#!/usr/bin/perl # # Copyright (C) 2005-2006 by Mandriva aginies _ateuh_ mandriva.com # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA. use lib qw(/usr/lib/libDrakX); # i18n: IMPORTANT: to get correct namespace (drakx-net instead of libDrakX) BEGIN { unshift @::textdomains, 'drakx-net' } use standalone; use common; use network::network; use interactive; use services; my $nfsicon = "/usr/share/mcc/themes/default/draknfs.png"; $ugtk2::wm_icon = $nfsicon; use mygtk2 qw(gtknew gtkset); use ugtk2 qw(:ask :wrappers :create :dialogs); my $in = 'interactive'->vnew('su'); $in->do_pkgs->ensure_is_installed('nfs-utils', '/etc/rc.d/init.d/nfs-server') or exit(1); $in->do_pkgs->ensure_is_installed('rpcbind', '/etc/rc.d/init.d/rpcbind') or exit(1); use constant COLUMN_DIR => 0; use constant COLUMN_ACCESS => 1; use constant COLUMN_RIGHT => 2; use constant COLUMN_OPTIONS => 3; use constant NUM_COLUMNS => 4; my $CONF = "/etc/exports"; my @listshare; my $root_squash = N("map root user as anonymous"); my $all_squash = N("map all users to anonymous user"); my $no_all_squash = N("No user UID mapping"); my $no_root_squash = N("allow real remote root access"); my @listuserid_data = split(", ", qq($root_squash, $all_squash, $no_all_squash, $no_root_squash)); my $userid_data = { root_squash => $root_squash, no_root_squash => $no_root_squash, all_squash => $all_squash, no_all_squash => $no_all_squash, }; my @yesno = qw(yes no); sub get_items() { my @items = ( [ N("/_File"), undef, undef, undef, '<Branch>', ], [ N("/_File") . N("/_Write conf"), undef, \&write_conf, 1, '<Item>', ], [ N("/_File") . N("/_Quit"), N("<control>Q"), \&quit_all, 1, '<Item>', ], [ N("/_NFS Server"), undef, undef, undef, '<Branch>', ], [ N("/_NFS Server") . N("/_Restart"), undef, \&restart_dialog, 1, '<Item>', ], [ N("/_NFS Server") . N("/R_eload"), undef, \&reload_dialog, 1, '<Item>', ], ); return @items; } sub quit_all() { ugtk2->exit; } sub restart_dialog() { wait_action("service nfs-server restart"); } sub reload_dialog() { wait_action("service nfs-server reload"); } sub wait_action { my ($cmd) = @_; my $w = $in->wait_message(N("NFS server"), N("Restarting/Reloading NFS server...")); run_program::get_stdout($cmd) !~ /unknown|error/ or err_dialog(N("Error"), N("Error Restarting/Reloading NFS server")) and return; undef $w; } my %size_groups = map { $_ => Gtk2::SizeGroup->new('horizontal') } qw(label widget button); my $label_and_widgets = sub { my ($label, $widget, $button) = @_; gtknew('HBox', children => [ 0, gtkadd_widget($size_groups{label}, gtknew('Label_Left', text => $label)), 0, gtkadd_widget($size_groups{widget}, $widget), 0, gtkadd_widget($size_groups{button}, $button), ]); }; my $fdwidget = sub { my ($data) = @_; my $fd = new Gtk2::FileSelection(N("Directory Selection")); $fd->set_modal(1); $fd->signal_connect("destroy", sub { $fd->hide }); $fd->ok_button->signal_connect(clicked => sub { my $file = $fd->get_filename; -d $file or err_dialog(N("Error"), N("Should be a directory.")) and return; $data->set_text($file); $fd->hide; }, $fd); $fd->cancel_button->signal_connect(clicked => sub { $fd->hide }); return $fd; }; sub get_nfs_data() { # /home/nis *(async,rw,no_root_squash) # /home/nis/guibo/Build *(async,rw,no_root_squash) foreach (cat_($CONF)) { my ($dir, $access, $right, $options) = m!