Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts

10 files changed, 77 insertions, 53 deletions

diff --git a/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf b/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf
new file mode 100644
index 00000000..b6470bd3
--- /dev/null
+++ b/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf
@@ -0,0 +1,14 @@
+<!DOCTYPE busconfig PUBLIC
+	"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy user="root">
+		<allow eavesdrop="true"/>
+		<allow eavesdrop="true"
+			send_type="method_call"
+			send_destination="*"
+			send_path="/org/freedesktop/DBus"
+			send_interface="org.freedesktop.DBus"
+			send_member="AddMatch"/>
+	</policy>
+</busconfig>
diff --git a/remote/modules/kdm/data/etc/kde4/kdm/kdmrc b/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
index 26da07d2..c72b73be 100644
--- a/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
+++ b/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
@@ -1,6 +1,8 @@
 [General]
 PidFile=/var/run/kdm.pid
 ServerVTs=-7
+# Always spawn :0 (this is the default but it won't hurt)
+StaticServers=:0
 
 [X-*-Greeter]
 UseTheme=true
@@ -9,32 +11,41 @@ UseBackground=false
 GreetString=OpenSLX Workstation (%h)
 SelectedUsers=
 UserList=false
+AuthComplain=true
+AntiAliasing=true
 
 [X-:*-Greeter]
 AllowClose=false
 UseAdminSession=true
 
-[X-:0-Core]
+[X-:0-Greeter]
+LogSource=/dev/xconsole
+PreselectUser=None
+UseAdminSession=false
+
+[X-*-Core]
 AllowRootLogin=true
 AllowShutdown=All
 AutoLoginEnable=false
-Reset=/etc/kde4/kdm/Xreset
 ServerAttempts=2
-#TODO: Xsession doesn't work because scripts are missing under /etc/X11/Xsession.d/
+# Custom directory so kdm never sees any other sessions - it's up to the vmchooser to list them
+SessionsDirs=/opt/openslx/xsessions
+
+# Session is executed to start the user's session (as the user)
+# "One of the keywords failsafe, default or custom, or a string to eval by a Bourne-compatible shell is passed as the first argument."
 Session=/etc/kde4/kdm/Xsession
-SessionsDirs=/etc/X11/session,/usr/share/xsessions,/usr/share/apps/kdm/sessions
+# Reset is run after a session terminates (as root)
+Reset=/etc/kde4/kdm/Xreset
+# Setup is executed once before the greeter starts (as root)
 Setup=/etc/kde4/kdm/Xsetup
+# Startup is executed on successful authentication, before the session is opened (as root)
 Startup=/etc/kde4/kdm/Xstartup
 
-[X-:0-Greeter]
-LogSource=/dev/xconsole
-PreselectUser=None
-UseAdminSession=false
-
 [Shutdown]
+AllowFifo=false
 HaltCmd=/usr/bin/systemctl -ff poweroff
 RebootCmd=/usr/bin/systemctl -ff reboot
 
-[xdmcp]
+[Xdmcp]
 Enable=false
 
diff --git a/remote/modules/pam/data/etc/pam.d/common-account b/remote/modules/pam/data/etc/pam.d/common-account
index 26055551..3a5d5a14 100644
--- a/remote/modules/pam/data/etc/pam.d/common-account
+++ b/remote/modules/pam/data/etc/pam.d/common-account
@@ -23,5 +23,4 @@ account	requisite			pam_deny.so
 # since the modules above will each just jump around
 account	required			pam_permit.so
 # and here are more per-package modules (the "Additional" block)
-account required			pam_krb5.so
 # end of pam-auth-update config
diff --git a/remote/modules/pam/data/etc/pam.d/common-auth b/remote/modules/pam/data/etc/pam.d/common-auth
index 088ed13f..1fa577e7 100644
--- a/remote/modules/pam/data/etc/pam.d/common-auth
+++ b/remote/modules/pam/data/etc/pam.d/common-auth
@@ -14,8 +14,7 @@
 # pam-auth-update(8) for details.
 
 # here are the per-package modules (the "Primary" block)
-auth    [success=3 default=ignore]      pam_krb5.so minimum_uid=1000
-auth	[success=2 default=ignore]	pam_unix.so try_first_pass
+auth	[success=2 default=ignore]	pam_unix.so
 auth	[success=1 default=ignore]	pam_ldap.so use_first_pass nullok_secure
 # here's the fallback if no module succeeds
 auth	requisite			pam_deny.so
diff --git a/remote/modules/pam/data/etc/pam.d/common-session b/remote/modules/pam/data/etc/pam.d/common-session
index e3180dd4..c5813892 100644
--- a/remote/modules/pam/data/etc/pam.d/common-session
+++ b/remote/modules/pam/data/etc/pam.d/common-session
@@ -26,10 +26,8 @@ session	required			pam_permit.so
 # See "man pam_umask".
 session optional			pam_umask.so
 # and here are more per-package modules (the "Additional" block)
-session	[success=3]	pam_unix.so 
-session	[success=2]	pam_krb5.so minimum_uid=1000
-session [success=1]	pam_ldap.so
+session	[success=1]	pam_unix.so 
+session [success=ok]	pam_ldap.so
 session optional 	pam_mkhomedir.so skel=/etc/skel umask=0022
-session optional	pam_script.so
 session	required	pam_systemd.so kill-session-processes=1
 # end of pam-auth-update config
diff --git a/remote/modules/pam/pam.conf b/remote/modules/pam/pam.conf
index bbdd610f..e5bd35c6 100644
--- a/remote/modules/pam/pam.conf
+++ b/remote/modules/pam/pam.conf
@@ -22,7 +22,6 @@ REQUIRED_CONTENT_PACKAGES="
 	krb5-user
 	krb5-config
 	libpam-krb5
-	libpam-mount
 	ldap-utils
 	libnfsidmap2
 	nfs-common
diff --git a/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
index 885e72dc..91a17363 100644
--- a/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
+++ b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
@@ -1,6 +1,6 @@
 [Unit]
 Description=Proxy setup detection
-Before=sysinit.target shutdown.target
+Before=shutdown.target
 DefaultDependencies=no
 
