package printer::data;
use strict;
use common;
use vars qw(@ISA @EXPORT);
@ISA = qw(Exporter);
@EXPORT = qw(%lprcommand %spoolers %spooler_inv %shortspooler_inv);
# BUG, FIXME : this was neither declered nor setted anywhere before :
# maybe this should be swtiched :
# $lprcommand{stuff} => $spoolers{stuff}{print_command}
our %spoolers = ('pdq' => {
'help' => "/usr/bin/lphelp %s |",
'print_command' => 'lpr-pdq',
'long_name' => N("PDQ - Print, Don't Queue"),
'short_name' => N("PDQ"),
'packages2add' => [ [ 'pdq' ], [qw(/usr/bin/pdq /usr/X11R6/bin/xpdq)] ],
'alternatives' => [
[ 'lpr', '/usr/bin/lpr-pdq' ],
[ 'lpq', '/usr/bin/lpq-foomatic' ],
[ 'lprm', '/usr/bin/lprm-foomatic' ]
],
},
'lpd' => {
'help' => "/usr/bin/pdq -h -P %s 2>&1 |",
'print_command' => 'lpr',
'long_name' => N("LPD - Line Printer Daemon"),
'short_name' => N("LPD"),
'boot_spooler' => 'lpd',
'service' => 'lpd',
'packages2add' => [ [qw(lpr net-tools gpr a2ps ImageMagick)],
[qw(/usr/sbin/lpf
/usr/sbin/lpd
/sbin/ifconfig
/usr/bin/gpr
/usr/bin/a2ps
/usr/bin/convert)] ],
'packages2rm' => [ 'LPRng', '/usr/lib/filters/lpf' ],
'alternatives' => [
[ 'lpr', '/usr/bin/lpr-lpd' ],
[ 'lpq', '/usr/bin/lpq-lpd' ],
[ 'lprm', '/usr/bin/lprm-lpd' ],
[ 'lpc', '/usr/sbin/lpc-lpd' ]
]
},
'lprng' => {
'print_command' => 'lpr-lpd',
'long_name' => N("LPRng - LPR New Generation"),
'short_name' => N("LPRng"),
'boot_spooler' => 'lpd',
'service' => 'lpd',
'packages2add' => [ [qw(LPRng net-tools gpr a2ps ImageMagick)],
[qw(/usr/lib/filters/lpf
/usr/sbin/lpd
/sbin/ifconfig
/usr/bin/gpr
/usr/bin/a2ps
/usr/bin/convert)] ],
'packages2rm' => [ 'lpr', '/usr/sbin/lpf' ],
'alternatives' => [
[ 'lpr', '/usr/bin/lpr-lpd' ],
[ 'lpq', '/usr/bin/lpq-lpd' ],
[ 'lprm', '/usr/bin/lprm-lpd' ],
[ 'lp', '/usr/bin/lp-lpd' ],
[ 'cancel', '/usr/bin/cancel-lpd' ],
[ 'lpstat', '/usr/bin/lpstat-lpd' ],
[ 'lpc', '/usr/sbin/lpc-lpd' ]
]
},
'cups' => {
'print_command' => 'lpr-cups',
'long_name' => N("CUPS - Common Unix Printing System"),
'short_name' => N("CUPS"),
'boot_spooler' => 'cups',
'service' => 'cups',
'packages2add' => [ ['cups', 'net-tools', 'xpp', if_($::expert, 'cups-drivers'),
$::isInstall ? 'curl' : 'webfetch'],
[ qw(/usr/lib/cups/cgi-bin/printers.cgi
/sbin/ifconfig
/usr/bin/xpp),
if_($::expert, "/usr/share/cups/model/postscript.ppd.gz"),
$::isInstall ? '/usr/bin/curl' : '/usr/bin/wget' ] ],
'alternatives' => [
[ 'lpr', '/usr/bin/lpr-cups' ],
[ 'lpq', '/usr/bin/lpq-cups' ],
[ 'lprm', '/usr/bin/lprm-cups' ],
[ 'lp', '/usr/bin/lp-cups' ],
[ 'cancel', '/usr/bin/cancel-cups' ],
[ 'lpstat', '/usr/bin/lpstat-cups' ],
[ 'lpc', '/usr/sbin/lpc-cups' ]
]
}
);
our %spooler_inv = map { $spoolers{$_}{long_name} => $_ } keys %spoolers;
our %shortspooler_inv = map { $spoolers{$_}{short_name} => $_ } keys %spoolers;
18.19&id=f235b356f0c159ea9bea1c2cd0c22b73b26a79b0'>tree</a><a href='/software/drakx/commit/perl-install/authentication.pm?h=18.19&id=f235b356f0c159ea9bea1c2cd0c22b73b26a79b0'>commit</a><a href='/software/drakx/diff/perl-install/authentication.pm?h=18.19&id=f235b356f0c159ea9bea1c2cd0c22b73b26a79b0'>diff</a><a href='/software/drakx/stats/perl-install/authentication.pm?h=18.19'>stats</a></td><td class='form'><form class='right' method='get' action='/software/drakx/log/perl-install/authentication.pm'>
<input type='hidden' name='h' value='18.19'/><input type='hidden' name='id' value='f235b356f0c159ea9bea1c2cd0c22b73b26a79b0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/software/drakx/tree/?h=18.19&id=f235b356f0c159ea9bea1c2cd0c22b73b26a79b0'>root</a>/<a href='/software/drakx/tree/perl-install?h=18.19&id=f235b356f0c159ea9bea1c2cd0c22b73b26a79b0'>perl-install</a>/<a href='/software/drakx/tree/perl-install/authentication.pm?h=18.19&id=f235b356f0c159ea9bea1c2cd0c22b73b26a79b0'>authentication.pm</a></div><div class='content'>blob: 9fc00a78e7c0304d08e9673772e7f45d9b5cbd6a (<a href='/software/drakx/plain/perl-install/authentication.pm?h=18.19&id=f235b356f0c159ea9bea1c2cd0c22b73b26a79b0'>plain</a>)
<table summary='blob content' class='blob'>
<tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a>
<a id='n2' href='#n2'>2</a>
<a id='n3' href='#n3'>3</a>
<a id='n4' href='#n4'>4</a>
<a id='n5' href='#n5'>5</a>
<a id='n6' href='#n6'>6</a>
<a id='n7' href='#n7'>7</a>
<a id='n8' href='#n8'>8</a>
<a id='n9' href='#n9'>9</a>
<a id='n10' href='#n10'>10</a>
<a id='n11' href='#n11'>11</a>
<a id='n12' href='#n12'>12</a>
<a id='n13' href='#n13'>13</a>
<a id='n14' href='#n14'>14</a>
<a id='n15' href='#n15'>15</a>
<a id='n16' href='#n16'>16</a>
<a id='n17' href='#n17'>17</a>
<a id='n18' href='#n18'>18</a>
<a id='n19' href='#n19'>19</a>
<a id='n20' href='#n20'>20</a>
<a id='n21' href='#n21'>21</a>
<a id='n22' href='#n22'>22</a>
<a id='n23' href='#n23'>23</a>
<a id='n24' href='#n24'>24</a>
<a id='n25' href='#n25'>25</a>
<a id='n26' href='#n26'>26</a>
<a id='n27' href='#n27'>27</a>
<a id='n28' href='#n28'>28</a>
<a id='n29' href='#n29'>29</a>
<a id='n30' href='#n30'>30</a>
<a id='n31' href='#n31'>31</a>
<a id='n32' href='#n32'>32</a>
<a id='n33' href='#n33'>33</a>
<a id='n34' href='#n34'>34</a>
<a id='n35' href='#n35'>35</a>
<a id='n36' href='#n36'>36</a>
<a id='n37' href='#n37'>37</a>
<a id='n38' href='#n38'>38</a>
<a id='n39' href='#n39'>39</a>
<a id='n40' href='#n40'>40</a>
<a id='n41' href='#n41'>41</a>
<a id='n42' href='#n42'>42</a>
<a id='n43' href='#n43'>43</a>
<a id='n44' href='#n44'>44</a>
<a id='n45' href='#n45'>45</a>
<a id='n46' href='#n46'>46</a>
<a id='n47' href='#n47'>47</a>
<a id='n48' href='#n48'>48</a>
<a id='n49' href='#n49'>49</a>
<a id='n50' href='#n50'>50</a>
<a id='n51' href='#n51'>51</a>
<a id='n52' href='#n52'>52</a>
<a id='n53' href='#n53'>53</a>
<a id='n54' href='#n54'>54</a>
<a id='n55' href='#n55'>55</a>
<a id='n56' href='#n56'>56</a>
<a id='n57' href='#n57'>57</a>
<a id='n58' href='#n58'>58</a>
<a id='n59' href='#n59'>59</a>
