NX/freenx-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
freenx-server/nxserver
geos_one beb2263461 New upstream version 2.1.3
2025-08-08 20:28:57 +02:00

1516 lines
46 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Free implementation of nxserver components
#
# To use nxserver add the user "nx"
# and use nxserver as default shell.
#
# Also make sure that hostkey based authentification works.
#
# Copyright (c) 2004 by Fabian Franz <FreeNX@fabian-franz.de>.
# (c) 2008-23 by Dmitry Borisov <i@dimbor.ru>
#
# License: GNU GPL, version 2
shopt -s extglob
SHARED_CONFS="/usr/share/freenx-server"
. $SHARED_CONFS/nxfuncs
log() {
#args: <logstr>
[ "$NX_LOG_LEVEL" != "0" ] || return
[ -n "$1" ] && \
echo -n "[$(date "+%d.%m %T.%3N"): $$/$BASHPID] " >> "$NX_LOGFILE"
echo -e $@ >> "$NX_LOGFILE"
}
# Log in a way that is secure for passwords / cookies / ...
echo_secure() {
[ -n "$1" ] && \
echo -n "[$(date "+%d.%m %T.%3N")] " >> "$NX_LOGFILE"
local res=${@/password=+([^&])&/password=*&}
res=${res//password=\"+([^\"])\"/password=\"*\"}
echo "$res"
}
log_secure() {
#args: <loglevel> <logstr>
[ "$NX_LOG_LEVEL" != "0" ] || return
echo_secure $@ >> "$NX_LOGFILE"
}
log_tee() {
if [ "$NX_LOG_LEVEL" != "0" ]; then exec tee -a "$NX_LOGFILE"
else exec cat -
fi
}
log_error() {
if [ "$NX_LOG_LEVEL" != "0" ]; then exec tee -a "$NX_LOGFILE"
else exec cat -
fi
}
echo_x() { log "$@"; echo "$@"; }
############### PACKAGE session.bm #######################
#
# Library of session management functions
#
# Needed global vars: NX_SESS_DIR session_count session_count_user
# COMMAND_MD5SUM SESSION_USER_LIMIT SESSION_LIMIT SESSION_HISTORY
# user
# =================== sqlite3 stuff =====================
sqcols_sess="session_id, session, display, status, userip,\
rootless, type, user, screeninfo, geometry, host, shadowcookie,\
startTime, creationTime, endTime, agent_pid"
init_sess_db() {
local sess_cols="session_id TEXT PRIMARY KEY, session TEXT,\
display TEXT, status TEXT, userip TEXT, rootless INT, type TEXT,\
user TEXT, screeninfo TEXT, geometry TEXT, host TEXT,\
shadowcookie TEXT, startTime INT, creationTime INT, endTime INT,\
agent_pid TEXT"
local qstr="CREATE TABLE IF NOT EXISTS sessions.sess($sess_cols);"
qstr+="CREATE INDEX IF NOT EXISTS sessions.idx_status_user ON\
sess(status,user);"
q_dbe "$qstr"
}
#-------------------------------------------------------------------
session_list() {
#params: sessId ["format_times"]
#if you need to humane output put something in $2
local qc fls res r2="";
[ -n "$2" ] && { fls="session_id, session, display, status,\
userip, rootless, type, screeninfo, geometry, host, shadowcookie,\
datetime(startTime,'unixepoch','localtime') AS startTime,\
datetime(creationTime,'unixepoch','localtime') AS creationTime, user,\
datetime(endTime,'unixepoch','localtime') AS endTime";
} || { # original order of fields
fls=$sqcols_sess;
}
res=$(qa_dbe ".mode line sess\n" \
"SELECT $fls FROM sess WHERE session_id='$1' LIMIT 1;")
[ -n "$2" ] && { echo "$res"; return; }
local line k v;
while read line; do
k=$(trim "$(cutfn "$line" 0 '=')"); v=$(trim "$(cutfn "$line" 1 '=')") #"
r2+="$k=$v"$'\n'
done <<< "$res"
echo -n "$r2"
}
session_find_cmdstrs() {
#params: [sessid] [user] [display] [status="Running|Suspended"]
#ret: sessions command strings delimited by \n
local st wstr res;
st="Running|Suspended"; [ -n "$4" ] && st="$4"
wstr="WHERE $(str_eq_cond "status" "$st")"
[ -n "$1" ] && wstr+=" AND $(str_eq_cond "session_id" "$1")"
[ -n "$2" -a "$2" != "all" -a "$2" != ".*" ] && \
wstr+=" AND $(str_eq_cond "user" "$2")"
[ -n "$3" ] && wstr+=" AND $(str_eq_cond "display" "$3")"
res=$(qa_dbe ".mode line sess\n" \
"SELECT $sqcols_sess FROM sess $wstr ORDER BY startTime DESC;")
qtxt2cmdstrs "$res"
}
# Find all running session-filenames
session_find_all() { session_find_cmdstrs; }
# Find all running sessions of a id
session_find_id() { session_find_cmdstrs "$1"; }
# Finds out if a session belongs to a user
session_find_user() { session_find_cmdstrs "" "$1"; }
# Find all running sessions of a display
session_find_display() { session_find_cmdstrs "" "" "$1"; }
# Finds out if a session belongs to a user
session_find_id_user() {
#params: sessid [user]
local wstr c;
wstr="WHERE session_id='$1' AND status IN ('Running', 'Suspended')"
[ -n "$2" -a "$2" != "all" -a "$2" != ".*" ] && \
wstr+=" AND $(str_eq_cond "user" "$2")"
c=$(qa_dbe ".mode tabs sess\n" \
"SELECT count(session_id) FROM sess $wstr LIMIT 1;")
[ "$c" -gt "0" 2>/dev/null ] || return 1
return 0
}
# session_get <session_id>
session_get() { session_find_cmdstrs "$1"; }
# Get the first session, which can be resumed
session_get_user_suspended() {
#params: user status
#ret: session_id line[s] or empty
local wstr r a;
wstr="WHERE status='$2'AND user='$1'"
r=$(qa_dbe ".mode tabs sess\n" \
"SELECT count(session_id), session_id FROM sess $wstr ORDER BY startTime DESC LIMIT 1;")
a=($r); ((${#a[@]}==2)) && echo "${a[1]}"
}
session_count_user() {
#params: user [status]
# Count all sessions of a user
# and save it in session_count and session_count_user
local st wstr r u="" sc=""
session_count=0; session_count_user=0
st="Running|Suspended"; [ -n "$2" ] && st="$2"
wstr="WHERE $(str_eq_cond "status" "$st")"
if [ "$1" = ".*" -o "$1" = "all" ]; then
session_count=$(qa_dbe ".mode tabs sess\n" \
"SELECT count(*) FROM sess $wstr;") #"
session_count_user=$session_count
return 0
fi
r=$(qa_dbe ".mode tabs sess\n" \
"SELECT user,count(*) FROM sess $wstr GROUP BY user;") #"
while read u sc; do
[ -z "$sc" ] && continue
((session_count+=sc))
[ "$u" = "$1" ] && session_count_user=$sc
done <<< "$r"
return 0
}
session_user_acl_load() {
#arg: <user>
# load nx shadow acl for given user and store it to
# shadow_users shadow_oviews shadow_uauths variables
[ -n "$ugroups" ] || \
