diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/network/connection.pm | 13 | ||||
| -rw-r--r-- | lib/network/connection/ethernet.pm | 51 | ||||
| -rw-r--r-- | lib/network/connection/wireless.pm | 38 | ||||
| -rw-r--r-- | lib/network/connection_manager.pm | 2 | ||||
| -rw-r--r-- | lib/network/connection_manager/gtk.pm | 26 | ||||
| -rw-r--r-- | lib/network/drakconnect/edit.pm | 207 | ||||
| -rw-r--r-- | lib/network/drakconnect/global.pm | 36 | ||||
| -rw-r--r-- | lib/network/drakfirewall.pm | 54 | ||||
| -rw-r--r-- | lib/network/drakfirewall6.pm | 393 | ||||
| -rwxr-xr-x | lib/network/drakroam.pm | 26 | ||||
| -rw-r--r-- | lib/network/drakvpn.pm | 4 | ||||
| -rw-r--r-- | lib/network/monitor.pm | 4 | ||||
| -rw-r--r-- | lib/network/net_applet/.perl_checker | 1 | ||||
| -rw-r--r-- | lib/network/net_applet/ifw.pm | 15 | ||||
| -rwxr-xr-x | lib/network/netcenter.pm | 18 | ||||
| -rw-r--r-- | lib/network/network.pm | 20 | ||||
| -rw-r--r-- | lib/network/nfs.pm | 52 | ||||
| -rw-r--r-- | lib/network/shorewall.pm | 80 | ||||
| -rw-r--r-- | lib/network/shorewall6.pm | 251 | ||||
| -rw-r--r-- | lib/network/signal_strength.pm | 4 | ||||
| -rw-r--r-- | lib/network/squid.pm | 6 | ||||
| -rw-r--r-- | lib/network/tools.pm | 40 | ||||
| -rw-r--r-- | lib/network/vpn.pm | 3 |
23 files changed, 1006 insertions, 338 deletions
diff --git a/lib/network/connection.pm b/lib/network/connection.pm index 5cab3ac..495cfd1 100644 --- a/lib/network/connection.pm +++ b/lib/network/connection.pm @@ -246,11 +246,19 @@ sub guess_control_settings { sub get_control_settings { my ($self) = @_; + + my %nm_controlled_modes = ( + undef => N_("Automatic"), + 0 => N_("No"), + 1 => N_("Yes"), + ); + [ { text => N("Allow users to manage the connection"), val => \$self->{control}{userctl}, type => "bool" }, { text => N("Start the connection at boot"), val => \$self->{control}{onboot}, type => "bool" }, { text => N("Enable traffic accounting"), val => \$self->{control}{accounting}, type => "bool" }, - { text => N("Allow interface to be controlled by Network Manager"), val => \$self->{control}{nm_controlled}, type => "bool" }, + { label => N("Allow interface to be controlled by Network Manager"), val => \$self->{control}{nm_controlled}, list => [ keys %nm_controlled_modes ], + sort => 1, format => sub { translate($nm_controlled_modes{$_[0]}) } }, { label => N("Metric"), val => \$self->{control}{metric}, advanced => 1 }, { label => N("MTU"), val => \$self->{control}{mtu}, advanced => 1, help => N("Maximum size of network message (MTU). If unsure, left blank.") }, @@ -269,7 +277,8 @@ sub build_ifcfg_settings { DEVICE => $self->get_interface, ONBOOT => bool2yesno($self->{control}{onboot}), ACCOUNTING => bool2yesno($self->{control}{accounting}), - NM_CONTROLLED => bool2yesno($self->{control}{nm_controlled}), + # Only write NM_CONTROLLED if we absolutely know it's value + if_(defined $self->{control}{nm_controlled} && 'undef' ne $self->{control}{nm_controlled}, NM_CONTROLLED => bool2yesno($self->{control}{nm_controlled})), USERCTL => bool2yesno($self->{control}{userctl}), METRIC => $self->{control}{metric}, MTU => $self->{control}{mtu}, diff --git a/lib/network/connection/ethernet.pm b/lib/network/connection/ethernet.pm index a4023a1..0450149 100644 --- a/lib/network/connection/ethernet.pm +++ b/lib/network/connection/ethernet.pm @@ -112,8 +112,8 @@ sub guess_protocol { sub guess_address_settings { my ($self) = @_; $self->{address}{dhcp_client} ||= find { -x "$::prefix/sbin/$_" } @dhcp_clients; - $self->{address}{peerdns} = 1 if !defined $self->{address}{peerdns}; - $self->{address}{peeryp} = 1 if !defined $self->{address}{peeryp}; + $self->{address}{peerdns} //= 1; + $self->{address}{peeryp} //= 1; $self->supplement_address_settings; } @@ -204,7 +204,7 @@ sub check_address_settings { sub guess_hostname_settings { my ($self) = @_; - $self->{address}{needhostname} = 0 if !defined $self->{address}{needhostname}; + $self->{address}{needhostname} //= 0; if (!defined $self->{address}{hostname}) { require network::network; my $network = network::network::read_conf($::prefix . $network::network::network_file); @@ -233,7 +233,7 @@ sub guess_control_settings { $self->network::connection::guess_control_settings($self); - $self->{control}{onboot} = 1 if !defined $self->{control}{onboot}; + $self->{control}{onboot} //= 1; $self->{control}{use_ifplugd} = !is_ifplugd_blacklisted($self->get_driver) if !defined $self->{control}{use_ifplugd}; } @@ -274,7 +274,7 @@ sub build_ifcfg_settings { DHCP_HOSTNAME => $self->{address}{dhcp_hostname}, DHCP_TIMEOUT => $self->{address}{dhcp_timeout}, MII_NOT_SUPPORTED => bool2yesno(!$self->{control}{use_ifplugd}), - IPV6INIT => bool2yesno($self->{control}{ipv6_tunnel}), + IPV6INIT => 'yes', IPV6TO4INIT => bool2yesno($self->{control}{ipv6_tunnel}), DNS1 => $self->{address}{dns1}, DNS2 => $self->{address}{dns2}, @@ -294,8 +294,6 @@ sub write_settings { } } $self->SUPER::write_settings($o_net, $o_modules_conf); - # update udev configuration - update_udev_net_config(); } sub get_status_message { @@ -491,43 +489,6 @@ sub get_eth_card_mac_address { `$::prefix/sbin/ip -o link show $intf 2>/dev/null` =~ m|.*link/(\S+)\s((?:[0-9a-f]{2}:?)+)\s|; } -#- write interfaces MAC address in iftab -sub update_iftab() { - #- skip aliases and vlan interfaces - foreach my $intf (grep { network::tools::is_real_interface($_) } detect_devices::get_lan_interfaces()) { - my ($link_type, $mac_address) = get_eth_card_mac_address($intf) or next; - #- do not write zeroed MAC addresses in iftab, it confuses ifrename - $mac_address =~ /^[0:]+$/ and next; - # ifrename supports alsa IEEE1394, EUI64 and IRDA - member($link_type, 'ether', 'ieee1394', 'irda', '[27]') or next; - substInFile { - s/^$intf\s+.*\n//; - s/^.*\s+$mac_address\n//; - $_ .= qq($intf mac $mac_address\n) if eof; - } "$::prefix/etc/iftab"; - } -} - -sub update_udev_net_config() { - my $net_name_helper = "/lib/udev/write_net_rules"; - my $udev_net_config = "$::prefix/etc/udev/rules.d/70-persistent-net.rules"; - my @old_config = cat_($udev_net_config); - #- skip aliases and vlan interfaces - foreach my $intf (grep { network::tools::is_real_interface($_) } detect_devices::get_lan_interfaces()) { - (undef, my $mac_address) = get_eth_card_mac_address($intf) or next; - #- do not write zeroed MAC addresses - $mac_address =~ /^[0:]+$/ and next; - #- skip already configured addresses - any { !/^\s*#/ && /"$mac_address"/ } @old_config and next; - my $type = cat_("/sys/class/net/$intf/type") =~ /^\d+$/; - local $ENV{MATCHIFTYPE} = $type if $type; - local $ENV{INTERFACE} = $intf; - local $ENV{MATCHADDR} = $mac_address; - local $ENV{COMMENT} = "Drakx-net rule for $intf ($mac_address)"; - run_program::rooted($::prefix, $net_name_helper, '>', '/dev/null', $mac_address); - } -} - # automatic net aliases configuration sub configure_eth_aliases { my ($modules_conf) = @_; @@ -535,8 +496,6 @@ sub configure_eth_aliases { $modules_conf->set_alias($card->[0], $card->[1]); } $::isStandalone and $modules_conf->write; - update_iftab(); - update_udev_net_config(); } sub get_link_detection_delay { diff --git a/lib/network/connection/wireless.pm b/lib/network/connection/wireless.pm index 6267398..9b58970 100644 --- a/lib/network/connection/wireless.pm +++ b/lib/network/connection/wireless.pm @@ -77,9 +77,9 @@ my %eap_vars = ( eapol_flags => 0, proactive_key_caching => 0, peerkey => 0, - ca_path => 0, - private_key => 0, - private_key_passwd => 0, + ca_path => 2, + private_key => 2, + private_key_passwd => 2, dh_file => 0, altsubject_match => 0, phase1 => 0, @@ -137,7 +137,18 @@ my @thirdparty_settings = ( }, sleep => 1, }; - } ([ 3945, '-2' ], [ 4965, '-2' ], [ 'wifi', '-5', 5000, 'agn' ])), + } ([ 3945, '-2' ], [ 4965, '-2' ])), + + { + name => "iwlwifi", + description => "Intel(R) PRO/Wireless AGN", + url => "http://intellinuxwireless.org/", + firmware => { + package => "iwlwifi-firmware", + test_file => "iwlwifi-5000-5.ucode", + }, + sleep => 1, + }, { name => 'p54pci', @@ -514,6 +525,7 @@ only used for EAP certificate based authentication. It could be considered as the alternative to username/password combo. Note: other related settings are shown on the Advanced page.") }, { label => N("EAP client private key password"), val => \$self->{access}{network}{eap_private_key_passwd}, + hidden => sub { $self->{hide_passwords} }, disabled => sub { $self->{access}{network}{encryption} ne 'wpa-eap' }, help => N("The complete password for the client private key. This is only used for EAP certificate based authentication. This password @@ -687,7 +699,7 @@ sub build_ifcfg_settings { my $settings = { WIRELESS_MODE => $self->{access}{network}{mode}, if_($self->need_wpa_supplicant, - WIRELESS_WPA_DRIVER => wpa_supplicant_get_driver($self->get_driver), + WIRELESS_WPA_DRIVER => 'nl80211,wext', WIRELESS_WPA_REASSOCIATE => bool2yesno($self->need_wpa_supplicant_reassociate), MII_NOT_SUPPORTED => 'no', ), @@ -696,6 +708,9 @@ sub build_ifcfg_settings { WIRELESS_ENC_KEY => convert_wep_key_for_iwconfig($self->{access}{network}{key}, $self->{access}{network}{force_ascii_key})), if_(member($self->{access}{network}{encryption}, qw(open restricted)), WIRELESS_ENC_MODE => $self->{access}{network}{encryption}), + if_($self->{access}{network}{encryption} eq 'wpa-psk', + KEY_MGMT => 'WPA-PSK', + WPA_PSK => $self->{access}{network}{key}), if_($self->need_rt2x00_iwpriv, #- use iwpriv for WPA with rt2400/rt2500 drivers, they don't plan to support wpa_supplicant WIRELESS_IWPRIV => qq(set AuthMode=WPAPSK @@ -905,15 +920,6 @@ sub wlan_ng_configure { services::restart($module eq 'prism2_cs' ? 'pcmcia' : 'wlan'); } -sub wpa_supplicant_get_driver { - my ($module) = @_; - $module =~ /^hostap_/ ? "hostap" : - $module eq "prism54" ? "prism54" : - $module =~ /^ath_/ ? "madwifi" : - $module =~ /^at76c50|atmel_/ ? "atmel" : - "wext"; -} - sub wpa_supplicant_add_network { my ($ui_input) = @_; my $conf = wpa_supplicant_read_conf(); @@ -977,7 +983,7 @@ sub wpa_supplicant_read_conf() { push @conf, $network; undef $network; } - } elsif (/^\s*network={/) { + } elsif (/^\s*network=\{/) { #- beginning of a new network block $network = {}; } @@ -1027,7 +1033,7 @@ sub wpa_supplicant_write_conf { push @{$network->{entries}}, { comment => $_ }; } } else { - if (/^\s*network={/) { + if (/^\s*network=\{/) { #- beginning of a new network block $network = {}; } else { diff --git a/lib/network/connection_manager.pm b/lib/network/connection_manager.pm index 6096c13..24bb998 100644 --- a/lib/network/connection_manager.pm +++ b/lib/network/connection_manager.pm @@ -222,7 +222,7 @@ sub stop_connection { sub monitor_connection { my ($cmanager) = @_; my $interface = $cmanager->{connection} && $cmanager->{connection}->get_interface or return; - $cmanager->{in}->do_pkgs->install('net_monitor'); + $cmanager->{in}->do_pkgs->ensure_binary_is_installed(qw(net_monitor net_monitor)); run_program::raw({ detach => 1 }, '/usr/bin/net_monitor', '--defaultintf', $interface); } diff --git a/lib/network/connection_manager/gtk.pm b/lib/network/connection_manager/gtk.pm index 8fe7851..5eb73ef 100644 --- a/lib/network/connection_manager/gtk.pm +++ b/lib/network/connection_manager/gtk.pm @@ -5,9 +5,9 @@ use base qw(network::connection_manager); use strict; use common; -use mygtk2; -use ugtk2 qw(:create :helpers :wrappers); -use Gtk2::SimpleList; +use mygtk3; +use ugtk3 qw(:create :helpers :wrappers); +use Gtk3::SimpleList; use network::signal_strength; use locale; # for cmp @@ -27,16 +27,16 @@ sub new { sub start_connection { my ($cmanager) = @_; - gtkset_mousecursor_wait($cmanager->{gui}{w}{window}->window); + gtkset_mousecursor_wait($cmanager->{gui}{w}{window}->get_window); $cmanager->SUPER::start_connection; - gtkset_mousecursor_normal($cmanager->{gui}{w}{window}->window); + gtkset_mousecursor_normal($cmanager->{gui}{w}{window}->get_window); } sub stop_connection { my ($cmanager) = @_; - gtkset_mousecursor_wait($cmanager->{gui}{w}{window}->window); + gtkset_mousecursor_wait($cmanager->{gui}{w}{window}->get_window); $cmanager->SUPER::stop_connection; - gtkset_mousecursor_normal($cmanager->{gui}{w}{window}->window); + gtkset_mousecursor_normal($cmanager->{gui}{w}{window}->get_window); } sub select_network { @@ -57,7 +57,7 @@ sub create_networks_list { return; } - $cmanager->{gui}{networks_list} = Gtk2::SimpleList->new( + $cmanager->{gui}{networks_list} = Gtk3::SimpleList->new( "AP" => "hidden", '' => "pixbuf", N("SSID") => "text", @@ -122,11 +122,11 @@ sub update_on_status_change { $cmanager->{connection} && ( !