From 0880c7ba8ce88e87fa600aeb367a8f88a3ae71e7 Mon Sep 17 00:00:00 2001 From: damien Date: Tue, 28 Nov 2000 16:56:52 +0000 Subject: branch to build the firewall install. --- perl-install/standalone/drakgw | 367 ++++++++++++++++++++++++++++++----------- 1 file changed, 274 insertions(+), 93 deletions(-) (limited to 'perl-install/standalone/drakgw') diff --git a/perl-install/standalone/drakgw b/perl-install/standalone/drakgw index 2ebd926db..27ab1c028 100755 --- a/perl-install/standalone/drakgw +++ b/perl-install/standalone/drakgw @@ -13,33 +13,158 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # -$drakgw_version = "0.9.0"; - use lib qw(/usr/lib/libDrakX); use common qw(:system :file); use interactive; use log; use c; +use netconnect; +use detect_devices; local $_ = join '', @ARGV; -/-h/ and die "usage: drakgw [--expert]\n"; +/-h/ and die "usage: drakgw [--version --verbose]\n"; +/-version/ and die 'version: $Id$ '."\n"; -$::expert = /-expert/ || cat_("/etc/sysconfig/system") =~ /^TYPE="?expert/m; #" +$::verbose = /-verbose/; +$::direct = /-direct/; $::isStandalone = 1; my $in = vnew interactive('su'); +my $sysconf_network = "/etc/sysconfig/network"; +my $conf_linuxconf = "/etc/conf.linuxconf"; +my $rc_firewall = "/etc/rc.d/rc.firewall.inet_sharing"; +my $dhcpd_conf = "/etc/dhcpd.conf"; +my $cups_conf = "/etc/cups/cupsd.conf"; + + +my $drakgw_setup = "/etc/sysconfig/inet_sharing"; + +sub start_daemons() +{ + my $cups_used = 0; + log::l("[drakgw] Starting daemons\n"); + if (-f "/etc/rc.d/init.d/cups") + { + if (grep(/is running/, `/etc/rc.d/init.d/cups status`)) + { + $cups_used = 1; + (system("/etc/rc.d/init.d/cups stop") == 0) or die "Could not stop the CUPS daemon"; + } + } + grep(/is running/, `/etc/rc.d/init.d/dhcpd status`) and ((system("/etc/rc.d/init.d/dhcpd stop") == 0) or die "Could not stop the dhcp server"); + grep(/error: cannot connect/, `/etc/rc.d/init.d/named status 2>&1`) or ((system("/etc/rc.d/init.d/named stop") == 0) or die "Could not stop the named server"); + (system("/etc/rc.d/init.d/network restart") == 0) or die "Could not restart the network"; + (system("sh /etc/rc.d/rc.firewall") == 0) or die "Could not start the firewall script"; + (system("/etc/rc.d/init.d/named start") == 0) or die "Could not start the caching nameserver"; + (system("/sbin/chkconfig --level 345 named on") == 0) or die "Could not chkconfig named"; + (system("/etc/rc.d/init.d/dhcpd start") == 0) or die "Could not start the dhcp server"; + (system("/sbin/chkconfig --level 345 dhcpd on") == 0) or die "Could not chkconfig dhcpd"; + if ($cups_used == 1) + { + (system("/etc/rc.d/init.d/cups start") == 0) or die "Could not start the CUPS daemon"; + } + local *DRAKGW_SETUP; open DRAKGW_SETUP, ">$drakgw_setup" or die "Can't open $drakgw_setup"; + print DRAKGW_SETUP "INET_SHARING=enabled\n"; + close DRAKGW_SETUP; +} + +sub stop_daemons() +{ + log::l("[drakgw] Stopping daemons\n"); + grep(/is running/, `/etc/rc.d/init.d/dhcpd status`) and ((system("/etc/rc.d/init.d/dhcpd stop") == 0) or die "Could not stop the dhcp server"); + grep(/Connection refused/, `/etc/rc.d/init.d/named status 2>&1`) or ((system("/etc/rc.d/init.d/named stop") == 0) or die "Could not stop the named server"); + (system("/etc/rc.d/init.d/ipchains stop") == 0) or die "Could not stop ipchains"; + (system("/sbin/chkconfig --level 345 