!/bin/sh # # Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # VDA Kiosk Session Script # ################################################################################ # Location of scripts for retrieving the user name and pool name associated # for an inserted smartcard (token). # # These scripts are provided for backward compatibility - VDA now provides its # own database and administration tools for managing the association between # tokens and users. # USER_SCRIPT=$KIOSK_SESSION_DIR/vda-user.sh INFO_SCRIPT=$KIOSK_SESSION_DIR/vda-info.sh POOL_SCRIPT=$KIOSK_SESSION_DIR/vda-pool.sh theUser="`$USER_SCRIPT`" theInfo="`$INFO_SCRIPT`" thePool="`$POOL_SCRIPT`" ################################################################################ # # Kiosk Session Environment theModule=kiosk:vda # Rotate screen if Other Info equals rotate if [ "$theInfo" = "rotate" ] ; then /usr/X11/bin/xrandr -o left fi # Fix F11 and F12 /usr/openwin/bin/xmodmap -e 'keycode 75 = F11' /usr/openwin/bin/xmodmap -e 'keycode 76 = F12' # Turn on numlock #/usr/openwin/bin/xset led 1 TRUE="true" FALSE="false" # Some variables used by the session script # theJavaHome="/opt/SUNWvda/java" noDesktopSelector="$FALSE" noDomainField="$FALSE" noUsernameField="$FALSE" allowUsernameEditing="$FALSE" showPasswordFieldAlways="$FALSE" theReload="$TRUE" theTimeout=180 theDefaultDomain="" theListOfDomains="" thePassword="" theDomain="" theContext="" theVmIpAndPort="" theUTTSCArgs="" VDA_CLIENT_EXEC="/opt/SUNWvda/lib/vda-client" UTACTION_EXEC="/opt/SUNWut/bin/utaction" ################################################################################ # # Parse Kiosk session arguments # ################################################################################ parseKioskSessionArguments() { VDA_KIOSK_OPTIONS=" \ d:(default-domain) \ j:(java-home) \ l:(list-of-domains) \ t:(timeout) \ P:(Pool) \ n(no-desktop-selector) \ a(allow-username-editing) \ h(no-username-field) \ o(no-domain-field) \ w(show-password-field)" while getopts "$VDA_KIOSK_OPTIONS" theOption ; do case $theOption in d) theDefaultDomain="$OPTARG";; j) theJavaHome="$OPTARG";; l) theListOfDomains="$OPTARG";; P) thePool="$OPTARG";; n) noDesktopSelector="$TRUE";; a) allowUsernameEditing="$TRUE";; h) noUsernameField="$TRUE";; o) noDomainField="$TRUE";; w) showPasswordFieldAlways="$TRUE";; t) theTimeout="`expr $OPTARG + 0`" if [ $? -ne 0 -a $? -ne 1 ] ; then logger -i -p user.error -t $theModule \ "Error: invalid timeout '$OPTARG' specified" exit 2 fi;; \?) logger -i -p user.error -t $theModule \ "Error: invalid kiosk session option specified" exit 2;; esac done shift `expr $OPTIND - 1` theUTTSCArgs="$@" retCode=0 } ################################################################################ # # Request (default) desktop for determined username and poolname (if available) # using the vda-client utility. # # Please notice, that this method requires that client authentication # is disabled. ################################################################################ requestDefaultDesktop() { VDA_WAIT_EXEC="$KIOSK_SESSION_DIR/vda-wait" # While getting access to a virtual machine, it is a good idea to show a # background image in order to demonstrate to the user that something is # happening. Simple script below uses GTK libraries to popup image in # window. Alternatively it is possible to use XLoadImage for the same # purpose if GTK is not available, see example below # XLI=/opt/sun-vda/xli/xli # $XLI -border \#5382a1 -onroot -fork -center $KIOSK_SESSION_DIR/wait.png $VDA_WAIT_EXEC $KIOSK_SESSION_DIR/wait.png \ $KIOSK_SESSION_DIR/logo.png \ $KIOSK_SESSION_DIR/spacer.png \ "$theUser <-----> VDI