Virtualhere хорошая штука но как показала практика надо точно понимать что делаешь когда в паре с ним работает RDP
может кому надо (пока без SSL....), обязательно используйте нестандартный порт, всегда вырубайте обнаружение AVAHI! тут нет всяких файрволов и прочего как в том же diskcontrol и сам скрипт не спасает от блокировки сервера если к нему залезли 2 клиента (но не даст левому клиенту подрубить устройство)
установка в runme
#!/bin/sh
mkdir /tmp/vhusbd
mv bash-static /tmp/vhusbd
mv vhusbdarmpi3 /tmp/vhusbd
mv vhusdconfig.ini /tmp/vhusbd
mv auth.sh /tmp/vhusbd
chmod ugo+x /tmp/vhusbd/bash-static
chmod ugo+x /tmp/vhusbd/vhusbdarmpi3
chmod ugo+x /tmp/vhusbd/auth.sh
/tmp/vhusbd/vhusbdarmpi3 -b -c /tmp/vhusbd/vhusdconfig.ini -r /tmp/vhusbd/vhbus_sys.log
в файле конфигурации vhusdconfig.ini
ClientAuthorization=/tmp/vhusbd/auth.sh "$VENDOR_ID$" "$PRODUCT_ID$" "$CLIENT_ID$" "$CLIENT_IP$" "$PRODUCT_SERIAL$" "$PASSWORD$" "$DEVPATH$" "$NICKNAME$"
Обязательно тут же пропишите минимум IgnoredDevices=424/* + добавьте сюда ваши клавиатуру и мышь.
Если вам нужно чтоб несколько клиентов могли подцепится к одной PI то запускайте несколько процессов на разных портах со своими конфигами, в них пишите какие порты сервер не может использовать IgnoredBuses=1-1.2,1-1.3, (запятая в конце строки параметра обязатальна!)
скрипт auth.sh
Не забываем качать bash-static под конкретный pi и именно armel (понимает синтаксис этого скрипта)
#!/tmp/vhusbd/bash-static
# Example script for performing advanced user authorization for VirtualHere
# Sponsored by
ben@wildblue.de
#
# Return 1 if the user is allowed to access this device
# Return 0 if the user is not allowed to access this device
# Return 3 if the user needs to provide a username AND password (or the password is incorrect) to use the device
# Return 2 if the user needs to provide ONLY a password (or the password is incorrect) to use the device. The username defaults to the client OS username
#
# Parameters are passed in as:
# $1 = VENDOR_ID
# $2 = PRODUCT_ID
# $3 = CLIENT_ID
# $4 = CLIENT_IP
# $5 = PRODUCT_SERIAL
# $6 = PASSWORD
# $7 = DEVPATH
# $8 = NICKNAME
# $9 = NUM_BINDINGS
#
#
https://packages.debian.org/sid/bash-static
#
https://packages.debian.org/sid/armel/b ... c/download - bash-static with array support
# Generate md5 in Windows cmd: CertUtil -hashfile C:\temp\password.txt MD5 | findstr /v "the password that is in the file password.txt" > C:\temp\password_hash.txt
# "mypassword" = "34819d7beeabb9260a5c854bc85b3e44" as an MD5 hash
# Example: ./auth.sh "0529" "0001" "ben (ben)" "192.168.1.100" ""
# ----------------------------------------------------------------------
# Нельзя допускать пробелы в параметрах массива
# Enable Logging of all Requests
ENABLE_LOGGING=true;
LOGFILE=/tmp/vhusbd/vhbus_auth.log;
#Pi
#LAN|2|4
#LAN|3|5
# Configured Port Number On HUB
# USBPORT_CONFIG_X=( UniqueID "Port_NickName" "USBPort_Path");
USBPORT_CONFIG_0=( 0 "AllPortPathAllowed" ALL );
USBPORT_CONFIG_1=( 1 "Port-LeftTop" "usb1/1-1/1-1.2" );
