| blob | 358e0d462012eb447ddca7846cfba7f0c4e81213 |
1 #!/usr/bin/python
2 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file.
6 # Virtual Me2Me implementation. This script runs and manages the processes
7 # required for a Virtual Me2Me desktop, which are: X server, X desktop
8 # session, and Host process.
9 # This script is intended to run continuously as a background daemon
10 # process, running under an ordinary (non-root) user account.
12 import atexit
13 import errno
14 import fcntl
15 import getpass
16 import grp
17 import hashlib
18 import json
19 import logging
20 import optparse
21 import os
22 import pipes
23 import platform
24 import psutil
25 import platform
26 import re
27 import signal
28 import socket
29 import subprocess
30 import sys
31 import tempfile
32 import time
33 import uuid
37 # This script has a sensible default for the initial and maximum desktop size,
38 # which can be overridden either on the command-line, or via a comma-separated
39 # list of sizes in this environment variable.
42 # By default, provide a maximum size that is large enough to support clients
43 # with large or multiple monitors. This is a comma-separated list of
44 # resolutions that will be made available if the X server supports RANDR. These
45 # defaults can be overridden in ~/.profile.
48 # If RANDR is not available, use a smaller default size. Only a single
49 # resolution is supported in this case.
72 # Amount of time to wait between relaunching processes.
76 # How long a process must run in order not to be counted against the restart
77 # thresholds.
80 # Thresholds for switching from fast- to slow-restart and for giving up
81 # trying to restart entirely.
85 # Globals needed by the atexit cleanup() handler.
86 g_desktops = []
91 # Always assume that the system is supported if the config directory or
92 # session file exist.
95 return True
97 # The host has been tested only on Ubuntu.
103 """Returns a path to an X server that supports the RANDR extension, if this
104 is found on the system. Otherwise returns None."""
109 return xvfb
111 return None
121 """Loads the config from file.
123 Raises:
124 IOError: Error reading data
125 ValueError: Error parsing JSON
126 """
133 """Saves the config to file.
135 Raises:
136 IOError: Error writing data
137 TypeError: Error serialising JSON
138 """
140 return
151 """Calls self.save(), trapping and logging any errors."""
173 """Manage authentication tokens for Chromoting/xmpp"""
180 """Loads the config and returns false if the config is invalid."""
185 return False
186 return True
194 """This manages the configuration for a host."""
209 return False
210 return True
220 """Manage a single virtual desktop"""
234 @staticmethod
236 """Return a candidate display number for which there is currently no
237 X Server lock file"""
238 display = FIRST_X_DISPLAY_NUMBER
241 return display
244 # Create clean environment for new session, so it is cleanly separated from
245 # the user's console X session.
256 LOG_FILE_ENV_VAR]:
260 # Ensure that the software-rendering GL drivers are loaded by the desktop
261 # session, instead of any hardware GL drivers installed on the system.
268 # Read from /etc/environment if it exists, as it is a standard place to
269 # store system-wide environment settings. During a normal login, this would
270 # typically be done by the pam_env PAM module, depending on the local PAM
271 # configuration.
277 # Split at the first "=", leaving any further instances in the value.
281 # The file stores key=value assignments, but the value may be
282 # quoted, so strip leading & trailing quotes from it.
291 # pulseaudio uses UNIX sockets for communication. Length of UNIX socket
292 # name is limited to 108 characters, so audio will not work properly if
293 # the path is too long. To workaround this problem we use only first 10
294 # symbols of the host hash.
300 return False
310 return False
328 return False
336 return True
348 # Run "xauth add" with |child_env| so that it modifies the same XAUTHORITY
349 # file which will be used for the X session.
365 # Disable the Composite extension iff the X session is the default
366 # Unity-2D, since it uses Metacity which fails to generate DAMAGE
367 # notifications correctly. See crbug.com/166468.
388 # Use a separate profile for any instances of Chrome that are started in
389 # the virtual session. Chrome doesn't support sharing a profile between
390 # multiple DISPLAYs, but Chrome Sync allows for a reasonable compromise.
394 # Set SSH_AUTH_SOCK to the file name to listen on.
398 # Wait for X to be active.
402 break
409 # The remoting host expects the server to use "evdev" keycodes, but Xvfb
410 # starts configured to use the "base" ruleset, resulting in XKB configuring
411 # for "xfree86" keycodes, and screwing up some keys. See crbug.com/119013.