{ ugroups=$(groups $1); ugroups=$(trim "${ugroups#*:}"); }
local s ucond="'#$1','*${ugroups// /\',\'\*}','@all'"
local mode=".mode csv settings\n.separator '&'\n"
local qstr="SELECT value,val_type,val_depend FROM settings WHERE user IN ($ucond) \
AND key='@shadow@' ORDER BY user ASC, val_check DESC LIMIT 1;"
#log "$FUNCNAME: qstr='$qstr'" #debug
local ts=$(qa_dbe "$mode" "$qstr")
#log "$lp ts='$ts'" #debug
shadow_users=$(cutfn "$ts" 0 '&')
s=$(cutfn "$ts" 1 '&'); shadow_oviews=(${s//,/ })
s=$(cutfn "$ts" 2 '&'); shadow_uauths=(${s//,/ })
}
_session_list_user_suspended() {
# args: <user> <status,> [geometry] <type>
# use conf vars: COMMAND_MD5SUM
# use glob: user
local p pstrs pattern geom depth render udepth urender mode;
local options available session_id geo2 displays disp2;
local puser pshadowcookie pscreeninfo prootless pgeometry pstatus;
local ptype pdisplay psession_id psession
local shadow_all=""
[ "$4" = "shadow" ] && stringinstring ",all," ",$shadow_users," && shadow_all="1"
echo "NX> 127 Sessions list of user '$1' for reconnect:"
echo
if [ -z "$4" ]; then
echo "Display Type Session ID Options Depth Screensize Available Session Name"
echo "------- ---------------- -------------------------------- -------- ----- -------------- --------- ----------------------"
else
echo "Display Type Session ID Options Depth Screen Status Session Name"
echo "------- ---------------- -------------------------------- -------- ----- -------------- ----------- ------------------------------"
fi
pstrs=$(session_find_cmdstrs "" "$1" "" "$2")
while read p; do
[ -z "$p" ] && continue
puser=$(getparam "$p" user); pshadowcookie=$(getparam "$p" shadowcookie);
pscreeninfo=$(getparam "$p" screeninfo); prootless=$(getparam "$p" rootless)
pgeometry=$(getparam "$p" geometry); pstatus=$(getparam "$p" status)
ptype=$(getparam "$p" type); pdisplay=$(getparam "$p" display)
psession_id=$(getparam "$p" session_id); psession=$(getparam "$p" session)
if [ "$4" = "shadow" -a "$puser" != "$1" ]; then
[ "$ENABLE_SESSION_SHADOWING" = "1" ] || continue
[ -n "$NX_ACL_DIR" -a -z "$shadow_all" ] && {
#log "in nxacl present CHECK ,$puser, ; ,$shadow_users," #debug
stringinstring ",$puser," ",$shadow_users," || continue
}
fi
pattern='^([0-9]*x[0-9]*)x([0-9]*)\+?([^+]*)'
[[ $pscreeninfo =~ $pattern ]]
geom=${BASH_REMATCH[1]}; depth=${BASH_REMATCH[2]}; render=${BASH_REMATCH[3]}
[[ $3 =~ $pattern ]]
udepth=${BASH_REMATCH[2]}; urender=${BASH_REMATCH[3]}
mode="D"; [ "$prootless" = "1" ] && mode="-"
options="-"; stringinstring "fullscreen" "$3" && options="F"
[ "$pgeometry" = "fullscreen" ] || options="-"
[ "$urender" = "render" ] && options="${options}R${mode}--PSA"
[ "$urender" = "render" ] || options="${options}-${mode}--PSA"
[ "$udepth" = "$depth" -a "$urender" = "$render" ] && available=$pstatus
# FIXME: HACK !!! to keep compatibility with old snapshot version (Knoppix 3.6 based for example)
if [ -z "$4" -a "$available" != "N/A" ]; then
available="Yes"
fi
if [ "$4" = "shadow" ]; then
available=$pstatus
printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$pdisplay" "$ptype" "$psession_id" "$options" "$depth" "$geom" "$available" "$psession ($puser) (Shadowed)"
else
# only unix-* sessions can be resumed, but other session types can still be terminated
stringinstring "unix-" "$4" || available="N/A"
printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$pdisplay" "$ptype" "$psession_id" "$options" "$depth" "$geom" "$available" "$psession"
fi
done <<< "$pstrs"
echo ""
echo ""
session_count_user "$1"
if [ "$session_count" -ge "$SESSION_LIMIT" -o \
"$session_count_user" -ge "$SESSION_USER_LIMIT" ]; then
echo "NX> 147 Server capacity: reached for user: $1"
else
echo "NX> 148 Server capacity: not reached for user: $1"
fi
}
session_list_user_suspended() {
local slcd=$(_session_list_user_suspended "$@")
echo "$slcd" | log_tee
}
session_list_user() {
#params: user [status="Running|Suspended"]
local st wstr
echo -n "NX> 127 Sessions list"
if [ -n "$1" -a "$1" != "all" ]; then echo " of user '$1'"
else echo ":"
fi
echo
echo "Server Display Username Remote IP Session ID"
echo "------ ------- --------------- --------------- --------------------------------"
st="Running|Suspended"; [ -n "$2" ] && st="$2"
wstr="WHERE $(str_eq_cond "status" "$st")"
[ -n "$1" -a "$1" != "all" ] && wstr+=" AND $(str_eq_cond "user" "$1")"
qa_dbe ".mode tabs sess\n SELECT host,display,user,userip,session_id\
FROM sess $wstr ORDER BY startTime DESC;" # ! check order !
}
session_history() {
#params: user session_id
local wstr=""
echo "NX> 127 Session list:"
echo
echo "User Remote IP Status Start Stop "
echo "------- --------------- --------------- -------------- ---------------"
[ -n "$1" -a "$1" != "all" ] && wstr="$(str_eq_cond "user" "$1")"
[ -n "$wstr" -a -n "$2" ] && wstr+=" AND "
[ -n "$2" ] && wstr+=" session_id='$2'"
[ -n "$wstr" ] && wstr="WHERE $wstr"
qa_dbe ".mode tabs sess\n SELECT user,userip,status,strftime('%d.%m-%H:%M:%S',startTime,'unixepoch','localtime'),\
strftime('%d.%m-%H:%M:%S',endTime,'unixepoch','localtime')\
FROM sess $wstr ORDER BY endTime;"
}
# remove all sessions older than $SESSION_HISTORY seconds in failed/closed.
session_cleanup() {
local checkTime st wstr;
[ "$SESSION_HISTORY" -gt "-1" ] || return
let checkTime=$(date +%s)-$SESSION_HISTORY
st="Finished|Failed";
wstr="WHERE $(str_eq_cond "status" "$st") AND startTime < $checkTime"
q_dbe "DELETE FROM sess $wstr;"
}
session_list_all() { session_list_user "all"; }
session_add() {
#params: <col1,col2...> <val1&val2...>
q_row_ins "sess" "$1" "$2"
}
session_change() {
# <session_id> <col1,col2...> <val1&val2...>
q_rows_upd "sess" "session_id='$1'" "$2" "$3"