USBPORT_CONFIG_2=( 2 "Port-LeftBottom" "usb1/1-1/1-1.3" );
USBPORT_CONFIG_3=( 3 "Port-RightTop" "usb1/1-1/1-1.4" );
USBPORT_CONFIG_4=( 4 "Port-RighnBottom" "usb1/1-1/1-1.5" );
# Configured Devices 0529 0001 - rutoken & etc
# DEVICE_CONFIG_X=( UniqueID "Device_NickName" "VendorID" "ProductID");
DEVICE_CONFIG_0=( 0 "AllDeviceAllowed" ALL );
DEVICE_CONFIG_1=( 1 "USB-Dongle" "0529" "0001" );
DEVICE_CONFIG_2=( 2 "KVM-Switch" "0B39" "1001" );
DEVICE_CONFIG_4=( 4 "Unknown" "0424" ALL );
#DEVICE_CONFIG_3=( 3 "Mouse" "0A01" "1000" );
#DEVICE_CONFIG_4=( 4 "ZK7500-Fingerprint-Reader" "1b55" "0820" );
#DEVICE_CONFIG_5=( 5 "1C-HASP-LIC" "0529" "0001");
# Configured Users
# USER_CONFIG_X=( UniqueID "username" );
USER_CONFIG_0=( 0 ALL );
USER_CONFIG_1=( 1 "User1" );
USER_CONFIG_2=( 2 "User2" );
# Configured IP Addresses
# IP_CONFIG_X=( UniqueID "Computer_NickName" "IP-address" );
IP_CONFIG_0=( 0 ALL );
IP_CONFIG_1=( 1 "VDI34" "192.186.10.64" );
#IP_CONFIG_2=( 2 "serverX" "10.10.10.1" ); #
#Configured Rule List
# RULE_LIST_X=(UniqueID USBPORT_ID DEVICE_ID USER_ID IP_ID ACTION)
RULE_LIST_0=( 0 ALL 4 ALL ALL DENY );
RULE_LIST_1=( 1 ALL ALL 1 1 ALLOW );
RULE_LIST_2=( 2 ALL ALL 2 1 ALLOW );
RULE_LIST_3=( 3 ALL ALL ALL ALL ALLOW );
# ----------------------------------------------------------------------
# Map Parameters to readable VariableNames
VENDOR_ID=$1;
PRODUCT_ID=$2;
CLIENT_ID=$3;
CLIENT_IP=$4;
PRODUCT_SERIAL=$5;
DEVPATH=$7;
CURRENT_USBPORT=();
for ARRAY_NAME in ${!USBPORT_CONFIG_@}; do
# Get Data from USBPortConfig-Array
USBPORT_CONFIG=($(eval "echo \${$ARRAY_NAME[@]}"));
# Check USBPortConfig-Arguments
COUNT_ARGS=${#USBPORT_CONFIG[@]};
if [[ $COUNT_ARGS -gt 1 ]]; then
# Is this the CurrentRequested USB Port
USBPORT_DEVPATH=${USBPORT_CONFIG[2]};
if [[ "$DEVPATH" == *"$USBPORT_DEVPATH"* ]]; then
CURRENT_USBPORT=(${USBPORT_CONFIG[@]});
fi
fi
done;
if [[ "${#CURRENT_USBPORT[*]}" -eq 0 ]]; then CURRENT_USBPORT=(${USBPORT_CONFIG_0[@]}); fi
CURRENT_DEVICE=();
for ARRAY_NAME in ${!DEVICE_CONFIG_@}; do
# Get Data from DeviceConfig-Array
DEVICE_CONFIG=($(eval "echo \${$ARRAY_NAME[@]}"));
# Check DeviceConfig-Arguments
COUNT_ARGS=${#DEVICE_CONFIG[@]};
if [[ $COUNT_ARGS -eq 4 ]]; then
# This Device has a complete DataSet
# Is this the CurrentRequested Device
DEVICE_VENDOR_ID=${DEVICE_CONFIG[2]};
DEVICE_PRODUCT_ID=${DEVICE_CONFIG[3]};
if [ "$VENDOR_ID" == "$DEVICE_VENDOR_ID" ] &&
( [ "$DEVICE_PRODUCT_ID" == "ALL" ] || [ "$PRODUCT_ID" == "$DEVICE_PRODUCT_ID" ] ); then
CURRENT_DEVICE=(${DEVICE_CONFIG[@]});
fi
fi
done;
if [[ "${#CURRENT_DEVICE[*]}" -eq 0 ]]; then CURRENT_DEVICE=(${DEVICE_CONFIG_0[@]}); fi
CURRENT_USER=();
for ARRAY_NAME in ${!USER_CONFIG_@}; do
# Get Data from UserConfig-Array
USER_CONFIG=($(eval "echo \${$ARRAY_NAME[@]}"));
# Check UserConfig-Arguments
COUNT_ARGS=${#USER_CONFIG[@]};
if [[ $COUNT_ARGS -gt 1 ]]; then
# This User has Device-Authentification specified
# Is this the CurrentRequested User
USER_NAME=${USER_CONFIG[1]};
if [[ "$CLIENT_ID" == *"($USER_NAME)"* ]]; then
CURRENT_USER=(${USER_CONFIG[@]});
fi
fi
