summaryrefslogtreecommitdiffstats
path: root/remote/modules
diff options
context:
space:
mode:
Diffstat (limited to 'remote/modules')
-rw-r--r--remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf14
-rw-r--r--remote/modules/kdm/data/etc/kde4/kdm/kdmrc31
-rw-r--r--remote/modules/pam/data/etc/pam.d/common-account1
-rw-r--r--remote/modules/pam/data/etc/pam.d/common-auth3
-rw-r--r--remote/modules/pam/data/etc/pam.d/common-session6
-rw-r--r--remote/modules/pam/pam.conf1
-rw-r--r--remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service2
-rw-r--r--remote/modules/systemd/systemd.build6
-rwxr-xr-xremote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop (renamed from remote/modules/vmchooser/data/usr/share/xsessions/default.desktop)0
-rw-r--r--remote/modules/xorg/data/etc/X11/Xsession66
10 files changed, 77 insertions, 53 deletions
diff --git a/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf b/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf
new file mode 100644
index 00000000..b6470bd3
--- /dev/null
+++ b/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf
@@ -0,0 +1,14 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow eavesdrop="true"/>
+ <allow eavesdrop="true"
+ send_type="method_call"
+ send_destination="*"
+ send_path="/org/freedesktop/DBus"
+ send_interface="org.freedesktop.DBus"
+ send_member="AddMatch"/>
+ </policy>
+</busconfig>
diff --git a/remote/modules/kdm/data/etc/kde4/kdm/kdmrc b/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
index 26da07d2..c72b73be 100644
--- a/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
+++ b/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
@@ -1,6 +1,8 @@
[General]
PidFile=/var/run/kdm.pid
ServerVTs=-7
+# Always spawn :0 (this is the default but it won't hurt)
+StaticServers=:0
[X-*-Greeter]
UseTheme=true
@@ -9,32 +11,41 @@ UseBackground=false
GreetString=OpenSLX Workstation (%h)
SelectedUsers=
UserList=false
+AuthComplain=true
+AntiAliasing=true
[X-:*-Greeter]
AllowClose=false
UseAdminSession=true
-[X-:0-Core]
+[X-:0-Greeter]
+LogSource=/dev/xconsole
+PreselectUser=None
+UseAdminSession=false
+
+[X-*-Core]
AllowRootLogin=true
AllowShutdown=All
AutoLoginEnable=false
-Reset=/etc/kde4/kdm/Xreset
ServerAttempts=2
-#TODO: Xsession doesn't work because scripts are missing under /etc/X11/Xsession.d/
+# Custom directory so kdm never sees any other sessions - it's up to the vmchooser to list them
+SessionsDirs=/opt/openslx/xsessions
+
+# Session is executed to start the user's session (as the user)
+# "One of the keywords failsafe, default or custom, or a string to eval by a Bourne-compatible shell is passed as the first argument."
Session=/etc/kde4/kdm/Xsession
-SessionsDirs=/etc/X11/session,/usr/share/xsessions,/usr/share/apps/kdm/sessions
+# Reset is run after a session terminates (as root)
+Reset=/etc/kde4/kdm/Xreset
+# Setup is executed once before the greeter starts (as root)
Setup=/etc/kde4/kdm/Xsetup
+# Startup is executed on successful authentication, before the session is opened (as root)
Startup=/etc/kde4/kdm/Xstartup
-[X-:0-Greeter]
-LogSource=/dev/xconsole
-PreselectUser=None
-UseAdminSession=false
-
[Shutdown]
+AllowFifo=false
HaltCmd=/usr/bin/systemctl -ff poweroff
RebootCmd=/usr/bin/systemctl -ff reboot
-[xdmcp]
+[Xdmcp]
Enable=false
diff --git a/remote/modules/pam/data/etc/pam.d/common-account b/remote/modules/pam/data/etc/pam.d/common-account
index 26055551..3a5d5a14 100644
--- a/remote/modules/pam/data/etc/pam.d/common-account
+++ b/remote/modules/pam/data/etc/pam.d/common-account
@@ -23,5 +23,4 @@ account requisite pam_deny.so
# since the modules above will each just jump around
account required pam_permit.so
# and here are more per-package modules (the "Additional" block)
-account required pam_krb5.so
# end of pam-auth-update config
diff --git a/remote/modules/pam/data/etc/pam.d/common-auth b/remote/modules/pam/data/etc/pam.d/common-auth
index 088ed13f..1fa577e7 100644
--- a/remote/modules/pam/data/etc/pam.d/common-auth
+++ b/remote/modules/pam/data/etc/pam.d/common-auth
@@ -14,8 +14,7 @@
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
-auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
-auth [success=2 default=ignore] pam_unix.so try_first_pass
+auth [success=2 default=ignore] pam_unix.so
auth [success=1 default=ignore] pam_ldap.so use_first_pass nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
diff --git a/remote/modules/pam/data/etc/pam.d/common-session b/remote/modules/pam/data/etc/pam.d/common-session
