diff options
author | Jonathan Bauer | 2021-03-11 15:03:51 +0100 |
---|---|---|
committer | Jonathan Bauer | 2021-03-11 15:03:51 +0100 |
commit | 00523ae1a534f3199d54cf6a7a0e6f1bd016c4b9 (patch) | |
tree | a6c7123e36caddaf9c59a7ed83352e53ea51dc1a | |
parent | Merge branch 'master' into installer (diff) | |
parent | [kiosk-chromium] Need libnss3-tools for certutil (diff) | |
download | mltk-00523ae1a534f3199d54cf6a7a0e6f1bd016c4b9.tar.gz mltk-00523ae1a534f3199d54cf6a7a0e6f1bd016c4b9.tar.xz mltk-00523ae1a534f3199d54cf6a7a0e6f1bd016c4b9.zip |
Merge branch 'master' into installer
-rw-r--r-- | core/modules/kiosk-chromium/module.conf.ubuntu | 1 | ||||
-rwxr-xr-x | core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver | 26 |
2 files changed, 16 insertions, 11 deletions
diff --git a/core/modules/kiosk-chromium/module.conf.ubuntu b/core/modules/kiosk-chromium/module.conf.ubuntu index a47c86d7..7cb1575c 100644 --- a/core/modules/kiosk-chromium/module.conf.ubuntu +++ b/core/modules/kiosk-chromium/module.conf.ubuntu @@ -5,6 +5,7 @@ REQUIRED_CONTENT_PACKAGES=" fonts-noto-color-emoji jq xbindkeys + libnss3-tools " REQUIRED_INSTALLED_PACKAGES="" REQUIRED_BINARIES="" diff --git a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver index 4e58cc3b..e6e7f568 100755 --- a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver +++ b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver @@ -3,7 +3,9 @@ [ -z "$SLX_KCL_SERVERS" ] && . /opt/openslx/config [ "$DISPLAY" = :0 ] && [ -n "$SLX_REMOTE_VNC" ] && { - # TODO GET + # TODO If we support multiple parallel sessions in the future, we need dedicated + # ports for each session for both, the VNC and the RPC port. + vnc_port="${SLX_REMOTE_VNC_PORT:-5900}" srchost="$SLX_REMOTE_HOST_ACCESS" if [ -n "$srchost" ]; then # IPTABLES @@ -11,11 +13,9 @@ if ! [ -e "$rule" ]; then ( echo "#!/bin/sh" - echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 5900 -j ACCEPT" - echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 5901 -j ACCEPT" + echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport $vnc_port -j ACCEPT" echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 7551 -j ACCEPT" - echo "iptables -A INPUT -p tcp --dport 5900 -j DROP" - echo "iptables -A INPUT -p tcp --dport 5901 -j DROP" + echo "iptables -A INPUT -p tcp --dport $vnc_port -j DROP" echo "iptables -A INPUT -p tcp --dport 7551 -j DROP" ) > "$rule" chmod +x "$rule" @@ -28,20 +28,23 @@ printf "%s" "$passwd" > "/tmp/vnc-passwd" url="http://${SLX_PXE_SERVER_IP}/slx-admin/api.php?do=remoteaccess" curl -s -S -L --retry 4 --retry-connrefused --max-time 3 --retry-max-time 10 \ - --data-urlencode "password=$passwd" "$url" > /dev/null + --data-urlencode "password=$passwd" \ + --data-urlencode "vncport=$vnc_port" \ + "$url" > /dev/null ( # Make a copy of xauth, so if the xserver restarts, we'll use the old one and fail to connect if [ -n "$XAUTHORITY" ]; then copy="$( mktemp )" cat "$XAUTHORITY" > "$copy" export XAUTHORITY="$copy" - trap 'rm -f -- "$copy"' EXIT INT TERM + trap 'exit 1' INT TERM + trap 'rm -f -- "$copy"' EXIT fi fails=0 while true; do s="$( date +%s )" # skip keycode stuff fixes altgr for vmware - x11vnc -rfbport 5900 -shared -forever -noxrecord -xkb -capslock -skip_keycodes 92,187,188 -remap DEAD=gac,U20AC-EuroSign -passwd "$passwd" + x11vnc -rfbport "$vnc_port" -shared -forever -noxrecord -xkb -capslock -skip_keycodes 92,187,188 -remap DEAD=gac,U20AC-EuroSign -passwd "$passwd" e="$( date +%s )" d="$(( e - s ))" if [ "$d" -gt 5 ]; then @@ -58,7 +61,8 @@ vmvnc=false idle=0 # In case of stale entry - iptables -t nat -D PREROUTING -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + # TODO: This sucks anyways performance-wise for VMware, maybe remove? + iptables -t nat -D PREROUTING -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901 while [ -d "/proc/${vncpid}" ]; do sleep 5 if netstat -tn | awk 'BEGIN{ e=1 } { if ($4 ~ /:590[0123]$/) e=0 } END{ exit e }'; then @@ -82,13 +86,13 @@ if ! $vmvnc; then killall x11vnc usleep 10000 - iptables -t nat -I PREROUTING 1 -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + iptables -t nat -I PREROUTING 1 -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901 fi vmvnc=true else # disable if $vmvnc; then - iptables -t nat -D PREROUTING -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + iptables -t nat -D PREROUTING -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901 fi vmvnc=false fi |