$cmanager->{connection}->can('get_networks') || $cmanager->{connection}->get_status || #- always allow to disconnect if connected - $cmanager->{connection}{network} + $cmanager->{connection}{network} || 0 )); } - $cmanager->{gui}{buttons}{connect_start}->set_sensitive($cmanager->{connection} && (!$cmanager->{connection}->get_status || $cmanager->{connection}{network})) + $cmanager->{gui}{buttons}{connect_start}->set_sensitive($cmanager->{connection} && (!$cmanager->{connection}->get_status || $cmanager->{connection}{network}) || 0) if $cmanager->{gui}{buttons}{connect_start}; $cmanager->{gui}{buttons}{connect_stop}->set_sensitive($cmanager->{connection} && $cmanager->{connection}->get_status) if $cmanager->{gui}{buttons}{connect_stop}; @@ -150,7 +150,7 @@ sub update_on_status_change { if ($cmanager->{gui}{status_image} && $cmanager->{connection}) { my $icon = $cmanager->{connection}->get_status_icon; - ugtk2::_find_imgfile($icon) or $icon = $cmanager->{connection}->get_type_icon; + ugtk3::_find_imgfile($icon) or $icon = $cmanager->{connection}->get_type_icon; gtkset($cmanager->{gui}{status_image}, file => $icon); } } @@ -186,7 +186,7 @@ sub update_networks_list { if ($cmanager->{gui}{show_unique_network}) { gtkset($cmanager->{gui}{networks_list}, children => [ 1, $network_name, - 0, Gtk2::Image->new_from_pixbuf($strength_pixbuf), + 0, Gtk3::Image->new_from_pixbuf($strength_pixbuf), ]); $cmanager->{connection}{network} = $network_name; } else { @@ -210,7 +210,7 @@ sub update_networks_list { sub setup_dbus_handlers { my ($cmanagers, $connections, $on_network_event, $dbus) = @_; network::connection_manager::setup_dbus_handlers($cmanagers, $connections, $on_network_event, $dbus); - dbus_object::set_gtk2_watch_helper($dbus); + dbus_object::set_gtk3_watch_helper($dbus); } 1; diff --git a/lib/network/drakconnect/edit.pm b/lib/network/drakconnect/edit.pm index 8132368..568fe7d 100644 --- a/lib/network/drakconnect/edit.pm +++ b/lib/network/drakconnect/edit.pm @@ -1,8 +1,8 @@ package network::drakconnect::edit; use lib qw(/usr/lib/libDrakX); # helps perl_checker -use ugtk2 qw(:create :dialogs :helpers :wrappers); -use mygtk2 qw(gtknew); +use ugtk3 qw(:create :dialogs :helpers :wrappers); +use mygtk3 qw(gtknew); use common; use detect_devices; use run_program; @@ -18,13 +18,13 @@ sub manage { my $p = {}; my ($interface_menu, $selected, $apply_button); - my $window = ugtk2->new('Manage Connection'); + my $window = ugtk3->new('Manage Connection'); unless ($::isEmbedded) { $window->{rwindow}->set_position('center'); $window->{rwindow}->set_title(N("Manage connections")); # translation availlable in mcc domain => we need merging } - my $notebook = Gtk2::Notebook->new; + my $notebook = Gtk3::Notebook->new; $notebook->set_property('show-tabs', 0); $notebook->set_property('show-border', 0); @@ -46,10 +46,10 @@ sub manage { }; } - $window->{rwindow}->add(gtkpack_(Gtk2::VBox->new, - 0, gtkpack__(Gtk2::HBox->new, + $window->{rwindow}->add(gtkpack_(Gtk3::VBox->new, + 0, gtkpack__(Gtk3::HBox->new, gtknew('Label', text => N("Device: "), alignment => [ 0, 0 ]), - $interface_menu = gtksignal_connect(Gtk2::ComboBox->new_text, + $interface_menu = gtksignal_connect(Gtk3::ComboBoxText->new, changed => sub { $selected = $interface_menu->get_text; $notebook->set_current_page($p->{$selected}{gui}{index}); @@ -59,13 +59,13 @@ sub manage { 1, $notebook, 0, create_okcancel(my $oc = { - cancel_clicked => sub { $window->destroy; Gtk2->main_quit }, + cancel_clicked => sub { $window->destroy; Gtk3->main_quit }, ok_clicked => sub { if ($apply_button->get_property('sensitive')) { save($in, $net, $modules_conf, $p, $apply_button); } $window->destroy; - Gtk2->main_quit; + Gtk3->main_quit; }, }, undef, undef, '', @@ -82,7 +82,7 @@ sub manage { $p->{$name}{intf} ||= { DEVICE => $interface }; build_tree($in, $net, $p->{$name}{intf}, $name); build_notebook($net, \@all_cards, $p->{$name}{intf}, $p->{$name}{gui}, $apply_button, $name, $interface); - $notebook->append_page(gtkpack(Gtk2::VBox->new(0,0), $p->{$name}{gui}{notebook})); + $notebook->append_page(gtkpack(Gtk3::VBox->new(0,0), $p->{$name}{gui}{notebook})); } (sort keys %$p); $interface_menu->set_popdown_strings(sort keys %$p); @@ -126,16 +126,16 @@ sub build_notebook { my $apply = sub { $apply_button->set_sensitive(1) }; my $is_ethernet = detect_devices::is_lan_interface($interface); - my $size_group = Gtk2::SizeGroup->new('horizontal'); + my $size_group = Gtk3::SizeGroup->new('horizontal'); if ($intf->{pages}{'TCP/IP'}) { - gtkpack__($gui->{sheet}{'TCP/IP'} = gtkset_border_width(Gtk2::VBox->new(0,10), 5), + gtkpack__($gui->{sheet}{'TCP/IP'} = gtkset_border_width(Gtk3::VBox->new(0,10), 5), gtknew('Title2', label => N("IP configuration")), if_($is_ethernet, - gtkpack(Gtk2::HBox->new(1,0), + gtkpack(Gtk3::HBox->new(1,0), gtknew('Label_Left', text => N("Protocol")), - $gui->{intf}{BOOTPROTO} = gtksignal_connect(Gtk2::ComboBox->new_text, changed => sub { - return if !$_[0]->realized; + $gui->{intf}{BOOTPROTO} = gtksignal_connect(Gtk3::ComboBoxText->new, changed => sub { + return if !$_[0]->get_realized; my $proto = $gui->{intf}{BOOTPROTO}; my $protocol = $intf->{BOOTPROTO} = { reverse %{$proto->{protocols}} }->{$proto->get_text}; @@ -148,20 +148,20 @@ sub build_notebook { ), ), ), - gtkpack(Gtk2::HBox->new(1,0), + gtkpack(Gtk3::HBox->new(1,0), gtknew('Label_Left', text => N("IP address")), - gtksignal_connect($gui->{intf}{IPADDR} = Gtk2::Entry->new, + gtksignal_connect($gui->{intf}{IPADDR} = Gtk3::Entry->new, key_press_event => $apply), ), - gtkpack(Gtk2::HBox->new(1,0), + gtkpack(Gtk3::HBox->new(1,0), gtknew('Label_Left', text => N("Netmask")), - gtksignal_connect($gui->{intf}{NETMASK} = Gtk2::Entry->new, + gtksignal_connect($gui->{intf}{NETMASK} = Gtk3::Entry->new, key_press_event => $apply), ), if_($is_ethernet, - gtkpack(Gtk2::HBox->new(1,0), + gtkpack(Gtk3::HBox->new(1,0), gtknew('Label_Left', text => N("Gateway")), - gtksignal_connect($gui->{network}{GATEWAY} = Gtk2::Entry->new, + gtksignal_connect($gui->{network}{GATEWAY} = Gtk3::Entry->new, key_press_event => $apply), ), ), @@ -170,7 +170,7 @@ sub build_notebook { $intf->{dns2} || $net->{resolv}{dnsServer2}, $intf->{dns3} || $net->{resolv}{dnsServer3}), ), - gtkpack(Gtk2::HBox->new(1,0), + gtkpack(Gtk3::HBox->new(1,0), gtknew('Label_Left', text => N("Search Domain")), my $w2 = gtknew('Label_Left', text => $intf->{domain} || $net->{resolv}{DOMAINNAME} || 'none'), ), @@ -190,48 +190,51 @@ sub build_notebook { delete $gui->{intf}{BOOTPROTO}; } !$intf->{IPADDR} and ($intf->{IPADDR}, $gui->{active}, $intf->{NETMASK}) = network::drakconnect::get_intf_ip($net, $interface_name); - $gui->{network}{$_}->set_text($net->{network}{$_}) foreach keys %{$gui->{network}}; + # Disabled for now as it fails with text empty in Cauldron as of 2018Sep24 when launched with drakconnect --skip-wizard + #$gui->{network}{$_}->set_text($net->{network}{$_}) foreach keys %{$gui->{network}}; } if ($intf->{pages}{DHCP}) { - gtkpack(gtkset_border_width($gui->{sheet}{DHCP} = Gtk2::HBox->new(0,10), 5), - gtkpack__(gtkset_border_width(Gtk2::VBox->new(0,10), 5), - gtkpack__(Gtk2::HBox->new(1,0), + gtkpack(gtkset_border_width($gui->{sheet}{DHCP} = Gtk3::HBox->new(0,10), 5), + gtkpack__(gtkset_border_width(Gtk3::VBox->new(0,10), 5), + gtkpack__(Gtk3::HBox->new(1,0), gtknew('Label_Left', text => N("DHCP client")), - gtksignal_connect($gui->{intf}{DHCP_CLIENT} = Gtk2::ComboBox->new_with_strings(\@network::connection::ethernet::dhcp_clients, + gtksignal_connect($gui->{intf}{DHCP_CLIENT} = Gtk3::ComboBox->new_with_strings(\@network::connection::ethernet::dhcp_clients, $intf->{DHCP_CLIENT} || $network::connection::ethernet::dhcp_clients[0]), changed => $apply)), - gtksignal_connect($gui->{intf_bool}{NEEDHOSTNAME} = Gtk2::CheckButton->new(N("Assign host name from DHCP server (or generate a unique one)")), toggled => $apply), - gtkpack__(Gtk2::HBox->new(1,0), + gtksignal_connect($gui->{intf_bool}{NEEDHOSTNAME} = Gtk3::CheckButton->new(N("Assign host name from DHCP server (or generate a unique one)")), toggled => $apply), + gtkpack__(Gtk3::HBox->new(1,0), gtknew('Label_Left', text => N("DHCP host name")), - gtksignal_connect($gui->{intf}{DHCP_HOSTNAME} = Gtk2::Entry->new, + gtksignal_connect($gui->{intf}{DHCP_HOSTNAME} = Gtk3::Entry->new, key_press_event => $apply)), - gtkpack__(Gtk2::HBox->new(1,0), + gtkpack__(Gtk3::HBox->new(1,0), gtknew('Label_Left', text => N("DHCP timeout (in seconds)")), - gtksignal_connect($gui->{intf}{DHCP_TIMEOUT} = Gtk2::Entry->new, + gtksignal_connect($gui->{intf}{DHCP_TIMEOUT} = Gtk3::Entry->new, key_press_event => $apply)), - gtksignal_connect($gui->{intf_bool}{PEERDNS} = Gtk2::CheckButton->new(N("Get DNS servers from DHCP")), toggled => $apply), - gtksignal_connect($gui->{intf_bool}{PEERYP} = Gtk2::CheckButton->new(N("Get YP servers from DHCP")), toggled => $apply), - gtksignal_connect($gui->{intf_bool}{PEERNTPD} = Gtk2::CheckButton->new(N("Get NTPD servers from DHCP")), toggled => $apply), + gtksignal_connect($gui->{intf_bool}{PEERDNS} = Gtk3::CheckButton->new(N("Get DNS servers from DHCP")), toggled => $apply), + gtksignal_connect($gui->{intf_bool}{PEERYP} = Gtk3::CheckButton->new(N("Get YP servers from DHCP")), toggled => $apply), + gtksignal_connect($gui->{intf_bool}{PEERNTPD} = Gtk3::CheckButton->new(N("Get NTPD servers from DHCP")), toggled => $apply), ), ); foreach (qw(NEEDHOSTNAME PEERDNS)) { #- default these settings to yes defined $intf->{$_} or $intf->{$_} = "yes"; } - $gui->{intf}{$_}->set_text($intf->{$_}) foreach qw(DHCP_HOSTNAME DHCP_TIMEOUT); + foreach (qw(DHCP_HOSTNAME DHCP_TIMEOUT)) { + $intf->{$_} and $gui->{intf}{$_}->set_text($intf->{$_}); + } $gui->{intf_bool}{$_}->set_active(text2bool($intf->{$_})) foreach qw(NEEDHOSTNAME PEERDNS PEERYP PEERNTPD); $gui->{intf}{DHCP_CLIENT}->set_text($intf->{DHCP_CLIENT}); $gui->{sheet}{DHCP}->set_sensitive($intf->{BOOTPROTO} eq 'dhcp'); } - my $size_group2 = Gtk2::SizeGroup->new('horizontal'); + my $size_group2 = Gtk3::SizeGroup->new('horizontal'); $size_group2->add_widget($_) foreach $gui->{intf}{DHCP_HOSTNAME}, $gui->{intf}{DHCP_TIMEOUT}, $gui->{intf}{DHCP_CLIENT}; if ($intf->{pages}{Wireless}) { - gtkpack(gtkset_border_width($gui->{sheet}{Wireless} = Gtk2::HBox->new(0,10), 5), - gtkpack_(Gtk2::VBox->new(0,0), - map { (0, gtkpack_(Gtk2::VBox->new(0,0), - 1, Gtk2::Label->new($_->[0]), - 0, gtksignal_connect($gui->{intf}{$_->[1]} = Gtk2::Entry->new, + gtkpack(gtkset_border_width($gui->{sheet}{Wireless} = Gtk3::HBox->new(0,10), 5), + gtkpack_(Gtk3::VBox->new(0,0), + map { (0, gtkpack_(Gtk3::VBox->new(0,0), + 1, Gtk3::Label->new($_->[0]), + 0, gtksignal_connect($gui->{intf}{$_->[1]} = Gtk3::Entry->new, key_press_event => $apply), )); } ([ N("Operating Mode"), "WIRELESS_MODE" ], @@ -242,11 +245,11 @@ sub build_notebook { [ N("Bitrate (in b/s)"), "WIRELESS_RATE" ] ), ), - Gtk2::VSeparator->new, - gtkpack_(Gtk2::VBox->new(0,0), - map { (0, gtkpack_(Gtk2::VBox->new(0,0), - 1, Gtk2::Label->new($_->[0]), - 0, gtksignal_connect($gui->{intf}{$_->[1]} = Gtk2::Entry->new, + Gtk3::VSeparator->new, + gtkpack_(Gtk3::VBox->new(0,0), + map { (0, gtkpack_(Gtk3::VBox->new(0,0), + 1, Gtk3::Label->new($_->[0]), + 0, gtksignal_connect($gui->{intf}{$_->[1]} = Gtk3::Entry->new, key_press_event => $apply), )); } ([ N("Encryption key"), 'WIRELESS_ENC_KEY' ], @@ -261,37 +264,37 @@ sub build_notebook { } if ($intf->{pages}{Options}) { - gtkpack__(gtkset_border_width($gui->{sheet}{Options} = Gtk2::VBox->new(0,10), 5), - $gui->{intf_bool}{ONBOOT} = gtksignal_connect(Gtk2::CheckButton->new(N("Start at boot")), + gtkpack__(gtkset_border_width($gui->{sheet}{Options} = Gtk3::VBox->new(0,10), 5), + $gui->{intf_bool}{ONBOOT} = gtksignal_connect(Gtk3::CheckButton->new(N("Start at boot")), toggled => $apply), if_($is_ethernet, - map { ($gui->{intf_bool}{$_->[0]} = gtksignal_connect(Gtk2::CheckButton->new($_->[1]), + map { ($gui->{intf_bool}{$_->[0]} = gtksignal_connect(Gtk3::CheckButton->new($_->[1]), toggled => $apply)); } ( [ "MII_NOT_SUPPORTED", N("Network Hotplugging") ], ), ), if_($interface eq 'isdn', - gtkpack(Gtk2::HBox->new(0,0), - gtkpack__(Gtk2::VBox->new(0,0), - Gtk2::Label->new(N("Dialing mode")), + gtkpack(Gtk3::HBox->new(0,0), + gtkpack__(Gtk3::VBox->new(0,0), + Gtk3::Label->new(N("Dialing mode")), my @dialing_mode_radio = gtkradio(("auto") x 2, "manual"), ), - Gtk2::VSeparator->new, - gtkpack__(Gtk2::VBox->new(0,0), - Gtk2::Label->new(N("Connection speed")), + Gtk3::VSeparator->new, + gtkpack__(Gtk3::VBox->new(0,0), + Gtk3::Label->new(N("Connection speed")), my @speed_radio = gtkradio(("64 Kb/s") x 2, "128 Kb/s"), ), ), - gtkpack__(Gtk2::HBox->new(0,5), - Gtk2::Label->new(N("Connection timeout (in sec)")), - gtksignal_connect($gui->{intf}{huptimeout} = Gtk2::Entry->new, + gtkpack__(Gtk3::HBox->new(0,5), + Gtk3::Label->new(N("Connection timeout (in sec)")), + gtksignal_connect($gui->{intf}{huptimeout} = Gtk3::Entry->new, key_press_event => $apply), ), ), - gtkpack__(Gtk2::HBox->new(0,1), + gtkpack__(Gtk3::HBox->new(0,1), gtknew('Label_Left', text => N("Metric")), - gtksignal_connect(gtkset_text($gui->{intf}{METRIC} = Gtk2::Entry->new, $intf->{METRIC}), + gtksignal_connect(gtkset_text($gui->{intf}{METRIC} = Gtk3::Entry->new, $intf->{METRIC} || ''), key_press_event => $apply)), ); @@ -307,16 +310,16 @@ sub build_notebook { if ($interface_name =~ /^speedtouch|sagem$/) { $gui->{description} = $interface_name eq 'speedtouch' ? 'Alcatel|USB ADSL Modem (Speed Touch)' : 'Analog Devices Inc.|USB ADSL modem'; } - gtkpack_(gtkset_border_width($gui->{sheet}{Account} = Gtk2::VBox->new(0,10), 5), + gtkpack_(gtkset_border_width($gui->{sheet}{Account} = Gtk3::VBox->new(0,10), 5), if_($interface eq 'modem', - 0, gtkpack(Gtk2::VBox->new(1,0), - gtkpack__(Gtk2::HBox->new, Gtk2::Label->new(N("Authentication"))), - gtkpack__(Gtk2::HBox->new, $gui->{intf}{auth} = gtksignal_connect(Gtk2::ComboBox->new_text, + 0, gtkpack(Gtk3::VBox->new(1,0), + gtkpack__(Gtk3::HBox->new, Gtk3::Label->new(N("Authentication"))), + gtkpack__(Gtk3::HBox->new, $gui->{intf}{auth} = gtksignal_connect(Gtk3::ComboBoxText->new, changed => $apply)), )), - map { (0, gtkpack(Gtk2::VBox->new(1,0), - gtkpack__(Gtk2::HBox->new, Gtk2::Label->new($_->[0])), - gtkpack__(Gtk2::HBox->new, $gui->{intf}{$_->[1]} = gtksignal_connect(Gtk2::Entry->new, + map { (0, gtkpack(Gtk3::VBox->new(1,0), + gtkpack__(Gtk3::HBox->new, Gtk3::Label->new($_->[0])), + gtkpack__(Gtk3::HBox->new, $gui->{intf}{$_->[1]} = gtksignal_connect(Gtk3::Entry->new, key_press_event => $apply)), ), ); @@ -335,12 +338,12 @@ sub build_notebook { } if ($intf->{pages}{Modem}) { - gtkpack(gtkset_border_width($gui->{sheet}{Modem} = Gtk2::HBox->new(0,10), 5), + gtkpack(gtkset_border_width($gui->{sheet}{Modem} = Gtk3::HBox->new(0,10), 5), if_($interface eq 'modem', - gtkpack__(Gtk2::VBox->new(0,5), - (map { (gtkpack(Gtk2::VBox->new(1,0), - gtkpack__(Gtk2::HBox->new, Gtk2::Label->new($_->[0])), - gtkpack__(Gtk2::HBox->new, $gui->{intf}{$_->[1]} = gtksignal_connect(Gtk2::ComboBox->new_text, + gtkpack__(Gtk3::VBox->new(0,5), + (map { (gtkpack(Gtk3::VBox->new(1,0), + gtkpack__(Gtk3::HBox->new, Gtk3::Label->new($_->[0])), + gtkpack__(Gtk3::HBox->new, $gui->{intf}{$_->[1]} = gtksignal_connect(Gtk3::ComboBoxText->new, changed => $apply)), ), ); @@ -348,38 +351,38 @@ sub build_notebook { [ N("Line termination"), 'Enter' ], [ N("Connection speed"), 'Speed' ], )), - # gtkpack(Gtk2::VBox->new(0,0), # no relative kppp option found :-( - # Gtk2::Label->new(N("Dialing mode")), + # gtkpack(Gtk3::VBox->new(0,0), # no relative kppp option found :-( + # Gtk3::Label->new(N("Dialing mode")), # gtkradio('', N("Tone dialing"), N("Pulse dialing")), # ), ), - Gtk2::VSeparator->new, - gtkpack__(Gtk2::VBox->new(0,10), - gtkpack__(Gtk2::HBox->new(0,5), - Gtk2::Label->new(N("Modem timeout")), - $gui->{intf}{Timeout} = gtksignal_connect(Gtk2::SpinButton->new(Gtk2::Adjustment->new($intf->{Timeout}, 0, 120, 1, 5, 0), 0, 0), + Gtk3::VSeparator->new, + gtkpack__(Gtk3::VBox->new(0,10), + gtkpack__(Gtk3::HBox->new(0,5), + Gtk3::Label->new(N("Modem timeout")), + $gui->{intf}{Timeout} = gtksignal_connect(Gtk3::SpinButton->new(Gtk3::Adjustment->new($intf->{Timeout}, 0, 120, 1, 5, 0), 0, 0), value_changed => $apply), ), - gtksignal_connect($gui->{intf_bool}{UseLockFile} = Gtk2::CheckButton->new(N("Use lock file")), + gtksignal_connect($gui->{intf_bool}{UseLockFile} = Gtk3::CheckButton->new(N("Use lock file")), toggled => $apply), - gtkpack__(Gtk2::HBox->new, gtksignal_connect($gui->{intf_bool}{WaitForDialTone} = Gtk2::CheckButton->new(N("Wait for dialup tone before dialing")), + gtkpack__(Gtk3::HBox->new, gtksignal_connect($gui->{intf_bool}{WaitForDialTone} = Gtk3::CheckButton->new(N("Wait for dialup tone before dialing")), toggled => $apply)), - gtkpack__(Gtk2::HBox->new(0,5), - Gtk2::Label->new(N("Busy wait")), - $gui->{intf}{BusyWait} = gtksignal_connect(Gtk2::SpinButton->new(Gtk2::Adjustment->new($intf->{BusyWait}, 0, 120, 1, 5, 0), 0, 0), + gtkpack__(Gtk3::HBox->new(0,5), + Gtk3::Label->new(N("Busy wait")), + $gui->{intf}{BusyWait} = gtksignal_connect(Gtk3::SpinButton->new(Gtk3::Adjustment->new($intf->{BusyWait}, 0, 120, 1, 5, 0), 0, 0), value_changed => $apply), ), - gtkpack__(Gtk2::HBox->new(0,5), - Gtk2::Label->new(N("Modem sound")), - gtkpack__(Gtk2::VBox->new(0,5), my @volume_radio = gtkradio('', N("Enable"), N("Disable"))), + gtkpack__(Gtk3::HBox->new(0,5), + Gtk3::Label->new(N("Modem sound")), + gtkpack__(Gtk3::VBox->new(0,5), my @volume_radio = gtkradio('', N("Enable"), N("Disable"))), ), ), ), if_($interface eq 'isdn', - gtkpack_(Gtk2::VBox->new(0,0), - map { (0, gtkpack(Gtk2::VBox->new(1,0), - gtkpack__(Gtk2::HBox->new, Gtk2::Label->new($_->[0])), - gtkpack__(Gtk2::HBox->new, $gui->{intf}{$_->[1]} = gtksignal_connect(Gtk2::Entry->new, + gtkpack_(Gtk3::VBox->new(0,0), + map { (0, gtkpack(Gtk3::VBox->new(1,0), + gtkpack__(Gtk3::HBox->new, Gtk3::Label->new($_->[0])), + gtkpack__(Gtk3::HBox->new, $gui->{intf}{$_->[1]} = gtksignal_connect(Gtk3::Entry->new, key_press_event => $apply)), ), ); @@ -389,9 +392,9 @@ sub build_notebook { [ N("Card IO_0"), 'io0' ], ), ), - Gtk2::VSeparator->new, - gtkpack__(Gtk2::VBox->new(0,0), - Gtk2::Label->new(N("Protocol")), + Gtk3::VSeparator->new, + gtkpack__(Gtk3::VBox->new(0,0), + Gtk3::Label->new(N("Protocol")), my @protocol_radio = gtkradio('', N("European protocol (EDSS1)"), N("Protocol for the rest of the world\nNo D-Channel (leased lines)")), ), @@ -416,8 +419,8 @@ sub build_notebook { @cards == 1 and $info = $cards[0]; } - gtkpack(gtkset_border_width($gui->{sheet}{Information} = Gtk2::VBox->new(0,10), 5), - gtktext_insert(Gtk2::TextView->new, + gtkpack(gtkset_border_width($gui->{sheet}{Information} = Gtk3::VBox->new(0,10), 5), + gtktext_insert(Gtk3::TextView->new, join('', map { $_->[0] . ": \x{200e}" . $_->[1] . "\n" } ( [ N("Vendor"), split('\|', $info->{description}) ], @@ -434,7 +437,7 @@ sub build_notebook { } foreach (keys %{$gui->{intf}}) { - next if ref($gui->{intf}{$_}) !~ /Gtk2::(ComboBox|Entry)/; + next if ref($gui->{intf}{$_}) !~ /Gtk3::(ComboBox|Entry)/; # skip unset fields: next if !$intf->{$_}; # special case b/c of translation: @@ -449,7 +452,7 @@ sub build_notebook { } } - $gui->{notebook} = Gtk2::Notebook->new; + $gui->{notebook} = Gtk3::Notebook->new; populate_notebook($gui->{notebook}, $gui); } @@ -457,7 +460,7 @@ sub populate_notebook { my ($notebook, $gui) = @_; foreach ('TCP/IP', 'DHCP', 'Account', 'Wireless', 'Modem', 'Options', 'Information') { !$gui->{sheet}{$_} and next; - $notebook->append_page($gui->{sheet}{$_}, Gtk2::Label->new(translate($_))); + $notebook->append_page($gui->{sheet}{$_}, Gtk3::Label->new(translate($_))); } } @@ -465,8 +468,8 @@ sub save { my ($in, $net, $modules_conf, $p, $apply_button) = @_; my $dialog = _create_dialog(N("Please wait")); - gtkpack($dialog->vbox, - gtkshow(Gtk2::Label->new(N("Please Wait... Applying the configuration")))); + gtkpack($dialog->get_child, + gtkshow(Gtk3::Label->new(N("Please Wait... Applying the configuration")))); $dialog->show_all; gtkset_mousecursor_wait(); diff --git a/lib/network/drakconnect/global.pm b/lib/network/drakconnect/global.pm index f7e1eff..525544e 100644 --- a/lib/network/drakconnect/global.pm +++ b/lib/network/drakconnect/global.pm @@ -1,8 +1,8 @@ package network::drakconnect::global; use lib qw(/usr/lib/libDrakX); # helps perl_checker -use ugtk2 qw(:create :dialogs :helpers :wrappers); -use mygtk2 qw(gtknew); +use ugtk3 qw(:create :dialogs :helpers :wrappers); +use mygtk3 qw(gtknew); use common; use network::drakconnect; use network::test; @@ -25,11 +25,11 @@ sub update_network_status { sub configure_net { my ($in, $net, $modules_conf) = @_; my $int_state; - my $int_label = Gtk2::WrappedLabel->new($net->{type} eq 'lan' ? N("Gateway:") : N("Interface:")); - my $int_name = Gtk2::Label->new($net->{type} eq 'lan' ? $net->{network}{GATEWAY} : $net->{net_interface}); + my $int_label = Gtk3::WrappedLabel->new($net->{type} eq 'lan' ? N("Gateway:") : N("Interface:")); + my $int_name = Gtk3::Label->new($net->{type} eq 'lan' ? $net->{network}{GATEWAY} : $net->{net_interface}); - my $dialog = ugtk2->new(N("Internet connection configuration")); - my $exit_dialogsub = sub { Gtk2->main_quit }; + my $dialog = ugtk3->new(N("Internet connection configuration")); + my $exit_dialogsub = sub { Gtk3->main_quit }; if (!