}
# session_running <session_id> (? now dublicated session_find_id_user ?)
# return: true if running, false if not
session_running() { session_find_id_user "$1"; }
session_close() {
#param: <session_id>
if [ "$SESSION_HISTORY" = "0" ] ; then
q_dbe "DELETE FROM sess WHERE session_id='$1';"
else
session_change "$1" "status,endTime" "Finished&$(date +%s)"
fi
}
session_fail() {
#param: <session_id>
if [ "$SESSION_HISTORY" = "0" ] ; then
q_dbe "DELETE FROM sess WHERE session_id='$1';"
else
session_change "$1" "status,endTime" "Failed&$(date +%s)"
fi
}
#
# end of library
#
msg2agentdisplay() {
#args: <dlg_type> <message> <[host]:display> <cookie> <agent_pid>
# [window_caption] [timeo=$AGENT_STARTUP_TIMEOUT]
# return exit code of nxdialog
local capt="FREENX server"; [ -n "$6" ] && capt=$6
local timeo=$AGENT_STARTUP_TIMEOUT; [ -n "$7" ] && timeo=$7
local rc=0
$COMMAND_XAUTH add "$3" MIT-MAGIC-COOKIE-1 "$4" &>/dev/null
DISPLAY="$3" $PATH_BIN/nxdialog --display "$3" --parent $5 \
--dialog "$1" --caption "$capt" --message "$2" &>/dev/null &
local dlg_pid=$!
if [ $timeo -gt 0 ]; then # make a simple watchdog for nxdialog
( sleep $timeo"s"
kill -0 $dlg_pid &>/dev/null && kill $dlg_pid &>/dev/null; ) &
fi
if stringinstring "$1" "ok|error|panic"; then
sleep 0.5s # don't remove xauthority cookie right now
else # wait for anwers only
wait $dlg_pid
rc=$?
fi
$COMMAND_XAUTH remove "$3" &>/dev/null
return $rc
}
#
# Main nxserver <-> nxclient communication module
#
# config variables in use:
# COMMAND_MD5SUM COMMAND_NETCAT
# COMMAND_SESSREG COMMAND_SSH COMMAND_XAUTH
# ENABLE_AUTORECONNECT
# ENABLE_LOAD_BALANCE_PREFERENCE ENABLE_LOG_FAILED_LOGINS
# ENABLE_SESSION_SHADOWING_AUTHORIZATION
# ENABLE_USESSION LOAD_BALANCE_SERVERS
# NX_ETC_DIR NX_HOME_DIR NX_LICENSE NX_LOGFILE NX_LOG_LEVEL
# NX_SESS_DIR NX_VERSION
# SERVER_NAME SESSION_HISTORY SESSION_LIMIT SESSION_USER_LIMIT
# declare global variables:
declare -g cmd in_params proto login_success login_method ugroups=""
declare -g server_mode preferred_host session_count session_count_user
declare -g user2 ENCRYPTION proxy_display server_host
declare -g oifs rc NODE_HOSTNAME user fl_send="1"
declare -g shadow_users shadow_oviews shadow_uauths shadowviewonly shadowauth
server_mode="0"; [ "$USER" = "nx" ] && server_mode="1"
if [ "$server_mode" = "1" ]; then
# Start!
open_dbe $$
attach_db "$sq_settings_fn" ro || {
echo "NX> 500 Error: Unable to attach db file $sq_settings_fn";
exit_proc 1;
}
set_vars_from_db
sess_bd="$NX_SESS_DIR/sessions.sq3"
attach_db $sess_bd && init_sess_db
log "-- NX SERVER START: $@ - ORIG_COMMAND=$SSH_ORIGINAL_COMMAND"
# Get the hostname out of SSH_ORIGINAL_COMMAND
preferred_host=$(rematchfn "host=([^&]*)" "$SSH_ORIGINAL_COMMAND") #"
echo_x "HELLO NXSERVER - Version $NX_VERSION $NX_LICENSE"
# Login stage
while true; do
echo_x -n "NX> 105 "
read cmd
[ "$cmd" = "" ] && cmd="quit" # FIXME?
echo_x "$cmd"
case "$cmd" in
quit|QUIT)
echo_x "Quit"; echo_x "NX> 999 Bye"; exit_proc 0;
;;
exit|EXIT)
echo_x "Exit"; echo_x "NX> 999 Bye"; exit_proc 0;
;;
bye|BYE)
echo_x "Bye"; echo_x "NX> 999 Bye"; exit_proc 0;
;;
hello*|HELLO*)
proto=$(rematchfn 'Version ([[:digit:][:punct:]]+)' "$cmd") #'
echo_x "NX> 134 Accepted protocol: $proto"
;;
"set auth_mode*"|"SET AUTH_MODE*")
if [ "$cmd" = "set auth_mode password" -o \
"$cmd" = "SET AUTH_MODE PASSWORD" ]; then
echo_x "Set auth_mode: password"
else
echo_x "NX> 500 ERROR: unknown auth mode ''"
fi
;;
login|LOGIN)
login_success="0"
echo_x -n "NX> 101 User: "; read user2; echo_x $user2;
echo_x -n "NX> 102 Password: ";
oifs="$IFS"; export IFS=$'\n';
read -r -s PASS; export IFS=$oifs; echo_x ""
log -n "Info: Auth method: "
# USER already logged in?
user=$user2
# SU based auth used ONLY
if [ "$login_success" = "0" ]; then
log -n "su "
LC_MESSAGES=C $COMMAND_SUDO -u $user -Svk -p "" \
&>/dev/null <<< "$PASS"
if [ $? -eq 0 ]; then login_success="1"; login_method="SU"; fi
fi
if [ "$login_success" = "1" ]; then
# Reread the config files (so that $USER.node.conf get sourced)
set_vars_from_db "" $user "only"
[ "$ENABLE_SESSION_SHADOWING" = "1" ] && session_user_acl_load $user
break
else
echo_x "NX> 404 ERROR: wrong password or login"
echo_x "NX> 999 Bye"
if [ "$ENABLE_LOG_FAILED_LOGINS" = "1" ]; then
logger -t nxserver -i -p auth.info \
"($(whoami)) Failed login for user=$user from IP=$(echo $SSH_CLIENT | awk '{print $1}')"
fi
exit_proc 1
fi
;;
esac
done
echo_x "NX> 103 Welcome to: $SERVER_NAME user: $user"
