13 files changed, 187 insertions, 62 deletions
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf b/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf
index 016ca2f3..95137377 100644
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/config/smb.conf
@@ -6,7 +6,7 @@
 # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
 #
 # If you have any feedback please consult https://bwlehrpool.de and
-# send your feedback to bwlehrpool@hs-offenburg.de.
+# send your feedback to support@bwlehrpool.de.
 #
 # General information about bwLehrpool can be found at https://bwlehrpool.de
 #
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template b/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template
index 19731d80..201804c3 100644
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/config/udhcpd-nat1.conf.template
@@ -6,7 +6,7 @@
 # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
 #
 # If you have any feedback please consult https://bwlehrpool.de and
-# send your feedback to bwlehrpool@hs-offenburg.de.
+# send your feedback to support@bwlehrpool.de.
 #
 # General information about bwLehrpool can be found at https://bwlehrpool.de
 #
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH
index cf5dbc5d..54a30955 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/LIESMICH
@@ -8,15 +8,15 @@ Binaries in der genutzen virtuellen Maschine enthalten sind.
 
 Folgende Programme werden benötigt:
 
-awk, cat, chmod, chown, cut, cvt, find, grep, head, hexdump, ln, logger, 
-mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, sleep, su, 
-systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm.
+awk, cat, chmod, chown, cut, cvt, find, fusermount, grep, head, hexdump, 
+ln, logger, mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, 
+sleep, su, systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm.
 
-Als mitunter fehlend haben sich insbesondere mount.cifs (wenn SMB-Laufwerke 
-nicht eingebunden werden und xdg-user-dir (wenn keine Icons auf dem Desktop 
-erscheinen) erwiesen. Zur Ermittlung eventuell fehlender binaries ist 
-hilfreich, das Skript openslx mit root-Rechten von Hand zu starten und auf 
-"…not found" u.ä. zu achten.
+Als mitunter fehlend haben sich insbesondere mount.cifs, mount.davfs (wenn 
+SMB- bzw. Webdav-Laufwerke nicht eingebunden werden) und xdg-user-dir 
+(wenn keine Icons auf dem Desktop erscheinen) erwiesen. Zur Ermittlung 
+eventuell fehlender binaries ist hilfreich, das Skript openslx mit root-
+Rechten von Hand zu starten und auf "…not found" u.ä. zu achten.
 
 
 Logeinträge:
@@ -28,14 +28,20 @@ die Einträge sind zudem wie folgt aufgeschlüsselt:
 'openslx utility script': openslx-Hauptskript
 'openslx sharemapper': Dienstskript zum Einhängen der Netzlaufwerke,
 'openslx resolution utility': Dienstskript zur Bildschirmauflösung.
+'openslx umounter': Dienstskript zum Unmounten eingehängter Netzlauf-
+                    werke bei Shutdown. (Anmerkung: besonders bei per 
+                    Userspace über fusermount eingehängten Webdav-
+                    laufwerken wichtig, da es sonst zu Wartezeiten
+                    beim Shutdown der VM kommen kann.)
 
 
 Enthaltene Skripte:
 
 vm_installer:	Dieses Skript einmalig in einer lokalen, permanenten (also 
 		nicht innerhalb des Poolsystems) Virtuellen Maschine ausführen. 
-		Es schreibt zwei systemd-Servicedateien und verlinkt diese,
-		um beim Systemstart folgende Skripte zu starten:
+		Eine vorherige Installation sollte erkannt und korrigiert
+		werden. Es schreibt zwei systemd-Servicedateien und verlinkt 
+		diese, um beim Systemstart folgende Skripte zu starten:
 
 openslx:	Das Skript openslx wird von einem durch vm_installer 
 		erzeugten systemd-Dienst gestartet. Es ruft die Funktionen 
@@ -51,8 +57,8 @@ resolution_standalone: Einzelstehende Version des resolution-Skriptes, die
 		Einbindung innerhalb der VM (Xsetup/Xreset) muss daher 
 		selbst gesorgt werden.
 
-		Anmerkung: Dieses Skript wird nur unstetig gewartet, die 
-		Nutzung von openslx wird daher empfohlen.
+		Anmerkung: Dieses Skript wird nicht mehr bzw. nur unstetig 
+		gewartet, die Nutzung von openslx wird daher sehr mpfohlen.
 
 
 Veraltet als Einzelskripte:
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README
index 6a58e448..885fba7e 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/README
@@ -8,13 +8,14 @@ check the usual log files, of course).
 
