File SuSEconfig.gdm of Package gdm

#!/bin/bash
#
# Copyright (c) 2004-2006 SuSE
# Author: Stanislav Brabec <sbrabec@suse.cz>

type -p awk  &> /dev/null || {
    echo "${0##*/}: No awk  in PATH ... skipping"
    exit 0
}
type -p cmp  &> /dev/null || {
    echo "${0##*/}: No cmp  in PATH ... skipping"
    exit 0
}

# Read old values. We will need one for correct updating of 
if test -f $r/etc/gdm/gdm_sysconfig.conf ; then
. $r/etc/gdm/gdm_sysconfig.conf
fi
export OLD_DISPLAYMANAGER_AUTOLOGIN="$DISPLAYMANAGER_AUTOLOGIN"

r=$ROOT
# Set default values. (This overwrites all variables from gdm_sysconfig.conf.)
DISPLAYMANAGER_REMOTE_ACCESS="no"
DISPLAYMANAGER_ROOT_LOGIN_REMOTE="no"
DISPLAYMANAGER_STARTS_XSERVER="yes"
DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN="no"
DISPLAYMANAGER_AUTOLOGIN=""
DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no"
DISPLAYMANAGER_AD_INTEGRATION="no"
DISPLAYMANAGER_SHUTDOWN=""
test -f $r/etc/sysconfig/displaymanager || {
    echo "${0##*/}: No $r/etc/sysconfig/displaymanager found."
    exit 1
}
. $r/etc/sysconfig/displaymanager

test -f $r/etc/sysconfig/security || {
    echo "${0##*/}: No $r/etc/sysconfig/security found."
    exit 1
}
. $r/etc/sysconfig/security

test -f $r/lib/YaST/SuSEconfig.functions || {
    echo "${0##*/}: ERROR - can not find $r"'/lib/YaST/SuSEconfig.functions!!'
    echo "${0##*/}: This should not happen.  Exit..."
    exit 1
}
. $r/lib/YaST/SuSEconfig.functions

GDM_IS_RUNNING=false
if test -z "$r" ; then
    if test "$DISPLAYMANAGER" = gdm ; then
	if /etc/init.d/xdm status >/dev/null ; then
	    GDM_IS_RUNNING=false
	fi
    fi
fi

# Write new set of monitore variables.
echo -en "# custom.conf was last time updated with following sysconfig:\\nDISPLAYMANAGER_REMOTE_ACCESS=\"$DISPLAYMANAGER_REMOTE_ACCESS\"\\nDISPLAYMANAGER_ROOT_LOGIN_REMOTE=\"$DISPLAYMANAGER_ROOT_LOGIN_REMOTE\"\\nDISPLAYMANAGER_STARTS_XSERVER=\"$DISPLAYMANAGER_STARTS_XSERVER\"\\nDISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN=\"$DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN\"\\nDISPLAYMANAGER_AUTOLOGIN=\"$DISPLAYMANAGER_AUTOLOGIN\"\\nDISPLAYMANAGER_PASSWORD_LESS_LOGIN=\"$DISPLAYMANAGER_PASSWORD_LESS_LOGIN\"\\nDISPLAYMANAGER_AD_INTEGRATION=\"$DISPLAYMANAGER_AD_INTEGRATION\"\\nDISPLAYMANAGER_SHUTDOWN=\"$DISPLAYMANAGER_SHUTDOWN\"\\nPERMISSION_SECURITY=\"$PERMISSION_SECURITY\"\\n" >$r/etc/gdm/gdm_sysconfig.conf.new

# Are there any changes in monitored variables?
if cmp -s 2>/dev/null $r/etc/gdm/gdm_sysconfig.conf $r/etc/gdm/gdm_sysconfig.conf.new ; then
    rm $r/etc/gdm/gdm_sysconfig.conf.new
    exit
fi

function sysconfig_yesno_to_gdm {
    eval local suseval=\$$1
    case "$suseval" in
	yes )
	    export $2=true
	    ;;
	* )
	    export $2=false
	    ;;
    esac
    export comment_$2="displaymanager:$1"
}
function sysconfig_yesno_to_gdm_reversed {
    eval local suseval=\$$1
    case "$suseval" in
	yes )
	    export $2=false
	    ;;
	* )
	    export $2=true
	    ;;
    esac
    export comment_$2="displaymanager:~$1"
}

