From e1c2107a52ee85d360984222a9b56cfc5a12bf3e Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 20 Oct 2020 16:34:28 +0200 Subject: [kiosk-chromium] Use jq to build URL white/blacklist --- .../data/etc/X11/Xreset.d/clear-chromium-policies | 4 +- .../pam/hooks/session-open.d/10-chromium-urlfilter | 60 ++++++++++++---------- 2 files changed, 34 insertions(+), 30 deletions(-) (limited to 'core/modules/kiosk-chromium') diff --git a/core/modules/kiosk-chromium/data/etc/X11/Xreset.d/clear-chromium-policies b/core/modules/kiosk-chromium/data/etc/X11/Xreset.d/clear-chromium-policies index 8b823039..2272527f 100644 --- a/core/modules/kiosk-chromium/data/etc/X11/Xreset.d/clear-chromium-policies +++ b/core/modules/kiosk-chromium/data/etc/X11/Xreset.d/clear-chromium-policies @@ -1,7 +1,5 @@ #!/bin/ash policy_dir="/etc/chromium-browser/policies/managed" -for file in "$policy_dir/kiosk-mode.json" "$policy_dir/url-filter.json"; do - rm -f -- "$file" -done +rm -f -- "$policy_dir/kiosk-mode.json" "$policy_dir/url-filter.json" true diff --git a/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter b/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter index d4add9b1..e9797b52 100644 --- a/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter +++ b/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter @@ -2,43 +2,49 @@ #^ SOURCED, actually running in ash format_urls() { - local url scheme host path count chost - for url in $@; do - # first remove '*://' scheme, none means the same - url="${url#*\*://}" + local url scheme host path chost + while [ $# -ne 0 ]; do + url="$1" + shift # extract scheme and remove it from url if needed scheme="${url%%://*}" if [ "$scheme" != "$url" ]; then url="${url#*://}" + if [ "$scheme" = 'http*' ]; then + # Special case: assume http* means http and https + scheme="http" + format_urls "https://$url" + elif [ "${scheme#*\*}" != "${scheme}" ]; then + # Contains a *, not supported, use any + scheme= + fi else scheme= fi - # extract host, skip entry if empty + # extract host host="${url%%/*}" [ -z "$host" ] && continue # transform into chromium syntax - if [ "$host" != "${host//\*/}" ]; then - # host contains wildcard '*' - # look for the longest subdomain until the wildcard - chost="$(echo "$host" | grep -oE '[^*]+$')" - # remove dot left over - if [ -n "$chost" ]; then + # We don't support arbitrary wildcards in the host part + chost="${host##*\*}" + if [ "$host" != "$chost" ]; then + # host contains wildcard '*', use everything + # after last * in host + if [ "${chost:0:1}" = "." ]; then + # Remove leading dot if any chost="${chost#?}" - else - chost='*' fi + # Empty host means any host + [ -z "$chost" ] && chost='*' else # chromium: exact host match must be prefixed with '.' - chost=".${host}" + chost=".${chost}" fi path="${url#*/}" - [ "$path" = "${host}" ] && path= - cpath= - if [ -n "$path" ]; then - cpath="$(echo "$path" | grep -oE '^[^*]*')" - fi - echo -e "\t\t\"${scheme:+${scheme}://}${chost}${cpath:+/${cpath}}\"," - done | sed '$ s/.$//' + [ "${path}" = "${host}" ] && path= + path="${path%%\**}" + printf "%s\n" "${scheme:+${scheme}://}${chost}${path:+/${path}}" + done } main() { @@ -46,7 +52,7 @@ main() { . /opt/openslx/config local url_policy_file="/etc/chromium-browser/policies/managed/url-filter.json" - echo -e "{\n" > "$url_policy_file" + echo "{" > "$url_policy_file" local ttype if [ "$SLX_BROWSER_IS_WHITELIST" -eq 1 ]; then ttype="White" @@ -55,14 +61,14 @@ main() { ttype="Black" fi if [ -n "$SLX_BROWSER_URLLIST" ]; then - echo -e '\t"URL'"$ttype"'list": [' >> "$url_policy_file" - format_urls $SLX_BROWSER_URLLIST >> "$url_policy_file" - echo -e '\t]' >> "$url_policy_file" + echo -e '\t"'"URL${ttype}list"'": ' >> "$url_policy_file" + format_urls $SLX_BROWSER_URLLIST \ + | jq -Rs 'rtrimstr("\n") | split("\n")' >> "$url_policy_file" fi - echo -e '}' >> "$url_policy_file" + echo '}' >> "$url_policy_file" } -if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" -a "$PAM_TTY" = ":0" ]; then +if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" ] && [ "$PAM_TTY" = ":0" ]; then # autologin of some sort main fi -- cgit v1.2.3-55-g7522