarding no
-PidFile /run/doskast-sshd.pid

doskast-sshd.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Doskast OpenSSH server
-After=network.target doskast-sshd-keygen.service
-Wants=doskast-sshd-keygen.service
-
-[Service]
-ExecStart=/usr/sbin/sshd \
-	-D \
-	-4 \
-	-f /etc/doskast/doskast-sshd.conf
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-Restart=on-failure
-RestartSec=42s
-
-[Install]
-WantedBy=multi-user.target

doskast-student-firewall.conf

@@ -0,0 +1,4 @@
+[Service]
+IPAddressDeny=any
+# IP-адрес доски
+IPAddressAllow=192.168.0.0

doskast-student.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Xpra Socket on Student's computer (server)
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/xpra \
+	--bind-tcp=0.0.0.0:4648 \
+	--pidfile=/run/xpra/proxy/server.pid \
+	--daemon=no \
+	shadow
+#rely on SIGKILL which returns 128+15=143
+SuccessExitStatus=0 143
+Restart=always
+PIDFile=/run/xpra/proxy/server.pid
+ProtectKernelTunables=true
+ProtectControlGroups=true
+
+[Install]
+WantedBy=multi-user.target
+# based on xpra.service from upstream of xpra

doskast-trigger-connect.cgi

@@ -0,0 +1,35 @@
+#!/bin/bash
+# Клиент (компьютер ученика) стучится на этот скрипт через веб-сервер
+# и тем самым заставляет доску (сервер) соединиться с его компьютером
+
+set -e
+set -f
+set -u
+
+_main_trigger_connect(){
+	local umask_old
+	local tmp
+	tmp="$(umask 077 && mktemp --tmpdir="$dir" connect.XXXXX)"
+	test -f "$tmp"
+	echo "$REMOTE_ADDR" > "$tmp"
+}
+
+# $1: HTTP_STATUS_CODE
+# $2: HTTP_STATUS_DESCRIPTION
+# $3: text of responce
+_response_text(){
+	if [ -z "$*" ]; then
+		echo_err "Empty args of html_reposnse"
+		exit 1
+	fi
+	echo "Status: $1 $2"
+	#echo "Access-Control-Allow-Origin: *"
+	echo "Content-Type: text/plain; charset=utf-8"
+	echo -e "\n$3"
+}
+
+if [ "${SOURCED:-0}" != 1 ]; then
+	readonly dir='/var/spool/doskast'
+	_main_trigger_connect "$@"
+	_response_text 200 OK OK
+fi

doskast.spec

@@ -5,28 +5,59 @@ Group: Graphical desktop/Other
 Url: https://osmesh.ru
 Version: 0.1
 Release: 1
-Source1: doskast-sshd.conf
+Source10: Makefile
-Source2: doskast-sshd.service
+Source11: doskast-server-watcher.desktop
-Source3: doskast-sshd-keygen.service
+Source12: doskast-server-watcher.sh
-Source4: doskast-sshd-keygen.sh
+Source13: doskast-student.service
-Source5: Makefile
+Source15: doskast-student-firewall.conf
-
+Source16: doskast-trigger-connect.cgi
+BuildArch: noarch
 BuildRequires: make
+BuildRequires: desktop-file-utils
 
 %description
+%SUMMARY
+
+#--------------------------------------------------------------
+
+%package board
+Summary: Doskast for server (board)
+Requires: xpra
+Requires: httpd
+
+%description board
+%summary
+
+%files board
+/var/www/cgi-bin/doskast-trigger-connect.cgi
+%{_bindir}/doskast-server-watcher
+/etc/xdg/autostart/doskast-server-watcher.desktop
+
+#--------------------------------------------------------------
+
+%package student
+Summary: Doskast for client (student)
+Requires: xpra
+Requires: curl
+
+%description student
 %summary
 
+%files student
+%{_unitdir}/doskast-student.service
+%config(noreplace) %{_sysconfdir}/systemd/system/doskast-student.service.d/doskast-student-firewall.conf
+
+%post student
+%systemd_post doskast-student.socket doskast-student.service
+
+%preun student
+%systemd_preun doskast-student.socket doskast-student.service
+
+#--------------------------------------------------------------
+
 %prep
 %build
 %install
 cp %sources .
+desktop-file-validate *.desktop
 %makeinstall_std
-
-%files
-%_unitdir/doskast-sshd.service
-%_unitdir/doskast-sshd-keygen.service
-%_sbindir/doskast-sshd-keygen
-%dir /etc/doskast
-%dir /etc/doskast/ssh
-# not "noreplace"
-%config /etc/doskast/doskast-sshd.conf