sysconfig_yesno_to_gdm DISPLAYMANAGER_REMOTE_ACCESS xdmcp_Enable

sysconfig_yesno_to_gdm DISPLAYMANAGER_ROOT_LOGIN_REMOTE security_AllowRemoteRoot

export comment_servers_0="displaymanager:DISPLAYMANAGER_STARTS_XSERVER"
case "$DISPLAYMANAGER_STARTS_XSERVER" in
    "yes" )
	export servers_0=@SKIP@
	;;
    * )
	export servers_0=inactive
	;;
esac

sysconfig_yesno_to_gdm_reversed DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN security_DisallowTCP

sysconfig_yesno_to_gdm DISPLAYMANAGER_AD_INTEGRATION greeter_ShowDomain

export comment_daemon_AutomaticLoginEnable="displaymanager:DISPLAYMANAGER_AUTOLOGIN"
export comment_daemon_AutomaticLogin="displaymanager:DISPLAYMANAGER_AUTOLOGIN"
case "$DISPLAYMANAGER_AUTOLOGIN" in
    "" )
	export daemon_AutomaticLoginEnable=false
	export daemon_AutomaticLogin=@SKIP@
	;;
    * )
	export daemon_AutomaticLoginEnable=true
	export daemon_AutomaticLogin="$DISPLAYMANAGER_AUTOLOGIN"
	;;
esac

export comment_greeter_AllowShutdown="displaymanager:DISPLAYMANAGER_SHUTDOWN"
export comment_greeter_SecureShutdown="displaymanager:DISPLAYMANAGER_SHUTDOWN"
case "$DISPLAYMANAGER_SHUTDOWN" in
    root )
	export greeter_AllowShutdown=true
	export greeter_SecureShutdown=true
	;;
    # Remote users can never shutdown in GDM.
    none )
	export greeter_AllowShutdown=false
	export greeter_SecureShutdown=true
	;;
    all )
	export greeter_AllowShutdown=true
	export greeter_SecureShutdown=false
	;;
    auto | * )
	export comment_greeter_AllowShutdown="displaymanager:DISPLAYMANAGER_SHUTDOWN, security:PERMISSION_SECURITY"
	export comment_greeter_SecureShutdown="displaymanager:DISPLAYMANAGER_SHUTDOWN, security:PERMISSION_SECURITY"
	export comment_security_AllowRemoteRoot="displaymanager:DISPLAYMANAGER_ROOT_LOGIN_REMOTE,DISPLAYMANAGER_SHUTDOWN, security:PERMISSION_SECURITY"
	case "$PERMISSION_SECURITY" in
	    paranoid )
		export greeter_AllowShutdown=true
		export greeter_SecureShutdown=true
		export security_AllowRemoteRoot=false
		;;
	    "easy local" )
		export greeter_AllowShutdown=true
		export greeter_SecureShutdown=false
		;;
	    * )
		export greeter_AllowShutdown=true
		export greeter_SecureShutdown=true
		;;
	esac
	;;
esac


unset unset ${!last_of_*} ${!custom_conf_*}

# Parse configuration file and record all items to environment values.
eval "$(
awk <$r/etc/gdm/custom.conf '
BEGIN {
    section="BEGIN";
    section_last_line=0;
    after_empty_line=0;
}

# Do not set last_of_ initial comments of a new section.
/^#/ {
    if (after_empty_line == 0)
	section_last_line=NR;
    else
    next;
}

/^\[.*\]/ {
    print "export last_of_"section"="section_last_line;
    section=$0;
    gsub ("[][]", "", section);
    section_last_line=NR;
    after_empty_line=0;
    next;
}

/^[a-zA-Z0-9_]*=/ {
    item=$0;
    gsub ("=.*", "", item);
    value=$0;
    gsub ("^[a-zA-Z0-9_]*=", "", value);
    gsub ("'\''", "'\''\\'\'''\''", value);
    section_last_line=NR;
    after_empty_line=0;
    print "export custom_conf_"section"_"item"_seen=true";
#   print "export custom_conf_"section"_"item"='\''"value"'\''";
    next;
}

# Do not set last_of_ for empty lines - we want to add missing stuff before the final empty line.
/^$/ {
    after_empty_line=1;
    next;
}

/.*/ {
    section_last_line=NR;
    after_empty_line=0;
}

END {
    print "export last_of_"section"="section_last_line;
}
'
)"