412 # Reconfigure the X server to use "evdev" keymap rules. The X server must
413 # be started with -noreset otherwise it'll reset as soon as the command
414 # completes, since there are no other X clients running yet.
421 return
423 # Register the screen sizes if the X server's RANDR extension supports it.
424 # Errors here are non-fatal; the X server will continue to run with the
425 # dimensions from the "-screen" option.
434 # Set the initial mode to the first size specified, otherwise the X server
435 # would default to (max_width, max_height), which might not even be in the
436 # list.
442 # Set the physical size of the display so that the initial mode is running
443 # at approximately 96 DPI, since some desktops require the DPI to be set to
444 # something realistic.
448 # Monitor for any automatic resolution changes from the desktop environment.
452 # It is not necessary to wait() on the process here, as this script's main
453 # loop will reap the exit-codes of all child processes.
459 # Start desktop session.
460 # The /dev/null input redirection is necessary to prevent the X session
461 # reading from stdin. If this code runs as a shell background job in a
462 # terminal, any reading from stdin causes the job to be suspended.
463 # Daemonization would solve this problem by separating the process from the
464 # controlling terminal.
485 # Start remoting host
494 # Have the host process use SIGUSR1 to signal a successful start.
516 """Checks if there is already an instance of this script running, and returns
517 a psutil.Process instance for it.
519 Returns:
520 A Process instance for the existing daemon process, or None if the daemon
521 is not running.
522 """
527 # Support new & old psutil API. This is the right way to check, according to
528 # http://grodola.blogspot.com/2014/01/psutil-20-porting.html
535 # Skip any processes that raise an exception, as processes may terminate
536 # during iteration over the list.
538 # Skip other users' processes.
540 continue
542 # Skip the process for this instance.
544 continue
546 # |cmdline| will be [python-interpreter, script-file, other arguments...]
549 continue
551 return process
553 continue
555 return None
559 """Chooses the most appropriate X session command for this system.
561 Returns:
562 A string containing the command to run, or a list of strings containing
563 the executable program and its arguments, which is suitable for passing as
564 the first parameter of subprocess.Popen(). If a suitable session cannot
565 be found, returns None.
566 """
567 XSESSION_FILES = [
568 SESSION_FILE_PATH,
569 SYSTEM_SESSION_FILE_PATH ]
574 # "/bin/sh -c" is smart about how to execute the session script and
575 # works in cases where plain exec() fails (for example, if the file is
576 # marked executable, but is a plain script with no shebang line).
579 # If this is a system-wide session script, it should be run using the
580 # system shell, ignoring any login shell that might be set for the
581 # current user.
584 # Choose a session wrapper script to run the session. On some systems,
585 # /etc/X11/Xsession fails to load the user's .profile, so look for an
586 # alternative wrapper that is more likely to match the script that the
587 # system actually uses for console desktop sessions.
588 SESSION_WRAPPERS = [
595 # On Ubuntu 12.04, the default session relies on 3D-accelerated
596 # hardware. Trying to run this with a virtual X display produces
597 # weird results on some systems (for example, upside-down and
598 # corrupt displays). So if the ubuntu-2d session is available,
599 # choose it explicitly.
602 # Use the session wrapper by itself, and let the system choose a
603 # session.
605 return None
610 # If the script is running from its installed location, search the host
611 # binary only in the same directory.
619 return exe_path
625 """Redirects logs to the parent process, until the host is ready or quits.
627 This class creates a pipe to allow logging from the daemon process to be
628 copied to the parent process. The daemon process adds a log-handler that
629 directs logging output to the pipe. The parent process reads from this pipe
630 until and writes the content to stderr. When the pipe is no longer needed
631 (for example, the host signals successful launch or permanent failure), the
632 daemon removes the log-handler and closes the pipe, causing the the parent
633 process to reach end-of-file while reading the pipe and exit.
635 The (singleton) logger should be instantiated before forking. The parent
636 process should call wait_for_logs() before exiting. The (grand-)child process
637 should call start_logging() when it starts, and then use logging.* to issue
638 log statements, as usual. When the child has either succesfully started the
639 host or terminated, it must call release_parent() to allow the parent to exit.
640 """
645 """Constructor. Must be called before forking."""
647 # Ensure write_pipe is closed on exec, otherwise it will be kept open by
648 # child processes (X, host), preventing the read pipe from EOF'ing.
657 """Installs a logging handler that sends log entries to a pipe.
659 Must be called by the child process.
660 """
666 """Uninstalls logging handler and closes the pipe, releasing the parent.