# remove old session infos from history
session_cleanup
#
# call it with: server_get_params $cmd # no ""!
#
server_get_params() {
shift;
local server_params=" $@"; server_params=${server_params// --/\&};
server_params=${server_params//\"/};
if [ "$server_params" = "" ]; then
echo_x -n "NX> 106 Parameters: "
read server_params2; server_params=${server_params2//%2B/+}
echo_x
fi
server_params=${server_params//%20/ };
server_params=${server_params//\&sessionid/\&session_id};
server_params=${server_params//\&id/\&session_id};
echo "$server_params"
}
server_nxnode_start() {
# use vars: session_id
# NODE_HOSTNAME NXNODE_TOSEND
local cmd="$1" user="$2"; shift; shift;
# Find NODE_HOSTNAME
#NODE_HOSTNAME=""
#CMDLINE="$@"; session_id=$(getparam session_id)
#CMDLINE=$(session_get "$session_id")
NODE_HOSTNAME=$host; [ -z "$NODE_HOSTNAME" ] && NODE_HOSTNAME="127.0.0.1"
export NODE_HOSTNAME
echo -e "$PASS\n$@" | \
$COMMAND_SUDO -u $user -HSik -p "" $PATH_BIN/nxnode "$cmd" 2>&1 | \
log_tee
}
server_add_usession() {
[ "$ENABLE_USESSION" = "1" ] || return
$COMMAND_SESSREG -l ":$display" -h "$userip" -a $user 2>&1 | \
log_error
}
server_remove_usession() {
[ "$ENABLE_USESSION" = "1" ] || return
$COMMAND_SESSREG -l ":$display" -h "$userip" -d $user 2>&1 | \
log_error
}
server_nxnode_echo() {
if [ "$server_channel" = "1" ]; then
echo -e "$@"
log "$FUNCNAME >&$server_channel: $@"
elif [ "$server_channel" = "2" ]; then
echo -e "$@" >&2
log "$FUNCNAME >&$server_channel: $@"
fi
}
server_nxnode_exit_func() {
log "$FUNCNAME: Info: Emergency-Shutting down due to kill signal ..."
session_fail $session_id
server_remove_usession
# remove lock file
[ -e "/tmp/.nX$display-lock" ] && rm -f /tmp/.nX$display-lock
exit_proc 1
}
server_nxserver_exit_func() {
log "$FUNCNAME: Info: Emergency-Shutting down!"
[ -n "$adm_pid" ] && kill -0 $adm_pid &>/dev/null \
&& kill $adm_pid &>/dev/null
exit_proc 1
}
server_nxnode_start_wait() {
# use uplevel: $server_wait_pid $user $session_id
local lp=" $FUNCNAME:";
local server_channel=1 kill_wait_pid=1 shadowcookie agent_pid
local fl_start="" to_send=""
open_dbe $BASHPID
[ "$1" = "--startsession" ] && fl_start="1";
if [ -n "$fl_start" ]; then
server_add_usession
# We need to stop sending things when a SIGPIPE arrives
trap "server_channel=0" SIGPIPE
trap server_nxnode_exit_func EXIT
fi
server_nxnode_start "$@" | while read cmd; do
case "$cmd" in
"NX> 700"*)
server_channel=0; to_send="$cmd"
;;
"NX> 706"*)
shadowcookie=$(cutfn "$cmd" 1 ':'); shadowcookie=${shadowcookie// /}
session_change "$session_id" "shadowcookie" "$shadowcookie"
to_send+="\n$cmd"
;;
"NX> 733"*)
agent_pid=$(cutfn "$cmd" 1 ':'); agent_pid=${agent_pid// /}
session_change "$session_id" "agent_pid" "$agent_pid"
;;
"NX> 70"*)
to_send+="\n$cmd"
;;
"NX> 710"*)
to_send+="\n$cmd"; server_channel=1;
server_nxnode_echo "$to_send";
server_channel=0;
to_send="";
kill -SIGUSR2 $$ 2>/dev/null
continue
;;
"NX> 1006"*|"NX> 1005"*|"NX> 1009"*)
case "$cmd" in
*running*)
[ "$kill_wait_pid" = "1" ] && kill -INT $server_wait_pid 2>/dev/null
kill_wait_pid=0
if [ "$server_channel" = "1" ]; then
server_channel=2
fi
log "$lp set status $session_id: Running"
session_change $session_id "status" "Running"
;;
*starting*)
log "$lp set status $session_id: Starting"
session_change $session_id "status" "Starting"
continue;
;;
*resuming*)
log "$lp set status $session_id: Resuming"
session_change $session_id "status" "Resuming"
continue;
;;
*closed*)
if [ -n "$fl_start" ]; then
log "$lp session_close $session_id"
session_close $session_id; break;
fi
;;
*suspended*)
if [ -n "$fl_start" ]; then
[ "$kill_wait_pid" = "1" ] && kill -INT $server_wait_pid 2>/dev/null
kill_wait_pid=0; log "$lp session suspend $session_id"
session_change $session_id "status,userip" "Suspended&-"
fi
;;
*suspending*)
if [ -n "$fl_start" ]; then
log "$lp set status $session_id: Suspending"
session_change $session_id "status" "Suspending"
# we need to stop sending to client as it will have already
# closed his side of the channel and this will lead to not
# closed sessions.
server_channel=0
fi
;;
*terminating*)
if [ -n "$fl_start" ]; then
log "$lp set status $session_id: Terminating"
session_change $session_id "status" "Terminating"
# we need to stop sending to client as it will have already
# closed his side of the channel and this will lead to not
# closed sessions.
server_channel=0
fi
;;
esac
;;
"NX> 1004"*)
[ "$kill_wait_pid" = "1" ] && {
kill -INT $server_wait_pid 2>/dev/null
kill_wait_pid=0
}
# This fail is correct here as somehow the
# monitor process might have died and we don't
# want the session to be resumed again.
session_fail $session_id
server_nxnode_echo "NX> 596 Session startup failed."
log "NX> 596 Session startup failed."
[ -z "$fl_start" ] && break; # on restore only?
;;
"NX> 1001"*)
if [ -z "$fl_start" ]; then
server_channel=0
log "$lp nxnode finished (1001) on display $display"
close_dbe $BASHPID; exit_proc 0
fi
;;
esac
case $cmd in "NX> "*) server_nxnode_echo $cmd;; esac
done
if [ "$1" = "--startsession" ]; then
trap - EXIT
trap - SIGPIPE
# Close it in case the session is still running
session_running $session_id && session_close $session_id
server_remove_usession
# remove lock file
[ -e "/tmp/.nX$display-lock" ] && rm -f /tmp/.nX$display-lock
fi
close_dbe $BASHPID
log "$lp $1 end on display $display"
}
server_check_session_count() {
session_count_user "$user"
if [ "$session_count" -ge "$SESSION_LIMIT" ]; then
echo_x "NX> 599 Reached the maximum number of concurrent sessions on this server."
echo_x "NX> 500 ERROR: Last operation failed."
return 1
fi
if [ "$session_count_user" -ge "$SESSION_USER_LIMIT" ]; then
echo_x "NX> 599 Server capacity: reached for user: $user"
echo_x "NX> 500 ERROR: Last operation failed."
