summaryrefslogtreecommitdiffstats
path: root/perl-install/standalone/drakvpn
diff options
context:
space:
mode:
authorFlorin Grad <florin@mandriva.com>2004-02-12 17:40:29 +0000
committerFlorin Grad <florin@mandriva.com>2004-02-12 17:40:29 +0000
commit1a84a6e7a2825f84d4c2194b5d557731a5a9cce3 (patch)
tree643350009dc68eba5cb3bc8ab2b2921a928d67da /perl-install/standalone/drakvpn
parentec0c1a41addcc5b103e93cf713e134e64a8a0db2 (diff)
downloaddrakx-1a84a6e7a2825f84d4c2194b5d557731a5a9cce3.tar
drakx-1a84a6e7a2825f84d4c2194b5d557731a5a9cce3.tar.gz
drakx-1a84a6e7a2825f84d4c2194b5d557731a5a9cce3.tar.bz2
drakx-1a84a6e7a2825f84d4c2194b5d557731a5a9cce3.tar.xz
drakx-1a84a6e7a2825f84d4c2194b5d557731a5a9cce3.zip
hopefuly better interface
Diffstat (limited to 'perl-install/standalone/drakvpn')
-rw-r--r--perl-install/standalone/drakvpn276
1 files changed, 148 insertions, 128 deletions
diff --git a/perl-install/standalone/drakvpn b/perl-install/standalone/drakvpn
index 944ab05a4..e5ea0ea9c 100644
--- a/perl-install/standalone/drakvpn
+++ b/perl-install/standalone/drakvpn
@@ -159,19 +159,6 @@ computers look as if they were on the same network.
Make sure you have configured your Network/Internet access using
drakconnect before going any further."), 1) or goto begin;
-$::direct or $in->ask_okcancel(N("Simple VPN setup."),
-N("VPN connection.
-
-This program is based on the following projects:
-
- - FreeSwan: \thttp://www.freeswan.org/
- - Super-FreeSwan: \thttp://www.freeswan.ca/
- - ipsec-tools: \thttp://ipsec-tools.sourceforge.net/
- - ipsec-howto: \thttp://www.ipsec-howto.org
-
-Please read the at least the ipsec-howto docs
-before going any further."), 1) or goto begin;
-
if ($kernel_version < 2.5) {
system("/sbin/modprobe ipsec") if -e "/sbin/modprobe";
$proc_version = cat_("/proc/net/ipsec_version") if -e "/proc/net/ipsec_version";
@@ -185,13 +172,25 @@ if ($kernel_version < 2.5) {
$proc_version = "ipsec native";
}
+$::direct or $in->ask_okcancel(N("Simple VPN setup."),
+N("VPN connection.
+
+This program is based on the following projects:
+ - FreeSwan: \t\t\thttp://www.freeswan.org/
+ - Super-FreeSwan: \t\thttp://www.freeswan.ca/
+ - ipsec-tools: \t\t\thttp://ipsec-tools.sourceforge.net/
+ - ipsec-howto: \t\thttp://www.ipsec-howto.org
+ - the docs and man pages coming with the %s package
+
+Please read AT LEAST the ipsec-howto docs
+before going any further."),$ipsec_package) or goto begin;
+
$::direct or $in->ask_okcancel(N("Kernel module."),
-N("The running kernel need to have ipsec support.\n
-The kernels 2.4 until 2.5 need to be compiled with
-Freeswan or Super/FreeSwan.
-The kernels 2.5 and above have native ipsec support.\n
-The running kernel version is %s and it has support for:
-%s", $kernel_version, $proc_version)) or goto begin;
+N("The kernel need to have ipsec support.
+
+You're running a %s kernel version.
+
+This kernel has '%s' support.", $kernel_version, $proc_version)) or goto begin;
step_detectsetup:
@@ -217,8 +216,8 @@ Examples:
#- **********************************
#- * 2nd step: configure
-$wait_configuring = $in->wait_message(N("Configuring..."),
- N("Configuring scripts, installing software, starting servers..."));
+#$wait_configuring = $in->wait_message(N("Configuring..."),
+# N("Configuring scripts, installing software, starting servers..."));
#- if the kernel has super-freeswan support, remove the freeswan package
#- and vice-versa
@@ -284,16 +283,11 @@ my $c;
if ($kernel_version > 2.5) {
$c = $in->ask_from_list_(N("Configuration file"),
-N("Welcome to the
-
- - %s and
- - %s
-
-files configuration step.
+N("Welcome to the configuration files step !
You can now configure the sections of these files.
-Which file would you like to configure ?\n", $ipsec_conf, $racoon_conf),
+Which file would you like to configure ?\n"),
[ N("configure %s", $ipsec_conf), N("configure %s", $racoon_conf) ]) or goto step_detectsetup;
} else {
@@ -397,12 +391,12 @@ N("This section has to be on top of your
Make sure all other sections follow this config
setup section.\n
Choose continue or previous when you are done.\n", $ipsec_conf),
- [ { label => N("interfaces="), val => \$config_setup->{2}[1], type => 'entry' },
- { label => N("klipsdebug="), val => \$config_setup->{3}[1], type => 'entry' },
- { label => N("plutodebug="), val => \$config_setup->{4}[1], type => 'entry' },
- { label => N("plutoload="), val => \$config_setup->{5}[1], type => 'entry' },
- { label => N("plutostart="), val => \$config_setup->{6}[1], type => 'entry' },
- { label => N("uniqueids="), val => \$config_setup->{7}[1], type => 'entry' },
+ [ { label => N("interfaces"), val => \$config_setup->{2}[1], type => 'entry' },
+ { label => N("klipsdebug"), val => \$config_setup->{3}[1], type => 'entry' },
+ { label => N("plutodebug"), val => \$config_setup->{4}[1], type => 'entry' },
+ { label => N("plutoload"), val => \$config_setup->{5}[1], type => 'entry' },
+ { label => N("plutostart"), val => \$config_setup->{6}[1], type => 'entry' },
+ { label => N("uniqueids"), val => \$config_setup->{7}[1], type => 'entry' },
]
) or goto step_configure_ipsec_conf;
@@ -443,15 +437,15 @@ All the other sections will follow this one.