$net->{type}) { $in->ask_warn( N("Warning"), @@ -44,7 +44,7 @@ Run the \"%s\" assistant from the Mageia Control Center", N("Set up a new networ } $dialog->{rwindow}->signal_connect(delete_event => $exit_dialogsub); - my $param_vbox = Gtk2::VBox->new(0,0); + my $param_vbox = Gtk3::VBox->new(0,0); my $i = 0; my @conf_data = ( @@ -59,35 +59,35 @@ Run the \"%s\" assistant from the Mageia Control Center", N("Set up a new networ map { my $c; if (defined $_->[2]) { - $c = Gtk2::Combo->new; + $c = Gtk3::ComboBox->new; $c->set_popdown_strings(@{$_->[2]}); $infos[2*$i+1] = $c->entry; } else { - $c = $infos[2*$i+1] = Gtk2::Entry->new; + $c = $infos[2*$i+1] = Gtk3::Entry->new; } $infos[2*$i+1]->set_text(${$_->[1]}); $i++; - [ Gtk2::WrappedLabel->new($_->[0]), $c ]; + [ Gtk3::WrappedLabel->new($_->[0]), $c ]; } @conf_data ) ); - $dialog->{rwindow}->add(gtkpack_(Gtk2::VBox->new, - 0, Gtk2::Label->new(N("Internet Connection Configuration")), + $dialog->{rwindow}->add(gtkpack_(Gtk3::VBox->new, + 0, Gtk3::Label->new(N("Internet Connection Configuration")), 1, gtkadd(gtkcreate_frame(N("Internet access")), gtkset_border_width(create_packtable({ col_spacings => 5, row_spacings => 5, homogenous => 1 }, - [ Gtk2::WrappedLabel->new(N("Connection type: ")), - Gtk2::WrappedLabel->new(translate($net->{type})) ], + [ Gtk3::WrappedLabel->new(N("Connection type: ")), + Gtk3::WrappedLabel->new(translate($net->{type})) ], [ $int_label, $int_name ], - [ Gtk2::WrappedLabel->new(N("Status:")), - $int_state = Gtk2::WrappedLabel->new(N("Testing your connection...")) ] + [ Gtk3::WrappedLabel->new(N("Status:")), + $int_state = Gtk3::WrappedLabel->new(N("Testing your connection...")) ] ), 5), ), 1, gtkadd(gtkcreate_frame(N("Parameters")), gtkset_border_width($param_vbox, 5)), 0, gtkpack(create_hbox('edge'), - gtksignal_connect(Gtk2::Button->new(N("Cancel")), clicked => $exit_dialogsub), - gtksignal_connect(Gtk2::Button->new(N("Ok")), clicked => sub { + gtksignal_connect(Gtk3::Button->new(N("Cancel")), clicked => $exit_dialogsub), + gtksignal_connect(Gtk3::Button->new(N("Ok")), clicked => sub { foreach my $i (0..$#conf_data) { ${$conf_data[$i][1]} = $infos[2*$i+1]->get_text; } diff --git a/lib/network/drakfirewall.pm b/lib/network/drakfirewall.pm index 3a808c2..ed7200e 100644 --- a/lib/network/drakfirewall.pm +++ b/lib/network/drakfirewall.pm @@ -12,12 +12,12 @@ my @all_servers = ( { name => N_("Web Server"), - pkg => 'apache apache-mod_perl boa lighttpd thttpd', + pkg => 'apache apache-mod_perl lighttpd nginx', ports => '80/tcp 443/tcp', }, { name => N_("Domain Name Server"), - pkg => 'bind dnsmasq mydsn', + pkg => 'bind dnsmasq', ports => '53/tcp 53/udp', }, { @@ -27,34 +27,33 @@ my @all_servers = }, { name => N_("FTP server"), - pkg => 'ftp-server-krb5 wu-ftpd proftpd pure-ftpd', + pkg => 'proftpd pure-ftpd', ports => '20/tcp 21/tcp', }, { name => N_("DHCP Server"), - pkg => 'dhcp-server udhcpd', + pkg => 'dhcp-server', ports => '67/udp 68/udp', hide => 1, }, { name => N_("Mail Server"), - pkg => 'sendmail postfix qmail exim', - ports => '25/tcp 465/tcp', + pkg => 'sendmail postfix', + ports => '25/tcp 465/tcp 587/tcp', }, { name => N_("POP and IMAP Server"), - pkg => 'imap courier-imap-pop', ports => '109/tcp 110/tcp 143/tcp 993/tcp 995/tcp', }, { name => N_("Telnet server"), - pkg => 'telnet-server-krb5', + pkg => 'netkit-telnet-server', ports => '23/tcp', hide => 1, }, { name => N_("NFS Server"), - pkg => 'nfs-utils nfs-utils-clients', + pkg => 'nfs-utils', ports => '111/tcp 111/udp 2049/tcp 2049/udp ' . network::nfs::list_nfs_ports(), hide => 1, prepare => sub { network::nfs::write_nfs_ports(network::nfs::read_nfs_ports()) }, @@ -62,13 +61,13 @@ my @all_servers = }, { name => N_("Windows Files Sharing (SMB)"), - pkg => 'samba-server', + pkg => 'samba', ports => '137/tcp 137/udp 138/tcp 138/udp 139/tcp 139/udp 445/tcp 445/udp 1024:1100/tcp 1024:1100/udp', hide => 1, }, { name => N_("Bacula backup"), - pkg => 'bacula-fd bacula-sd bacula-dir-common', + pkg => 'bacula-fd bacula-sd', ports => '9101:9103/tcp', hide => 1, }, @@ -85,14 +84,20 @@ my @all_servers = hide => 1, }, { + name => N_("SANE server"), + pkg => 'saned', + ports => '6566/tcp', + hide => 1, + }, + { name => N_("MySQL server"), - pkg => 'mysql', + pkg => 'mariadb', ports => '3306/tcp 3306/udp', hide => 1, }, { name => N_("PostgreSQL server"), - pkg => 'postgresql8.2 postgresql8.3', + pkg => 'postgresql11 postgresql13', ports => '5432/tcp 5432/udp', hide => 1, }, @@ -107,14 +112,31 @@ my @all_servers = pkg => 'avahi cups openslp', }, { + name => N_("Network printer/scanner autodiscovery"), + # Canon scanner autodiscovery detects responses on UDP port 8612 + ports => '8612/udp', + pkg => 'sane-backends', + }, + { name => N_("BitTorrent"), - ports => '6881:6999/tcp', + ports => '6881:6999/tcp 6881:6999/udp', + hide => 1, + pkg => 'deluge ktorrent rtorrent transmission-common', + }, + { + name => N_("KDEConnect"), + ports => '1714:1764/udp 1714:1764/tcp', + hide => 1, + pkg => 'kdeconnect-kde', + }, + { + name => N_("Ident server"), + ports => '113/tcp', hide => 1, - pkg => 'bittorrent deluge ktorrent transmission vuze rtorrent ctorrent', + pkg => 'oidentd', }, { name => N_("Windows Mobile device synchronization"), - pkg => 'synce-hal', ports => '990/tcp 999/tcp 5678/tcp 5679/udp 26675/tcp', hide => 1, }, diff --git a/lib/network/drakfirewall6.pm b/lib/network/drakfirewall6.pm new file mode 100644 index 0000000..4ef2898 --- /dev/null +++ b/lib/network/drakfirewall6.pm @@ -0,0 +1,393 @@ +package network::drakfirewall6; # $Id: drakfirewall.pm 268043 2010-04-30 13:29:37Z blino $ + + + +use lib qw(/usr/lib/libDrakX); # helps perl_checker +use network::shorewall6; +use common; +use network::nfs; +use network::network; + +my @all_servers = +( + { + name => N_("Web Server"), + pkg => 'apache apache-mod_perl lighttpd nginx', + ports => '80/tcp 443/tcp', + }, + { + name => N_("Domain Name Server"), + pkg => 'bind dnsmasq mydsn', + ports => '53/tcp 53/udp', + }, + { + name => N_("SSH server"), + pkg => 'openssh-server', + ports => '22/tcp', + }, + { + name => N_("FTP server"), + pkg => 'proftpd pure-ftpd', + ports => '20/tcp 21/tcp', + }, + { + name => N_("DHCP Server"), + pkg => 'dhcp-server udhcpd', + ports => '67/udp 68/udp', + hide => 1, + }, + { + name => N_("Mail Server"), + pkg => 'sendmail postfix', + ports => '25/tcp 465/tcp 587/tcp', + }, + { + name => N_("POP and IMAP Server"), + pkg => 'imap courier-imap-pop', + ports => '109/tcp 110/tcp 143/tcp 993/tcp 995/tcp', + }, + { + name => N_("Telnet server"), + pkg => 'netkit-telnet-server', + ports => '23/tcp', + hide => 1, + }, + { + name => N_("NFS Server"), + pkg => 'nfs-utils', + ports => '111/tcp 111/udp 2049/tcp 2049/udp ' . network::nfs::list_nfs_ports(), + hide => 1, + prepare => sub { network::nfs::write_nfs_ports(network::nfs::read_nfs_ports()) }, + restart => 'nfs-common nfs-server', + }, + { + name => N_("Windows Files Sharing (SMB)"), + pkg => 'samba', + ports => '137/tcp 137/udp 138/tcp 138/udp 139/tcp 139/udp 445/tcp 445/udp 1024:1100/tcp 1024:1100/udp', + hide => 1, + }, + { + name => N_("Bacula backup"), + pkg => 'bacula-fd bacula-sd', + ports => '9101:9103/tcp', + hide => 1, + }, + { + name => N_("Syslog network logging"), + pkg => 'rsyslog syslog-ng', + ports => '514/udp', + hide => 1, + }, + { + name => N_("CUPS server"), + pkg => 'cups', + ports => '631/tcp 631/udp', + hide => 1, + }, + { + name => N_("SANE server"), + pkg => 'saned', + ports => '6566/tcp', + hide => 1, + }, + { + name => N_("MySQL server"), + pkg => 'mariadb', + ports => '3306/tcp 3306/udp', + hide => 1, + }, + { + name => N_("PostgreSQL server"), + pkg => 'postgresql15 postgresql17', + ports => '5432/tcp 5432/udp', + hide => 1, + }, + { + name => N_("Echo request (ping)"), + ports => '128/icmp', + force_default_selection => 0, + }, + { + name => N_("Network services autodiscovery (zeroconf and slp)"), + ports => '5353/udp 427/udp', + pkg => 'avahi cups openslp', + }, + { + name => N_("Network printer/scanner autodiscovery"), + # Canon scanner autodiscovery detects responses on UDP port 8612 + ports => '8612/udp', + pkg => 'sane-backends', + }, + { + name => N_("BitTorrent"), + ports => '6881:6999/tcp 6881:6999/udp', + hide => 1, + pkg => 'bittorrent deluge ktorrent rtorrent transmission-common', + }, + { + name => N_("KDEConnect"), + ports => '1714:1764/udp 1714:1764/tcp', + hide => 1, + pkg => 'kdeconnect-kde', + }, + { + name => N_("Ident server"), + ports => '113/tcp', + hide => 1, + pkg => 'oidentd', + }, + { + name => N_("Windows Mobile device synchronization"), + ports => '990/tcp 999/tcp 5678/tcp 5679/udp 26675/tcp', + hide => 1, + }, +); + +my @ifw_rules = ( + { + name => N_("Port scan detection"), + ifw_rule => 'psd', + }, +); + +# global network configuration +my $net = {}; +network::network::read_net_conf($net); + +sub port2server { + my ($port) = @_; + find { + any { $port eq $_ } split(' ', $_->{ports}); + } @all_servers; +} + +sub check_ports_syntax { + my ($ports) = @_; + foreach (split ' ', $ports) { + my ($nb, $range, $nb2) = m!^(\d+)(:(\d+))?/(tcp|udp|icmp)$! or return $_; + foreach my $port ($nb, if_($range, $nb2)) { + 1 <= $port && $port <= 65535 or return $_; + } + $nb < $nb2 or return $_ if $range; + } + ''; +} + +sub to_ports { + my ($servers, $unlisted) = @_; + join(' ', (map { $_->{ports} } @$servers), if_($unlisted, $unlisted)); +} + +sub from_ports { + my ($ports) = @_; + + my @l; + my @unlisted; + foreach (split ' ', $ports) { + if (my $s = port2server($_)) { + push @l, $s; + } else { + push @unlisted, $_; + } + } + [ uniq(@l) ], join(' ', @unlisted); +} + +sub default_from_pkgs { + my ($do_pkgs) = @_; + my @pkgs = $do_pkgs->are_installed(map { split ' ', $_->{pkg} } @all_servers); + [ grep { + my $s = $_; + exists $s->{force_default_selection} ? + $s->{force_default_selection} : + any { member($_, @pkgs) } split(' ', $s->{pkg}); + } @all_servers ]; +} + +sub default_ports { + my ($do_pkgs) = @_; + to_ports(default_from_pkgs($do_pkgs), ''); +} + +sub get_ports() { + my $shorewall6 = network::shorewall6::read() or return; + $shorewall6->{ports}; +} + +sub set_ports { + my ($do_pkgs, $disabled, $ports, $log_net_drop, $o_in) = @_; + + if (!$disabled || -x "$::prefix/sbin/shorewall6") { + $do_pkgs->ensure_files_are_installed([ [ qw(shorewall shorewall) ], [ qw(shorewall-ipv6 shorewall6) ] ], $::isInstall) or return; + my $shorewall6 = network::shorewall6::read(!$disabled && $o_in); + if (!$shorewall6) { + log::l("unable to read shorewall6 configuration, skipping installation"); + return; + } + + $shorewall6->{disabled} = $disabled; + $shorewall6->{ports} = $ports; + $shorewall6->{log_net_drop} = $log_net_drop; + log::l($disabled ? "disabling shorewall6" : "configuring shorewall6 to allow ports: $ports"); + network::shorewall6::write($shorewall6, $o_in); + } +} + +sub get_conf { + my ($in, $disabled, $o_ports) = @_; + + my $possible_servers = default_from_pkgs($in->do_pkgs); + $_->{hide} = 0 foreach @$possible_servers; + + if ($o_ports) { + $disabled, from_ports($o_ports); + } elsif (my $shorewall6 = network::shorewall6::read()) { + $shorewall6->{disabled}, from_ports($shorewall6->{ports}), $shorewall6->{log_net_drop}; + } else { + $in->ask_okcancel(N("IPv6 firewall configuration"), N("drakfirewall6 configurator + +This configures a personal ipv6 firewall for this Mageia machine."), 1) or return; + + $in->ask_okcancel(N("IPv6 firewall configuration"), N("drakfirewall6 configurator + +Make sure you have configured your Network/Internet IPv6 access with +drakconnect before going any further."), 1) or return; + + $disabled, $possible_servers, ''; + } +} + +sub choose_allowed_services { + my ($in, $disabled, $servers, $unlisted, $log_net_drop) = @_; + + $_->{on} = 0 foreach @all_servers; + $_->{on} = 1 foreach @$servers; + my @l = grep { $_->{on} || !