print_help() {
cat <<EOF
Target commands:
-- console
+- console (default command)
- reset
- on
- off
- rsync ...
+- get-config
Management commands:
- help
exec_shell() {
[ "$NB_ADMIN" ] || die "Permission denied"
+ if ! tty > /dev/null; then
+ echo "novaboot-shell: Consider starting the shell with 'ssh -t'"
+ fi
exec /bin/bash || exec /bin/sh
}
locked() {
print_queue
- tmp=$(mktemp)
- no_fork=
- flock -h 2>&1 | grep -q -e "--no-fork" && no_fork=--no-fork
- rm -f "$tmp"
- exec flock $no_fork "$RUN_DIR" "$@"
+ exec flock --no-fork "$RUN_DIR" "$@"
}
unlocked() {
. "${NOVABOOT_SHELL_CONFIG:-$HOME/.novaboot-shell}"
}
+power() {
+ local cmd
+ case "$1" in
+ "on") cmd="${on_cmd:?}";;
+ "off") cmd="${off_cmd:?}";;
+ *) die "Unexpected power parameter";;
+ esac
+
+ if [ "$PPID" -ne 1 ] && systemctl --user is-enabled novaboot-power-off.service; then
+ sudo novaboot-power "$1"
+ else
+ eval "$cmd"
+ fi
+}
+
# run_subcommand should be called only after permission checks and/or locking
run_subcommand() {
read_config
echo $NOVABOOT_PPID > $RUN_DIR/ppid
echo 'novaboot-shell: Connected'
# TODO: $reset_begin_cmd
+ [ -n "${on_cmd}" ] && power on
eval exec "${console_cmd:?}";;
"reset")
eval exec "${reset_cmd:?}";;
cd "$HOME/tftproot"
exec "$@";;
"on")
- eval exec "${on_cmd:?}";;
+ power on
+ exit;;
"off")
- eval exec "${off_cmd:?}";;
+ power off
+ exit;;
+ *)
+ die "Unknown command: $*";;
esac
}
NB_ADMIN=
if [ "$1" = "user" ]; then
# Get user name encoded in ~/.ssh/authorized_keys
- NB_USER="$2";
+ export NB_USER="$2";
[ "$3" = "admin" ] && NB_ADMIN=1
set -- $SSH_ORIGINAL_COMMAND
fi
- if [ $# -eq 0 ]; then print_help; fi
-
IP=${SSH_CONNECTION%% *}
- HOST=$(getent hosts $IP) || HOST=$IP
+ if [ "$IP" ]; then
+ HOST=$(getent hosts $IP) || HOST=$IP
+ else
+ HOST=localhost
+ fi
REMOTE=${HOST##* }
DATE=$(LANG=C date +'%F_%T')
export NOVABOOT_ID="${NB_USER:-?} $DATE ${REMOTE}"
case "$1" in
# Commands allowed at any time
- "console") locked $0 console;;
+ "console"|"") locked $0 console;;
"get-config") read_config && echo -n "${target_config}"; exit;;
"add-key") shift; add_key "$@"; exit;;
"shell") exec_shell; exit;;
# Commands allowed only when nobody or the same user is connected
# to the console. "The same user" means that we were executed by
# the same sshd process that has the lock. This is ensured by
- # using SSH connection sharing on cline side.
+ # using SSH connection sharing on client side.
reset | rsync | on | off)
ALLOWED_PPID=$(cat $RUN_DIR/ppid 2>/dev/null || :)
if [ "$PPID" -eq "${ALLOWED_PPID:-0}" ]; then run=unlocked; else run=locked; fi
esac
}
-RUN_DIR="$HOME"
+if [ -d "$HOME" ]; then
+ RUN_DIR="$HOME"
+else
+ RUN_DIR="/tmp/novaboot-shell@$USER"
+ mkdir -p "$RUN_DIR"
+fi
-if [ -z "$NOVABOOT_ID" ]; then
+if [ -z "$NOVABOOT_ID" ] && [ "$PPID" -ne 1 ]; then
main "$@"
else
run_subcommand "$@"
=head1 SYNOPSIS
-B<novaboot-shell> -c "command [arguments...]"
+B<novaboot-shell> -c "[command [arguments...]]"
-B<novaboot-shell> command [arguments...]
+B<novaboot-shell> [command [arguments...]]
-B<ssh target@server> command [arguments...]
+B<ssh target@server> [command [arguments...]]
=head1 DESCRIPTION
-B<novaboot-shell> provides L<novaboot(1)> with unified SSH-based
-interface for controlling target hardware. This simplifies client-side
-configuration, because typically only I<-ssh=...> option is needed on
-the client side. B<novaboot-shell> is typically configured as a login
-shell of special user accounts associated with target hardware. It
-ensures that users are able to perform only a limited set of action
-(see L</COMMANDS> below) with the target and have no shell access on
-the server.
+B<novaboot-shell> provides L<novaboot(1)> with a unified SSH-based
+interface for controlling the target hardware. This simplifies
+client-side configuration, because clients typically need only the
+I<--ssh=...> option. B<novaboot-shell> is typically configured as a
+login shell of special user accounts associated with the target
+hardware (as set by L<adduser-novaboot(8)>). It ensures that users can
+perform only a limited set of actions (see L</COMMANDS> below) with
+the target and have no shell access on the server.
=head1 COMMANDS
sharing, which is what L<novaboot(1)> uses (see I<-M> and I<-S> in
L<ssh(1)>).
+This is the default command when no command is specified on command
+line.
+
=item reset
Reset the target hardware.
an administrator and is allowed to run L</add-key> and L</shell>
commands.
+=item get-config
+
+Prints novaboot configuration options needed for the target. One
+option per line.
+
=back
=head2 Administration commands
projects / novaboot.git / blobdiff