parent
dafeb2899d
commit
ecc54d3139
@ -1,16 +1,27 @@ |
||||
SBINDIR ?= /usr/sbin
|
||||
PREFIX ?= /usr
|
||||
BINDIR ?= $(PREFIX)/bin
|
||||
SYSCONFDIR ?= /etc
|
||||
UNITDIR ?= /lib/systemd/system
|
||||
|
||||
# TODO: make a custom location with a separate web server
|
||||
CGI_DIR ?= /var/www/cgi-bin
|
||||
|
||||
install: |
||||
mkdir -p --mode=0755 $(DESTDIR)$(SBINDIR)
|
||||
install -m0755 doskast-sshd-keygen.sh $(DESTDIR)$(SBINDIR)/doskast-sshd-keygen
|
||||
mkdir -p --mode=0755 $(DESTDIR)/etc/doskast
|
||||
mkdir -p --mode=0700 $(DESTDIR)/etc/doskast/ssh
|
||||
# TODO: make a custom location with separate web server
|
||||
mkdir -p --mode=0755 $(DESTDIR)$(CGI_DIR)
|
||||
install -m0755 doskast-trigger-connect.cgi $(DESTDIR)$(CGI_DIR)
|
||||
|
||||
mkdir -p --mode=0755 $(DESTDIR)$(UNITDIR)
|
||||
install -m0644 doskast-sshd.service $(DESTDIR)$(UNITDIR)
|
||||
install -m0644 doskast-sshd-keygen.service $(DESTDIR)$(UNITDIR)
|
||||
# nothing secret here, no need in 0600
|
||||
install -m0644 doskast-sshd.conf $(DESTDIR)/etc/doskast/doskast-sshd.conf
|
||||
install -m0644 doskast-student.service $(DESTDIR)$(UNITDIR)
|
||||
|
||||
mkdir -p --mode=0755 $(DESTDIR)/etc/systemd/system/doskast-student.service.d
|
||||
install -m0644 doskast-student-firewall.conf $(DESTDIR)/etc/systemd/system/doskast-student.service.d
|
||||
|
||||
mkdir -p --mode=0755 $(DESTDIR)$(BINDIR)
|
||||
install -m0755 doskast-server-watcher.sh $(DESTDIR)$(BINDIR)/doskast-server-watcher
|
||||
|
||||
mkdir -p --mode=0755 $(DESTDIR)$(SYSCONFDIR)/xdg/autostart
|
||||
install -m0644 doskast-server-watcher.desktop $(DESTDIR)$(SYSCONFDIR)/xdg/autostart
|
||||
|
||||
rpm: |
||||
rpmbuild --define "_sourcedir $$PWD" -bb doskast.spec
|
||||
|
@ -0,0 +1,4 @@ |
||||
[Desktop Entry] |
||||
Name=Doskast Processor of Connection Queue |
||||
Type=Application |
||||
Exec=doskast-server-watcher |
@ -0,0 +1,27 @@ |
||||
#!/bin/bash |
||||
|
||||
set -e |
||||
set -f |
||||
set -u |
||||
set -o pipefail |
||||
|
||||
_safe_param_stdin() { |
||||
tr -d '$`<>"%;)(&+'"'" |
||||
} |
||||
|
||||
_main_server_watcher(){ |
||||
inotifywait --event close_write --format '%f' --monitor "$dir" | \ |
||||
while read -r line |
||||
do |
||||
# TODO: validate IP/hostname |
||||
local target |
||||
target="$(head -n 1 "$line" | _safe_param_stdin)" |
||||
test -n "$target" |
||||
xpra attach tcp://"$target":4648 & |
||||
done |
||||
} |
||||
|
||||
if [ "${SOURCED:-0}" != 1 ]; then |
||||
readonly dir='/var/spool/doskast' |
||||
_main_server_watcher "$@" |
||||
fi |
@ -1,11 +0,0 @@ |
||||
[Unit] |
||||
Description=OpenSSH Server Key Generation |
||||
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_rsa_key |
||||
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ecdsa_key |
||||
ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ed25519_key |
||||
PartOf=doskast-sshd.service |
||||
|
||||
[Service] |
||||
ExecStart=/usr/sbin/doskast-sshd-keygen |
||||
Type=oneshot |
||||
RemainAfterExit=yes |
@ -1,125 +0,0 @@ |
||||
#!/bin/bash |
||||
|
||||
# Create the host keys for the OpenSSH server. |
||||
# |
||||
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment |
||||
# variable. |
||||
|
||||
