diff options
-rw-r--r-- | perl-install/any.pm | 92 | ||||
-rw-r--r-- | perl-install/install2.pm | 1 | ||||
-rw-r--r-- | perl-install/install_any.pm | 76 | ||||
-rw-r--r-- | perl-install/install_steps.pm | 3 | ||||
-rw-r--r-- | perl-install/install_steps_interactive.pm | 42 | ||||
-rw-r--r-- | perl-install/network/smb.pm | 32 |
6 files changed, 139 insertions, 107 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm index 83083afa1..b404b621c 100644 --- a/perl-install/any.pm +++ b/perl-install/any.pm @@ -973,4 +973,96 @@ sub config_mtools { } $file; } + +sub authentication_kinds() { + ('local', 'LDAP', 'NIS', 'winbind'); +} +sub authentication_kind2description { + my ($kind) = @_; + ${{ local => N("Local files"), LDAP => N("LDAP"), NIS => N("NIS"), winbind => N("Windows Domain") }}{$kind}; +} +sub authentication2authentication_kind { + my ($authentication) = @_; + (find { $authentication->{$_} } authentication_kinds()) || 'local'; +} + +sub ask_authentification_parameters { + my ($in, $netc, $authentication, $authentication_kind) = @_; + + my $val = $authentication->{$authentication_kind}; + + if ($authentication_kind eq 'LDAP') { + $val ||= 'ldap.' . $netc->{DOMAINNAME}; + $netc->{LDAPDOMAIN} ||= join(',', map { "dc=$_" } split /\./, $netc->{DOMAINNAME}); + $in->ask_from('', + N("Authentication LDAP"), + [ { label => N("LDAP Base dn"), val => \$netc->{LDAPDOMAIN} }, + { label => N("LDAP Server"), val => \$val }, + ]) or return; + } elsif ($authentication_kind eq 'NIS') { + $val ||= 'broadcast'; + $in->ask_from('', + N("Authentication NIS"), + [ { label => N("NIS Domain"), val => \ ($netc->{NISDOMAIN} ||= $netc->{DOMAINNAME}) }, + { label => N("NIS Server"), val => \$val, list => ["broadcast"], not_edit => 0 }, + ]) or return; + } elsif ($authentication_kind eq 'winbind') { + #- maybe we should browse the network like diskdrake --smb and get the 'doze server names in a list + #- but networking isn't setup yet necessarily + $in->ask_warn('', N("For this to work for a W2K PDC, you will probably need to have the admin run: C:\\>net localgroup \"Pre-Windows 2000 Compatible Access\" everyone /add and reboot the server.\nYou will also need the username/password of a Domain Admin to join the machine to the Windows(TM) domain.\nIf networking is not yet enabled, Drakx will attempt to join the domain after the network setup step.\nShould this setup fail for some reason and domain authentication is not working, run 'smbpasswd -j DOMAIN -U USER%%PASSWORD' using your Windows(tm) Domain, and Admin Username/Password, after system boot.\nThe command 'wbinfo -t' will test whether your authentication secrets are good.")); + $in->ask_from('', + N("Authentication Windows Domain"), + [ { label => N("Windows Domain"), val => \ ($netc->{WINDOMAIN} ||= $netc->{DOMAINNAME}) }, + { label => N("Domain Admin User Name"), val => \$val }, + { label => N("Domain Admin Password"), val => \$authentication->{winpass}, hidden => 1 }, + ]) or return; + } + #- keep only one authentication + delete $authentication->{$_} foreach authentication_kinds(); + $authentication->{$authentication_kind} = $val; + 1; +} + +sub set_authentication { + my ($in, $netc, $authentication, $when_network_is_up) = @_; + my ($shadow, $ldap, $nis, $winbind, $winpass) = @$authentication{qw(shadow LDAP NIS winbind winpass)}; + enableShadow() if $shadow; + if ($ldap) { + $in->do_pkgs->install(qw(chkauth openldap-clients nss_ldap