return 1
fi
return 0
}
server_loadbalance_random() {
# Pick one based on "random" algorithm
local server_lb_hosts=( $LOAD_BALANCE_SERVERS )
local server_lb_nr_of_hosts=${#server_lb_hosts[@]}
let server_lb_nr=(RANDOM % server_lb_nr_of_host)
local server_lb_host=${server_lb_hosts[$server_lb_nr]}
echo $server_lb_host
}
# run in subshell!
server_loadbalance_round_robin() {
local server_lb_hosts=( $LOAD_BALANCE_SERVERS )
local server_lb_nr_of_hosts=${#server_lb_hosts[@]}
# Atomic incrementation:
# Enter critical section
# - Create .lock file
server_lb_lockfile=$(mktemp "$NX_SESS_DIR/round-robin.lock.XXXXXXXXX")
trap "rm -f $server_lb_lockfile" EXIT
i=0
while [ $i -lt 200 ]; do
# ln is an atomic operation
ln $server_lb_lockfile "$NX_SESS_DIR/round-robin.lock" && break
LC_MESSAGES=C sleep 0.01
((i++))
done
if [ $i -ge 200 ]; then
log "Load-Balancing: Round-Robin failed to gain lock file in 200 tries. Falling back to random."
server_loadbalance_random
return
fi
trap "rm -f \"$server_lb_lockfile\" \"$NX_SESS_DIR/round-robin.lock\"" EXIT
# Lock held
server_lb_nr=$(cat $NX_SESS_DIR/round-robin 2>/dev/null)
let server_lb_nr=(server_lb_nr+1)%server_lb_nr_of_hosts
echo $server_lb_nr >$NX_SESS_DIR/round-robin
# Exit critical section
rm -f "$server_lb_lockfile" "$NX_SESS_DIR/round-robin.lock"
trap - EXIT
server_lb_host=${server_lb_hosts[$server_lb_nr]}
echo $server_lb_host
}
server_loadbalance_load() {
local server_lb_max=0 server_lb_host="" server_lb_load;
export PATH_BIN
for i in $LOAD_BALANCE_SERVERS; do
server_lb_load=$($COMMAND_NXCHECKLOAD $i)
[ -z "$server_lb_load" ] && continue
if [ $server_lb_load -gt $server_lb_max ]; then
server_lb_max=$server_lb_load
server_lb_host=$i
fi
done
echo $server_lb_host
}
server_loadbalance() {
local server_host="127.0.0.1"
if [ -n "$LOAD_BALANCE_SERVERS" ]; then
server_host=""
if [ -n "$preferred_host" -a "$ENABLE_LOAD_BALANCE_PREFERENCE" = "1" ]; then
stringinstring " $preferred_host " " $LOAD_BALANCE_SERVERS " && \
server_host="$preferred_host"
fi
# Fallback if still empty
if [ -z "$server_host" ]; then
case "$LOAD_BALANCE_ALGORITHM" in
random)
server_host=$(server_loadbalance_random)
;;
round-robin)
server_host=$(server_loadbalance_round_robin)
;;
load)
server_host=$(server_loadbalance_load)
;;
esac
fi
[ -z "$server_host" ] && server_host="127.0.0.1"
[ -n "$server_host" ] && log "Info: Load-Balancing (if possible) to $server_host ..."
fi
echo "$server_host"
}
server_startrestore_session() {
local action="$1" params="$2" rc sess_lockfile
local agent_display samba_display cups_display media_display restore
local server_pid server_wait_pid new_params db_params nshu="-1" i s
params+="&clientproto=$proto&login_method=$login_method"
echo_x
if [ "$action" = "shadow" ]; then
shadowauth="0"; shadowviewonly="0"
action="start"; params=$(delparam "$params" "display");
params=$(delparam "$params" "session_id");
db_params=$(session_get "$in_session_id" 2>/dev/null)
set_vars_from_ampstr "$db_params" "db_"
encryption=$in_encryption
shadowdisplay=$in_display; shadowhost=$db_host;
shadowuser=$db_user; shadowcookie=$db_shadowcookie
[ "$shadowcookie" = "none" ] && shadowcookie=""
[ "$in_shadowviewonly" = "1" ] && shadowviewonly="1"
if [ -z "$shadowdisplay" ]; then
echo_x "NX> 596 Could not find shadowed session $session_id. Session failed."
exit_proc 1
fi
[ "$shadowhost" = "127.0.0.1" ] && shadowhost=""
if [ "$user" != "$shadowuser" -a \
"$ENABLE_SESSION_SHADOWING_AUTHORIZATION" = "1" ]; then
shadowauth="1"
[ -n "$shadow_users" ] && {
local shu=(${shadow_users//,/ })
for ((i=0; i<${#shu[@]}; i++)) {
[ "${shu[$i]}" = "$shadowuser" -o "${shu[$i]}" = "all" ] && {
nshu=$i; break;
}
}
}
((nshu>=0)) && {
[ "$shadowviewonly" = "0" ] && shadowviewonly=${shadow_oviews[$nshu]}
shadowauth=${shadow_uauths[$nshu]}
}
fi
if [ "$shadowauth" = "1" ]; then
# Ask for permission first:
echo_x "NX> 726 Asking user for authorization to attach to session"
msg2agentdisplay "yesno" \
"Do you want to allow $user to shadow your session?" \
$shadowhost:$shadowdisplay $shadowcookie $db_agent_pid \
"Authorization Request"
if [ "$?" != "1" ]; then
# User answered NO or time out
echo_x "NX> 596 Error: Authorization refused by user: $shadowuser."
exit_proc 1
fi
fi
params+="&shadowdisplay=$shadowdisplay&shadowhost=$shadowhost&\
shadowcookie=$shadowcookie&shadowuser=$shadowuser&\
shadowviewonly=$shadowviewonly&shadowauth=$shadowauth"
fi
[ "$action" = "start" ] && \
[ "$type" = "windows" -o "$type" = "vnc" ] && \
params=${params//&type=$type&/&type=$type'-helper'&}
# If we can't get the userip and SSHD_CHECK_IP is set to 1
# we bail out.
if [ -z "$SSH_CLIENT" -a -z "$SSH2_CLIENT" ]; then
if [ "$SSHD_CHECK_IP" = "1" ]; then
echo_x "NX> 596 Session startup failed. (Missing SSH_CLIENT environment variable)"
return 1
else
log "Warning: Failed to determine the client IP."
log "Warning: The SSH_CLIENT or SSH2_CLIENT variable was not provided by SSHD."
log "Warning: Please set SSHD_CHECK_IP=1 if you want to refuse the connection."
fi
fi
export ENCRYPTION=$encryption
if [ "$ENABLE_FORCE_ENCRYPTION" = "1" -a "$ENCRYPTION" != "1" ]; then
echo_x "NX> 596 Unencrypted sessions are not allowed."
exit_proc 1
fi
# check if there is a suspended session, which we could resume
if [ "$ENABLE_AUTORECONNECT" = "1" -a "$action" = "start" ]; then
restore=$(session_get_user_suspended "$user" "Suspended")
if [ -n "$restore" ]; then
session_id=$restore; action="resume"
fi
fi
# as only $SSH_CLIENT or $SSH2_CLIENT will be set, this should work
userip=$(rematchfn "($ip4_pattern)" "$SSH_CLIENT $SSH2_CLIENT") #"
[ -z "$userip" ] && userip="*"
if [ "$action" = "start" -o "$action" = "shadow" ]; then
server_check_session_count || exit_proc 1
# Possibly do loadbalancing
server_host=$(server_loadbalance)
# start nxnode
display=$DISPLAY_BASE
((sess_display_limit=DISPLAY_BASE+DISPLAY_LIMIT))
# stupid but working algo ...
while true; do
while [ -e /tmp/.X$display-lock -o \
-e "/tmp/.nX$display-lock" -o \
-e "/tmp/.X11-unix/X$display" ]; do
((display++))
done
# Check if there is already an agent running on that display on that host
((agent_display=display+6000))
if port_is_listening $agent_display "$server_host"; then
log "Warning: Stray nxagent without .nX$display-lock found on host:port $server_host:$agent_display."
