package bootsplash;

use common;
use Xconfig::resolution_and_depth;


my $themes_dir = "/usr/share/bootsplash/themes";
my $themes_config_dir = "/etc/bootsplash/themes";
my $sysconfig_file = "/etc/sysconfig/bootsplash";
my $bootsplash_scripts = "/usr/share/bootsplash/scripts";
my $default_theme = 'Mandrivalinux';
our $default_thumbnail = '/usr/share/libDrakX/pixmaps/nosplash_thumb.png';
our @resolutions = uniq(map { "$_->{X}x$_->{Y}" } Xconfig::resolution_and_depth::bios_vga_modes());

sub get_framebuffer_resolution() {
    require bootloader;
    require fsedit;
    my $all_hds = fsedit::get_hds();
    fs::get_info_from_fstab($all_hds);
    my $bootloader = bootloader::read($all_hds);
    my $x_res = Xconfig::resolution_and_depth::from_bios($bootloader->{default_options}{vga});
    $x_res ?
      ($x_res->{X} . 'x' . $x_res->{Y}, 1) :
      (first(@resolutions), 0);
}

sub themes_read_sysconfig {
    my ($res) = @_;
    my %theme = (
                 name => $default_theme,
                 enabled => 1,
                 keep_logo => 1
                );
    if (-r $::prefix . $sysconfig_file) {
        local $_;
        foreach (cat_($::prefix . $sysconfig_file)) {
            /^SPLASH=no/ and $theme{enabled} = 0;
            /^THEME=(.*)/ && -f theme_get_image_for_resolution($1, $res) and $theme{name} = $1;
            /^LOGO_CONSOLE=(.*)/ and $theme{keep_logo} = $1 ne "no";
        }
    }
    \%theme;
}

sub theme_get_image_for_resolution {
    my ($theme, $res) = @_;
    $::prefix . $themes_dir . '/' . $theme . '/images/bootsplash-' . $res . ".jpg";
}

sub theme_get_config_for_resolution {
    my ($theme, $res) = @_;
    $::prefix . $themes_config_dir . '/' . $theme . '/config/bootsplash-' . $res . ".cfg";
}

sub theme_exists_for_resolution {
    my ($theme, $res) = @_;
    -f theme_get_image_for_resolution($theme, $res) && -f theme_get_config_for_resolution($theme, $res);
}

sub themes_list() {
    grep { !/^\./ && -d $::prefix . $themes_dir . '/' . $_ } sort(all($::prefix . $themes_dir));
}

sub themes_list_for_resolution {
    my ($res) = @_;
    grep { theme_exists_for_resolution($_, $res) } themes_list();
}

sub switch {
    my ($theme) = @_;
    if ($::testing) {
        print "enabling bootsplash theme $theme\n";
    } else {
        #- theme scripts will update SPLASH value in sysconfig file
        system($::prefix . $bootsplash_scripts . '/switch-themes', $theme);
    }
}

sub remove() {
    if ($::testing) {
        print "disabling bootsplash theme\n";
    } else {
        system($::prefix . $bootsplash_scripts . '/remove-theme');
    }
}

sub set_logo_console {
    my ($keep_logo) = @_;
    my $logo_console = $keep_logo ? 'theme' : 'no';
    substInFile { s/^LOGO_CONSOLE=.*/LOGO_CONSOLE=$logo_console/ } $::prefix . $sysconfig_file;
}

sub create_path {
    my ($file) = @_;
    mkdir_p(dirname($file));
}

sub theme_set_image_for_resolution {
    my ($name, $res, $source_image) = @_;
    my $dest_image = theme_get_image_for_resolution($name, $res);
    create_path($dest_image);
    #- Append an exclamation point to the geometry to force the image size to exactly the size you specify.
    system('convert', '-geometry', $res . '!', $source_image, $dest_image);
    system($::prefix . $bootsplash_scripts . '/rewritejpeg',  $dest_image);
}

sub theme_read_config_for_resolution {
    my ($theme, $res) = @_;
    my $file = theme_get_config_for_resolution($theme, $res);
    my $contents = cat_($file);
    my ($pb_x1, $pb_y1, $pb_x2, $pb_y2, $pbg_c, $ptransp) = $contents =~ /^box\s+silent\s+noover\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(#\w{6})(\w{2})/m;
    my ($tb_x1, $tb_y1, $tb_x2, $tb_y2, $tc, $transp) = $contents =~ /^box\s+noover\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(#\w{6})(\w{2})/m;
    my ($pc1, $pc2, $pc3, $_pc4) = $contents =~ /^box\s+silent\s+inter\s+\d+\s+\d+\s+\d+\s+\d+\s+(#\w+)\s+(#\w+)\s+(#\w+)\s+(#\w+)/m;
    my ($text_color) = $contents =~ /^text_color=0x(\w+)/m;
    my $gradient;
    if ($pc1 eq $pc2) {
	$gradient = 'vertical';
	$pc2 = $pc3;
    }
    { pc1 => $pc1, pc2 => $pc2, gradient => $gradient,  transp => hex $transp, ptransp => hex $ptransp, 
      tb_x => $tb_x1, tb_y => $tb_y1, tb_w => $tb_x2 - $tb_x1, tb_h => $tb_y2 - $tb_y1, tc => $tc, pbg_c => $pbg_c, 
      px => $pb_x1, pw => $pb_x2 - $pb_x1, py => $pb_y1, ph => $pb_y2 - $pb_y1, 
      getVarsFromSh($file), text_color => "#$text_color" };
}

sub theme_write_config_for_resolution {
    my ($name, $res, $conf) = @_;

    my $config = theme_get_config_for_resolution($name, $res);
    create_path($config);
    my $jpeg = theme_get_image_for_resolution($name, $res);

