core/modules/kiosk-chromium/data/opt/openslx/pam/hooks/session-open.d/10-chromium-urlfilter


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

#!/bin/bash
#^ SOURCED, actually running in ash

format_urls() {
	local url scheme host path chost
	while [ $# -ne 0 ]; do
		url="$1"
		shift
		# extract scheme and remove it from url if needed
		scheme="${url%%://*}"
		if [ "$scheme" != "$url" ]; then
			url="${url#*://}"
			if [ "$scheme" = 'http*' ]; then
				# Special case: assume http* means http and https
				scheme="http"
				format_urls "https://$url"
			elif [ "${scheme#*\*}" != "${scheme}" ]; then
				# Contains a *, not supported, use any
				scheme=
			fi
		else
			scheme=
		fi
		# extract host
		host="${url%%/*}"
		[ -z "$host" ] && continue
		# transform into chromium syntax
		# We don't support arbitrary wildcards in the host part
		chost="${host##*\*}"
		if [ "$host" != "$chost" ]; then
			# host contains wildcard '*', use everything
			# after last * in host
			if [ "${chost:0:1}" = "." ]; then
				# Remove leading dot if any
				chost="${chost#?}"
			fi
			# Empty host means any host
			[ -z "$chost" ] && chost='*'
		else
			# chromium: exact host match must be prefixed with '.'
			chost=".${chost}"
		fi
		path="${url#*/}"
		[ "${path}" = "${host}" ] && path=
		path="${path%%\**}"
		printf "%s\n" "${scheme:+${scheme}://}${chost}${path:+/${path}}"
	done
}

main() {
	[ -e "/opt/openslx/config" ] || exit 0
	. /opt/openslx/config

	local url_policy_file="/etc/chromium-browser/policies/managed/url-filter.json"
	echo "{" > "$url_policy_file"
	local ttype
	if [ "$SLX_BROWSER_IS_WHITELIST" -eq 1 ]; then
		ttype="White"
		echo -e '\t"URLBlacklist": [ "*" ],' >> "$url_policy_file"
	else
		ttype="Black"
	fi
	if [ -n "$SLX_BROWSER_URLLIST" ]; then
		echo -e '\t"'"URL${ttype}list"'": ' >> "$url_policy_file"
		format_urls $SLX_BROWSER_URLLIST \
			| jq -Rs 'rtrimstr("\n") | split("\n")' >> "$url_policy_file"
	fi
	echo '}' >> "$url_policy_file"
}

if [ "${PAM_SERVICE//autologin/}" != "$PAM_SERVICE" ] && [ "$PAM_TTY" = ":0" ]; then
	# autologin of some sort
	main
fi
true