[safe-mode/firefox] e-klausur demo modules

6 files changed, 94 insertions, 0 deletions

diff --git a/remote/modules/safe-mode/data/etc/systemd/system/basic.target.wants/safe-mode.service b/remote/modules/safe-mode/data/etc/systemd/system/basic.target.wants/safe-mode.service
new file mode 120000
index 00000000..c063e1a0
--- /dev/null
+++ b/remote/modules/safe-mode/data/etc/systemd/system/basic.target.wants/safe-mode.service
@@ -0,0 +1 @@
+../safe-mode.service
\ No newline at end of file
diff --git a/remote/modules/safe-mode/data/etc/systemd/system/safe-mode.service b/remote/modules/safe-mode/data/etc/systemd/system/safe-mode.service
new file mode 100644
index 00000000..ba11c034
--- /dev/null
+++ b/remote/modules/safe-mode/data/etc/systemd/system/safe-mode.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Sets up safe mode (local network, no tty switch, no openbox menu)
+
+[Service]
+Type=oneshot
+ExecStart=/opt/openslx/scripts/systemd-safe_mode
diff --git a/remote/modules/safe-mode/data/opt/openslx/iptables/rules.d/00-internal-network b/remote/modules/safe-mode/data/opt/openslx/iptables/rules.d/00-internal-network
new file mode 100755
index 00000000..1f29500b
--- /dev/null
+++ b/remote/modules/safe-mode/data/opt/openslx/iptables/rules.d/00-internal-network
@@ -0,0 +1,13 @@
+#!/bin/ash
+
+# identify subnet of br0's ip adress
+. /opt/openslx/config
+[ -z "$SLX_PXE_CLIENT_IP" ] && echo "No client IP found in '/opt/openslx/config'." && exit 1
+
+# lets build the subnet string
+SLX_LOCAL_SUBNET="$(echo "${SLX_PXE_CLIENT_IP}" | awk -F "." '{print $1"."$2".0.0/16"}')"
+[ -z "${SLX_LOCAL_SUBNET}" ] && echo "No ip range to allow. Exiting..." && exit 1
+# now create the iptables rule for openslx-iptables stuff
+# first as a temp file, then we move it to the real destination
+iptables -A INPUT -i br0 -p tcp -s "${SLX_LOCAL_SUBNET}" -j ACCEPT
+iptables -A INPUT -i br0 -p tcp -j REJECT
diff --git a/remote/modules/safe-mode/data/opt/openslx/scripts/systemd-safe_mode b/remote/modules/safe-mode/data/opt/openslx/scripts/systemd-safe_mode
new file mode 100755
index 00000000..6e66b35d
--- /dev/null
+++ b/remote/modules/safe-mode/data/opt/openslx/scripts/systemd-safe_mode
@@ -0,0 +1,59 @@
+#!/bin/ash
+
+disable_tty_switch() {
+	cat <<EOF > /etc/X11/xorg.conf.d/50-no-tty.conf
+Section "ServerFlags"
+	Option "DontVTSwitch" "true"
+EndSection
+EOF
+}
+
+disable_openbox_menu() {
+	[ ! -e "/etc/xdg/openbox/rc.xml.safe" ] && \
+		echo "No rc.xml.safe template found." && return 1
+	cp "/etc/xdg/openbox/rc.xml" "/root/rc.xml.unsafe"
+	cp "/etc/xdg/openbox/rc.xml.safe" "/etc/xdg/openbox/rc.xml"
+}
+
+disable_magic_keys() {
+	echo 0 > /proc/sys/kernel/sysrq
+}
+
+disable_cron_idleaction() {
+	rm /opt/openslx/scripts/idleaction-cron_script \
+		/opt/openslx/scripts/idleaction-scheduled_poweroff \
+		/opt/openslx/scripts/idleaction-scheduled_reboot
+}
+
+disable_systemd_auto_vt() {
+	sed -i 's/.*NAutoVTs=.*/NAutoVTs=0/g' "/etc/systemd/logind.conf"
+	systemctl restart systemd-logind
+}
+
+set_default_session() {
+	[ ! -e "/usr/share/xsessions/firefox.desktop" ] && \
+		echo "No firefox session found." && return 1
+	# we have it, copy it over default session
+	cp "/usr/share/xsessions/firefox.desktop" "/opt/openslx/xsessions/default.desktop"
+}
+
+no_autologin_delay() {
+	[ ! -e "/etc/kde4/kdm/kdmrc" ] && \
+		echo "Could not find '/etc/kde4/kdm/kdmrc'." && return 1
+	sed -i 's/^AutoLoginDelay=.*/AutoLoginDelay=0/g' "/etc/kde4/kdm/kdmrc"
+}
+
+
+. /opt/openslx/config
+
+[ -z "$SLX_BROWSER_START_URL" ] && \
+	echo "Not running in E-Klausur mode!" && \
+	exit 1
+
+disable_tty_switch
+disable_openbox_menu
+disable_magic_keys
+disable_cron_idleaction
+disable_systemd_auto_vt
+no_autologin_delay
+set_default_session
diff --git a/remote/modules/safe-mode/module.build b/remote/modules/safe-mode/module.build
new file mode 100644
index 00000000..86b1fd00
--- /dev/null
+++ b/remote/modules/safe-mode/module.build
@@ -0,0 +1,12 @@
+# fake module simply copying its data/ files
+fetch_source() {
+	:
+}
+
+build() {
+	:
+}
+
+post_copy() {
+	:
+}
diff --git a/remote/modules/safe-mode/module.conf b/remote/modules/safe-mode/module.conf
new file mode 100644
index 00000000..0cd03752
--- /dev/null
+++ b/remote/modules/safe-mode/module.conf
@@ -0,0 +1,3 @@
+REQUIRED_BINARIES=""
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""