From 290d4d1cf9413ce91e44000d7ccc858eab409da2 Mon Sep 17 00:00:00 2001 From: Papoteur Date: Sat, 2 Sep 2017 21:41:30 +0200 Subject: Suppress managing kdm (mga#21648) --- src/msec/plugins/msec.py | 38 +++----------------------------------- src/msec/plugins/network.py | 2 -- 2 files changed, 3 insertions(+), 37 deletions(-) (limited to 'src') diff --git a/src/msec/plugins/msec.py b/src/msec/plugins/msec.py index 36f8b21..8610cc6 100755 --- a/src/msec/plugins/msec.py +++ b/src/msec/plugins/msec.py @@ -42,7 +42,6 @@ INITTAB = '/etc/inittab' ISSUE = '/etc/issue' ISSUENET = '/etc/issue.net' KDE = '/etc/pam.d/kde' -KDMRC = '/usr/share/config/kdm/kdmrc' LILOCONF = '/etc/lilo.conf' LOGINDEFS = '/etc/login.defs' MENULST = '/boot/grub/menu.lst' @@ -74,7 +73,6 @@ SECURETTY = '/etc/securetty' STARTX_REGEXP = '(\s*serverargs=".*) -nolisten tcp(.*")' XSERVERS_REGEXP = '(\s*[^#]+/usr/bin/X .*) -nolisten tcp(.*)' GDMCONF_REGEXP = '(\s*command=.*/X.*?) -nolisten tcp(.*)$' -KDMRC_REGEXP = re.compile('(.*?)-nolisten tcp(.*)$') SDDMCONF_REGEXP = re.compile('(.*?)-listen tcp(.*)$') # ctrl-alt-del CTRALTDEL_REGEXP = '^ca::ctrlaltdel:/sbin/shutdown.*' @@ -211,17 +209,11 @@ class msec: startx = self.configfiles.get_config_file(STARTX) xservers = self.configfiles.get_config_file(XSERVERS) gdmconf = self.configfiles.get_config_file(GDMCONF) - kdmrc = self.configfiles.get_config_file(KDMRC) sddmconf = self.configfiles.get_config_file(SDDMCONF) val_startx = startx.get_match(STARTX_REGEXP) val_xservers = xservers.get_match(XSERVERS_REGEXP) val_gdmconf = gdmconf.get_shell_variable('DisallowTCP') - str = kdmrc.get_shell_variable('ServerArgsLocal', 'X-\*-Core', '^\s*$') - if str: - val_kdmrc = KDMRC_REGEXP.search(str) - else: - val_kdmrc = None str = sddmconf.get_shell_variable('ServerArguments', 'X11', '^\s*$') if str: val_sddmconf = SDDMCONF_REGEXP.search(str) @@ -232,7 +224,7 @@ class msec: # TODO: better check for file existance if arg == "yes": - if val_startx or val_xservers or val_kdmrc or val_gdmconf != 'false': + if val_startx or val_xservers or val_gdmconf != 'false': self.log.info(_('Allowing the X server to listen to tcp connections')) if startx.exists(): startx.replace_line_matching(STARTX_REGEXP, '@1@2', all=1) @@ -240,12 +232,10 @@ class msec: xservers.replace_line_matching(XSERVERS_REGEXP, '@1@2', 0, 1) if gdmconf.exists(): gdmconf.set_shell_variable('DisallowTCP', 'false', '\[security\]', '^\s*$') - if kdmrc.exists(): - kdmrc.replace_line_matching('^(ServerArgsLocal=.*?)-nolisten tcp(.*)$', '@1@2', 0, 0, 'X-\*-Core', '^\s*$') if sddmconf.exists() and not val_sddmconf: sddmconf.replace_line_matching('^(ServerArguments=.*)$', '@1 -listen tcp', 'ServerArguments=-listen tcp', 0, 'X11', '^\s*$') else: - if not val_startx or not val_xservers or not val_kdmrc or val_gdmconf != 'true' or not val_sddmconf: + if not val_startx or not val_xservers or val_gdmconf != 'true' or not val_sddmconf: self.log.info(_('Forbidding the X server to listen to tcp connection')) if not val_startx: startx.exists() and startx.replace_line_matching('serverargs="(.*?)( -nolisten tcp)?"', 'serverargs="@1 -nolisten tcp"') @@ -253,8 +243,6 @@ class msec: xservers.exists() and xservers.replace_line_matching('(\s*[^#]+/usr/bin/X .*?)( -nolisten tcp)?$', '@1 -nolisten tcp', 0, 1) if val_gdmconf != 'true': gdmconf.exists() and gdmconf.set_shell_variable('DisallowTCP', 'true', '\[security\]', '^\s*$') - if not val_kdmrc: - kdmrc.exists() and kdmrc.replace_line_matching('^(ServerArgsLocal=.*)$', '@1 -nolisten tcp', 'ServerArgsLocal=-nolisten tcp', 0, 'X-\*-Core', '^\s*$') if sddmconf.exists(): sddmconf.replace_line_matching('^(ServerArguments=.*?)-listen tcp(.