diff options
Diffstat (limited to 'remote/modules')
61 files changed, 1675 insertions, 133 deletions
diff --git a/remote/modules/alsa/module.conf.opensuse b/remote/modules/alsa/module.conf.opensuse index 17651c29..a9ba1d50 100644 --- a/remote/modules/alsa/module.conf.opensuse +++ b/remote/modules/alsa/module.conf.opensuse @@ -3,3 +3,8 @@ REQUIRED_CONTENT_PACKAGES=" alsa libasound2 " +REQUIRED_INSTALLED_PACKAGES=" + alsa-utils + alsa + libasound2 +" diff --git a/remote/modules/beamergui/module.build b/remote/modules/beamergui/module.build index 2ff35bfc..1afde34e 100644 --- a/remote/modules/beamergui/module.build +++ b/remote/modules/beamergui/module.build @@ -6,6 +6,11 @@ fetch_source() { build() { local SRCDIR="${MODULE_DIR}/src/" + if [[ "$SYS_DISTRIBUTION" == "opensuse" && "$SYS_VERSION" == "13.2" ]]; then + QMAKE="/usr/$LIB64/qt4/bin/qmake" + else + QMAKE="$(which qmake-qt4)" + fi # first activate qt 4 activate_qt 4 @@ -13,7 +18,7 @@ build() { mkdir -p "$MODULE_BUILD_DIR/opt/openslx/bin" cd "${MODULE_BUILD_DIR}/opt/openslx/bin" || perror "Could not cd!" pinfo "Running qmake" - qmake-qt4 "$SRCDIR/src/beamergui.pro" -r -spec linux-g++ || perror "'qmake-qt4' failed (e.g. not installed)." + "$QMAKE" "$SRCDIR/src/beamergui.pro" -r -spec linux-g++ || perror "'qmake-qt4' failed (e.g. not installed)." pinfo "Running make" make || perror "'make' failed." } diff --git a/remote/modules/beamergui/module.conf.opensuse b/remote/modules/beamergui/module.conf.opensuse new file mode 100644 index 00000000..01586fe3 --- /dev/null +++ b/remote/modules/beamergui/module.conf.opensuse @@ -0,0 +1,8 @@ +REQUIRED_INSTALLED_PACKAGES=" +libqt4-devel +libxrandr-devel +" +REQUIRED_CONTENT_PACKAGES=" +libqt4-devel +libXrandr-devel +" diff --git a/remote/modules/cups/module.conf.opensuse.13.2 b/remote/modules/cups/module.conf.opensuse.13.2 new file mode 100644 index 00000000..ebe832dd --- /dev/null +++ b/remote/modules/cups/module.conf.opensuse.13.2 @@ -0,0 +1,12 @@ +REQUIRED_INSTALLED_PACKAGES=" + cups + cups-libs + cups-filters-foomatic-rip + ghostscript +" +REQUIRED_CONTENT_PACKAGES=" + cups + cups-libs + cups-filters-foomatic-rip + ghostscript +" diff --git a/remote/modules/idleaction/data/opt/openslx/scripts/idleaction-cron_script b/remote/modules/idleaction/data/opt/openslx/scripts/idleaction-cron_script index f034553c..ad74def0 100755 --- a/remote/modules/idleaction/data/opt/openslx/scripts/idleaction-cron_script +++ b/remote/modules/idleaction/data/opt/openslx/scripts/idleaction-cron_script @@ -11,7 +11,7 @@ NOW=$(date +%s) # # 1) Check for idle timeout # -if [ -n "${SLX_LOGOUT_TIMEOUT}" ]; then +if [ -n "${SLX_LOGOUT_TIMEOUT}" ] && [ "${SLX_LOGOUT_TIMEOUT}" -gt 0 ]; then # Logout timeout is set, see which users we should kick IS_IDLE=yes # get all sessions @@ -84,7 +84,7 @@ fi # # 2) Check for no-session-shutdown timeout # -if [ -n "$SLX_SHUTDOWN_TIMEOUT" ] && [ -e "$IDLEHINT" ]; then +if [ -n "${SLX_SHUTDOWN_TIMEOUT}" ] && [ "${SLX_SHUTDOWN_TIMEOUT}" -gt 0 ] && [ -e "$IDLEHINT" ]; then IDLE=$(cat "$IDLEHINT") [ "$IDLE" -gt "$NOW" ] && IDLE="$NOW" IDLE=$(( $NOW - $IDLE )) diff --git a/remote/modules/ncp/module.build b/remote/modules/ncp/module.build new file mode 100644 index 00000000..d8250512 --- /dev/null +++ b/remote/modules/ncp/module.build @@ -0,0 +1,26 @@ +#!/bin/bash + +fetch_source() { + + # Distribution switch: Ubuntu 14.04 dropped packages ncpfs and libncp: + if [[ "$SYS_DISTRIBUTION" == "ubuntu" && "$SYS_VERSION" == "14.04" ]]; then + for file in $REQUIRED_DOWNLOAD_URLS; do + local package="$(basename $file)" + pinfo "Downloading and installing package $package ..." + download_if_empty "$file" "src/$package" + dpkg -i "src/$package" || perror "Could not install package $package." + done + fi +} + +build() { + local COPYLIST="$MODULE_BUILD_DIR/list_packet_files" + # TODO: Hack for SUSE: Ignore file (/var/lib/nfs/state) that does not exist :( + list_packet_files | grep -v '/var/lib/nfs/state' | sort -u > "$COPYLIST" + tarcopy "$(cat "$COPYLIST")" "${MODULE_BUILD_DIR}" + +} + +post_copy() { + : +} diff --git a/remote/modules/ncp/module.conf b/remote/modules/ncp/module.conf new file mode 100644 index 00000000..4ed03cdc --- /dev/null +++ b/remote/modules/ncp/module.conf @@ -0,0 +1,8 @@ +REQUIRED_BINARIES=" +" +REQUIRED_LIBRARIES=" +" +REQUIRED_DIRECTORIES=" +" +REQUIRED_SYSTEM_FILES=" +" diff --git a/remote/modules/ncp/module.conf.debian b/remote/modules/ncp/module.conf.debian new file mode 100644 index 00000000..fad69af5 --- /dev/null +++ b/remote/modules/ncp/module.conf.debian @@ -0,0 +1,26 @@ +REQUIRED_INSTALLED_PACKAGES=" + ncpfs + libncp +" +REQUIRED_CONTENT_PACKAGES=" + ncpfs + libncp +" +REQUIRED_BINARIES+=" + nwmsg + ncpmount + ncpumount + mount.ncp + mount.ncpfs +" +REQUIRED_DIRECTORIES+=" + /usr +" + +# For Debian 8: Both packages were dropped from official repos. Do not change the +# order, as these packages will be installed via dpkg and depend on each other. +REQUIRED_DOWNLOAD_URLS=" + ftp.acc.umu.se/mirror/cdimage/snapshot/Debian/pool/main/n/ncpfs/libpam-ncp_2.2.6-9_amd64.deb + ftp.acc.umu.se/mirror/cdimage/snapshot/Debian/pool/main/n/ncpfs/libncp_2.2.6-9_amd64.deb + ftp.acc.umu.se/mirror/cdimage/snapshot/Debian/pool/main/n/ncpfs/ncpfs_2.2.6-9_amd64.deb +" diff --git a/remote/modules/ncp/module.conf.ubuntu b/remote/modules/ncp/module.conf.ubuntu new file mode 100644 index 00000000..c1914103 --- /dev/null +++ b/remote/modules/ncp/module.conf.ubuntu @@ -0,0 +1,17 @@ +REQUIRED_INSTALLED_PACKAGES=" + ncpfs +" +REQUIRED_CONTENT_PACKAGES=" + libncp + ncpfs +" +REQUIRED_BINARIES+=" + nwmsg + ncpmount + ncpumount + mount.ncp + mount.ncpfs +" +REQUIRED_DIRECTORIES+=" + /usr +" diff --git a/remote/modules/ncp/module.conf.ubuntu.14 b/remote/modules/ncp/module.conf.ubuntu.14 new file mode 100644 index 00000000..acb2f629 --- /dev/null +++ b/remote/modules/ncp/module.conf.ubuntu.14 @@ -0,0 +1,24 @@ +REQUIRED_INSTALLED_PACKAGES=" +" +REQUIRED_CONTENT_PACKAGES=" + libncp + ncpfs +" +REQUIRED_BINARIES+=" + nwmsg + ncpmount + ncpumount + mount.ncp + mount.ncpfs +" +REQUIRED_DIRECTORIES+=" + /usr +" + +# For Ubuntu 14.04: Both packages were dropped from official repos. Do not change the +# order, as these packages will be installed via dpkg and depend on each other. +REQUIRED_DOWNLOAD_URLS=" + de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/libncp_2.2.6-9ubuntu1_amd64.deb + de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/libpam-ncp_2.2.6-9ubuntu1_amd64.deb + de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/ncpfs_2.2.6-9ubuntu1_amd64.deb +" diff --git a/remote/modules/netpoint-lightdm/data/etc/lightdm/lightdm.conf b/remote/modules/netpoint-lightdm/data/etc/lightdm/lightdm.conf new file mode 100644 index 00000000..3e78eb50 --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/etc/lightdm/lightdm.conf @@ -0,0 +1,164 @@ +# +# General configuration +# +# start-default-seat = True to always start one seat if none are defined in the configuration +# greeter-user = User to run greeter as +# minimum-display-number = Minimum display number to use for X servers +# minimum-vt = First VT to run displays on +# lock-memory = True to prevent memory from being paged to disk +# user-authority-in-system-dir = True if session authority should be in the system location +# guest-account-script = Script to be run to setup guest account +# logind-check-graphical = True to on start seats that are marked as graphical by logind +# log-directory = Directory to log information to +# run-directory = Directory to put running state in +# cache-directory = Directory to cache to +# sessions-directory = Directory to find sessions +# remote-sessions-directory = Directory to find remote sessions +# greeters-directory = Directory to find greeters +# +[LightDM] +#start-default-seat=true +#greeter-user=lightdm +#minimum-display-number=0 +minimum-vt=1 +#lock-memory=true +#user-authority-in-system-dir=false +guest-account-script=/usr/local/bin/guest-account +#logind-check-graphical=false +#log-directory=/var/log/lightdm +run-directory=/run/lightdm +#cache-directory=/var/cache/lightdm +#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions +#remote-sessions-directory=/usr/share/lightdm/remote-sessions + +greeters-directory=/usr/local/share/xgreeters:/usr/share/lightdm/greeters:/usr/share/xgreeters + +# +# Seat defaults +# +# type = Seat type (xlocal, xremote) +# pam-service = PAM service to use for login +# pam-autologin-service = PAM service to use for autologin +# pam-greeter-service = PAM service to use for greeters +# xserver-command = X server command to run (can also contain arguments e.g. X -special-option) +# xserver-layout = Layout to pass to X server +# xserver-config = Config file to pass to X server +# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server +# xserver-share = True if the X server is shared for both greeter and session +# xserver-hostname = Hostname of X server (only for type=xremote) +# xserver-display-number = Display number of X server (only for type=xremote) +# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true) +# xdmcp-port = XDMCP UDP/IP port to communicate on +# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf) +# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option) +# unity-compositor-timeout = Number of seconds to wait for compositor to start +# greeter-session = example-greeter +# greeter-hide-users = True to hide the user list +# greeter-allow-guest = True if the greeter should show a guest login option +# greeter-show-manual-login = True if the greeter should offer a manual login option +# greeter-show-remote-login = True if the greeter should offer a remote login option +# user-session = Session to load for users +# allow-user-switching = True if allowed to switch users +# allow-guest = True if guest login is allowed +# guest-session = Session to load for guests (overrides user-session) +# session-wrapper = Wrapper script to run session with +# greeter-wrapper = Wrapper script to run greeter with +# guest-wrapper = Wrapper script to run guest sessions with +# display-setup-script = Script to run when starting a greeter session (runs as root) +# display-stopped-script = Script to run after stopping the display server (runs as root) +# greeter-setup-script = Script to run when starting a greeter (runs as root) +# session-setup-script = Script to run when starting a user session (runs as root) +# session-cleanup-script = Script to run when quitting a user session (runs as root) +# autologin-guest = True to log in as guest by default +# autologin-user = User to log in with by default (overrides autologin-guest) +# autologin-user-timeout = Number of seconds to wait before loading default user +# autologin-session = Session to load for automatic login (overrides user-session) +# autologin-in-background = True if autologin session should not be immediately activated +# exit-on-failure = True if the daemon should exit if this seat fails +# +[SeatDefaults] +#type=xlocal +#pam-service=lightdm +#pam-autologin-service=lightdm-autologin +#pam-greeter-service=lightdm-greeter +#xserver-command=X +#xserver-layout= +#xserver-config= +#xserver-allow-tcp=false +#xserver-share=true +#xserver-hostname= +#xserver-display-number= +#xdmcp-manager= +#xdmcp-port=177 +#xdmcp-key= +#unity-compositor-command=unity-system-compositor +#unity-compositor-timeout=60 + +greeter-session=netpoint + +greeter-hide-users=false +greeter-allow-guest=true +#greeter-show-manual-login=false +#greeter-show-remote-login=true +#user-session=default +#allow-user-switching=true +allow-guest=true + +guest-session=/usr/bin/icewm + +# Keine Ahnung session-wrapper=/etc/lightdm/Xsession + +#greeter-wrapper= +guest-wrapper=/usr/local/bin/guest-session +#display-setup-script= +#display-stopped-script= +#greeter-setup-script= +session-setup-script=/usr/local/bin/guest-setup +session-cleanup-script=/usr/local/bin/guest-cleanup +#autologin-guest=true +#autologin-user= +#autologin-user-timeout=0 +#autologin-in-background=false +#autologin-session=UNIMPLEMENTED +#exit-on-failure=false + +# +# Seat configuration +# +# Each seat must start with "Seat:". +# Uses settings from [SeatDefaults], any of these can be overriden by setting them in this section. +# +#[Seat:0] + +# +# XDMCP Server configuration +# +# enabled = True if XDMCP connections should be allowed +# port = UDP/IP port to listen for connections on +# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf) +# +# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively +# it can be a word and the first 7 characters are used as the key. +# +[XDMCPServer] +#enabled=false +#port=177 +#key= + +# +# VNC Server configuration +# +# enabled = True if VNC connections should be allowed +# command = Command to run Xvnc server with +# port = TCP/IP port to listen for connections on +# width = Width of display to use +# height = Height of display to use +# depth = Color depth of display to use +# +[VNCServer] +#enabled=false +#command=Xvnc +#port=5900 +#width=1024 +#height=768 +#depth=8 diff --git a/remote/modules/netpoint-lightdm/data/etc/sysconfig/displaymanager b/remote/modules/netpoint-lightdm/data/etc/sysconfig/displaymanager new file mode 100644 index 00000000..9a64a124 --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/etc/sysconfig/displaymanager @@ -0,0 +1,113 @@ +## Path: Desktop/Display manager +## Type: string(Xorg) +## Default: "Xorg" +# +DISPLAYMANAGER_XSERVER="Xorg" +## Path: Desktop/Display manager +## Description: settings to generate a proper displaymanager config + +## Type: string(kdm,xdm,gdm,wdm,entrance,console,lightdm,sddm) +## Default: "" +# +# Here you can set the default Display manager (kdm/xdm/gdm/wdm/entrance/console). +# all changes in this file require a restart of the displaymanager +# +# DISPLAYMANAGER="kdm" +DISPLAYMANAGER="lightdm" + +## Type: yesno +## Default: no +# +# Allow remote access (XDMCP) to your display manager (xdm/kdm/gdm). Please note +# that a modified kdm or xdm configuration, e.g. by KDE control center +# will not be changed. For gdm, values will be updated after change. +# XDMCP service should run only on trusted networks and you have to disable +# firewall for interfaces, where you want to provide this service. +# +DISPLAYMANAGER_REMOTE_ACCESS="no" + +## Type: yesno +## Default: no +# +# Allow remote access of the user root to your display manager. Note +# that root can never login if DISPLAYMANAGER_SHUTDOWN is "auto" and +# System/Security/Permissions/PERMISSION_SECURITY is "paranoid" +# +DISPLAYMANAGER_ROOT_LOGIN_REMOTE="no" + +## Type: yesno +## Default: yes +# +# Let the displaymanager start a local Xserver. +# Set to "no" for remote-access only. +# Set to "no" on architectures without any Xserver (e.g. s390/s390x). +# +DISPLAYMANAGER_STARTS_XSERVER="yes" + +## Type: yesno +## Default: no +# +# TCP port 6000 of Xserver. When set to "no" (default) Xserver is +# started with "-nolisten tcp". Only set this to "yes" if you really +# need to. Remote X service should run only on trusted networks and +# you have to disable firewall for interfaces, where you want to +# provide this service. Use ssh X11 port forwarding whenever possible. +# +DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN="no" + +## Type: string +## Default: +# +# Define the user whom should get logged in without request. If string +# is empty, display standard login dialog. +# +DISPLAYMANAGER_AUTOLOGIN="" + +## Type: yesno +## Default: no +# +# Allow all users to login without password, but ask for the user, if +# DISPLAYMANAGER_AUTOLOGIN is empty. +# +DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no" + +## Type: yesno +## Default: no +# +# Display a combobox for Active Directory domains. +# +DISPLAYMANAGER_AD_INTEGRATION="no" + +## Type: list(root,all,none,auto) +## Default: auto +# +# Determine who will be able to shutdown or reboot the system in kdm. Valid +# values are: "root" (only root can shutdown), "all" (everybody can shutdown), +# "none" (nobody can shutdown from displaymanager), "auto" (follow +# System/Security/Permissions/PERMISSION_SECURITY to decide: "easy local" is +# equal to "all", everything else is equal to "root"). gdm respects the +# PolicyKit settings for ConsoleKit. Shutdown configuration can be done via +# the polkit-default-privs mechanism. +# +DISPLAYMANAGER_SHUTDOWN="auto" +## Path: Desktop/Display manager +## Description: settings to generate a proper displaymanager config +## Config: kdm + +## Type: string +## Default: +# +# Defines extra Server Arguments given to the kdm display manager when +# starting a local display. Useful to override e.g. the -dpi setting. +# +DISPLAYMANAGER_KDM_LOCALARGS="" + +## Type: yesno +## Default: yes +# +# Allow local access of the user root to your display manager. Note +# that root can never login if DISPLAYMANAGER_SHUTDOWN is "auto" and +# System/Security/Permissions/PERMISSION_SECURITY is "paranoid". +# This settings currently works only with KDM. +# +DISPLAYMANAGER_ROOT_LOGIN_LOCAL="yes" diff --git a/remote/modules/netpoint-lightdm/data/etc/sysconfig/windowmanager b/remote/modules/netpoint-lightdm/data/etc/sysconfig/windowmanager new file mode 100644 index 00000000..12120320 --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/etc/sysconfig/windowmanager @@ -0,0 +1,51 @@ +## Type: string +## Default: +## Path: Desktop +## Description: default mouse cursor theme +# +# Name of mouse cursor theme for X11. Possible themes can be found +# in /usr/share/icons/ +# +X_MOUSE_CURSOR="DMZ" +## Path: Desktop/Window manager +## Description: +## Type: string(gnome,kde4,kde,lxde,xfce,twm,icewm) +## Default: kde4 +## Config: profiles,kde,susewm +# +# Here you can set the default window manager (kde, fvwm, ...) +# changes here require at least a re-login +# DEFAULT_WM="kde-plasma" +DEFAULT_WM="xfce" + +## Type: yesno +## Default: yes +# +# install the SuSE extension for new users +# (theme and additional functions) +# +INSTALL_DESKTOP_EXTENSIONS="yes" +## Path: Desktop +## Description: prepare global sycoca database for faster first startup +## Type: list(yes,initial,no) +## Default: initial +# +# building a global sycoca database, which can be used at first user +# login in KDE +# +KDE_BUILD_GLOBAL_SYCOCA="initial" + +## Type: yesno +## Default: yes +# +# To disable IPv6 support within KDE. It might solve large timeouts due to +# broken servers which claim to have IPv6 support, but do not respond. +# +KDE_USE_IPV6="yes" + +## Type: yesno +## Default: yes +# +# IDN support can get disabled to avoid DNS phishing for example. +# +KDE_USE_IDN="yes" diff --git a/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-account b/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-account new file mode 100644 index 00000000..3eed0efc --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-account @@ -0,0 +1,3 @@ +#!/bin/sh + +echo "demo" diff --git a/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-cleanup b/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-cleanup new file mode 100755 index 00000000..32179cec --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-cleanup @@ -0,0 +1,8 @@ +#!/bin/sh + +IPTABLES=$(/usr/bin/which iptables) + +"$IPTABLES" -F +"$IPTABLES" -P INPUT ACCEPT +"$IPTABLES" -P FORWARD ACCEPT +"$IPTABLES" -P OUTPUT ACCEPT diff --git a/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-session b/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-session new file mode 100755 index 00000000..2c22a68c --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-session @@ -0,0 +1,4 @@ +#!