The left settings are optional. If don't define
them here, globally, you can define them in each
section.\n",),
- [ { label => N("pfs="), val => \$conn_default->{2}[1], type => 'entry' },
- { label => N("keyingtries="), val => \$conn_default->{3}[1], type => 'entry' },
- { label => N("compress="), val => \$conn_default->{4}[1], type => 'entry' },
- { label => N("disablearrivalcheck="), val => \$conn_default->{5}[1], type => 'entry' },
- { label => N("left="), val => \$conn_default->{6}[1], type => 'entry' },
- { label => N("leftcert="), val => \$conn_default->{7}[1], type => 'entry' },
- { label => N("leftrsasigkey="), val => \$conn_default->{8}[1], type => 'entry' },
- { label => N("leftsubnet="), val => \$conn_default->{9}[1], type => 'entry' },
- { label => N("leftnexthop="), val => \$conn_default->{10}[1], type => 'entry' },
+ [ { label => N("pfs"), val => \$conn_default->{2}[1], type => 'entry' },
+ { label => N("keyingtries"), val => \$conn_default->{3}[1], type => 'entry' },
+ { label => N("compress"), val => \$conn_default->{4}[1], type => 'entry' },
+ { label => N("disablearrivalcheck"), val => \$conn_default->{5}[1], type => 'entry' },
+ { label => N("left"), val => \$conn_default->{6}[1], type => 'entry' },
+ { label => N("leftcert"), val => \$conn_default->{7}[1], type => 'entry' },
+ { label => N("leftrsasigkey"), val => \$conn_default->{8}[1], type => 'entry' },
+ { label => N("leftsubnet"), val => \$conn_default->{9}[1], type => 'entry' },
+ { label => N("leftnexthop"), val => \$conn_default->{10}[1], type => 'entry' },
]
) or goto step_configure_ipsec_conf;
@@ -485,17 +479,17 @@ You can now add a new section.
Choose continue when you are done to write the data.\n", $ipsec_conf),
[ { label => N("section name"), val => \$normal_conn->{1}[1], type => 'entry' },
{ label => N("authby"), val => \$normal_conn->{2}[1], type => 'entry' },
- { label => N("auto="), val => \$normal_conn->{3}[1], type => 'entry' },
- { label => N("left="), val => \$normal_conn->{4}[1], type => 'entry' },
- { label => N("leftcert="), val => \$normal_conn->{5}[1], type => 'entry' },
- { label => N("leftrsasigkey="), val => \$normal_conn->{6}[1], type => 'entry' },
- { label => N("leftsubnet="), val => \$normal_conn->{7}[1], type => 'entry' },
- { label => N("leftnexthop="), val => \$normal_conn->{8}[1], type => 'entry' },
- { label => N("right="), val => \$normal_conn->{9}[1], type => 'entry' },
- { label => N("rightcert="), val => \$normal_conn->{10}[1], type => 'entry' },
- { label => N("rightrsasigkey="), val => \$normal_conn->{11}[1], type => 'entry' },
- { label => N("rightsubnet="), val => \$normal_conn->{12}[1], type => 'entry' },
- { label => N("rightnexthop="), val => \$normal_conn->{13}[1], type => 'entry' },
+ { label => N("auto"), val => \$normal_conn->{3}[1], type => 'entry' },
+ { label => N("left"), val => \$normal_conn->{4}[1], type => 'entry' },
+ { label => N("leftcert"), val => \$normal_conn->{5}[1], type => 'entry' },
+ { label => N("leftrsasigkey"), val => \$normal_conn->{6}[1], type => 'entry' },
+ { label => N("leftsubnet"), val => \$normal_conn->{7}[1], type => 'entry' },
+ { label => N("leftnexthop"), val => \$normal_conn->{8}[1], type => 'entry' },
+ { label => N("right"), val => \$normal_conn->{9}[1], type => 'entry' },
+ { label => N("rightcert"), val => \$normal_conn->{10}[1], type => 'entry' },
+ { label => N("rightrsasigkey"), val => \$normal_conn->{11}[1], type => 'entry' },
+ { label => N("rightsubnet"), val => \$normal_conn->{12}[1], type => 'entry' },
+ { label => N("rightnexthop"), val => \$normal_conn->{13}[1], type => 'entry' },
]
) or goto step_configure_ipsec_conf;
@@ -698,13 +692,14 @@ step_configure_racoon_conf:
my $choice = $section_names[0] if $section_names[0];
my $d = $in->ask_from_list_(N("%s entries", $racoon_conf),
-N("The %s file contents
-is divided into sections.\n
-You can now :\n
- - display, add, edit, or remove sections, then
- - commit the changes\n
-
-What would you like to do ?\n", $racoon_conf),
+N("The racoon.conf file configuration.\n
+The contents of this file is divided into sections.