<a id='n60' href='#n60'>60</a>
<a id='n61' href='#n61'>61</a>
<a id='n62' href='#n62'>62</a>
<a id='n63' href='#n63'>63</a>
<a id='n64' href='#n64'>64</a>
<a id='n65' href='#n65'>65</a>
<a id='n66' href='#n66'>66</a>
<a id='n67' href='#n67'>67</a>
<a id='n68' href='#n68'>68</a>
<a id='n69' href='#n69'>69</a>
<a id='n70' href='#n70'>70</a>
<a id='n71' href='#n71'>71</a>
<a id='n72' href='#n72'>72</a>
<a id='n73' href='#n73'>73</a>
<a id='n74' href='#n74'>74</a>
<a id='n75' href='#n75'>75</a>
<a id='n76' href='#n76'>76</a>
<a id='n77' href='#n77'>77</a>
<a id='n78' href='#n78'>78</a>
<a id='n79' href='#n79'>79</a>
<a id='n80' href='#n80'>80</a>
<a id='n81' href='#n81'>81</a>
<a id='n82' href='#n82'>82</a>
<a id='n83' href='#n83'>83</a>
<a id='n84' href='#n84'>84</a>
<a id='n85' href='#n85'>85</a>
<a id='n86' href='#n86'>86</a>
<a id='n87' href='#n87'>87</a>
<a id='n88' href='#n88'>88</a>
<a id='n89' href='#n89'>89</a>
<a id='n90' href='#n90'>90</a>
<a id='n91' href='#n91'>91</a>
<a id='n92' href='#n92'>92</a>
<a id='n93' href='#n93'>93</a>
<a id='n94' href='#n94'>94</a>
<a id='n95' href='#n95'>95</a>
<a id='n96' href='#n96'>96</a>
<a id='n97' href='#n97'>97</a>
<a id='n98' href='#n98'>98</a>
<a id='n99' href='#n99'>99</a>
<a id='n100' href='#n100'>100</a>
<a id='n101' href='#n101'>101</a>
<a id='n102' href='#n102'>102</a>
<a id='n103' href='#n103'>103</a>
<a id='n104' href='#n104'>104</a>
<a id='n105' href='#n105'>105</a>
<a id='n106' href='#n106'>106</a>
<a id='n107' href='#n107'>107</a>
<a id='n108' href='#n108'>108</a>
<a id='n109' href='#n109'>109</a>
<a id='n110' href='#n110'>110</a>
<a id='n111' href='#n111'>111</a>
<a id='n112' href='#n112'>112</a>
<a id='n113' href='#n113'>113</a>
<a id='n114' href='#n114'>114</a>
<a id='n115' href='#n115'>115</a>
<a id='n116' href='#n116'>116</a>
<a id='n117' href='#n117'>117</a>
<a id='n118' href='#n118'>118</a>
<a id='n119' href='#n119'>119</a>
<a id='n120' href='#n120'>120</a>
<a id='n121' href='#n121'>121</a>
<a id='n122' href='#n122'>122</a>
<a id='n123' href='#n123'>123</a>
<a id='n124' href='#n124'>124</a>
<a id='n125' href='#n125'>125</a>
<a id='n126' href='#n126'>126</a>
<a id='n127' href='#n127'>127</a>
<a id='n128' href='#n128'>128</a>
<a id='n129' href='#n129'>129</a>
<a id='n130' href='#n130'>130</a>
<a id='n131' href='#n131'>131</a>
<a id='n132' href='#n132'>132</a>
<a id='n133' href='#n133'>133</a>
<a id='n134' href='#n134'>134</a>
<a id='n135' href='#n135'>135</a>
<a id='n136' href='#n136'>136</a>
<a id='n137' href='#n137'>137</a>
<a id='n138' href='#n138'>138</a>
<a id='n139' href='#n139'>139</a>
<a id='n140' href='#n140'>140</a>
<a id='n141' href='#n141'>141</a>
<a id='n142' href='#n142'>142</a>
<a id='n143' href='#n143'>143</a>
<a id='n144' href='#n144'>144</a>
<a id='n145' href='#n145'>145</a>
<a id='n146' href='#n146'>146</a>
<a id='n147' href='#n147'>147</a>
<a id='n148' href='#n148'>148</a>
<a id='n149' href='#n149'>149</a>
<a id='n150' href='#n150'>150</a>
<a id='n151' href='#n151'>151</a>
<a id='n152' href='#n152'>152</a>
<a id='n153' href='#n153'>153</a>
<a id='n154' href='#n154'>154</a>
<a id='n155' href='#n155'>155</a>
<a id='n156' href='#n156'>156</a>
<a id='n157' href='#n157'>157</a>
<a id='n158' href='#n158'>158</a>
<a id='n159' href='#n159'>159</a>
<a id='n160' href='#n160'>160</a>
<a id='n161' href='#n161'>161</a>
<a id='n162' href='#n162'>162</a>
<a id='n163' href='#n163'>163</a>
<a id='n164' href='#n164'>164</a>
<a id='n165' href='#n165'>165</a>
<a id='n166' href='#n166'>166</a>
<a id='n167' href='#n167'>167</a>
<a id='n168' href='#n168'>168</a>
<a id='n169' href='#n169'>169</a>
<a id='n170' href='#n170'>170</a>
<a id='n171' href='#n171'>171</a>
<a id='n172' href='#n172'>172</a>
<a id='n173' href='#n173'>173</a>
<a id='n174' href='#n174'>174</a>
<a id='n175' href='#n175'>175</a>
<a id='n176' href='#n176'>176</a>
<a id='n177' href='#n177'>177</a>
<a id='n178' href='#n178'>178</a>
<a id='n179' href='#n179'>179</a>
<a id='n180' href='#n180'>180</a>
<a id='n181' href='#n181'>181</a>
<a id='n182' href='#n182'>182</a>
<a id='n183' href='#n183'>183</a>
<a id='n184' href='#n184'>184</a>
<a id='n185' href='#n185'>185</a>
<a id='n186' href='#n186'>186</a>
<a id='n187' href='#n187'>187</a>
<a id='n188' href='#n188'>188</a>
<a id='n189' href='#n189'>189</a>
<a id='n190' href='#n190'>190</a>
<a id='n191' href='#n191'>191</a>
<a id='n192' href='#n192'>192</a>
<a id='n193' href='#n193'>193</a>
<a id='n194' href='#n194'>194</a>
<a id='n195' href='#n195'>195</a>
<a id='n196' href='#n196'>196</a>
<a id='n197' href='#n197'>197</a>
<a id='n198' href='#n198'>198</a>
<a id='n199' href='#n199'>199</a>
<a id='n200' href='#n200'>200</a>
<a id='n201' href='#n201'>201</a>
<a id='n202' href='#n202'>202</a>
<a id='n203' href='#n203'>203</a>
<a id='n204' href='#n204'>204</a>
<a id='n205' href='#n205'>205</a>
<a id='n206' href='#n206'>206</a>
<a id='n207' href='#n207'>207</a>
<a id='n208' href='#n208'>208</a>
<a id='n209' href='#n209'>209</a>
<a id='n210' href='#n210'>210</a>
<a id='n211' href='#n211'>211</a>
<a id='n212' href='#n212'>212</a>
<a id='n213' href='#n213'>213</a>
<a id='n214' href='#n214'>214</a>
<a id='n215' href='#n215'>215</a>
<a id='n216' href='#n216'>216</a>
<a id='n217' href='#n217'>217</a>
<a id='n218' href='#n218'>218</a>
<a id='n219' href='#n219'>219</a>
<a id='n220' href='#n220'>220</a>
<a id='n221' href='#n221'>221</a>
<a id='n222' href='#n222'>222</a>
<a id='n223' href='#n223'>223</a>
<a id='n224' href='#n224'>224</a>
<a id='n225' href='#n225'>225</a>
<a id='n226' href='#n226'>226</a>
<a id='n227' href='#n227'>227</a>
<a id='n228' href='#n228'>228</a>
<a id='n229' href='#n229'>229</a>
<a id='n230' href='#n230'>230</a>
<a id='n231' href='#n231'>231</a>
<a id='n232' href='#n232'>232</a>
<a id='n233' href='#n233'>233</a>
<a id='n234' href='#n234'>234</a>
<a id='n235' href='#n235'>235</a>