named off") == 0) or die "Could not chkconfig named"; + (system("/sbin/chkconfig --level 345 dhcpd off") == 0) or die "Could not chkconfig dhcpd"; + + local *DRAKGW_SETUP; open DRAKGW_SETUP, ">$drakgw_setup" or die "Can't open $drakgw_setup"; + print DRAKGW_SETUP "INET_SHARING=disabled\n"; + close DRAKGW_SETUP; +} + +sub install_rpm($) +{ + $in->suspend; + system("urpmi --auto --best-output $_[0]"); + $in->resume; +} + +sub fatal_quit($) +{ + log::l("[drakgw] FATAL: $_[0]\n"); + (defined $wait_configuring) and (undef $wait_configuring); + $in->ask_warn('', $_[0]); + $in->exit(-1); +} + + +#- ********************************** +#- * 0th step: verify if we are already set up + +if (-f $drakgw_setup) +{ + open DRAKGW_SETUP, "$drakgw_setup" or die "Can't open $drakgw_setup"; + my @drakgw_setup_content = ; + close DRAKGW_SETUP; + + if (grep(/enabled/, @drakgw_setup_content)) + { + my $r = $in->ask_from_list(_("Internet Connection Sharing currently enabled"), + _("The setup of Internet connection sharing has already been done. +It's currently enabled.\n +What would you like to do?"), + [ _("disable"), _("reconfigure"), _("dismiss") ]); + if ($r eq _("disable")) + { + stop_daemons(); + -f "$dhcpd_conf.drakgwdisable" and (unlink("$dhcpd_conf.drakgwdisable") or die "Could not unlink $dhcpd_conf.drakgwdisable"); + rename($dhcpd_conf, "$dhcpd_conf.drakgwdisable") or die "Could not rename $dhcpd_conf to $dhcpd_conf.drakgwdisable"; + -f "$rc_firewall.drakgwdisable" and (unlink("$rc_firewall.drakgwdisable") or die "Could not unlink $rc_firewall.drakgwdisable"); + rename($rc_firewall, "$rc_firewall.drakgwdisable") or die "Could not rename $rc_firewall to $rc_firewall.drakgwdisable"; + log::l("[drakgw] Disabled\n"); + $in->exit(0); + } + ($r eq _("dismiss")) and $in->exit(0); + } + elsif (grep(/disabled/, @drakgw_setup_content)) + { + my $r = $in->ask_from_list(_("Internet Connection Sharing currently disabled"), + _("The setup of Internet connection sharing has already been done. +It's currently disabled.\n +What would you like to do?"), + [ _("enable"), _("reconfigure"), _("dismiss") ]); + if ($r eq _("enable")) + { + -f $dhcpd_conf and rename($dhcpd_conf, "$dhcpd_conf.old"); + rename("$dhcpd_conf.drakgwdisable", $dhcpd_conf) or die "Could not find configuration. Please reconfigure."; + -f $rc_firewall and rename($rc_firewall, "$rc_firewall.old"); + rename("$rc_firewall.drakgwdisable", $rc_firewall) or die "Could not find configuration. Please reconfigure."; + start_daemons(); + log::l("[drakgw] Enabled\n"); + $in->exit(0); + } + ($r eq _("dismiss")) and $in->exit(0); + } + else + { + $in->ask_warn("Unrecognized config file", _("Config file content could not be interpreted.")); + $in->exit(-1); + } +} + + + #- ********************************** #- * 1st step: detect/setup -$in->ask_okcancel(_("Internet Connection Sharing"), - _("Your computer can be configured so that its Internet connection shall be shared ". - "with other computers.\n". - "Note: you need a dedicated Network Adapter to set up a Local Area Network (LAN).\n\n". - "Would you like to setup the Internet Connection Sharing?"), 1) or $in->exit(0); +$::direct or $in->ask_okcancel(_("Internet Connection Sharing"), + _("Your computer can be configured to share its Internet connection.\n +Note: you need a dedicated Network Adapter to set up a Local Area Network (LAN).