reimplement without ssh

master
Mikhail Novosyolov 3 years ago
parent dafeb2899d
commit ecc54d3139
  1. 29
      Makefile
  2. 4
      doskast-server-watcher.desktop
  3. 27
      doskast-server-watcher.sh
  4. 11
      doskast-sshd-keygen.service
  5. 125
      doskast-sshd-keygen.sh
  6. 22
      doskast-sshd.conf
  7. 17
      doskast-sshd.service
  8. 4
      doskast-student-firewall.conf
  9. 21
      doskast-student.service
  10. 35
      doskast-trigger-connect.cgi
  11. 61
      doskast.spec

@ -1,16 +1,27 @@
SBINDIR ?= /usr/sbin
PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
SYSCONFDIR ?= /etc
UNITDIR ?= /lib/systemd/system
# TODO: make a custom location with a separate web server
CGI_DIR ?= /var/www/cgi-bin
install:
mkdir -p --mode=0755 $(DESTDIR)$(SBINDIR)
install -m0755 doskast-sshd-keygen.sh $(DESTDIR)$(SBINDIR)/doskast-sshd-keygen
mkdir -p --mode=0755 $(DESTDIR)/etc/doskast
mkdir -p --mode=0700 $(DESTDIR)/etc/doskast/ssh
# TODO: make a custom location with separate web server
mkdir -p --mode=0755 $(DESTDIR)$(CGI_DIR)
install -m0755 doskast-trigger-connect.cgi $(DESTDIR)$(CGI_DIR)
mkdir -p --mode=0755 $(DESTDIR)$(UNITDIR)
install -m0644 doskast-sshd.service $(DESTDIR)$(UNITDIR)
install -m0644 doskast-sshd-keygen.service $(DESTDIR)$(UNITDIR)
# nothing secret here, no need in 0600
install -m0644 doskast-sshd.conf $(DESTDIR)/etc/doskast/doskast-sshd.conf
install -m0644 doskast-student.service $(DESTDIR)$(UNITDIR)
mkdir -p --mode=0755 $(DESTDIR)/etc/systemd/system/doskast-student.service.d
install -m0644 doskast-student-firewall.conf $(DESTDIR)/etc/systemd/system/doskast-student.service.d
mkdir -p --mode=0755 $(DESTDIR)$(BINDIR)
install -m0755 doskast-server-watcher.sh $(DESTDIR)$(BINDIR)/doskast-server-watcher
mkdir -p --mode=0755 $(DESTDIR)$(SYSCONFDIR)/xdg/autostart
install -m0644 doskast-server-watcher.desktop $(DESTDIR)$(SYSCONFDIR)/xdg/autostart
rpm:
rpmbuild --define "_sourcedir $$PWD" -bb doskast.spec

@ -0,0 +1,4 @@
[Desktop Entry]
Name=Doskast Processor of Connection Queue
Type=Application
Exec=doskast-server-watcher

@ -0,0 +1,27 @@
#!/bin/bash
set -e
set -f
set -u
set -o pipefail
_safe_param_stdin() {
tr -d '$`<>"%;)(&+'"'"
}
_main_server_watcher(){
inotifywait --event close_write --format '%f' --monitor "$dir" | \
while read -r line
do
# TODO: validate IP/hostname
local target
target="$(head -n 1 "$line" | _safe_param_stdin)"
test -n "$target"
xpra attach tcp://"$target":4648 &
done
}
if [ "${SOURCED:-0}" != 1 ]; then
readonly dir='/var/spool/doskast'
_main_server_watcher "$@"
fi

@ -1,11 +0,0 @@
[Unit]
Description=OpenSSH Server Key Generation
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_rsa_key
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ecdsa_key
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ed25519_key
PartOf=doskast-sshd.service
[Service]
ExecStart=/usr/sbin/doskast-sshd-keygen
Type=oneshot
RemainAfterExit=yes

@ -1,125 +0,0 @@
#!/bin/bash
# Create the host keys for the OpenSSH server.
#
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
# variable.
# OpenSSH 7.0 depreceated DSA keys. We don't create DSA be default, but you can add 'DSA' to the list bellow.
AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
FAIL='0'
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
DIR=/etc/doskast/ssh
RSA_KEY="$DIR"/ssh_host_rsa_key
DSA_KEY="$DIR"/ssh_host_dsa_key
ECDSA_KEY="$DIR"/ssh_host_ecdsa_key
ED25519_KEY="$DIR"/ssh_host_ed25519_key
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: "
rm -f $RSA_KEY
# XXX use umask 077 here!
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY{,.pub}
fi
echo "RSA key $RSA_KEY generated."
return 0
else
echo "Failed to generate RSA key $RSA_KEY!"
FAIL='1'
return 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo -n $"Generating SSH2 DSA host key: "
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY{,.pub}
fi
echo "DSA key $DSA_KEY generated."
return 0
else
echo "Failed to generate DSA key $DSA_KEY!"
FAIL='1'
return 1
fi
fi
}
do_ecdsa_keygen() {
if [ ! -s $ECDSA_KEY ]; then
echo -n $"Generating SSH2 ECDSA host key: "
rm -f $ECDSA_KEY
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $ECDSA_KEY{,.pub}
fi
echo "ECDSA key $ECDSA_KEY generated."
return 0
else
echo "Failed to generate ECDSA key $ECDSA_KEY!"
FAIL='1'
return 1
fi
fi
}
do_ed25519_keygen() {
if [ ! -s $ED25519_KEY ]; then
echo -n $"Generating SSH2 ED25519 host key: "
rm -f "$ED25519_KEY"
if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
chmod 600 $ED25519_KEY
chmod 644 $ED25519_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $ED25519_KEY{,.pub}
fi
echo "ED25519 key $ED25519_KEY generated."
return 0
else
echo "Failed to generate ED25519 key $ED25519_KEY!"
FAIL='1'
return 1
fi
fi
}
if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then
exit 0
fi
# legacy options
case $AUTOCREATE_SERVER_KEYS in
NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";;
YES) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
esac
for KEY in $AUTOCREATE_SERVER_KEYS; do
case "$KEY" in
DSA) do_dsa_keygen;;
RSA) do_rsa_keygen;;
ECDSA) do_ecdsa_keygen;;
ED25519) do_ed25519_keygen;;
esac
done
# not zero return code if any error has ever occured to make systemd service sshd-keygen.service failed in case of any errors
if [ "$FAIL" = '1' ]
then exit 1
else exit 0
fi