    # progress/text rectangles border/inter coordinates
    my ($pb_x1, $pb_x2, $pb_y1, $pb_y2) = ($conf->{px}, $conf->{px} + $conf->{pw}, $conf->{py}, $conf->{py} + $conf->{ph});
    my ($pi_y1, $pi_y2) = ($pb_y1 + 1, $pb_y2 - 1);
    my ($tb_x1, $tb_y1, $tb_x2, $tb_y2) = ($conf->{tb_x}, $conf->{tb_y}, $conf->{tb_x} + $conf->{tb_w}, $conf->{tb_y} + $conf->{tb_h});
    my ($tx, $ty, $tw, $th) = ($tb_x1 + 10, $tb_y1 + 5, $conf->{tb_w} - 20 , $conf->{tb_h} - 10);
    my ($ti_x1, $ti_x2, $ti_y1, $ti_y2) = ($tb_x1 - 1, $tb_x2 + 1, $tb_y1 + 1, $tb_y2 + 1);
    my ($pc1, $pc2, $pc3, $pc4);
    if ($conf->{gradient} eq 'vertical') {
	($pc1, $pc2, $pc3, $pc4) = ($conf->{pc1}, $conf->{pc1}, $conf->{pc2}, $conf->{pc2});
    } else { 
	($pc1, $pc2, $pc3, $pc4) = ($conf->{pc1}, $conf->{pc2}, $conf->{pc1}, $conf->{pc2});
    }
    if (!$pc1) { ($pc1, $pc2, $pc3, $pc4) = ('#ffffff', '#ffffff', '#000000', '#000000') }
    my $ptransp = sprintf '%02x', $conf->{ptransp};
    my $transp = sprintf '%02x', $conf->{transp};
    $conf->{pbg_c} ||= '#aaaaaa';
    $conf->{tc} ||= '#ffffff';
    my $text_color = $conf->{text_color} ? "0x$conf->{text_color}" : '0xaaaaaa';
    $text_color =~ s/#//;
    output($config,
	   qq(# This is the configuration file for the $res bootsplash picture
# this file is necessary to specify the coordinates of the text box on the
# splash screen.

# config file version
version=3

# should the picture be displayed?
state=1

# fgcolor is the text forground color.
# bgcolor is the text background (i.e. transparent) color.
fgcolor=$conf->{fgcolor}
bgcolor=$conf->{bgcolor}

# (tx, ty) are the (x, y) coordinates of the text window in pixels.
# tw/th is the width/height of the text window in pixels.
tx=$tx
ty=$ty
tw=$tw
th=$th

# ttf message output parameters
text_x=$conf->{text_x}
text_y=$conf->{text_y}
text_size=$conf->{text_size}
text_color=$text_color

# name of the picture file (full path recommended)
jpeg=$jpeg
silentjpeg=$jpeg

progress_enable=1

# background
# b(order) or i(nter)
box silent noover $pb_x1 $pb_y1 $pb_x2 $pb_y2 $conf->{pbg_c}$ptransp
# progress bar
box silent inter  $pb_x1 $pi_y1 $pb_x1 $pi_y2 $pc1 $pc2 $pc3 $pc4
box silent        $pb_x1 $pi_y1 $pb_x2 $pi_y2 $pc1 $pc2 $pc3 $pc4
# black border (top, bottom, left, right)
box silent        $pb_x1 $pb_y1 $pb_x2 $pb_y1 #313234
box silent        $pb_x1 $pb_y2 $pb_x2 $pb_y2 #889499
box silent        $pb_x1 $pb_y1 $pb_x1 $pb_y2 #313234
box silent        $pb_x2 $pb_y1 $pb_x2 $pb_y2 #889499

# text box
box noover        $tb_x1 $tb_y1 $tb_x2 $tb_y2 $conf->{tc}$transp
# black border (top, bottom, left, right)
box               $ti_x1 $tb_y1 $ti_x1 $ti_y2 #313234
box               $tb_x1 $tb_y1 $ti_x2 $tb_y1 #313234
box               $ti_x2 $ti_y1 $ti_x2 $ti_y2 #889499
box               $tb_x1 $ti_y2 $ti_x2 $ti_y2 #889499

overpaintok=1

LOGO_CONSOLE=$conf->{LOGO_CONSOLE}
));
}

sub rectangle2xywh {
    my ($rect) = @_;

    my $x = min($rect->[0]{X} , $rect->[1]{X});
    my $y = min($rect->[0]{Y} , $rect->[1]{Y});
    my $w = abs($rect->[0]{X} - $rect->[1]{X});
    my $h = abs($rect->[0]{Y} - $rect->[1]{Y});
    ($x, $y, $w, $h);
}

sub xywh2rectangle {
    my ($x, $y, $w, $h) = @_;
    [ { X => $x, Y => $y }, { X => $x+$w, Y => $y+$h } ];
}

sub distance {
    my ($p1, $p2) = @_;
    sqr($p1->{X} - $p2->{X}) + sqr($p1->{Y} - $p2->{Y});
}

sub farthest {
    my ($point, @others) = @_;
    my $dist = 0;
    my $farthest;
    foreach (@others) {
	my $d = distance($point, $_);
	if ($d >= $dist) {
	    $dist = $d;
	    $farthest = $_;
	}
    }
    $farthest;
}

sub nearest {
    my ($point, @others) = @_;
    my $dist;
    my $nearest;
    foreach (@others) {
	my $d = distance($point, $_);
	if (! defined $dist || $d < $dist) {
	    $dist = $d;
	    $nearest = $_;
	}
    }
    $nearest;
}