\n +Would you like to setup the Internet Connection Sharing?"), 1) or $in->exit(0); #my @pci_ethernet_cards; #require pci_probing::main; @@ -48,15 +173,24 @@ $in->ask_okcancel(_("Internet Connection Sharing"), #($#pci_ethernet_cards == -1) and $in->ask_warn('', _("No PCI network ethernet devices found!")) and $in->exit(0); # ## push @pci_ethernet_cards, [ "NETWORK_ETHERNET", "Fake ne2000", "ne2k" ]; -# -#my @configured_devices = map { /ifcfg-(\S+)/; $1 } `ls /etc/sysconfig/network-scripts/ifcfg*`; -# + +my @configured_devices = map { /ifcfg-(\S+)/; $1 } `ls /etc/sysconfig/network-scripts/ifcfg*`; + #my @active_devices = `/sbin/ifconfig | grep ^[a-z] | awk '{print \$1}'`; chop @active_devices; -my %aliased_devices; (/^alias\s+(eth[0-9])\s+(\S+)/) and ($aliased_devices{$1} = $2) foreach (`cat /etc/modules.conf`); -my @all_cards = map { "Interface $_ (using module $aliased_devices{$_})" } (keys %aliased_devices); +my %aliased_devices; (/^alias\s+(eth[0-9])\s+(\S+)/) and ($aliased_devices{$1} = $2) foreach cat_("/etc/modules.conf"); +my $card_netconnect = netconnect::get_net_device("/"); +(defined $card_netconnect) and log::l("[drakgw] Information from netconnect: ignore card $card_netconnect\n"); +my @all_cards_getnet = detect_devices::getNet(); +my @all_cards; +foreach my $card (@all_cards_getnet) +{ + log::l("[drakgw] Have network card: $card\n"); + next if ($card eq $card_netconnect); + push @all_cards, exists $aliased_devices{$card} ? "Interface $card ("._("using module")." $aliased_devices{$card})" : "Interface $card"; +} +log::l("[drakgw] Available network cards: ".join(" ; ", @all_cards)."\n"); - # print "pci_detection: "; print ">".$_->[2]."< " foreach (@pci_ethernet_cards); # print "\nconfigured: "; print ">".$_."< " foreach (@configured_devices); # print "\nactive: "; print ">".$_."< " foreach (@active_devices); @@ -86,46 +220,45 @@ my @all_cards = map { "Interface $_ (using module $aliased_devices{$_})" } (keys my $interface; if ($#all_cards == -1) { - $in->ask_warn(_("No NIC on your system!"), - _("No ethernet network adapter is currently configured on your\n". - "system. Please run the hardware configuration tool.")); + $in->ask_warn(_("No network adapter on your system!"), + _("No ethernet network adapter has been detected on your system. Please run the hardware configuration tool.")); $in->exit(0); } elsif ($#all_cards == 0) { $interface = $all_cards[0]; - $in->ask_okcancel(_("Network interface"), - _("There is only one configured network adapter on your system:\n\n$interface\n\n". - "Would you like to setup your Local Area Network with that adapter?"), 1) or $in->exit(0); + $::verbose and ($in->ask_okcancel(_("Network interface"), + _("There is only one configured network adapter on your system:\n\n$interface\n\nWould you like to setup your Local Area Network with that adapter?"), 1) or $in->exit(0)); } else { $interface = $in->ask_from_list(_("Choose the network interface"), - _("Here are the configured network adapters on your system; please\n". - "choose which one to use to setup your Local Area Network."), + _("Please choose what network adapter will be connected to your Local Area Network."), \@all_cards, ); defined $interface or $in->exit(0); } $interface =~ /(eth[0-9]+)/ or die("Internal error"); my $device = $1; +log::l("[drakgw] Choosing network card: $device\n"); + +grep(/$device/, @configured_devices) and + ($in->ask_okcancel('', _("Warning, the network adapter is already configured.