# OpenSSH 7.0 depreceated DSA keys. We don't create DSA be default, but you can add 'DSA' to the list bellow. |
||||
AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519" |
||||
FAIL='0' |
||||
|
||||
# Some functions to make the below more readable |
||||
KEYGEN=/usr/bin/ssh-keygen |
||||
DIR=/etc/doskast/ssh |
||||
RSA_KEY="$DIR"/ssh_host_rsa_key |
||||
DSA_KEY="$DIR"/ssh_host_dsa_key |
||||
ECDSA_KEY="$DIR"/ssh_host_ecdsa_key |
||||
ED25519_KEY="$DIR"/ssh_host_ed25519_key |
||||
|
||||
do_rsa_keygen() { |
||||
if [ ! -s $RSA_KEY ]; then |
||||
echo -n $"Generating SSH2 RSA host key: " |
||||
rm -f $RSA_KEY |
||||
# XXX use umask 077 here! |
||||
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then |
||||
chmod 600 $RSA_KEY |
||||
chmod 644 $RSA_KEY.pub |
||||
if [ -x /sbin/restorecon ]; then |
||||
/sbin/restorecon $RSA_KEY{,.pub} |
||||
fi |
||||
echo "RSA key $RSA_KEY generated." |
||||
return 0 |
||||
else |
||||
echo "Failed to generate RSA key $RSA_KEY!" |
||||
FAIL='1' |
||||
return 1 |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
do_dsa_keygen() { |
||||
if [ ! -s $DSA_KEY ]; then |
||||
echo -n $"Generating SSH2 DSA host key: " |
||||
rm -f $DSA_KEY |
||||
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then |
||||
chmod 600 $DSA_KEY |
||||
chmod 644 $DSA_KEY.pub |
||||
if [ -x /sbin/restorecon ]; then |
||||
/sbin/restorecon $DSA_KEY{,.pub} |
||||
fi |
||||
echo "DSA key $DSA_KEY generated." |
||||
return 0 |
||||
else |
||||
echo "Failed to generate DSA key $DSA_KEY!" |
||||
FAIL='1' |
||||
return 1 |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
do_ecdsa_keygen() { |
||||
if [ ! -s $ECDSA_KEY ]; then |
||||
echo -n $"Generating SSH2 ECDSA host key: " |
||||
rm -f $ECDSA_KEY |
||||
if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then |
||||
chmod 600 $ECDSA_KEY |
||||
chmod 644 $ECDSA_KEY.pub |
||||
if [ -x /sbin/restorecon ]; then |
||||
/sbin/restorecon $ECDSA_KEY{,.pub} |
||||
fi |
||||
echo "ECDSA key $ECDSA_KEY generated." |
||||
return 0 |
||||
else |
||||
echo "Failed to generate ECDSA key $ECDSA_KEY!" |
||||
FAIL='1' |
||||
return 1 |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
do_ed25519_keygen() { |
||||
if [ ! -s $ED25519_KEY ]; then |
||||
echo -n $"Generating SSH2 ED25519 host key: " |
||||
rm -f "$ED25519_KEY" |
||||
if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then |
||||
chmod 600 $ED25519_KEY |
||||
chmod 644 $ED25519_KEY.pub |
||||
if [ -x /sbin/restorecon ]; then |
||||
/sbin/restorecon $ED25519_KEY{,.pub} |
||||
fi |
||||
echo "ED25519 key $ED25519_KEY generated." |
||||
return 0 |
||||
else |
||||
echo "Failed to generate ED25519 key $ED25519_KEY!" |
||||
FAIL='1' |
||||
return 1 |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then |
||||
exit 0 |
||||
fi |
||||
|
||||
# legacy options |
||||
case $AUTOCREATE_SERVER_KEYS in |
||||
NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; |
||||
RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";; |
||||
YES) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";; |
||||
esac |
||||
|
||||
for KEY in $AUTOCREATE_SERVER_KEYS; do |
||||
case "$KEY" in |
||||
DSA) do_dsa_keygen;; |
||||
RSA) do_rsa_keygen;; |
||||