+You can now :
+ - display \t\t (display the file contents)
+ - add \t\t (add one section)
+ - edit \t\t\t (modify parameters of an existing section)
+ - remove \t\t (remove an existing section)
+ - commit \t\t (writes the changes to the real file)"),
[ N_("display"), N_("add"), N_("edit"), N_("remove"), N_("commit") ]) or goto step_configuration;
@@ -740,11 +735,11 @@ step_add_section_racoon:
#my $existing_section = "";
my $e = $in->ask_from_list_(N("racoonf.conf entries"),
-N("The %s file contains different sections.\n
-Here is its skeleton : 'path'
- 'remote'
- 'sainfo' \n
-You can now add one of these sections.\n
+N("The 'add' sections step.\n
+Here below is the racoon.conf file skeleton :
+\t'path'
+\t'remote'
+\t'sainfo' \n
Choose the section you would like to add.\n", $racoon_conf),
[ N_("path"), N_("remote"), N_("sainfo"), N_("dismiss") ]) or goto step_configure_racoon_conf;
if ($e eq "path") {
@@ -754,13 +749,38 @@ if ($e eq "path") {
};
$in->ask_from('',
-N("This section has to be on top of your
-%s file.\n
-Make sure all the other sections follow
-these path sections.\n
-Choose continue or previous when you are done.\n", $racoon_conf),
- [ { label => N("path_type ="), val => \$path_section->{1}[1], list => [ 'certificate', 'pre_shared_key', 'include' ] },
- { label => N("real_file ="), val => \$path_section->{1}[2], type => 'entry' },
+N("The 'add path' section step.\n
+The path sections have to be on top of your racoon.conf file.\n
+Put your mouse over the certificate entry to obtain online help."),
+ [{ label => N("path type"),
+ val => \$path_section->{1}[1],
+ list => [ 'certificate', 'pre_shared_key', 'include' ],
+ help =>
+N("Path Specification
+ path include path;
+ specifies a path to include a file. See File Inclusion.
+ Example: path include '/etc/racoon'
+
+ path pre_shared_key file;
+ specifies a file containing pre-shared key(s)
+ for various ID(s). See Pre-shared key File.
+ Example: path pre_shared_key '/etc/racoon/psk.txt' ;
+
+ path certificate path;
+ racoon(8) will search this directory if a certificate or
+ certificate request is received.
+ Example: path certificate '/etc/cert' ;
+
+File Inclusion
+ include file
+ other configuration files can be included.
+
+Pre-shared key File
+ Pre-shared key file defines a pair of the identifier and the
+ shared secret key which are used at Pre-shared key authentication
+ method in phase 1."),
+},
+ { label => N("real file"), val => \$path_section->{1}[2], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -784,26 +804,26 @@ network::ipsec::add_section_racoon_conf($path_section, $racoon);
};
$in->ask_from('',
N("Make sure you already have the path sections
-on the top of your %s file.
+on the top of your racoon.conf file.
You can now choose the remote settings.
Choose continue or previous when you are done.\n", $racoon_conf),
- [ { label => N("remote ="), val => \$main_remote_section->{1}[1], type => 'entry' },
- { label => N("exchange_mode ="), val => \$main_remote_section->{2}[1], type => 'entry' },
- { label => N("generate_policy ="), val => \$main_remote_section->{3}[1], type => 'entry' },
- { label => N("passive ="), val => \$main_remote_section->{4}[1], type => 'entry' },
- { label => N("certificate_type ="), val => \$main_remote_section->{5}[1], type => 'entry' },
- { label => N("my_certfile ="), val => \$main_remote_section->{5}[2], type => 'entry' },
- { label => N("my_private_key ="), val => \$main_remote_section->{5}[3], type => 'entry' },
- { label => N("peers_certfile ="), val => \$main_remote_section->{6}[1], type => 'entry' },
- { label => N("verify_cert ="), val => \$main_remote_section->{7}[1], type => 'entry' },
- { label => N("my_identifier ="), val => \$main_remote_section->{8}[1], type => 'entry' },
- { label => N("peers_identifier ="), val => \$main_remote_section->{9}[1], type => 'entry' },
- { label => N("proposal ="), val => \$proposal_remote_section->{1}[0], type => 'entry' },
- { label => N("encryption_algorithm ="), val => \$proposal_remote_section->{2}[1], type => 'entry' },
- { label => N("hash_algorithm ="), val => \$proposal_remote_section->{3}[1], type => 'entry' },
- { label => N("authentication_method ="), val => \$proposal_remote_section->{4}[1], type => 'entry' },
- { label => N("dh_group ="), val => \$proposal_remote_section->{5}[1], type => 'entry' },
+ [ { label => N("remote"), val => \$main_remote_section->{1}[1], type => 'entry' },
+ { label => N("exchange_mode"), val => \$main_remote_section->{2}[1], type => 'entry' },
+ { label => N("generate_policy"), val => \$main_remote_section->{3}[1], type => 'entry' },
+ { label => N("passive"), val => \$main_remote_section->{4}[1], type => 'entry' },
+ { label => N("certificate_type"), val => \$main_remote_section->{5}[1], type => 'entry' },
+ { label => N("my_certfile"), val => \$main_remote_section->{5}[2], type => 'entry' },
+ { label => N("my_private_key"), val => \$main_remote_section->{5}[3], type => 'entry' },
+ { label => N("peers_certfile"), val => \$main_remote_section->{6}[1], type => 'entry' },
+ { label => N("verify_cert"), val => \$main_remote_section->{7}[1], type => 'entry' },
+ { label => N("my_identifier"), val => \$main_remote_section->{8}[1], type => 'entry' },
+ { label => N("peers_identifier"), val => \$main_remote_section->{9}[1], type => 'entry' },
+ { label => N("proposal"), val => \$proposal_remote_section->{1}[0], type => 'entry' },
+ { label => N("encryption_algorithm"), val => \$proposal_remote_section->{2}[1], type => 'entry' },
+ { label => N("hash_algorithm"), val => \$proposal_remote_section->{3}[1], type => 'entry' },
+ { label => N("authentication_method"), val => \$proposal_remote_section->{4}[1], type => 'entry' },
+ { label => N("dh_group"), val => \$proposal_remote_section->{5}[1], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -823,16 +843,16 @@ on the top of your %s file.\n
You can now choose the sainfo settings.