668 Must be called by the child process.
669 """
677 """Waits and prints log lines from the daemon until the pipe is closed.
679 Must be called by the parent process.
680 """
681 # If Ctrl-C is pressed, inform the user that the daemon is still running.
682 # This signal will cause the read loop below to stop with an EINTR IOError.
690 # Install a fallback timeout to release the parent process, in case the
691 # daemon never responds (e.g. host crash-looping, daemon killed).
692 # This signal will cause the read loop below to stop with an EINTR IOError.
703 # Print lines as they're logged to the pipe until EOF is reached or readline
704 # is interrupted by one of the signal handlers above.
710 raise
713 @staticmethod
715 """Returns the singleton instance, if it exists."""
720 """Background this process and detach from controlling terminal, redirecting
721 stdout/stderr to a log file."""
723 # TODO(lambroslambrou): Having stdout/stderr redirected to a log file is not
724 # ideal - it could create a filesystem DoS if the daemon or a child process
725 # were to write excessive amounts to stdout/stderr. Ideally, stdout/stderr
726 # should be redirected to a pipe or socket, and a process at the other end
727 # should consume the data and write it to a logging facility which can do
728 # data-capping or log-rotation. The 'logger' command-line utility could be
729 # used for this, but it might cause too much syslog spam.
731 # Create new (temporary) file-descriptors before forking, so any errors get
732 # reported to the main process and set the correct exit-code.
733 # The mode is provided, since Python otherwise sets a default mode of 0777,
734 # which would result in the new file having permissions of 0777 & ~umask,
735 # possibly leaving the executable bits set.
753 # Child process
756 # The second fork ensures that the daemon isn't a session leader, so that
757 # it doesn't acquire a controlling terminal.
761 # Grandchild process
762 pass
764 # Child process
767 # Parent process
778 # Copy the file-descriptors to create new stdin, stdout and stderr. Note
779 # that dup2(oldfd, newfd) closes newfd first, so this will close the current
780 # stdin, stdout and stderr, detaching from the terminal.
785 # Close the temporary file-descriptors.
793 global g_desktops
804 # Use a short timeout, to avoid delaying service shutdown if the
805 # process refuses to die for some reason.
813 g_desktops = []
818 """Reload the config file on SIGHUP. Since we pass the configuration to the
819 host processes via stdin, they can't reload it, so terminate them. They will
820 be relaunched automatically with the new config."""
836 # Exit cleanly so the atexit handler, cleanup(), gets called.
841 """Helper class for inhibiting launch of a child process before a timeout has
842 elapsed.
844 A managed process can be in one of these states:
845 running, not inhibited (running == True)
846 stopped and inhibited (running == False and is_inhibited() == True)
847 stopped but not inhibited (running == False and is_inhibited() == False)
849 Attributes:
850 label: Name of the tracked process. Only used for logging.
851 running: Whether the process is currently running.
852 earliest_relaunch_time: Time before which the process should not be
853 relaunched, or 0 if there is no limit.
854 failures: The number of times that the process ran for less than a
855 specified timeout, and had to be inhibited. This count is reset to 0
856 whenever the process has run for longer than the timeout.
857 """
870 """Record that the process was launched, and set the inhibit time to
871 |timeout| seconds in the future."""
877 """Record that the process was stopped, and adjust the failure count
878 depending on whether the process ran long enough."""
893 """Wrapper around os.waitpid() which waits until either a child process dies
894 or the deadline elapses.
896 Args:
897 pid: Process ID to wait for, or -1 to wait for any child process.
898 deadline: Waiting stops when time.time() exceeds this value.
900 Returns:
901 (pid, status): Same as for os.waitpid(), except that |pid| is 0 if no child
902 changed state within the timeout.
904 Raises:
905 Same as for os.waitpid().
906 """
916 """Wrapper around os.waitpid()/waitpid_with_timeout(), which waits until
917 either a child process exits or the deadline elapses, and retries if certain
918 exceptions occur.
920 Args:
921 pid: Process ID to wait for, or -1 to wait for any child process.
922 deadline: If non-zero, waiting stops when time.time() exceeds this value.
923 If zero, waiting stops when a child process exits.
925 Returns:
926 (pid, status): Same as for waitpid_with_timeout(). |pid| is non-zero if and
927 only if a child exited during the wait.
929 Raises:
930 Same as for os.waitpid(), except:
931 OSError with errno==EINTR causes the wait to be retried (this can happen,
932 for example, if this parent process receives SIGHUP).
