Merge branch 'master' into installer

2 files changed, 16 insertions, 11 deletions

diff --git a/core/modules/kiosk-chromium/module.conf.ubuntu b/core/modules/kiosk-chromium/module.conf.ubuntu
index a47c86d7..7cb1575c 100644
--- a/core/modules/kiosk-chromium/module.conf.ubuntu
+++ b/core/modules/kiosk-chromium/module.conf.ubuntu
@@ -5,6 +5,7 @@ REQUIRED_CONTENT_PACKAGES="
 	fonts-noto-color-emoji
 	jq
 	xbindkeys
+	libnss3-tools
 "
 REQUIRED_INSTALLED_PACKAGES=""
 REQUIRED_BINARIES=""
diff --git a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver
index 4e58cc3b..e6e7f568 100755
--- a/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver
+++ b/core/modules/remote-access/data/etc/X11/Xsetup.d/50-launch-vncserver
@@ -3,7 +3,9 @@
 [ -z "$SLX_KCL_SERVERS" ] && . /opt/openslx/config
 
 [ "$DISPLAY" = :0 ] && [ -n "$SLX_REMOTE_VNC" ] && {
-	# TODO GET
+	# TODO If we support multiple parallel sessions in the future, we need dedicated
+	# ports for each session for both, the VNC and the RPC port.
+	vnc_port="${SLX_REMOTE_VNC_PORT:-5900}"
 	srchost="$SLX_REMOTE_HOST_ACCESS"
 	if [ -n "$srchost" ]; then
 		# IPTABLES
@@ -11,11 +13,9 @@
 		if ! [ -e "$rule" ]; then
 			(
 				echo "#!/bin/sh"
-				echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 5900 -j ACCEPT"
-				echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 5901 -j ACCEPT"
+				echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport $vnc_port -j ACCEPT"
 				echo "iptables -A INPUT -s "'"'"$srchost"'"'" -p tcp --dport 7551 -j ACCEPT"
-				echo "iptables -A INPUT -p tcp --dport 5900 -j DROP"
-				echo "iptables -A INPUT -p tcp --dport 5901 -j DROP"
+				echo "iptables -A INPUT -p tcp --dport $vnc_port -j DROP"
 				echo "iptables -A INPUT -p tcp --dport 7551 -j DROP"
 			) > "$rule"
 			chmod +x "$rule"
@@ -28,20 +28,23 @@
 	printf "%s" "$passwd" > "/tmp/vnc-passwd"
 	url="http://${SLX_PXE_SERVER_IP}/slx-admin/api.php?do=remoteaccess"
 	curl -s -S -L --retry 4 --retry-connrefused --max-time 3 --retry-max-time 10 \
-		--data-urlencode "password=$passwd" "$url" > /dev/null
+		--data-urlencode "password=$passwd" \
+		--data-urlencode "vncport=$vnc_port" \
+		"$url" > /dev/null
 	(
 		# Make a copy of xauth, so if the xserver restarts, we'll use the old one and fail to connect
 		if [ -n "$XAUTHORITY" ]; then
 			copy="$( mktemp )"
 			cat "$XAUTHORITY" > "$copy"
 			export XAUTHORITY="$copy"
-			trap 'rm -f -- "$copy"' EXIT INT TERM
+			trap 'exit 1' INT TERM
+			trap 'rm -f -- "$copy"' EXIT
 		fi
 		fails=0
 		while true; do
 			s="$( date +%s )"
 			# skip keycode stuff fixes altgr for vmware
-			x11vnc -rfbport 5900 -shared -forever -noxrecord -xkb -capslock -skip_keycodes 92,187,188 -remap DEAD=gac,U20AC-EuroSign -passwd "$passwd"
+			x11vnc -rfbport "$vnc_port" -shared -forever -noxrecord -xkb -capslock -skip_keycodes 92,187,188 -remap DEAD=gac,U20AC-EuroSign -passwd "$passwd"
 			e="$( date +%s )"
 			d="$(( e - s ))"
 			if [ "$d" -gt 5 ]; then
@@ -58,7 +61,8 @@
 	vmvnc=false
 	idle=0
 	# In case of stale entry
-	iptables -t nat -D PREROUTING -p tcp --dport 5900 -j REDIRECT --to-ports 5901
+	# TODO: This sucks anyways performance-wise for VMware, maybe remove?
+	iptables -t nat -D PREROUTING -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901
 	while [ -d "/proc/${vncpid}" ]; do
 		sleep 5
 		if netstat -tn | awk 'BEGIN{ e=1 } { if ($4 ~ /:590[0123]$/) e=0 } END{ exit e }'; then
@@ -82,13 +86,13 @@
 			if ! $vmvnc; then
 				killall x11vnc
 				usleep 10000
-				iptables -t nat -I PREROUTING 1 -p tcp --dport 5900 -j REDIRECT --to-ports 5901
+				iptables -t nat -I PREROUTING 1 -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901
 			fi
 			vmvnc=true
 		else
 			# disable
 			if $vmvnc; then
-				iptables -t nat -D PREROUTING -p tcp --dport 5900 -j REDIRECT --to-ports 5901
+				iptables -t nat -D PREROUTING -p tcp --dport "$vnc_port" -j REDIRECT --to-ports 5901
 			fi
 			vmvnc=false
 		fi