@ -1,22 +0,0 @@
Port 6260
HostKey /etc/doskast/ssh/ssh_host_rsa_key
HostKey /etc/doskast/ssh/ssh_host_ecdsa_key
HostKey /etc/doskast/ssh/ssh_host_ed25519_key
PermitRootLogin no
PubkeyAuthentication yes
# keeping this default for compatibility with ssh-copy-id
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
# XXX Is PAM needed?
UsePAM no
AllowUsers doscast
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PidFile /run/doskast-sshd.pid

@ -1,17 +0,0 @@
[Unit]
Description=Doskast OpenSSH server
After=network.target doskast-sshd-keygen.service
Wants=doskast-sshd-keygen.service
[Service]
ExecStart=/usr/sbin/sshd \
-D \
-4 \
-f /etc/doskast/doskast-sshd.conf
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target

@ -0,0 +1,4 @@
[Service]
IPAddressDeny=any
# IP-адрес доски
IPAddressAllow=192.168.0.0

@ -0,0 +1,21 @@
[Unit]
Description=Xpra Socket on Student's computer (server)
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/xpra \
--bind-tcp=0.0.0.0:4648 \
--pidfile=/run/xpra/proxy/server.pid \
--daemon=no \
shadow
#rely on SIGKILL which returns 128+15=143
SuccessExitStatus=0 143
Restart=always
PIDFile=/run/xpra/proxy/server.pid
ProtectKernelTunables=true
ProtectControlGroups=true
[Install]
WantedBy=multi-user.target
# based on xpra.service from upstream of xpra

@ -0,0 +1,35 @@
#!/bin/bash
# Клиент (компьютер ученика) стучится на этот скрипт через веб-сервер
# и тем самым заставляет доску (сервер) соединиться с его компьютером
set -e
set -f
set -u
_main_trigger_connect(){
local umask_old
local tmp
tmp="$(umask 077 && mktemp --tmpdir="$dir" connect.XXXXX)"
test -f "$tmp"
echo "$REMOTE_ADDR" > "$tmp"
}
# $1: HTTP_STATUS_CODE
# $2: HTTP_STATUS_DESCRIPTION
# $3: text of responce
_response_text(){
if [ -z "$*" ]; then
echo_err "Empty args of html_reposnse"
exit 1
fi
echo "Status: $1 $2"
#echo "Access-Control-Allow-Origin: *"
echo "Content-Type: text/plain; charset=utf-8"
echo -e "\n$3"
}
if [ "${SOURCED:-0}" != 1 ]; then
readonly dir='/var/spool/doskast'
_main_trigger_connect "$@"
_response_text 200 OK OK
fi

@ -5,28 +5,59 @@ Group: Graphical desktop/Other
Url: https://osmesh.ru
Version: 0.1
Release: 1
Source1: doskast-sshd.conf
Source2: doskast-sshd.service
Source3: doskast-sshd-keygen.service
Source4: doskast-sshd-keygen.sh
Source5: Makefile
Source10: Makefile
Source11: doskast-server-watcher.desktop
Source12: doskast-server-watcher.sh
Source13: doskast-student.service
Source15: doskast-student-firewall.conf
Source16: doskast-trigger-connect.cgi
BuildArch: noarch
BuildRequires: make
BuildRequires: desktop-file-utils
%description
%SUMMARY
#--------------------------------------------------------------
%package board
Summary: Doskast for server (board)
Requires: xpra
Requires: httpd
%description board
%summary
%files board
/var/www/cgi-bin/doskast-trigger-connect.cgi
%{_bindir}/doskast-server-watcher
/etc/xdg/autostart/doskast-server-watcher.desktop
#--------------------------------------------------------------
%package student
Summary: Doskast for client (student)
Requires: xpra
Requires: curl
%description student
%summary
%files student
%{_unitdir}/doskast-student.service
%config(noreplace) %{_sysconfdir}/systemd/system/doskast-student.service.d/doskast-student-firewall.conf
%post student
%systemd_post doskast-student.socket doskast-student.service
%preun student
%systemd_preun doskast-student.socket doskast-student.service
#--------------------------------------------------------------
%prep
%build
%install
cp %sources .
desktop-file-validate *.desktop
%makeinstall_std
%files
%_unitdir/doskast-sshd.service
%_unitdir/doskast-sshd-keygen.service
%_sbindir/doskast-sshd-keygen
%dir /etc/doskast
%dir /etc/doskast/ssh
# not "noreplace"
%config /etc/doskast/doskast-sshd.conf

Loading…
Cancel
Save