<a id='n236' href='#n236'>236</a>
<a id='n237' href='#n237'>237</a>
<a id='n238' href='#n238'>238</a>
<a id='n239' href='#n239'>239</a>
<a id='n240' href='#n240'>240</a>
<a id='n241' href='#n241'>241</a>
<a id='n242' href='#n242'>242</a>
<a id='n243' href='#n243'>243</a>
<a id='n244' href='#n244'>244</a>
<a id='n245' href='#n245'>245</a>
<a id='n246' href='#n246'>246</a>
<a id='n247' href='#n247'>247</a>
<a id='n248' href='#n248'>248</a>
<a id='n249' href='#n249'>249</a>
<a id='n250' href='#n250'>250</a>
<a id='n251' href='#n251'>251</a>
<a id='n252' href='#n252'>252</a>
<a id='n253' href='#n253'>253</a>
<a id='n254' href='#n254'>254</a>
<a id='n255' href='#n255'>255</a>
<a id='n256' href='#n256'>256</a>
<a id='n257' href='#n257'>257</a>
<a id='n258' href='#n258'>258</a>
<a id='n259' href='#n259'>259</a>
<a id='n260' href='#n260'>260</a>
<a id='n261' href='#n261'>261</a>
<a id='n262' href='#n262'>262</a>
<a id='n263' href='#n263'>263</a>
<a id='n264' href='#n264'>264</a>
<a id='n265' href='#n265'>265</a>
<a id='n266' href='#n266'>266</a>
<a id='n267' href='#n267'>267</a>
<a id='n268' href='#n268'>268</a>
<a id='n269' href='#n269'>269</a>
<a id='n270' href='#n270'>270</a>
<a id='n271' href='#n271'>271</a>
<a id='n272' href='#n272'>272</a>
<a id='n273' href='#n273'>273</a>
<a id='n274' href='#n274'>274</a>
<a id='n275' href='#n275'>275</a>
<a id='n276' href='#n276'>276</a>
<a id='n277' href='#n277'>277</a>
<a id='n278' href='#n278'>278</a>
<a id='n279' href='#n279'>279</a>
<a id='n280' href='#n280'>280</a>
<a id='n281' href='#n281'>281</a>
<a id='n282' href='#n282'>282</a>
<a id='n283' href='#n283'>283</a>
<a id='n284' href='#n284'>284</a>
<a id='n285' href='#n285'>285</a>
<a id='n286' href='#n286'>286</a>
<a id='n287' href='#n287'>287</a>
<a id='n288' href='#n288'>288</a>
<a id='n289' href='#n289'>289</a>
<a id='n290' href='#n290'>290</a>
<a id='n291' href='#n291'>291</a>
<a id='n292' href='#n292'>292</a>
<a id='n293' href='#n293'>293</a>
<a id='n294' href='#n294'>294</a>
<a id='n295' href='#n295'>295</a>
<a id='n296' href='#n296'>296</a>
<a id='n297' href='#n297'>297</a>
<a id='n298' href='#n298'>298</a>
<a id='n299' href='#n299'>299</a>
<a id='n300' href='#n300'>300</a>
<a id='n301' href='#n301'>301</a>
<a id='n302' href='#n302'>302</a>
<a id='n303' href='#n303'>303</a>
<a id='n304' href='#n304'>304</a>
<a id='n305' href='#n305'>305</a>
<a id='n306' href='#n306'>306</a>
<a id='n307' href='#n307'>307</a>
<a id='n308' href='#n308'>308</a>
<a id='n309' href='#n309'>309</a>
<a id='n310' href='#n310'>310</a>
<a id='n311' href='#n311'>311</a>
<a id='n312' href='#n312'>312</a>
<a id='n313' href='#n313'>313</a>
<a id='n314' href='#n314'>314</a>
<a id='n315' href='#n315'>315</a>
<a id='n316' href='#n316'>316</a>
<a id='n317' href='#n317'>317</a>
<a id='n318' href='#n318'>318</a>
<a id='n319' href='#n319'>319</a>
<a id='n320' href='#n320'>320</a>
<a id='n321' href='#n321'>321</a>
<a id='n322' href='#n322'>322</a>
<a id='n323' href='#n323'>323</a>
<a id='n324' href='#n324'>324</a>
<a id='n325' href='#n325'>325</a>
<a id='n326' href='#n326'>326</a>
<a id='n327' href='#n327'>327</a>
<a id='n328' href='#n328'>328</a>
<a id='n329' href='#n329'>329</a>
<a id='n330' href='#n330'>330</a>
<a id='n331' href='#n331'>331</a>
<a id='n332' href='#n332'>332</a>
<a id='n333' href='#n333'>333</a>
<a id='n334' href='#n334'>334</a>
<a id='n335' href='#n335'>335</a>
<a id='n336' href='#n336'>336</a>
<a id='n337' href='#n337'>337</a>
<a id='n338' href='#n338'>338</a>
<a id='n339' href='#n339'>339</a>
<a id='n340' href='#n340'>340</a>
<a id='n341' href='#n341'>341</a>
<a id='n342' href='#n342'>342</a>
<a id='n343' href='#n343'>343</a>
<a id='n344' href='#n344'>344</a>
<a id='n345' href='#n345'>345</a>
<a id='n346' href='#n346'>346</a>
<a id='n347' href='#n347'>347</a>
<a id='n348' href='#n348'>348</a>
<a id='n349' href='#n349'>349</a>
<a id='n350' href='#n350'>350</a>
<a id='n351' href='#n351'>351</a>
<a id='n352' href='#n352'>352</a>
<a id='n353' href='#n353'>353</a>
<a id='n354' href='#n354'>354</a>
<a id='n355' href='#n355'>355</a>
<a id='n356' href='#n356'>356</a>
<a id='n357' href='#n357'>357</a>
<a id='n358' href='#n358'>358</a>
<a id='n359' href='#n359'>359</a>
<a id='n360' href='#n360'>360</a>
<a id='n361' href='#n361'>361</a>
<a id='n362' href='#n362'>362</a>
<a id='n363' href='#n363'>363</a>
<a id='n364' href='#n364'>364</a>
<a id='n365' href='#n365'>365</a>
<a id='n366' href='#n366'>366</a>
<a id='n367' href='#n367'>367</a>
<a id='n368' href='#n368'>368</a>
<a id='n369' href='#n369'>369</a>
<a id='n370' href='#n370'>370</a>
<a id='n371' href='#n371'>371</a>
<a id='n372' href='#n372'>372</a>
<a id='n373' href='#n373'>373</a>
<a id='n374' href='#n374'>374</a>
<a id='n375' href='#n375'>375</a>
<a id='n376' href='#n376'>376</a>
<a id='n377' href='#n377'>377</a>
<a id='n378' href='#n378'>378</a>
<a id='n379' href='#n379'>379</a>
<a id='n380' href='#n380'>380</a>
<a id='n381' href='#n381'>381</a>
<a id='n382' href='#n382'>382</a>
<a id='n383' href='#n383'>383</a>
<a id='n384' href='#n384'>384</a>
<a id='n385' href='#n385'>385</a>
<a id='n386' href='#n386'>386</a>
<a id='n387' href='#n387'>387</a>
<a id='n388' href='#n388'>388</a>
<a id='n389' href='#n389'>389</a>
<a id='n390' href='#n390'>390</a>
<a id='n391' href='#n391'>391</a>
<a id='n392' href='#n392'>392</a>
<a id='n393' href='#n393'>393</a>
<a id='n394' href='#n394'>394</a>
<a id='n395' href='#n395'>395</a>
<a id='n396' href='#n396'>396</a>
<a id='n397' href='#n397'>397</a>
<a id='n398' href='#n398'>398</a>
<a id='n399' href='#n399'>399</a>
<a id='n400' href='#n400'>400</a>
<a id='n401' href='#n401'>401</a>
<a id='n402' href='#n402'>402</a>
<a id='n403' href='#n403'>403</a>
<a id='n404' href='#n404'>404</a>
<a id='n405' href='#n405'>405</a>
<a id='n406' href='#n406'>406</a>
<a id='n407' href='#n407'>407</a>
<a id='n408' href='#n408'>408</a>