1;
='n68' href='#n68'>68</a>
<a id='n69' href='#n69'>69</a>
<a id='n70' href='#n70'>70</a>
<a id='n71' href='#n71'>71</a>
<a id='n72' href='#n72'>72</a>
<a id='n73' href='#n73'>73</a>
<a id='n74' href='#n74'>74</a>
<a id='n75' href='#n75'>75</a>
<a id='n76' href='#n76'>76</a>
<a id='n77' href='#n77'>77</a>
<a id='n78' href='#n78'>78</a>
<a id='n79' href='#n79'>79</a>
<a id='n80' href='#n80'>80</a>
<a id='n81' href='#n81'>81</a>
<a id='n82' href='#n82'>82</a>
<a id='n83' href='#n83'>83</a>
<a id='n84' href='#n84'>84</a>
<a id='n85' href='#n85'>85</a>
<a id='n86' href='#n86'>86</a>
<a id='n87' href='#n87'>87</a>
<a id='n88' href='#n88'>88</a>
<a id='n89' href='#n89'>89</a>
<a id='n90' href='#n90'>90</a>
<a id='n91' href='#n91'>91</a>
<a id='n92' href='#n92'>92</a>
<a id='n93' href='#n93'>93</a>
<a id='n94' href='#n94'>94</a>
<a id='n95' href='#n95'>95</a>
<a id='n96' href='#n96'>96</a>
<a id='n97' href='#n97'>97</a>
<a id='n98' href='#n98'>98</a>
<a id='n99' href='#n99'>99</a>
<a id='n100' href='#n100'>100</a>
<a id='n101' href='#n101'>101</a>
<a id='n102' href='#n102'>102</a>
<a id='n103' href='#n103'>103</a>
<a id='n104' href='#n104'>104</a>
<a id='n105' href='#n105'>105</a>
<a id='n106' href='#n106'>106</a>
<a id='n107' href='#n107'>107</a>
<a id='n108' href='#n108'>108</a>
<a id='n109' href='#n109'>109</a>
<a id='n110' href='#n110'>110</a>
<a id='n111' href='#n111'>111</a>
<a id='n112' href='#n112'>112</a>
<a id='n113' href='#n113'>113</a>
<a id='n114' href='#n114'>114</a>
<a id='n115' href='#n115'>115</a>
<a id='n116' href='#n116'>116</a>
<a id='n117' href='#n117'>117</a>
<a id='n118' href='#n118'>118</a>
<a id='n119' href='#n119'>119</a>
<a id='n120' href='#n120'>120</a>
<a id='n121' href='#n121'>121</a>
<a id='n122' href='#n122'>122</a>
<a id='n123' href='#n123'>123</a>
<a id='n124' href='#n124'>124</a>
<a id='n125' href='#n125'>125</a>
<a id='n126' href='#n126'>126</a>
<a id='n127' href='#n127'>127</a>
<a id='n128' href='#n128'>128</a>
<a id='n129' href='#n129'>129</a>
<a id='n130' href='#n130'>130</a>
<a id='n131' href='#n131'>131</a>
<a id='n132' href='#n132'>132</a>
<a id='n133' href='#n133'>133</a>
<a id='n134' href='#n134'>134</a>
<a id='n135' href='#n135'>135</a>
<a id='n136' href='#n136'>136</a>
<a id='n137' href='#n137'>137</a>
<a id='n138' href='#n138'>138</a>
<a id='n139' href='#n139'>139</a>
<a id='n140' href='#n140'>140</a>
<a id='n141' href='#n141'>141</a>
<a id='n142' href='#n142'>142</a>
<a id='n143' href='#n143'>143</a>
<a id='n144' href='#n144'>144</a>
<a id='n145' href='#n145'>145</a>
<a id='n146' href='#n146'>146</a>
<a id='n147' href='#n147'>147</a>
<a id='n148' href='#n148'>148</a>
<a id='n149' href='#n149'>149</a>
<a id='n150' href='#n150'>150</a>
<a id='n151' href='#n151'>151</a>
<a id='n152' href='#n152'>152</a>
<a id='n153' href='#n153'>153</a>
<a id='n154' href='#n154'>154</a>
<a id='n155' href='#n155'>155</a>
<a id='n156' href='#n156'>156</a>
<a id='n157' href='#n157'>157</a>
<a id='n158' href='#n158'>158</a>
<a id='n159' href='#n159'>159</a>
<a id='n160' href='#n160'>160</a>
<a id='n161' href='#n161'>161</a>
<a id='n162' href='#n162'>162</a>
<a id='n163' href='#n163'>163</a>
<a id='n164' href='#n164'>164</a>
<a id='n165' href='#n165'>165</a>
<a id='n166' href='#n166'>166</a>
<a id='n167' href='#n167'>167</a>
<a id='n168' href='#n168'>168</a>
<a id='n169' href='#n169'>169</a>
<a id='n170' href='#n170'>170</a>
<a id='n171' href='#n171'>171</a>
<a id='n172' href='#n172'>172</a>
<a id='n173' href='#n173'>173</a>
<a id='n174' href='#n174'>174</a>
<a id='n175' href='#n175'>175</a>
<a id='n176' href='#n176'>176</a>
<a id='n177' href='#n177'>177</a>
<a id='n178' href='#n178'>178</a>
<a id='n179' href='#n179'>179</a>
<a id='n180' href='#n180'>180</a>
<a id='n181' href='#n181'>181</a>
<a id='n182' href='#n182'>182</a>
<a id='n183' href='#n183'>183</a>
<a id='n184' href='#n184'>184</a>
<a id='n185' href='#n185'>185</a>
<a id='n186' href='#n186'>186</a>
<a id='n187' href='#n187'>187</a>
<a id='n188' href='#n188'>188</a>
<a id='n189' href='#n189'>189</a>
<a id='n190' href='#n190'>190</a>
<a id='n191' href='#n191'>191</a>
<a id='n192' href='#n192'>192</a>
<a id='n193' href='#n193'>193</a>
<a id='n194' href='#n194'>194</a>
<a id='n195' href='#n195'>195</a>
<a id='n196' href='#n196'>196</a>
<a id='n197' href='#n197'>197</a>
<a id='n198' href='#n198'>198</a>
<a id='n199' href='#n199'>199</a>
<a id='n200' href='#n200'>200</a>
<a id='n201' href='#n201'>201</a>
<a id='n202' href='#n202'>202</a>
<a id='n203' href='#n203'>203</a>
<a id='n204' href='#n204'>204</a>
<a id='n205' href='#n205'>205</a>
<a id='n206' href='#n206'>206</a>
<a id='n207' href='#n207'>207</a>
<a id='n208' href='#n208'>208</a>
<a id='n209' href='#n209'>209</a>
<a id='n210' href='#n210'>210</a>
<a id='n211' href='#n211'>211</a>
<a id='n212' href='#n212'>212</a>
<a id='n213' href='#n213'>213</a>
<a id='n214' href='#n214'>214</a>
<a id='n215' href='#n215'>215</a>
<a id='n216' href='#n216'>216</a>
<a id='n217' href='#n217'>217</a>
<a id='n218' href='#n218'>218</a>
<a id='n219' href='#n219'>219</a>
<a id='n220' href='#n220'>220</a>
<a id='n221' href='#n221'>221</a>
<a id='n222' href='#n222'>222</a>
<a id='n223' href='#n223'>223</a>
<a id='n224' href='#n224'>224</a>
<a id='n225' href='#n225'>225</a>
<a id='n226' href='#n226'>226</a>
<a id='n227' href='#n227'>227</a>
<a id='n228' href='#n228'>228</a>
<a id='n229' href='#n229'>229</a>
<a id='n230' href='#n230'>230</a>
<a id='n231' href='#n231'>231</a>
<a id='n232' href='#n232'>232</a>
<a id='n233' href='#n233'>233</a>
<a id='n234' href='#n234'>234</a>
<a id='n235' href='#n235'>235</a>
<a id='n236' href='#n236'>236</a>
<a id='n237' href='#n237'>237</a>
<a id='n238' href='#n238'>238</a>
<a id='n239' href='#n239'>239</a>
</pre></td>
<td class='lines'><pre><code><span class="hl kwa">package</span> authentication<span class="hl opt">;</span> <span class="hl slc"># $Id$</span>