Choose continue or previous when you are done.\n", $racoon_conf),
- [ { label => N("sainfo_source_address ="), val => \$sainfo_section->{1}[2], type => 'entry' },
- { label => N("sainfo_source_proto ="), val => \$sainfo_section->{1}[3], type => 'entry' },
- { label => N("sainfo_dest_address ="), val => \$sainfo_section->{1}[5], type => 'entry' },
- { label => N("sainfo_dest_proto ="), val => \$sainfo_section->{1}[6], type => 'entry' },
- { label => N("pfs_group ="), val => \$sainfo_section->{2}[1], type => 'entry' },
- { label => N("lifetime_number ="), val => \$sainfo_section->{3}[2], type => 'entry' },
- { label => N("lifetime_unit ="), val => \$sainfo_section->{3}[3], type => 'entry' },
- { label => N("encryption_algorithm ="), val => \$sainfo_section->{4}[1], type => 'entry' },
- { label => N("authentication_algorithm ="), val => \$sainfo_section->{5}[1], type => 'entry' },
- { label => N("compression_algorithm ="), val => \$sainfo_section->{6}[1], type => 'entry' },
+ [ { label => N("sainfo_source_address"), val => \$sainfo_section->{1}[2], type => 'entry' },
+ { label => N("sainfo_source_proto"), val => \$sainfo_section->{1}[3], type => 'entry' },
+ { label => N("sainfo_dest_address"), val => \$sainfo_section->{1}[5], type => 'entry' },
+ { label => N("sainfo_dest_proto"), val => \$sainfo_section->{1}[6], type => 'entry' },
+ { label => N("pfs_group"), val => \$sainfo_section->{2}[1], type => 'entry' },
+ { label => N("lifetime_number"), val => \$sainfo_section->{3}[2], type => 'entry' },
+ { label => N("lifetime_unit"), val => \$sainfo_section->{3}[3], type => 'entry' },
+ { label => N("encryption_algorithm"), val => \$sainfo_section->{4}[1], type => 'entry' },
+ { label => N("authentication_algorithm"), val => \$sainfo_section->{5}[1], type => 'entry' },
+ { label => N("compression_algorithm"), val => \$sainfo_section->{6}[1], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -861,22 +881,22 @@ N("Your %s file has several sctions.\n
You can now edit the remote section entries.
Choose continue when you are done to write the data.\n", $racoon_conf),
- [ { label => N("remote ="), val => \$racoon->{$number}{1}[1], type => 'entry' },
- { label => N("exchange_mode ="), val => \$racoon->{$number}{2}[1], type => 'entry' },
- { label => N("generate_policy ="), val => \$racoon->{$number}{3}[1], type => 'entry' },
- { label => N("passive ="), val => \$racoon->{$number}{4}[1], type => 'entry' },
- { label => N("certificate_type ="), val => \$racoon->{$number}{5}[1], type => 'entry' },
- { label => N("my_certfile ="), val => \$racoon->{$number}{5}[2], type => 'entry' },
- { label => N("my_private_key ="), val => \$racoon->{$number}{5}[3], type => 'entry' },
- { label => N("peers_certfile ="), val => \$racoon->{$number}{6}[1], type => 'entry' },
- { label => N("verify_cert ="), val => \$racoon->{$number}{7}[1], type => 'entry' },
- { label => N("my_identifier ="), val => \$racoon->{$number}{8}[1], type => 'entry' },
- { label => N("peers_identifier ="), val => \$racoon->{$number}{9}[1], type => 'entry' },
- { label => N("proposal ="), val => \$racoon->{$number+2}{1}[0], type => 'entry' },
- { label => N("encryption_algorithm ="), val => \$racoon->{$number+2}{2}[1], type => 'entry' },
- { label => N("hash_algorithm ="), val => \$racoon->{$number+2}{3}[1], type => 'entry' },
- { label => N("authentication_method ="), val => \$racoon->{$number+2}{4}[1], type => 'entry' },
- { label => N("dh_group ="), val => \$racoon->{$number+2}{5}[1], type => 'entry' },
+ [ { label => N("remote"), val => \$racoon->{$number}{1}[1], type => 'entry' },
+ { label => N("exchange_mode"), val => \$racoon->{$number}{2}[1], type => 'entry' },
+ { label => N("generate_policy"), val => \$racoon->{$number}{3}[1], type => 'entry' },
+ { label => N("passive"), val => \$racoon->{$number}{4}[1], type => 'entry' },
+ { label => N("certificate_type"), val => \$racoon->{$number}{5}[1], type => 'entry' },
+ { label => N("my_certfile"), val => \$racoon->{$number}{5}[2], type => 'entry' },
+ { label => N("my_private_key"), val => \$racoon->{$number}{5}[3], type => 'entry' },
+ { label => N("peers_certfile"), val => \$racoon->{$number}{6}[1], type => 'entry' },
+ { label => N("verify_cert"), val => \$racoon->{$number}{7}[1], type => 'entry' },
+ { label => N("my_identifier"), val => \$racoon->{$number}{8}[1], type => 'entry' },
+ { label => N("peers_identifier"), val => \$racoon->{$number}{9}[1], type => 'entry' },
+ { label => N("proposal"), val => \$racoon->{$number+2}{1}[0], type => 'entry' },
+ { label => N("encryption_algorithm"), val => \$racoon->{$number+2}{2}[1], type => 'entry' },
+ { label => N("hash_algorithm"), val => \$racoon->{$number+2}{3}[1], type => 'entry' },
+ { label => N("authentication_method"), val => \$racoon->{$number+2}{4}[1], type => 'entry' },
+ { label => N("dh_group"), val => \$racoon->{$number+2}{5}[1], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -887,16 +907,16 @@ N("Your %s file has several sctions.