# And now set what is required.
awk <$r/etc/gdm/custom.conf >$r/etc/gdm/custom.conf.new  '
# Prepare array from variable.
function gdm_prepare_var(var) {
    gdm_conf_var[var]=ENVIRON[var];
}

# Update configuration from gdm_conf_var array.
function update_item(section, item) {
    if (gdm_conf_var[section"_"item] != "@SKIP@") {
        print "# SuSEconfig: "ENVIRON["comment_"section"_"item];
	print item"="gdm_conf_var[section"_"item];
	if (ENVIRON["GDM_IS_RUNNING"] == "true")
	    # FIXME: If gdm is running and no session is active, command is executed too early.
            system("$r/usr/bin/gdmflexiserver --command=\"UPDATE_CONFIG "section"/"item"\"")
	return "DONE";
    } else
	return "KEEP_ORIG";
}

function process_unseen() {
    # Print all items not seen in the section.
    if (ENVIRON["last_of_"section] == NR)
	for (item in gdm_conf_var) {
	    item_section = item;
	    gsub ("_.*", "", item_section);
	    gsub ("[^_]*_", "", item);
	    if (item_section == section && ENVIRON["custom_conf_"section"_"item"_seen"] != "true")
		update_item(section, item);
	}
}

BEGIN {
    section="BEGIN";
    gdm_prepare_var("daemon_AutomaticLoginEnable");
    gdm_prepare_var("daemon_AutomaticLogin");
    gdm_prepare_var("security_AllowRemoteRoot");
    gdm_prepare_var("security_DisallowTCP");
    gdm_prepare_var("xdmcp_Enable");
    gdm_prepare_var("greeter_AllowShutdown");
    gdm_prepare_var("greeter_SecureShutdown");
    gdm_prepare_var("greeter_ShowDomain");
    gdm_prepare_var("servers_0");
}

# Remove invalid entry created by SuSEconfig.gdm in SuSE Linux 10.2.
/^enable=/ {
    if (section == "xdmcp") {
# Remove old gdm_sysconfig.conf to force update of custom.conf.
	system("rm -f $r/etc/gdm/gdm_sysconfig.conf");
	process_unseen();
	next;
    }
}

/^# SuSEconfig:/ {
    process_unseen();
    next;
}

/^\[.*\]/ {
    section=$0;
    gsub ("[][]", "", section);
    print;
    process_unseen();
    next;
}

/^[a-zA-Z0-9_]*=/ {
    item=$0;
    gsub ("=.*", "", item);
    value=$0;
    gsub ("^[a-zA-Z0-9_]*=", "", value);
    # Update value of item.
    if (section"_"item in gdm_conf_var) {
	if (update_item(section, item) == "KEEP_ORIG")
	    # This is actually used only for daemon_AutomaticLogin and servers_0:
	    if (item == "servers_0") {
		if (value != "inactive")
		    print;
	    } else {
		if (value != ENVIRON["OLD_DISPLAYMANAGER_AUTOLOGIN"])
		    print;
	    }
    } else
	print;
    process_unseen();
    next;
}

/.*/ {
    print;
    process_unseen();
    next;
}
'
# Password-less login is implemented by PAM. Do the required change.
if [ "$DISPLAYMANAGER_PASSWORD_LESS_LOGIN" = "yes" ] ; then
    sed 's/^\(auth[[:space:]][[:space:]]*\)include[[:space:]]\([[:space:]]*\)common-auth/\1required\2pam_permit.so/' <$r/etc/pam.d/gdm >$r/etc/pam.d/gdm.new
else
    sed 's/^\(auth[[:space:]][[:space:]]*\)required\([[:space:]][[:space:]]*\)pam_permit\.so/\1include \2common-auth/' <$r/etc/pam.d/gdm >$r/etc/pam.d/gdm.new
fi
if cmp -s $r/etc/pam.d/gdm $r/etc/pam.d/gdm.new ; then
    rm $r/etc/pam.d/gdm.new
else
    mv $r/etc/pam.d/gdm.new $r/etc/pam.d/gdm
fi

mv $r/etc/gdm/custom.conf.new $r/etc/gdm/custom.conf
mv $r/etc/gdm/gdm_sysconfig.conf.new $r/etc/gdm/gdm_sysconfig.conf