 These programs are needed:
 
-awk, cat, chmod, chown, cut, cvt, find, grep, head, hexdump, ln, logger,
-mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, sleep, su,
-systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm.
+awk, cat, chmod, chown, cut, cvt, find, fusermount, grep, head, hexdump, 
+ln, logger, mkdir, mount, mount.cifs, mv, ping, printf, ps, rmdir, sed, 
+sleep, su, systemctl, timeout, unlink, xdg-user-dir, xrandr, xterm.
 
-Two likely candidates are in particular mount.cifs and xdg-user-dir. Do 
-detect missing binaries it is helpful to start the script openslx with root 
-permissions by hand and check for "…not found" messages.
+Some likely candidates are in particular mount.cifs, mount.davfs and 
+xdg-user-dir. To detect missing binaries it is helpful to start the script 
+openslx in the virtual machine with root permissions by hand and check for 
+"... not found" messages.
 
 
 Log file entries:
@@ -25,12 +26,14 @@ distinguished by a preceding 'openslx'; the entries are further itemised by:
 'openslx utility script': openslx main script,
 'openslx sharemapper': utility to mount network shares,
 'openslx resolution utility': utility to set monitor resolution.
+'openslx umounter': utility for unmounting previously script-mounted network 
+                    drives at shutdown. (Ann.: This is important at userspace
+                    mounted (fusermount) webdav shares, as it else may lead 
+                    to waiting time at shutdown of the virtual machine.)
 
 
 Included scripts:
 
-This package consists of following scripts:
-
 vm_installer: 	This script is to be started once in a local, permanent (so 
 		not within the pool system environment) virtual machine. It 
 		writes two systemd service files and links them, so following 
@@ -44,6 +47,7 @@ openslx:	The script openslx will be started via systemd service written
 umnt_shares:	(before shutdown.target): Unmounts given network shares at 
 		virtual machine shutdown.
 
+
 resolution_standalone: Standalone version of resolution sctipt. Needs no 
 		preliminary work done by systemd or vm_runtime. It has to be 
 		embedded/startedt via adequate means by hand (eg. 
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc
index 3cee7944..cf6592f1 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/00_vars.inc
@@ -6,7 +6,7 @@ SLXCONFIGFILE="$DISKMOUNTDIR"/openslx.ini
 CONFIGFILE="$DISKMOUNTDIR"/shares.dat
 LOGINUSER=$(grep '^username=' "$SLXCONFIGFILE" | cut -d '=' -f 2)
 
-##### User related#################
+##### User related #################
 LOCALUSER=student
 USERHOME=/home/"$LOCALUSER"
 USERHOMEDIR=/home/"$LOCALUSER"/PERSISTENT
@@ -34,11 +34,14 @@ MOUNTCIFSPRAE="-v -t cifs -o "
 MOUNTCIFSOPTS="uid=$(id --user "$LOCALUSER"),gid=$(id --group "$LOCALUSER"),forceuid,forcegid,file_mode=0700,dir_mode=0700,nobrl,noacl"
 MOUNTNFSPRAE="-v -t nfs4 -o "
 MOUNTNFSOPTS="rw,nosuid,nodev,nolock,intr,hard,sloppy"
+MOUNTDAVPRAE="-t davfs -o "
+MOUNTDAVOPTS="uid=$(id --user "$LOCALUSER"),gid=$(id --group "$LOCALUSER")"
 
 NATADDR=$(head -n 1 "$CONFIGFILE" | cut -f 1 -d$'\t')
 PORT=$(head -n 1 "$CONFIGFILE" | cut -f 2 -d$'\t')
 SCHLUESSEL=$(head -n 1 "$CONFIGFILE" | cut -f 4 -d$'\t')
 GLOBALDOMAINUSER=$(head -n 1 "$CONFIGFILE" | cut -f 5 -d$'\t')
+GLOBALDOMAIN=$(echo "$GLOBALDOMAINUSER" | cut -d '\' -f 1)
 GLOBALUSER=$(echo "$GLOBALDOMAINUSER" | cut -d '\' -f 2)
 
 ##### Remap #######################
@@ -54,5 +57,7 @@ SCRIPTEXT=$(grep scriptExt "$DISKMOUNTDIR/openslx.ini" | cut -f 2 -d "=")
 MUTESOUND=$(grep muteSound "$DISKMOUNTDIR/openslx.ini" | cut -f 2 -d "=")
 SOUNDVOL="100%"
 