^(/\S+)\s+(\S*)\((\S*)\)\s+(\S*)!; $dir and push @listshare, { dir => $dir, access => $access, right => $right, options => $options, }; } } sub write_conf() { output($CONF, "# generated by drakhosts.pl\n"); foreach my $a (@listshare) { append_to_file($CONF, "$a->{dir} $a->{access}($a->{right}) $a->{options}\n"); } } my $help_access; $help_access = N("<span weight=\"bold\">NFS clients</span> may be specified in a number of ways: <span foreground=\"royalblue3\">single host:</span> a host either by an abbreviated name recognized be the resolver, fully qualified domain name, or an IP address <span foreground=\"royalblue3\">netgroups:</span> NIS netgroups may be given as \@group. <span foreground=\"royalblue3\">wildcards:</span> machine names may contain the wildcard characters * and ?. For instance: *.cs.foo.edu matches all hosts in the domain cs.foo.edu. <span foreground=\"royalblue3\">IP networks:</span> you can also export directories to all hosts on an IP (sub-)network simultaneously. for example, either `/255.255.252.0' or `/22' appended to the network base address result. "); my $help_userid = N("<span weight=\"bold\">User ID options</span> <span foreground=\"royalblue3\">map root user as anonymous:</span> map requests from uid/gid 0 to the anonymous uid/gid (root_squash). <span foreground=\"royalblue3\">allow real remote root access:</span> turn off root squashing. This option is mainly useful for diskless clients (no_root_squash). <span foreground=\"royalblue3\">map all users to anonymous user:</span> map all uids and gids to the anonymous user (all_squash). Useful for NFS-exported public FTP directories, news spool directories, etc. The opposite option is no user UID mapping (no_all_squash), which is the default setting. <span foreground=\"royalblue3\">anonuid and anongid:</span> explicitly set the uid and gid of the anonymous account. "); my %adv_options = ( sync => N("Synchronous access:"), secured => N("Secured Connection:"), ro => N("Read-Only share:"), subtree_check => N("Subtree checking:") ); my $help_global = join("\n\n\n", '<b><big>' . N("Advanced Options") . '</big></b>', N("<span foreground=\"royalblue3\">%s</span> this option requires that requests originate on an internet port less than IPPORT_RESERVED (1024). This option is on by default.", $adv_options{secured}), N("<span foreground=\"royalblue3\">%s</span> allow either only read or both read and write requests on this NFS volume. The default is to disallow any request which changes the filesystem. This can also be made explicit by using this option.", $adv_options{ro}), N("<span foreground=\"royalblue3\">%s</span> disallows the NFS server to violate the NFS protocol and to reply to requests before any changes made by these requests have been committed to stable storage (e.g. disc drive).", $adv_options{sync}), N("<span foreground=\"royalblue3\">%s</span> enable subtree checking which can help improve security in some cases, but can decrease reliability. See exports(5) man page for more details.", $adv_options{subtree_check}), ); sub help_b { my ($help_data) = @_; gtksignal_connect(gtknew('Button', text => N("Information")), clicked => sub { my $dialog = _create_dialog(N("Help"), { transient_for => $::main_window, modal => 1 }); gtkpack_($dialog->vbox, 1, gtknew('ScrolledWindow', width => 390, height => 300, child => gtknew('TextView', text => ugtk2::markup_to_TextView_format(formatAlaTeX($help_data))) ), 0, gtknew('Button', text => N("Close"), clicked => sub { $dialog->destroy; } ), ); $dialog->show_all; } ); } sub get_access_list() { my $net = {}; network::network::read_net_conf($net); my $interface = $net->{net_interface}; my $ip_address = network::tools::get_interface_ip_address($net, $interface); my $domain = chomp_(`dnsdomainname`); my @o = split(/\./, $ip_address); my $ipnet; if ($ip_address) { $ipnet = $o[0] . "." . $o[1] . "." . $o[2] . ".0"; } else { $ipnet = "ip_address" } my @all = split(", ", qq(*, *.