6 echo >&2 "novaboot-shell: $*"
13 - console (default command)
24 if [ "$NB_ADMIN" ]; then
27 - shell (use with ssh -t)
35 [ "$NB_ADMIN" ] || return 1
38 0) die "Usage: ssh ... add-key USERNAME < id_rsa.pub";;
40 *) die "User name must not contain spaces: $*";;
45 tmp=$(mktemp ~/.ssh/authorized_keys.XXXXXXXX)
47 cat ~/.ssh/authorized_keys
48 echo "command=\"user $user\" $key"
51 mv $tmp ~/.ssh/authorized_keys
55 [ "$NB_ADMIN" ] || die "Permission denied"
56 if ! tty > /dev/null; then
57 echo "novaboot-shell: Consider starting the shell with 'ssh -t'"
59 exec /usr/bin/env bash || exec /bin/sh
63 lslocks | awk '{ if ($9 == "'"$RUN_DIR"'") { print $2 } }'
70 for pid in $(lock_queue); do
71 echo $pid $(sed --null-data -ne '/^NOVABOOT_ID=/ s///p' /proc/$pid/environ)
74 echo "Target is occupied by:"
75 ( echo "PID USER LOGIN_TIME FROM"; echo "$queue" ) | column -t
81 exec flock --no-fork "$RUN_DIR" "$@"
89 . "${NOVABOOT_SHELL_CONFIG:-$HOME/.novaboot-shell}"
95 "on") cmd="${on_cmd:?}";;
96 "off") cmd="${off_cmd:?}";;
97 *) die "Unexpected power parameter";;
100 if [ "$PPID" -ne 1 ] && systemctl --user is-enabled --quiet novaboot-delayed-power-off.service; then
101 sudo novaboot-power "$1"
102 if [ "$1" = "on" ]; then systemctl --user start novaboot-delayed-power-off.service; fi
109 trap "rm -f $RUN_DIR/ppid" EXIT
110 echo $NOVABOOT_PPID > $RUN_DIR/ppid
111 echo 'novaboot-shell: Connected'
112 # TODO: $reset_begin_cmd
113 [ -n "${on_cmd}" ] && power on
117 # Run novaboot with the same configuration as specified in
118 # ~/.novaboot-shell, but allow the caller to extend of override them
119 # via parameters of this function.
124 # Split $target_config below by newlines, not by words
127 novaboot "$nbscript" $target_config --server="$HOME/tftproot" --reset-cmd="${reset_cmd:?}" --remote-cmd="${console_cmd:?}" "$@"
131 # run_subcommand should be called only after permission checks and/or locking
136 run_console "${default_cmd:-${console_cmd:?}}";;
138 run_console "${console_cmd:?}";;
140 eval "${reset_cmd:?}";;
141 "rsync --server "*" . .")
142 if ! [ $# -eq 5 -o \( $# -eq 6 -a "$4" = '--log-format=X' \) ]; then
143 die "Unexpected rsync invocation: $*"
145 mkdir -p "$HOME/tftproot"
155 die "Unknown command: $*";;
160 if [ "$1" = "-c" ]; then
162 elif [ $# -gt 0 ]; then
163 die "Permission denied"
167 if [ "$1" = "user" ]; then
168 # Get user name encoded in ~/.ssh/authorized_keys
170 [ "$3" = "admin" ] && NB_ADMIN=1
171 set -- $SSH_ORIGINAL_COMMAND
174 IP=${SSH_CONNECTION%% *}
176 HOST=$(getent hosts $IP) || HOST=$IP
181 DATE=$(LANG=C date +'%F_%T')
182 export NOVABOOT_ID="${NB_USER:-?} $DATE ${REMOTE}"
183 export NOVABOOT_PPID=$PPID
188 # Commands allowed at any time
189 "") locked $0 default;;
190 "console") locked $0 console;;
191 "get-config") read_config && echo -n "${target_config}"; exit;;
192 "add-key") shift; add_key "$@"; exit;;
193 "shell") exec_shell; exit;;
196 # Commands allowed only when nobody or the same user is connected
197 # to the console. "The same user" means that we were executed by
198 # the same sshd process that has the lock. This is ensured by
199 # using SSH connection sharing on client side.
200 reset | rsync | on | off)
201 ALLOWED_PPID=$(cat $RUN_DIR/ppid 2>/dev/null || :)
202 if [ "$PPID" -eq "${ALLOWED_PPID:-0}" ]; then run=unlocked; else run=locked; fi
205 echo >&2 "novaboot-shell: Command not allowed: $*"
206 logger -p error "novaboot-shell: Command not allowed: $*"
211 if [ -d "$HOME" ]; then
214 RUN_DIR="/tmp/novaboot-shell@$USER"
218 if [ -z "$NOVABOOT_ID" ] && [ "$PPID" -ne 1 ]; then