From 270cb87b98713ae10c30423398b7277a616aa313 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 21 Jun 2013 16:47:46 +0200
Subject: [redsocks] Don't block systemd target until job is complete

---
 remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'remote/modules')

diff --git a/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
index 885e72dc..91a17363 100644
--- a/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
+++ b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
@@ -1,6 +1,6 @@
 [Unit]
 Description=Proxy setup detection
-Before=sysinit.target shutdown.target
+Before=shutdown.target
 DefaultDependencies=no
 
 [Service]
-- 
cgit v1.2.3-55-g7522


From 09ae103410f6ff67690ef7db869a6874f05e8b13 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 21 Jun 2013 16:48:52 +0200
Subject: [systemd] Remove dependencies of deleted units

---
 remote/modules/systemd/systemd.build | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'remote/modules')

diff --git a/remote/modules/systemd/systemd.build b/remote/modules/systemd/systemd.build
index 8f4081e3..8052ca4e 100644
--- a/remote/modules/systemd/systemd.build
+++ b/remote/modules/systemd/systemd.build
@@ -30,8 +30,12 @@ build () {
 	# Delete unneeded services
 	pinfo "Deleting unneeded services"
 	local SERVICE=
+	local OTHER=
 	for SERVICE in $REQUIRED_DISABLED_SERVICES; do
-		find "${MODULE_BUILD_DIR}" -name "$SERVICE" -delete
+		find "${MODULE_BUILD_DIR}" -name "$SERVICE" -exec rm -r {} \;
+		for OTHER in $(grep -l -r "$SERVICE" "$MODULE_BUILD_DIR/usr/lib/systemd/system"); do
+			sed -i -r "s#\s*$SERVICE\s*# #g" "$OTHER"
+		done
 	done
 }
 
-- 
cgit v1.2.3-55-g7522


From 3a5fb48a71738fb010f9f50395652e132164253c Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Fri, 21 Jun 2013 17:40:55 +0200
Subject: [pam] reverted to old pam config

---
 remote/modules/pam/data/etc/pam.d/common-account | 1 -
 remote/modules/pam/data/etc/pam.d/common-auth    | 3 +--
 remote/modules/pam/data/etc/pam.d/common-session | 6 ++----
 3 files changed, 3 insertions(+), 7 deletions(-)

(limited to 'remote/modules')

diff --git a/remote/modules/pam/data/etc/pam.d/common-account b/remote/modules/pam/data/etc/pam.d/common-account
index 26055551..3a5d5a14 100644
--- a/remote/modules/pam/data/etc/pam.d/common-account
+++ b/remote/modules/pam/data/etc/pam.d/common-account
@@ -23,5 +23,4 @@ account	requisite			pam_deny.so
 # since the modules above will each just jump around
 account	required			pam_permit.so
 # and here are more per-package modules (the "Additional" block)
-account required			pam_krb5.so
 # end of pam-auth-update config
diff --git a/remote/modules/pam/data/etc/pam.d/common-auth b/remote/modules/pam/data/etc/pam.d/common-auth
index 088ed13f..1fa577e7 100644
--- a/remote/modules/pam/data/etc/pam.d/common-auth
+++ b/remote/modules/pam/data/etc/pam.d/common-auth
@@ -14,8 +14,7 @@
 # pam-auth-update(8) for details.
 
 # here are the per-package modules (the "Primary" block)
-auth    [success=3 default=ignore]      pam_krb5.so minimum_uid=1000
-auth	[success=2 default=ignore]	pam_unix.so try_first_pass
+auth	[success=2 default=ignore]	pam_unix.so
 auth	[success=1 default=ignore]	pam_ldap.so use_first_pass nullok_secure
 # here's the fallback if no module succeeds
 auth	requisite			pam_deny.so
diff --git a/remote/modules/pam/data/etc/pam.d/common-session b/remote/modules/pam/data/etc/pam.d/common-session
index e3180dd4..c5813892 100644
--- a/remote/modules/pam/data/etc/pam.d/common-session
+++ b/remote/modules/pam/data/etc/pam.d/common-session
@@ -26,10 +26,8 @@ session	required			pam_permit.so
 # See "man pam_umask".
 session optional			pam_umask.so
 # and here are more per-package modules (the "Additional" block)
-session	[success=3]	pam_unix.so 
-session	[success=2]	pam_krb5.so minimum_uid=1000
-session [success=1]	pam_ldap.so
+session	[success=1]	pam_unix.so 
+session [success=ok]	pam_ldap.so
 session optional 	pam_mkhomedir.so skel=/etc/skel umask=0022
-session optional	pam_script.so
 session	required	pam_systemd.so kill-session-processes=1
 # end of pam-auth-update config
-- 
cgit v1.2.3-55-g7522