/bin/sh + +exec /usr/bin/icewm & +# exec /usr/bin/firefox diff --git a/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-setup b/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-setup new file mode 100755 index 00000000..cb6791fc --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/bin/guest-setup @@ -0,0 +1,25 @@ +#!/bin/sh + +IPTABLES=$(/usr/bin/which iptables) + +# reset +"$IPTABLES" -F INPUT +"$IPTABLES" -F FORWARD +"$IPTABLES" -F OUTPUT + +if [ "x${USER}" = "xdemo" ]; then + # filter out the internetz + "$IPTABLES" -P INPUT DROP + "$IPTABLES" -P FORWARD DROP + "$IPTABLES" -P OUTPUT DROP + + # block internetz + "$IPTABLES" -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + "$IPTABLES" -A OUTPUT -d 132.230.0.0/16 -j ACCEPT + "$IPTABLES" -A OUTPUT -d 10.0.0.0/8 -j ACCEPT +else + "$IPTABLES" -P INPUT ACCEPT + "$IPTABLES" -P FORWARD ACCEPT + "$IPTABLES" -P OUTPUT ACCEPT + +fi diff --git a/remote/modules/netpoint-lightdm/data/usr/local/bin/netpoint.py b/remote/modules/netpoint-lightdm/data/usr/local/bin/netpoint.py new file mode 100755 index 00000000..635fb03f --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/bin/netpoint.py @@ -0,0 +1,215 @@ +#!/usr/bin/python +# +# Author: Matt Fischer <matthew.fischer@canonical.com> +# Copyright (C) 2012 Canonical, Ltd +# +# This program is free software: you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation, either version 3 of the License, or (at your option) any later +# version. See http://www.gnu.org/copyleft/gpl.html the full text of the +# license. +# +# This code is based on the LightDM GTK Greeter which was written by: +# Robert Ancell <robert.ancell@canonical.com> + +# required packages: +# liblightdm-gobject-1-0 +# gir1.2-lightdm-1 +# python-gobject +# gir1.2-glib-2.0 +# gir1.2-gtk-3.0 + +from gi.repository import GObject +from gi.repository import GLib +from gi.repository import Gtk +from gi.repository import Gdk +from gi.repository import GdkPixbuf +from gi.repository.GdkPixbuf import InterpType +from gi.repository import LightDM +import sys + +greeter = None + +main = None +split = None + +guest_box = None +guest_text = None +guest_button = None +guest_image = None + +login_box = None +login_text = None +user_box = None +user_text = None +user_username = None +pass_box = None +pass_text = None +pass_password = None + +prompt_box = None +prompt_label = None +prompt_entry = None +message_label = None + +# This Gtk signal is called when the user hits enter after entering a +# username/password or clicks the login button. Since we re-purposed +# the text entry box, we have 3 possible cases to handle here. +# 1) the user is already authenticated, if for example, they don't have +# a password set. +# 2) The username has been passed into LightDM and now we need to pass +# the password +# 3) The username has been entered, but not passed in. We pass it in +# and start the authentication process. +def login_cb(widget): + print >> sys.stderr, "login_cb" + if greeter.get_is_authenticated(): + print >> sys.stderr, "user is already authenticated, starting session" + #start_session() + elif greeter.get_in_authentication(): + print >> sys.stderr, "username was passed in already, send password to LightDM" + print >> sys.stderr, greeter.get_authentication_user() + greeter.respond(pass_password.get_text()) + else: + print >> sys.stderr, "Initial entry of username, send it to LightDM" + greeter.authenticate(user_username.get_text()) + +def guest_cb(widget): + print >> sys.stderr, "guest_cb" + if greeter.get_has_guest_account_hint(): + print >> sys.stderr, "Guest accounts supported" + greeter.authenticate_as_guest() + else: + print >> sys.stderr, "Guest accounts not supported" + + +# Gtk Signal Handlers +handlers = { + "login_cb": login_cb, + "guest_cb": guest_cb +} + +# The show_prompt callback is oddly named, but when you get this +# callback you are supposed to send the password to LightDM next. In +# our example, we re-purpose the prompt and ask the user for the +# password which is then sent the next time the user hits the Login +# button or presses enter. +def show_prompt_cb(greeter, text, promptType): + print >> sys.stderr, "Prompt type: " + str(promptType) + print >> sys.stderr, "Text: " + str(text) + # if this is a password prompt, we want to hide the characters + if promptType == LightDM.PromptType.SECRET: + pass_password.set_visibility(False) + else: + pass_password.set_visibility(True) + greeter.respond(pass_password.get_text()) + + +# If LightDM sends a message back to the greeter, for example, "Login +# failed" or "invalid password" we display it in our message box. +def show_message_cb(text, message_type): + print >> sys.stderr, "In show_message" + print >> sys.stderr, text + message_label.set_text(text) + message_label.show() + +# Callback for after we send LightDM the password, this method +# has to handle a successful login, in which case we start the session +# or a failed login, in which case we tell the user +def authentication_complete_cb(greeter): + if greeter.get_is_authenticated(): + # For our simple example we always start Unity-2d. The LightDM + # API has ways to query available sessions, please see the docs. + if not greeter.start_session_sync("xfce"): + print >> sys.stderr, "Failed to start session" + else: + print >> sys.stderr, "Login failed" + message_label.set_text("LOGIN FAILED") + message_label.show() + +if __name__ == '__main__': + print >> sys.stderr, "Starting up..." + main_loop = GObject.MainLoop () + builder = Gtk.Builder() + greeter = LightDM.Greeter() + styler = Gtk.CssProvider() + css = open('/usr/local/share/lightdm/netpoint.css', 'r') + + css_data = css.read() + css.close() + styler.load_from_data(css_data) + Gtk.StyleContext.add_provider_for_screen( + Gdk.Screen.get_default(), + styler, + Gtk.STYLE_PROVIDER_PRIORITY_APPLICATION + ) + + # connect signal handlers to LightDM + greeter.connect ("authentication-complete", authentication_complete_cb) + greeter.connect ("show-message", show_message_cb) + greeter.connect ("show-prompt", show_prompt_cb) + + # connect builder and widgets + # you probably really want to put your .UI file somewhere else + builder.add_from_file("/usr/local/share/lightdm/netpoint.glade") + + main = builder.get_object("main") + split = builder.get_object("split") + sep = builder.get_object("sep") + message_label = builder.get_object("message_label") + print >> sys.stderr, message_label + guest_box = builder.get_object("guest_box") + + guest_outer_box = builder.get_object("guest_outer_box") + guest_internal_box = builder.get_object("guest_internal_box") + guest_text = builder.get_object("guest_text") + guest_button = builder.get_object("guest_button") + guest_image = builder.get_object("guest_image") + login_image = builder.get_object("login_image") + #pixbuf = guest_image.get_pixbuf() + #pixbuf = pixbuf.scale_simple(pixbuf.get_width() * 0.7, pixbuf.get_height() * 0.7, InterpType.HYPER) + #guest_image.set_from_pixbuf(pixbuf) + #pixbuf = login_image.get_pixbuf() + #pixbuf = pixbuf.scale_simple(pixbuf.get_width() * 0.7, pixbuf.get_height() * 0.7, InterpType.HYPER) + #login_image.set_from_pixbuf(pixbuf) + + login_box = builder.get_object("login_box") + login_text = builder.get_object("login_text") + + user_box = builder.get_object("user_box") + user_text = builder.get_object("user_text") + user_username = builder.get_object("user_username") + + pass_box = builder.get_object("pass_box") + pass_text = builder.get_object("pass_text") + pass_password = builder.get_object("pass_password") + + # connect signals to Gtk UI + builder.connect_signals(handlers) + + # connect to greeter + greeter.connect_sync() + + message_label.hide() + + # setup the GUI + main.set_decorated(True) + main.get_root_window().set_cursor(Gdk.Cursor.new(Gdk.CursorType.ARROW)) + main.show() + guest_text.show() + guest_button.show() + login_text.show() + user_text.show() + user_username.grab_focus() + user_username.show() + pass_text.show() + pass_password.set_sensitive(True) + pass_password.set_visibility(False) + pass_password.show() + + # fullscreen it + main.resize(Gdk.Screen.width(), Gdk.Screen.height()) + + #print >> sys.stderr, guest_box.get_height() + #print >> sys.stderr, guest_box.get_width() + main_loop.run () diff --git a/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/ff-google-smaller.png b/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/ff-google-smaller.png Binary files differnew file mode 100644 index 00000000..f3b81c32 --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/ff-google-smaller.png diff --git a/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/ff-rz-smaller.png b/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/ff-rz-smaller.png Binary files differnew file mode 100644 index 00000000..f6e4703d --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/ff-rz-smaller.png diff --git a/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/netpoint.css b/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/netpoint.css new file mode 100644 index 00000000..7f1f80af --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/netpoint.css @@ -0,0 +1,16 @@ +#main { + background-color: white; +} +#sep { + -GtkWidget-wide-separators: 1; + -GtkWidget-separator-width: 5; + border-style: solid; + border-width: 2px; + color: grey; +} +#title { + border-top-style: solid; + border-bottom-style: double; + border-width: 3px; + border-color: grey; +} diff --git a/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/netpoint.glade