done;
if [[ "${#CURRENT_USER[*]}" -eq 0 ]]; then CURRENT_USER=(${USER_CONFIG_0[@]}); fi
CURRENT_IPADDRESS=();
for ARRAY_NAME in ${!IP_CONFIG_@}; do
# Get Data from IPConfig-Array
IP_CONFIG=($(eval "echo \${$ARRAY_NAME[@]}"));
# Check IPConfig-Arguments
COUNT_ARGS=${#IP_CONFIG[@]};
if [[ $COUNT_ARGS -gt 2 ]]; then
# This IP-Address has a complete DataSet
# Is this the CurrentRequested IP-Address
IP_ADDRESS=${IP_CONFIG[2]};
if [[ "$CLIENT_IP" == "$IP_ADDRESS" ]]; then
CURRENT_IPADDRESS=(${IP_CONFIG[@]});
fi
fi
done;
if [[ "${#CURRENT_IPADDRESS[*]}" -eq 0 ]]; then CURRENT_IPADDRESS=(${IP_CONFIG_0[@]}); fi
AUTHORIZED=false;
AUTH_RESULT="NOT Authorized!";
if ! ( [ "${#CURRENT_USBPORT[*]}" -gt 0 ] &&
[ "${#CURRENT_DEVICE[*]}" -gt 0 ] &&
[ "${#CURRENT_USER[*]}" -gt 0 ] &&
[ "${#CURRENT_IPADDRESS[*]}" -gt 0 ] ); then
echo "---------------------------------------------------------------------------------------------" >> $LOGFILE;
echo " Used Parameters : Error" >> $LOGFILE;
exit 0;
fi
# Configured Device-Port-User-IpAddress Authorization
CURRENT_RULE=();
for ARRAY_NAME in ${!RULE_LIST_@}; do
USBPORT_AUTHORIZED=false;
DEVICE_AUTHORIZED=false;
USER_AUTHORIZED=false;
IPADDRESS_AUTHORIZED=false;
# Get Data from RuleConfig-Array
RULE_LIST=($(eval "echo \${$ARRAY_NAME[@]}"));
# Check RuleConfig-Arguments
COUNT_ARGS=${#RULE_LIST[@]};
if [[ $COUNT_ARGS -eq 6 ]]; then
# This Device has a complete DataSet
# Is this the CurrentRequested Device
USBPORT_ID=${RULE_LIST[1]};
DEVICE_ID=${RULE_LIST[2]};
USER_ID=${RULE_LIST[3]};
IP_ID=${RULE_LIST[4]};
ACTION_ID=${RULE_LIST[5]};
if [ "$USBPORT_ID" == "ALL" ] ||
[ "$USBPORT_ID" == ${CURRENT_USBPORT[0]} ]; then
USBPORT_AUTHORIZED=true;
fi
if [ "$DEVICE_ID" == "ALL" ] ||
[ "$DEVICE_ID" == ${CURRENT_DEVICE[0]} ]; then
DEVICE_AUTHORIZED=true;
fi
if [ "$USER_ID" == "ALL" ] ||
[ "$USER_ID" == ${CURRENT_USER[0]} ]; then
USER_AUTHORIZED=true;
fi
if [ "$IP_ID" == "ALL" ] ||
[ "$IP_ID" == ${CURRENT_IPADDRESS[0]} ]; then
IPADDRESS_AUTHORIZED=true;
fi
fi
if [ "$USBPORT_AUTHORIZED" == true ] &&
[ "$DEVICE_AUTHORIZED" == true ] &&
[ "$USER_AUTHORIZED" == true ] &&
[ "$IPADDRESS_AUTHORIZED" == true ]; then
if [ "$ACTION_ID" == "ALLOW" ]; then
AUTHORIZED=true;
AUTH_RESULT="Authorized!";
fi
break;
fi
done;
# Define Logging
if [[ "$ENABLE_LOGGING" == true ]]; then
echo "---------------------------------------------------------------------------------------------" >> $LOGFILE;
echo "Authorizing -> '$1' '$2' '$3' '$4' '$5' '$6' '$7' '$8' '$9'" >> $LOGFILE;
# Create new Logfile-Entry with current Date, User and Parameters
echo "`date`, User: [$USER]" >> $LOGFILE;
echo " Used Parameters : ['$1' '$2' '$3' '$4' '$5']" >> $LOGFILE;
echo " Selected Device : ${CURRENT_DEVICE[@]}" >> $LOGFILE;
echo " Selected USB Port : ${CURRENT_USBPORT[@]}" >> $LOGFILE;
echo " Selected User : ${CURRENT_USER[@]}" >> $LOGFILE;
echo " Selected IP-Address : ${CURRENT_IPADDRESS[@]}" >> $LOGFILE;
echo " Auth-Result : $AUTH_RESULT" >> $LOGFILE;
fi
if [[ "$AUTHORIZED" == true ]]; then exit 1;
else exit 0; fi
