From f8abc5d351b6fa2293593d394a80c83665d5729d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 28 Jun 2019 16:56:22 +0200 Subject: [pam-slx-plug] Move old pam_script_* hook dirs to pam dir They're all now in subdirectories of /opt/openslx/pam/hooks. Symlinks have been put in place where they used to reside. --- .../pam/hooks/session-open.d/00-chromium-policies | 37 ++++++++++++ .../pam/hooks/session-open.d/10-chromium-urlfilter | 69 ++++++++++++++++++++++ .../pam_script_ses_open.d/00-chromium-policies | 37 ------------ .../pam_script_ses_open.d/10-chromium-urlfilter | 68 --------------------- 4 files changed, 106 insertions(+), 105 deletions(-) create mode 100644 core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/00-chromium-policies create mode 100644 core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter delete mode 100644 core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/00-chromium-policies delete mode 100644 core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter (limited to 'core/modules/kiosk-chromium') diff --git a/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/00-chromium-policies b/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/00-chromium-policies new file mode 100644 index 00000000..743d53ed --- /dev/null +++ b/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/00-chromium-policies @@ -0,0 +1,37 @@ +#!/bin/bash +# ^SOURCED, actually running in ash + +. /opt/openslx/config + +chromium_policies() { + # create managed policy file, those settings cannot be changed by the user + # (if he even gets to the settings dialog in the first place) + local chromium_policy_file="/etc/chromium-browser/policies/managed/kiosk-mode.json" + [ -e "$chromium_policy_file" ] && rm -f "$chromium_policy_file" + + mkdir -p ${chromium_policy_file%/*} + + if [ -n "$SLX_BROWSER_BOOKMARKS" ]; then + bookmarkbar=true + else + bookmarkbar=false + fi + + cat <<- EOF > "$chromium_policy_file" + { + "AutoFillEnabled": false, + "BackgroundModeEnabled": false, + "BookmarkBarEnabled": $bookmarkbar, + "DefaultBrowserSettingEnabled": true, + "DownloadRestrictions": 3, + "PasswordManagerEnabled": false, + "ShowAppsShortcutInBookmarkBar": false, + "TranslateEnabled": false + } + EOF +} + +if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" -a "$PAM_TTY" = ":0" ]; then + chromium_policies +fi +true diff --git a/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter b/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter new file mode 100644 index 00000000..d4add9b1 --- /dev/null +++ b/core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter @@ -0,0 +1,69 @@ +#!/bin/bash +#^ SOURCED, actually running in ash + +format_urls() { + local url scheme host path count chost + for url in $@; do + # first remove '*://' scheme, none means the same + url="${url#*\*://}" + # extract scheme and remove it from url if needed + scheme="${url%%://*}" + if [ "$scheme" != "$url" ]; then + url="${url#*://}" + else + scheme= + fi + # extract host, skip entry if empty + host="${url%%/*}" + [ -z "$host" ] && continue + # transform into chromium syntax + if [ "$host" != "${host//\*/}" ]; then + # host contains wildcard '*' + # look for the longest subdomain until the wildcard + chost="$(echo "$host" | grep -oE '[^*]+$')" + # remove dot left over + if [ -n "$chost" ]; then + chost="${chost#?}" + else + chost='*' + fi + else + # chromium: exact host match must be prefixed with '.' + chost=".${host}" + fi + path="${url#*/}" + [ "$path" = "${host}" ] && path= + cpath= + if [ -n "$path" ]; then + cpath="$(echo "$path" | grep -oE '^[^*]*')" + fi + echo -e "\t\t\"${scheme:+${scheme}://}${chost}${cpath:+/${cpath}}\"," + done | sed '$ s/.