$domain, $ipnet/8, $ipnet/24)); return @all; } sub get_data_from_id { my ($id, $what) = @_; my $data; if ($what =~ /passwd/) { setpwent(); ($data) = (getpwuid($id))[0]; endpwent(); } else { setgrent(); ($data) = (getgrgid($id))[0]; endgrent(); } return $data; } sub get_user_or_group { my ($what) = @_; my $conf = "/etc/" . $what; my @data = map { if_(m/^([^#:]+):[^:]+:([^:]+):/ && $2 > 499, "$1 [$2]") } cat_($conf); return sort(@data, " "); } sub add_modify_entry { my ($treeview, $wanted) = @_; my $model = $treeview->get_model; my $selection = $treeview->get_selection; my $iter; my ($i, $dir, $access, $right, $options); my ($lr, $luserid, $lsecure, $lsync, $lsubtree_check, $lr_data, $lsync_data, $lsecure_data, $lsubtree_check_data); undef $i; undef $iter; $_ = gtknew('Entry') foreach $dir, $options; $_ = Gtk2::OptionMenu->new foreach $lr, $luserid, $lsecure, $lsync, $lsubtree_check; $access = Gtk2::Combo->new; # $access = gtknew('ComboBox'); my @access_list = get_access_list(); # foreach (@access_list) { # $_ and $access->append_text($_); # } $access->set_popdown_strings(@access_list); $luserid->set_popdown_strings(@listuserid_data); $lr->set_popdown_strings(@yesno); $lsync->set_popdown_strings(@yesno); $lsecure->set_popdown_strings(@yesno); $lsubtree_check->set_popdown_strings(@yesno); my $file_dialog = $fdwidget->($dir); my $button = gtknew('Button', text => N("Directory")); $button->signal_connect(clicked => sub { $file_dialog->show }); # test if modify or add a nfs share my $anonuid = gtknew('ComboBox', list => [ get_user_or_group('passwd') ]); my $anongid = gtknew('ComboBox', list => [ get_user_or_group('group') ]); $_->set_wrap_width(3) foreach $anonuid, $anongid; if ($wanted =~ /modify/) { $iter = $selection->get_selected; $iter or info_dialog(N("Error"), N("Please add an NFS share to be able to modify it.")) and return; my $path = $model->get_path($iter); $i = ($path->get_indices)[0]; $dir->set_text($listshare[$i]{dir}); if (!member($listshare[$i]{access}, @access_list)) { $access->entry->append_text($listshare[$i]{access}); } # $access->child->set_text($listshare[$i]{access}); # $access->set_text($listshare[$i]{access}); $access->entry->set_text($listshare[$i]{access}); # list of all rigth in bracket # $anongid, $anonuid, $lr, $luserid, $lsecure, $lsync; $right = $listshare[$i]{right}; my @opts = split(/,/, $right); $_->set_text("") foreach $lr, $lsync, $anonuid, $anongid, $luserid, $lsecure, $lsubtree_check; foreach my $opt (@opts) { if ($opt =~ m/(\bro\b|\brw\b)/) { if ($opt =~ /ro/) { $lr->set_text("yes") } else { $lr->set_text("no") } } elsif ($opt =~ m/\bsync\b|\basync\b/) { if ($opt =~ /async/) { $lsync->set_text("no") } else { $lsync->set_text("yes") } } elsif ($opt =~ m/anongid=(\d+)/) { my $gdata = get_data_from_id($1, 'group') . " [$1]"; $anongid->set_text($gdata); } elsif ($opt =~ m/anonuid=(\d+)/) { my $udata = get_data_from_id($1, 'passwd') . " [$1]"; $anonuid->set_text($udata); } elsif ($opt =~ m/(no_root_squash|root_squash|all_squash|no_all_squash)/) { if ($opt =~ /^no_root_squash/) { $luserid->set_text($userid_data->{no_root_squash}); } elsif ($opt =~ /^root_squash/) { $luserid->set_text($userid_data->{root_squash}); } elsif ($opt =~ /^all_squash/) { $luserid->set_text($userid_data->{all_squash}); } elsif ($opt =~ /^no_all_squash/) { $luserid->set_text($userid_data->{no_all_squash}); } } elsif ($opt =~ m/(\bsecure\b|\binsecure\b)/) { if ($opt =~ /insecure/) { $lsecure->set_text("no") } else { $lsecure->set_text("yes") } } elsif ($opt =~ m/\bsubtree_check\b|\bno_subtree_check\b/) { if ($opt =~ /no_subtree_check/) { $lsubtree_check->set_text("no") } else { $lsubtree_check->set_text("yes") } } else { next } } foreach ($lsecure, $lsync) { if ($_->get_text =~ //) { $_->set_text("yes") } }; foreach ($lr, $lsubtree_check) { if ($_->get_text =~ //) { $_->set_text("no") } }; } $luserid->signal_connect(changed => sub { if ($luserid->get_text =~ /$userid_data->{root_squash}/) { $_->set_sensitive(1) foreach $anongid, $anonuid; } elsif ($luserid->get_text =~ /$userid_data->{all_squash}/) { $_->set_sensitive(0) foreach $anongid, $anonuid; $_->set_text("65534") foreach $anongid, $anonuid; } else { $_->set_text("") foreach $anongid, $anonuid; $_->set_sensitive(0) foreach $anongid, $anonuid; } }); if ($wanted =~ /add/) { # default choice root_squash and ro $luserid->set_text($userid_data->{no_all_squash}); $lr->set_text("yes"); $lsecure->set_text("yes"); $lsync->set_text("no"); $lsubtree_check->set_text("no"); } if ($luserid->get_text !~ /$userid_data->{root_squash}/) { $_->set_sensitive(0) foreach $anongid, $anonuid; } my $expender = Gtk2::Expander->new(N("Advanced")); $expender->add(gtkpack_(Gtk2::HBox->new, 0, gtkpack_(gtkset_border_width(Gtk2::HBox->new, 1), 0, gtkpack_(gtkset_border_width(Gtk2::VBox->new, 0), 0, $label_and_widgets->($adv_options{sync}, $lsync, help_b($help_global)), 0, $label_and_widgets->($adv_options{secured}, $lsecure, ""), 0, $label_and_widgets->($adv_options{ro}, $lr, ""), 0, $label_and_widgets->($adv_options{subtree_check}, $lsubtree_check, ""), ), ), ), ); my $w = ugtk2->new(N("Modify entry")); $w->{window}->set_modal(1); $w->{window}->set_position('center'); $expender->signal_connect(activate => sub { $w->shrink_topwindow; }); gtkadd($w->{window}, gtknew('VBox', spacing => 0, children_loose => [ # gtkadd(Gtk2::Frame->new(("")), gtkpack_(gtkset_border_width(Gtk2::VBox->new, 1), 0, gtknew('Title2', label => N("NFS directory")), 0, $label_and_widgets->(N("Directory:"), $dir, $button), 0, gtknew('Title2', label => N("Host access")), 0, $label_and_widgets->(N("Access:"), $access, help_b($help_access)), 0, gtknew('Title2', label => N("User ID Mapping")), 0, $label_and_widgets->(N("User ID:"), $luserid, help_b($help_userid)), 0, $label_and_widgets->(N("Anonymous user ID:"), $anonuid, ""), 0, $label_and_widgets->(N("Anonymous Group ID:"), $anongid, ""), ), # ), # gtkadd(Gtk2::Frame->new(""), gtkpack_(gtkset_border_width(Gtk2::VBox->new, 1), 0, $expender, ), # ), create_okcancel({ cancel_clicked => sub { $w->destroy }, ok_clicked => sub { my ($anonu, $anong); if ($anonuid->get_text) { my ($uid) = $anonuid->get_text =~ /\[(\S*)\]/; $anonu = "anonuid=" . $uid; } if ($anongid->get_text) { my ($gid) = $anongid->get_text =~ /\[(\S*)\]/; $anong = "anongid=" . $gid; } if ($lsync->get_text =~ /yes/) { $lsync_data = "sync" } elsif ($lsync->get_text =~ /no/) { $lsync_data = "async" } else { undef $lsync_data } if ($lr->get_text =~ /yes/) { $lr_data = "ro" } elsif ($lr->get_text =~ /no/) { $lr_data = "rw" } else { undef $lr_data } if ($lsecure->get_text =~ /yes/) { $lsecure_data = "secure" } elsif ($lsecure->get_text =~ /no/) { $lsecure_data = "insecure" } else { undef $lsecure_data } if ($lsubtree_check->get_text =~ /yes/) { $lsubtree_check_data = "subtree_check" } elsif ($lsubtree_check->get_text =~ /no/) { $lsubtree_check_data = "no_subtree_check" } else { undef $lsubtree_check } # test $luserid->get_text my $luserid_toput; if ($luserid->get_text =~ /$userid_data->{no_root_squash}/) { $luserid_toput = "no_root_squash"; undef $anong; undef $anonu; } elsif ($luserid->get_text =~ /$userid_data->{root_squash}/) { $luserid_toput = "root_squash"; } elsif ($luserid->get_text =~ /$userid_data->{no_all_squash}/) { $luserid_toput = "no_all_squash"; undef $anong; undef $anonu; } elsif ($luserid->get_text =~ /$userid_data->{all_squash}/) { $luserid_toput = "all_squash"; $anong = "anongid=65534"; $anonu = "anonuid=65534"; } my $all_right = join(",", grep { defined $_ } $luserid_toput, $anonu, $anong, $lsync_data, $lsecure_data, $lsubtree_check_data, $lr_data); my $test_dir = $dir->get_text; if (! $test_dir) { err_dialog(N("Error"), N("Please specify a directory to share.")) and return; } mkdir_p($test_dir) or err_dialog(N("Error"), N("Can't create this directory.")) and return; #my $test_access = $access->child->get_text; my $test_access = $access->entry->get_text; $test_access or err_dialog(N("Error"), N("You must specify hosts access.")) and return; if ($wanted =~ /add/) { $iter = $model->append; $i = "-1"; push @listshare, { dir => $dir->get_text, #access => $access->child->get_text, access => $access->entry->get_text, right => $all_right, options => $options->get_text, }; } $listshare[$i]{right} = $all_right; #$listshare[$i]{access} = $access->child->get_text; $listshare[$i]{access} = $access->entry->get_text; $listshare[$i]{dir} = $dir->get_text; $listshare[$i]{options} = $options->get_text; $model->set($iter, COLUMN_DIR, $listshare[$i]{dir}, COLUMN_ACCESS, $listshare[$i]{access}, COLUMN_RIGHT, $all_right, COLUMN_OPTIONS, $listshare[$i]{options}, ); $w->destroy; # write_conf(); }, }), ], ),),; $w->{window}->show_all; } sub remove_entry { my ($treeview) = @_; my $model = $treeview->get_model; my $selection = $treeview->get_selection; my $iter = $selection->get_selected; if ($iter) { my $path = $model->get_path($iter); my $i = ($path->get_indices)[0]; ask_okcancel("Remove entry ?", "Remove $listshare[$i]{dir}") or return; $model->remove($iter); splice @listshare, $i, 1; } # write_conf(); } sub create_model() { get_nfs_data(); my $model = Gtk2::ListStore->new("Glib::String", "Glib::String", "Glib::String", "Glib::String"); foreach my $a (@listshare) { my $iter = $model->append; $model->set($iter, COLUMN_DIR, $a->{dir}, COLUMN_ACCESS, $a->{access}, COLUMN_RIGHT, $a->{right}, COLUMN_OPTIONS, $a->{options}, ); } return $model; } # add colum to model sub add_columns { my $treeview = shift; my $model = $treeview->get_model; # my @colsize = (120, 160, 120); # each_index { # my $renderer = Gtk2::TreeViewColumn->new_with_attributes($_, Gtk2::CellRendererText->new, 'text' => $::i); # $renderer->set_sort_column_id($::i); # $renderer->set_min_width($colsize[$::i]); # $treeview->append_column($renderer); # } N("Share Directory"), N("Hosts Wildcard"), N("General Options"), N("Custom Options"); each_index { my $renderer = Gtk2::CellRendererText->new; $renderer->set(editable => 0); $renderer->signal_connect(edited => \&cell_edited, $model); $renderer->set_data(column => $::i); $treeview->insert_column_with_attributes(-1, $_, $renderer, 