From 32befcf97d55baafa17d73766ee7425055f5c352 Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Fri, 21 Jun 2013 18:46:29 +0200
Subject: [pam] remove libpam-mount from REQUIRED_CONTENT_PACKAGES

---
 remote/modules/pam/pam.conf | 1 -
 1 file changed, 1 deletion(-)

(limited to 'remote/modules')

diff --git a/remote/modules/pam/pam.conf b/remote/modules/pam/pam.conf
index bbdd610f..e5bd35c6 100644
--- a/remote/modules/pam/pam.conf
+++ b/remote/modules/pam/pam.conf
@@ -22,7 +22,6 @@ REQUIRED_CONTENT_PACKAGES="
 	krb5-user
 	krb5-config
 	libpam-krb5
-	libpam-mount
 	ldap-utils
 	libnfsidmap2
 	nfs-common
-- 
cgit v1.2.3-55-g7522


From 1126c915edcf371c9981706e97708c5e9984c07a Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Sat, 22 Jun 2013 19:33:20 +0200
Subject: [kdm] Add comments to kdmrc, change session directory [dbus] Add rule
 that allows root to listen to all dbus communication (for debugging)
 [vmchooser] move session file to new session directory

---
 .../etc/dbus-1/system.d/99-nsa-prism-module.conf   | 14 +++++
 remote/modules/kdm/data/etc/kde4/kdm/kdmrc         | 31 ++++++----
 .../data/opt/openslx/xsessions/default.desktop     | 10 ++++
 .../data/usr/share/xsessions/default.desktop       | 10 ----
 remote/modules/xorg/data/etc/X11/Xsession          | 66 +++++++++++-----------
 5 files changed, 78 insertions(+), 53 deletions(-)
 create mode 100644 remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf
 create mode 100755 remote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop
 delete mode 100755 remote/modules/vmchooser/data/usr/share/xsessions/default.desktop

(limited to 'remote/modules')

diff --git a/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf b/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf
new file mode 100644
index 00000000..b6470bd3
--- /dev/null
+++ b/remote/modules/dbus/data/etc/dbus-1/system.d/99-nsa-prism-module.conf
@@ -0,0 +1,14 @@
+<!DOCTYPE busconfig PUBLIC
+	"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy user="root">
+		<allow eavesdrop="true"/>
+		<allow eavesdrop="true"
+			send_type="method_call"
+			send_destination="*"
+			send_path="/org/freedesktop/DBus"
+			send_interface="org.freedesktop.DBus"
+			send_member="AddMatch"/>
+	</policy>
+</busconfig>
diff --git a/remote/modules/kdm/data/etc/kde4/kdm/kdmrc b/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
index 26da07d2..c72b73be 100644
--- a/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
+++ b/remote/modules/kdm/data/etc/kde4/kdm/kdmrc
@@ -1,6 +1,8 @@
 [General]
 PidFile=/var/run/kdm.pid
 ServerVTs=-7
+# Always spawn :0 (this is the default but it won't hurt)
+StaticServers=:0
 
 [X-*-Greeter]
 UseTheme=true
@@ -9,32 +11,41 @@ UseBackground=false
 GreetString=OpenSLX Workstation (%h)
 SelectedUsers=
 UserList=false
+AuthComplain=true
+AntiAliasing=true
 
 [X-:*-Greeter]
 AllowClose=false
 UseAdminSession=true
 
-[X-:0-Core]
+[X-:0-Greeter]
+LogSource=/dev/xconsole
+PreselectUser=None
+UseAdminSession=false
+
+[X-*-Core]
 AllowRootLogin=true
 AllowShutdown=All
 AutoLoginEnable=false
-Reset=/etc/kde4/kdm/Xreset
 ServerAttempts=2
-#TODO: Xsession doesn't work because scripts are missing under /etc/X11/Xsession.d/
+# Custom directory so kdm never sees any other sessions - it's up to the vmchooser to list them
+SessionsDirs=/opt/openslx/xsessions
+
+# Session is executed to start the user's session (as the user)
+# "One of the keywords failsafe, default or custom, or a string to eval by a Bourne-compatible shell is passed as the first argument."
 Session=/etc/kde4/kdm/Xsession
-SessionsDirs=/etc/X11/session,/usr/share/xsessions,/usr/share/apps/kdm/sessions
+# Reset is run after a session terminates (as root)
+Reset=/etc/kde4/kdm/Xreset
+# Setup is executed once before the greeter starts (as root)
 Setup=/etc/kde4/kdm/Xsetup
+# Startup is executed on successful authentication, before the session is opened (as root)
 Startup=/etc/kde4/kdm/Xstartup
 
