From 2c27f450bd888f29a86d77a6b6b3639a88324b0a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 16 Jun 2020 18:17:48 +0200 Subject: [remote-access] Add Module --- .../data/etc/X11/Xsetup.d/50-launch-vncserver | 87 ++++++++++++++++++++++ .../graphical.target.wants/remote-access.service | 1 + .../data/etc/systemd/system/remote-access.service | 9 +++ .../data/opt/openslx/remote-access/xorg.conf | 57 ++++++++++++++ .../data/opt/openslx/scripts/lightdm-Xvnc | 4 + .../opt/openslx/scripts/systemd-remote_x_config | 8 ++ core/modules/remote-access/module.build | 14 ++++ core/modules/remote-access/module.conf | 6 ++ 8 files changed, 186 insertions(+) create mode 100755 core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver create mode 120000 core/modules/remote-access/data/etc/systemd/system/graphical.target.wants/remote-access.service create mode 100644 core/modules/remote-access/data/etc/systemd/system/remote-access.service create mode 100644 core/modules/remote-access/data/opt/openslx/remote-access/xorg.conf create mode 100755 core/modules/remote-access/data/opt/openslx/scripts/lightdm-Xvnc create mode 100755 core/modules/remote-access/data/opt/openslx/scripts/systemd-remote_x_config create mode 100644 core/modules/remote-access/module.build create mode 100644 core/modules/remote-access/module.conf (limited to 'core/modules/remote-access') diff --git a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver new file mode 100755 index 00000000..09142eed --- /dev/null +++ b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver @@ -0,0 +1,87 @@ +#!/bin/sh sourced + +[ -z "$SLX_KCL_SERVERS" ] && . /opt/openslx/config + +[ "$DISPLAY" = :0 ] && [ -n "$SLX_REMOTE_VNC" ] && { + # TODO GET + srchost="$SLX_REMOTE_HOST_ACCESS" + if [ -n "$srchost" ]; then + # IPTABLES + rule="/opt/openslx/iptables/rules.d/80-remote-access" + if ! [ -e "$rule" ]; then + ( + echo "#!/bin/sh" + echo "iptables -A INPUT \! -s "'"'"$srchost"'"'" -p tcp --dport 5900 -j DROP" + echo "iptables -A INPUT \! -s "'"'"$srchost"'"'" -p tcp --dport 5901 -j DROP" + ) > "$rule" + chmod +x "$rule" + fi + fi + set -x + exec &> /tmp/fooooooooooooo + # dd since busybox head doesn't know -c + passwd="$( < /dev/urandom tr -c -d 'a-zA-Z0-9#&/=()[]{}' | dd bs=8 count=1 status=none )" + printf "%s" "$passwd" > "/tmp/vnc-passwd" + url="http://${SLX_PXE_SERVER_IP}/slx-admin/api.php?do=remoteaccess" + curl -L --retry 4 --retry-connrefused --max-time 3 --retry-max-time 10 \ + --data-urlencode "password=$passwd" "$url" + killall x11vnc + ( + fails=0 + while true; do + s="$( date +%s )" + # skip keycode stuff fixes altgr for vmware + x11vnc -rfbport 5900 -shared -forever -passwd -xkb -skip_keycodes 92,187,188 -remap DEAD=gac,U20AC-EuroSign "$passwd" + e="$( date +%s )" + d="$(( e - s ))" + if [ "$d" -gt 5 ]; then + fails=0 + else + fails="$(( fails + 1 ))" + [ "$fails" -gt 10 ] && break + [ "$fails" -gt 3 ] && usleep 333333 + fi + done + ) &> "/tmp/x11vnc-log-$$" & + vncpid=$! + gotone=false + vmvnc=false + idle=0 + # In case of stale entry + iptables -t nat -D PREROUTING -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + while [ -d "/proc/${vncpid}" ]; do + sleep 5 + if netstat -tn | awk 'BEGIN{ e=1 } { if ($4 ~ /:590[0123]$/) e=0 } END{ exit e }'; then + gotone=true + idle=0 + else + idle=$(( idle + 1 )) + fi + if $gotone && [ "$idle" -gt 120 ]; then # 120 * 5 = 10 mins + kill "$vncpid" + break + fi + # In case we access vmplayer via x11vnc; vmplayer won't leave the keymap alone >:( + # TODO: Currently everything needs to be set to DE for this to work - X11 and + # the OS in the VM. + #setxkbmap -query | grep -q '^layout:\s*de$' || \ # NO, always reports 'de' + setxkbmap de + # Check if we should redirect to vmware + if netstat -tnl | awk 'BEGIN{ e=1 } { if ($4 ~ /:5901$/) e=0 } END{ exit e }'; then + #enable + if ! $vmvnc; then + killall x11vnc + usleep 10000 + iptables -t nat -I PREROUTING 1 -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + fi + vmvnc=true + else + # disable + if $vmvnc; then + iptables -t nat -D PREROUTING -p tcp --dport 5900 -j REDIRECT --to-ports 5901 + fi + vmvnc=false + fi + done + systemctl restart lightdm +} & diff --git a/core/modules/remote-access/data/etc/systemd/system/graphical.target.wants/remote-access.service b/core/modules/remote-access/data/etc/systemd/system/graphical.target.wants/remote-access.service new file mode 120000 