$_->{hide} } @all_servers; + + $in->ask_from_({ + title => N("Firewall IPv6"), + icon => $network::shorewall6::firewall_icon, + if_(!$::isEmbedded, banner_title => N("Firewall IPv6")), + advanced_messages => N("You can enter miscellaneous ports. +Valid examples are: 139/tcp 139/udp 600:610/tcp 600:610/udp. +Have a look at /etc/services for information."), + callbacks => { + complete => sub { + if (my $invalid_port = check_ports_syntax($unlisted)) { + $in->ask_warn('', N("Invalid port given: %s. +The proper format is \"port/tcp\" or \"port/udp\", +where port is between 1 and 65535. + +You can also give a range of ports (eg: 24300:24350/udp)", $invalid_port)); + return 1; + } + }, + } }, + [ + { label => N("Which services would you like to allow the IPv6 Internet to connect to?"), title => 1 }, + if_($net->{PROFILE} && network::network::netprofile_count() > 0, { label => N("Those settings will be saved for the network profile <b>%s</b>", $net->{PROFILE}) }), + { text => N("Everything (no firewall)"), val => \$disabled, type => 'bool' }, + (map { { text => translate($_->{name}), val => \$_->{on}, type => 'bool', disabled => sub { $disabled } } } @l), + { label => N("Other ports"), val => \$unlisted, advanced => 1, disabled => sub { $disabled } }, + { text => N("Log firewall6 messages in system logs"), val => \$log_net_drop, type => 'bool', advanced => 1, disabled => sub { $disabled } }, + ]) or return; + + $disabled, [ grep { $_->{on} } @l ], $unlisted, $log_net_drop; +} + +sub set_ifw { + my ($do_pkgs, $enabled, $rules, $ports) = @_; + if ($enabled) { + $do_pkgs->ensure_is_installed('mandi-ifw', '/etc/ifw/start', $::isInstall) or return; + + my $ports_by_proto = network::shorewall6::ports_by_proto($ports); + output_with_perm("$::prefix/etc/ifw/rules", 0644, + (map { ". /etc/ifw/rules.d/$_\n" } @$rules), + map { + my $proto = $_; + map { + my $multiport = /:/ && " -m multiport"; + "iptables -A Ifw -m conntrack --ctstate NEW -p $proto$multiport --dport $_ -j IFWLOG --log-prefix NEW\n"; + } @{$ports_by_proto->{$proto}}; + } intersection([ qw(tcp udp) ], [ keys %$ports_by_proto ]), + ); + } + + substInFile { + undef $_ if m!^INCLUDE /etc/ifw/rules|^iptables -I INPUT 2 -j Ifw!; + } "$::prefix/etc/shorewall6/start"; + network::shorewall6::set_in_file('start', $enabled, "INCLUDE /etc/ifw/start", "INCLUDE /etc/ifw/rules", "ip6tables -I INPUT 1 -j Ifw"); + network::shorewall6::set_in_file('stop', $enabled, "ip6tables -D INPUT -j Ifw", "INCLUDE /etc/ifw/stop"); +} + +sub choose_watched_services { + my ($in, $servers, $unlisted) = @_; + + my @l = (@ifw_rules, @$servers, map { { ports => $_ } } split(' ', $unlisted)); + my $enabled = 1; + $_->{ifw} = 1 foreach @l; + + $in->ask_from_({ + icon => $network::shorewall6::firewall_icon, + if_(!$::isEmbedded, banner_title => N("Interactive IPv6 Firewall")), + messages => + N("You can be warned when someone accesses to a service or tries to intrude into your computer. +Please select which network activities should be watched."), + title => N("Interactive IPv6 Firewall"), + }, + [ + { text => N("Use Interactive IPv6 Firewall"), val => \$enabled, type => 'bool' }, + map { { + text => (exists $_->{name} ? translate($_->{name}) : $_->{ports}), + val => \$_->{ifw}, + type => 'bool', disabled => sub { !$enabled }, + } } @l, + ]) or return; + my ($rules, $ports) = partition { exists $_->{ifw_rule} } grep { $_->{ifw} } @l; + set_ifw($in->do_pkgs, $enabled, [ map { $_->{ifw_rule} } @$rules ], to_ports($ports)); + + # return something to say that we are done ok + $rules, $ports; +} + +sub main { + my ($in, $disabled) = @_; + + ($disabled, my $servers, my $unlisted, my $log_net_drop) = get_conf($in, $disabled) or return; + + ($disabled, $servers, $unlisted, $log_net_drop) = choose_allowed_services($in, $disabled, $servers, $unlisted, $log_net_drop) or return; + + my $system_file = '/etc/sysconfig/drakx-net'; + my %global_settings = getVarsFromSh($system_file); + + if (!$disabled && (!defined($global_settings{IFW}) || text2bool($global_settings{IFW}))) { + choose_watched_services($in, $servers, $unlisted) or return; + } + + # preparing services when required + foreach (@$servers) { + exists $_->{prepare} and $_->{prepare}(); + } + + my $ports = to_ports($servers, $unlisted); + + set_ports($in->do_pkgs, $disabled, $ports, $log_net_drop, $in) or return; + + # restart mandi + require services; + services::is_service_running("mandi") and services::restart("mandi"); + + # restarting services if needed + foreach my $service (@$servers) { + if ($service->{restart}) { + services::is_service_running($_) and services::restart($_) foreach split(' ', $service->{restart}); + } + } + + # clearing pending ifw notifications in net_applet + system('killall -s SIGUSR1 net_applet'); + + ($disabled, $ports); +} + +1; diff --git a/lib/network/drakroam.pm b/lib/network/drakroam.pm index 236a326..b972b19 100755 --- a/lib/network/drakroam.pm +++ b/lib/network/drakroam.pm @@ -10,8 +10,8 @@ use strict; use lib qw(/usr/lib/libDrakX); # helps perl_checker use common; use interactive; -use mygtk2; -use ugtk2 qw(:create :helpers :wrappers); +use mygtk3; +use ugtk3 qw(:create :helpers :wrappers); use network::connection; use network::connection_manager::gtk; use network::connection::wireless; @@ -57,20 +57,20 @@ sub update_on_connection_change { sub create_drakroam_gui { my ($droam, $_dbus, $title, $icon) = @_; - $droam->{gui}{model} = Gtk2::ListStore->new('Gtk2::Gdk::Pixbuf', 'Glib::String'); - $droam->{gui}{connections_combo} = Gtk2::ComboBox->new($droam->{gui}{model}); - my $pix_r = Gtk2::CellRendererPixbuf->new; + $droam->{gui}{model} = Gtk3::ListStore->new('Gtk3::Gdk::Pixbuf', 'Glib::String'); + $droam->{gui}{connections_combo} = Gtk3::ComboBox->new_with_model($droam->{gui}{model}); + my $pix_r = Gtk3::CellRendererPixbuf->new; $droam->{gui}{connections_combo}->pack_start($pix_r, 0,); $droam->{gui}{connections_combo}->add_attribute($pix_r, pixbuf => 0); - my $text_r = Gtk2::CellRendererText->new; + my $text_r = Gtk3::CellRendererText->new; $droam->{gui}{connections_combo}->pack_start($text_r, 1); $droam->{gui}{connections_combo}->add_attribute($text_r, text => 1); $droam->{gui}{pixbuf_size} = 32; - $droam->{gui}{empty_pixbuf} = Gtk2::Gdk::Pixbuf->new('rgb', 1, 8, $droam->{gui}{pixbuf_size}, $droam->{gui}{pixbuf_size}); + $droam->{gui}{empty_pixbuf} = Gtk3::Gdk::Pixbuf->new('rgb', 1, 8, $droam->{gui}{pixbuf_size}, $droam->{gui}{pixbuf_size}); $droam->{gui}{empty_pixbuf}->fill(0); - my $status_bar = Gtk2::Statusbar->new; + my $status_bar = Gtk3::Statusbar->new; my $status_bar_cid = $status_bar->get_context_id("Network event"); $droam->{on_network_event} = sub { my ($message) = @_; @@ -78,11 +78,11 @@ sub create_drakroam_gui { Glib::Timeout->add(20000, sub { $status_bar->remove($status_bar_cid, $m_id); 0 }); }; - (undef, my $rootwin_height) = gtkroot()->get_size; + (undef, my $rootwin_height) = mygtk3::root_window_size(); my $scrolled_height = $rootwin_height > 480 ? 300 : 225; gtkadd($droam->{gui}{w}{window}, gtknew('VBox', spacing => 5, children => [ - $::isEmbedded ? () : (0, Gtk2::Banner->new($icon, $title)), + $::isEmbedded ? () : (0, Gtk3::Banner->new($icon, $title)), 0, gtknew('HBox', children_tight => [ gtknew('Label_Left', text => N("Device: "), alignment => [ 0.5, 0.5 ]), gtksignal_connect($droam->{gui}{connections_combo}, changed => sub { select_connection($droam) }) ]), 1, gtknew('ScrolledWindow', width => 500, height => $scrolled_height, child => $droam->{gui}{networks_list}), @@ -91,7 +91,7 @@ sub create_drakroam_gui { $droam->{gui}{buttons}{connect_start} = gtknew('Button', text => N("Connect"), relief => 'half', clicked => sub { $droam->start_connection }), $droam->{gui}{buttons}{connect_stop} = gtknew('Button', text => N("Disconnect"), relief => 'half', clicked => sub { $droam->stop_connection }), $droam->{gui}{buttons}{refresh} = gtknew('Button', text => N("Refresh"), clicked => sub { $droam->update_networks }), - gtknew('Button', text => N("Quit"), clicked => sub { Gtk2->main_quit }) + gtknew('Button', text => N("Quit"), clicked => sub { Gtk3->main_quit }) ]), 0, $status_bar, ]), @@ -104,8 +104,8 @@ sub main { my $title = N("Wireless connection"); my $icon = '/usr/share/mcc/themes/default/drakroam-mdk.png'; - $ugtk2::wm_icon = $icon; - my $w = ugtk2->new($title); + $ugtk3::wm_icon = $icon; + my $w = ugtk3->new($title); #- so that transient_for is defined, for wait messages and popups to be centered $::main_window = $w->{real_window}; diff --git a/lib/network/drakvpn.pm b/lib/network/drakvpn.pm index 1ffafda..4e259d9 100644 --- a/lib/network/drakvpn.pm +++ b/lib/network/drakvpn.pm @@ -9,7 +9,9 @@ network::drakvpn - Interactive VPN configuration use interactive; use network::drakvpn; - my $in = 'interactive'->vnew('su'); + require_root_capability(); + + my $in = 'interactive'->vnew; network::drakvpn::create_connection($in); =cut diff --git a/lib/network/monitor.pm b/lib/network/monitor.pm index b06bbe3..43edb29 100644 --- a/lib/network/monitor.pm +++ b/lib/network/monitor.pm @@ -97,7 +97,9 @@ sub list_wireless { $has_key = $has_wpa = $has_eap = undef; } /Address: (.*)/ and $net->{ap} = lc($1); - /ESSID:"(.*?)"/ and $net->{essid} = $1; + if (my ($essid) = /ESSID:"(.*?)"/) { + $essid !~ /^\\x00/ and $net->{essid} = $essid; + } /Mode:(\S*)/ and $net->{mode} = $1; $net->{mode} = 'Managed' if $net->{mode} eq 'Master'; $_ =~ $quality_match and $net->{signal_strength} = $eval_quality->($1); diff --git a/lib/network/net_applet/.perl_checker b/lib/network/net_applet/.perl_checker new file mode 100644 index 0000000..80deab8 --- /dev/null +++ b/lib/network/net_applet/.perl_checker @@ -0,0 +1 @@ +Basedir ../../.. diff --git a/lib/network/net_applet/ifw.pm b/lib/network/net_applet/ifw.pm index 217ca2a..3b5c94f 100644 --- a/lib/network/net_applet/ifw.pm +++ b/lib/network/net_applet/ifw.pm @@ -3,8 +3,8 @@ package network::net_applet::ifw; use lib qw(/usr/lib/libDrakX); # helps perl_checker use common; use network::ifw; -use ugtk2 qw(:create :helpers :wrappers :dialogs); -use mygtk2 qw(gtknew gtkset); +use ugtk3 qw(:create :helpers :wrappers :dialogs); +use mygtk3 qw(gtknew gtkset); sub init() { network::ifw::init($network::net_applet::dbus, sub { @@ -86,6 +86,7 @@ sub handle_ifw_message { } my $is_attack = $message->{prefix} ne 'NEW'; enable_ifw_alert() if $is_attack; + return if !