 [Service]
diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build
index 8f4081e3..8052ca4e 100644
--- a/remote/modules/systemd/systemd.build
+++ b/remote/modules/systemd/systemd.build
@@ -30,8 +30,12 @@ build () {
 	# Delete unneeded services
 	pinfo "Deleting unneeded services"
 	local SERVICE=
+	local OTHER=
 	for SERVICE in $REQUIRED_DISABLED_SERVICES; do
-		find "${MODULE_BUILD_DIR}" -name "$SERVICE" -delete
+		find "${MODULE_BUILD_DIR}" -name "$SERVICE" -exec rm -r {} \;
+		for OTHER in $(grep -l -r "$SERVICE" "$MODULE_BUILD_DIR/usr/lib/systemd/system"); do
+			sed -i -r "s#\s*$SERVICE\s*# #g" "$OTHER"
+		done
 	done
 }
 
diff --git a/remote/modules/vmchooser/data/usr/share/xsessions/default.desktop b/remote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop
index d33615cf..d33615cf 100755
--- a/remote/modules/vmchooser/data/usr/share/xsessions/default.desktop
+++ b/remote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop
diff --git a/remote/modules/xorg/data/etc/X11/Xsession b/remote/modules/xorg/data/etc/X11/Xsession
index a9b3d43b..5734d8c4 100644
--- a/remote/modules/xorg/data/etc/X11/Xsession
+++ b/remote/modules/xorg/data/etc/X11/Xsession
@@ -3,36 +3,36 @@
 #Workaround to start Xsession. The original Xsession script includes error handling functionality and sources other scrips from the Xsession.d/ directory.
 
 #start selected session
-   case "$1" in
-      failsafe)
-        # Failsafe session was requested.
-          if [ -e /usr/bin/xterm ]; then
-            if [ -x /usr/bin/xterm ]; then
-              exec xterm -geometry +1+1
-            else
-              # fatal error
-              errormsg "unable to launch failsafe X session ---" \
-                       "x-terminal-emulator not executable; aborting."
-            fi
-          else
-            # fatal error
-            errormsg "unable to launch failsafe X session ---" \
-                     "x-terminal-emulator not found; aborting."
-          fi
-        ;;
-      *)
-        # Specific program was requested.
-        STARTUP_FULL_PATH=$(/opt/openslx/usr/bin/which "${1%% *}" || true)
-        if [ -n "$STARTUP_FULL_PATH" ] && [ -e "$STARTUP_FULL_PATH" ]; then
-          if [ -x "$STARTUP_FULL_PATH" ]; then
-            exec $1
-          else
-            message "unable to launch \"$1\" X session ---" \
-                    "\"$1\" not executable; falling back to default session."
-          fi
-        else
-          message "unable to launch \"$1\" X session ---" \
-                  "\"$1\" not found; falling back to default session."
-        fi
-        ;;
-    esac
+case "$1" in
+	failsafe)
+		# Failsafe session was requested.
+		if [ -e /usr/bin/xterm ]; then
+			if [ -x /usr/bin/xterm ]; then
+				exec xterm -geometry +1+1
+			else
+				# fatal error
+				errormsg "unable to launch failsafe X session ---" \
+					"x-terminal-emulator not executable; aborting."
+			fi
+		else
+			# fatal error
+			errormsg "unable to launch failsafe X session ---" \
+				"x-terminal-emulator not found; aborting."
+		fi
+	;;
+	*)
+		# Specific program was requested.
+		STARTUP_FULL_PATH=$(/opt/openslx/usr/bin/which "${1%% *}" || true)
+		if [ -n "$STARTUP_FULL_PATH" ] && [ -e "$STARTUP_FULL_PATH" ]; then
+			if [ -x "$STARTUP_FULL_PATH" ]; then
+				exec $1
+			else
+				message "unable to launch \"$1\" X session ---" \
+					"\"$1\" not executable; falling back to default session."
+			fi
+		else
+			message "unable to launch \"$1\" X session ---" \
+				"\"$1\" not found; falling back to default session."
+		fi
+	;;
+esac