+##### Programs interfering with resolution setting #####
+KILLRESPROGS="kscreen_backend_launcher"
 
 ### Variablen Ende ################################
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc
index 33ccf686..c7db1971 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/10_functions.inc
@@ -23,45 +23,64 @@ function already_mounted()
 
 function mounter()
 {
+	MOUNTPARAM="$1"
+	MOUNTOPTS="$2"
+	SHAREPATH="$3"
+	MOUNTDIR="$4"
+
 	# Ausgabe: konnte mounten: 0, konnte nicht mounten: 1, schon gemountet 2
-	already_mounted "$4"
+	already_mounted "$MOUNTDIR"
 	ERR=$?
 	if [ "$ERR" -eq 0 ]; then
-		logger "openslx sharemapper: $3 already mounted."
+		logger "openslx sharemapper: $SHAREPATH already mounted."
 		AUSGANG=2	
 	else	
 		case "$MOUNTER" in 
 			nfs)	AUSGANG=0
 				x=2
-				while ! mount $1 $2 $3 $4 2>/dev/null 1>&2; do
-					logger "openslx sharemapper: could not mount ${3} to ${4}, waited another $x seconds, retrying."
+				while ! mount $MOUNTPARAM "${MOUNTOPTS}" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do
+					logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying."
 					sleep $x
 					if [ "$x" -gt 6 ]; then
 						AUSGANG=1
-						logger "openslx sharemapper: timeout, could not mount ${3} to ${4}. mount.nfs installed?"
+						logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR}. mount.nfs installed?"
 						break
 					fi
 					let x=x+2
 				done
-				[ "$AUSGANG" -eq 0 ] 	&& logger "openslx sharemapper: ${3} mounted to ${4} (nfs)."	# Todo: Schöner schreiben:)
+				[ "$AUSGANG" -eq 0 ] 	&& logger "openslx sharemapper: ${SHAREPATH} mounted to ${MOUNTDIR} (nfs)."	# Todo: Schöner schreiben:)
 				;;
 			cifs)	AUSGANG=0
 				x=2
+				[ -n "$GLOBALDOMAIN" ] && MOUNTOPTS="${MOUNTOPTS},domain=$GLOBALDOMAIN"
 				for VERSION in $CIFSVERSIONS; do
 					AUSGANG=0
-					while ! mount $1 "$VERSION",${2} $3 $4 2>/dev/null 1>&2; do
-						logger "openslx sharemapper: could not mount ${3} to ${4}, waited another $x seconds, retrying."
+					while ! mount $MOUNTPARAM "${VERSION}","${MOUNTOPTS}" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do
+						logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying."
 						sleep $x
 						if [ "$x" -gt 4 ]; then
 							AUSGANG=1
-							logger "openslx sharemapper: timeout, could not mount ${3} to ${4} cifs v${VERSION}."
+							logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR} cifs v${VERSION}."
 							break
 						fi
 						let x=x+2
 					done
 					[ "$AUSGANG" -eq 0 ] && break
 				done
-				[ "$AUSGANG" -eq 0 ]    && logger "openslx sharemapper: ${3} mounted to ${4} (cifs $VERSION)."
+				[ "$AUSGANG" -eq 0 ]    && logger "openslx sharemapper: ${SHAREPATH} mounted to ${MOUNTDIR} (cifs $VERSION)."
+				;;
+			dav)    AUSGANG=0
+				x=2
+				while ! echo -e "${USER}\n${PASSWD}" | mount $MOUNTPARAM "$MOUNTOPTS" "$SHAREPATH" "$MOUNTDIR" 2>/dev/null 1>&2; do
+					logger "openslx sharemapper: could not mount ${SHAREPATH} to ${MOUNTDIR}, waited another $x seconds, retrying."
+					sleep x
+					if [ "$x" -gt 4 ]; then
+						AUSGANG=1
+						logger "openslx sharemapper: timeout, could not mount ${SHAREPATH} to ${MOUNTDIR}. mount.davfs installed?"
+						break
+					fi
+					let x=x+2
+				done
 				;;
 			*)	logger "openslx sharemapper: unknown mounter ${MOUNTER}!"
 				;;
@@ -97,7 +116,7 @@ function mount_share()
 		ERR=$?                          # ERR merken wg. Links aus USERSHAREDIR
 		if [ "$ERR" -eq 1 ]; then
 			logger "openslx sharemapper: Could not mount ${USERSHAREDIR} even using user credentials; giving up."
-			echo "Konnte Laufwerk ${SHAREPATH} nicht einhängen." >> "$USERLOGFILE"
+			echo "Konnte Laufwerk ${SHAREPATH} nicht einhängen. mount.cifs / mount.davfs installiert?" >> "$USERLOGFILE"
 		fi
 		unset USER
 		unset PASSWD
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc
index c5d37105..c6bdc8c9 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/30_mount_shares.inc
@@ -9,7 +9,12 @@ function mount_shares()
 		SHAREPASS=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 5 -d$'\t')		# User-PW, bei Userhome nicht vorhanden
 