$network::net_applet::notification_queue; $network::net_applet::notification_queue->add({ title => N("Interactive Firewall"), pixbuf => $network::net_applet::pixbufs{firewall}, @@ -111,7 +112,7 @@ sub handle_ifw_message { sub ask_attack_verdict { my ($attack) = @_; - my $w = ugtk2->new(N("Interactive Firewall: intrusion detected"), + my $w = ugtk3->new(N("Interactive Firewall: intrusion detected"), icon => "drakfirewall"); my ($blacklist, $whitelist, $ignore, $auto); @@ -124,14 +125,14 @@ sub ask_attack_verdict { gtkadd($w->{window}, gtknew('VBox', spacing => 5, children_loose => [ gtknew('HBox', children => [ - 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), + 0, Gtk3::Image->new_from_stock('gtk-dialog-warning', 'dialog'), 0, gtknew('Label', text => " "), 1, gtknew('VBox', children => [ 0, $attack->{msg}, 0, N("What do you want to do with this attacker?") ]) ]), - gtksignal_connect(gtkadd(Gtk2::Expander->new(N("Attack details")), + gtksignal_connect(gtkadd(Gtk3::Expander->new(N("Attack details")), gtknew('HBox', children => [ 0, gtknew('Label', text => " "), 1, gtknew('VBox', children_loose => [ @@ -202,14 +203,14 @@ sub handle_ifw_listen { sub ask_listen_verdict { my ($listen) = @_; - my $w = ugtk2->new(N("Interactive Firewall: new service"), icon => "drakfirewall"); + my $w = ugtk3->new(N("Interactive Firewall: new service"), icon => "drakfirewall"); my $set_verdict = sub { $network::net_applet::notification_queue->process_next; }; gtkadd($w->{window}, gtknew('VBox', spacing => 5, children_loose => [ gtknew('HBox', children => [ - 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), + 0, Gtk3::Image->new_from_stock('gtk-dialog-warning', 'dialog'), 1, gtknew('VBox', children => [ 0, $listen->{message}, 0, N("Do you want to open this service?"), diff --git a/lib/network/netcenter.pm b/lib/network/netcenter.pm index 603295d..f039dfc 100755 --- a/lib/network/netcenter.pm +++ b/lib/network/netcenter.pm @@ -7,8 +7,8 @@ package network::netcenter; use strict; use lib qw(/usr/lib/libDrakX); # helps perl_checker use common; -use mygtk2; -use ugtk2 qw(:create :helpers :wrappers); +use mygtk3; +use ugtk3 qw(:create :helpers :wrappers); use network::connection; use network::connection_manager::gtk; use network::tools; @@ -97,14 +97,14 @@ sub build_cmanager_box { $on_expand->(!$was_expanded); }; $expander->signal_connect(activate => $toggle_expand); - my $eventbox = gtksignal_connect(Gtk2::EventBox->new, button_press_event => sub { + my $eventbox = gtksignal_connect(Gtk3::EventBox->new, button_press_event => sub { $_[1]->button == 1 or return; $toggle_expand->(); my $was_expanded = $expander->get_expanded; $expander->set_expanded(!$was_expanded); }); my $box = gtknew('VBox', spacing => 5, children_tight => [ - (!$is_first ? Gtk2::HSeparator->new : ()), + (!$is_first ? Gtk3::HSeparator->new : ()), gtknew('HBox', children => [ 0, $expander, 1, gtkadd($eventbox, $head), @@ -153,8 +153,8 @@ sub main { my $title = N("Network Center"); my $icon = '/usr/share/mcc/themes/default/drakroam-mdk.png'; - $ugtk2::wm_icon = $icon; - my $w = ugtk2->new($title); + $ugtk3::wm_icon = $icon; + my $w = ugtk3->new($title); #- so that transient_for is defined, for wait messages and popups to be centered $::main_window = $w->{real_window}; @@ -162,12 +162,12 @@ sub main { my @cmanagers = map { build_cmanager($in, $net, $w, $_) } @connections; - (undef, my $rootwin_height) = gtkroot()->get_size; + (undef, my $rootwin_height) = mygtk3::root_window_size(); my $scrolled_height = $rootwin_height > 480 ? 400 : 295; my $managers_box; gtkadd($w->{window}, gtknew('VBox', spacing => 5, children => [ - $::isEmbedded ? () : (0, Gtk2::Banner->new($icon, $title)), + $::isEmbedded ? () : (0, Gtk3::Banner->new($icon, $title)), if_($net->{PROFILE} && network::network::netprofile_count() > 0, 0, gtknew('Label', text_markup => N("You are currently using the network profile <b>%s</b>", $net->{PROFILE}))), 1, gtknew('ScrolledWindow', width => 600, height => $scrolled_height, shadow_type => 'none', child => $managers_box = gtknew('VBox', spacing => 5, children_tight => [ @@ -175,7 +175,7 @@ sub main { ])), 0, gtknew('HButtonBox', spacing => 6, layout => 'end', children_loose => [ gtknew('Button', text => N("Advanced settings"), clicked => sub { advanced_settings($in, $net) }), - gtknew('Button', text => N("Quit"), clicked => sub { Gtk2->main_quit }), + gtknew('Button', text => N("Quit"), clicked => sub { Gtk3->main_quit }), ]), ]), ); diff --git a/lib/network/network.pm b/lib/network/network.pm index e62ea5e..bda2d40 100644 --- a/lib/network/network.pm +++ b/lib/network/network.pm @@ -109,7 +109,7 @@ sub write_network_conf { } $net->{network}{NETWORKING} = 'yes'; - setVarsInSh($::prefix . $network_file, $net->{network}, qw(HOSTNAME NETWORKING GATEWAY GATEWAYDEV NISDOMAIN FORWARD_IPV4 NETWORKING_IPV6 IPV6_DEFAULTDEV CRDA_DOMAIN)); + setVarsInSh($::prefix . $network_file, $net->{network}, qw(HOSTNAME NETWORKING GATEWAY GATEWAYDEV NISDOMAIN FORWARD_IPV4 NETWORKING_IPV6 IPV6_DEFAULTDEV NOZEROCONF CRDA_DOMAIN)); output($::prefix . $hostname_file, ($net->{network}{HOSTNAME} || "localhost") . "\n"); } @@ -190,6 +190,7 @@ sub write_interface_settings { my ($intf, $file) = @_; setVarsInSh($file, $intf, qw(DEVICE BOOTPROTO IPADDR NETMASK NETWORK BROADCAST GATEWAY ONBOOT HWADDR MACADDR METRIC MII_NOT_SUPPORTED TYPE USERCTL ATM_ADDR ATM_DEVICE ETHTOOL_OPTS VLAN MTU DNS1 DNS2 DOMAIN RESOLV_MODS LINK_DETECTION_DELAY), qw(WIRELESS_MODE WIRELESS_ESSID WIRELESS_NWID WIRELESS_FREQ WIRELESS_SENS WIRELESS_RATE WIRELESS_ENC_KEY WIRELESS_ENC_MODE WIRELESS_RTS WIRELESS_FRAG WIRELESS_IWCONFIG WIRELESS_IWSPY WIRELESS_IWPRIV WIRELESS_WPA_DRIVER WIRELESS_WPA_REASSOCIATE CRDA_DOMAIN), + qw(KEY_MGMT WPA_PSK), qw(DVB_ADAPTER_ID DVB_NETWORK_DEMUX DVB_NETWORK_PID), qw(IPV6INIT IPV6TO4INIT), qw(MRU REMIP PPPOPTIONS HARDFLOWCTL DEFABORT RETRYTIMEOUT PAPNAME LINESPEED MODEMPORT DEBUG ESCAPECHARS INITSTRING), @@ -204,6 +205,7 @@ sub write_interface_settings { ); substInFile { s/^DEVICE='(`.*`)'/DEVICE=$1/g } $file; #- remove quotes if DEVICE is the result of a command chmod $intf->{WIRELESS_ENC_KEY} ? 0700 : 0755, $file; #- hide WEP key for non-root users + chmod $intf->{WPA_PSK} ? 0700 : 0755, $file; #- hide WPA key log::explanations("written $intf->{DEVICE} interface configuration in $file"); } @@ -291,14 +293,12 @@ sub addDefaultRoute { } sub write_hostname { + #- ovitters: adding 127.0.0.1 to /etc/hosts is obsolete as nss-myhostname handles it my ($hostname) = @_; addVarsInSh($::prefix . $network_file, { HOSTNAME => $hostname }, qw(HOSTNAME)); output($::prefix . $hostname_file, $hostname || "localhost"); - add2hosts("localhost", "127.0.0.1"); - add2hosts($hostname, "127.0.0.1") if $hostname; - unless ($::isInstall) { my $rc = syscall_("sethostname", $hostname, length $hostname); log::explanations($rc ? "set sethostname to $hostname" : "sethostname failed: $!"); @@ -470,7 +470,7 @@ sub netprofile_read { sub advanced_settings_read() { my $modprobe = "$::prefix/etc/modprobe.conf"; - my $sysctl = "$::prefix/etc/sysctl.conf"; + my $sysctl = "$::prefix/etc/sysctl.d/51-drakx.conf"; my $msecconf = "$::prefix/etc/security/msec/security.conf"; my $ipv6_disabled = find { /^options ipv6 disable=1$/ } cat_($modprobe); @@ -518,7 +518,7 @@ sub advanced_settings_write { $_ .= "net.ipv4.icmp_echo_ignore_broadcasts=$disable_icmp_broadcasts\n"; $_ .= "net.ipv4.icmp_ignore_bogus_error_responses=$disable_bogus_error_responses\n"; } - } "$::prefix/etc/sysctl.conf"; + } "$::prefix/etc/sysctl.d/51-drakx.conf"; } sub advanced_choose { @@ -532,6 +532,7 @@ sub advanced_choose { { text => N("Disable IPv6"), val => \$u->{ipv6_disabled}, type => "bool" }, { text => N("Disable TCP Window Scaling"), val => \$u->{disable_window_scaling}, type => "bool" }, { text => N("Disable TCP Timestamps"), val => \$u->{disable_tcp_timestamps}, type => "bool" }, + { text => N("Disable ZEROCONF route"), val => \$net->{network}{NOZEROCONF}, type => "bool" }, { label => "<b>" . N("Security settings (defined by MSEC policy)") . "</b>" }, { text => N("Disable ICMP echo"), val => \$u->{disable_icmp}, type => "bool", disabled => sub { $u->{msec} } }, { text => N("Disable ICMP echo for broadcasting messages"), val => \$u->{disable_icmp_broadcasts}, type => "bool", disabled => sub { $u->{msec} } }, @@ -744,8 +745,11 @@ sub read_net_conf { my ($device) = /^ifcfg-([A-Za-z0-9.:_-]+)$/; next if $device =~ /.rpmnew$|.rpmsave$/; if ($device && $device ne 'lo') { + my %vars = getVarsFromSh("$::prefix/etc/sysconfig/network-scripts/$_"); + #- skip NetworkManager wireless config files (mga#8960) + next if $vars{TYPE} eq 'Wireless'; my $intf = findIntf($net, $device); - add2hash($intf, { getVarsFromSh("$::prefix/etc/sysconfig/network-scripts/$_") }); + add2hash($intf, \%vars); $intf->{DEVICE} ||= $device; } } @@ -785,7 +789,7 @@ sub easy_dhcp { modules::load_category($modules_conf, list_modules::ethernet_categories()); my @all_dev = sort map { $_->[0] } network::connection::ethernet::get_eth_cards($modules_conf); - my @ether_dev = grep { /^eth[0-9]+$/ && `LC_ALL= LANG= $::prefix/sbin/ip -o link show $_ 2>/dev/null` =~ m|\slink/ether\s| } @all_dev; + my @ether_dev = grep { `LC_ALL= LANG= $::prefix/sbin/ip -o link show $_ 2>/dev/null` =~ m|\slink/ether\s| } @all_dev; foreach my $dhcp_intf (@ether_dev) { log::explanations("easy_dhcp: found $dhcp_intf"); $net->{ifcfg}{$dhcp_intf} ||= {}; diff --git a/lib/network/nfs.pm b/lib/network/nfs.pm index 32ee90c..b288975 100644 --- a/lib/network/nfs.pm +++ b/lib/network/nfs.pm @@ -11,18 +11,18 @@ sub read_nfs_ports() { my $lockd_udp_port = 4002; my $rpc_mountd_port = 4003; my $rpc_rquotad_port = 4004; - if (-f "$::prefix/etc/sysconfig/nfs-common") { - foreach (cat_("$::prefix/etc/sysconfig/nfs-common")) { - /^STATD_OPTIONS=.*(--port|-p) (\d+)/ and $statd_port = $2; - /^STATD_OPTIONS=.*(--outgoing-port|-o) (\d+)/ and $statd_outgoing_port = $2; + if (-f "$::prefix/etc/sysconfig/nfs") { + foreach (cat_("$::prefix/etc/sysconfig/nfs")) { + /^STATDARGS=.*(--port|-p) (\d+)/ and $statd_port = $2; + /^STATDARGS=.*(--outgoing-port|-o) (\d+)/ and $statd_outgoing_port = $2; /^LOCKD_TCPPORT=(\d+)/ and $lockd_tcp_port = $1; /^LOCKD_UDPPORT=(\d+)/ and $lockd_udp_port = $1; } } - if (-f "$::prefix/etc/sysconfig/nfs-server") { - foreach (cat_("$::prefix/etc/sysconfig/nfs-server")) { - /^RPCMOUNTD_OPTIONS=.*(--port|-p) (\d+)/ and $rpc_mountd_port = $2; - /^RPCRQUOTAD_OPTIONS=.*(--port|-p) (\d+)/ and $rpc_rquotad_port = $2; + if (-f "$::prefix/etc/sysconfig/nfs") { + foreach (cat_("$::prefix/etc/sysconfig/nfs")) { + /^RPCMOUNTDARGS=.*(--port|-p) (\d+)/ and $rpc_mountd_port = $2; + /^RPCRQUOTADARGS=.*(--port|-p) (\d+)/ and $rpc_rquotad_port = $2; } } @@ -56,14 +56,13 @@ sub list_nfs_ports() { sub write_nfs_ports { my ($ports) = @_; # enabling fixed ports for NFS services - # nfs-common my $lockd_options=""; substInFile { if ($ports->{statd_port}) { my $port = $ports->{statd_port}; - s/^(STATD_OPTIONS)=$/$1="--port $port"/; - s/^(STATD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; - s/^(STATD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; + s/^(STATDARGS)=""$/$1="--port $port"/; + s/^(STATDARGS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; + s/^(STATDARGS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; } if ($ports->{lockd_tcp_port}) { my $port = $ports->{lockd_tcp_port}; @@ -72,29 +71,26 @@ sub write_nfs_ports { if ($ports->{lockd_udp_port}) { my $port = $ports->{lockd_udp_port}; s/^LOCKD_UDPPORT=.