diff options
author | Pascal Rigaux <pixel@mandriva.com> | 2007-04-25 10:08:22 +0000 |
---|---|---|
committer | Pascal Rigaux <pixel@mandriva.com> | 2007-04-25 10:08:22 +0000 |
commit | 685b705e6628a105b6939c09c2046a7266f16c44 (patch) | |
tree | ccbcc0a243b35329d5bde689eac38d20041e5662 | |
parent | 26e4479959d6dab37fb2f88948372b31a48b4627 (diff) | |
download | drakx-net-685b705e6628a105b6939c09c2046a7266f16c44.tar drakx-net-685b705e6628a105b6939c09c2046a7266f16c44.tar.gz drakx-net-685b705e6628a105b6939c09c2046a7266f16c44.tar.bz2 drakx-net-685b705e6628a105b6939c09c2046a7266f16c44.tar.xz drakx-net-685b705e6628a105b6939c09c2046a7266f16c44.zip |
re-sync after the big svn loss
-rwxr-xr-x | bin/drakgw | 466 |
1 files changed, 466 insertions, 0 deletions
diff --git a/bin/drakgw b/bin/drakgw new file mode 100755 index 0000000..78f0b1c --- /dev/null +++ b/bin/drakgw @@ -0,0 +1,466 @@ +#!/usr/bin/perl + +# +# author Guillaume Cottenceau (gc@mandrakesoft.com) +# modified by Florin Grad (florin@mandrakesoft.com) +# wizardified by Olivier Blin (oblin@mandriva.com) +# +# Copyright 2000-2005 Mandriva +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# + +use strict; +use lib qw(/usr/lib/libDrakX); + +use standalone; #- warning, standalone must be loaded very first, for 'explanations' + +use common; +use detect_devices; +use interactive; +use network::network; +use network::ethernet; +use run_program; +use log; +use c; +use network::shorewall; +use network::dhcpd; +use network::squid; +use services; + +my $sysconf_network = "/etc/sysconfig/network"; +my $masq_file = "$::prefix/etc/shorewall/masq"; +my $cups_conf = "$::prefix/etc/cups/cupsd.conf"; + +my $in = 'interactive'->vnew('su'); + +my ($kernel_version) = c::kernel_version() =~ /(...)/; +unless ($kernel_version >= 2.4) { + $in->ask_warn(N("Error"), N("Sorry, we support only 2.4 and above kernels.")); + $in->exit(-1); +} + +my $net = {}; +network::network::read_net_conf($net); +my $modules_conf = modules::any_conf->read; +my %eth_intf = map { $_->[0] => join(': ', $_->[0], $_->[2]) } network::ethernet::get_eth_cards($modules_conf); + +my $shorewall = network::shorewall::read(); +my $choice; +my $gw_enabled; +my ($net_interface_name, $lan_interface_name, $lan_intf, $internal_domain_name); +my $use_dhcpd = 1; +my $use_caching_dns = 1; +my $use_caching_proxy = 1; + +my $resolv_conf = network::network::read_resolv_conf_raw(); +my $squid_conf = network::squid::read_squid_conf(); +my $dhcpd_conf = network::dhcpd::read_dhcpd_conf(); + +require wizards; +my $wiz = wizards->new( + { + defaultimage => "drakgw.png", + name => N("Internet Connection Sharing"), + pages => { + welcome => + { + name => N("You are about to configure your computer to share its Internet connection. +With that feature, other computers on your local network will be able to use this computer's Internet connection. + +Make sure you have configured your Network/Internet access using drakconnect before going any further. + +Note: you need a dedicated Network Adapter to set up a Local Area Network (LAN)."), + post => sub { + $gw_enabled = !$shorewall->{disabled} && grep { !/^#/ } cat_($masq_file); + return $gw_enabled ? "ask_reconfigure" : "choose_net_interface"; + }, + }, + + ask_reconfigure => + { + name => sub { + $gw_enabled ? + N("The setup of Internet Connection Sharing has already been done. +It's currently enabled. + +What would you like to do?") : + N("The setup of Internet connection sharing has already been done. +It's currently disabled. + +What would you like to do?"); #- FIXME : not used for now + }, + data => sub { + [ { type => "list", val => \$choice, list => [ ($gw_enabled ? N_("Disable") : N_("Enable")), N_("Reconfigure") ], format => \&translate } ]; + }, + post => sub { + if ($choice eq "Enable") { + #- FIXME, not used for now + #- gw_enable(); + return "end_enabled"; + } elsif ($choice eq "Disable") { + gw_disable(); + return "end_disabled"; + } elsif ($choice eq "Reconfigure") { + return "choose_net_interface"; + } + }, + }, + + choose_net_interface => + { + pre => sub { + $net_interface_name = $shorewall->{net_interface}; + }, + name => translate($network::shorewall::ask_shorewall_interface_label), + data => network::shorewall::shorewall_interface_choices(\$net_interface_name), + post => sub { + network::shorewall::set_net_interface($shorewall, $net_interface_name); + my $locals = @{$shorewall->{loc_interface}}; + if ($locals == 0) { + return "end_no_lan_interface"; + } elsif ($locals == 1) { + $lan_interface_name = $shorewall->{loc_interface}[0]; + return "one_lan_interface"; + } else { + return "choose_lan_interface"; + } + }, + }, + + one_lan_interface => + { + name => sub { + N("There is only one configured network adapter on your system: + +%s + +I am about to setup your Local Area Network with that adapter.", format_interfaces($lan_interface_name)); + }, + next => "lan_configure", + }, + + choose_lan_interface => + { + name => N("Please choose what network adapter will be connected to your Local Area Network."), + data => sub { + [ { type => "list", val => \$lan_interface_name, list => $shorewall->{loc_interface}, format => \&format_interfaces } ]; + }, + post => sub { + log::explanations("Choosing network device: $lan_interface_name"); + "lan_configure"; + }, + }, + + lan_configure => + { + pre => sub { + $lan_intf = $net->{ifcfg}{$lan_interface_name} ||= {}; + $lan_intf->{DEVICE} = $lan_interface_name; + $lan_intf->{ONBOOT} = 'yes'; + $lan_intf->{BOOTPROTO} = 'static'; + $lan_intf->{IPADDR} ||= "192.168.1.1"; + $lan_intf->{NETMASK} ||= "255.255.255.0"; + $internal_domain_name = $resolv_conf->{search}[0] ||= "homeland.net"; + }, + name => N("Local Area Network settings"), + data => sub { + [ + { label => N("Local IP address"), val => \$lan_intf->{IPADDR} }, + { label => N("Netmask"), val => \$lan_intf->{NETMASK} }, + { label => N("The internal domain name"), val => \$internal_domain_name }, + ]; + }, + complete => sub { + network::network::update_broadcast_and_network($lan_intf); + if (my $conflict = find { $_->{NETWORK} eq $lan_intf->{NETWORK} } grep { $_->{DEVICE} ne $lan_intf->{DEVICE} } values %{$net->{ifcfg}}) { + $in->ask_warn(N("Error"), N("Potential LAN address conflict found in current config of %s!\n", $conflict->{DEVICE})); + return 1; + } + 0; + }, + post => sub { + network::network::configure_network($net, $in, $modules_conf) unless $::testing; + return "dns"; + }, + }, + + dns => + { + pre => sub { + $dhcpd_conf->{domain_name_servers}[0] = $resolv_conf->{nameserver}[0] ||= $lan_intf->{IPADDR}; + }, + name => N("Domain Name Server (DNS) configuration"), + data => sub { + my @disable = (disabled => sub { $use_caching_dns }); + [ + { text => N("Use this gateway as domain name server"), val => \$use_caching_dns, type => 'bool' }, + { label => N("The DNS Server IP"), val => \$dhcpd_conf->{domain_name_servers}[0], @disable }, + ]; + }, + complete => sub { + !$use_caching_dns || $::testing and return 0; + #- install a caching name server if the specified DNS is the gateway + !$in->do_pkgs->ensure_is_installed('caching-nameserver', '/var/named/named.local'); + }, + post => sub { + services::set_status($_, $use_caching_dns) foreach qw(named caching-nameserver); + return "dhcpd"; + }, + }, + + dhcpd => + { + pre => sub { + #- not editable + $dhcpd_conf->{option_routers}[0] = $lan_intf->{IPADDR}; + $dhcpd_conf->{subnet_mask}[0] = $lan_intf->{NETMASK}; + $dhcpd_conf->{domain_name}[0] = $internal_domain_name; + #- editable + $dhcpd_conf->{dynamic_bootp}[0] ||= "16"; + $dhcpd_conf->{dynamic_bootp}[1] ||= "253"; + $dhcpd_conf->{default_lease_time}[0] ||= "21600"; + $dhcpd_conf->{max_lease_time}[0] ||= "43200"; + }, + name => N("DHCP Server Configuration. + +Here you can select different options for the DHCP server configuration. +If you do not know the meaning of an option, simply leave it as it is."), + data => sub { + my @advanced_disable = (advanced => 1, disabled => sub { !