((display++))
continue
fi
((proxy_display=display+4000))
if port_is_listening $proxy_display "$server_host"; then
log "Warning: nxagent proxy without .nX$display-lock found on host:port $server_host:$agent_display."
((display++))
continue
fi
# Now check for the other enabled services
((samba_display=display+3000))
if [ "$samba" = 1 ] && \
port_is_listening $samba_display "$server_host"; then
log "Warning: Skipping $server_host:$agent_display as samba port is not free."
((display++))
continue
fi
((media_display=display+7000))
if [ "$media" = 1 ] && \
port_is_listening $media_display "$server_host"; then
log "Warning: Skipping $server_host:$agent_display as media port is not free."
((display++))
continue
fi
((cups_display=display+9000))
if [ "$cups" = 1 ] && \
port_is_listening $cups_display "$server_host"; then
log "Warning: Skipping $server_host:$agent_display as cups port is not free."
((display++))
continue
fi
sess_lockfile=$(mktemp "/tmp/.nX$display-lock.XXXXXXXXX")
# ln is an atomic operation
ln "$sess_lockfile" "/tmp/.nX$display-lock" 2>/dev/null && break
done
rm -f "$sess_lockfile"
if [ "$display" -gt "$sess_display_limit" ]; then
echo_x "NX> 596 Error: Display limit exceeded. Please remove some files from /tmp/.X*-lock."
rm -f "/tmp/.nX$display-lock"
exit_proc 1
fi
session_id=$(echo $[$RANDOM*$RANDOM] | $COMMAND_MD5SUM)
session_id=${session_id%% *}; session_id=${session_id^^}
params+="&user=$user&userip=$userip&session_id=$session_id&\
display=$display&host=$server_host"
log_secure "$params"
# now update the session listing
local time_now=$(date +%s)
session_add "session_id,user,session,display,status,userip,rootless,\
type,screeninfo,geometry,host,shadowcookie,startTime,creationTime"\
"$session_id&$user&$session&$display&Running&$userip&$rootless&\
$type&$screeninfo&$geometry&$server_host&none&$time_now&$time_now"
else
[ -z "$(getparam "$params" "session_id")" ] && params+="&session_id=$session_id"
session_change "$session_id" "userip" "$userip"
db_params=$(session_get "$session_id");
display=$(getparam "$db_params" display);
host=$(getparam "$db_params" host); server_host=$host
[ -z "$server_host" ] && server_host="127.0.0.1"
status=$(getparam "$db_params" status)
params+="&host=$server_host&user=$user&userip=$userip&display=$display&status=$status"
if [ "$ENABLE_ADVANCED_SESSION_CONTROL" = "1" ]; then
case "$session" in
"add "*)
server_nxnode_start --applicationsession "$user" "$params"
echo_x "Quit"
echo_x "NX> 999 Quit"
exit_proc 1
;;
esac
fi
fi
# now start the node
sleep $AGENT_STARTUP_TIMEOUT &
server_wait_pid=$!
( server_nxnode_start_wait --"$action"session $user "$params" ) &
server_pid=$!; disown $server_pid
wait $server_wait_pid 2>/dev/null
if [ $? -eq 0 ]; then
# Something went wrong ...
[ "$action" = "start" ] && session_fail $session_id
echo_x "NX> 1004 Error: Session did not start."
echo_x "NX> 596 Session $action failed."
echo_x "NX> 999 Bye"
# FIXME: Send node signal to terminate
exit_proc 1
fi
}
# Session stage
trap "fl_send=1" SIGUSR2
while true; do
[ "$fl_send" = "0" ] && { sleep 0.01s; continue; }
echo_x -n "NX> 105 "
unset cmd
read cmd 2>/dev/null
[ "$cmd" = "" ] && cmd="quit" # FIXME?
# Logging
case "$cmd" in
startsession*|restoresession*|addmount*|addprinter*)
echo_secure "$cmd"; log_secure "$cmd"
;;
*)
echo "$cmd"; log "> $cmd"
;;
esac
case "$cmd" in
quit|QUIT)
echo_x "Quit"
echo_x "NX> 999 Bye"
exit_proc 0
;;
exit|EXIT)
echo_x "Exit"
echo_x "NX> 999 Bye"
exit_proc 0
;;
bye|BYE)
echo_x "Bye" 1>&2
echo_x "NX> 999 Bye" 1>&2
if [ "$ENCRYPTION" = "1" ]; then
((proxy_display=display+4000))
log "Session stage: proxy display starting $server_host:$proxy_display"
$COMMAND_NETCAT $server_host $proxy_display 2>/dev/null; rc=$?
log "Session stage: proxy display finished rc=$rc"
kill $PPID 2>/dev/null # kill our parent sshd process
exit_proc $rc
else
echo_x "NX> 1001 Bye."
fi
;;
admin)
[ -n "$ugroups" ] || \
{ ugroups=$(groups "$user"); ugroups=$(trim "${ugroups#*:}"); }
if stringinstring " nxadmin " " $ugroups "; then
trap server_nxserver_exit_func EXIT
log "User '$user': admin mode starting"
LC_MESSAGES=C $COMMAND_SUDO -u $user -S -v -p "" <<< "$PASS"
$COMMAND_SUDO -u $user -H /bin/bash -c \
'/usr/bin/nxnode --admin'
log "User '$user': admin mode stopping with rc=$?"
echo_x "NX> 1001 Bye."
trap EXIT
exit_proc 0
else
log "User '$user': admin mode start failed"
echo_x "NX> 2004 admin mode start failed"; exit_proc 1;
echo_x "NX> 1001 Bye."
fi
;;
startsession*)
fl_send="0"; in_params=$(server_get_params $cmd)
set_vars_from_ampstr "$in_params" # set global vars without prefixes
server_startrestore_session "start" "$in_params"
;;
list*)