<span class="hl kwa">use</span> common<span class="hl opt">;</span>
<span class="hl kwa">use</span> any<span class="hl opt">;</span>


<span class="hl kwa">sub</span> kinds<span class="hl opt">() {</span> 
    <span class="hl opt">(</span><span class="hl str">&apos;local&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;LDAP&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;NIS&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> kind2description <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl opt">${{</span> <span class="hl kwc">local</span> <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Local files&quot;</span><span class="hl opt">),</span> LDAP <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;LDAP&quot;</span><span class="hl opt">),</span> NIS <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;NIS&quot;</span><span class="hl opt">),</span> winbind <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Windows Domain&quot;</span><span class="hl opt">) }}{</span><span class="hl kwb">$kind</span><span class="hl opt">};</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> to_kind <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl opt">(</span>find <span class="hl opt">{</span> <span class="hl kwc">exists</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$_</span><span class="hl opt">} }</span> kinds<span class="hl opt">()) ||</span> <span class="hl str">&apos;local&apos;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> ask_parameters <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $netc, $authentication, $kind</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl slc">#- keep only this authentication kind</span>
    <span class="hl kwa">foreach</span> <span class="hl opt">(</span>kinds<span class="hl opt">()) {</span>
	<span class="hl kwc">delete</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$_</span><span class="hl opt">}</span> <span class="hl kwa">if</span> <span class="hl kwb">$_</span> <span class="hl kwc">ne</span> <span class="hl kwb">$kind</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$kind</span><span class="hl opt">} ||=</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>