933 OSError with errno==ECHILD means there are no child processes, and so
934 this function sleeps until |deadline|. If |deadline| is zero, this is an
935 error and the OSError exception is raised in this case.
936 """
946 continue
950 # No time-limit and no child processes. This is treated as an error
951 # (see docstring).
952 raise
957 # Anything else is an unexpected error.
958 raise
962 """Watches for any resolution-changes which set the maximum screen resolution,
963 and resets the initial size if this happens.
965 The Ubuntu desktop has a component (the 'xrandr' plugin of
966 unity-settings-daemon) which often changes the screen resolution to the
967 first listed mode. This is the built-in mode for the maximum screen size,
968 which can trigger excessive CPU usage in some situations. So this is a hack
969 which waits for any such events, and undoes the change if it occurs.
971 Sometimes, the user might legitimately want to use the maximum available
972 resolution, so this monitoring is limited to a short time-period.
973 """
980 xrandr_output)
982 # No need to handle ValueError. If xrandr fails to give valid output,
983 # there's no point in continuing to monitor.
988 # Resolution change detected.
990 # This was probably an automated change from unity-settings-daemon, so
991 # undo it.
998 # Stop monitoring after any change was detected.
999 break
1004 Chrome Remote Desktop, please install the app from the Chrome
1005 Web Store: https://chrome.google.com/remotedesktop"""
1011 "multiple times to make multiple screen resolutions "
1044 # Determine the filename of the host configuration and PID files.
1048 # Check for a modal command-line option (start, stop, etc.)
1059 # TODO(sergeyu): Remove --check-running once NPAPI plugin and NM host are
1060 # updated to always use get-status flag instead.
1109 # TODO(sergeyu): Also check RPM package version once we add RPM package.
1117 # If no modal command-line options specified, print an error and exit.
1121 # If a RANDR-supporting Xvfb is not available, limit the default size to
1122 # something more sensible.
1124 default_sizes = DEFAULT_SIZES
1126 default_sizes = DEFAULT_SIZE_NO_RANDR
1128 # Collate the list of sizes that XRANDR should support.
1134 sizes = []
1144 # Enforce minimum desktop size, as a sanity-check. The limit of 100 will
1145 # detect typos of 2 instead of 3 digits.
1153 # Register an exit handler to clean up session process and the PID file.
1156 # Load the initial host configuration.
1164 # Register handler to re-load the configuration in response to signals.
1168 # Verify that the initial host configuration has the necessary fields.
1177 # Determine whether a desktop is already active for the specified host
1178 # host configuration.
1181 # Debian policy requires that services should "start" cleanly and return 0
1182 # if they are already running.
1186 # Detach a separate "daemon" process to run the session, unless specifically
1187 # requested to run in the foreground.
1195 # Keep track of the number of consecutive failures of any child process to
1196 # run for longer than a set period of time. The script will exit after a
1197 # threshold is exceeded.
1198 # There is no point in tracking the X session process separately, since it is
1199 # launched at (roughly) the same time as the X server, and the termination of
1200 # one of these triggers the termination of the other.
1205 # Don't allow relaunching the script on the first loop iteration.
1209 # Set the backoff interval and exit if a process failed too many times.
1210 backoff_time = SHORT_BACKOFF_TIME
1217 backoff_time = LONG_BACKOFF_TIME
1219 relaunch_times = []
1221 # If the session process or X server stops running (e.g. because the user
1222 # logged out), kill the other. This will trigger the next conditional block
1223 # as soon as os.waitpid() reaps its exit-code.
1231 # Both processes have terminated.
1234 # Since the user's desktop is already gone at this point, there's no
1235 # state to lose and now is a good time to pick up any updates to this
1236 # script that might have been installed.
1240 # If there is a non-zero |failures| count, restarting the whole script
1241 # would lose this information, so just launch the session as normal.
1249 backoff_time)
1260 backoff_time)
1265 continue
1269 # When a process has terminated, and we've reaped its exit-code, any Popen
1270 # instance for that process is no longer valid. Reset any affected instance
1271 # to None.
1287 # These exit-codes must match the ones used by the host.
1288 # See remoting/host/host_error_codes.h.
1289 # Delete the host or auth configuration depending on the returned error
1290 # code, so the next time this script is run, a new configuration
1291 # will be created and registered.
1307 # Nothing to do for Mac-only status 104 (login screen unsupported)