*)$', '@1@2', 0, 0, 'X11', '^\s*$') @@ -318,7 +306,6 @@ class msec: ''' Allow system reboot and shutdown to local users.''' shutdownallow = self.configfiles.get_config_file(SHUTDOWNALLOW) sysctlconf = self.configfiles.get_config_file(SYSCTLCONF) - kdmrc = self.configfiles.get_config_file(KDMRC) gdmconf = self.configfiles.get_config_file(GDMCONF) inittab = self.configfiles.get_config_file(INITTAB) shutdown = self.configfiles.get_config_file(SHUTDOWN) @@ -336,7 +323,6 @@ class msec: val_sysctlconf = sysctlconf.get_shell_variable('kernel.sysrq') val_inittab = inittab.get_match(CTRALTDEL_REGEXP) val_gdmconf = gdmconf.get_shell_variable('SystemMenu') - oldval_kdmrc = kdmrc.get_shell_variable('AllowShutdown', 'X-:\*-Core', '^\s*$') if arg == "yes": if val_shutdownallow or not val_shutdown or not val_poweroff or not val_reboot or not val_halt: @@ -357,10 +343,6 @@ class msec: pass else: gdmconf.set_shell_variable('SystemMenu', 'true', '\[greeter\]', '^\s*$') - if kdmrc.exists(): - if oldval_kdmrc != 'All': - self.log.info(_('Allowing Shutdown/Reboot in KDM')) - kdmrc.set_shell_variable('AllowShutdown', 'All', 'X-:\*-Core', '^\s*$') if not val_inittab: self.log.info(_('Allowing Ctrl-Alt-Del from console')) inittab.exists() and inittab.replace_line_matching(CTRALTDEL_REGEXP, 'ca::ctrlaltdel:/sbin/shutdown -t3 -r now', 1) @@ -384,30 +366,20 @@ class msec: pass else: gdmconf.set_shell_variable('SystemMenu', 'false', '\[greeter\]', '^\s*$') - if kdmrc.exists(): - if oldval_kdmrc != 'None': - self.log.info(_('Forbidding Shutdown/Reboot in KDM')) - kdmrc.set_shell_variable('AllowShutdown', 'None', 'X-:\*-Core', '^\s*$') if val_inittab: self.log.info(_('Forbidding Ctrl-Alt-Del from console')) inittab.exists() and inittab.remove_line_matching(CTRALTDEL_REGEXP) def allow_user_list(self, arg): - ''' Allow display managers (kdm and gdm) to display list of local users.''' - kdmrc = self.configfiles.get_config_file(KDMRC) + ''' Allow display managers (sddm and gdm) to display list of local users.''' gdmconf = self.configfiles.get_config_file(GDMCONF) gdm230 = self.configfiles.get_config_file(GDM230) sddmconf = self.configfiles.get_config_file(SDDMCONF) oldval_gdmconf = gdmconf.get_shell_variable('Browser') - oldval_kdmrc = kdmrc.get_shell_variable('ShowUsers', 'X-\*-Greeter', '^\s*$') oldval_sddmconf = sddmconf.get_shell_variable('RememberLastUser','X11', '^\s*$') if arg == "yes": - if kdmrc.exists(): - if oldval_kdmrc != 'NotHidden': - self.log.info(_("Allowing list of users in {}").format('KDM')) - kdmrc.set_shell_variable('ShowUsers', 'NotHidden', 'X-\*-Greeter', '^\s*$') if gdmconf.exists(): if gdm230.exists(): pass @@ -420,10 +392,6 @@ class msec: self.log.info(_("Allowing list of users in {}").format('SDDM')) sddmconf.set_shell_variable('RememberLastUser', 'true','X11', '^\s*$') else: - if kdmrc.exists(): - if oldval_kdmrc != 'Selected': - self.log.info(_("Forbidding list of users in {}").format('KDM')) - kdmrc.set_shell_variable('ShowUsers', 'Selected', 'X-\*-Greeter', '^\s*$') if gdmconf.exists(): if gdm230.exists(): pass diff --git a/src/msec/plugins/network.py b/src/msec/plugins/network.py index ecaae94..2f5753b 100755 --- a/src/msec/plugins/network.py +++ b/src/msec/plugins/network.py @@ -38,7 +38,6 @@ INITTAB = '/etc/inittab' ISSUE = '/etc/issue' ISSUENET = '/etc/issue.net' KDE = '/etc/pam.d/kde' -KDMRC = '/usr/share/config/kdm/kdmrc' LILOCONF = '/etc/lilo.conf' LOGINDEFS = '/etc/login.defs' MENULST = '/boot/grub/menu.lst' @@ -69,7 +68,6 @@ SECURETTY = '/etc/securetty' STARTX_REGEXP = '(\s*serverargs=".*) -nolisten tcp(.*")' XSERVERS_REGEXP = '(\s*[^#]+/usr/bin/X .*) -nolisten tcp(.*)' GDMCONF_REGEXP = '(\s*command=.*/X.*?) -nolisten tcp(.*)$' -KDMRC_REGEXP = re.compile('(.*?)-nolisten tcp(.*)$') # ctrl-alt-del CTRALTDEL_REGEXP = '^ca::ctrlaltdel:/sbin/shutdown.*' # consolehelper -- cgit v1.2.1