<a id='n409' href='#n409'>409</a>
<a id='n410' href='#n410'>410</a>
<a id='n411' href='#n411'>411</a>
<a id='n412' href='#n412'>412</a>
<a id='n413' href='#n413'>413</a>
<a id='n414' href='#n414'>414</a>
<a id='n415' href='#n415'>415</a>
<a id='n416' href='#n416'>416</a>
<a id='n417' href='#n417'>417</a>
<a id='n418' href='#n418'>418</a>
<a id='n419' href='#n419'>419</a>
<a id='n420' href='#n420'>420</a>
<a id='n421' href='#n421'>421</a>
<a id='n422' href='#n422'>422</a>
<a id='n423' href='#n423'>423</a>
<a id='n424' href='#n424'>424</a>
<a id='n425' href='#n425'>425</a>
<a id='n426' href='#n426'>426</a>
<a id='n427' href='#n427'>427</a>
<a id='n428' href='#n428'>428</a>
<a id='n429' href='#n429'>429</a>
<a id='n430' href='#n430'>430</a>
<a id='n431' href='#n431'>431</a>
<a id='n432' href='#n432'>432</a>
<a id='n433' href='#n433'>433</a>
<a id='n434' href='#n434'>434</a>
<a id='n435' href='#n435'>435</a>
<a id='n436' href='#n436'>436</a>
<a id='n437' href='#n437'>437</a>
<a id='n438' href='#n438'>438</a>
<a id='n439' href='#n439'>439</a>
<a id='n440' href='#n440'>440</a>
<a id='n441' href='#n441'>441</a>
<a id='n442' href='#n442'>442</a>
<a id='n443' href='#n443'>443</a>
<a id='n444' href='#n444'>444</a>
<a id='n445' href='#n445'>445</a>
<a id='n446' href='#n446'>446</a>
<a id='n447' href='#n447'>447</a>
<a id='n448' href='#n448'>448</a>
<a id='n449' href='#n449'>449</a>
<a id='n450' href='#n450'>450</a>
<a id='n451' href='#n451'>451</a>
<a id='n452' href='#n452'>452</a>
<a id='n453' href='#n453'>453</a>
<a id='n454' href='#n454'>454</a>
<a id='n455' href='#n455'>455</a>
<a id='n456' href='#n456'>456</a>
<a id='n457' href='#n457'>457</a>
<a id='n458' href='#n458'>458</a>
<a id='n459' href='#n459'>459</a>
<a id='n460' href='#n460'>460</a>
<a id='n461' href='#n461'>461</a>
<a id='n462' href='#n462'>462</a>
<a id='n463' href='#n463'>463</a>
<a id='n464' href='#n464'>464</a>
<a id='n465' href='#n465'>465</a>
<a id='n466' href='#n466'>466</a>
<a id='n467' href='#n467'>467</a>
<a id='n468' href='#n468'>468</a>
<a id='n469' href='#n469'>469</a>
<a id='n470' href='#n470'>470</a>
<a id='n471' href='#n471'>471</a>
<a id='n472' href='#n472'>472</a>
<a id='n473' href='#n473'>473</a>
<a id='n474' href='#n474'>474</a>
<a id='n475' href='#n475'>475</a>
<a id='n476' href='#n476'>476</a>
<a id='n477' href='#n477'>477</a>
<a id='n478' href='#n478'>478</a>
<a id='n479' href='#n479'>479</a>
<a id='n480' href='#n480'>480</a>
<a id='n481' href='#n481'>481</a>
<a id='n482' href='#n482'>482</a>
<a id='n483' href='#n483'>483</a>
<a id='n484' href='#n484'>484</a>
<a id='n485' href='#n485'>485</a>
<a id='n486' href='#n486'>486</a>
<a id='n487' href='#n487'>487</a>
<a id='n488' href='#n488'>488</a>
<a id='n489' href='#n489'>489</a>
<a id='n490' href='#n490'>490</a>
<a id='n491' href='#n491'>491</a>
<a id='n492' href='#n492'>492</a>
<a id='n493' href='#n493'>493</a>
<a id='n494' href='#n494'>494</a>
<a id='n495' href='#n495'>495</a>
<a id='n496' href='#n496'>496</a>
<a id='n497' href='#n497'>497</a>
<a id='n498' href='#n498'>498</a>
<a id='n499' href='#n499'>499</a>
<a id='n500' href='#n500'>500</a>
<a id='n501' href='#n501'>501</a>
<a id='n502' href='#n502'>502</a>
<a id='n503' href='#n503'>503</a>
<a id='n504' href='#n504'>504</a>
<a id='n505' href='#n505'>505</a>
<a id='n506' href='#n506'>506</a>
<a id='n507' href='#n507'>507</a>
<a id='n508' href='#n508'>508</a>
<a id='n509' href='#n509'>509</a>
<a id='n510' href='#n510'>510</a>
<a id='n511' href='#n511'>511</a>
<a id='n512' href='#n512'>512</a>
<a id='n513' href='#n513'>513</a>
<a id='n514' href='#n514'>514</a>
<a id='n515' href='#n515'>515</a>
<a id='n516' href='#n516'>516</a>
<a id='n517' href='#n517'>517</a>
<a id='n518' href='#n518'>518</a>
<a id='n519' href='#n519'>519</a>
<a id='n520' href='#n520'>520</a>
<a id='n521' href='#n521'>521</a>
<a id='n522' href='#n522'>522</a>
<a id='n523' href='#n523'>523</a>
<a id='n524' href='#n524'>524</a>
<a id='n525' href='#n525'>525</a>
<a id='n526' href='#n526'>526</a>
<a id='n527' href='#n527'>527</a>
<a id='n528' href='#n528'>528</a>
<a id='n529' href='#n529'>529</a>
<a id='n530' href='#n530'>530</a>
<a id='n531' href='#n531'>531</a>
<a id='n532' href='#n532'>532</a>
<a id='n533' href='#n533'>533</a>
<a id='n534' href='#n534'>534</a>
<a id='n535' href='#n535'>535</a>
<a id='n536' href='#n536'>536</a>
<a id='n537' href='#n537'>537</a>
<a id='n538' href='#n538'>538</a>
<a id='n539' href='#n539'>539</a>
<a id='n540' href='#n540'>540</a>
<a id='n541' href='#n541'>541</a>
<a id='n542' href='#n542'>542</a>
<a id='n543' href='#n543'>543</a>
<a id='n544' href='#n544'>544</a>
<a id='n545' href='#n545'>545</a>
<a id='n546' href='#n546'>546</a>
<a id='n547' href='#n547'>547</a>
<a id='n548' href='#n548'>548</a>
<a id='n549' href='#n549'>549</a>
<a id='n550' href='#n550'>550</a>
<a id='n551' href='#n551'>551</a>
<a id='n552' href='#n552'>552</a>
<a id='n553' href='#n553'>553</a>
<a id='n554' href='#n554'>554</a>
<a id='n555' href='#n555'>555</a>
<a id='n556' href='#n556'>556</a>
<a id='n557' href='#n557'>557</a>
<a id='n558' href='#n558'>558</a>
<a id='n559' href='#n559'>559</a>
<a id='n560' href='#n560'>560</a>
<a id='n561' href='#n561'>561</a>
<a id='n562' href='#n562'>562</a>
<a id='n563' href='#n563'>563</a>
<a id='n564' href='#n564'>564</a>
<a id='n565' href='#n565'>565</a>
<a id='n566' href='#n566'>566</a>
<a id='n567' href='#n567'>567</a>
<a id='n568' href='#n568'>568</a>
<a id='n569' href='#n569'>569</a>
<a id='n570' href='#n570'>570</a>
<a id='n571' href='#n571'>571</a>
<a id='n572' href='#n572'>572</a>
<a id='n573' href='#n573'>573</a>
<a id='n574' href='#n574'>574</a>
<a id='n575' href='#n575'>575</a>
<a id='n576' href='#n576'>576</a>
<a id='n577' href='#n577'>577</a>
<a id='n578' href='#n578'>578</a>
<a id='n579' href='#n579'>579</a>
<a id='n580' href='#n580'>580</a>
