fix(mis): 不使用sudo作为普通用户来刷新VNC密码

PKUHPC · Jan 3, 2023 · ec0e636 · ec0e636
1 parent 789b791
commit ec0e636
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/apps/portal-server/src/clusterops/slurm/app.ts b/apps/portal-server/src/clusterops/slurm/app.ts
@@ -328,7 +328,7 @@ export const slurmAppOps = (cluster: string): AppOps => {
                 // connect as user so that
                 // the service node doesn't need to be able to connect to compute nodes with public key
                 return await sshConnect(host, userId, logger, async (computeNodeSsh) => {
-                  const password = await refreshPassword(computeNodeSsh, userId, logger, displayId!);
+                  const password = await refreshPassword(computeNodeSsh, null, logger, displayId!);
                   return {
                     code: "OK",
                     appId: sessionMetadata.appId,

diff --git a/apps/portal-server/src/utils/turbovnc.ts b/apps/portal-server/src/utils/turbovnc.ts
@@ -10,7 +10,7 @@
  * See the Mulan PSL v2 for more details.
  */
 
-import { executeAsUser } from "@scow/lib-ssh";
+import { executeAsUser, loggedExec } from "@scow/lib-ssh";
 import { NodeSSH } from "node-ssh";
 import { join } from "path";
 import { portalConfig } from "src/config/portal";
@@ -62,9 +62,21 @@ export function parseDisplayId(stdout: string): number {
 
 const vncPasswdPath = join(portalConfig.turboVNCPath, "bin", "vncpasswd");
 
-export const refreshPassword = async (ssh: NodeSSH, userId: string, logger: Logger, displayId: number) => {
-  const resp = await executeAsUser(ssh, userId, logger, true,
-    vncPasswdPath, ["-o", "-display", ":" + displayId]);
+/**
+ * Refresh VNC session's OTP
+ * @param ssh SSH connection
+ * @param runAsUserId the user id to run as. If null, run as SSH connection user
+ * @param logger logger
+ * @param displayId displayId
+ * @returns new OTP
+ */
+export const refreshPassword = async (ssh: NodeSSH, runAsUserId: string | null, logger: Logger, displayId: number) => {
+
+  const params = ["-o", "-display", ":" + displayId];
+
+  const resp = runAsUserId
+    ? await executeAsUser(ssh, runAsUserId, logger, true, vncPasswdPath, params)
+    : await loggedExec(ssh, logger, true, vncPasswdPath, params);
 
   return parseOtp(resp.stderr);
 };