*/LOCKD_UDPPORT=$port/; + } + if ($ports->{rpc_mountd_port}) { + my $port = $ports->{rpc_mountd_port}; + s/^(RPCMOUNTDARGS)=""$/$1="--port $port"/; + s/^(RPCMOUNTDARGS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; + s/^(RPCMOUNTDARGS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; + } + if ($ports->{rpc_rquotad_port}) { + my $port = $ports->{rpc_rquotad_port}; + s/^(RPCRQUOTADARGS)=""$/$1="--port $port"/; + s/^(RPCRQUOTADARGS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; + s/^(RPCRQUOTADARGS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; } - } "$::prefix/etc/sysconfig/nfs-common"; + } "$::prefix/etc/sysconfig/nfs"; # kernel-side configuration of nlockmgr $lockd_options .= " nlm_tcpport=$ports->{lockd_tcp_port}" if $ports->{lockd_tcp_port}; $lockd_options .= " nlm_udpport=$ports->{lockd_udp_port}" if $ports->{lockd_udp_port}; if ($lockd_options ne "") { output("$::prefix/etc/modprobe.d/lockd.drakx.conf", "options lockd $lockd_options\n"); } - # nfs-server - substInFile { - if ($ports->{rpc_mountd_port}) { - my $port = $ports->{rpc_mountd_port}; - s/^(RPCMOUNTD_OPTIONS)=$/$1="--port $port"/; - s/^(RPCMOUNTD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; - s/^(RPCMOUNTD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; - } - if ($ports->{rpc_rquotad_port}) { - my $port = $ports->{rpc_rquotad_port}; - s/^(RPCRQUOTAD_OPTIONS)=$/$1="--port $port"/; - s/^(RPCRQUOTAD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; - s/^(RPCRQUOTAD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; - } - } "$::prefix/etc/sysconfig/nfs-server"; } 1; diff --git a/lib/network/shorewall.pm b/lib/network/shorewall.pm index 0ae7b9e..13d43ea 100644 --- a/lib/network/shorewall.pm +++ b/lib/network/shorewall.pm @@ -19,7 +19,7 @@ sub check_iptables() { } sub set_config_file { - my ($file, @l) = @_; + my ($file, $ver, @l) = @_; my $done; substInFile { @@ -32,14 +32,16 @@ sub set_config_file { $_ = '' unless /^#/ || $file eq 'rules' && /^SECTION/; } - } "$::prefix${shorewall_root}/$file"; + } "$::prefix${shorewall_root}${ver}/$file"; } sub get_config_file { - my ($file) = @_; - map { [ split ' ' ] } grep { !/^#/ } cat_("$::prefix${shorewall_root}/$file"); + my ($file, $o_ver) = @_; + map { [ split ' ' ] } grep { !/^#/ } cat_("$::prefix${shorewall_root}${o_ver}/$file"); } +# Note: Called from drakguard and drakfirewall.pm... +# Deliberately not adding shorewall6 support here for now sub set_in_file { my ($file, $enabled, @list) = @_; my $done; @@ -51,7 +53,7 @@ sub set_in_file { $_ .= $last_line if $last_line; $done = 1; } - } "$::prefix/etc/shorewall/$file"; + } "$::prefix${shorewall_root}/$file"; } sub dev_to_shorewall { @@ -62,21 +64,22 @@ sub dev_to_shorewall { } sub get_net_zone_interfaces { - my ($_net, $all_intf) = @_; + my ($interfacesfile, $_net, $all_intf) = @_; #- read shorewall configuration first - my @interfaces = map { $_->[1] } grep { $_->[0] eq 'net' } get_config_file('interfaces'); + my @interfaces = map { $_->[1] } grep { $_->[0] eq 'net' } $interfacesfile; #- else try to find the best interface available @interfaces ? @interfaces : @{$all_intf || []}; } sub get_zones { my ($conf, $o_in) = @_; + my $interfacesfile = get_config_file('interfaces', $conf->{version} || ''); my $net = {}; network::network::read_net_conf($net); #- find all interfaces but alias interfaces my @all_intf = grep { !/:/ } uniq(keys(%{$net->{ifcfg}}), detect_devices::get_net_interfaces()); my %net_zone = map { $_ => undef } @all_intf; - $net_zone{$_} = 1 foreach get_net_zone_interfaces($net, \@all_intf); + $net_zone{$_} = 1 foreach get_net_zone_interfaces($interfacesfile, $net, \@all_intf); $o_in and $o_in->ask_from_({ title => N("Firewall configuration"), icon => $firewall_icon, @@ -106,11 +109,14 @@ sub add_interface_to_net_zone { } sub read { - my ($o_in) = @_; + my ($o_in, $o_ver) = @_; + my $ver = ''; + $ver = $o_ver if $o_ver; #- read old rules file if config is not moved to rules.drakx yet - my @rules = get_config_file(-f "$::prefix${shorewall_root}/rules.drakx" ? 'rules.drakx' : 'rules'); + my @rules = get_config_file(-f "$::prefix${shorewall_root}${ver}/rules.drakx" ? 'rules.drakx' : 'rules', $ver); require services; - my %conf = (disabled => !services::starts_on_boot("shorewall"), + my %conf = (disabled => !services::starts_on_boot("shorewall${ver}"), + version => $ver, ports => join(' ', map { my $e = $_; map { "$_/$e->[3]" } split(',', $e->[4]); @@ -119,15 +125,15 @@ sub read { push @{$conf{accept_local_users}{$_->[4]}}, $_->[8] foreach grep { $_->[0] eq 'ACCEPT+' } @rules; $conf{redirects}{$_->[3]}{$_->[4]} = $_->[2] foreach grep { $_->[0] eq 'REDIRECT' } @rules; - if (my ($e) = get_config_file('masq')) { + if (my ($e) = get_config_file('masq', $ver)) { ($conf{masq}{net_interface}, $conf{masq}{subnet}) = @$e; } - my @policy = get_config_file('policy'); + my @policy = get_config_file('policy', $ver); $conf{log_net_drop} = @policy ? (any { $_->[0] eq 'net' && $_->[1] eq 'all' && $_->[2] eq 'DROP' && $_->[3] } @policy) : 1; get_zones(\%conf, $o_in); - get_config_file('zones') && \%conf; + get_config_file('zones', $ver) && \%conf; } sub ports_by_proto { @@ -140,25 +146,14 @@ sub ports_by_proto { \%ports_by_proto; } -sub upgrade_to_shorewall3() { - #- the 'FW' option has been removed from shorewall.conf as of shorewall 3.0 - my $ipsecfile_ok; - substInFile { - undef $_ if /^\s*FW=/; - if ((/^\s*IPSECFILE=/ || eof) && !$ipsecfile_ok) { - $ipsecfile_ok = 1; - $_ = "IPSECFILE=zones\n"; - } - } "$::prefix${shorewall_root}/shorewall.conf"; -} - sub write { my ($conf, $o_in) = @_; + my $ver = $conf->{version} || ''; my $use_pptp = any { /^ppp/ && cat_("$::prefix/etc/ppp/peers/$_") =~ /pptp/ } @{$conf->{net_zone}}; my $ports_by_proto = ports_by_proto($conf->{ports}); my $has_loc_zone = to_bool(@{$conf->{loc_zone} || []}); - my ($include_drakx, $other_rules) = partition { $_ eq "INCLUDE\trules.drakx\n" } grep { !/^(#|SECTION)/ } cat_("$::prefix${shorewall_root}/rules"); + my ($include_drakx, $other_rules) = partition { $_ eq "INCLUDE\trules.drakx\n" } grep { !/^(#|SECTION)/ } cat_("$::prefix${shorewall_root}${ver}/rules"); #- warn if the config is already in rules.drakx and additionnal rules are configured if (!is_empty_array_ref($include_drakx) && !is_empty_array_ref($other_rules)) { my %actions = ( @@ -181,19 +176,19 @@ What do you want to do?"), my $interface_settings = sub { my ($zone, $interface) = @_; - [ $zone, $interface, 'detect', if_(detect_devices::is_bridge_interface($interface), 'routeback') ]; + [ $zone, $interface, 'detect', if_(detect_devices::is_bridge_interface($interface), 'bridge') ]; }; - set_config_file("zones", - if_($has_loc_zone, [ 'loc', 'ipv4' ]), - [ 'net', 'ipv4' ], + set_config_file('zones', $ver, + if_($has_loc_zone, [ 'loc', 'ipv' . ($ver || '4') ]), + [ 'net', 'ipv' . ($ver || '4') ], [ 'fw', 'firewall' ], ); - set_config_file('interfaces', + set_config_file('interfaces', $ver, (map { $interface_settings->('net', $_) } @{$conf->{net_zone}}), (map { $interface_settings->('loc', $_) } @{$conf->{loc_zone} || []}), ); - set_config_file('policy', + set_config_file('policy', $ver, if_($has_loc_zone, [ 'loc', 'net', 'ACCEPT' ], [ 'loc', 'fw', 'ACCEPT' ], [ 'fw', 'loc', 'ACCEPT' ]), [ 'fw', 'net', 'ACCEPT' ], [ 'net', 'all', 'DROP', if_($conf->{log_net_drop}, 'info') ], @@ -201,9 +196,9 @@ What do you want to do?"), ); if (is_empty_array_ref($include_drakx)) { #- make sure the rules.drakx config is read, erasing user modifications - set_config_file('rules', [ 'INCLUDE', 'rules.drakx' ]); + set_config_file('rules', $ver, [ 'INCLUDE', 'rules.drakx' ]); } - output_with_perm("$::prefix${shorewall_root}/" . 'rules.drakx', 0600, map { join("\t", @$_) . "\n" } ( + output_with_perm("$::prefix${shorewall_root}${ver}/" . 'rules.drakx', 0600, map { join("\t", @$_) . "\n" } ( if_($use_pptp, [ 'ACCEPT', 'fw', 'loc:10.0.0.138', 'tcp', '1723' ]), if_($use_pptp, [ 'ACCEPT', 'fw', 'loc:10.0.0.138', 'gre' ]), (map_each { [ 'ACCEPT', 'net', 'fw', $::a, join(',', @$::b), '-' ] } %$ports_by_proto), @@ -219,9 +214,7 @@ What do you want to do?"), } %{$conf->{redirects}{$proto}}; } keys %{$conf->{redirects}}), )); - set_config_file('masq', if_(exists $conf->{masq}, [ $conf->{masq}{net_interface}, $conf->{masq}{subnet} ])); - - upgrade_to_shorewall3(); + set_config_file('masq', $ver, if_(exists $conf->{masq}, [ $conf->{masq}{net_interface}, $conf->{masq}{subnet} ])); require services; if ($conf->{disabled}) { @@ -245,9 +238,14 @@ sub set_redirected_ports { sub update_interfaces_list { my ($o_intf) = @_; - $o_intf && member($o_intf, map { $_->[1] } get_config_file('interfaces')) and return; - my $shorewall = network::shorewall::read(); - $shorewall && !$shorewall->{disabled} and network::shorewall::write($shorewall); + if (!$o_intf || !member($o_intf, map { $_->[1] } get_config_file('interfaces'))) { + my $shorewall = network::shorewall::read(); + $shorewall && !$shorewall->{disabled} and network::shorewall::write($shorewall); + } + if (!$o_intf || !member($o_intf, map { $_->[1] } get_config_file('interfaces', 6))) { + my $shorewall6 = network::shorewall::read(undef, 6); + $shorewall6 && !$shorewall6->{disabled} and network::shorewall::write($shorewall6); + } } 1; diff --git a/lib/network/shorewall6.pm b/lib/network/shorewall6.pm new file mode 100644 index 0000000..4c7aa47 --- /dev/null +++ b/lib/network/shorewall6.pm @@ -0,0 +1,251 @@ +package network::shorewall6; # $Id: shorewall6.pm 254244 2009-03-18 22:54:32Z eugeni $ + +use lib qw(/usr/lib/libDrakX); # helps perl_checker +use detect_devices; +use network::network; +use run_program; +use common; +use log; + +my $shorewall6_root = "/etc/shorewall6"; +our $firewall_icon = $::isInstall ? 'banner-security' : '/usr/share/mcc/themes/default/firewall-mdk.png'; + +sub check_iptables() { + -f "$::prefix/etc/sysconfig/iptables" || + $::isStandalone && do { + system('modprobe iptable_nat'); + -x '/sbin/iptables' && listlength(`/sbin/iptables -t nat -nL`) > 8; + }; +} + +sub set_config_file { + my ($file, $ver, @l) = @_; + + my $done; + substInFile { + my $last_line = /^#LAST LINE/ && $_; + if (!$done && ($last_line || eof)) { + $_ = join('', map { join("\t", @$_) . "\n" } @l); + $_ .= $last_line if $last_line; + $done = 1; + } else { + $_ = '' unless + /^#/ || $file eq 'rules' && /^SECTION/; + } + } "$::prefix${shorewall6_root}${ver}/$file"; +} + +sub get_config_file { + my ($file, $o_ver) = @_; + map { [ split ' ' ] } grep { !/^#/ } cat_("$::prefix${shorewall6_root}${o_ver}/$file"); +} + +# Note: Called from drakguard and drakfirewall.pm... +# Deliberately adding shorewall6 support here now ;-) +sub set_in_file { + my ($file, $enabled, @list) = @_; + my $done; + substInFile { + my $last_line = /^#LAST LINE/ && $_; + foreach my $l (@list) { s|^$l\n|| } + if (!$done && $enabled && ($last_line || eof)) { + $_ = join('', map { "$_\n" } @list); + $_ .= $last_line if $last_line; + $done = 1; + } + } "$::prefix${shorewall6_root}/$file"; +} + +sub dev_to_shorewall6 { + my ($dev) = @_; + $dev =~ /^ippp/ && "ippp+" || + $dev =~ /^ppp/ && "ppp+" || + $dev; +} + +sub get_net_zone_interfaces { + my ($interfacesfile, $_net, $all_intf) = @_; + #- read shorewall6 configuration first + my @interfaces = map { $_->[1] } grep { $_->[0] eq 'net' } $interfacesfile; + #- else try to find the best interface available + @interfaces ? @interfaces : @{$all_intf || []}; +} + +sub get_zones { + my ($conf, $o_in) = @_; + my $interfacesfile = get_config_file('interfaces', $conf->{version} || ''); + my $net = {}; + network::network::read_net_conf($net); + #- find all interfaces but alias interfaces + my @all_intf = grep { !