You can now edit the sainfo section entries.
Choose continue when you are done to write the data.\n", $racoon_conf),
- [ { label => N("sainfo_source_address ="), val => \$racoon->{$number}{1}[2], type => 'entry' },
- { label => N("sainfo_source_proto ="), val => \$racoon->{$number}{1}[3], type => 'entry' },
- { label => N("sainfo_dest_address ="), val => \$racoon->{$number}{1}[5], type => 'entry' },
- { label => N("sainfo_dest_proto ="), val => \$racoon->{$number}{1}[6], type => 'entry' },
- { label => N("pfs_group ="), val => \$racoon->{$number}{2}[1], type => 'entry' },
- { label => N("lifetime_number ="), val => \$racoon->{$number}{3}[2], type => 'entry' },
- { label => N("lifetime_unit ="), val => \$racoon->{$number}{3}[3], type => 'entry' },
- { label => N("encryption_algorithm ="), val => \$racoon->{$number}{4}[1], type => 'entry' },
- { label => N("authentication_algorithm ="), val => \$racoon->{$number}{5}[1], type => 'entry' },
- { label => N("compression_algorithm ="), val => \$racoon->{$number}{6}[1], type => 'entry' },
+ [ { label => N("sainfo_source_address"), val => \$racoon->{$number}{1}[2], type => 'entry' },
+ { label => N("sainfo_source_proto"), val => \$racoon->{$number}{1}[3], type => 'entry' },
+ { label => N("sainfo_dest_address"), val => \$racoon->{$number}{1}[5], type => 'entry' },
+ { label => N("sainfo_dest_proto"), val => \$racoon->{$number}{1}[6], type => 'entry' },
+ { label => N("pfs_group"), val => \$racoon->{$number}{2}[1], type => 'entry' },
+ { label => N("lifetime_number"), val => \$racoon->{$number}{3}[2], type => 'entry' },
+ { label => N("lifetime_unit"), val => \$racoon->{$number}{3}[3], type => 'entry' },
+ { label => N("encryption_algorithm"), val => \$racoon->{$number}{4}[1], type => 'entry' },
+ { label => N("authentication_algorithm"), val => \$racoon->{$number}{5}[1], type => 'entry' },
+ { label => N("compression_algorithm"), val => \$racoon->{$number}{6}[1], type => 'entry' },
]
) or goto step_configure_racoon_conf;
@@ -910,8 +930,8 @@ sections.\n
You can now edit the path entries.
Choose continue or previous when you are done.\n", $racoon_conf),
- [ { label => N("path_type ="), val => \$racoon->{$number}{1}[1], list => [ 'certificate', 'pre_shared_key', 'include' ] },
- { label => N("real_file ="), val => \$racoon->{$number}{1}[2], type => 'entry' },
+ [ { label => N("path_type"), val => \$racoon->{$number}{1}[1], list => [ 'certificate', 'pre_shared_key', 'include' ] },
+ { label => N("real_file"), val => \$racoon->{$number}{1}[2], type => 'entry' },
]
) or goto step_configure_racoon_conf;
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-02-09 18:33:03 +0000
pan class="hl opt">, 'pam_ldap', 'autofs', 'pam_ccreds', 'nss_updatedb' ], KRB5 => [ 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi', 'pam_ccreds', 'nss_updatedb' ], NIS => [ 'ypbind', 'autofs' ], winbind => [ 'samba-winbind', 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi', 'samba-server' ], ); sub kind2description_raw { my (@kinds) = @_; my %kind2description = ( local => [ N("Local file:"), N("Use local for all authentication and information user tell in local file"), ], LDAP => [ N("LDAP:"), N("Tells your computer to use LDAP for some or all authentication. LDAP consolidates certain types of information within your organization."), ], NIS => [ N("NIS:"), N("Allows you to run a group of computers in the same Network Information Service domain with a common password and group file."), ], winbind => [ N("Windows Domain:"), N("Winbind allows the system to retrieve information and authenticate users in a Windows domain."), ], KRB5 => [ N("Kerberos 5 :"), N("With Kerberos and Ldap for authentication in Active Directory Server "), ], ); join('', map { $_ ? qq($_->[0]\n$_->[1]) : '' } map { $kind2description{$_} } @kinds); } sub kind2description { my (@kinds) = @_; join('', map { $_ ? qq($_\n\n) : '' } map { kind2description_raw($_) } @kinds); } sub to_kind { my ($authentication) = @_; (find { exists $authentication->{$_} } kinds()) || 'local'; } sub domain_to_ldap_domain { my ($domain) = @_; join(',', map { "dc=$_" } split /\./, $domain); } sub ask_parameters { my ($in, $net, $authentication, $kind) = @_; #- keep only this authentication kind foreach (kinds()) { delete $authentication->{$_} if $_ ne $kind; } if ($kind eq 'LDAP') { $authentication->{LDAPDOMAIN} ||= domain_to_ldap_domain($net->{resolv}{DOMAINNAME}); #$authentication->{anonymous} = "0"; #$authentication->{cafile} = "0"; #$authentication->{nssgrp} = "0"; $in->ask_from('', N(" "), [ { label => N("Welcome to the Authentication Wizard"), title => 1 }, {}, { label => N("You have selected LDAP authentication. Please review the configuration options below "), }, {}, { label => N("LDAP Server"), val => \$authentication->{LDAP_server} }, { label => N("Base dn"), val => \$authentication->{LDAPDOMAIN} }, { val => N("Fetch base Dn "), type => button , clicked_may_quit => sub { $authentication->{LDAPDOMAIN} = fetch_dn($authentication->{LDAP_server}); 0 } }, {}, { text => N("Use encrypt connection with TLS "), val => \$authentication->{cafile}, type => 'bool' }, { val => N("Download CA Certificate "), type => button , disabled => sub { !