 		# Sharetyp bestimmen:
-		if [ "${SHAREPATH:0:2}" == '\\' ]  || [ "${SHAREPATH:0:2}" == '//' ]; then
+		if [ "${SHAREPATH:0:4}" == 'http' ]; then
+			SHAREPATH="${SHAREPATH//\\//}"          # shouldn't be needed, but who knows what windows users do...
+			MOUNTER=dav
+			MOUNTPARAM="$MOUNTDAVPRAE"
+			MOUNTOPTS="$MOUNTDAVOPTS"
+		elif [ "${SHAREPATH:0:2}" == '\\' ]  || [ "${SHAREPATH:0:2}" == '//' ]; then
 			USER=$(echo "$SHAREUSER"|cut -d '\' -f 2)
 			SHAREPATH="${SHAREPATH//\\//}"					# '\' --> `/` :-)
 			MOUNTER=cifs
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc
index e161b961..dc92061a 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/50_umounter.inc
@@ -1,12 +1,29 @@
-umount_home() {
-	umount /home/"${LOCALUSER}"/PERSISTENT	&& logger "openslx unmounter: umounted home (PERSISTENT)." \
-						|| logger "openslx unmounter: could not home (PERSISTENT)!"
-}
+umount_all() {
+	local HOME
+	local WEBDAV="(webdav) "
+	local UMOUNT
+	get_shares	# fills array ROHSHARES; row 1+ share infos from (shares-)CONFIGFILE
+
+	for (( CONFIGROW = 1; CONFIGROW < ${#ROHSHARES[@]}; CONFIGROW++ )); do		# row 1 is homedir, 2+ shares
+		SHAREPATH=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 1 -d$'\t')          # Could be a webdav share...
+		SHARENAME=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 3 -d$'\t' | sed 's/ /_/g')
+		if [ "${SHARENAME:0:5}" == "Home-" ]; then
+			HOME="home "
+			UMOUNT="${USERHOMEDIR}"
+		else
+			HOME=""
+			# if there's no sharename let's at least try with SHARELETTER:
+			[ -z "${SHARENAME}" ] && SHARENAME=$(echo "${ROHSHARES[CONFIGROW]}" | cut -f 2 -d$'\t' | sed 's/://g')
+			UMOUNT="${USERHOME}/${SHARENAME}"
+		fi
 
-umount_shares() {
-	index=0
-	for SHARE in $(	mount | grep SHARE | tr -s ' ' | cut -f 3 -d " " ); do
-		umount "${SHARE}"	&& logger "openslx unmounter: umounted ${SHARE}." \
-					|| logger "openslx unmounter: could not umount ${SHARE}!"
+		if [ "${SHAREPATH:0:4}" == 'http' ]; then
+			fusermount -u "$UMOUNT"	&& logger "openslx umounter: umounted ${HOME}${WEBDAV} ${UMOUNT}." \
+						|| logger "openslx umounter: could not umount ${HOME}${WEBDAV} ${UMOUNT}!"
+		else
+			umount "${UMOUNT}"	&& logger "openslx umounter: umounted $HOME ${UMOUNT}." \
+						|| logger "openslx umounter: could not umount ${HOME}${UMOUNT}!"
+		fi
 	done
 }
+
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc
index a3e6c746..62c2f313 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/includes/60_resolution.inc
@@ -11,11 +11,24 @@ get_xauthfile()
 	logger "openslx resolution utility: XAUTHFILE found."
 }
 