pam_ldap)); + run_program::rooted($::prefix, "/usr/sbin/chkauth", "ldap", "-D", $netc->{LDAPDOMAIN}, "-s", $ldap); + } elsif ($nis) { + #$o->pkg_install(qw(chkauth ypbind yp-tools net-tools)); + #run_program::rooted($::prefix, "/usr/sbin/chkauth", "yp", $domain, "-s", $nis); + $in->do_pkgs->install("ypbind"); + my $domain = $netc->{NISDOMAIN}; + $domain || $nis ne "broadcast" or die \N("Can't use broadcast with no NIS domain"); + my $t = $domain ? "domain $domain" . ($nis ne "broadcast" && " server") : "ypserver"; + substInFile { + $_ = "#~$_" unless /^#/; + $_ .= "$t $nis\n" if eof; + } "$::prefix/etc/yp.conf"; + require network; + network::write_conf("$::prefix/etc/sysconfig/network", $netc); + } elsif ($winbind) { + my $domain = $netc->{WINDOMAIN}; + $domain =~ tr/a-z/A-Z/; + + $in->do_pkgs->install(qw(samba-winbind samba-common)); + { #- setup pam + my $f = "$::prefix/etc/pam.d/system-auth"; + cp_af($f, "$f.orig"); + cp_af("$f-winbind", $f); + } + require network::smb; + network::smb::write_smb_conf($domain); + run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on"); + mkdir_p("$::prefix/home/$domain"); + + #- defer running smbpassword until the network is up + $when_network_is_up->(sub { + run_program::rooted($::prefix, "/usr/bin/smbpasswd", "-j", $domain, "-U", $winbind . "%" . $winpass); + }); + } +} + 1; diff --git a/perl-install/install2.pm b/perl-install/install2.pm index 1b0821780..876e6752d 100644 --- a/perl-install/install2.pm +++ b/perl-install/install2.pm @@ -263,7 +263,6 @@ sub setRootPassword { return if $o->{isUpgrade}; installStepsCall($o, $auto, 'setRootPassword', $clicked); - addToBeDone { install_any::setAuthentication($o) } 'installPackages'; } #------------------------------------------------------------------------------ sub addUser { diff --git a/perl-install/install_any.pm b/perl-install/install_any.pm index a7157a667..400768b74 100644 --- a/perl-install/install_any.pm +++ b/perl-install/install_any.pm @@ -427,79 +427,19 @@ sub addToBeDone(&$) { push @{$::o->{steps}{$step}{toBeDone}}, $f; } -sub setAuthentication { +sub set_authentication { my ($o) = @_; - my ($shadow, $ldap, $nis, $winbind, $winpass) = @{$o->{authentication} || {}}{qw(shadow LDAP NIS winbind winpass)}; - any::enableShadow() if $shadow; - if ($ldap) { - $o->pkg_install(qw(chkauth openldap-clients nss_ldap pam_ldap)); - run_program::rooted($o->{prefix}, "/usr/sbin/chkauth", "ldap", "-D", $o->{netc}{LDAPDOMAIN}, "-s", $ldap); - } elsif ($nis) { - #$o->pkg_install(qw(chkauth ypbind yp-tools net-tools)); - #run_program::rooted($o->{prefix}, "/usr/sbin/chkauth", "yp", $domain, "-s", $nis); - $o->pkg_install("ypbind"); - my $domain = $o->{netc}{NISDOMAIN}; - $domain || $nis ne "broadcast" or die \N("Can't use broadcast with no NIS domain"); - my $t = $domain ? "domain $domain" . ($nis ne "broadcast" && " server") : "ypserver"; - substInFile { - $_ = "#~$_" unless /^#/; - $_ .= "$t $nis\n" if eof; - } "$::prefix/etc/yp.conf"; - require network; - network::write_conf("$::prefix/etc/sysconfig/network", $o->{netc}); - } elsif ($winbind) { - my $domain = $o->{netc}{WINDOMAIN}; - $domain =~ tr/a-z/A-Z/; - - $o->pkg_install(qw(samba-winbind samba-common)); - { #- setup pam - my $f = "$o->{prefix}/etc/pam.d/system-auth"; - cp_af($f, "$f.orig"); - cp_af("$f-winbind", $f); - } - write_smb_conf($domain); - run_program::rooted($o->{prefix}, "chkconfig", "--level", "35", "winbind", "on"); - mkdir_p("$o->{prefix}/home/$domain"); - - #- defer