From 8618a4bc3463113e517321861860ecfaa6e77f2c Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Sat, 8 Sep 2012 01:15:04 +0200 Subject: [PATCH 1/4] =?UTF-8?q?Ne=20pas=20forcer=20les=20param=C3=A8tres?= =?UTF-8?q?=20pour=20les=20membres=20du=20groupe=20admins?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- root/usr/share/mozilla-mcd/firefox.php | 33 +++++++---- root/usr/share/mozilla-mcd/thunderbird.php | 89 ++++++++++++++++-------------- 2 files changed, 70 insertions(+), 52 deletions(-) diff --git a/root/usr/share/mozilla-mcd/firefox.php b/root/usr/share/mozilla-mcd/firefox.php index 3896611..fb70afc 100644 --- a/root/usr/share/mozilla-mcd/firefox.php +++ b/root/usr/share/mozilla-mcd/firefox.php @@ -20,6 +20,15 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV // user not found exit; } + $pref = FF_PREF; + // Don't lock pref if the user is member of admins + // regardless of the setting + foreach ($user[0]['posixmemberof'] as $group){ + if ($group == 'admins'){ + $pref = 'defaultPref'; + break; + } + } } else { exit; @@ -27,36 +36,36 @@ else { ?> // Disable auto updates -("app.update.enabled", false); -("app.update.auto", false); +("app.update.enabled", false); +("app.update.auto", false); // Extensions -("extensions.installDistroAddons", true); -("extensions.enabledScopes", 13); -("extensions.autoDisableScopes", 2); +("extensions.installDistroAddons", true); +("extensions.enabledScopes", 13); +("extensions.autoDisableScopes", 2); // Disable the "know your rights" message -("browser.rights.3.shown", true); +("browser.rights.3.shown", true); // Home page -("startup.homepage_override_url", ""); -("startup.homepage_welcome_url", ""); +("startup.homepage_override_url", ""); +("startup.homepage_welcome_url", ""); // Do not check for default browser -("browser.shell.checkDefaultBrowser", false); +("browser.shell.checkDefaultBrowser", false); // Disable popup blocker // not that very useful anymore, and blocks legitim popups from SOGo -("dom.disable_open_during_load", false); +("dom.disable_open_during_load", false); // Block 3rd party cookies -("network.cookie.cookieBehavior", 1); +("network.cookie.cookieBehavior", 1); diff --git a/root/usr/share/mozilla-mcd/thunderbird.php b/root/usr/share/mozilla-mcd/thunderbird.php index 0f4e010..4fba2c6 100644 --- a/root/usr/share/mozilla-mcd/thunderbird.php +++ b/root/usr/share/mozilla-mcd/thunderbird.php @@ -19,6 +19,15 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV // user not found exit; } + $pref = TB_PREF; + // Don't lock pref if the user is member of admins + // regardless of the setting + foreach ($user[0]['posixmemberof'] as $group){ + if ($group == 'admins'){ + $pref = 'defaultPref'; + break; + } + } } else { exit; @@ -37,24 +46,24 @@ else { } // Local Account -("mail.account.account1.server", "server1"); -("mail.accountmanager.localfoldersserver", "server1"); -("mail.server.server1.directory-rel", "[ProfD]Mail/Local Folders"); -("mail.server.server1.hostname", "Local Folders"); -("mail.server.server1.name", "Dossiers locaux"); -("mail.server.server1.type", "none"); -("mail.server.server1.userName", "nobody"); +("mail.account.account1.server", "server1"); +("mail.accountmanager.localfoldersserver", "server1"); +("mail.server.server1.directory-rel", "[ProfD]Mail/Local Folders"); +("mail.server.server1.hostname", "Local Folders"); +("mail.server.server1.name", "Dossiers locaux"); +("mail.server.server1.type", "none"); +("mail.server.server1.userName", "nobody"); // SMTP config -("mail.smtp.defaultserver", "smtp1"); -("mail.smtpservers", "smtp1"); -("mail.smtpserver.smtp1.try_ssl", 3); -("mail.smtpserver.smtp1.port", ); -("mail.smtpserver.smtp1.hostname", ""); -("mail.smtpserver.smtp1.username", ""); +("mail.smtp.defaultserver", "smtp1"); +("mail.smtpservers", "smtp1"); +("mail.smtpserver.smtp1.try_ssl", 3); +("mail.smtpserver.smtp1.port", ); +("mail.smtpserver.smtp1.hostname", ""); +("mail.smtpserver.smtp1.username", ""); // Default account is acocunt2 (the personal