\nWould you like to reconfigure?")) or $in->exit(0)); #- setup the address for the LAN -my $lan_address = "192.168.0.0"; -$::expert and ($lan_address = $in->ask_from_entry(_("Local Area Network specification"), - _("You may now decide which class C network will be your LAN.\n"), - _("Network:"), $lan_address, - ) or $in->exit(0)); -($lan_address =~ /^([0-9]+\.[0-9]+\.[0-9]+)\.0$/) or die "Invalid network.\n"; -$lan_address = $1; +my $full_lan_address = "192.168.0.0"; +#$::expert and ($full_lan_address = $in->ask_from_entry(_("Local Area Network specification"), +# _("You may now decide which class C network to use.\n"), +# _("Network:"), $full_lan_address, +# ) or $in->exit(0)); +($full_lan_address =~ /^([0-9]+\.[0-9]+\.[0-9]+)\.0$/) or die "Invalid network.\n"; +my $lan_address = $1; #- test for potential conflict with other networks -my @configured_devices = map { /ifcfg-(\S+)/; $1 } `ls /etc/sysconfig/network-scripts/ifcfg-*`; - foreach (@configured_devices) { if ($_ ne $device) @@ -134,27 +267,32 @@ foreach (@configured_devices) my $ifcfg = "/etc/sysconfig/network-scripts/ifcfg-$_"; open IFCFG, "$ifcfg" or die "Can't open $ifcfg"; my @ifcfg_content = ; - grep(/$lan_address/, @ifcfg_content) and $in->ask_warn('', _("Potential LAN address conflict found in current config of $_!\n")) and $in->exit(0); + grep(/$lan_address/, @ifcfg_content) and + $in->ask_warn('', _("Potential LAN address conflict found in current config of $_!\n")) and $in->exit(0); close IFCFG; } } -#- ask for confirmation +#- test for potential conflict with previous firewall config -$in->ask_okcancel(_("Internet Connection Sharing - setup of $device"), - _("The following interface is about to be configured:\n\n$interface\n\n". - "It will be setup on a Local Area Network ($lan_address.0); additionnally, IP forwarding ". - "and masquerading will be enabled, together with a DHCP server.\n". - "You will then be able to connect other computers to this network, with automatic ". - "DHCP configuration."), 1) or $in->exit(0); +my @chain_rules; +(-f "/etc/sysconfig/ipchains" or ((-x "/sbin/ipchains") and (@chain_rules = `/sbin/ipchains -L`) and ($#chain_rules > 2))) + and ($in->ask_okcancel(_("Firewalling configuration detected!"), + _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation. Proceed?"), 1) or $in->exit(0)); +#- ask for confirmation +# +#$in->ask_okcancel(_("Internet Connection Sharing - setup"), +# _("The local network is about to be configured.\n") . +# "You will then be able to connect other computers to this network, with automatic ". +# "DHCP configuration."), 1) or $in->exit(0); #- ********************************** #- * 2nd step: configure -my $wait_configuring = $in->wait_message('Configuring...', _("Configuring scripts, installing software, starting daemons...")); +$wait_configuring = $in->wait_message(_("Configuring..."), _("Configuring scripts, installing software, starting servers...")); #- setup the /etc/sysconfig/network-script/ script @@ -174,15 +312,48 @@ EOF close IFCFG; -#- install and setup the FORWARD and MASQ stuff with IPCHAINS +#- install and setup the RPM packages + +my $rpms_to_install; +my %bin2rpm = ( "/sbin/ipchains" => "ipchains", + "/usr/sbin/dhcpd" => "dhcp", + $conf_linuxconf => "linuxconf", + "/usr/sbin/named" => "bind", + "/var/named/named.local" => "caching-nameserver" ); + +-e $_ or $rpms_to_install .