    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;LDAP&apos;</span><span class="hl opt">) {</span>
	<span class="hl kwb">$val</span> <span class="hl opt">||=</span> <span class="hl str">&apos;ldap.&apos;</span> <span class="hl opt">.</span> <span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>DOMAINNAME<span class="hl opt">};</span>
	<span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} ||=</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos;,&apos;</span><span class="hl opt">,</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl str">&quot;dc=</span><span class="hl ipl">$_</span><span class="hl str">&quot;</span> <span class="hl opt">}</span> <span class="hl kwc">split</span> <span class="hl kwd">/\./</span><span class="hl opt">,</span> <span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>DOMAINNAME<span class="hl opt">});</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span>
		     N<span class="hl opt">(</span><span class="hl str">&quot;Authentication LDAP&quot;</span><span class="hl opt">),</span>
		     <span class="hl opt">[ {</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;LDAP Base dn&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} },</span>
		       <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;LDAP Server&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$val</span> <span class="hl opt">},</span>
		     <span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;NIS&apos;</span><span class="hl opt">) {</span> 
	<span class="hl kwb">$val</span> <span class="hl opt">||=</span> <span class="hl str">&apos;broadcast&apos;</span><span class="hl opt">;</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span>
		     N<span class="hl opt">(</span><span class="hl str">&quot;Authentication NIS&quot;</span><span class="hl opt">),</span>
		     <span class="hl opt">[ {</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;NIS Domain&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \ <span class="hl opt">(</span><span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>NISDOMAIN<span class="hl opt">} ||=</span> <span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>DOMAINNAME<span class="hl opt">}) },</span>
		       <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;NIS Server&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$val,</span> list <span class="hl opt">=&gt; [</span><span class="hl str">&quot;broadcast&quot;</span><span class="hl opt">],</span> not_edit <span class="hl opt">=&gt;</span> <span class="hl num">0</span> <span class="hl opt">},</span>
		     <span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">) {</span>
	<span class="hl slc">#- maybe we should browse the network like diskdrake --smb and get the &apos;doze server names in a list </span>
	<span class="hl slc">#- but networking isn&apos;t setup yet necessarily</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_warn</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">&quot;For this to work for a W2K PDC, you will probably need to have the admin run: C:</span><span class="hl esc">\\</span><span class="hl str">&gt;net localgroup</span> <span class="hl esc">\&quot;</span><span class="hl str">Pre-Windows 2000 Compatible Access</span><span class="hl esc">\&quot;</span> <span class="hl str">everyone /add and reboot the server.</span><span class="hl esc">\n</span><span class="hl str">You will also need the username/password of a Domain Admin to join the machine to the Windows(TM) domain.</span><span class="hl esc">\n</span><span class="hl str">If networking is not yet enabled, Drakx will attempt to join the domain after the network setup step.</span><span class="hl esc">\n</span><span class="hl str">Should this setup fail for some reason and domain authentication is not working, run &apos;smbpasswd -j DOMAIN -U USER</span><span class="hl ipl">%%PASSWORD</span><span class="hl str">&apos; using your Windows(tm) Domain, and Admin Username/Password, after system boot.</span><span class="hl esc">\n</span><span class="hl str">The command &apos;wbinfo -t&apos; will test whether your authentication secrets are good.&quot;</span><span class="hl opt">));</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span>
			N<span class="hl opt">(</span><span class="hl str">&quot;Authentication Windows Domain&quot;</span><span class="hl opt">),</span>
			<span class="hl opt">[ {</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Windows Domain&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \ <span class="hl opt">(</span><span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>WINDOMAIN<span class="hl opt">} ||=</span> <span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>DOMAINNAME<span class="hl opt">}) },</span>
			  <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Domain Admin User Name&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$val</span> <span class="hl opt">},</span>
			  <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Domain Admin Password&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winpass<span class="hl opt">},</span> hidden <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
			<span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>
    <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$kind</span><span class="hl opt">} =</span> <span class="hl kwb">$val</span><span class="hl opt">;</span>
    <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $netc, $authentication, $when_network_is_up</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    any<span class="hl opt">::</span>enableShadow<span class="hl opt">()</span> <span class="hl kwa">if</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>shadow<span class="hl opt">};</span>    

    <span class="hl kwc">my</span> <span class="hl kwb">$kind</span> <span class="hl opt">=</span> authentication<span class="hl opt">::</span>to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$kind</span><span class="hl opt">};</span>

    <span class="hl kwc">log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">&quot;authentication::set</span> <span class="hl ipl">$kind</span> <span class="hl str">with</span> <span class="hl ipl">$val</span><span class="hl str">&quot;</span><span class="hl opt">);</span>

    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;LDAP&apos;</span><span class="hl opt">) {</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">do_pkgs</span><span class="hl opt">-&gt;</span><span class="hl kwd">install</span><span class="hl opt">(</span><span class="hl str">qw(openldap-clients nss_ldap pam_ldap autofs)</span><span class="hl opt">);</span>

	<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} ||</span> <span class="hl kwa">do</span> <span class="hl opt">{</span>
	    <span class="hl kwc">my</span> <span class="hl kwb">$s</span> <span class="hl opt">=</span> run_program<span class="hl opt">::</span>rooted_get_stdout<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;ldapsearch&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-x&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-h&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$val,</span> <span class="hl str">&apos;-b&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-s&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;base&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;+&apos;</span><span class="hl opt">);</span>
	    first<span class="hl opt">(</span><span class="hl kwb">$s</span> <span class="hl opt">=~</span> <span class="hl kwd">/namingContexts: (.+)/</span><span class="hl opt">);</span>
	<span class="hl opt">}</span> <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">&quot;no ldap domain found on server</span> <span class="hl ipl">$val</span><span class="hl str">&quot;</span><span class="hl opt">),</span> <span class="hl kwa">return</span><span class="hl opt">;</span>

	set_nsswitch_priority<span class="hl opt">(</span><span class="hl str">&apos;ldap&apos;</span><span class="hl opt">);</span>
	set_pam_authentication<span class="hl opt">(</span><span class="hl str">&apos;ldap&apos;</span><span class="hl opt">);</span>
	set_ldap_conf<span class="hl opt">(</span><span class="hl kwb">$domain, $val,</span> <span class="hl num">1</span><span class="hl opt">);</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;NIS&apos;</span><span class="hl opt">) {</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">do_pkgs</span><span class="hl opt">-&gt;</span><span class="hl kwd">install</span><span class="hl opt">(</span><span class="hl str">qw(ypbind autofs)</span><span class="hl opt">);</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>NISDOMAIN<span class="hl opt">};</span>
	<span class="hl kwb">$domain</span> <span class="hl opt">||</span> <span class="hl kwb">$val</span> <span class="hl kwc">ne</span> <span class="hl str">&quot;broadcast&quot;</span> <span class="hl kwc">or die</span> N<span class="hl opt">(</span><span class="hl str">&quot;Can&apos;t use broadcast with no NIS domain&quot;</span><span class="hl opt">);</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$t</span> <span class="hl opt">=</span> <span class="hl kwb">$domain</span> ? <span class="hl str">&quot;domain</span> <span class="hl ipl">$domain</span><span class="hl str">&quot;</span> <span class="hl opt">. (</span><span class="hl kwb">$val</span> <span class="hl kwc">ne</span> <span class="hl str">&quot;broadcast&quot;</span> <span class="hl opt">&amp;&amp;</span> <span class="hl str">&quot; server&quot;</span><span class="hl opt">) :</span> <span class="hl str">&quot;ypserver&quot;</span><span class="hl opt">;</span>
	substInFile <span class="hl opt">{</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">&quot;#~</span><span class="hl ipl">$_</span><span class="hl str">&quot;</span> <span class="hl kwa">unless</span> <span class="hl kwd">/^#/</span><span class="hl opt">;</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl str">&quot;</span><span class="hl ipl">$t</span> <span class="hl str"></span><span class="hl ipl">$val\n</span><span class="hl str">&quot;</span> <span class="hl kwa">if</span> <span class="hl kwc">eof</span><span class="hl opt">;</span>
	<span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/yp.conf&quot;</span><span class="hl opt">;</span>