ECDSA) do_ecdsa_keygen;; |
||||
ED25519) do_ed25519_keygen;; |
||||
esac |
||||
done |
||||
|
||||
# not zero return code if any error has ever occured to make systemd service sshd-keygen.service failed in case of any errors |
||||
if [ "$FAIL" = '1' ] |
||||
then exit 1 |
||||
else exit 0 |
||||
fi |
@ -1,22 +0,0 @@ |
||||
Port 6260 |
||||
|
||||
HostKey /etc/doskast/ssh/ssh_host_rsa_key |
||||
HostKey /etc/doskast/ssh/ssh_host_ecdsa_key |
||||
HostKey /etc/doskast/ssh/ssh_host_ed25519_key |
||||
|
||||
PermitRootLogin no |
||||
PubkeyAuthentication yes |
||||
# keeping this default for compatibility with ssh-copy-id |
||||
AuthorizedKeysFile .ssh/authorized_keys |
||||
PasswordAuthentication no |
||||
KerberosAuthentication no |
||||
GSSAPIAuthentication no |
||||
# XXX Is PAM needed? |
||||
UsePAM no |
||||
AllowUsers doscast |
||||
|
||||
AllowAgentForwarding no |
||||
AllowTcpForwarding no |
||||
GatewayPorts no |
||||
X11Forwarding no |
||||
PidFile /run/doskast-sshd.pid |
@ -1,17 +0,0 @@ |
||||
[Unit] |
||||
Description=Doskast OpenSSH server |
||||
After=network.target doskast-sshd-keygen.service |
||||
Wants=doskast-sshd-keygen.service |
||||
|
||||
[Service] |
||||
ExecStart=/usr/sbin/sshd \ |
||||
-D \ |
||||
-4 \ |
||||
-f /etc/doskast/doskast-sshd.conf |
||||
ExecReload=/bin/kill -HUP $MAINPID |
||||
KillMode=process |
||||
Restart=on-failure |
||||
RestartSec=42s |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,4 @@ |
||||
[Service] |
||||
IPAddressDeny=any |
||||
# IP-адрес доски |
||||
IPAddressAllow=192.168.0.0 |
@ -0,0 +1,21 @@ |
||||
[Unit] |
||||
Description=Xpra Socket on Student's computer (server) |
||||
After=network.target |
||||
|
||||
[Service] |
||||
Type=simple |
||||
ExecStart=/usr/bin/xpra \ |
||||
--bind-tcp=0.0.0.0:4648 \ |
||||
--pidfile=/run/xpra/proxy/server.pid \ |
||||
--daemon=no \ |
||||
shadow |
||||
#rely on SIGKILL which returns 128+15=143 |
||||
SuccessExitStatus=0 143 |
||||
Restart=always |
||||
PIDFile=/run/xpra/proxy/server.pid |
||||
ProtectKernelTunables=true |
||||
ProtectControlGroups=true |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
||||
# based on xpra.service from upstream of xpra |
@ -0,0 +1,35 @@ |
||||
#!/bin/bash |
||||
# Клиент (компьютер ученика) стучится на этот скрипт через веб-сервер |
||||
# и тем самым заставляет доску (сервер) соединиться с его компьютером |
||||
|
||||
set -e |
||||
set -f |
||||
set -u |
||||
|
||||
_main_trigger_connect(){ |
||||
local umask_old |
||||
local tmp |
||||
tmp="$(umask 077 && mktemp --tmpdir="$dir" connect.XXXXX)" |
||||
test -f "$tmp" |
||||
echo "$REMOTE_ADDR" > "$tmp" |
||||
} |
||||
|
||||
# $1: HTTP_STATUS_CODE |
||||
# $2: HTTP_STATUS_DESCRIPTION |
||||
# $3: text of responce |
||||
_response_text(){ |
||||
if [ -z "$*" ]; then |
||||
echo_err "Empty args of html_reposnse" |
||||
exit 1 |
||||
fi |
||||
echo "Status: $1 $2" |
||||
#echo "Access-Control-Allow-Origin: *" |
||||
echo "Content-Type: text/plain; charset=utf-8" |
||||
echo -e "\n$3" |
||||
} |
||||
|
||||
if [ "${SOURCED:-0}" != 1 ]; then |
||||
readonly dir='/var/spool/doskast' |
||||
_main_trigger_connect "$@" |
||||
_response_text 200 OK OK |
||||
fi |
Loading…
Reference in new issue