Service" & # vda-client takes username and optionally a pool name as arguments for # starting up a desktop/virtual machine. if [ -n "$thePool" ] ; then theResults=`$VDA_CLIENT_EXEC -m "$theUser" -P "$thePool"` else theResults=`$VDA_CLIENT_EXEC -m "$theUser"` fi retCode=$? if [ $retCode -ne 0 ] ; then # display error image, in case of any problems $VDA_WAIT_EXEC $KIOSK_SESSION_DIR/error.png \ $KIOSK_SESSION_DIR/logo.png \ $KIOSK_SESSION_DIR/spacer.png \ "$theUser <----? VDI Service" & logger -i -p user.error -t $theModule \ "Error: Could not locate virtual machine \ for '$theUser' in pool '$thePool' : $retCode" sleep 5 else # vda-client returns virtual machine IP/DNS and RDP port # separated by colon ":" theVmIpAndPort=`getValue "desktop" "="` theDesktopId=`getValue "id" "="` theRdpConfig=`getValue "rdpConfig" "="` theCardRemovedActionTimeout=`getValue "cardRemovedActionTimeout" "="` fi } ################################################################################ # # Connect to remote desktop using uttsc (Sun Ray Connector for Windows OS) # ################################################################################ displayDesktop() { # # For the moment the standard Kiosk session of the Sun Ray Windows Connector # can not be used due to an hard-coded "-b" default parameter. This disables # the pulldown menu, which makes it impossible for end-users to disconnect # RDP sessions from the VBox RDP server (using the VBox RDP capability the # guest OS is not aware that it is accessed in a remote way - thus no # disconnect functionality will be offered). This will be addressed in a # future SRWC patch. Until this fix becomes available VDA will ship its own # adapted version of the uttsc Kiosk script. # UTTSC_EXEC=$KIOSK_SESSION_DIR/vda-uttsc # Always redirect drive u: to /tmp/SUNWut/mnt/$USER on the server theArgs="" theCardRemovedArgs="$VDA_CLIENT_EXEC -a cardRemoved -D $theDesktopId" # Specify RDP port (if available - otherwise use default port) echo "$theVmIpAndPort" | grep ":" >/dev/null 2>&1 if [ $? -ne 0 ]; then theVmIP="$theVmIpAndPort" else theVmIP="`echo $theVmIpAndPort | cut -d':' -f1`" theVmPort="`echo $theVmIpAndPort | cut -d':' -f2`" theArgs="$theArgs${theArgs:+ }-P $theVmPort" fi # Preset user name if available if [ "$theUser" != "" -a "$theUser" != "$SUN_SUNRAY_TOKEN" ] ; then theArgs="$theArgs${theArgs:+ }-u $theUser" theCardRemovedArgs="$theCardRemovedArgs${theCardRemovedArgs:+ }-u $theUser" fi # Preset domain name if available if [ -n "$theDomain" ] ; then theShortDomainName="`echo $theDomain | cut -d. -f1`" # Commented out since this is a bug - RENEK # theArgs="$theArgs${theArgs:+ }-d $theShortDomainName" theArgs="$theArgs${theArgs:+ }-d $theDomain" fi # Read password from stdin if available if [ -n "$thePassword" ] ; then theArgs="$theArgs${theArgs:+ }-i" fi if [ -n "$theRdpConfig" ] ; then # keyboard values contain '(' & ')' characters which need to be enclosed # in quotes before calling eval below. eval will fail otherwise. theRdpConfig=`echo $theRdpConfig | sed 's/(/\"(\"/g' | sed 's/)/\")\"/g'` # device redirections may include variable names ( e.g. $USER ) so we # need to get the shell to evaluate those theRdpConfig=`eval echo $theRdpConfig` theArgs="$theArgs${theArgs:+ }$theRdpConfig" elif [ -n "$theUTTSCArgs" ] ; then theArgs="$theArgs${theArgs:+ }$theUTTSCArgs" fi echo "$SUN_SUNRAY_TOKEN" | grep "^pseudo." >/dev/null 2>&1 if [ $? -ne 0 ] ; then $UTACTION_EXEC -t $theCardRemovedActionTimeout -d "$theCardRemovedArgs" << END & $thePassword END fi $UTTSC_EXEC $theArgs "$theVmIP" << END $thePassword END retCode=$? thePassword="" } ################################################################################ # # Display desktop selection dialog # ################################################################################ showDesktopSelectionDialog() { JAVA_EXEC="$theJavaHome/bin/java" JAVA_OPTIONS="-client \ -Dawt.useSystemAAFontSettings=on" # CR6788489: Make Backspace, and Return key work in Java with # enabled NumLock _AWT_USE_TYPE4_PATCH=false export _AWT_USE_TYPE4_PATCH VDA_SELECTOR_LIB="/opt/SUNWvda/lib/vdaclient.jar" VDA_SELECTOR_EXEC="$JAVA_EXEC $JAVA_OPTIONS -jar $VDA_SELECTOR_LIB" if [ ! -x "$JAVA_EXEC" ] ; then logger -i -p user.error -t $theModule \ "Error: no JRE found at '$theJavaHome'" exit 2 fi if [ -n "$theContext" ] ; then # Restore the dialog's state if available theResults=`$VDA_SELECTOR_EXEC -c << END $theContext END` else # If this is the first invocation of the dialog, handover the provided # kiosk session arguments. theArgs="-t $SUN_SUNRAY_TOKEN" # Preset user name if available # Adapted this for rotate - no username preset if pseudotoken echo "$SUN_SUNRAY_TOKEN" | grep "^pseudo." >/dev/null 2>&1 if [ $? -ne 0 ] ; then if [ "$theUser" != "" -a "$theUser" != "$SUN_SUNRAY_TOKEN" ] ; then theArgs="$theArgs${theArgs:+ }-u $theUser" fi fi if [ -n "$theTimeout" ] ; then theArgs="$theArgs${theArgs:+ }-e $theTimeout" fi if [ -n "$theDefaultDomain" ] ; then theArgs="$theArgs${theArgs:+ }-d $theDefaultDomain" fi if [ -n "$theListOfDomains" ] ; then theArgs="$theArgs${theArgs:+ }-l $theListOfDomains" fi if [ "$allowUsernameEditing" = "$TRUE" ] ; then theArgs="$theArgs${theArgs:+ }-a" fi if [ "$noUsernameField" = "$TRUE" ] ; then theArgs="$theArgs${theArgs:+ }-h" fi if [ "$showPasswordFieldAlways" = "$TRUE" ] ; then theArgs="$theArgs${theArgs:+ }-w" fi if [ "$noDomainField" = "$TRUE" ] ; then theArgs="$theArgs${theArgs:+ }-o" fi if [ -n "$KIOSK_SESSION_DIR" ] ; then theArgs="$theArgs${theArgs:+ }-R $KIOSK_SESSION_DIR" fi theResults="`$VDA_SELECTOR_EXEC $theArgs`" fi retCode=$? if [ $retCode -eq 0 ] ; then # The desktop selector will return the username, password, domain and # IP/RDP port of the selected desktop/virtual machine. # We also store the dialog's state (context) to easily restore/display # the dialog again, if necessary. theUser=`getValue "user"` thePassword=`getValue "password"` theDomain=`getValue "domain"` theReload=`getValue "reload"` theContext=`getValue "context"` theVmIpAndPort=`getValue "desktop"` theDesktopId=`getValue "id"` theRdpConfig=`getValue "rdpConfig"` theCardRemovedActionTimeout=`getValue "cardRemovedActionTimeout"` else theReload="$FALSE" fi } getValue(){ theKey=$1 if [ $# -eq 1 ] ; then theSep=":" else theSep=$2 fi echo "$theResults" | grep "^${theKey}${theSep}" 2>/dev/null | cut -d${theSep} -f2- } ################################################################################ # # The main method # # Customers have the choice to take advantage of the desktop selector dialog # (the default) allowing users to select between multiple assigned desktops - # alternatively, this functionality can be switched off (specifying -n or # --no-desktop-selector as kiosk session parameter) displaying the user's # default desktop only. # ################################################################################ main() { parseKioskSessionArguments "$@" if [ "$noDesktopSelector" = "$TRUE" ]; then requestDefaultDesktop if [ $retCode -eq 0 ] ; then displayDesktop fi else # to improve the user experience we do not exit and recreate the kiosk # session each time, if the user switches between multiple desktops. while [ "$theReload" = "$TRUE" -a $retCode -eq 0 ] ; do showDesktopSelectionDialog if [ $retCode -eq 0 ] ; then displayDesktop fi done fi exit $retCode } main "$@" ## DO NOT ADD ANY CODE BELOW HERE!!