running smbpassword - no network yet - $winbind = $winbind . "%" . $winpass; + + my $when_network_is_up = sub { + my ($f) = @_; + #- defer running xxx - no network yet addToBeDone { require install_steps; install_steps::upNetwork($o, 'pppAvoided'); - run_program::rooted($o->{prefix}, "/usr/bin/smbpasswd", "-j", $domain, "-U", $winbind); + $f->(); } 'configureNetwork'; - } -} - -sub write_smb_conf { - my ($domain) = @_; - - #- was going to just have a canned config in samba-winbind - #- and replace the domain, but sylvestre/buchan didn't bless it yet - - my $f = "$::prefix/etc/samba/smb.conf"; - rename $f, "$f.orig"; - output($f, " -[global] - workgroup = $domain - server string = Samba Server %v - security = domain - encrypt passwords = Yes - password server = * - log file = /var/log/samba/log.%m - max log size = 50 - socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 - character set = ISO8859-15 - os level = 18 - local master = No - dns proxy = No - winbind uid = 10000-20000 - winbind gid = 10000-20000 - winbind separator = + - template homedir = /home/%D/%U - template shell = /bin/bash - winbind use default domain = yes -"); + }; + any::set_authentication($o, $o->{netc}, $o->{authentication} ||= {}, $when_network_is_up); } sub killCardServices() { diff --git a/perl-install/install_steps.pm b/perl-install/install_steps.pm index b99830492..ec8098971 100644 --- a/perl-install/install_steps.pm +++ b/perl-install/install_steps.pm @@ -784,6 +784,7 @@ sub setRootPassword { $o->{superuser}{name} = 'root'; any::write_passwd_user($o->{prefix}, $o->{superuser}, $o->{authentication}{md5}); delete $o->{superuser}{name}; + install_any::set_authentication($o); } #------------------------------------------------------------------------------ @@ -833,8 +834,6 @@ sub addUser { $o->pkg_install("autologin") if $o->{autologin}; any::set_autologin($o->{autologin}, $o->{desktop}); - install_any::setAuthentication($o); - install_any::disable_user_view($p) if @$users == (); } diff --git a/perl-install/install_steps_interactive.pm b/perl-install/install_steps_interactive.pm index 3ab27a259..790984847 100644 --- a/perl-install/install_steps_interactive.pm +++ b/perl-install/install_steps_interactive.pm @@ -1121,16 +1121,12 @@ sub cleanupPrinter { sub setRootPassword { my ($o, $clicked) = @_; my $sup = $o->{superuser} ||= {}; - my $auth = ($o->{authentication}{LDAP} && N_("LDAP") || - $o->{authentication}{NIS} && N_("NIS") || - $o->{authentication}{winbind} && N_("Windows Domain") || - N_("Local files")); $sup->{password2} ||= $sup->{password} ||= ""; - return if $o->{security} < 1 && !$clicked; + if ($o->{security} >= 1 || $clicked) { + my $authentication_kind = any::authentication2authentication_kind($o->{authentication} ||= {}); - $o->ask_from_( - { + $o->ask_from_({ title => N("Set root password"), messages => N("Set root password"), interactive_help_id => "setRootPassword", @@ -1147,37 +1143,11 @@ sub setRootPassword { } } }, [ { label => N("Password"), val => \$sup->{password}, hidden => 1 }, { label => N("Password (again)"), val => \$sup->{password2}, hidden => 1 }, -{ label => N("Authentication"), val => \$auth, list => [ N_("Local files"), N_("LDAP"), N_("NIS"), N_("Windows Domain") ], format => \&translate, advanced => 1 }, +{ label => N("Authentication"), val => \$authentication_kind, list => [ any::authentication_kinds() ], format => \&any::authentication_kind2description, advanced => 1 }, ]) or return; - if ($auth eq N_("LDAP")) { - $o->{authentication}{LDAP} ||= 'ldap.' . $o->{netc}{DOMAINNAME}; - $o->{netc}{LDAPDOMAIN} ||= join(',', map { "dc=$_" } split /\./, $o->{netc}{DOMAINNAME}); - $o->ask_from('', - N("Authentication LDAP"), - [ { label => N("LDAP Base dn"), val => \$o->{netc}{LDAPDOMAIN} }, - { label => N("LDAP Server"), val => \$o->{authentication}{LDAP} }, - ]) or goto &setRootPassword; - } else { $o->{authentication}{LDAP} = '' } - if ($auth eq N_("NIS")) { - $o->{authentication}{NIS} ||= 'broadcast'; - $o->ask_from('', - N("Authentication NIS"), - [ { label => N("NIS Domain"), val => \ ($o->{netc}{NISDOMAIN} ||= $o->{netc}{DOMAINNAME}) }, - { label => N("NIS Server"), val => \$o->{authentication}{NIS}, list => ["broadcast"], not_edit => 0 }, - ]) or goto &setRootPassword; - } else { $o->{authentication}{NIS} = '' } - if ($auth eq N_("Windows Domain")) { - #- maybe we should browse the network like diskdrake --smb and get the 'doze server names in a list - #- but networking isn't setup yet necessarily - $o->ask_warn('', N("For this to work for a W2K PDC, you will probably need to have the admin run: C:\\>net localgroup \"Pre-Windows 2000 Compatible Access\" everyone /add and reboot the server.\nYou will also need the username/password of a Domain Admin to join the machine to the Windows(TM) domain.\nIf networking is not yet enabled, Drakx will attempt to join the domain after the network setup step.\nShould this setup fail for some reason and domain authentication is not working, run 'smbpasswd -j DOMAIN -U USER%%PASSWORD' using your Windows(tm) Domain, and Admin Username/Password, after system boot.\nThe command 'wbinfo -t' will test whether your authentication secrets are good.")); - $o->ask_from('', - N("Authentication Windows Domain"), - [ { label => N("Windows Domain"), val => \ ($o->{netc}{WINDOMAIN} ||= $o->{netc}{DOMAINNAME}) }, - { label => N("Domain Admin User Name"), val => \$o->{authentication}{winbind} }, - { label => N("Domain Admin Password"), val => \$o->{authentication}{winpass}, hidden => 1 }, - ]) or goto &setRootPassword; - } else { $o->{authentication}{winbind} = '' } + any::ask_authentification_parameters($o, $o->{netc}, $o->{authentication}, $authentication_kind) or goto &setRootPassword; + } install_steps::setRootPassword($o); } diff --git a/perl-install/network/smb.pm b/perl-install/network/smb.pm index 6215e3150..d8c3024fd 100644 --- a/perl-install/network/smb.pm +++ b/perl-install/network/smb.pm @@ -146,4 +146,36 @@ sub read_credentials { put_in_hash($server, read_credentials_raw(to_credentials($server->{name}, $username))); } + +sub write_smb_conf { + my ($domain) = @_; + + #- was going to just have a canned config in samba-winbind + #- and replace the domain, but sylvestre/buchan didn't bless it yet + + my $f = "$::prefix/etc/samba/smb.conf"; + rename $f, "$f.orig"; + output($f, " +[global] + workgroup = $domain + server string = Samba Server %v + security = domain + encrypt passwords = Yes + password server = * + log file = /var/log/samba/log.%m + max log size = 50 + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + character set = ISO8859-15 + os level = 18 + local master = No + dns proxy = No + winbind uid = 10000-20000 + winbind gid = 10000-20000 + winbind separator = + + template homedir = /home/%D/%U + template shell = /bin/bash + winbind use default domain = yes +"); +} + 1; |