# used: user,status, type, screeninfo == geometry ???
in_params=$(server_get_params $cmd)
set_vars_from_ampstr "$in_params" "in_"
if [ "$in_status" = "Suspended" -a -n "$in_screeninfo" ]; then
session_list_user_suspended "$in_user" "Suspended" \
"$in_screeninfo" "$in_type"
elif [ "$in_status" = "Suspended,Running" -o "$in_status" = "Suspended" ]; then
# disabled due to problems with 1.4.0-5 client
#session_list_user_suspended "$user" 'Suspended$|^status=Running$' "$(getparam geometry)" "$(getparam type)" | log_tee
session_list_user_suspended "$in_user" \
'Suspended' "$in_geometry" "$in_type"
elif [ "$in_status" = "suspended,running" -o "$in_status" = "suspended" ]; then
# since 1.5.0
[ "$ENABLE_SHOW_RUNNING_SESSIONS" = "0" ] && in_status="Suspended" || {
in_status=${in_status/,/|}
in_status=${in_status/suspended/Suspended}
in_status=${in_status/running/Running}
}
session_list_user_suspended "$in_user" "$in_status" \
"$in_geometry" "$in_type"
elif [ "$in_type" = "shadow" ]; then
session_list_user_suspended ".*" "Suspended|Running" "" "shadow"
else
session_list_user "$in_user" | log_tee
fi
;;
suspend*)
# used: user, session_id
in_params=$(server_get_params $cmd)
set_vars_from_ampstr "$in_params"
[ -z "$display" ] && \
display=$(q_vals_str_get "sess" \
"session_id='$session_id'" "display")
in_params+="&display=$display"
if session_find_id_user "$session_id" "$user"; then
server_nxnode_start --suspend "$user" "$in_params"
fi
;;
terminate*)
in_params=$(server_get_params $cmd)
set_vars_from_ampstr "$in_params"
[ -z "$display" ] && \
display=$(q_vals_str_get "sess" \
"session_id='$session_id'" "display")
in_params+="&display=$display"
if session_find_id_user "$session_id" "$user"; then
server_nxnode_start --terminate "$user" "$in_params"
fi
;;
restoresession*)
fl_send="0"; in_params=$(server_get_params $cmd)
set_vars_from_ampstr "$in_params"
[ -z "$display" ] &&
display=$(q_vals_str_get "sess" \
"session_id='$session_id'" "display")
in_params+="&display=$display"
server_startrestore_session "resume" "$in_params"
;;
attachsession*)
in_params=$(server_get_params $cmd)
set_vars_from_ampstr "$in_params" "in_"
server_startrestore_session "shadow" "$in_params"
;;
addmount*)
in_params=$(server_get_params $cmd)
set_vars_from_ampstr "$in_params" "in_"
in_params+="&display=$display"
( server_nxnode_start --smbmount "$user" "$in_params" >/dev/null 2>&1 ) &
;;
addprinter*)
in_params=$(server_get_params $cmd)
set_vars_from_ampstr "$in_params" "in_"
in_params+="&display=$display"
( server_nxnode_start --addprinter "$user" "$in_params" >/dev/null 2>&1 ) &
;;
*)
# disabled for 1.4.0-5 snapshot client
#echo_x "NX> 503 Error: undefined command: '$cmd'"
;;
esac
done
trap - SIGUSR2
fi # server_mode == "1"
#
# End of Main nxserver <--> nxclient communication module
#
################### PACKAGE cmd.bm ############################
#
# library functions for nxserver-commandline cmds
#
# Policy: All functions and variables need to start with CMD_ / cmd_
# Needed global vars: $NX_VERSION, $NX_LICENSE, $NX_ETC_DIR, $PATH_BIN,
# $NX_HOME_DIR, $SSH_AUTHORIZED_KEYS
# Needed package: passdb
cmd_usage() {
echo "NXSERVER - Version $NX_VERSION $NX_LICENSE" 1>&2
echo "Usage: nxserver <option>" 1>&2
if [ "$1" = "root" ]; then
echo "--start: Start the nx server" 1>&2
echo "--stop: Stop the nx server" 1>&2
echo "--status: Show status of nx server" 1>&2
echo "--restart: Restart the nx server. (start,stop)" 1>&2
echo "" 1>&2
echo "--list [ user | session_id ]: List running sessions of user or session_id " 1>&2
echo "--history [ user | session_id | clear ]: Show history [ of user | session_id ] or clear the history" 1>&2
echo "--terminate <user | :display | session_id>: Terminate the session pointed to by" 1>&2
echo " session_id or display, or all sessions of the specified user." 1>&2
echo " Use * for all sessions." 1>&2
echo "--force-terminate: Like terminate, but removes also session info." 1>&2
echo "--suspend <user | :display | session_id>: Suspend the session pointed to by" 1>&2
echo " session_id or display, or all sessions of the specified user." 1>&2
echo " Use * for all sessions." 1>&2
echo "--cleanup: Terminates all running sessions. Useful after power-outage."
echo "" 1>&2
echo "--broadcast <message>: Send a message to all users" 1>&2
echo "--send <user | :display | session_id> <message>: Send a message to the specified user or session_id" 1>&2
fi
exit_proc 1
}
cmd_abort() {
echo -e "NX> 500" "$@" 1>&2
echo "NX> 999 Bye" 1>&2
exit_proc 1
}
cmd_abort_success() {
echo "NX> 500" "$@" 1>&2
echo "NX> 999 Bye" 1>&2
exit_proc 0
}
cmd_start() {
[ -f $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS ] && \
cmd_abort_success "ERROR: Service already running"
mv $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS.disabled \
$NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS
echo "NX> 122 Service started"
}
cmd_stop() {
[ -f $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS ] || \
cmd_abort_success "Service was already stopped"
mv $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS \
$NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS.disabled
echo "NX> 123 Service stopped"
}
cmd_status() {
[ -f $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS ] && \
echo "NX> 110 NX Server is running"
[ -f $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS ] || \
echo "NX> 110 NX Server is stopped"
}
cmd_restart() { cmd_stop; cmd_start; }
cmd_parse_2_params()
{
local cmd_params;
if [ ${#1} -eq 32 ]; then cmd_params="session_id=$1"
elif [ "$1" != "" ]; then cmd_params="user=$1"
fi
echo "$cmd_params"
}
cmd_parse_3_params()
{
local cmd_params;
if [ ${#1} -eq 32 ]; then
cmd_params=$(session_find_id $1)
[ -n "$cmd_params" ] || cmd_abort "Error: Session $1 could not be found."
elif [ "${1:0:1}" = ":" ]; then
cmd_params=$(session_find_display "${1:1}")
[ -n "$cmd_params" ] || cmd_abort "Error: No running sessions found for display $1."
elif [ "$1" = "*" ]; then
cmd_params=$(session_find_all)
[ -n "$cmd_params" ] || cmd_abort "Error: No running sessions found."
elif [ "$1" != "" ]; then
cmd_params=$(session_find_user "$1")
[ -n "$cmd_params" ] || cmd_abort "Error: No running sessions found for user $1."
else cmd_abort "Error: Not enough parameters."
fi
echo "$cmd_params"
}
cmd_list_suspended() {
local cmd_params=$(cmd_parse_2_params "$2")
[ -n "$2" -a -z "$cmd_params" ] && exit_proc 1
case $cmd_params in
user=*)
session_list_user_suspended $2 "Suspended"
;;
esac
}
cmd_list() {
local cmd_params=$(cmd_parse_2_params "$2")
[ -n "$2" -a -z "$cmd_params" ] && return
case $cmd_params in
user=*)
session_list_user $2
;;
session_id=*)
session_list $2
;;
*)
session_list_all
;;
esac
}
cmd_history_clear() {
q_dbe "DELETE FROM sess WHERE status IN ('Finished','Failed');"
}
cmd_history() {
local cmd_params user="" sessid=""
if [ "$2" = "clear" ]; then cmd_history_clear; return; fi
cmd_params=$(cmd_parse_2_params "$2")
case $cmd_params in
user=*)
user="$2"
;;
session_id=*)
sessid="$2"
;;
esac
session_history "$user" "$sessid"
}
cmd_execute() {
local cmd_host="$1" cmd_user="$2" cmd_cmd="$3"
if [ "$cmd_host" = "127.0.0.1" -o "$cmd_host" = "localhost" ]; then
/bin/su - "$cmd_user" -c "$cmd_cmd"
else
ssh "$cmd_host" su - "$cmd_user" -c "'$cmd_cmd'"
fi
}
cmd_terminate_or_send() {
local cmd="$1" cmd_params lineamp cmd_shadowcookie cmd_agent_pid;
local cmd_session_id cmd_display cmd_user cmd_type cmd_status cmd_host;
if [ "$cmd" = "--broadcast" ]; then
cmd_params=$(session_find_all)
[ -z "$cmd_params" ] && cmd_abort "Error: No running session could be found."