<a id='n581' href='#n581'>581</a>
<a id='n582' href='#n582'>582</a>
<a id='n583' href='#n583'>583</a>
<a id='n584' href='#n584'>584</a>
<a id='n585' href='#n585'>585</a>
<a id='n586' href='#n586'>586</a>
<a id='n587' href='#n587'>587</a>
<a id='n588' href='#n588'>588</a>
<a id='n589' href='#n589'>589</a>
<a id='n590' href='#n590'>590</a>
<a id='n591' href='#n591'>591</a>
<a id='n592' href='#n592'>592</a>
<a id='n593' href='#n593'>593</a>
<a id='n594' href='#n594'>594</a>
<a id='n595' href='#n595'>595</a>
<a id='n596' href='#n596'>596</a>
<a id='n597' href='#n597'>597</a>
<a id='n598' href='#n598'>598</a>
<a id='n599' href='#n599'>599</a>
<a id='n600' href='#n600'>600</a>
<a id='n601' href='#n601'>601</a>
<a id='n602' href='#n602'>602</a>
<a id='n603' href='#n603'>603</a>
<a id='n604' href='#n604'>604</a>
<a id='n605' href='#n605'>605</a>
<a id='n606' href='#n606'>606</a>
<a id='n607' href='#n607'>607</a>
<a id='n608' href='#n608'>608</a>
<a id='n609' href='#n609'>609</a>
<a id='n610' href='#n610'>610</a>
<a id='n611' href='#n611'>611</a>
<a id='n612' href='#n612'>612</a>
<a id='n613' href='#n613'>613</a>
<a id='n614' href='#n614'>614</a>
<a id='n615' href='#n615'>615</a>
<a id='n616' href='#n616'>616</a>
<a id='n617' href='#n617'>617</a>
<a id='n618' href='#n618'>618</a>
<a id='n619' href='#n619'>619</a>
<a id='n620' href='#n620'>620</a>
<a id='n621' href='#n621'>621</a>
<a id='n622' href='#n622'>622</a>
<a id='n623' href='#n623'>623</a>
<a id='n624' href='#n624'>624</a>
<a id='n625' href='#n625'>625</a>
<a id='n626' href='#n626'>626</a>
<a id='n627' href='#n627'>627</a>
<a id='n628' href='#n628'>628</a>
<a id='n629' href='#n629'>629</a>
<a id='n630' href='#n630'>630</a>
<a id='n631' href='#n631'>631</a>
<a id='n632' href='#n632'>632</a>
<a id='n633' href='#n633'>633</a>
<a id='n634' href='#n634'>634</a>
<a id='n635' href='#n635'>635</a>
<a id='n636' href='#n636'>636</a>
<a id='n637' href='#n637'>637</a>
<a id='n638' href='#n638'>638</a>
<a id='n639' href='#n639'>639</a>
<a id='n640' href='#n640'>640</a>
<a id='n641' href='#n641'>641</a>
<a id='n642' href='#n642'>642</a>
<a id='n643' href='#n643'>643</a>
<a id='n644' href='#n644'>644</a>
<a id='n645' href='#n645'>645</a>
<a id='n646' href='#n646'>646</a>
<a id='n647' href='#n647'>647</a>
<a id='n648' href='#n648'>648</a>
<a id='n649' href='#n649'>649</a>
<a id='n650' href='#n650'>650</a>
<a id='n651' href='#n651'>651</a>
<a id='n652' href='#n652'>652</a>
<a id='n653' href='#n653'>653</a>
<a id='n654' href='#n654'>654</a>
<a id='n655' href='#n655'>655</a>
<a id='n656' href='#n656'>656</a>
<a id='n657' href='#n657'>657</a>
<a id='n658' href='#n658'>658</a>
<a id='n659' href='#n659'>659</a>
<a id='n660' href='#n660'>660</a>
<a id='n661' href='#n661'>661</a>
<a id='n662' href='#n662'>662</a>
<a id='n663' href='#n663'>663</a>
<a id='n664' href='#n664'>664</a>
<a id='n665' href='#n665'>665</a>
<a id='n666' href='#n666'>666</a>
<a id='n667' href='#n667'>667</a>
<a id='n668' href='#n668'>668</a>
<a id='n669' href='#n669'>669</a>
<a id='n670' href='#n670'>670</a>
<a id='n671' href='#n671'>671</a>
<a id='n672' href='#n672'>672</a>
<a id='n673' href='#n673'>673</a>
<a id='n674' href='#n674'>674</a>
<a id='n675' href='#n675'>675</a>
<a id='n676' href='#n676'>676</a>
<a id='n677' href='#n677'>677</a>
<a id='n678' href='#n678'>678</a>
<a id='n679' href='#n679'>679</a>
<a id='n680' href='#n680'>680</a>
<a id='n681' href='#n681'>681</a>
<a id='n682' href='#n682'>682</a>
<a id='n683' href='#n683'>683</a>
<a id='n684' href='#n684'>684</a>
<a id='n685' href='#n685'>685</a>
<a id='n686' href='#n686'>686</a>
<a id='n687' href='#n687'>687</a>
<a id='n688' href='#n688'>688</a>
<a id='n689' href='#n689'>689</a>
<a id='n690' href='#n690'>690</a>
<a id='n691' href='#n691'>691</a>
<a id='n692' href='#n692'>692</a>
<a id='n693' href='#n693'>693</a>
<a id='n694' href='#n694'>694</a>
<a id='n695' href='#n695'>695</a>
<a id='n696' href='#n696'>696</a>
<a id='n697' href='#n697'>697</a>
<a id='n698' href='#n698'>698</a>
<a id='n699' href='#n699'>699</a>
<a id='n700' href='#n700'>700</a>
<a id='n701' href='#n701'>701</a>
<a id='n702' href='#n702'>702</a>
<a id='n703' href='#n703'>703</a>
<a id='n704' href='#n704'>704</a>
<a id='n705' href='#n705'>705</a>
<a id='n706' href='#n706'>706</a>
<a id='n707' href='#n707'>707</a>
<a id='n708' href='#n708'>708</a>
<a id='n709' href='#n709'>709</a>
<a id='n710' href='#n710'>710</a>
<a id='n711' href='#n711'>711</a>
<a id='n712' href='#n712'>712</a>
<a id='n713' href='#n713'>713</a>
<a id='n714' href='#n714'>714</a>
<a id='n715' href='#n715'>715</a>
<a id='n716' href='#n716'>716</a>
<a id='n717' href='#n717'>717</a>
<a id='n718' href='#n718'>718</a>
<a id='n719' href='#n719'>719</a>
<a id='n720' href='#n720'>720</a>
<a id='n721' href='#n721'>721</a>
<a id='n722' href='#n722'>722</a>
<a id='n723' href='#n723'>723</a>
<a id='n724' href='#n724'>724</a>
<a id='n725' href='#n725'>725</a>
<a id='n726' href='#n726'>726</a>
<a id='n727' href='#n727'>727</a>
<a id='n728' href='#n728'>728</a>
<a id='n729' href='#n729'>729</a>
<a id='n730' href='#n730'>730</a>
<a id='n731' href='#n731'>731</a>
<a id='n732' href='#n732'>732</a>
<a id='n733' href='#n733'>733</a>
<a id='n734' href='#n734'>734</a>
<a id='n735' href='#n735'>735</a>
<a id='n736' href='#n736'>736</a>
<a id='n737' href='#n737'>737</a>
<a id='n738' href='#n738'>738</a>
<a id='n739' href='#n739'>739</a>
<a id='n740' href='#n740'>740</a>
<a id='n741' href='#n741'>741</a>
<a id='n742' href='#n742'>742</a>
<a id='n743' href='#n743'>743</a>
<a id='n744' href='#n744'>744</a>
<a id='n745' href='#n745'>745</a>
<a id='n746' href='#n746'>746</a>
<a id='n747' href='#n747'>747</a>
<a id='n748' href='#n748'>748</a>
<a id='n749' href='#n749'>749</a>
<a id='n750' href='#n750'>750</a>
<a id='n751' href='#n751'>751</a>
<a id='n752' href='#n752'>752</a>
<a id='n753' href='#n753'>753</a>
