6 echo >&2 "novaboot-shell: $*"
23 if [ "$NB_ADMIN" ]; then
26 - shell (use with ssh -t)
34 [ "$NB_ADMIN" ] || return 1
37 0) die "Username argument missing";;
39 *) die "User name must not contain spaces: $*";;
44 tmp=$(mktemp ~/.ssh/authorized_keys.XXXXXXXX)
46 cat ~/.ssh/authorized_keys
47 echo "command=\"user $user\" $key"
50 mv $tmp ~/.ssh/authorized_keys
54 [ "$NB_ADMIN" ] || die "Permission denied"
55 exec /bin/bash || exec /bin/sh
59 lslocks | awk '{ if ($9 == "'"$RUN_DIR"'") { print $2 } }'
66 for pid in $(lock_queue); do
67 echo $pid $(sed --null-data -ne '/^NOVABOOT_ID=/ s///p' /proc/$pid/environ)
70 echo "Target is occupied by:"
71 ( echo "PID USER LOGIN_TIME FROM"; echo "$queue" ) | column -t
79 flock -h 2>&1 | grep -q -e "--no-fork" && no_fork=--no-fork
81 exec flock $no_fork "$RUN_DIR" "$@"
88 # run_subcommand should be called only after permission checks and/or locking
92 trap "rm -f $RUN_DIR/ppid" EXIT
93 echo $NOVABOOT_PPID > $RUN_DIR/ppid
94 echo 'novaboot-shell: Connected'
95 # TODO: $reset_begin_cmd
96 eval exec "${console_cmd:?}";;
98 eval exec "${reset_cmd:?}";;
99 "rsync --server "*" . .")
100 if ! [ $# -eq 5 -o \( $# -eq 6 -a "$4" = '--log-format=X' \) ]; then
101 die "Unexpected rsync invocation: $*"
103 mkdir -p "$HOME/tftproot"
107 eval exec "${on_cmd:?}";;
109 eval exec "${off_cmd:?}";;
114 if [ "$1" = "-c" ]; then
116 elif [ $# -gt 0 ]; then
117 die "Permission denied"
121 if [ "$1" = "user" ]; then
122 # Get user name encoded in ~/.ssh/authorized_keys
124 [ "$3" = "admin" ] && NB_ADMIN=1
125 set -- $SSH_ORIGINAL_COMMAND
128 if [ $# -eq 0 ]; then print_help; fi
130 IP=${SSH_CONNECTION%% *}
131 HOST=$(getent hosts $IP) || HOST=$IP
133 DATE=$(LANG=C date +'%F_%T')
134 export NOVABOOT_ID="${NB_USER:-?} $DATE ${REMOTE}"
135 export NOVABOOT_PPID=$PPID
140 # Commands allowed at any time
141 "console") locked $0 console;;
142 "get-config") echo -n "${target_config}"; exit;;
143 "add-key") shift; add_key "$@"; exit;;
144 "shell") exec_shell; exit;;
147 # Commands allowed only when nobody or the same user is connected
148 # to the console. "The same user" means that we were executed by
149 # the same sshd process that has the lock. This is ensured by
150 # using SSH connection sharing on cline side.
151 reset | rsync | on | off)
152 ALLOWED_PPID=$(cat $RUN_DIR/ppid 2>/dev/null || :)
153 if [ "$PPID" -eq "${ALLOWED_PPID:-0}" ]; then run=unlocked; else run=locked; fi
156 echo >&2 "novaboot-shell: Command not allowed: $*"
157 logger -p error "novaboot-shell: Command not allowed: $*"
164 if [ "$NOVABOOT_SHELL_CONFIG" ]; then
165 CFG="$NOVABOOT_SHELL_CONFIG"
167 CFG="$HOME/.novaboot-shell"
172 if [ -z "$NOVABOOT_ID" ]; then