+kill_resprogs() {
+	for i in $KILLRESPROGS; do
+		if [ -n "$(ps aux|grep $i|grep -v grep)" ]; then
+			logger "openslx resolution utility: Interfering program $i detecting, trying to kill."
+			killall $i
+			ERR=$?
+			if [ $ERR -ne 0 ]; then
+				logger "openslx resolution utility: couldn't kill interfering program $i."
+			fi
+		fi
+	done
+}
 
 check_resolution() {
 	ACTRES=$(DISPLAY="${DISPLAY}" XAUTHORITY="${XAUTHORITY}" xrandr|grep '*'|tr -s " "|cut -f 2 -d " ")
 	if [ "$ACTRES" != "$RESOLUTION" ]; then
 		logger "openslx resolution utility: resolution changed; re-changing."
+		kill_resprogs
 		DISPLAY="${DISPLAY}" XAUTHORITY="${XAUTHORITY}" xrandr --output ${AUSGABE} --mode ${RESOLUTION}
 	else
 		logger "openslx resolution utility: resolution unchanged."
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares
index b028cf76..1da5c460 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/umnt_shares
@@ -17,13 +17,11 @@ case "$REMAPMODE" in
 		exit 0
 		;;
 	1)	logger "openslx sharemapper: umounter: remapMode 1 (native mode) detected."
-		umount_shares
-		umount_home
+		umount_all
 		postliminaries_native
 		;;
 	2)	logger "openslx sharemapper: umounter: remapMode 2 (fallback mode) detected."
-		umount_shares
-		umount_home
+		umount_all
 		postliminaries_native
 		exit 0
 		;;
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer
index 91f5b6d2..bf995a66 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/data/linux/vm_installer
@@ -75,7 +75,6 @@ case $(${PS} --pid 1 -o comm h) in
 			[Unit]
 			Description=openSLX umount utility
 			Before=shutdown.target 
-			Requires=${SERVICEDISKMOUNT}
 			DefaultDependencies=no
 	
 			[Service]
@@ -88,9 +87,14 @@ case $(${PS} --pid 1 -o comm h) in
 	
 		[ ! -d "$SERVICEDIR"/"${TARGET}".wants ]	&& mkdir "$SERVICEDIR"/"${TARGET}".wants 2>/dev/null
 		[ ! -d "$SERVICEDIR"/shutdown.target.wants ]	&& mkdir "$SERVICEDIR"/shutdown.target.wants 2>/dev/null
-	
+		# some distr. eg. Suse seem to want these:
+		# [ ! -d "$SERVICEDIR"/reboot.target.wants ]	&& mkdir "$SERVICEDIR"/reboot.target.wants 2>/dev/null
+		# [ ! -d "$SERVICEDIR"/halt.target.wants ]	&& mkdir "$SERVICEDIR"/halt.target.wants 2>/dev/null
+
 		ln -s "${SERVICEDIR}"/"${SERVICEUTIL}" "$SERVICEDIR"/"${TARGET}".wants/"${SERVICEUTIL}"
 		ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/shutdown.target.wants/"${SERVICEUMOUNT}"
+		# ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/reboot.target.wants/"${SERVICEUMOUNT}"
+		# ln -s "${SERVICEDIR}"/"${SERVICEUMOUNT}" "$SERVICEDIR"/halt.target.wants/"${SERVICEUMOUNT}"
 	
 		echo "openslx praeinstaller: doing systemd reload."
 		systemctl daemon-reload
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
index 01c7472c..51047a99 100644
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
@@ -4,10 +4,15 @@
 
 [ "$UID" = "0" ] || exit 1
 
-declare -rg RULES=$(mktemp)
+declare -rg RULES="$( mktemp )"
+declare -rg AUTORULES="$( mktemp )"
+declare -rg REMOTERULES="$( mktemp )"
+declare -rg LOGFILE="$( mktemp )"
 
 [ -n "$RULES" ] || exit 2
 
+trap 'rm -f -- "$RULES" "$AUTORULES" "$REMOTERULES" "$LOGFILE"' EXIT
+
 [ -n "$1" ] || exit 3
 
 [ "${#1}" -ge 10 ] || exit 4
@@ -31,18 +36,40 @@ for TOOL in iptables ip6tables; do
 	if ! $TOOL -w -C FORWARD -o br0 -j runvirt-OUTPUT; then
 		$TOOL -w -A FORWARD -o br0 -j runvirt-OUTPUT
 	fi
-	$TOOL -A runvirt-INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-	$TOOL -A runvirt-OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
+	$TOOL -A runvirt-INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+	$TOOL -A runvirt-OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 done
 