<a id='n754' href='#n754'>754</a>
<a id='n755' href='#n755'>755</a>
<a id='n756' href='#n756'>756</a>
<a id='n757' href='#n757'>757</a>
<a id='n758' href='#n758'>758</a>
<a id='n759' href='#n759'>759</a>
<a id='n760' href='#n760'>760</a>
<a id='n761' href='#n761'>761</a>
<a id='n762' href='#n762'>762</a>
<a id='n763' href='#n763'>763</a>
<a id='n764' href='#n764'>764</a>
<a id='n765' href='#n765'>765</a>
<a id='n766' href='#n766'>766</a>
<a id='n767' href='#n767'>767</a>
<a id='n768' href='#n768'>768</a>
<a id='n769' href='#n769'>769</a>
<a id='n770' href='#n770'>770</a>
<a id='n771' href='#n771'>771</a>
<a id='n772' href='#n772'>772</a>
<a id='n773' href='#n773'>773</a>
<a id='n774' href='#n774'>774</a>
<a id='n775' href='#n775'>775</a>
<a id='n776' href='#n776'>776</a>
<a id='n777' href='#n777'>777</a>
<a id='n778' href='#n778'>778</a>
<a id='n779' href='#n779'>779</a>
<a id='n780' href='#n780'>780</a>
<a id='n781' href='#n781'>781</a>
<a id='n782' href='#n782'>782</a>
<a id='n783' href='#n783'>783</a>
<a id='n784' href='#n784'>784</a>
<a id='n785' href='#n785'>785</a>
<a id='n786' href='#n786'>786</a>
<a id='n787' href='#n787'>787</a>
<a id='n788' href='#n788'>788</a>
<a id='n789' href='#n789'>789</a>
<a id='n790' href='#n790'>790</a>
<a id='n791' href='#n791'>791</a>
<a id='n792' href='#n792'>792</a>
<a id='n793' href='#n793'>793</a>
<a id='n794' href='#n794'>794</a>
<a id='n795' href='#n795'>795</a>
<a id='n796' href='#n796'>796</a>
<a id='n797' href='#n797'>797</a>
<a id='n798' href='#n798'>798</a>
<a id='n799' href='#n799'>799</a>
<a id='n800' href='#n800'>800</a>
<a id='n801' href='#n801'>801</a>
<a id='n802' href='#n802'>802</a>
<a id='n803' href='#n803'>803</a>
<a id='n804' href='#n804'>804</a>
<a id='n805' href='#n805'>805</a>
<a id='n806' href='#n806'>806</a>
<a id='n807' href='#n807'>807</a>
<a id='n808' href='#n808'>808</a>
<a id='n809' href='#n809'>809</a>
<a id='n810' href='#n810'>810</a>
<a id='n811' href='#n811'>811</a>
<a id='n812' href='#n812'>812</a>
<a id='n813' href='#n813'>813</a>
<a id='n814' href='#n814'>814</a>
<a id='n815' href='#n815'>815</a>
<a id='n816' href='#n816'>816</a>
<a id='n817' href='#n817'>817</a>
<a id='n818' href='#n818'>818</a>
<a id='n819' href='#n819'>819</a>
<a id='n820' href='#n820'>820</a>
<a id='n821' href='#n821'>821</a>
<a id='n822' href='#n822'>822</a>
<a id='n823' href='#n823'>823</a>
<a id='n824' href='#n824'>824</a>
<a id='n825' href='#n825'>825</a>
<a id='n826' href='#n826'>826</a>
<a id='n827' href='#n827'>827</a>
<a id='n828' href='#n828'>828</a>
<a id='n829' href='#n829'>829</a>
<a id='n830' href='#n830'>830</a>
<a id='n831' href='#n831'>831</a>
<a id='n832' href='#n832'>832</a>
<a id='n833' href='#n833'>833</a>
<a id='n834' href='#n834'>834</a>
<a id='n835' href='#n835'>835</a>
<a id='n836' href='#n836'>836</a>
<a id='n837' href='#n837'>837</a>
<a id='n838' href='#n838'>838</a>
<a id='n839' href='#n839'>839</a>
<a id='n840' href='#n840'>840</a>
<a id='n841' href='#n841'>841</a>
<a id='n842' href='#n842'>842</a>
<a id='n843' href='#n843'>843</a>
<a id='n844' href='#n844'>844</a>
<a id='n845' href='#n845'>845</a>
<a id='n846' href='#n846'>846</a>
<a id='n847' href='#n847'>847</a>
<a id='n848' href='#n848'>848</a>
<a id='n849' href='#n849'>849</a>
<a id='n850' href='#n850'>850</a>
<a id='n851' href='#n851'>851</a>
<a id='n852' href='#n852'>852</a>
<a id='n853' href='#n853'>853</a>
<a id='n854' href='#n854'>854</a>
<a id='n855' href='#n855'>855</a>
<a id='n856' href='#n856'>856</a>
<a id='n857' href='#n857'>857</a>
<a id='n858' href='#n858'>858</a>
<a id='n859' href='#n859'>859</a>
<a id='n860' href='#n860'>860</a>
<a id='n861' href='#n861'>861</a>
<a id='n862' href='#n862'>862</a>
<a id='n863' href='#n863'>863</a>
<a id='n864' href='#n864'>864</a>
<a id='n865' href='#n865'>865</a>
<a id='n866' href='#n866'>866</a>
<a id='n867' href='#n867'>867</a>
<a id='n868' href='#n868'>868</a>
<a id='n869' href='#n869'>869</a>
<a id='n870' href='#n870'>870</a>
<a id='n871' href='#n871'>871</a>
<a id='n872' href='#n872'>872</a>
<a id='n873' href='#n873'>873</a>
<a id='n874' href='#n874'>874</a>
<a id='n875' href='#n875'>875</a>
<a id='n876' href='#n876'>876</a>
<a id='n877' href='#n877'>877</a>
<a id='n878' href='#n878'>878</a>
<a id='n879' href='#n879'>879</a>
<a id='n880' href='#n880'>880</a>
<a id='n881' href='#n881'>881</a>
<a id='n882' href='#n882'>882</a>
<a id='n883' href='#n883'>883</a>
<a id='n884' href='#n884'>884</a>
<a id='n885' href='#n885'>885</a>
<a id='n886' href='#n886'>886</a>
<a id='n887' href='#n887'>887</a>
<a id='n888' href='#n888'>888</a>
<a id='n889' href='#n889'>889</a>
<a id='n890' href='#n890'>890</a>
<a id='n891' href='#n891'>891</a>
<a id='n892' href='#n892'>892</a>
<a id='n893' href='#n893'>893</a>
<a id='n894' href='#n894'>894</a>
<a id='n895' href='#n895'>895</a>
<a id='n896' href='#n896'>896</a>
<a id='n897' href='#n897'>897</a>
<a id='n898' href='#n898'>898</a>
<a id='n899' href='#n899'>899</a>
<a id='n900' href='#n900'>900</a>
<a id='n901' href='#n901'>901</a>
<a id='n902' href='#n902'>902</a>
<a id='n903' href='#n903'>903</a>
<a id='n904' href='#n904'>904</a>
<a id='n905' href='#n905'>905</a>
<a id='n906' href='#n906'>906</a>
<a id='n907' href='#n907'>907</a>
<a id='n908' href='#n908'>908</a>
<a id='n909' href='#n909'>909</a>
<a id='n910' href='#n910'>910</a>
<a id='n911' href='#n911'>911</a>
<a id='n912' href='#n912'>912</a>
<a id='n913' href='#n913'>913</a>
<a id='n914' href='#n914'>914</a>
<a id='n915' href='#n915'>915</a>
<a id='n916' href='#n916'>916</a>
<a id='n917' href='#n917'>917</a>
<a id='n918' href='#n918'>918</a>
<a id='n919' href='#n919'>919</a>
<a id='n920' href='#n920'>920</a>
<a id='n921' href='#n921'>921</a>
<a id='n922' href='#n922'>922</a>
<a id='n923' href='#n923'>923</a>
<a id='n924' href='#n924'>924</a>
<a id='n925' href='#n925'>925</a>