index 00000000..7ee2fe30 --- /dev/null +++ b/core/modules/remote-access/data/etc/systemd/system/graphical.target.wants/remote-access.service @@ -0,0 +1 @@ +../remote-access.service \ No newline at end of file diff --git a/core/modules/remote-access/data/etc/systemd/system/remote-access.service b/core/modules/remote-access/data/etc/systemd/system/remote-access.service new file mode 100644 index 00000000..2a21919e --- /dev/null +++ b/core/modules/remote-access/data/etc/systemd/system/remote-access.service @@ -0,0 +1,9 @@ +[Unit] +Description=Check if remote access is desired, configure system +Before=lightdm.service display-manager.service + +[Service] +Type=oneshot +RemainAfterExit=yes +Exec=/opt/openslx/scripts/systemd-remote_x_config + diff --git a/core/modules/remote-access/data/opt/openslx/remote-access/xorg.conf b/core/modules/remote-access/data/opt/openslx/remote-access/xorg.conf new file mode 100644 index 00000000..549400f5 --- /dev/null +++ b/core/modules/remote-access/data/opt/openslx/remote-access/xorg.conf @@ -0,0 +1,57 @@ +Section "Monitor" + Identifier "disable" + Option "Ignore" "true" +EndSection + +Section "Monitor" + Identifier "virt" + Option "DefaultModes" "false" + Modeline "1664x936" 128.50 1664 1768 1936 2208 936 939 944 972 -hsync +vsync + Option "Mode" "1664x936" + Option "PreferredMode" "1664x936" + Option "Enable" "true" +EndSection + +Section "Device" + Identifier "whatever" + Option "VirtualHeads" "1" + Option "Monitor-HDMI1" "disable" + Option "Monitor-HDMI2" "disable" + Option "Monitor-HDMI3" "disable" + Option "Monitor-HDMI-1" "disable" + Option "Monitor-HDMI-2" "disable" + Option "Monitor-HDMI-3" "disable" + Option "Monitor-VGA1" "disable" + Option "Monitor-VGA2" "disable" + Option "Monitor-VGA3" "disable" + Option "Monitor-VGA-1" "disable" + Option "Monitor-VGA-2" "disable" + Option "Monitor-VGA-3" "disable" + Option "Monitor-DP1" "disable" + Option "Monitor-DP2" "disable" + Option "Monitor-DP3" "disable" + Option "Monitor-DP-1" "disable" + Option "Monitor-DP-2" "disable" + Option "Monitor-DP-3" "disable" + Option "Monitor-eDP1" "disable" + Option "Monitor-eDP2" "disable" + Option "Monitor-eDP3" "disable" + Option "Monitor-eDP-1" "disable" + Option "Monitor-eDP-2" "disable" + Option "Monitor-eDP-3" "disable" + Option "Monitor-DVI1" "disable" + Option "Monitor-DVI2" "disable" + Option "Monitor-DVI3" "disable" + Option "Monitor-DVI-1" "disable" + Option "Monitor-DVI-2" "disable" + Option "Monitor-DVI-3" "disable" + Option "Monitor-DVI-I-1-1" "disable" + Option "Monitor-DVI-I-1-2" "disable" + Option "Monitor-DVI-I-1-3" "disable" + Option "Monitor-DVI-I-2-1" "disable" + Option "Monitor-DVI-I-2-2" "disable" + Option "Monitor-DVI-I-2-3" "disable" + Option "Monitor-VIRTUAL1" "virt" + Option "Monitor-VIRTUAL-1" "virt" +EndSection + diff --git a/core/modules/remote-access/data/opt/openslx/scripts/lightdm-Xvnc b/core/modules/remote-access/data/opt/openslx/scripts/lightdm-Xvnc new file mode 100755 index 00000000..738500b0 --- /dev/null +++ b/core/modules/remote-access/data/opt/openslx/scripts/lightdm-Xvnc @@ -0,0 +1,4 @@ +#!/bin/sh + +# Put xserver-command= in lightdm-*.conf +exec Xtigervnc :0 -rfbauth /root/.vnc/passwd -auth /var/run/lightdm/root/:0 -SecurityTypes VncAuth -geometry 1024x768 > /tmp/sasasa-$$ 2>&1 diff --git a/core/modules/remote-access/data/opt/openslx/scripts/systemd-remote_x_config b/core/modules/remote-access/data/opt/openslx/scripts/systemd-remote_x_config new file mode 100755 index 00000000..203324ca --- /dev/null +++ b/core/modules/remote-access/data/opt/openslx/scripts/systemd-remote_x_config @@ -0,0 +1,8 @@ +#!/bin/ash + +. /opt/openslx/config + +[ -n "$SLX_REMOTE_VNC" ] || exit 0 # Nothing to do + +ln -nfs /opt/openslx/remote-access/xorg.conf /etc/X11/xorg.conf.d/16-remote-access.conf + diff --git a/core/modules/remote-access/module.build b/core/modules/remote-access/module.build new file mode 100644 index 00000000..a183dc1f --- /dev/null +++ b/core/modules/remote-access/module.build @@ -0,0 +1,14 @@ +#!/bin/bash + +fetch_source() { + : +} + +build() { + : +} + +post_copy() { + : +} + diff --git a/core/modules/remote-access/module.conf b/core/modules/remote-access/module.conf new file mode 100644 index 00000000..9a6a9a64 --- /dev/null +++ b/core/modules/remote-access/module.conf @@ -0,0 +1,6 @@ +#!/bin/bash + +REQUIRED_MODULES=" + x11vnc +" + -- cgit v1.2.3-55-g7522