b/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/netpoint.glade new file mode 100644 index 00000000..e2e47416 --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/share/lightdm/netpoint.glade @@ -0,0 +1,365 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Generated with glade 3.18.3 --> +<interface> + <requires lib="gtk+" version="3.12"/> + <object class="GtkWindow" id="main"> + <property name="name">main</property> + <property name="can_focus">False</property> + <property name="hexpand">True</property> + <property name="vexpand">True</property> + <property name="window_position">center-always</property> + <property name="default_width">800</property> + <property name="default_height">600</property> + <property name="decorated">False</property> + <property name="gravity">center</property> + <child> + <object class="GtkBox" id="box2"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="orientation">vertical</property> + <child> + <object class="GtkLabel" id="label1"> + <property name="name">title</property> + <property name="height_request">100</property> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="label" translatable="yes">Netpoint 0.1</property> + <attributes> + <attribute name="font-desc" value="Sans Bold 18"/> + </attributes> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">0</property> + </packing> + </child> + <child> + <object class="GtkGrid" id="grid1"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="hexpand">False</property> + <property name="vexpand">True</property> + <child> + <object class="GtkSeparator" id="separator1"> + <property name="name">sep</property> + <property name="width_request">10</property> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="vexpand">True</property> + <property name="orientation">vertical</property> + </object> + <packing> + <property name="left_attach">1</property> + <property name="top_attach">0</property> + </packing> + </child> + <child> + <object class="GtkGrid" id="grid2"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="hexpand">True</property> + <property name="vexpand">False</property> + <property name="row_homogeneous">True</property> + <child> + <object class="GtkBox" id="guest_box"> + <property name="name">guestbox</property> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="hexpand">False</property> + <property name="vexpand">False</property> + <property name="orientation">vertical</property> + <property name="homogeneous">True</property> + <child> + <object class="GtkBox" id="box4"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="orientation">vertical</property> + <child> + <object class="GtkLabel" id="guest_text"> + <property name="height_request">100</property> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="halign">center</property> + <property name="valign">center</property> + <property name="vexpand">False</property> + <property name="label" translatable="yes">Uni-interner Browser</property> + <property name="justify">center</property> + <attributes> + <attribute name="font-desc" value="Sans Bold 14"/> + </attributes> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">0</property> + </packing> + </child> + <child> + <object class="GtkLabel" id="label4"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="valign">center</property> + <property name="hexpand">False</property> + <property name="vexpand">False</property> + <property name="label" translatable="yes">Im Gastmodus können Sie nur auf universitätsinterne Webseiten zugreifen.</property> + <property name="justify">center</property> + <property name="wrap">True</property> + <property name="width_chars">0</property> + <property name="max_width_chars">0</property> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">1</property> + </packing> + </child> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">0</property> + </packing> + </child> + <child> + <object class="GtkButton" id="guest_button"> + <property name="label" translatable="yes">Surfen als Gast</property> + <property name="use_action_appearance">False</property> + <property name="related_action"/> + <property name="visible">True</property> + <property name="can_focus">True</property> + <property name="receives_default">True</property> + <property name="halign">center</property> + <property name="valign">center</property> + <signal name="clicked" handler="guest_cb" swapped="no"/> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">1</property> + </packing> + </child> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">0</property> + </packing> + </child> + <child> + <object class="GtkImage" id="guest_image"> + <property name="name">guest_image</property> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="margin_left">10</property> + <property name="margin_right">10</property> + <property name="margin_top">10</property> + <property name="margin_bottom">10</property> + <property name="hexpand">True</property> + <property name="vexpand">True</property> + <property name="pixbuf">ff-rz-smaller.png</property> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">1</property> + </packing> + </child> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">0</property> + </packing> + </child> + <child> + <object class="GtkGrid" id="grid4"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="hexpand">True</property> + <property name="vexpand">True</property> + <property name="row_homogeneous">True</property> + <child> + <object class="GtkBox" id="box3"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="hexpand">True</property> + <property name="vexpand">True</property> + <property name="orientation">vertical</property> + <property name="homogeneous">True</property> + <child> + <object class="GtkBox" id="box5"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="orientation">vertical</property> + <child> + <object class="GtkLabel" id="login_text"> + <property name="height_request">100</property> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="halign">center</property> + <property name="valign">center</property> + <property name="vexpand">False</property> + <property name="label" translatable="yes">Internet Browser</property> + <property name="justify">center</property> + <attributes> + <attribute name="font-desc" value="Sans Bold 14"/> + </attributes> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">0</property> + </packing> + </child> + <child> + <object class="GtkLabel" id="login_info"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="valign">start</property> + <property name="vexpand">False</property> + <property name="label" translatable="yes">Melden Sie sich mit Ihrem RZ-Konto, um auch im Internet zu surfen.</property> + <property name="justify">center</property> + <property name="wrap">True</property> + <property name="width_chars">0</property> + <property name="max_width_chars">30</property> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">1</property> + </packing> + </child> + </object> + <packing> + <property name="expand">True</property> + <property name="fill">True</property> + <property name="position">0</property> + </packing> + </child> + <child> + <object class="GtkBox" id="box1"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="valign">center</property> + <property name="orientation">vertical</property> + <child> + <object class="GtkGrid" id="grid3"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="halign">center</property> + <property name="valign">center</property> + <property name="row_spacing">3</property> + <property name="column_spacing">3</property> + <child> + <object class="GtkEntry" id="pass_password"> + <property name="visible">True</property> + <property name="sensitive">False</property> + <property name="can_focus">True</property> + <property name="progress_pulse_step">0</property> + <signal name="activate" handler="login_cb" swapped="no"/> + </object> + <packing> + <property name="left_attach">1</property> + <property name="top_attach">1</property> + </packing> + </child> + <child> + <object class="GtkLabel" id="pass_text"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="halign">start</property> + <property name="label" translatable="yes">Passwort:</property> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">1</property> + </packing> + </child> + <child> + <object class="GtkLabel" id="user_text"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="halign">start</property> + <property name="label" translatable="yes">Username:</property> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">0</property> + </packing> + </child> + <child> + <object class="GtkEntry" id="user_username"> + <property name="visible">True</property> + <property name="can_focus">True</property> + <signal name="activate" handler="login_cb" swapped="no"/> + </object> + <packing> + <property name="left_attach">1</property> + <property name="top_attach">0</property> + </packing> + </child> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">0</property> + </packing> + </child> + <child> + <object class="GtkLabel" id="message_label"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="label" comments="This is a placeholder string and will be replaced with a message from PAM">[message]</property> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">1</property> + </packing> + </child> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">1</property> + </packing> + </child> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">0</property> + </packing> + </child> + <child> + <object class="GtkImage" id="login_image"> + <property name="name">login_image</property> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="margin_left">10</property> + <property