From 8296c46c06446b0bd4cfc82be1ae51bd07201b31 Mon Sep 17 00:00:00 2001 From: Jonathan Bauer Date: Tue, 18 Jun 2019 17:24:04 +0200 Subject: [kiosk-*] support for lightdm-greeter kiosk and kiosk-chromium URL filter --- .../pam_script_ses_open.d/10-chromium-urlfilter | 68 ++++++++++++++++++++++ .../systemd-setup_kiosk.d/00-chromium-policies | 35 ----------- 2 files changed, 68 insertions(+), 35 deletions(-) create mode 100644 core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter delete mode 100644 core/modules/kiosk-chromium/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-chromium-policies (limited to 'core/modules/kiosk-chromium') diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter b/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter new file mode 100644 index 00000000..f80ed34a --- /dev/null +++ b/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter @@ -0,0 +1,68 @@ +#!/bin/bash + +format_urls() { + local url scheme host path count chost + for url in $@; do + # first remove '*://' scheme, none means the same + url="${url#*\*://}" + # extract scheme and remove it from url if needed + scheme="${url%%://*}" + if [ "$scheme" != "$url" ]; then + url="${url#*://}" + else + scheme= + fi + # extract host, skip entry if empty + host="${url%%/*}" + [ -z "$host" ] && continue + # transform into chromium syntax + if [ "$host" != "${host//\*/}" ]; then + # host contains wildcard '*' + # look for the longest subdomain until the wildcard + chost="$(echo "$host" | grep -oE '[^*]+$')" + # remove dot left over + if [ -n "$chost" ]; then + chost="${chost#?}" + else + chost='*' + fi + else + # chromium: exact host match must be prefixed with '.' + chost=".${host}" + fi + path="${url#*/}" + [ "$path" = "${host}" ] && path= + cpath= + if [ -n "$path" ]; then + cpath="$(echo "$path" | grep -oE '^[^*]*')" + fi + echo -e "\t\t\"${scheme:+${scheme}://}${chost}${cpath:+/${cpath}}\"," + done | sed '$ s/.$//' +} + +main() { + [ -e "/opt/openslx/config" ] || exit 0 + . /opt/openslx/config + + local url_policy_file="/etc/chromium-browser/policies/managed/url-filter.json" + echo -e "{\n" > "$url_policy_file" + local ttype + if [ "$SLX_BROWSER_IS_WHITELIST" -eq 1 ]; then + ttype="White" + echo -e '\t"URLBlacklist": [ "*" ],' >> "$url_policy_file" + else + ttype="Black" + fi + if [ -n "$SLX_BROWSER_URLLIST" ]; then + echo -e '\t"URL'"$ttype"'list": [' >> "$url_policy_file" + format_urls $SLX_BROWSER_URLLIST >> "$url_policy_file" + echo -e '\t]' >> "$url_policy_file" + fi + echo -e '}' >> "$url_policy_file" +} + +if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" -a "$PAM_TTY" = ":0" ]; then + # autologin of some sort + main +fi +true diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-chromium-policies b/core/modules/kiosk-chromium/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-chromium-policies deleted file mode 100644 index 9e60d7fa..00000000 --- a/core/modules/kiosk-chromium/data/opt/openslx/scripts/systemd-setup_kiosk.d/00-chromium-policies +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# ^SOURCED - -. /opt/openslx/config - -chromium_policies() { - # create managed policy file, those settings cannot be changed by the user - # (if he even gets to the settings dialog in the first place) - local chromium_policy_file="/etc/chromium-browser/policies/managed/kiosk-mode.json" - [ -e "$chromium_policy_file" ] && rm -f "$chromium_policy_file" - - mkdir -p ${chromium_policy_file%/*} - - if [ -n "$SLX_BROWSER_BOOKMARKS" ]; then - bookmarkbar=true - else - bookmarkbar=false - fi - - cat <<- EOF > "$chromium_policy_file" - { - "AutoFillEnabled": false, - "BackgroundModeEnabled": false, - "BookmarkBarEnabled": $bookmarkbar, - "DefaultBrowserSettingEnabled": true, - "DownloadRestrictions": 3, - "PasswordManagerEnabled": false, - "ShowAppsShortcutInBookmarkBar": false, - "TranslateEnabled": false - } - EOF -} - -chromium_policies -true -- cgit v1.2.3-55-g7522