	set_nsswitch_priority<span class="hl opt">(</span><span class="hl str">&apos;nis&apos;</span><span class="hl opt">);</span>
	<span class="hl slc">#- no need to modify system-auth for nis</span>

	<span class="hl kwb">$when_network_is_up</span><span class="hl opt">-&gt;(</span><span class="hl kwa">sub</span> <span class="hl opt">{</span>
	    run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;nisdomainname&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$domain</span><span class="hl opt">);</span>
	    run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;service&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;ypbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;restart&apos;</span><span class="hl opt">);</span>
	<span class="hl opt">})</span> <span class="hl kwa">if</span> <span class="hl opt">!$::</span>isInstall<span class="hl opt">;</span> <span class="hl slc">#- TODO: also do it during install since nis can be useful to resolve domain names. Not done because 9.2-RC</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">) {</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwb">$netc</span><span class="hl opt">-&gt;{</span>WINDOMAIN<span class="hl opt">};</span>
	<span class="hl kwb">$domain</span> <span class="hl opt">=~</span> <span class="hl kwd">tr/a-z/A-Z/</span><span class="hl opt">;</span>

	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">do_pkgs</span><span class="hl opt">-&gt;</span><span class="hl kwd">install</span><span class="hl opt">(</span><span class="hl str">qw(samba-winbind samba-common)</span><span class="hl opt">);</span>
	set_pam_authentication<span class="hl opt">(</span><span class="hl str">&apos;winbind&apos;</span><span class="hl opt">);</span>

	<span class="hl kwa">require</span> network<span class="hl opt">::</span>smb<span class="hl opt">;</span>
	network<span class="hl opt">::</span>smb<span class="hl opt">::</span>write_smb_conf<span class="hl opt">(</span><span class="hl kwb">$domain</span><span class="hl opt">);</span>
	run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&quot;chkconfig&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;--level&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;35&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;winbind&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;on&quot;</span><span class="hl opt">);</span>
	mkdir_p<span class="hl opt">(</span><span class="hl str">&quot;$::prefix/home/</span><span class="hl ipl">$domain</span><span class="hl str">&quot;</span><span class="hl opt">);</span>
	
	<span class="hl slc">#- defer running smbpassword until the network is up</span>
	<span class="hl kwb">$when_network_is_up</span><span class="hl opt">-&gt;(</span><span class="hl kwa">sub</span> <span class="hl opt">{</span>
	    run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;smbpasswd&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-j&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$domain,</span> <span class="hl str">&apos;-U&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$val</span> <span class="hl opt">.</span> <span class="hl str">&apos;%&apos;</span> <span class="hl opt">.</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winpass<span class="hl opt">});</span>
	<span class="hl opt">});</span>
    <span class="hl opt">}</span>
<span class="hl opt">}</span>