index e3180dd4..c5813892 100644
--- a/remote/modules/pam/data/etc/pam.d/common-session
+++ b/remote/modules/pam/data/etc/pam.d/common-session
@@ -26,10 +26,8 @@ session required pam_permit.so
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
-session [success=3] pam_unix.so
-session [success=2] pam_krb5.so minimum_uid=1000
-session [success=1] pam_ldap.so
+session [success=1] pam_unix.so
+session [success=ok] pam_ldap.so
session optional pam_mkhomedir.so skel=/etc/skel umask=0022
-session optional pam_script.so
session required pam_systemd.so kill-session-processes=1
# end of pam-auth-update config
diff --git a/remote/modules/pam/pam.conf b/remote/modules/pam/pam.conf
index bbdd610f..e5bd35c6 100644
--- a/remote/modules/pam/pam.conf
+++ b/remote/modules/pam/pam.conf
@@ -22,7 +22,6 @@ REQUIRED_CONTENT_PACKAGES="
krb5-user
krb5-config
libpam-krb5
- libpam-mount
ldap-utils
libnfsidmap2
nfs-common
diff --git a/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
index 885e72dc..91a17363 100644
--- a/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
+++ b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
@@ -1,6 +1,6 @@
[Unit]
Description=Proxy setup detection
-Before=sysinit.target shutdown.target
+Before=shutdown.target
DefaultDependencies=no
[Service]
diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build
index 8f4081e3..8052ca4e 100644
--- a/remote/modules/systemd/systemd.build
+++ b/remote/modules/systemd/systemd.build
@@ -30,8 +30,12 @@ build () {
# Delete unneeded services
pinfo "Deleting unneeded services"
local SERVICE=
+ local OTHER=
for SERVICE in $REQUIRED_DISABLED_SERVICES; do
- find "${MODULE_BUILD_DIR}" -name "$SERVICE" -delete
+ find "${MODULE_BUILD_DIR}" -name "$SERVICE" -exec rm -r {} \;
+ for OTHER in $(grep -l -r "$SERVICE" "$MODULE_BUILD_DIR/usr/lib/systemd/system"); do
+ sed -i -r "s#\s*$SERVICE\s*# #g" "$OTHER"
+ done
done
}
diff --git a/remote/modules/vmchooser/data/usr/share/xsessions/default.desktop b/remote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop
index d33615cf..d33615cf 100755
--- a/remote/modules/vmchooser/data/usr/share/xsessions/default.desktop
+++ b/remote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop
diff --git a/remote/modules/xorg/data/etc/X11/Xsession b/remote/modules/xorg/data/etc/X11/Xsession
index a9b3d43b..5734d8c4 100644
--- a/remote/modules/xorg/data/etc/X11/Xsession
+++ b/remote/modules/xorg/data/etc/X11/Xsession
@@ -3,36 +3,36 @@
#Workaround to start Xsession. The original Xsession script includes error handling functionality and sources other scrips from the Xsession.d/ directory.
#start selected session
- case "$1" in
- failsafe)
- # Failsafe session was requested.
- if [ -e /usr/bin/xterm ]; then
- if [ -x /usr/bin/xterm ]; then
- exec xterm -geometry +1+1
- else
- # fatal error
- errormsg "unable to launch failsafe X session ---" \
- "x-terminal-emulator not executable; aborting."
- fi
- else
- # fatal error
- errormsg "unable to launch failsafe X session ---" \
- "x-terminal-emulator not found; aborting."
- fi
- ;;
- *)
- # Specific program was requested.
- STARTUP_FULL_PATH=$(/opt/openslx/usr/bin/which "${1%% *}" || true)
- if [ -n "$STARTUP_FULL_PATH" ] && [ -e "$STARTUP_FULL_PATH" ]; then
- if [ -x "$STARTUP_FULL_PATH" ]; then
- exec $1
- else
- message "unable to launch \"$1\" X session ---" \
- "\"$1\" not executable; falling back to default session."
- fi
- else
- message "unable to launch \"$1\" X session ---" \
- "\"$1\" not found; falling back to default session."
- fi
- ;;
- esac
+case "$1" in
+ failsafe)
+ # Failsafe session was requested.
+ if [ -e /usr/bin/xterm ]; then
+ if [ -x /usr/bin/xterm ]; then
+ exec xterm -geometry +1+1
+ else
+ # fatal error
+ errormsg "unable to launch failsafe X session ---" \
+ "x-terminal-emulator not executable; aborting."
+ fi
+ else
+ # fatal error
+ errormsg "unable to launch failsafe X session ---" \
+ "x-terminal-emulator not found; aborting."
+ fi
+ ;;
+ *)
+ # Specific program was requested.
+ STARTUP_FULL_PATH=$(/opt/openslx/usr/bin/which "${1%% *}" || true)
+ if [ -n "$STARTUP_FULL_PATH" ] && [ -e "$STARTUP_FULL_PATH" ]; then
+ if [ -x "$STARTUP_FULL_PATH" ]; then
+ exec $1
+ else
+ message "unable to launch \"$1\" X session ---" \
+ "\"$1\" not executable; falling back to default session."
+ fi
+ else
+ message "unable to launch \"$1\" X session ---" \
+ "\"$1\" not found; falling back to default session."
+ fi
+ ;;
+esac
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-02 09:06:56 +0100