$authentication->{cafile} }, clicked_may_quit => sub { $authentication->{file} = add_cafile(); 0 } }, { text => N("Use Disconnect mode "), val => \$ccreds, type => 'bool' }, { text => N("Use anonymous BIND "), val => \$authentication->{anonymous}, type => 'bool' , advanced => 1 }, { text => N(" "), advanced => 1 }, { label => N("Bind DN "), val => \$authentication->{LDAP_binddn}, disabled => sub { !$authentication->{anonymous} }, advanced => 1 }, { label => N("Bind Password "), val => \$authentication->{LDAP_bindpwd}, disabled => sub { !$authentication->{anonymous} }, advanced => 1 }, { text => N(" "), advanced => 1 }, { text => N("Advanced path for group "), val => \$authentication->{nssgrp}, type => 'bool' , advanced => 1 }, { text => N(" "), advanced => 1 }, { label => N("Password base"), val => \$authentication->{nss_pwd}, disabled => sub { !$authentication->{nssgrp} }, advanced => 1 }, { label => N("Group base"), val => \$authentication->{nss_grp}, disabled => sub { !$authentication->{nssgrp} }, advanced => 1 }, { label => N("Shadow base"), val => \$authentication->{nss_shadow}, disabled => sub { !$authentication->{nssgrp} }, advanced => 1 }, { text => N(" "), advanced => 1 }, ]) or return; } elsif ($kind eq 'KRB5') { $authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME}; $in->do_pkgs->ensure_are_installed([ 'perl-Net-DNS' ], 1) or return; my @srvs = query_srv_names($authentication->{AD_domain}); $authentication->{AD_server} ||= $srvs[0] if @srvs; my $AD_user = $authentication->{AD_user} =~ /(.*)\@\Q$authentication->{AD_domain}\E$/ ? $1 : $authentication->{AD_user}; #my $authentication->{ccreds} ; $in->ask_from('', N(" "), [ { label => N("Welcome to the Authentication Wizard"), title => 1 }, {}, { label => N("You have selected Kerberos 5 authentication. Please review the configuration options below "), }, {}, { label => N("Realm "), val => \$authentication->{AD_domain} }, {}, { label => N("KDCs Servers"), title => 1, val => \$authentication->{AD_server} , list => \@srvs , not_edit => 0, title => 1 }, {}, { text => N("Use DNS to resolve hosts for realms "), val => \$authentication->{KRB_host_lookup}, type => 'bool' }, { text => N("Use DNS to resolve KDCs for realms "), val => \$authentication->{KRB_dns_lookup}, type => 'bool' }, { text => N("Use Disconnect mode "), val => \$ccreds, type => 'bool' }, ]) or return; my %level = ( 1 => N("Use local file for users information"), 2 => N("Use Ldap for users information"), ); $in->ask_from('', N(" "), [ { label => N(" "), title => 1 }, {}, { label => N("You have selected Kerberos 5 for authentication, now you must choose the type of users information "), }, {}, { label => "" , val => \$authentication->{nsskrb}, type => 'list', list => [ keys %level ], format => sub { $level{$_[0]} } }, {}, { label => N("LDAP Server"), val => \$authentication->{LDAP_server}, disabled => sub { $authentication->{nsskrb} eq "1" } }, { label => N("Base dn"), val => \$authentication->{LDAPDOMAIN} , disabled => sub { $authentication->{nsskrb} eq "1" } }, { val => N("Fecth base Dn "), type => button , clicked_may_quit => sub { $authentication->{LDAPDOMAIN} = fetch_dn($authentication->{LDAP_server}); 0 }, disabled => sub { $authentication->{nsskrb} eq "1" } }, {}, { text => N("Use encrypt connection with TLS "), val => \$authentication->{cafile}, type => 'bool',, disabled => sub { $authentication->{nsskrb} eq "1" } }, { val => N("Download CA Certificate "), type => button , disabled => sub { !$authentication->{cafile} }, clicked_may_quit => sub { $authentication->{file} = add_cafile(); 0 } }, { text => N("Use anonymous BIND "), val => \$authentication->{anonymous}, type => 'bool', disabled => sub { $authentication->{nsskrb} eq "1" } }, { label => N("Bind DN "), val => \$authentication->{LDAP_binddn}, disabled => sub { !$authentication->{anonymous} } }, { label => N("Bind Password "), val => \$authentication->{LDAP_bindpwd}, disabled => sub { !$authentication->{anonymous} } }, {}, ]) or return; $authentication->{AD_user} = !