blob: 1287fff04ec970eb9ac98d96ad9b8163bc6ecdd6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
#!/bin/bash
#^ SOURCED, actually running in ash
# Protip: Comment out while editing, but DO NOT FORGET TO RE-ENABLE
bash <<"EOF"
format_urls() {
local url scheme host path chost arr
readarray -t -d ' ' arr < <( printf "%s" "$@" )
for url in "${arr[@]}"; do
# extract scheme and remove it from url if needed
scheme="${url%%://*}"
if [ "$scheme" != "$url" ]; then
url="${url#*://}"
if [ "$scheme" = 'http*' ]; then
# Special case: assume http* means http and https
scheme="http"
format_urls "https://$url"
elif [ "${scheme#*\*}" != "${scheme}" ]; then
# Contains a *, not supported, use any
scheme=
fi
else
scheme=
fi
# extract host
host="${url%%/*}"
[ -z "$host" ] && continue
# transform into chromium syntax
# We don't support arbitrary wildcards in the host part
chost="${host##*\*}"
if [ "$host" = "*" ]; then
chost="*"
elif [ "$host" != "$chost" ]; then
# host contains wildcard '*', use everything
# after last * in host
if [ "${chost:0:1}" = "." ]; then
# Remove leading dot if any
chost="${chost#?}"
fi
# Empty host means any host
[ -z "$chost" ] && chost='*'
else
# chromium: exact host match must be prefixed with '.'
chost=".${chost}"
fi
path="${url#*/}"
[ "${path}" = "${host}" ] && path=
path="${path%%\**}"
printf "%s\n" "${scheme:+${scheme}://}${chost}${path:+/${path}}"
done
}
main() {
[ -z "$SLX_PXE_CLIENT_IP" ] && . /opt/openslx/config
local url_policy_file="/etc/chromium-browser/policies/managed/url-filter.json"
if [ -z "$SLX_BROWSER_BLACKLIST" ] && [ -z "$SLX_BROWSER_WHITELIST" ]; then
rm -f -- "$url_policy_file"
return
fi
re='^\s*$'
if [[ $SLX_BROWSER_BLACKLIST =~ $re ]]; then
SLX_BROWSER_BLACKLIST="*"
fi
# Create file
echo "{" > "$url_policy_file"
if [ -n "$SLX_BROWSER_BLACKLIST" ]; then
echo -e '\t"URLBlocklist": '
format_urls "$SLX_BROWSER_BLACKLIST" \
| jq -Rs 'rtrimstr("\n") | split("\n")'
[ -n "$SLX_BROWSER_WHITELIST" ] && echo ','
fi >> "$url_policy_file"
if [ -n "$SLX_BROWSER_WHITELIST" ]; then
echo -e '\t"URLAllowlist": '
format_urls "$SLX_BROWSER_WHITELIST" \
| jq -Rs 'rtrimstr("\n") | split("\n")'
fi >> "$url_policy_file"
echo '}' >> "$url_policy_file"
# Debian uses chromium instead of chromium-browser -.-
mkdir -p "/etc/chromium/policies/managed"
ln -nfs "$url_policy_file" "/etc/chromium/policies/managed/url-filter.json"
}
if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" ] && [ "$PAM_TTY" = ":0" ]; then
# autologin of some sort
main
fi
EOF
true
|