name="margin_right">10</property> + <property name="margin_top">10</property> + <property name="margin_bottom">10</property> + <property name="hexpand">True</property> + <property name="vexpand">True</property> + <property name="pixbuf">ff-google-smaller.png</property> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">1</property> + </packing> + </child> + </object> + <packing> + <property name="left_attach">2</property> + <property name="top_attach">0</property> + </packing> + </child> + </object> + <packing> + <property name="expand">False</property> + <property name="fill">True</property> + <property name="position">1</property> + </packing> + </child> + </object> + </child> + </object> +</interface> diff --git a/remote/modules/netpoint-lightdm/data/usr/local/share/xgreeters/netpoint.desktop b/remote/modules/netpoint-lightdm/data/usr/local/share/xgreeters/netpoint.desktop new file mode 100644 index 00000000..f03cf498 --- /dev/null +++ b/remote/modules/netpoint-lightdm/data/usr/local/share/xgreeters/netpoint.desktop @@ -0,0 +1,5 @@ +[Desktop Entry] +Name=Netpoint Grita +Comment=Netpoint Grita +Exec=/usr/local/bin/netpoint.py +Type=Application diff --git a/remote/modules/netpoint-lightdm/module.build b/remote/modules/netpoint-lightdm/module.build new file mode 100644 index 00000000..0c891489 --- /dev/null +++ b/remote/modules/netpoint-lightdm/module.build @@ -0,0 +1,15 @@ +fetch_source() { + : +} + +build() { + COPYLIST="list_dpkg_output" + [ -e "$COPYLIST" ] && rm "$COPYLIST" + + list_packet_files >> "$COPYLIST" + tarcopy "$(cat "$COPYLIST" | sort -u)" "${MODULE_BUILD_DIR}" +} + +post_copy() { + : +} diff --git a/remote/modules/netpoint-lightdm/module.conf b/remote/modules/netpoint-lightdm/module.conf new file mode 100644 index 00000000..0cd03752 --- /dev/null +++ b/remote/modules/netpoint-lightdm/module.conf @@ -0,0 +1,3 @@ +REQUIRED_BINARIES="" +REQUIRED_LIBRARIES="" +REQUIRED_DIRECTORIES="" diff --git a/remote/modules/netpoint-lightdm/module.conf.opensuse.13.2 b/remote/modules/netpoint-lightdm/module.conf.opensuse.13.2 new file mode 100644 index 00000000..d62f9063 --- /dev/null +++ b/remote/modules/netpoint-lightdm/module.conf.opensuse.13.2 @@ -0,0 +1,36 @@ +REQUIRED_INSTALLED_PACKAGES=" + lightdm + lightdm-gtk-greeter + lightdm-gobject-devel + typelib-1_0-LightDM-1 + liblightdm-gobject-1-0 + python-gobject + icewm-lite + icewm-default + python-base + python-gobject2 +" + +REQUIRED_CONTENT_PACKAGES=" + lightdm + lightdm-gtk-greeter + lightdm-gobject-devel + typelib-1_0-LightDM-1 + liblightdm-gobject-1-0 + python-gobject + icewm-lite + icewm-default + python-base + python-gobject2 +" + +REQUIRED_BINARIES+=" + icewm + lightdm + python + lightdm-gtk-greeter +" + +REQUIRED_DIRECTORIES+=" + /usr/lib64/python2.7 +" diff --git a/remote/modules/nscd/data/etc/nscd.conf b/remote/modules/nscd/data/etc/nscd.conf index c4e23686..8eac1354 100644 --- a/remote/modules/nscd/data/etc/nscd.conf +++ b/remote/modules/nscd/data/etc/nscd.conf @@ -40,7 +40,7 @@ paranoia no # restart-interval 3600 - enable-cache passwd yes + enable-cache passwd no positive-time-to-live passwd 600 negative-time-to-live passwd 20 suggested-size passwd 211 @@ -50,7 +50,7 @@ max-db-size passwd 33554432 auto-propagate passwd yes - enable-cache group yes + enable-cache group no positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 211 @@ -69,7 +69,7 @@ shared hosts yes max-db-size hosts 33554432 - enable-cache services yes + enable-cache services no positive-time-to-live services 28800 negative-time-to-live services 20 suggested-size services 211 diff --git a/remote/modules/nslcd/module.build b/remote/modules/nslcd/module.build new file mode 100644 index 00000000..aa1b3915 --- /dev/null +++ b/remote/modules/nslcd/module.build @@ -0,0 +1,42 @@ +#!/bin/bash + +fetch_source() { + if [ -n "$REQUIRED_NSS_LDAPD_URL" ]; then + pinfo "Downloading $REQUIRED_NSS_LDAPD_URL ..." + download_untar "$REQUIRED_NSS_LDAPD_URL" "src/" + fi +} + +build() { + + COPYLIST="list_dpkg_output" + [ -e "$COPYLIST" ] && rm "$COPYLIST" + + list_packet_files >> "$COPYLIST" + tarcopy "$(cat "$COPYLIST" | sort -u)" "${MODULE_BUILD_DIR}" + + # OpenSuSE 13.1 has no 'nss-pam-ldapd'. Let's compile + if [ -n "$REQUIRED_NSS_LDAPD_URL" ]; then + cd "${MODULE_DIR}/src/$REQUIRED_NSS_LDAPD_VERSION" + pinfo "compiling pam-nss-ldapd for openSuse 13.1 ..." + ./configure || perror "openSuse 13.1 - pam-nss-ldapd: ./configure failed." + make DESTDIR="${MODULE_BUILD_DIR}" install || perror "openSuse 13.1 - pam-nss-ldapd: make install to ${MODULE_BUILD_DIR} failed." + cd "$MODULE_BUILD_DIR" + local NSLCD_PATH=$(find . -executable -name "nslcd") # Not in path, so we 'find' below MODULE_BUILD_DIR + else + cd "$MODULE_BUILD_DIR" + local NSLCD_PATH=$(which nslcd) + fi + [[ $REQUIRED_BINARIES = *nslcd* ]] && [ -z "$NSLCD_PATH" ] && perror "Could not 'which nslcd'" + + + # Build nslcd service file + mkdir -p "${MODULE_BUILD_DIR}/etc/systemd/system" + sed "s,%PATH%,${NSLCD_PATH},g" "${MODULE_DIR}/templates/nslcd-systemd.service" > "${MODULE_BUILD_DIR}/etc/systemd/system/nslcd.service" || perror "Could not fill nslcd.service template" + + return 0 +} + +post_copy() { + : +} diff --git a/remote/modules/nslcd/module.conf b/remote/modules/nslcd/module.conf new file mode 100644 index 00000000..7dae2ba1 --- /dev/null +++ b/remote/modules/nslcd/module.conf @@ -0,0 +1,6 @@ +REQUIRED_BINARIES=" + nslcd +" +REQUIRED_FILES=" + /etc/systemd/system/nslcd.service +" diff --git a/remote/modules/nslcd/module.conf.debian b/remote/modules/nslcd/module.conf.debian new file mode 100644 index 00000000..3d83fc81 --- /dev/null +++ b/remote/modules/nslcd/module.conf.debian @@ -0,0 +1,6 @@ +REQUIRED_INSTALLED_PACKAGES=" + nslcd +" +REQUIRED_CONTENT_PACKAGES=" + nslcd +" diff --git a/remote/modules/nslcd/module.conf.ubuntu b/remote/modules/nslcd/module.conf.ubuntu new file mode 100644 index 00000000..3d83fc81 --- /dev/null +++ b/remote/modules/nslcd/module.conf.ubuntu @@ -0,0 +1,6 @@ +REQUIRED_INSTALLED_PACKAGES=" + nslcd +" +REQUIRED_CONTENT_PACKAGES=" + nslcd +" diff --git a/remote/modules/pam/templates/nslcd-systemd.service b/remote/modules/nslcd/templates/nslcd-systemd.service index 540e67cd..540e67cd 100644 --- a/remote/modules/pam/templates/nslcd-systemd.service +++ b/remote/modules/nslcd/templates/nslcd-systemd.service diff --git a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share index 85a3fcc0..670943f4 100644 --- a/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share +++ b/remote/modules/pam-common-share/data/opt/openslx/scripts/pam_script_mount_common_share @@ -1,36 +1,41 @@ ################################################################### # -# This script is a part of the pam_script_auth script -# and is not stand-alone! +# This script is a part of the pam_script_auth script +# and is not stand-alone! # -# It will try to mount the common shares specified in the -# variables of the global slx config '/opt/openslx/config'. -# A primary and a secondary share may be given. Every share -# require following bundle of variables: +# It will try to mount the common shares specified in the +# variables of the global slx config '/opt/openslx/config'. +# An arbitrary number of shares may be given. Every share +# requires following bundle of variables: # # -# SLX_SHARE_[0-9]_AUTH_TYPE [guest|user|pam] -# SLX_SHARE_[0-9]_AUTH_USER <username> -# SLX_SHARE_[0-9]_AUTH_PASS <password> -# SLX_SHARE_[0-9]_PERM [ro|rw] -# SLX_SHARE_[0-9]_PATH <path_to_share> +# SLX_SHARE_<id>_AUTH_TYPE [guest|user|pam] +# SLX_SHARE_<id>_AUTH_USER <username> +# SLX_SHARE_<id>_AUTH_PASS <password> +# SLX_SHARE_<id>_PERM [ro|rw] +# SLX_SHARE_<id>_PATH <path_to_share> # -# Example: -# SLX_SHARE_0_PATH='//windows.server/sharename' -# SLX_SHARE_0_AUTH_TYPE='user' -# SLX_SHARE_0_AUTH_USER='shareuser' -# SLX_SHARE_0_AUTH_PASS='sharepass' -# SLX_SHARE_0_PERM='rw' +# Note: <id> is the identifier of the share. # -# Note: When AUTH_TYPE is set to 'pam' or 'guest', -# no need to specify AUTH_USER or AUTH_PASS. +# Example: +# SLX_SHARE_0_PATH='//windows.server/sharename' +# SLX_SHARE_0_AUTH_TYPE='user' +# SLX_SHARE_0_AUTH_USER='shareuser' +# SLX_SHARE_0_AUTH_PASS='sharepass' +# SLX_SHARE_0_PERM='rw' # +# Note: If AUTH_TYPE is set to 'pam' or 'guest', then +# there is no need to specify AUTH_USER or AUTH_PASS +# as it is obviously not needed. # -# usage: mount_share <auth_type> <auth_user> <auth_password> <permissions> <path> <share> +################################################################### +# +# Internal helper function to mount a share +# usage: mount_share <auth_type> <auth_user> <auth_password> <permissions> <path> <share_number> mount_share() { - # only want two arguments + # since we are (hopefully) the only one using this function, we know we need excatly 6 args [ $# -ne 6 ] && { slxlog "pam-share-args" "Wrong number of arguments given! Need 6, $# given."; return; } - + # lets check if we have our variables local SHARE_AUTH_TYPE="$1" local SHARE_AUTH_USER="$2" @@ -43,17 +48,12 @@ mount_share() { [ "x${SHARE_PERM}" != "xrw" ] && SHARE_PERM='ro' # all good: now we can mount depending on the type - # supports: cifs?/nfs? + # supports: cifs?