/:/ } uniq(keys(%{$net->{ifcfg}}), detect_devices::get_net_interfaces()); + my %net_zone = map { $_ => undef } @all_intf; + $net_zone{$_} = 1 foreach get_net_zone_interfaces($interfacesfile, $net, \@all_intf); + $o_in and $o_in->ask_from_({ + title => N("Firewall IPv6 configuration"), + icon => $firewall_icon, + messages => N("Please select the interfaces that will be protected by the firewall. + +All interfaces directly connected to Internet should be selected, +while interfaces connected to a local network may be unselected. + +If you intend to use Mageia Internet Connection sharing, +unselect interfaces which will be connected to local network. + +Which interfaces should be protected? +"), + }, [ + map { + { text => network::tools::get_interface_description($net, $_), val => \$net_zone{$_}, type => 'bool' }; + } (sort keys %net_zone) ]); + ($conf->{net_zone}, $conf->{loc_zone}) = partition { $net_zone{$_} } keys %net_zone; +} + +sub add_interface_to_net_zone { + my ($conf, $interface) = @_; + if (!member($interface, @{$conf->{net_zone}})) { + push @{$conf->{net_zone}}, $interface; + @{$conf->{loc_zone}} = grep { $_ ne $interface } @{$conf->{loc_zone}}; + } +} + +sub read { + my ($o_in, $o_ver) = @_; + my $ver = ''; + $ver = $o_ver if $o_ver; + #- read old rules file if config is not moved to rules.drakx yet + my @rules = get_config_file(-f "$::prefix${shorewall6_root}${ver}/rules.drakx" ? 'rules.drakx' : 'rules', $ver); + require services; + my %conf = (disabled => !services::starts_on_boot("shorewall6"), + version => $ver, + ports => join(' ', map { + my $e = $_; + map { "$_/$e->[3]" } split(',', $e->[4]); + } grep { $_->[0] eq 'ACCEPT' && $_->[1] eq 'net' } @rules), + ); + push @{$conf{accept_local_users}{$_->[4]}}, $_->[8] foreach grep { $_->[0] eq 'ACCEPT+' } @rules; + $conf{redirects}{$_->[3]}{$_->[4]} = $_->[2] foreach grep { $_->[0] eq 'REDIRECT' } @rules; + + if (my ($e) = get_config_file('masq', $ver)) { + ($conf{masq}{net_interface}, $conf{masq}{subnet}) = @$e; + } + + my @policy = get_config_file('policy', $ver); + $conf{log_net_drop} = @policy ? (any { $_->[0] eq 'net' && $_->[1] eq 'all' && $_->[2] eq 'DROP' && $_->[3] } @policy) : 1; + + get_zones(\%conf, $o_in); + get_config_file('zones', $ver) && \%conf; +} + +sub ports_by_proto { + my ($ports) = @_; + my %ports_by_proto; + foreach (split ' ', $ports) { + m!^(\d+(?::\d+)?)/(udp|tcp|icmp)$! or die "bad port $_\n"; + push @{$ports_by_proto{$2}}, $1; + } + \%ports_by_proto; +} + +sub write { + my ($conf, $o_in) = @_; + my $ver = $conf->{version} || ''; + my $use_pptp = any { /^ppp/ && cat_("$::prefix/etc/ppp/peers/$_") =~ /pptp/ } @{$conf->{net_zone}}; + my $ports_by_proto = ports_by_proto($conf->{ports}); + my $has_loc_zone = to_bool(@{$conf->{loc_zone} || []}); + + my ($include_drakx, $other_rules) = partition { $_ eq "INCLUDE\trules.drakx\n" } grep { !/^(#|SECTION)/ } cat_("$::prefix${shorewall6_root}${ver}/rules"); + #- warn if the config is already in rules.drakx and additionnal rules are configured + if (!is_empty_array_ref($include_drakx) && !is_empty_array_ref($other_rules)) { + my %actions = ( + keep => N("Keep custom rules"), + drop => N("Drop custom rules"), + ); + my $action = 'keep'; + !$o_in || $o_in->ask_from_( + { + messages => N("Your IPv6 firewall configuration has been manually edited and contains +rules that may conflict with the configuration that has just been set up. +What do you want to do?"), + title => N("Firewall"), + icon => 'banner-security', + }, + [ { val => \$action, type => 'list', list => [ 'keep', 'drop' ], format => sub { $actions{$_[0]} } } ]) or return; + #- reset the rules files if the user has chosen to drop modifications + undef $include_drakx if $action eq 'drop'; + } + + my $interface_settings = sub { + my ($zone, $interface) = @_; + [ $zone, $interface, 'detect', if_(detect_devices::is_bridge_interface($interface), 'bridge') ]; + }; + + set_config_file('zones', $ver, + if_($has_loc_zone, [ 'loc', 'ipv' . ($ver || '6') ]), + [ 'net', 'ipv' . ($ver || '6') ], + [ 'fw', 'firewall' ], + ); + set_config_file('interfaces', $ver, + (map { $interface_settings->('net', $_) } @{$conf->{net_zone}}), + (map { $interface_settings->('loc', $_) } @{$conf->{loc_zone} || []}), + ); + set_config_file('policy', $ver, + if_($has_loc_zone, [ 'loc', 'net', 'ACCEPT' ], [ 'loc', 'fw', 'ACCEPT' ], [ 'fw', 'loc', 'ACCEPT' ]), + [ 'fw', 'net', 'ACCEPT' ], + [ 'net', 'all', 'DROP', if_($conf->{log_net_drop}, 'info') ], + [ 'all', 'all', 'REJECT', 'info' ], + ); + if (is_empty_array_ref($include_drakx)) { + #- make sure the rules.drakx config is read, erasing user modifications + set_config_file('rules', $ver, [ 'INCLUDE', 'rules.drakx' ]); + } + output_with_perm("$::prefix${shorewall6_root}${ver}/" . 'rules.drakx', 0600, map { join("\t", @$_) . "\n" } ( + if_($use_pptp, [ 'ACCEPT', 'fw', 'loc:10.0.0.138', 'tcp', '1723' ]), + if_($use_pptp, [ 'ACCEPT', 'fw', 'loc:10.0.0.138', 'gre' ]), + (map_each { [ 'ACCEPT', 'net', 'fw', $::a, join(',', @$::b), '-' ] } %$ports_by_proto), + (map_each { + if_($::b, map { [ 'ACCEPT+', 'fw', 'net', 'tcp', $::a, '-', '-', '-', $_ ] } @$::b); + } %{$conf->{accept_local_users}}), + (map { + my $proto = $_; + #- WARNING: won't redirect ports from the firewall system if a local zone exists + #- set redirect_fw_only to workaround + map_each { + map { [ 'REDIRECT', $_, $::b, $proto, $::a, '-' ] } 'fw', if_($has_loc_zone, 'loc'); + } %{$conf->{redirects}{$proto}}; + } keys %{$conf->{redirects}}), + )); + set_config_file('masq', $ver, if_(exists $conf->{masq}, [ $conf->{masq}{net_interface}, $conf->{masq}{subnet} ])); + + require services; + if ($conf->{disabled}) { + services::disable('shorewall6', $::isInstall); + run_program::rooted($::prefix, '/sbin/shorewall6', 'clear') unless $::isInstall; + } else { + services::enable('shorewall6', $::isInstall); + } +} + +sub set_redirected_ports { + my ($conf, $proto, $dest, @ports) = @_; + if (@ports) { + $conf->{redirects}{$proto}{$_} = $dest foreach @ports; + } else { + my $r = $conf->{redirects}{$proto}; + @ports = grep { $r->{$_} eq $dest } keys %$r; + delete $r->{$_} foreach @ports; + } +} + +sub update_interfaces_list { + my ($o_intf) = @_; + if (!$o_intf || !member($o_intf, map { $_->[1] } get_config_file('interfaces'))) { + my $shorewall = network::shorewall::read(); + $shorewall && !$shorewall->{disabled} and network::shorewall::write($shorewall); + } + if (!$o_intf || !member($o_intf, map { $_->[1] } get_config_file('interfaces', 6))) { + my $shorewall6 = network::shorewall6::read(undef, 6); + $shorewall6 && !$shorewall6->{disabled} and network::shorewall::write($shorewall6); + } +} + +1; diff --git a/lib/network/signal_strength.pm b/lib/network/signal_strength.pm index 0e69108..8a3a5be 100644 --- a/lib/network/signal_strength.pm +++ b/lib/network/signal_strength.pm @@ -2,14 +2,14 @@ package network::signal_strength; use lib qw(/usr/lib/libDrakX); # helps perl_checker use common; -use ugtk2; +use ugtk3; my %pixbufs; sub get_strength_icon { my ($network) = @_; my $approx = 20 + min(80, int($network->{signal_strength}/20)*20); - return $pixbufs{$approx} ||= ugtk2::gtkcreate_pixbuf('wifi-' . sprintf('%03d', $approx)); + return $pixbufs{$approx} ||= ugtk3::gtkcreate_pixbuf('wifi-' . sprintf('%03d', $approx)); } 1; diff --git a/lib/network/squid.pm b/lib/network/squid.pm index f79f555..2a80ffb 100644 --- a/lib/network/squid.pm +++ b/lib/network/squid.pm @@ -20,7 +20,8 @@ sub write_squid_conf { renamef($squid_conf_file, "$squid_conf_file.old"); my $prefix = network::network::netmask_to_vlsm($intf->{NETMASK}); output($squid_conf_file, qq( -http_port $squid_conf->{http_port}[0] transparent +http_port $squid_conf->{http_port}[0] intercept +http_port $squid_conf->{http_port}[0] hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \\? no_cache deny QUERY @@ -33,9 +34,6 @@ refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 half_closed_clients off -acl manager proto cache_object -acl localhost src 127.0.0.0/8 -acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network diff --git a/lib/network/tools.pm b/lib/network/tools.pm index cd7b69d..0f21fdd 100644 --- a/lib/network/tools.pm +++ b/lib/network/tools.pm @@ -20,22 +20,28 @@ sub passwd_by_login { } sub run_interface_command { - my ($command, $intf, $detach) = @_; + my ($action, $intf, $detach) = @_; + my $have_perms = !$>; + if (!$have_perms) { + my $xxnet = {}; + network::network::read_net_conf($xxnet); + $have_perms = text2bool($xxnet->{ifcfg}{$intf}{USERCTL}); + } my @command = - !$> || system("/usr/sbin/usernetctl $intf report") == 0 ? - ($command, $intf, if_(!$::isInstall, "daemon")) : - common::wrap_command_for_root($command, $intf); + $have_perms ? + ('/usr/sbin/if' . $action, $intf, if_(!$::isInstall, "daemon")) : + ('/usr/bin/pkexec', '/usr/sbin/if' . $action, $intf); run_program::raw({ detach => $detach, root => $::prefix }, @command); } sub start_interface { my ($intf, $detach) = @_; - run_interface_command('/sbin/ifup', $intf, $detach); + run_interface_command('up', $intf, $detach); } sub stop_interface { my ($intf, $detach) = @_; - run_interface_command('/sbin/ifdown', $intf, $detach); + run_interface_command('down', $intf, $detach); } sub start_net_interface { @@ -90,7 +96,7 @@ sub test_connected { local $| = 1; my ($cmd) = @_; - $current_connection_status = -1 if !defined $current_connection_status; + $current_connection_status //= -1; if ($cmd == 0) { connected_bg__raw(\$kid_pipe_connect, \$current_connection_status); @@ -210,8 +216,20 @@ sub get_default_connection { return $gw_intf, get_interface_status($gw_intf), $net->{resolv}{dnsServer}; } +#- returns the gateway address +# advantage over get_default_connection() is that we don't fork, +# which prevent segfaulting when glib/gtk create threads behind us (mga#12041) +sub get_gw_address() { + my $gateway; + foreach (cat_('/proc/net/route')) { + $gateway = $1 if /^\S+\s+00000000\s+([0-9A-F]+)/; + } + # Linux gives it as a hex number in network byte order: + $gateway ? join(".", unpack "CCCC", pack "L", hex $gateway) : undef; +} + sub has_network_connection() { - (undef, undef, my $gw_address) = get_default_connection({}); + my $gw_address = get_gw_address(); to_bool($gw_address); } @@ -254,6 +272,12 @@ sub get_interface_ip_address { $net->{ifcfg}{$interface}{IPADDR}; } +sub get_interface_ip6_address { + my ($net, $interface) = @_; + `/sbin/ip addr show dev $interface` =~ /^\s*inet6\s+(.*)\sscope\sglobal(.*)$/m && $1 || + $net->{ifcfg}{$interface}{IPADDR}; +} + sub get_interface_ptp_address { my ($interface) = @_; my ($flags, $_link, $addrs) = `/sbin/ip addr show dev $interface`; diff --git a/lib/network/vpn.pm b/lib/network/vpn.pm index 21142c8..147ecc8 100644 --- a/lib/network/vpn.pm +++ b/lib/network/vpn.pm @@ -113,8 +113,7 @@ sub get_config_path { sub _run { my ($connection, $action, @args) = @_; - my @command = ('vpn-' . $action, $connection->get_type, $connection->get_name, @args); - @command = common::wrap_command_for_root(@command) if $>; + my @command = (if_($>, '/usr/bin/pkexec'), '/usr/sbin/vpn-' . $action, $connection->get_type, $connection->get_name, @args); require run_program; run_program::rooted($::prefix, , @command); } |