-declare -rg AUTORULES=$(mktemp)
+
+parse_uri () {
+	local scheme
+	ip="${1,,}"
+	scheme="${ip%%://*}"
+	ip="${ip#*://}"
+	port="${ip##*:}"
+	if [[ "$port" =~ ^[0-9]+$ ]]; then
+		ip="${ip%:*}"
+	elif [ "$scheme" = "ldaps" ]; then
+		port=636
+	else
+		port=389
+	fi
+	(( port >= 0 && port <= 65535 )) || port=0
+}
 
 add_ips () {
 	# add_ips "IN/OUT" "IP1 IP2 IPn" "PORT" "ACCEPT/REJECT"
-	local IP
-	[ -z "$1" -o -z "$2" -o -z "$3" -o -z "$4" ] && return 1
-	for IP in $2; do
-		echo "$1 $IP $3 $4" >> "${AUTORULES}"
+	local ip port port_def
+	port_def="$3"
+	[ -z "$1" -o -z "$2" -o -z "$port_def" -o -z "$4" ] && return 1
+	for ip in $2; do
+		port="${ip#*:}"
+		if (( port > 0 && port < 65536 )); then
+			ip="${ip%:*}"
+		else
+			port="$port_def"
+		fi
+		echo "$1 ${ip} ${port} $4" >> "${AUTORULES}"
 	done
 }
 
@@ -52,6 +79,24 @@ add_ips "OUT" "$SLX_DNS" 53 "ACCEPT"
 add_ips "OUT" "$SLX_DNBD3_SERVERS" 5003 "ACCEPT"
 add_ips "OUT" "$SLX_KCL_SERVERS $SLX_SERVER_IP" 0 "ACCEPT"
 
+# sssd
+sssd="$( < /etc/sssd/sssd.conf  grep -P '^\s*ldap_(backup_)?uri\s*=' | sed -r 's/^[^=]*=//' )"
+sssd="${sssd//,/ }"
+for uri in $sssd; do
+	parse_uri "$uri"
+	add_ips "OUT" "$ip" "$port" "ACCEPT"
+done
+
+# pam-slx-plug
+for file in /opt/openslx/pam/slx-ldap.d/*; do
+	[ -f "$file" ] || continue
+	uris="$( grep -Po "(?<=LDAP_URI=')[^']*" "$file" )"
+	for uri in $uris; do
+		parse_uri "$uri"
+		add_ips "OUT" "$ip" "$port" "ACCEPT"
+	done
+done
+
 if [ -n "$SLX_VM_NFS" ]; then
 	IP=
 	if [ "${SLX_VM_NFS:0:2}" = '//' ]; then
@@ -66,19 +111,28 @@ fi
 sort -u "${AUTORULES}" > "${RULES}"
 
 # determine the URL to download the netrules from
-. /opt/openslx/vmchooser/config/resource_urls.conf
+if [ -s /opt/openslx/vmchooser/config/resource_urls.conf ]; then
+	. /opt/openslx/vmchooser/config/resource_urls.conf
+fi
 NETRULES_URL=
 [ -n "$url_lecture_netrules" ] && NETRULES_URL="${url_lecture_netrules//%UUID%/${1}}"
 [ -z "$NETRULES_URL" ] && NETRULES_URL="${SLX_VMCHOOSER_BASE_URL}/lecture/$1/netrules"
-wget -T 6 -O - "${NETRULES_URL}" >> "${RULES}" 2> "${AUTORULES}"
+wget -T 8 -O - "${NETRULES_URL}" > "${REMOTERULES}" 2> "${LOGFILE}"
 RET=$?
 
 if [ "$RET" != "0" ]; then
 	echo "wget exit code: $RET :-("
-	grep -q "ERROR 404" "${AUTORULES}" && exit 0
+	grep -q "ERROR 404" "${LOGFILE}" && exit 0 # Old sat, doesn't support firewall rules
+	echo "WGET error output:"
+	cat "${LOGFILE}"
+	echo "------------ Downloaded content follows"
+	cat "${REMOTERULES}"
 	exit 6
 fi
 
+# Download OK, append to rules
+cat "${REMOTERULES}" >> "${RULES}"
+
 declare -rg V4='^[0-9]+(\.[0-9]+)*(/[0-9]+)?$'
 declare -rg V6='^([0-9a-fA-F]+|:)(:+[0-9a-fA-F]*)*(/[0-9]+)?$'
 
diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt b/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt
index 8dac549d..2ba8424c 100755
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/vmchooser-run_virt
@@ -8,7 +8,7 @@
 # See https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
 #
 # If you have any feedback please consult https://bwlehrpool.de and
-# send your feedback to bwlehrpool@hs-offenburg.de.
+# send your feedback to support@bwlehrpool.de.
 #
 # General information about bwLehrpool can be found at https://bwlehrpool.de
 #