/nfs? if [ "${SHARE_PATH:0:2}" = "//" ]; then # '//' prefixed, assume windows share # prepare common mount options for either authentication type MOUNT_OPTS="-t cifs -o nounix,uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,nobrl,noacl,$SHARE_PERM" - # flag for failure - SIGNAL=$(mktemp) - rm -f -- "${SIGNAL}" - # output of command - MOUNT_OUTPUT=$(mktemp) # now construct the mount options depending on the type of the share. if [ "${SHARE_AUTH_TYPE}" = "guest" ]; then MOUNT_OPTS="${MOUNT_OPTS},guest,file_mode=0777,dir_mode=0777" @@ -73,40 +73,68 @@ mount_share() { slxlog "pam-share-auth" "Share${SHARE_NUM}: Auth type '${SHARE_AUTH_TYPE}' not supported." return; fi + else + # for now assume NFS-Share, start build options string with default options for all shares + MOUNT_OPTS="-t nfs -o async,nolock" + + # TODO: here we will have to evaluate options of NFS-shares - # we just mount it to the directory with the same name as the - # last directory in the path name of the share - # e.g. //windows.net/lehrpool -> ${COMMON_SHARE_MOUNT_POINT}/lehrpool - local TARGET_DIR="${COMMON_SHARE_MOUNT_POINT}/$(basename ${SHARE_PATH})" - # it exists, so let's create ${COMMON_SHARE_MOUNT_POINT}/lehrpool_${SHARE_NUM} - [ -d "${TARGET_DIR}" ] && TARGET_DIR="${TARGET_DIR}_${SHARE_NUM}" + # unless specified otherwise, mount the share read-only + [ "x${SHARE_PERM}" != "xrw" ] && SHARE_PERM='ro' + MOUNT_OPTS="${MOUNT_OPTS},${SHARE_PERM}" + fi - # at this point is TARGET_DIR pointing to the right directory. - mkdir -p "${TARGET_DIR}" || \ - { slxlog "pam-share-mkdirfail" "Share${SHARE_NUM}: Could not create directory '${TARGET_DIR}'. Skipping share."; return; } - # now try to mount it - ( mount ${MOUNT_OPTS} "${SHARE_PATH}" "${TARGET_DIR}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) & - MOUNT_PID=$! - for COUNTER in 1 1 2 4; do - kill -0 "${MOUNT_PID}" 2>/dev/null || break - sleep "${COUNTER}" - done + ############################################################################ + # + # Following code is independent of the type of share. + # The variable MOUNT_OPTS should have been set correctly + # up to this point. + # + ############################################################################ - # check for failures - if [ -e "${SIGNAL}" ]; then - slxlog "pam-share-mount" "Mount of '${SHARE_PATH}' to '${TARGET_DIR}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" - rm -f -- "${SIGNAL}" - elif kill -9 "${MOUNT_PID}" 2>/dev/null; then - slxlog "pam-share-mount" "Mount of '${SHARE_PATH}' to '${TARGET_DIR}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" - fi - ( sleep 2; rm -f -- "${MOUNT_OUTPUT}" ) & + # we just mount it to the directory with the same name as the + # last directory in the path name of the share + # e.g. //windows.net/lehrpool -> ${COMMON_SHARE_MOUNT_POINT}/lehrpool + local TARGET_DIR="${COMMON_SHARE_MOUNT_POINT}/$(basename ${SHARE_PATH})" + # it exists, so let's create ${COMMON_SHARE_MOUNT_POINT}/lehrpool_${SHARE_NUM} + [ -d "${TARGET_DIR}" ] && TARGET_DIR="${TARGET_DIR}_${SHARE_NUM}" + + # at this point is TARGET_DIR pointing to the right directory. + mkdir -p "${TARGET_DIR}" || \ + { slxlog "pam-share-mkdirfail" "Share${SHARE_NUM}: Could not create directory '${TARGET_DIR}'. Skipping share."; return; } - # always unset credentials - unset USER - unset PASSWD + # flag for failure + SIGNAL=$(mktemp) + rm -f -- "${SIGNAL}" + # output of command + MOUNT_OUTPUT=$(mktemp) + # now try to mount it + ( mount ${MOUNT_OPTS} "${SHARE_PATH}" "${TARGET_DIR}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) & + MOUNT_PID=$! + for COUNTER in 1 1 2 4; do + kill -0 "${MOUNT_PID}" 2>/dev/null || break + sleep "${COUNTER}" + done + + # check for failures + if [ -e "${SIGNAL}" ]; then + slxlog "pam-share-mount" "Mount of '${SHARE_PATH}' to '${TARGET_DIR}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" + rm -f -- "${SIGNAL}" + elif kill -9 "${MOUNT_PID}" 2>/dev/null; then + slxlog "pam-share-mount" "Mount of '${SHARE_PATH}' to '${TARGET_DIR}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}" fi + ( sleep 2; rm -f -- "${MOUNT_OUTPUT}" ) & + + # always unset credentials + unset USER + unset PASSWD } +############################################################################ +# +# MAIN LOGIC OVER ALL SHARES +# +############################################################################ # at this point we need the slx config to do anything [ -e "/opt/openslx/config" ] || \ { slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; } @@ -115,28 +143,40 @@ mount_share() { . /opt/openslx/config || \ { slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; } +# +# +# # Since many shares can be specified, we need to identify how many we have first. -# We just go over all SLX_SHARE_* variables and check for those ending in _PATH +# We just go over all SLX_SHARE_* variables and check for those ending in _PATH. +# So e.g. for SLX_SHARE_0_PATH=<path> the SHARE variable would be equal to 'SLX_SHARE_0_PATH' # For each of those, a share was specified and we will try to mount it. -for SHARE in ${!SLX_SHARE_*}; do - # skip if the variable doesn't end in _PATH - [[ "$SHARE" =~ .*_PATH$ ]] || continue - # first let's check if we have already mounted it, since we don't have to - # do anything is it already is. - if mount | grep -q "${SHARE}"; then - # already mounted, just skip. +for SHARE in $(grep -E '^SLX_SHARE_[0-9]+_PATH=.*$' /opt/openslx/config); do + # first let's check if we have already mounted it and skip if it is + # TODO: this should be good enough? stronger checks? + if mount | grep -q "$(echo ${SHARE} | awk -F '=' '{print $2}' | tr -d \'\")"; then + # already mounted, just skip + # this should not happen anyway, since the pam_script_auth script also exits + # if the temporary home user directory is already mounted... continue fi - # ok so we have a path in $SHARE, let's extract the number of the share + # ok so we have the full declaration command in $SHARE, + # let's extract the number of the share. # i.e. SLX_SHARE_0_PATH -> share number 0 - # first strip the leading SLX_SHARE_ - SHARE=${SHARE#SLX_SHARE_} + # first just cut everything after '=' + SHARE_ID="$(echo $SHARE | awk -F '=' '{print $1}')" + # now strip the leading SLX_SHARE_ + SHARE_ID=${SHARE_ID#SLX_SHARE_} # now remove the trailing _PATH - SHARE=${SHARE%_PATH} + SHARE_ID=${SHARE_ID%_PATH} # now it should be a number, TODO accept more than numbers? Doesn't really matter... # this check is mostly to be sure that the variable splitting worked as it should - [[ "$SHARE" =~ ^[0-9]+$ ]] || continue - eval mount_share \""\$SLX_SHARE_${SHARE}_AUTH_TYPE"\" \""\$SLX_SHARE_${SHARE}_AUTH_USER"\" \""\$SLX_SHARE_${SHARE}_AUTH_PASS"\" \""\$SLX_SHARE_${SHARE}_PERM"\" \""\$SLX_SHARE_${SHARE}_PATH"\" \""$SHARE"\" + # ugly cause we need to be ash compatible ... + if ! echo "${SHARE_ID}" | grep -q -E '^[0-9]+$'; then + continue + fi + + # now do try to mount the share using the helper function defined on the top of this script + eval mount_share \""\$SLX_SHARE_${SHARE_ID}_AUTH_TYPE"\" \""\$SLX_SHARE_${SHARE_ID}_AUTH_USER"\" \""\$SLX_SHARE_${SHARE_ID}_AUTH_PASS"\" \""\$SLX_SHARE_${SHARE_ID}_PERM"\" \""\$SLX_SHARE_${SHARE_ID}_PATH"\" \""$SHARE_ID"\" ## unset USER and PASSWD just in case mount_share returned due to an error. unset USER unset PASSWD diff --git a/remote/modules/pam/data/etc/pam.d/common-session-noninteractive b/remote/modules/pam/data/etc/pam.d/common-session-noninteractive index d9bf071c..5e0fe3f8 100644 --- a/remote/modules/pam/data/etc/pam.d/common-session-noninteractive +++ b/remote/modules/pam/data/etc/pam.d/common-session-noninteractive @@ -26,5 +26,6 @@ session required pam_permit.so # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) +session [success=1 default=ignore] pam_succeed_if.so service in sudo quiet use_uid session required pam_unix.so # end of pam-auth-update config diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth index 3b8bf676..f9636ced 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_auth @@ -105,7 +105,7 @@ chown "${PAM_USER}:${USER_GID}" "${COMMON_SHARE_MOUNT_POINT}" || \ [ ! -e "${COMMON_SHARE_MOUNT_SCRIPT}" ] && exit 0 # we do! -COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/bash "${COMMON_SHARE_MOUNT_SCRIPT}" || \ +COMMON_SHARE_MOUNT_POINT="${COMMON_SHARE_MOUNT_POINT}" PAM_USER="${PAM_USER}" PAM_AUTHTOK="${PAM_AUTHTOK}" USER_UID="${USER_UID}" USER_GID="${USER_GID}" /bin/ash "${COMMON_SHARE_MOUNT_SCRIPT}" || \ { slxlog "pam-global-sourceshare" "Could not source '${COMMON_SHARE_MOUNT_SCRIPT}'."; exit 1; } # Just try to delete the common share dir. If the mount was successful, it will not work diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close index 4fc2ce6a..9332e0a6 100755 --- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close +++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close @@ -26,7 +26,7 @@ if [ -d "/opt/openslx/scripts/pam_script_ses_close.d" ]; then done fi -OPENSESSION=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-) +OPENSESSION=$(loginctl show-user "$PAM_USER" 2>/dev/null| grep "Sessions=" | cut -c 10-) SESSIONCOUNT=$(echo "$OPENSESSION" | wc -w) # When using su/sudo there is no session created, so count up by one if [ "x$PAM_SERVICE" = "xsu" -o "x$PAM_SERVICE" = "xsudo" ]; then @@ -55,7 +55,7 @@ if [ "$SESSIONCOUNT" -le "1" ]; then done # just to be sure we check if there's no other open session in the meantime - OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-) + OPEN2=$(loginctl show-user "$PAM_USER" 2>/dev/null | grep "Sessions=" | cut -c 10-) if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then diff --git a/remote/modules/pam/module.build b/remote/modules/pam/module.build index b678fdd6..5c3dc8db 100644 --- a/remote/modules/pam/module.build +++ b/remote/modules/pam/module.build @@ -33,24 +33,6 @@ build() { cd "${MODULE_DIR}/src/pam-script-${REQUIRED_PAM_SCRIPT_VERSION}" || perror "Could not cd to ${MODULE_DIR}/src/pam-script-${REQUIRED_PAM_SCRIPT_VERSION}." ./configure --prefix=/ --sysconfdir=/etc/pam-script --libdir="$SYS_PAM_MODULES_PATH" || perror "pam-script: ./configure failed." make DESTDIR="${MODULE_BUILD_DIR}" install || perror "pam-script: make install to ${MODULE_BUILD_DIR} failed." - - - # openSuse 13.1 has no package nss-pam-ldapd. So, we compile it. - if [ -n "$REQUIRED_NSS_LDAPD_URL" ]; then - cd "${MODULE_DIR}/src/$REQUIRED_NSS_LDAPD_VERSION" - pinfo "compiling pam-nss-ldapd for openSuse 13.1 ..." - ./configure || perror "openSuse 13.1 - pam-nss-ldapd: ./configure failed." - make DESTDIR="${MODULE_BUILD_DIR}" install || perror "openSuse 13.1 - pam-nss-ldapd: make install to ${MODULE_BUILD_DIR} failed." - cd "$MODULE_BUILD_DIR" - local NSLCD_PATH=$(find . -executable -name "nslcd") # Not in path, so we 'find' below MODULE_BUILD_DIR - else - cd "$MODULE_BUILD_DIR" - local NSLCD_PATH=$(which nslcd) - fi - [[ $REQUIRED_BINARIES = *nslcd* ]] && [ -z "$NSLCD_PATH" ] && perror "Could not 'which nslcd'" - # Build nslcd service file - mkdir -p "etc/systemd/system" - sed "s,%PATH%,$NSLCD_PATH,g" "$MODULE_DIR/templates/nslcd-systemd.service" > "etc/systemd/system/nslcd.service" || perror "Could not fill nslcd.service template" } post_copy() { diff --git a/remote/modules/pam/module.conf b/remote/modules/pam/module.conf index c0a21a79..4e2e01a1 100644 --- a/remote/modules/pam/module.conf +++ b/remote/modules/pam/module.conf @@ -1,6 +1,5 @@ REQUIRED_BINARIES=" ldapsearch - nslcd rpc.gssd rpc.idmapd sslconnect @@ -15,9 +14,6 @@ REQUIRED_LIBRARIES=" REQUIRED_DIRECTORIES=" /etc/security " -REQUIRED_FILES=" - /etc/systemd/system/nslcd.service -" REQUIRED_SYSTEM_FILES=" /etc/login.defs /etc/securetty diff --git a/remote/modules/pam/module.conf.debian b/remote/modules/pam/module.conf.debian index be237be2..e6661476 100644 --- a/remote/modules/pam/module.conf.debian +++ b/remote/modules/pam/module.conf.debian @@ -1,7 +1,6 @@ REQUIRED_INSTALLED_PACKAGES=" libpam-ldap libnss-ldapd - nslcd libpam-ck-connector libpam-cap krb5-user @@ -22,7 +21,6 @@ REQUIRED_CONTENT_PACKAGES=" libldap-2.4-2 libpam-ldapd libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 diff --git a/remote/modules/pam/module.conf.opensuse.13.2 b/remote/modules/pam/module.conf.opensuse.13.2 new file mode 100644 index 00000000..d4435999 --- /dev/null +++ b/remote/modules/pam/module.conf.opensuse.13.2 @@ -0,0 +1,48 @@ +REQUIRED_NSS_LDAPD_VERSION="nss-pam-ldapd-0.8.13" +REQUIRED_NSS_LDAPD_URL="http://arthurdejong.org/nss-pam-ldapd/$REQUIRED_NSS_LDAPD_VERSION.tar.gz" + +REQUIRED_BINARIES+=" + mkhomedir_helper +" + +REQUIRED_INSTALLED_PACKAGES=" + pam + pam_krb5 + pam-devel + pam-modules + nss-mdns + libopenssl-devel + openldap2-client + nfsidmap + nfs-client + glibc + pam-devel + openldap2-devel + krb5-devel +" +REQUIRED_CONTENT_PACKAGES=" + pam + pam_krb5 + pam-devel + pam-modules + nss-mdns + openldap2-client + nfsidmap + nfs-client + glibc +" +REQUIRED_LIBRARIES+=" + libnss_compat + libnss_db + libnss_dns + libnss_files + libnss_nis +" +REQUIRED_DIRECTORIES+=" + /$LIB64 + /usr/$LIB64 +" +REQUIRED_SYSTEM_FILES+=" + /$LIB64/security +" + diff --git a/remote/modules/pam/module.conf.ubuntu b/remote/modules/pam/module.conf.ubuntu index 4a3635fc..d675116c 100644 --- a/remote/modules/pam/module.conf.ubuntu +++ b/remote/modules/pam/module.conf.ubuntu @@ -1,7 +1,6 @@ REQUIRED_INSTALLED_PACKAGES=" libpam-ldap libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 @@ -20,7 +19,6 @@ REQUIRED_CONTENT_PACKAGES=" libldap-2.4-2 libpam-ldap libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 diff --git a/remote/modules/pam/module.conf.ubuntu.14 b/remote/modules/pam/module.conf.ubuntu.14 index 26307d84..64ead96a 100644 --- a/remote/modules/pam/module.conf.ubuntu.14 +++ b/remote/modules/pam/module.conf.ubuntu.14 @@ -2,7 +2,6 @@ REQUIRED_INSTALLED_PACKAGES=" libpam-ldap libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 @@ -20,7 +19,6 @@ REQUIRED_CONTENT_PACKAGES=" libldap-2.4-2 libpam-ldap libnss-ldapd - nslcd krb5-user krb5-config libpam-krb5 @@ -28,14 +26,8 @@ REQUIRED_CONTENT_PACKAGES=" libnfsidmap2 nfs-common cifs-utils - ncpfs " REQUIRED_BINARIES+=" - nwmsg - ncpmount - ncpumount - mount.ncp - mount.ncpfs mount.cifs " REQUIRED_DIRECTORIES+=" @@ -47,11 +39,3 @@ REQUIRED_SYSTEM_FILES+=" /etc/pam.conf /etc/default/locale " - -# For Ubuntu 14.04: Both packages were dropped from official repos. Do not change the -# order, as these packages will be installed via dpkg and depend on each other. -REQUIRED_DOWNLOAD_URLS=" - de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/libncp_2.2.6-9ubuntu1_amd64.deb - de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/libpam-ncp_2.2.6-9ubuntu1_amd64.deb - de.archive.ubuntu.com/ubuntu/pool/universe/n/ncpfs/ncpfs_2.2.6-9ubuntu1_amd64.deb -" diff --git a/remote/modules/pvs2/module.conf.opensuse b/remote/modules/pvs2/module.conf.opensuse new file mode 100644 index 00000000..aedc0d96 --- /dev/null +++ b/remote/modules/pvs2/module.conf.opensuse @@ -0,0 +1,14 @@ +REQUIRED_INSTALLED_PACKAGES=" + libqt4-devel + LibVNCServer-devel +" + +REQUIRED_CONTENT_PACKAGES=" + libqt4 +" + +REQUIRED_DIRECTORIES=" + /usr/$LIB64/ +" + +# libqt4-svg diff --git a/remote/modules/rsyslogd/module.conf.opensuse.13.2 b/remote/modules/rsyslogd/module.conf.opensuse.13.2 new file mode 100644 index 00000000..b1d7fd03 --- /dev/null +++ b/remote/modules/rsyslogd/module.conf.opensuse.13.2 @@ -0,0 +1,9 @@ +REQUIRED_CONTENT_PACKAGES=" + rsyslog +" +REQUIRED_INSTALLED_PACKAGES=" + rsyslog +" +REQUIRED_BINARIES+=" + rsyslog-service-prepare +" diff --git a/remote/modules/ssh-auth-keys/data/etc/systemd/system/basic.target.wants/ssh-auth-keys.service b/remote/modules/ssh-auth-keys/data/etc/systemd/system/basic.target.wants/ssh-auth-keys.service new file mode 120000 index 00000000..2bddb0ca --- /dev/null +++ b/remote/modules/ssh-auth-keys/data/etc/systemd/system/basic.target.wants/ssh-auth-keys.service @@ -0,0 +1 @@ +../ssh-auth-keys.service
\ No newline at end of file diff --git a/remote/modules/ssh-auth-keys/data/etc/systemd/system/ssh-auth-keys.service b/remote/modules/ssh-auth-keys/data/etc/systemd/system/ssh-auth-keys.service new file mode 100644 index 00000000..20a7b8f9 --- /dev/null +++ b/remote/modules/ssh-auth-keys/data/etc/systemd/system/ssh-auth-keys.service @@ -0,0 +1,7 @@ +[Unit] +Description=Enable SSH keys in authorized_keys.d/ folder + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/opt/openslx/scripts/systemd-ssh_auth_keys diff --git a/remote/modules/ssh-auth-keys/data/opt/openslx/scripts/systemd-ssh_auth_keys b/remote/modules/ssh-auth-keys/data/opt/openslx/scripts/systemd-ssh_auth_keys new file mode 100755 index 00000000..08ad7d2c --- /dev/null +++ b/remote/modules/ssh-auth-keys/data/opt/openslx/scripts/systemd-ssh_auth_keys @@ -0,0 +1,18 @@ +#!/bin/ash + +AUTH_KEYS_DIR="/root/.ssh/authorized_keys.d/" +AUTH_KEYS_FILE="/root/.ssh/authorized_keys" + +# do we even have the directory? +[ ! -d "$AUTH_KEYS_DIR" ] && echo "No such directory: $AUTH_KEYS_DIR" && exit 1 + +# ok, lets cat them in the real file +for KEY in "$AUTH_KEYS_DIR"/* ; do + if ! cat $KEY >> "$AUTH_KEYS_FILE" ; then + echo "Could not add '$KEY' to '$AUTH_KEYS_FILE'" + exit 1 + fi +done + +# all done, all good +exit 0 diff --git a/remote/modules/ssh-auth-keys/module.build b/remote/modules/ssh-auth-keys/module.build new file mode 100644 index 00000000..97e93235 --- /dev/null +++ b/remote/modules/ssh-auth-keys/module.build @@ -0,0 +1,11 @@ +fetch_source() { + : +} + +build() { + : +} + +post_copy() { + : +} diff --git a/remote/modules/ssh-auth-keys/module.conf b/remote/modules/ssh-auth-keys/module.conf new file mode 100644 index 00000000..0cd03752 --- /dev/null +++ b/remote/modules/ssh-auth-keys/module.conf @@ -0,0 +1,3 @@ +REQUIRED_BINARIES="" +REQUIRED_LIBRARIES="" +REQUIRED_DIRECTORIES="" diff --git a/remote/modules/sssd/module.build b/remote/modules/sssd/module.build new file mode 100644 index 00000000..041fd5bd --- /dev/null +++ b/remote/modules/sssd/module.build @@ -0,0 +1,33 @@ +fetch_source() { + : +} + +build() { + COPYLIST="list_dpkg_output" + [ -e "$COPYLIST" ] && rm "$COPYLIST" + + list_packet_files >> "$COPYLIST" + tarcopy "$(cat "$COPYLIST" | sort -u)" "${MODULE_BUILD_DIR}" + + local SSSD_PATH="$(which sssd)" + [ -z "$SSSD_PATH" ] && perror "'sssd' not found on this system. Should have been installed! Something is wrong..." + + # Build nslcd service file + mkdir -p "${MODULE_BUILD_DIR}/etc/systemd/system" + sed "s,%PATH%,${SSSD_PATH},g" "${MODULE_DIR}/templates/sssd-systemd.service" > "${MODULE_BUILD_DIR}/etc/systemd/system/sssd.service" || perror "Could not fill sssd.service template" + + # openSuse sssd does not start when /etc/sssd/sssd.conf is not root:root 600! + if [ "$SYS_DISTRIBUTION" == "opensuse" -a "$SYS_VERSION" == "13.2" ]; then + sed -i 's#ExecStart#ExecStartPre=/opt/openslx/bin/chmod 600 /etc/sssd/sssd.conf\nExecStart#g' \ + "${MODULE_BUILD_DIR}/etc/systemd/system/sssd.service" + fi + + return 0 +} + +post_copy() { + mkdir -p "${TARGET_BUILD_DIR}/var/log/sssd" + for DIR in mc pubconf/krb5.include.d db pipes/private; do + mkdir -p "${TARGET_BUILD_DIR}/var/lib/sss/$DIR" + done +} diff --git a/remote/modules/sssd/module.conf b/remote/modules/sssd/module.conf new file mode 100644 index 00000000..6e4df94e --- /dev/null +++ b/remote/modules/sssd/module.conf @@ -0,0 +1,18 @@ +REQUIRED_BINARIES=" + sssd +" +REQUIRED_FILES=" + /etc/default/sssd + /etc/systemd/system/sssd.service +" +# lib/ is needed to fetch lib/x86..../security/pam_sss.so module +# could do it using the SYS_PAM_MODULE_PATH, but using that in the +# module.conf seems hacky... +# +# usr/lib is needed to get the ldb modules, e.g.: +# usr/lib/x86_64-linux-gnu/ldb/modules/ldb/ldap.so +# +REQUIRED_DIRECTORIES=" + /lib + /usr/lib +" diff --git a/remote/modules/sssd/module.conf.opensuse.13.2 b/remote/modules/sssd/module.conf.opensuse.13.2 new file