<a id='n926' href='#n926'>926</a>
<a id='n927' href='#n927'>927</a>
<a id='n928' href='#n928'>928</a>
<a id='n929' href='#n929'>929</a>
<a id='n930' href='#n930'>930</a>
<a id='n931' href='#n931'>931</a>
<a id='n932' href='#n932'>932</a>
<a id='n933' href='#n933'>933</a>
<a id='n934' href='#n934'>934</a>
<a id='n935' href='#n935'>935</a>
<a id='n936' href='#n936'>936</a>
<a id='n937' href='#n937'>937</a>
<a id='n938' href='#n938'>938</a>
<a id='n939' href='#n939'>939</a>
<a id='n940' href='#n940'>940</a>
<a id='n941' href='#n941'>941</a>
<a id='n942' href='#n942'>942</a>
<a id='n943' href='#n943'>943</a>
<a id='n944' href='#n944'>944</a>
<a id='n945' href='#n945'>945</a>
<a id='n946' href='#n946'>946</a>
<a id='n947' href='#n947'>947</a>
<a id='n948' href='#n948'>948</a>
<a id='n949' href='#n949'>949</a>
<a id='n950' href='#n950'>950</a>
<a id='n951' href='#n951'>951</a>
<a id='n952' href='#n952'>952</a>
<a id='n953' href='#n953'>953</a>
<a id='n954' href='#n954'>954</a>
<a id='n955' href='#n955'>955</a>
<a id='n956' href='#n956'>956</a>
<a id='n957' href='#n957'>957</a>
<a id='n958' href='#n958'>958</a>
<a id='n959' href='#n959'>959</a>
<a id='n960' href='#n960'>960</a>
<a id='n961' href='#n961'>961</a>
<a id='n962' href='#n962'>962</a>
<a id='n963' href='#n963'>963</a>
<a id='n964' href='#n964'>964</a>
<a id='n965' href='#n965'>965</a>
</pre></td>
<td class='lines'><pre><code><span class="hl kwa">package</span> authentication<span class="hl opt">;</span> <span class="hl slc"># $Id: authentication.pm 269894 2010-06-05 20:50:23Z tv $</span>
<span class="hl kwa">use</span> common<span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$authentication</span><span class="hl opt">;</span>
<span class="hl kwa">sub</span> kinds <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl kwb">$no_para</span> <span class="hl opt">=</span> <span class="hl kwb">@_</span> <span class="hl opt">==</span> <span class="hl num">0</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$do_pkgs, $_meta_class</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$allow_SmartCard</span> <span class="hl opt">=</span> <span class="hl kwb">$no_para</span> <span class="hl opt">||</span> <span class="hl kwb">$do_pkgs</span><span class="hl opt">-></span><span class="hl kwd">is_available</span><span class="hl opt">(</span><span class="hl str">'castella-pam'</span><span class="hl opt">);</span>
<span class="hl opt">(</span>
<span class="hl str">'LDAP'</span><span class="hl opt">,</span>
<span class="hl str">'KRB5'</span><span class="hl opt">,</span>
<span class="hl str">'winbind'</span><span class="hl opt">,</span>
<span class="hl str">'NIS'</span><span class="hl opt">,</span>
if_<span class="hl opt">(</span><span class="hl kwb">$allow_SmartCard,</span> <span class="hl str">'SmartCard'</span><span class="hl opt">),</span>
<span class="hl str">'local'</span><span class="hl opt">,</span>
<span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> kind2name <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl slc"># Keep the following strings in sync with kind2description ones!!!</span>
<span class="hl opt">${{</span> <span class="hl kwc">local</span> <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Local file"</span><span class="hl opt">),</span>
LDAP <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"LDAP"</span><span class="hl opt">),</span>
NIS <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"NIS"</span><span class="hl opt">),</span>
SmartCard <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Smart Card"</span><span class="hl opt">),</span>
winbind <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Windows Domain"</span><span class="hl opt">),</span>
KRB5 <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Kerberos 5"</span><span class="hl opt">) }}{</span><span class="hl kwb">$kind</span><span class="hl opt">};</span>
<span class="hl opt">}</span>
<span class="hl kwc">my</span> <span class="hl kwb">%kind2pam_kind</span> <span class="hl opt">= (</span>
<span class="hl kwc">local</span> <span class="hl opt">=> [],</span>
SmartCard <span class="hl opt">=> [</span><span class="hl str">'castella'</span><span class="hl opt">],</span>
LDAP <span class="hl opt">=> [</span><span class="hl str">'ldap'</span><span class="hl opt">],</span>
NIS <span class="hl opt">=> [],</span>
KRB5 <span class="hl opt">=> [</span><span class="hl str">'krb5'</span><span class="hl opt">],</span>
winbind <span class="hl opt">=> [</span><span class="hl str">'winbind'</span><span class="hl opt">],</span>
<span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">%kind2nsswitch</span> <span class="hl opt">= (</span>
<span class="hl kwc">local</span> <span class="hl opt">=> [],</span>
SmartCard <span class="hl opt">=> [],</span>
LDAP <span class="hl opt">=> [</span><span class="hl str">'ldap'</span><span class="hl opt">],</span>
NIS <span class="hl opt">=> [</span><span class="hl str">'nis'</span><span class="hl opt">],</span>
KRB5 <span class="hl opt">=> [</span><span class="hl str">'ldap'</span><span class="hl opt">],</span>
winbind <span class="hl opt">=> [</span><span class="hl str">'winbind'</span><span class="hl opt">],</span>
<span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">$lib</span> <span class="hl opt">= (</span>arch<span class="hl opt">() =~</span> <span class="hl kwd">/x86_64/</span> ? <span class="hl str">'lib64'</span> <span class="hl opt">:</span> <span class="hl str">'lib'</span><span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">%kind2packages</span> <span class="hl opt">= (</span>
<span class="hl kwc">local</span> <span class="hl opt">=> [],</span>
SmartCard <span class="hl opt">=> [</span> <span class="hl str">'castella-pam'</span> <span class="hl opt">],</span>