-[X-:0-Greeter]
-LogSource=/dev/xconsole
-PreselectUser=None
-UseAdminSession=false
-
 [Shutdown]
+AllowFifo=false
 HaltCmd=/usr/bin/systemctl -ff poweroff
 RebootCmd=/usr/bin/systemctl -ff reboot
 
-[xdmcp]
+[Xdmcp]
 Enable=false
 
diff --git a/remote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop b/remote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop
new file mode 100755
index 00000000..d33615cf
--- /dev/null
+++ b/remote/modules/vmchooser/data/opt/openslx/xsessions/default.desktop
@@ -0,0 +1,10 @@
+[Desktop Entry]
+Encoding=UTF-8
+Name=virtual machine chooser (default)
+Name[de]=Virtuelle Maschine auswählen
+Comment=This session starts the vm session chooser
+Comment[de]=Diese Sitzung startet das Auswahlmenü für die vorhandenen Sitzungen
+Exec=/opt/openslx/bin/vmchooser -c /etc/openslx/vmchooser/vmchooser.conf
+TryExec=/opt/openslx/bin/vmchooser
+Icon=
+Type=Application
diff --git a/remote/modules/vmchooser/data/usr/share/xsessions/default.desktop b/remote/modules/vmchooser/data/usr/share/xsessions/default.desktop
deleted file mode 100755
index d33615cf..00000000
--- a/remote/modules/vmchooser/data/usr/share/xsessions/default.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Encoding=UTF-8
-Name=virtual machine chooser (default)
-Name[de]=Virtuelle Maschine auswählen
-Comment=This session starts the vm session chooser
-Comment[de]=Diese Sitzung startet das Auswahlmenü für die vorhandenen Sitzungen
-Exec=/opt/openslx/bin/vmchooser -c /etc/openslx/vmchooser/vmchooser.conf
-TryExec=/opt/openslx/bin/vmchooser
-Icon=
-Type=Application
diff --git a/remote/modules/xorg/data/etc/X11/Xsession b/remote/modules/xorg/data/etc/X11/Xsession
index a9b3d43b..5734d8c4 100644
--- a/remote/modules/xorg/data/etc/X11/Xsession
+++ b/remote/modules/xorg/data/etc/X11/Xsession
@@ -3,36 +3,36 @@
 #Workaround to start Xsession. The original Xsession script includes error handling functionality and sources other scrips from the Xsession.d/ directory.
 
 #start selected session
-   case "$1" in
-      failsafe)
-        # Failsafe session was requested.
-          if [ -e /usr/bin/xterm ]; then
-            if [ -x /usr/bin/xterm ]; then
-              exec xterm -geometry +1+1
-            else
-              # fatal error
-              errormsg "unable to launch failsafe X session ---" \
-                       "x-terminal-emulator not executable; aborting."
-            fi
-          else
-            # fatal error
-            errormsg "unable to launch failsafe X session ---" \
-                     "x-terminal-emulator not found; aborting."
-          fi
-        ;;
-      *)
-        # Specific program was requested.
-        STARTUP_FULL_PATH=$(/opt/openslx/usr/bin/which "${1%% *}" || true)
-        if [ -n "$STARTUP_FULL_PATH" ] && [ -e "$STARTUP_FULL_PATH" ]; then
-          if [ -x "$STARTUP_FULL_PATH" ]; then
-            exec $1
-          else
-            message "unable to launch \"$1\" X session ---" \
-                    "\"$1\" not executable; falling back to default session."
-          fi
-        else
-          message "unable to launch \"$1\" X session ---" \
-                  "\"$1\" not found; falling back to default session."
-        fi
-        ;;
-    esac
+case "$1" in
+	failsafe)
+		# Failsafe session was requested.
+		if [ -e /usr/bin/xterm ]; then
+			if [ -x /usr/bin/xterm ]; then
+				exec xterm -geometry +1+1
+			else
+				# fatal error
+				errormsg "unable to launch failsafe X session ---" \
+					"x-terminal-emulator not executable; aborting."
+			fi
+		else
+			# fatal error
+			errormsg "unable to launch failsafe X session ---" \
+				"x-terminal-emulator not found; aborting."
+		fi
+	;;
+	*)
+		# Specific program was requested.
+		STARTUP_FULL_PATH=$(/opt/openslx/usr/bin/which "${1%% *}" || true)
+		if [ -n "$STARTUP_FULL_PATH" ] && [ -e "$STARTUP_FULL_PATH" ]; then
+			if [ -x "$STARTUP_FULL_PATH" ]; then
+				exec $1
+			else
+				message "unable to launch \"$1\" X session ---" \
+					"\"$1\" not executable; falling back to default session."
+			fi
+		else
+			message "unable to launch \"$1\" X session ---" \
+				"\"$1\" not found; falling back to default session."
+		fi
+	;;
+esac
-- 
cgit v1.2.3-55-g7522