$//' +} + +main() { + [ -e "/opt/openslx/config" ] || exit 0 + . /opt/openslx/config + + local url_policy_file="/etc/chromium-browser/policies/managed/url-filter.json" + echo -e "{\n" > "$url_policy_file" + local ttype + if [ "$SLX_BROWSER_IS_WHITELIST" -eq 1 ]; then + ttype="White" + echo -e '\t"URLBlacklist": [ "*" ],' >> "$url_policy_file" + else + ttype="Black" + fi + if [ -n "$SLX_BROWSER_URLLIST" ]; then + echo -e '\t"URL'"$ttype"'list": [' >> "$url_policy_file" + format_urls $SLX_BROWSER_URLLIST >> "$url_policy_file" + echo -e '\t]' >> "$url_policy_file" + fi + echo -e '}' >> "$url_policy_file" +} + +if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" -a "$PAM_TTY" = ":0" ]; then + # autologin of some sort + main +fi +true diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/00-chromium-policies b/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/00-chromium-policies deleted file mode 100644 index b9e0afb0..00000000 --- a/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/00-chromium-policies +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# ^SOURCED - -. /opt/openslx/config - -chromium_policies() { - # create managed policy file, those settings cannot be changed by the user - # (if he even gets to the settings dialog in the first place) - local chromium_policy_file="/etc/chromium-browser/policies/managed/kiosk-mode.json" - [ -e "$chromium_policy_file" ] && rm -f "$chromium_policy_file" - - mkdir -p ${chromium_policy_file%/*} - - if [ -n "$SLX_BROWSER_BOOKMARKS" ]; then - bookmarkbar=true - else - bookmarkbar=false - fi - - cat <<- EOF > "$chromium_policy_file" - { - "AutoFillEnabled": false, - "BackgroundModeEnabled": false, - "BookmarkBarEnabled": $bookmarkbar, - "DefaultBrowserSettingEnabled": true, - "DownloadRestrictions": 3, - "PasswordManagerEnabled": false, - "ShowAppsShortcutInBookmarkBar": false, - "TranslateEnabled": false - } - EOF -} - -if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" -a "$PAM_TTY" = ":0" ]; then - chromium_policies -fi -true diff --git a/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter b/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter deleted file mode 100644 index f80ed34a..00000000 --- a/core/modules/kiosk-chromium/data/opt/openslx/scripts/pam_script_ses_open.d/10-chromium-urlfilter +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -format_urls() { - local url scheme host path count chost - for url in $@; do - # first remove '*://' scheme, none means the same - url="${url#*\*://}" - # extract scheme and remove it from url if needed - scheme="${url%%://*}" - if [ "$scheme" != "$url" ]; then - url="${url#*://}" - else - scheme= - fi - # extract host, skip entry if empty - host="${url%%/*}" - [ -z "$host" ] && continue - # transform into chromium syntax - if [ "$host" != "${host//\*/}" ]; then - # host contains wildcard '*' - # look for the longest subdomain until the wildcard - chost="$(echo "$host" | grep -oE '[^*]+$')" - # remove dot left over - if [ -n "$chost" ]; then - chost="${chost#?}" - else - chost='*' - fi - else - # chromium: exact host match must be prefixed with '.' - chost=".${host}" - fi - path="${url#*/}" - [ "$path" = "${host}" ] && path= - cpath= - if [ -n "$path" ]; then - cpath="$(echo "$path" | grep -oE '^[^*]*')" - fi - echo -e "\t\t\"${scheme:+${scheme}://}${chost}${cpath:+/${cpath}}\"," - done | sed '$ s/.$//' -} - -main() { - [ -e "/opt/openslx/config" ] || exit 0 - . /opt/openslx/config - - local url_policy_file="/etc/chromium-browser/policies/managed/url-filter.json" - echo -e "{\n" > "$url_policy_file" - local ttype - if [ "$SLX_BROWSER_IS_WHITELIST" -eq 1 ]; then - ttype="White" - echo -e '\t"URLBlacklist": [ "*" ],' >> "$url_policy_file" - else - ttype="Black" - fi - if [ -n "$SLX_BROWSER_URLLIST" ]; then - echo -e '\t"URL'"$ttype"'list": [' >> "$url_policy_file" - format_urls $SLX_BROWSER_URLLIST >> "$url_policy_file" - echo -e '\t]' >> "$url_policy_file" - fi - echo -e '}' >> "$url_policy_file" -} - -if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" -a "$PAM_TTY" = ":0" ]; then - # autologin of some sort - main -fi -true -- cgit v1.2.3-55-g7522