else
cmd_params=$(cmd_parse_3_params "$2")
[ -z "$cmd_params" ] && exit_proc 1
shift
fi
shift
while read lineamp; do
[ -z "$lineamp" ] && continue
cmd_session_id=$(getparam "$lineamp" session_id)
cmd_display=$(getparam "$lineamp" display)
cmd_user=$(getparam "$lineamp" user)
cmd_type=$(getparam "$lineamp" type)
cmd_status=$(getparam "$lineamp" status)
cmd_host=$(getparam "$lineamp" host)
# is it a "good" session?
case "$cmd" in
--suspend)
if [ "$cmd_status" = "Running" ] && stringinstring "unix-" "$cmd_type"
then
echo "session_id=$cmd_session_id&display=$cmd_display" | \
cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --suspend"
fi
;;
--terminate)
echo "session_id=$cmd_session_id&display=$cmd_display" | \
cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --terminate"
;;
--force-terminate)
echo "session_id=$cmd_session_id&display=$cmd_display" | \
cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --terminate"
session_close $cmd_session_id
;;
--send|--broadcast)
# is it a "good" session?
if [ "$cmd_status" = "Running" ]; then
cmd_agent_pid=$(getparam "$lineamp" agent_pid)
cmd_shadowcookie=$(getparam "$lineamp" shadowcookie)
msg2agentdisplay "ok" "$(date "+%d.%m %H:%M"): $@" \
:$cmd_display $cmd_shadowcookie $cmd_agent_pid \
"NX Admin Message" 0
fi
esac
done <<< "$cmd_params"
}
sqcols_sess_adm="user, session, status, creationTime, startTime, endTime,\
type, session_id, display, userip, rootless, screeninfo, geometry, host"
cmd_list0() {
#args: term1[&term2...] [sort1[!][,sort2...]]
# term: <exp><cond><val_str>
# cond: = != > < >= <= ; val_str: val1[|val2...] or val_start,val_end
# if '!' present in sortN then sort order is DESC else ASC
local colstr="" wstr="" sortstr="" res
[ "$admin_mode" = "1" ] && colstr=$sqcols_sess_adm || colstr=$sqcols_sess
[ -n "$1" ] && wstr="WHERE $(q_where_str "$1")"
[ -n "$2" ] && sortstr="ORDER BY $(q_sort_str "$2")"
local mode=".mode csv sess\n.separator '&'\n"
local qstr="SELECT $colstr FROM sess $wstr $sortstr;" #; echo "$qstr" #debug
res=$(qa_dbe0 "$mode" "$qstr")
echo_x "NX> 2126 $colstr"
echo_x "NX> 2127 strings list start"
echo "${res//\"/}"
echo_x "NX> 2148 strings list end"
}
open_dbe $$
attach_db "$sq_settings_fn" ro || {
echo "NX> 500 Error: Unable to attach db file $sq_settings_fn";
exit_proc 1;
}
set_vars_from_db
sess_bd="$NX_SESS_DIR/sessions.sq3"
if [ "$NX_LOG_LEVEL" != "0" -a ! -f "$NX_LOGFILE" ]; then
touch "$NX_LOGFILE" >/dev/null 2>&1
fi
if [ "$UID" -eq "0" ]; then
chown nx "$NX_LOGFILE" >/dev/null 2>&1; chmod 660 "$NX_LOGFILE"
chown nx "$sess_bd" >/dev/null 2>&1; chmod 660 "$sess_bd"
fi
attach_db $sess_bd && init_sess_db
#
# normal user available functions
if [ $UID -ne 0 ]; then
if [ "$1" = "--agent" ]; then exec $PATH_BIN/nxnode "$@"
else cmd_usage
fi
exit_proc 0
fi
#
# root mode available functions
[ $# -lt 1 ] && cmd_usage "root"
[ "$1" = "--help" ] && cmd_usage "root"
if [ "$1" = "--version" ]; then
echo "NXSERVER - Version $NX_VERSION $NX_LICENSE"
exit_proc 0
fi
declare -g admin_mode="" mloop="1" cmd0 q s l
[ "$1" = "--admin" ] && { # admin mode loop
admin_mode="1"; shift;
trap exit_proc SIGINT; trap exit_proc SIGKILL; trap exit_proc EXIT
echo_x "NX> 2103 admin mode started"
while [ "$mloop" = "1" ]; do
echo_x -n "NX> 2105 "
unset cmd0; read cmd0 2>/dev/null
[ "$cmd0" = "" ] && cmd0="quit" # FIXME?
# do fake eval for params
q=0; l=$cmd0; cmd=()
while [ -n "$l" ]; do
s=${l%%[\'\"]*}; l=${l#*[\'\"]}; [ "$s" = "$l" ] && l=""
if ((q==0)); then
[ -n "$s" ] || continue
cmd+=($s); q=1
else cmd+=("$s"); q=0
fi
done
#log "${#cmd[@]}" #debug
#for ((i=0; i<${#cmd[@]}; i++)); do log "${cmd[$i]}"; done #debug
case ${cmd[0]} in
ping) echo_x "pong" ;;
l) cmd_list0 "${cmd[@]:1}" ;;
list) cmd_list "${cmd[@]:1}" ;;
--send|--broadcast) cmd_terminate_or_send "${cmd[@]}" ;;
quit|q) mloop=0 ;;
*) echo "Error: Function '$cmd' not implemented yet."
esac
done
echo_x "NX> 2999 admin mode stopped"
trap SIGINT; trap SIGKILL; trap EXIT; exit_proc 0
} # admin mode end
cmd=$1
echo "NX> 100 NXSERVER - Version $NX_VERSION $NX_LICENSE"
case $cmd in
--start)
cmd_start
;;
--stop)
cmd_stop
;;
--status)
cmd_status
;;
--restart)
cmd_restart
;;
--list)
cmd_list "$@"
;;
--list-suspended)
cmd_list_suspended "$@"
;;
--history)
cmd_history "$@"
;;
--terminate|--suspend|--force-terminate)
cmd_terminate_or_send "$@"
;;
--cleanup)
cmd_terminate_or_send "--force-terminate" "*"
;;
--send|--broadcast)
cmd_terminate_or_send "$@"
;;
*)
cmd_abort "Error: Function $cmd not implemented yet."
esac
echo "NX> 999 Bye"
exit_proc 0
Reference in New Issue View Git Blame Copy Permalink