= "$bin2rpm{$_} " foreach (keys %bin2rpm); +install_rpm($rpms_to_install); +-e $_ or fatal_quit(_("Problems installing package $bin2rpm{$_}")) foreach (keys %bin2rpm); + + +#- setup the masquerading configuration + +if (-f "/etc/rc.d/rc.firewall") +{ + local *RCFIREWALL; + open RCFIREWALL, "/etc/rc.d/rc.firewall" or die "Can't open /etc/rc.d/rc.firewall"; + my @rcfirewall_content = ; + close RCFIREWALL; + grep(/\/etc\/rc\.d\/rc\.firewall\.inet_sharing/, @rcfirewall_content) or push @rcfirewall_content, "# Added by drakgw\n[ -x /etc/rc.d/rc.firewall.inet_sharing ] && /etc/rc.d/rc.firewall.inet_sharing\n"; + open RCFIREWALL, ">/etc/rc.d/rc.firewall" or die "Can't open /etc/rc.d/rc.firewall"; + print RCFIREWALL @rcfirewall_content; + close RCFIREWALL; +} +else +{ + local *RCFIREWALL; open RCFIREWALL, ">/etc/rc.d/rc.firewall" or die "Can't open /etc/rc.d/rc.firewall"; + print RCFIREWALL <ask_warn('', _("Could not install ipchains RPM with urpmi.")) and $in->exit(0)); +[ -x /etc/rc.d/rc.firewall.inet_sharing ] && /etc/rc.d/rc.firewall.inet_sharing +EOF + chmod 0700, "/etc/rc.d/rc.firewall"; +} -my $rcfirewall = "/etc/rc.d/rc.firewall"; --f $rcfirewall and rename($rcfirewall, "$rcfirewall.old"); -local *RCFIREWALL; open RCFIREWALL, ">$rcfirewall" or die "Can't open $rcfirewall"; +-f $rc_firewall and rename($rc_firewall, "$rc_firewall.old"); +local *RCFIREWALL; open RCFIREWALL, ">$rc_firewall" or die "Can't open $rc_firewall"; print RCFIREWALL < /proc/sys/net/ipv4/ip_forward /sbin/ipchains -A forward -s $lan_address.0/24 -j MASQ EOF close RCFIREWALL; -chmod 0700, $rcfirewall; +chmod 0700, $rc_firewall; #- be sure that FORWARD_IPV4 is enabled in /etc/sysconfig/network -my $sysconf_network = "/etc/sysconfig/network"; open SYSCONF_NETWORK, "$sysconf_network" or die "Can't open $sysconf_network"; my @sysconf_network_content = ; close SYSCONF_NETWORK; -($_ =~ /^FORWARD_IPV4=/ and $_="FORWARD_IPV4=true\n") foreach (@sysconf_network_content); +($_ =~ /^FORWARD_IPV4=/ and $_="FORWARD_IPV4=true\n") foreach @sysconf_network_content; grep(/^FORWARD_IPV4=/, @sysconf_network_content) or push @sysconf_network_content, "FORWARD_IPV4=true\n"; open SYSCONF_NETWORK, ">$sysconf_network" or die "Can't open $sysconf_network"; print SYSCONF_NETWORK @sysconf_network_content; close SYSCONF_NETWORK; -#- install and setup the DHCP server +#- setup the DHCP server -$f = "/usr/sbin/dhcpd"; --e $f or system("urpmi --auto dhcp"); --e $f or ($in->ask_warn('', _("Could not install dhcp RPM with urpmi.")) and $in->exit(0)); - -my $dhcpdconf = "/etc/dhcpd.conf"; --f $dhcpdconf and rename($dhcpdconf, "$dhcpdconf.old"); -local *DHCPDCONF; open DHCPDCONF, ">$dhcpdconf" or die "Can't open $dhcpdconf"; +-f $dhcpd_conf and rename($dhcpd_conf, "$dhcpd_conf.old"); +local *DHCPDCONF; open DHCPDCONF, ">$dhcpd_conf" or die "Can't open $dhcpd_conf"; print DHCPDCONF <; close CONF_LINUXCONF; -($_ =~ /^DHCP.interface/ and $_="DHCP.interface $device\n") foreach (@conf_linuxconf_content); +($_ =~ /^DHCP.interface/ and $_="DHCP.interface $device\n") foreach @conf_linuxconf_content; grep(/DHCP.interface/, @conf_linuxconf_content) or push @conf_linuxconf_content, "DHCP.interface $device\n"; open CONF_LINUXCONF, ">$conf_linuxconf" or die "Can't open $conf_linuxconf"; print CONF_LINUXCONF @conf_linuxconf_content; close CONF_LINUXCONF; - -#- install the BIND and caching nameserver stuff - -$f = "/usr/sbin/named"; --e $f or system("urpmi --auto bind"); --e $f or ($in->ask_warn('', _("Could not install bind RPM with urpmi.")) and $in->exit(0)); - -$f = "/var/named/named.local"; --e $f or system("urpmi --auto caching-nameserver"); --e $f or ($in->ask_warn('', _("Could not install caching-nameserver RPM with urpmi.")) and $in->exit(0)); - +#- Set up /etc/cups/cupsd.conf to make the broadcasting of the printer info +#- working correctly: +#- +#- 1. ServerName # because clients do necessarily +#- # know the server's name +#- +#- 2. BrowseAddress # broadcast printer info into +#- # the local network. +#- +#- These steps are only done when the CUPS package is installed. + +if (-f $cups_conf) +{ + open CONF_CUPS, "$cups_conf" or die "Can't open $cups_conf"; + my @cups_conf_content = ; + close CONF_CUPS; + ($_ =~ /ServerName[^:]/ and $_="ServerName $lan_address.1\n") foreach @cups_conf_content; + grep(/ServerName[^:]/, @cups_conf_content) or push @cups_conf_content, "ServerName $lan_address.1\n"; + grep(/^BrowseAddress $lan_address.255/, @cups_conf_content) or push @cups_conf_content, "BrowseAddress $lan_address.255\n"; + open CONF_CUPS, ">$cups_conf" or die "Can't open $conf_linuxconf"; + print CONF_CUPS @cups_conf_content; + close CONF_CUPS; +} #- start the daemons -(system("/etc/rc.d/init.d/network restart") == 0) or die "Could not restart the network"; -(system("/etc/rc.d/rc.firewall") == 0) or die "Could not start the firewall script"; -grep(/is running/, `/etc/rc.d/init.d/dhcpd status`) and ((system("/etc/rc.d/init.d/dhcpd stop") == 0) or die "Could not stop the dhcp server"); -(system("/etc/rc.d/init.d/dhcpd start") == 0) or die "Could not start the dhcp server"; -(system("/sbin/chkconfig --level 345 dhcpd on") == 0) or die "Could not chkconfig dhcpd"; -grep(/Connection refused/, `/etc/rc.d/init.d/named status 2>&1`) or ((system("/etc/rc.d/init.d/named stop") == 0) or die "Could not stop the named server"); -(system("/etc/rc.d/init.d/named start") == 0) or die "Could not start the caching nameserver"; -(system("/sbin/chkconfig --level 345 named on") == 0) or die "Could not chkconfig named"; +start_daemons(); + +#- bye-bye message undef $wait_configuring; -$in->ask_warn(_("Everything configured!"), - _("Everything has been configured.\n". - "You may now connect computers on your Local Area Network,\n". - "using automatic DHCP network configuration.")); +$in->ask_warn(_("Congratulations!"), + _("Everything has been configured. +You may now share Internet connection with other computers on your Local Area Network, using automatic network configuration (DHCP).")); + +log::l("[drakgw] Installation complete, exiting\n"); $in->exit(0); - -# 0.9.0 Thu Aug 17 15:03:40 2000 -# - first version + +#------------------------------------------------- +#- $Log$ +#- Revision 1.1.1.1 2000/11/28 16:54:21 damien +#- branch to build the firewall install. +#- +#- Revision 1.17 2000/11/13 15:48:33 gc +#- Integrate Till's patches for better work with Cups. +#- +#- Revision 1.16 2000/10/10 15:31:50 gc +#- make only one call to urpmi in order to install all the needed rpm's +#- -- cgit v1.2.1