mode 100644 index 00000000..6fafc652 --- /dev/null +++ b/remote/modules/sssd/module.conf.opensuse.13.2 @@ -0,0 +1,23 @@ +REQUIRED_FILES=" + /etc/sssd + /etc/systemd/system/sssd.service +" + +REQUIRED_DIRECTORIES=" + /$LIB64 + /usr/lib + /usr/lib64 +" + +REQUIRED_INSTALLED_PACKAGES=" + sssd + sssd-ldap + libldb1 + libsss_nss_idmap0 +" +REQUIRED_CONTENT_PACKAGES=" + sssd + sssd-ldap + libldb1 + libsss_nss_idmap0 +" diff --git a/remote/modules/sssd/module.conf.ubuntu b/remote/modules/sssd/module.conf.ubuntu new file mode 100644 index 00000000..5a8e4fa4 --- /dev/null +++ b/remote/modules/sssd/module.conf.ubuntu @@ -0,0 +1,14 @@ +REQUIRED_INSTALLED_PACKAGES=" + sssd-common + sssd-ldap + libldb1 + libnss-sss + libpam-sss +" +REQUIRED_CONTENT_PACKAGES=" + sssd-common + sssd-ldap + libldb1 + libnss-sss + libpam-sss +" diff --git a/remote/modules/sssd/templates/sssd-systemd.service b/remote/modules/sssd/templates/sssd-systemd.service new file mode 100644 index 00000000..8cfd1a2e --- /dev/null +++ b/remote/modules/sssd/templates/sssd-systemd.service @@ -0,0 +1,15 @@ +[Unit] +Description=System Security Services Daemon +# SSSD will not be started until syslog is +After=syslog.target + +[Service] +EnvironmentFile=-/etc/sysconfig/sssd +ExecStart=%PATH% -D -f +# These two should be used with traditional UNIX forking daemons +# consult systemd.service(5) for more details +Type=forking +PIDFile=/var/run/sssd.pid + +[Install] +WantedBy=multi-user.target diff --git a/remote/modules/systemd/data/usr/lib/systemd/system/getty@.service b/remote/modules/systemd/data/usr/lib/systemd/system/getty@.service index 2d2940e1..772566d6 100644 --- a/remote/modules/systemd/data/usr/lib/systemd/system/getty@.service +++ b/remote/modules/systemd/data/usr/lib/systemd/system/getty@.service @@ -26,8 +26,9 @@ ConditionPathExists=/dev/tty0 [Service] ExecStartPre=-/opt/openslx/bin/killall fbsplash +ExecStartPre=-/bin/bash -c "echo -e '\033c' > /dev/%i" # the VT is cleared by TTYVTDisallocate -ExecStart=-/sbin/agetty --noclear %I 38400 linux +ExecStart=-/sbin/agetty %I 38400 linux Type=idle Restart=always RestartSec=0 diff --git a/remote/modules/systemd/module.build b/remote/modules/systemd/module.build index 6e1cf4c1..67e019af 100644 --- a/remote/modules/systemd/module.build +++ b/remote/modules/systemd/module.build @@ -99,5 +99,9 @@ post_copy() { if [ "x$(dpkg -s util-linux | grep Version: | cut -d' ' -f2)" == "x2.19.1-2ubuntu3" ]; then sed -i "s/ExecStart=-\/sbin\/agetty --noclear %I 38400 linux/ExecStart=-\/sbin\/agetty %I 38400 linux/g" "${TARGET_BUILD_DIR}/usr/lib/systemd/system/getty@.service" fi + # eg. systemd expects /bin/less: + if [ "$SYS_DISTRIBUTION" == "opensuse" -a "$SYS_VERSION" == "13.2" ]; then + ln -s /usr/bin/less "$TARGET_BUILD_DIR/bin/less" + fi } diff --git a/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt b/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt index 726c2340..d41bf564 100755 --- a/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt +++ b/remote/modules/vmchooser/data/opt/openslx/scripts/vmchooser-run_virt @@ -445,24 +445,26 @@ fi if true; then # detecting which card is to be used echo "Detecting which sound card to use ..." - PROC="/proc/asound/cards" + PROC="/proc/asound/cards" if [ ! -r "$PROC" ]; then echo "'${PROC}' not found or not readable." SOUND_CARD_INDEX=0 + SOUND_CARD_COUNT=1 else # Try to filter HDMI cards first - SOUND_CARD_INDEX=$(grep -v -i 'HDMI' "${PROC}" | grep -E -o '^[[:space:]]*[0-9]+[[:space:]]+' | head -n 1) + SOUND_CARD_INDEX=$(grep -v -i 'HDMI' "${PROC}" | grep -E -o '^[[:space:]]{0,2}[0-9]+[[:space:]]+' | head -n 1) # If empty, try again with all - [ -z "${SOUND_CARD_INDEX}" ] && SOUND_CARD_INDEX=$(cat "${PROC}" | grep -E -o '^[[:space:]]*[0-9]+[[:space:]]+' | head -n 1) - + [ -z "${SOUND_CARD_INDEX}" ] && SOUND_CARD_INDEX=$(cat "${PROC}" | grep -E -o '^[[:space:]]{0,2}[0-9]+[[:space:]]+' | head -n 1) if [ -z "${SOUND_CARD_INDEX}" ]; then echo "No sound card found." SOUND_CARD_INDEX=0 fi + SOUND_CARD_COUNT=$(grep -E '^[[:space:]]{0,2}[0-9]+[[:space:]]+' "${PROC}" | wc -l) fi SOUND_CARD_INDEX="$(grep -E -o '[0-9]+' <<<$SOUND_CARD_INDEX)" echo "Detected sound card index is: $SOUND_CARD_INDEX" + echo "Sound card count: $SOUND_CARD_COUNT" # Adjust sound volume (playback)... Random mixer names we have encountered during testing echo "Setting up volume..." diff --git a/remote/modules/vmchooser2/data/opt/openslx/scripts/vmchooser-run_virt b/remote/modules/vmchooser2/data/opt/openslx/scripts/vmchooser-run_virt index 726c2340..d41bf564 100755 --- a/remote/modules/vmchooser2/data/opt/openslx/scripts/vmchooser-run_virt +++ b/remote/modules/vmchooser2/data/opt/openslx/scripts/vmchooser-run_virt @@ -445,24 +445,26 @@ fi if true; then # detecting which card is to be used echo "Detecting which sound card to use ..." - PROC="/proc/asound/cards" + PROC="/proc/asound/cards" if [ ! -r "$PROC" ]; then echo "'${PROC}' not found or not readable." SOUND_CARD_INDEX=0 + SOUND_CARD_COUNT=1 else # Try to filter HDMI cards first - SOUND_CARD_INDEX=$(grep -v -i 'HDMI' "${PROC}" | grep -E -o '^[[:space:]]*[0-9]+[[:space:]]+' | head -n 1) + SOUND_CARD_INDEX=$(grep -v -i 'HDMI' "${PROC}" | grep -E -o '^[[:space:]]{0,2}[0-9]+[[:space:]]+' | head -n 1) # If empty, try again with all - [ -z "${SOUND_CARD_INDEX}" ] && SOUND_CARD_INDEX=$(cat "${PROC}" | grep -E -o '^[[:space:]]*[0-9]+[[:space:]]+' | head -n 1) - + [ -z "${SOUND_CARD_INDEX}" ] && SOUND_CARD_INDEX=$(cat "${PROC}" | grep -E -o '^[[:space:]]{0,2}[0-9]+[[:space:]]+' | head -n 1) if [ -z "${SOUND_CARD_INDEX}" ]; then echo "No sound card found." SOUND_CARD_INDEX=0 fi + SOUND_CARD_COUNT=$(grep -E '^[[:space:]]{0,2}[0-9]+[[:space:]]+' "${PROC}" | wc -l) fi SOUND_CARD_INDEX="$(grep -E -o '[0-9]+' <<<$SOUND_CARD_INDEX)" echo "Detected sound card index is: $SOUND_CARD_INDEX" + echo "Sound card count: $SOUND_CARD_COUNT" # Adjust sound volume (playback)... Random mixer names we have encountered during testing echo "Setting up volume..." diff --git a/remote/modules/vmware/data/opt/openslx/vmchooser/vmware/run-virt.include b/remote/modules/vmware/data/opt/openslx/vmchooser/vmware/run-virt.include index 016ebdc6..471a207c 100644 --- a/remote/modules/vmware/data/opt/openslx/vmchooser/vmware/run-virt.include +++ b/remote/modules/vmware/data/opt/openslx/vmchooser/vmware/run-virt.include @@ -258,16 +258,15 @@ runvmwareconfheader () ethernet0.present = "TRUE" ethernet0.addressType = "static" $network_virtualDev - ethernet0.connectionType = "hostonly" - #ethernet1.connectionType = "custom" + #ethernet0.connectionType = "hostonly" + ethernet0.connectionType = "custom" ethernet0.vnet = "$hostdev" ethernet0.address = "00:50:56:$macaddrsuffix" ethernet0.wakeOnPcktRcv = "FALSE" # sound sound.present = "TRUE" - sound.fileName = "sysdefault:CARD=$SOUND_CARD_INDEX" - sound.autodetect = "FALSE" + $sound_fileName sound.virtualdev = "$sound" pciSound.enableVolumeControl = "FALSE" sound.enableVolumeControl = "FALSE" @@ -469,6 +468,15 @@ esac # set standard sound card, overwrite depending on OS (options sb16, es1371, hdaudio) sound="es1371" +# set sound card explicitly if there is more than one card in the host system +if [ -n "$SOUND_CARD_INDEX" -a -n "$SOUND_CARD_COUNT" ] && [ "$SOUND_CARD_COUNT" -gt 1 ]; then + sound_fileName="sound.fileName = \"sysdefault:CARD=${SOUND_CARD_INDEX}\" +sound.autodetect = \"FALSE\"" +else + sound_fileName='sound.fileName = "-1" +sound.autodetect = "TRUE"' +fi + # check for 3D configuration setting case "$enable3d" in true|yes) diff --git a/remote/modules/x11vnc/module.conf.opensuse b/remote/modules/x11vnc/module.conf.opensuse new file mode 100644 index 00000000..b6b60c93 --- /dev/null +++ b/remote/modules/x11vnc/module.conf.opensuse @@ -0,0 +1,6 @@ +REQUIRED_INSTALLED_PACKAGES=" + x11vnc +" +REQUIRED_CONTENT_PACKAGES=" + x11vnc +" diff --git a/remote/modules/xorg/module.conf.opensuse.13.2 b/remote/modules/xorg/module.conf.opensuse.13.2 new file mode 100644 index 00000000..363ce3aa --- /dev/null +++ b/remote/modules/xorg/module.conf.opensuse.13.2 @@ -0,0 +1,92 @@ +# xkbutils, xkbprint, setxkbmap, xkbevd for 64-bit openSuse +REQUIRED_INSTALLED_PACKAGES=" + xorg-x11 + xorg-x11-server + xorg-x11-driver-input + xorg-x11-driver-video + xf86-video-nouveau + xf86-video-vmware + xf86-video-ati + xf86-video-nv + xf86-video-intel + xf86-video-i128 + xf86-video-geode + xf86-video-vesa + xf86-video-fbdev + xf86-video-modesetting + xf86-input-vmmouse + xf86-input-wacom + xf86-input-evdev + xf86-input-joystick + xf86-input-keyboard + xf86-input-mouse + xf86-input-synaptics + xf86-input-void + xkeyboard-config + xkbcomp + dejavu-fonts + kdm-branding-openSUSE + Mesa + xkbutils + xkbprint + setxkbmap + xkbevd + libpixman-1-0 + xrandr + vaapi-intel-driver +" +REQUIRED_CONTENT_PACKAGES=" + xorg-x11 + xorg-x11-server + xorg-x11-driver-input + xorg-x11-driver-video + xf86-video-nouveau + xf86-video-vmware + xf86-video-ati + xf86-video-nv + xf86-video-intel + xf86-video-i128 + xf86-video-geode + xf86-video-vesa + xf86-video-fbdev + xf86-video-modesetting + xf86-input-vmmouse + xf86-input-wacom + xf86-input-evdev + xf86-input-joystick + xf86-input-keyboard + xf86-input-mouse + xf86-input-synaptics + xf86-input-void + xkeyboard-config + xkbcomp + dejavu-fonts + libxcb-glx0 + kdm-branding-openSUSE + Mesa + xkbutils + xkbprint + setxkbmap + xkbevd + libpixman-1-0 + xrandr + vaapi-intel-driver +" +REQUIRED_LIBRARIES=" + libxcb-glx + libIntelXvMC + i965_dri + vmwgfx_dri + i915_dri + i965_drv_video + libpixman-1 +" +REQUIRED_DIRECTORIES+=" + /usr/bin + /usr/lib/udev + /usr/$LIB64/xorg + /usr/share/fonts +" +REQUIRED_FILES=" + /var/adm/fillup-templates/sysconfig.displaymanager-kdm +" |