$AD_user || $authentication->{sub_kind} eq 'anonymous' ? '' : $AD_user =~ /@/ ? $AD_user : "$AD_user\@$authentication->{AD_domain}"; $authentication->{AD_password} = '' if !$authentication->{AD_user}; } elsif ($kind eq 'NIS') { $authentication->{NIS_server} ||= 'broadcast'; $net->{network}{NISDOMAIN} ||= $net->{resolv}{DOMAINNAME}; $in->ask_from('', N(" "), [ { label => N("Welcome to the Authentication Wizard"), title => 1 }, {}, { label => N("You have selected NIS authentication. Please review the configuration options below "), }, {}, { label => N("NIS Domain"), val => \$net->{network}{NISDOMAIN} }, { label => N("NIS Server"), val => \$authentication->{NIS_server}, list => ["broadcast"], not_edit => 0 }, {}, ]) or return; } elsif ($kind eq 'winbind') { #- maybe we should browse the network like diskdrake --smb and get the 'doze server names in a list #- but networking is not setup yet necessarily # my @sec_domain = ( "Windows NT4 Domain", "Windows Active Directory Domain", ); $authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME}; $authentication->{WINDOMAIN} ||= $net->{resolv}{DOMAINNAME}; $in->do_pkgs->ensure_are_installed([ 'samba-client' ], 1) or return; my @domains=list_domains(); $in->ask_from('', N(" "), [ { label => N("Welcome to the Authentication Wizard"), title => 1 }, {}, { label => N("You have selected Windows Domain authentication. Please review the configuration options below "), }, {}, { label => N("Windows Domain"), val => \$authentication->{WINDOMAIN}, list => \@domains, not_edit => 1 }, {}, { label => N("Domain Model "), val => \$authentication->{model}, list => \@sec_domain , not_edit => 1 }, {}, { label => N("Active Directory Realm "), val => \$authentication->{AD_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain" } }, {}, {}, {}, ]) or return; } $authentication->{$kind} ||= 1; 1; } sub ask_root_password_and_authentication { my ($in, $net, $superuser, $authentication, $meta_class, $security) = @_; my $kind = to_kind($authentication); my @kinds = kinds($in->do_pkgs, $meta_class); $in->ask_from_({ title => N("Authentication"), messages => N("Set administrator (root) password"), advanced_label => N("Authentication method"), advanced_messages => kind2description(@kinds), interactive_help_id => "setRootPassword", cancel => ($security <= 2 ? #-PO: keep this short or else the buttons will not fit in the window N("No password") : ''), focus_first => 1, callbacks => { complete => sub { check_given_password($in, $superuser, 2 * $security) or return 1,0; return 0; } } }, [ { label => N("Password"), val => \$superuser->{password}, hidden => 1 }, { label => N("Password (again)"), val => \$superuser->{password2}, hidden => 1 }, { label => N("Authentication"), val => \$kind, type => 'list', list => \@kinds, format => \&kind2name, advanced => 1 }, ]) or delete $superuser->{password}; ask_parameters($in, $net, $authentication, $kind) or goto &ask_root_password_and_authentication; } sub check_given_password { my ($in, $u, $min_length) = @_; if ($u->{password} ne $u->{password2}) { $in->ask_warn('', [ N("The passwords do not match"), N("Please try again") ]); 0; } elsif (length $u->{password} < $min_length) { $in->ask_warn('', N("This password is too short (it must be at least %d characters long)", $min_length)); 0; } else { 1; } } sub get() { my $system_auth = cat_("/etc/pam.d/system-auth"); my $authentication = { blowfish => to_bool($system_auth =~ /\$2a\$/), md5 => to_bool($system_auth =~ /md5/), shadow => to_bool($system_auth =~ /shadow/), }; my @pam_kinds = get_pam_authentication_kinds(); if (my $kind = find { intersection(\@pam_kinds, $kind2pam_kind{$_}) } keys %kind2pam_kind) { $authentication->{$kind} = ''; } else { #- we can't use pam to detect NIS if (my $yp_conf = read_yp_conf()) { $authentication->{NIS} = 1; map_each { $authentication->{"NIS_$::a"} = $::b } %$yp_conf; } } $authentication; } sub install_needed_packages { my ($do_pkgs, $kind) = @_; if (my $pkgs = $kind2packages{$kind}) { #- automatic during install $do_pkgs->ensure_are_installed($pkgs, $::isInstall) or return; } else { log::l("ERROR: $kind not listed in kind2packages"); } 1; } sub set { my ($in, $net, $authentication, $o_when_network_is_up) = @_; install_needed_packages($in->do_pkgs, to_kind($authentication)) or return; set_raw($net, $authentication, $o_when_network_is_up); require services; services::set_status('network-auth', to_kind($authentication) ne 'local', 'dont_apply'); } sub set_raw { my ($net, $authentication, $o_when_network_is_up) = @_; my $conf_file = "$::prefix/etc/sysconfig/drakauth"; my $when_network_is_up = $o_when_network_is_up || sub { my ($f) = @_; $f->() }; enable_shadow() if $authentication->{shadow}; my $kind = to_kind($authentication); log::l("authentication::set $kind"); my $pam_modules = $kind2pam_kind{$kind} or log::l("kind2pam_kind does not know $kind"); $pam_modules ||= []; sshd_config_UsePAM(@$pam_modules > 0); set_pam_authentication($pam_modules, $ccreds); my $nsswitch = $kind2nsswitch{$kind} or log::l("kind2nsswitch does not know $kind"); $nsswitch ||= []; set_nsswitch_priority($nsswitch,$ccreds); if ($kind eq 'local') { output($conf_file, <<EOF); auth=Local File server=none realm=none EOF } elsif ($kind eq 'SmartCard') { } elsif ($kind eq 'LDAP') { configure_nss_ldap($authentication); output($conf_file, <<EOF); auth=Ldap Directory server=$authentication->{LDAP_server} realm=$authentication->{LDAPDOMAIN} EOF } elsif ($kind eq 'KRB5') { configure_krb5_for_AD($authentication); configure_nss_ldap($authentication); output($conf_file, <<EOF); auth=Kerberos 5 server=$authentication->{AD_server} realm=$authentication->{AD_domain} EOF } elsif ($kind eq 'NIS') { my $domain = $net->{network}{NISDOMAIN}; my $NIS_server = $authentication->{NIS_server}; $domain || $NIS_server ne "broadcast" or die N("Can not use broadcast with no NIS domain"); my $t = $domain ? ($NIS_server eq 'broadcast' ? "domain $domain broadcast" : "domain $domain server $NIS_server") : "server $NIS_server"; substInFile { if (/^#/) { $_ = '' if /^#\Q[PREVIOUS]/; } else { $_ = "#[PREVIOUS] $_"; } $_ .= "$t\n" if eof; } "$::prefix/etc/yp.conf"; #- no need to modify system-auth for nis $when_network_is_up->(sub { run_program::rooted($::prefix, 'nisdomainname', $domain); run_program::rooted($::prefix, 'service', 'ypbind', 'restart'); }); output($conf_file, <<EOF); auth=$kind server=$NIS_server realm=$domain EOF # } elsif ($kind eq 'winbind' || $kind eq 'AD' && $authentication->{subkind} eq 'winbind') { } elsif ($kind eq 'winbind') { my $domain = uc $authentication->{WINDOMAIN}; ($authentication->{winuser}, $authentication->{winpass}) = auth(); if ($authentication->{model} eq "Windows NT4 Domain") { require fs::remote::smb; fs::remote::smb::write_smb_conf($domain); run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on"); mkdir_p("$::prefix/home/$domain"); run_program::rooted($::prefix, 'service', 'smb', 'restart'); run_program::rooted($::prefix, 'service', 'winbind', 'restart'); #- defer running smbpassword until the network is up $when_network_is_up->(sub { run_program::raw({ root => $::prefix, sensitive_arguments => 1 }, #'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass}); 'echo', '"', 'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass}, '"'); }); output($conf_file, <<EOF); auth=Windows NT4 Domain server= none realm=$domain EOF } else { $authentication->{AD_server} ||= 'ads.' . $authentication->{AD_domain}; my $domain = uc $authentication->{WINDOMAIN}; my $realm = $authentication->{AD_domain}; ($authentication->{winuser}, $authentication->{winpass}) = auth(); configure_krb5_for_AD($authentication); require fs::remote::smb; fs::remote::smb::write_smb_ads_conf($domain,$realm); run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on"); mkdir_p("$::prefix/home/$domain"); run_program::rooted($::prefix, 'net', 'time', 'set', '-S', $authentication->{AD_server}); run_program::rooted($::prefix, 'service', 'smb', 'restart'); run_program::rooted($::prefix, 'service', 'winbind', 'restart'); $when_network_is_up->(sub { run_program::raw({ root => $::prefix, sensitive_arguments => 1 }, 'net', 'ads', 'join', '-U', $authentication->{winuser} . '%' . $authentication->{winpass}); }); output($conf_file, <<EOF); auth=Windows Active Directory Domain server= none realm=$realm EOF } } 1; } sub pam_modules() { 'pam_ldap', 'pam_castella', 'pam_winbind', 'pam_krb5', 'pam_mkhomedir', 'pam_ccreds', 'pam_deny' , 'pam_permit'; } sub pam_module_from_path { $_[0] && $_[0] =~ m|(/lib/security/)?(pam_.*)\.so| && $2; } sub pam_module_to_path { "$_[0].so"; } sub pam_format_line { my ($type, $control, $module, @para) = @_; sprintf("%-11s %-13s %s\n", $type, $control, join(' ', pam_module_to_path($module), @para)); } sub get_raw_pam_authentication() { my %before_deny; foreach (cat_("$::prefix/etc/pam.d/system-auth")) { #my ($type, $control, $module, @para) = split; my ($type, $_control, $other) = /(\S+)\s+(\[.*?\]|\S+)\s+(.*)/; my ($module, @para) = split(' ', $other); if ($module = pam_module_from_path($module)) { #$before_deny{$type}{$module} = \@para if $control eq 'sufficient' && member($module, pam_modules()); $before_deny{$type}{$module} = \@para if member($module, pam_modules()); } } \%before_deny; } sub get_pam_authentication_kinds() {