$use_dhcpd }); + [ + { text => N("Use automatic configuration (DHCP)"), val => \$use_dhcpd, type => 'bool' }, + { label => N("The DHCP start range"), val => \$dhcpd_conf->{dynamic_bootp}[0], @advanced_disable }, + { label => N("The DHCP end range"), val => \$dhcpd_conf->{dynamic_bootp}[1], @advanced_disable }, + { label => N("The default lease (in seconds)"), val => \$dhcpd_conf->{default_lease_time}[0], @advanced_disable }, + { label => N("The maximum lease (in seconds)"), val => \$dhcpd_conf->{max_lease_time}[0], @advanced_disable } + ]; + }, + complete => sub { + !$use_dhcpd || $::testing and return 0; + $in->do_pkgs->ensure_is_installed('dhcp-server', '/usr/sbin/dhcpd') or return 1; + 0; + }, + post => sub { + network::dhcpd::write_dhcpd_conf($dhcpd_conf, $lan_intf->{DEVICE}) if $use_dhcpd; + services::set_status("dhcpd", $use_dhcpd); + return "proxy"; + } + }, + + proxy => + { + pre => sub { + $squid_conf->{http_port}[0] ||= "3128"; + $squid_conf->{cache_size}[1] ||= "100"; + $squid_conf->{admin_mail}[0] ||= 'admin@mydomain.com'; + $squid_conf->{visible_hostname}[0] ||= 'myfirewall@mydomain.com'; + }, + name => N("Proxy caching server (SQUID)"), + data => sub { + my @disable = (advanced => 1, disabled => sub { !$use_caching_proxy }); + [ + { text => N("Use this gateway as proxy caching server"), val => \$use_caching_proxy, type => 'bool' }, + { label => N("Admin mail"), val => \$squid_conf->{admin_mail}[0], @disable }, + { label => N("Visible hostname"), val => \$squid_conf->{visible_hostname}[0], @disable }, + { label => N("Proxy port"), val => \$squid_conf->{http_port}[0], advanced => 1, @disable }, + { label => N("Cache size (MB)"), val => \$squid_conf->{cache_size}[1], advanced => 1, @disable }, + ]; + }, + complete => sub { + !$use_caching_proxy || $::testing and return 0; + $in->do_pkgs->ensure_is_installed('squid', '/usr/sbin/squid') or return 1; + 0; + }, + post => sub { + network::squid::write_squid_conf($squid_conf, $lan_intf, $internal_domain_name) if $use_caching_proxy; + services::set_status("squid", $use_caching_proxy); + if ($use_caching_proxy) { + set_proxy_port($squid_conf->{http_port}[0]); + } else { + delete_proxy_ports(); + } + -f $cups_conf ? "cups" : end_step(); + }, + }, + + cups => + { + name => N("Broadcast printer information"), + type => "yesorno", + default => "yes", + post => sub { + update_cups() unless $::testing; + end_step(); + }, + }, + + end_no_lan_interface => + { + name => N("No ethernet network adapter has been detected on your system. Please run the hardware configuration tool."), + end => 1, + }, + + end_enabled => + { + name => N("Internet Connection Sharing is now enabled."), + end => 1, + }, + + end_disabled => + { + name => N("Internet Connection Sharing is now disabled."), + end => 1, + }, + + end => + { + name => N("Everything has been configured. +You may now share Internet connection with other computers on your Local Area Network, using automatic network configuration (DHCP) and + a Transparent Proxy Cache server (SQUID)."), + end => 1, + }, + }, +}); +$wiz->safe_process($in); + + + +sub format_interfaces { + my ($interface) = @_; + $eth_intf{$interface} || $interface; +} + +sub end_step() { + gw_configure(); + log::l("[drakgw] Installation complete, exiting"); + "end"; +} + +sub delete_proxy_ports() { + my $r = $shorewall->{redirects}{tcp}; + my @ports = grep { $r->{$_} eq 'www' } keys %$r; + delete $r->{$_} foreach @ports; +} + +sub set_proxy_port { + my ($port) = @_; + $shorewall->{redirects}{tcp}{$port} = 'www'; +} + +sub gw_disable() { + my $_wait_disabl = $in->wait_message('', N("Disabling servers...")); + return if $::testing; + services::set_status($_, 0) foreach qw(dhcpd squid named); + delete_proxy_ports(); + network::shorewall::write($shorewall); + foreach ($network::dhcpd::dhcpd_conf_file, $network::squid::squid_conf_file, $masq_file) { + if (-f $_) { rename($_, "$_.drakgwdisable") or die "Could not rename $_ to $_.drakgwdisable" } + } + services::restart("shorewall"); +} + +sub gw_configure() { + #- test for potential conflict with previous firewall config + if (network::shorewall::check_iptables()) { + $in->ask_warn(N("Firewalling configuration detected!"), + N("Warning! An existing firewalling configuration has been detected. You may need some manual fixes after installation.")); + } + + $in->do_pkgs->ensure_is_installed('shorewall', '/sbin/shorewall') or $in->exit(-1); + + my $_wait_configuring = $in->wait_message(N("Configuring..."), + N("Configuring firewall...")); + + $shorewall->{disabled} = 0; + $shorewall->{masq_subnet} = "$lan_intf->{NETWORK}/$lan_intf->{NETMASK}"; + network::shorewall::write($shorewall); + + #- be sure that FORWARD_IPV4 is enabled in /etc/sysconfig/network + log::explanations("Enabling IPV4 forwarding"); + substInFile { s/^FORWARD_IPV4.*\n//; $_ .= "FORWARD_IPV4=true\n" if eof } $sysconf_network if !$::testing; + services::restart("network"); +} + +sub update_cups() { + #- Set up /etc/cups/cupsd.conf to make the broadcasting of the printer info + #- working correctly: + #- + #- 1. ServerName <server's IP address> # because clients do necessarily + #- # know the server's name + #- + #- 2. BrowseAddress <server's Broadcast IP> # broadcast printer info into + #- # the local network. + #- + #- 3. BrowseOrder Deny,Allow + #- BrowseDeny All + #- BrowseAllow <IP mask for local net> # Only accept broadcast signals + #- # coming from local network + #- + #- 4. <Location /> + #- Order Deny,Allow + #- Deny From All + #- Allow From <IP mask for local net> # Allow only machines of local + #- </Location> # network to access the server + #- + #- These steps are only done when the CUPS package is installed. + + #- Modify the root location block in /etc/cups/cupsd.conf + + log::explanations("Updating CUPS configuration accordingly"); + + substInFile { + s/^ServerName[^:].*\n//; $_ .= "ServerName $lan_intf->{IPADDR}\n" if eof; + s/^BrowseAddress.*\n//; $_ .= "BrowseAddress $lan_intf->{BROADCAST}\n" if eof; + s/^BrowseOrder.*\n//; $_ .= "BrowseOrder Deny,Allow\n" if eof; + s/^BrowseDeny.*\n//; $_ .= "BrowseDeny All\n" if eof; + s/^BrowseAllow.*\n//; $_ .= "BrowseAllow \@IF($lan_interface_name)\n" if eof; + } $cups_conf; + + my @cups_conf_content = cat_($cups_conf); + my @root_location; my $root_location_start; my $root_location_end; + + # Cut out the root location block so that it can be treated seperately + # without affecting the rest of the file + if (any { m|^\s*<Location\s+/\s*>| } @cups_conf_content) { + $root_location_start = -1; + $root_location_end = -1; + # Go through all the lines, bail out when start and end line found + for (my $i = 0; $i < @cups_conf_content && $root_location_end == -1; $i++) { + if ($cups_conf_content[$i] =~ m|^\s*<\s*Location\s+/\s*>|) { + $root_location_start = $i; + } elsif ($cups_conf_content[$i] =~ m|^\s*<\s*/Location\s*>| && $root_location_start != -1) { + $root_location_end = $i; + } + } + # Rip out the block and store it seperately + @root_location = splice(@cups_conf_content, $root_location_start, $root_location_end - $root_location_start + 1); + } else { + # If there is no root location block, create one + $root_location_start = @cups_conf_content; + @root_location = ("<Location />\n", "</Location>\n"); + } + + # Delete all former "Order", "Allow", and "Deny" lines from the root location block + s/^\s*Order.*//, s/^\s*Allow.*//, s/^\s*Deny.*// foreach @root_location; + + # Add the new "Order" and "Deny" lines, add an "Allow" line for the local network + splice(@root_location, -1, 0, $_) foreach "Order Deny,Allow\n", "Deny From All\n", "Allow From 127.0.0.1\n", + "Allow From \@IF($lan_interface_name)\n"; + + # Put the changed root location block back into the file + splice(@cups_conf_content, $root_location_start, 0, @root_location); + + output $cups_conf, @cups_conf_content; +} |