<span class="hl kwa">sub</span> pam_modules<span class="hl opt">() {</span>
    <span class="hl str">&apos;pam_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_winbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_mkhomedir&apos;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_module_from_path <span class="hl opt">{</span> 
    <span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">] &amp;&amp;</span> <span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">] =~</span> m<span class="hl opt">|(</span><span class="hl kwd">/lib/s</span>ecurity<span class="hl opt">/)</span>?<span class="hl opt">(</span>pam_<span class="hl opt">.*)</span>\<span class="hl opt">.</span>so<span class="hl opt">| &amp;&amp;</span> <span class="hl kwb">$2</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_module_to_path <span class="hl opt">{</span> 
    <span class="hl str">&quot;</span><span class="hl ipl">$_</span><span class="hl str">[0].so&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_format_line <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $control, $module, &#64;para</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">sprintf</span><span class="hl opt">(</span><span class="hl str">&quot;%-11s %-13s</span> <span class="hl ipl">%s\n</span><span class="hl str">&quot;</span><span class="hl opt">,</span> <span class="hl kwb">$type, $control,</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos; &apos;</span><span class="hl opt">,</span> pam_module_to_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">),</span> <span class="hl kwb">&#64;para</span><span class="hl opt">));</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> get_raw_pam_authentication<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%before_deny</span><span class="hl opt">;</span>
    <span class="hl kwa">foreach</span> <span class="hl opt">(</span>cat_<span class="hl opt">(</span><span class="hl str">&quot;$::prefix/etc/pam.d/system-auth&quot;</span><span class="hl opt">)) {</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $control, $module, &#64;para</span><span class="hl opt">) =</span> <span class="hl kwc">split</span><span class="hl opt">;</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl opt">=</span> pam_module_from_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">)) {</span>
	    <span class="hl kwb">$before_deny</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}{</span><span class="hl kwb">$module</span><span class="hl opt">} =</span> \<span class="hl kwb">&#64;para</span> <span class="hl kwa">if</span> <span class="hl kwb">$control</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;sufficient&apos;</span> <span class="hl opt">&amp;&amp;</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> pam_modules<span class="hl opt">());</span>
	<span class="hl opt">}</span>
    <span class="hl opt">}</span>
    \<span class="hl kwb">%before_deny</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set_raw_pam_authentication <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$before_deny, $before_first</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    substInFile <span class="hl opt">{</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $control, $module, &#64;para</span><span class="hl opt">) =</span> <span class="hl kwc">split</span><span class="hl opt">;</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$added_pre_line</span> <span class="hl opt">=</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl opt">=</span> pam_module_from_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">)) {</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;pam_unix&apos;</span> <span class="hl opt">&amp;&amp;</span> member<span class="hl opt">(</span><span class="hl kwb">$type,</span> <span class="hl str">&apos;auth&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;account&apos;</span><span class="hl opt">)) {</span>
		<span class="hl slc">#- remove likeauth, nullok and use_first_pass</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> pam_format_line<span class="hl opt">(</span><span class="hl kwb">$type,</span> <span class="hl str">&apos;sufficient&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$module,</span> <span class="hl kwc">grep</span> <span class="hl opt">{ !</span>member<span class="hl opt">(</span><span class="hl kwb">$_,</span> <span class="hl str">qw(likeauth nullok use_first_pass)</span><span class="hl opt">) }</span> <span class="hl kwb">&#64;para</span><span class="hl opt">);</span>
		<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$control</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;required&apos;</span><span class="hl opt">) {</span>
		    <span class="hl slc">#- ensure a pam_deny line is there</span>
		    <span class="hl opt">(</span><span class="hl kwb">$control, $module, &#64;para</span><span class="hl opt">) = (</span><span class="hl str">&apos;required&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_deny&apos;</span><span class="hl opt">);</span>
		    <span class="hl opt">(</span><span class="hl kwb">$added_pre_line, $_</span><span class="hl opt">) = (</span><span class="hl kwb">$_,</span> pam_format_line<span class="hl opt">(</span><span class="hl kwb">$type, $control, $module</span><span class="hl opt">));</span>
		<span class="hl opt">}</span>
	    <span class="hl opt">}</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span>member<span class="hl opt">(</span><span class="hl kwb">$module,</span> pam_modules<span class="hl opt">())) {</span>
		<span class="hl slc">#- first removing previous config</span>
		<span class="hl kwc">warn</span> <span class="hl str">&quot;dropping line</span> <span class="hl ipl">$_</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
	    <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
		<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$before_first</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$type</span><span class="hl opt">}) {</span>
		    <span class="hl kwa">foreach</span> <span class="hl kwc">my</span> <span class="hl kwb">$module</span> <span class="hl opt">(</span><span class="hl kwc">keys</span> <span class="hl opt">%{</span><span class="hl kwb">$before_first</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$type</span><span class="hl opt">}}) {</span>
			<span class="hl kwb">$_</span> <span class="hl opt">=</span> pam_format_line<span class="hl opt">(</span><span class="hl kwb">$type,</span> <span class="hl str">&apos;required&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$module,</span> <span class="hl opt">&#64;{</span><span class="hl kwb">$before_first</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$type</span><span class="hl opt">}{</span><span class="hl kwb">$module</span><span class="hl opt">}}) .</span> <span class="hl kwb">$_</span><span class="hl opt">;</span>
		    <span class="hl opt">}</span>
		    <span class="hl kwc">delete</span> <span class="hl kwb">$before_first</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$type</span><span class="hl opt">};</span>
		<span class="hl opt">}</span>		
		<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$control</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;required&apos;</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwb">$module</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;pam_deny&apos;</span><span class="hl opt">) {</span>
		    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$before_deny</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$type</span><span class="hl opt">}) {</span>
			<span class="hl kwa">foreach</span> <span class="hl kwc">my</span> <span class="hl kwb">$module</span> <span class="hl opt">(</span><span class="hl kwc">keys</span> <span class="hl opt">%{</span><span class="hl kwb">$before_deny</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$type</span><span class="hl opt">}}) {</span>
			    <span class="hl kwb">$_</span> <span class="hl opt">=</span> pam_format_line<span class="hl opt">(</span><span class="hl kwb">$type,</span> <span class="hl str">&apos;sufficient&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$module,</span> <span class="hl opt">&#64;{</span><span class="hl kwb">$before_deny</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$type</span><span class="hl opt">}{</span><span class="hl kwb">$module</span><span class="hl opt">}}) .</span> <span class="hl kwb">$_</span><span class="hl opt">;</span>