'text' => $::i); } N("Share Directory"), N("Hosts Wildcard"), N("General Options"), N("Custom Options"); } sub cell_edited { my ($cell, $path_string, $new_text, $model) = @_; my $path = Gtk2::TreePath->new_from_string($path_string); my $column = $cell->get_data("column"); my $iter = $model->get_iter($path); if ($column == COLUMN_DIR) { my $i = ($path->get_indices)[0]; $listshare[$i]{dir} = $new_text; -d $new_text or err_dialog(N("Error"), N("Please enter a directory to share.")) and return; $model->set($iter, $column, $listshare[$i]{dir}); } elsif ($column == COLUMN_ACCESS) { my $i = ($path->get_indices)[0]; $listshare[$i]{access} = $new_text; $model->set($iter, $column, $listshare[$i]{access}); } elsif ($column == COLUMN_RIGHT) { err_dialog(N("Error"), N("Please use the modify button to set right access.")) and return; } elsif ($column == COLUMN_OPTIONS) { my $i = ($path->get_indices)[0]; $listshare[$i]{options} = $new_text; $model->set($iter, $column, $listshare[$i]{options}); } write_conf(); } ############### # Main Program ############### # create model my $model = create_model(); my $window = ugtk2->new(N("Manage NFS shares")); $::main_window = $window->{real_window}; $window->{rwindow}->set_size_request(550, 400) unless $::isEmbedded; $window->{rwindow}->set_position('center') if !$::isEmbedded; my $W = $window->{window}; $W->signal_connect(delete_event => sub { ugtk2->exit }); my $treeview = Gtk2::TreeView->new_with_model($model); $treeview->set_rules_hint(1); $treeview->get_selection->set_mode('single'); add_columns($treeview); # double clic and popup modify window $treeview->signal_connect(button_press_event => sub { my (undef, $event) = @_; my $selection = $treeview->get_selection; my $iter = $selection->get_selected; if ($iter) { add_modify_entry($treeview, "modify") if $event->type eq '2button-press'; } }); # create menu my @items = get_items(); my $factory = Gtk2::ItemFactory->new('Gtk2::MenuBar', '<main>', undef); $factory->create_items('menu', @items); my $menu = $factory->get_widget('<main>'); my $okcancel = create_okcancel({ cancel_clicked => sub { ugtk2->exit }, ok_clicked => sub { &write_conf; run_program::raw({ detach => 1 }, "service nfs-server reload"); ugtk2->exit }, }, ); my $wait = $in->wait_message(N("Please wait"), N("Starting the NFS-server")); services::_run_action('rpcbind', "start"); services::_run_action('nfs-server', "start"); undef $wait; # main interface $W->add(gtknew('VBox', children => [ 0, $menu, 0, Gtk2::Banner->new($nfsicon, N("DrakNFS manage NFS shares")), #if_($::isEmbedded, 0, gtknew('Label', text => "Here you can add, remove and alter NFS shares.")), 1, gtknew('HBox', border_width => 0, children => [ 1, gtknew('ScrolledWindow', child => $treeview), 0, gtkpack_(create_vbox('start'), 0, gtknew('Button', text => N("Add"), clicked => sub { eval { add_modify_entry($treeview, "add") }; my $err = $@; if ($err) { err_dialog(N("Error"), N("Failed to add NFS share.") . "\n\n" . $err); } }), 0, gtknew('Button', text => N("Modify"), clicked => sub { eval { add_modify_entry($treeview, "modify") }; my $err = $@; if ($err) { err_dialog(N("Error"), N("Failed to Modify NFS share.") . "\n\n" . $err); } }), 0, gtknew('Button', text => N("Remove"), clicked => sub { eval { remove_entry($treeview) }; my $err = $@; if ($err) { err_dialog(N("Error"), N("Failed to remove an NFS share.") . "\n\n" . $err); } }), ), ]), 0, $okcancel, ]), ); $W->show_all; Gtk2->main;