[kiosk-*] support for lightdm-greeter kiosk

and kiosk-chromium URL filter

2 files changed, 68 insertions, 35 deletions

diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter b/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter
new file mode 100644
index 00000000..f80ed34a
--- /dev/null
+++ b/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+format_urls() {
+	local url scheme host path count chost
+	for url in $@; do
+		# first remove '*://' scheme, none means the same
+		url="${url#*\*://}"
+		# extract scheme and remove it from url if needed
+		scheme="${url%%://*}"
+		if [ "$scheme" != "$url" ]; then
+			url="${url#*://}"
+		else
+			scheme=
+		fi
+		# extract host, skip entry if empty
+		host="${url%%/*}"
+		[ -z "$host" ] && continue
+		# transform into chromium syntax
+		if [ "$host" != "${host//\*/}" ]; then
+			# host contains wildcard '*'
+			# look for the longest subdomain until the wildcard
+			chost="$(echo "$host" | grep -oE '[^*]+$')"
+			# remove dot left over
+			if [ -n "$chost" ]; then
+				chost="${chost#?}"
+			else
+				chost='*'
+			fi
+		else
+			# chromium: exact host match must be prefixed with '.'
+			chost=".${host}"
+		fi
+		path="${url#*/}"
+		[ "$path" = "${host}" ] && path=
+		cpath=
+		if [ -n "$path" ]; then
+			cpath="$(echo "$path" | grep -oE '^[^*]*')"
+		fi
+		echo -e "\t\t\"${scheme:+${scheme}://}${chost}${cpath:+/${cpath}}\","
+	done | sed '$ s/.$//'
+}
+
+main() {
+	[ -e "/opt/openslx/config" ] || exit 0
+	. /opt/openslx/config
+
+	local url_policy_file="/etc/chromium-browser/policies/managed/url-filter.json"
+	echo -e "{\n" > "$url_policy_file"
+	local ttype
+	if [ "$SLX_BROWSER_IS_WHITELIST" -eq 1 ]; then
+		ttype="White"
+		echo -e '\t"URLBlacklist": [ "*" ],' >> "$url_policy_file"
+	else
+		ttype="Black"
+	fi
+	if [ -n "$SLX_BROWSER_URLLIST" ]; then
+		echo -e '\t"URL'"$ttype"'list": [' >> "$url_policy_file"
+		format_urls $SLX_BROWSER_URLLIST >> "$url_policy_file"
+		echo -e '\t]' >> "$url_policy_file"
+	fi
+	echo -e '}' >> "$url_policy_file"
+}
+
+if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" -a "$PAM_TTY" = ":0" ]; then
+	# autologin of some sort
+	main
+fi
+true
diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-chromium-policies b/core/modules/kiosk-chromium/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-chromium-policies
deleted file mode 100644
index 9e60d7fa..00000000
--- a/core/modules/kiosk-chromium/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-chromium-policies
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/bash
-# ^SOURCED
-
-. /opt/openslx/config
-
-chromium_policies() {
-	# create managed policy file, those settings cannot be changed by the user
-	# (if he even gets to the settings dialog in the first place)
-	local chromium_policy_file="/etc/chromium-browser/policies/managed/kiosk-mode.json"
-	[ -e "$chromium_policy_file" ] && rm -f "$chromium_policy_file"
-
-	mkdir -p ${chromium_policy_file%/*}
-
-	if [ -n "$SLX_BROWSER_BOOKMARKS" ]; then
-		bookmarkbar=true
-	else
-		bookmarkbar=false
-	fi
-
-	cat <<- EOF > "$chromium_policy_file"
-	{
-		"AutoFillEnabled": false,
-		"BackgroundModeEnabled": false,
-		"BookmarkBarEnabled": $bookmarkbar,
-		"DefaultBrowserSettingEnabled": true,
-		"DownloadRestrictions": 3,
-		"PasswordManagerEnabled": false,
-		"ShowAppsShortcutInBookmarkBar": false,
-		"TranslateEnabled": false
-	}
-	EOF
-}
-
-chromium_policies
-true