			<span class="hl opt">}</span>
		    <span class="hl opt">}</span>
		<span class="hl opt">}</span>
	    <span class="hl opt">}</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$added_pre_line</span> <span class="hl opt">.</span> <span class="hl kwb">$_</span><span class="hl opt">;</span>
	<span class="hl opt">}</span>
    <span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/pam.d/system-auth&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> get_pam_authentication_kinds<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$before_deny</span> <span class="hl opt">=</span> get_raw_pam_authentication<span class="hl opt">();</span>
    <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwd">s/pam_//</span><span class="hl opt">;</span> <span class="hl kwb">$_</span> <span class="hl opt">}</span> <span class="hl kwc">keys</span> <span class="hl opt">%{</span><span class="hl kwb">$before_deny</span><span class="hl opt">-&gt;{</span>auth<span class="hl opt">}};</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set_pam_authentication <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">&#64;authentication_kinds</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$before_deny</span> <span class="hl opt">= {};</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$before_first</span> <span class="hl opt">= {};</span>
    <span class="hl kwa">foreach</span> <span class="hl opt">(</span><span class="hl kwb">&#64;authentication_kinds</span><span class="hl opt">) {</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$module</span> <span class="hl opt">=</span> <span class="hl str">&apos;pam_&apos;</span> <span class="hl opt">.</span> <span class="hl kwb">$_</span><span class="hl opt">;</span>
	<span class="hl kwb">$before_deny</span><span class="hl opt">-&gt;{</span>auth<span class="hl opt">}{</span><span class="hl kwb">$module</span><span class="hl opt">} = [</span> <span class="hl str">&apos;likeauth&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;nullok&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;use_first_pass&apos;</span> <span class="hl opt">];</span>
	<span class="hl kwb">$before_deny</span><span class="hl opt">-&gt;{</span>account<span class="hl opt">}{</span><span class="hl kwb">$module</span><span class="hl opt">} = [</span> <span class="hl str">&apos;use_first_pass&apos;</span> <span class="hl opt">];</span>
	<span class="hl kwb">$before_deny</span><span class="hl opt">-&gt;{</span>password<span class="hl opt">}{</span><span class="hl kwb">$module</span><span class="hl opt">} = []</span> <span class="hl kwa">if</span> <span class="hl kwb">$_</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;ldap&apos;</span><span class="hl opt">;</span>
	<span class="hl kwb">$before_first</span><span class="hl opt">-&gt;{</span>session<span class="hl opt">}{</span>pam_mkhomedir<span class="hl opt">} = [</span> <span class="hl str">&apos;skel=/etc/skel/&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;umask=0022&apos;</span> <span class="hl opt">]</span> <span class="hl kwa">if</span> <span class="hl kwb">$_</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>
    set_raw_pam_authentication<span class="hl opt">(</span><span class="hl kwb">$before_deny, $before_first</span><span class="hl opt">);</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set_nsswitch_priority <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">&#64;kinds</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl slc"># allowed: files nis ldap dns</span>
    substInFile <span class="hl opt">{</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$database, $l</span><span class="hl opt">) =</span> <span class="hl kwd">/^(\s*(?:passwd|shadow|group|automount):\s*)(.*)/</span><span class="hl opt">) {</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$database</span> <span class="hl opt">.</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos; &apos;</span><span class="hl opt">,</span> uniq<span class="hl opt">(</span><span class="hl str">&apos;files&apos;</span><span class="hl opt">,</span> <span class="hl kwb">&#64;kinds,</span> <span class="hl kwc">split</span><span class="hl opt">(</span><span class="hl str">&apos; &apos;</span><span class="hl opt">,</span> <span class="hl kwb">$l</span><span class="hl opt">))) .</span> <span class="hl str">&quot;</span><span class="hl esc">\n</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
	<span class="hl opt">}</span>	
    <span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/nsswitch.conf&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> read_ldap_conf<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%conf</span> <span class="hl opt">=</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwd">s/^\s*#.*//</span><span class="hl opt">;</span> if_<span class="hl opt">(</span><span class="hl kwd">/(\S+)\s+(.*)/</span><span class="hl opt">,</span> <span class="hl kwb">$1</span> <span class="hl opt">=&gt;</span> <span class="hl kwb">$2</span><span class="hl opt">) }</span> cat_<span class="hl opt">(</span><span class="hl str">&quot;$::prefix/etc/ldap.conf&quot;</span><span class="hl opt">);</span>
    \<span class="hl kwb">%conf</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set_ldap_conf <span class="hl opt">{</span>    
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$domain, $servers, $b_ssl</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwc">my</span> <span class="hl kwb">%wanted_conf</span> <span class="hl opt">= (</span>
	host <span class="hl opt">=&gt;</span> <span class="hl kwb">$servers,</span>
	base <span class="hl opt">=&gt;</span> <span class="hl kwb">$domain,</span>
	port <span class="hl opt">=&gt;</span> <span class="hl kwb">$b_ssl</span> ? <span class="hl num">636</span> <span class="hl opt">:</span> <span class="hl num">389</span><span class="hl opt">,</span>
	ssl <span class="hl opt">=&gt;</span> <span class="hl kwb">$b_ssl</span> ? <span class="hl str">&apos;on&apos;</span> <span class="hl opt">:</span> <span class="hl str">&apos;off&apos;</span><span class="hl opt">,</span>
	nss_base_shadow <span class="hl opt">=&gt;</span> <span class="hl str">&quot;ou=People,</span><span class="hl ipl">$domain</span><span class="hl str">&quot;</span><span class="hl opt">,</span>
	nss_base_passwd <span class="hl opt">=&gt;</span> <span class="hl str">&quot;ou=People,</span><span class="hl ipl">$domain</span><span class="hl str">&quot;</span><span class="hl opt">,</span>
	nss_base_group <span class="hl opt">=&gt;</span> <span class="hl str">&quot;ou=Group,</span><span class="hl ipl">$domain</span><span class="hl str">&quot;</span><span class="hl opt">,</span>
    <span class="hl opt">);</span>

    substInFile <span class="hl opt">{</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$cmd</span><span class="hl opt">) =</span> <span class="hl kwd">/^#?\s*(\w+)\s/</span><span class="hl opt">;</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$cmd</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwc">exists</span> <span class="hl kwb">$wanted_conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">}) {</span>
	    <span class="hl kwc">my</span> <span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl kwb">$wanted_conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">};</span>
	    <span class="hl kwb">$wanted_conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">} =</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$val</span> ? <span class="hl str">&quot;</span><span class="hl ipl">$cmd</span> <span class="hl str"></span><span class="hl ipl">$val\n</span><span class="hl str">&quot;</span> <span class="hl opt">:</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
        <span class="hl opt">}</span>
    <span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/ldap.conf&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl num">1</span><span class="hl opt">;</span>

</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.1</a> (<a href='https://git-scm.com/'>git 2.21.0</a>) at 2024-11-14 18:58:02 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>