account) -("mail.accountmanager.defaultaccount", "account2"); +("mail.accountmanager.defaultaccount", "account2"); // Personnal account -("mail.account.account2.server", "server"); -("mail.server.server2.hostname", ""); -("mail.server.server2.name", ""); -("mail.server.server2.port", ); -("mail.server.server2.socketType", 3); -("mail.server.server2.type", "imap"); -("mail.server.server2.userName", ""); +("mail.account.account2.server", "server"); +("mail.server.server2.hostname", ""); +("mail.server.server2.name", ""); +("mail.server.server2.port", ); +("mail.server.server2.socketType", 3); +("mail.server.server2.type", "imap"); +("mail.server.server2.userName", ""); -("mail.identity.id.fullName", ""); -("mail.identity.id.organization", ""); -("mail.identity.id.smtpServer", "smtp1"); -("mail.identity.id.useremail", ""); -("mail.identity.id.valid", true); +("mail.identity.id.fullName", ""); +("mail.identity.id.organization", ""); +("mail.identity.id.smtpServer", "smtp1"); +("mail.identity.id.useremail", ""); +("mail.identity.id.valid", true); defaultPref("mail.identity.id.fcc_folder", "imap://@/Sent"); defaultPref("mail.identity.id.draft_folder", "imap://@/Drafts"); defaultPref("mail.identity.id.stationery_folder", "imap://@/Templates"); @@ -95,20 +104,20 @@ $account++; $id++; } ?> -("mail.account.account2.identities", ""); -("mail.accountmanager.accounts", "account1,account2"); +("mail.account.account2.identities", ""); +("mail.accountmanager.accounts", "account1,account2"); // Disable auto updates -("app.update.enabled", false); -("app.update.auto", false); +("app.update.enabled", false); +("app.update.auto", false); // Extensions -("extensions.installDistroAddons", true); -("extensions.enabledScopes", 13); -("extensions.autoDisableScopes", 2); +("extensions.installDistroAddons", true); +("extensions.enabledScopes", 13); +("extensions.autoDisableScopes", 2); // Spam -("mail.adaptivefilters.junk_threshold", 500); +("mail.adaptivefilters.junk_threshold", 500); // Checks IMAP folders defaultPref("mail.check_all_imap_folders_for_new", true); @@ -125,14 +134,14 @@ defaultPref("mail.imap.expunge_threshold_number", 100); // Adds the domain from your email address to the // recipients email address if it doesn't have a domain -("mail.enable_autocomplete", true); +("mail.enable_autocomplete", true); // Hide useless messages -("mail.ui.show.migration.on.upgrade", false); -("app.update.showInstalledUI", false); -("browser.startup.homepage_override.mstone", "ignore"); -("mailnews.start_page_override.mstone", "ignore"); -("mail.rights.version", 1); +("mail.ui.show.migration.on.upgrade", false); +("app.update.showInstalledUI", false); +("browser.startup.homepage_override.mstone", "ignore"); +("mailnews.start_page_override.mstone", "ignore"); +("mail.rights.version", 1); Date: Sat, 8 Sep 2012 12:56:07 +0200 Subject: [PATCH 2/4] =?UTF-8?q?R=C3=A9cup=C3=A9rer=20la=20page=20d'accueil?= =?UTF-8?q?=20depuis=20LDAP,=20et=20contourne=20le=20r=C3=A9glage=20par=20?= =?UTF-8?q?d=C3=A9faut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- root/usr/share/mozilla-mcd/firefox.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/root/usr/share/mozilla-mcd/firefox.php b/root/usr/share/mozilla-mcd/firefox.php index fb70afc..86888e6 100644 --- a/root/usr/share/mozilla-mcd/firefox.php +++ b/root/usr/share/mozilla-mcd/firefox.php @@ -29,6 +29,10 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV break; } } + $url = HOME_URL; + if (preg_match('/^https?:\/\//', $user[0]['labeleduri'][0])) + $url = $user[0]['labeleduri'][0]; + } else { exit; @@ -49,13 +53,14 @@ else { // Home page +("browser.startup.homepage", "'..'"); +("browser.startup.page", 1); ("startup.homepage_override_url", ""); ("startup.homepage_welcome_url", ""); From 73ebc83d6301963b58f3e689984b4d0c4b7a8964 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Sat, 8 Sep 2012 13:13:22 +0200 Subject: [PATCH 3/4] Liste des groupes pour lesquels on ne force pas la configuration depuis la DB --- .../e-smith/db/configuration/defaults/mozilla-mcd/NoEnforceGroups | 1 + root/etc/e-smith/templates/usr/share/mozilla-mcd/conf.php/10All | 8 +++++++- root/usr/share/mozilla-mcd/firefox.php | 4 ++-- root/usr/share/mozilla-mcd/thunderbird.php | 4 ++-- 4 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 root/etc/e-smith/db/configuration/defaults/mozilla-mcd/NoEnforceGroups diff --git a/root/etc/e-smith/db/configuration/defaults/mozilla-mcd/NoEnforceGroups b/root/etc/e-smith/db/configuration/defaults/mozilla-mcd/NoEnforceGroups new file mode 100644 index 0000000..9380a69 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/mozilla-mcd/NoEnforceGroups @@ -0,0 +1 @@ +admins diff --git a/root/etc/e-smith/templates/usr/share/mozilla-mcd/conf.php/10All b/root/etc/e-smith/templates/usr/share/mozilla-mcd/conf.php/10All index 4a74f2d..7defc76 100644 --- a/root/etc/e-smith/templates/usr/share/mozilla-mcd/conf.php/10All +++ b/root/etc/e-smith/templates/usr/share/mozilla-mcd/conf.php/10All @@ -7,6 +7,12 @@ my $ldapbase = esmith::util::ldapBase ($DomainName); my $tbpref = ((${'mozilla-mcd'}{'TBEnforce'} || 'disabled') =~ m/^enabled|on|1|yes$/) ? "lockPref":"defaultPref"; my $ffpref = ((${'mozilla-mcd'}{'FFEnforce'} || 'disabled') =~ m/^enabled|on|1|yes$/) ? "lockPref":"defaultPref"; my $url = ${'mozilla-mcd'}{'HomeURL'} || 'https://auth.' . "$DomainName"; +my $noenforcegroups = ${'mozilla-mcd'}{'NoEnforceGroups'} || ''; +# Format as a PHP array +$noenforcegroups =~ s/^,+|,+$//g; +$noenforcegroups =~ s/^/'/g; +$noenforcegroups =~ s/$/'/g; +$noenforcegroups =~ s/[;,]/','/g; $OUT .=<<"EOF"; @@ -20,7 +26,7 @@ define('LDAP_SERVER', 'localhost'); define('TB_PREF', '$tbpref'); define('FF_PREF', '$ffpref'); define('HOME_URL', '$url'); - +\$NOENFORCEGROUPS = array($noenforcegroups); EOF diff --git a/root/usr/share/mozilla-mcd/firefox.php b/root/usr/share/mozilla-mcd/firefox.php index 86888e6..b48fe01 100644 --- a/root/usr/share/mozilla-mcd/firefox.php +++ b/root/usr/share/mozilla-mcd/firefox.php @@ -21,10 +21,10 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV exit; } $pref = FF_PREF; - // Don't lock pref if the user is member of admins + // Don't lock pref if the user is member of some special groups // regardless of the setting foreach ($user[0]['posixmemberof'] as $group){ - if ($group == 'admins'){ + if (in_array($group, $NOENFORCEGROUPS)){ $pref = 'defaultPref'; break; } diff --git a/root/usr/share/mozilla-mcd/thunderbird.php b/root/usr/share/mozilla-mcd/thunderbird.php index 4fba2c6..3b15086 100644 --- a/root/usr/share/mozilla-mcd/thunderbird.php +++ b/root/usr/share/mozilla-mcd/thunderbird.php @@ -20,10 +20,10 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV exit; } $pref = TB_PREF; - // Don't lock pref if the user is member of admins + // Don't lock pref if the user is member of some special groups // regardless of the setting foreach ($user[0]['posixmemberof'] as $group){ - if ($group == 'admins'){ + if (in_array($group, $NOENFORCEGROUPS)){ $pref = 'defaultPref'; break; } From 970153eec104211293c27f48668016b5b74b482d Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Sat, 8 Sep 2012 14:51:50 +0200 Subject: [PATCH 4/4] =?UTF-8?q?Mise=20=C3=A0=20jour=20du=20fichier=20spec?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ipasserelle-gp.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ipasserelle-gp.spec b/ipasserelle-gp.spec index 07d79e8..94965aa 100644 --- a/ipasserelle-gp.spec +++ b/ipasserelle-gp.spec @@ -1,4 +1,4 @@ -%define version 0.2.14 +%define version 0.2.15 %define release 1 %define name ipasserelle-gp @@ -26,7 +26,13 @@ Ce paquet permet de gérer un parc de machines sous MS Windows Basé sur WPKG et d'autres outils %changelog -* Fri Sep 6 2012 Daniel Berteaud - 0.2.14-1 +* Sat Sep 8 2012 Daniel Berteaud - 0.2.15-1 +- Don't enforce Firefox or Thunderbird config for members of + specified groups +- Get the home URL from LDAP if it's set +- Make defaultPref for home URL works + +* Fri Sep 7 2012 Daniel Berteaud - 0.2.14-1 - small improvments in Thunderbird auto config * Thu Sep 6 2012 Daniel Berteaud - 0.2.13-1