LDAP <span class="hl opt">=> [</span> <span class="hl str">'openldap-clients'</span><span class="hl opt">,</span> <span class="hl str">'nss_ldap'</span><span class="hl opt">,</span> <span class="hl str">'pam_ldap'</span><span class="hl opt">,</span> <span class="hl str">'autofs'</span><span class="hl opt">,</span> <span class="hl str">'nss_updatedb'</span> <span class="hl opt">],</span>
KRB5 <span class="hl opt">=> [</span> <span class="hl str">'nss_ldap'</span><span class="hl opt">,</span> <span class="hl str">'pam_krb5'</span><span class="hl opt">,</span> <span class="hl str">"${lib}sasl2-plug-gssapi"</span><span class="hl opt">,</span> <span class="hl str">'nss_updatedb'</span> <span class="hl opt">],</span>
NIS <span class="hl opt">=> [</span> <span class="hl str">'ypbind'</span><span class="hl opt">,</span> <span class="hl str">'autofs'</span> <span class="hl opt">],</span>
winbind <span class="hl opt">=> [</span> <span class="hl str">'samba-winbind'</span><span class="hl opt">,</span> <span class="hl str">'nss_ldap'</span><span class="hl opt">,</span> <span class="hl str">'pam_krb5'</span><span class="hl opt">,</span> <span class="hl str">"${lib}sasl2-plug-gssapi"</span> <span class="hl opt">],</span>
<span class="hl opt">);</span>
<span class="hl kwa">sub</span> kind2description_raw <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">@kinds</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">%kind2description</span> <span class="hl opt">= (</span>
<span class="hl kwc">local</span> <span class="hl opt">=> [</span> N<span class="hl opt">(</span><span class="hl str">"Local file:"</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">"Use local for all authentication and information user tell in local file"</span><span class="hl opt">), ],</span>
LDAP <span class="hl opt">=> [</span> N<span class="hl opt">(</span><span class="hl str">"LDAP:"</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">"Tells your computer to use LDAP for some or all authentication. LDAP consolidates certain types of information within your organization."</span><span class="hl opt">), ],</span>
NIS <span class="hl opt">=> [</span> N<span class="hl opt">(</span><span class="hl str">"NIS:"</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">"Allows you to run a group of computers in the same Network Information Service domain with a common password and group file."</span><span class="hl opt">), ],</span>
winbind <span class="hl opt">=> [</span> N<span class="hl opt">(</span><span class="hl str">"Windows Domain:"</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">"Winbind allows the system to retrieve information and authenticate users in a Windows domain."</span><span class="hl opt">), ],</span>
KRB5 <span class="hl opt">=> [</span> N<span class="hl opt">(</span><span class="hl str">"Kerberos 5 :"</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">"With Kerberos and LDAP for authentication in Active Directory Server "</span><span class="hl opt">), ],</span>
<span class="hl opt">);</span>
<span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwb">$_</span> ? <span class="hl str">qq(</span><span class="hl ipl">$_</span><span class="hl str">->[0]</span><span class="hl esc">\n</span><span class="hl str"></span><span class="hl ipl">$_</span><span class="hl str">->[1])</span> <span class="hl opt">:</span> <span class="hl str">''</span> <span class="hl opt">}</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwb">$kind2description</span><span class="hl opt">{</span><span class="hl kwb">$_</span><span class="hl opt">} }</span> <span class="hl kwb">@kinds</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> kind2description <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">@kinds</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwb">$_</span> ? <span class="hl str">qq(</span><span class="hl ipl">$_\n\n</span><span class="hl str">)</span> <span class="hl opt">:</span> <span class="hl str">''</span> <span class="hl opt">}</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> kind2description_raw<span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">) }</span> <span class="hl kwb">@kinds</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> to_kind <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl opt">(</span>find <span class="hl opt">{</span> <span class="hl kwc">exists</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span><span class="hl kwb">$_</span><span class="hl opt">} }</span> kinds<span class="hl opt">()) ||</span> <span class="hl str">'local'</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> domain_to_ldap_domain <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$domain</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">','</span><span class="hl opt">,</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl str">"dc=</span><span class="hl ipl">$_</span><span class="hl str">"</span> <span class="hl opt">}</span> <span class="hl kwc">split</span> <span class="hl kwd">/\./</span><span class="hl opt">,</span> <span class="hl kwb">$domain</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> ask_parameters <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $net, $authentication, $kind</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl slc">#- keep only this authentication kind</span>
<span class="hl kwa">foreach</span> <span class="hl opt">(</span>kinds<span class="hl opt">()) {</span>
<span class="hl kwc">delete</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span><span class="hl kwb">$_</span><span class="hl opt">}</span> <span class="hl kwa">if</span> <span class="hl kwb">$_</span> <span class="hl kwc">ne</span> <span class="hl kwb">$kind</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl slc"># do not enable ccreds unless required</span>
<span class="hl kwc">undef</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">};</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'LDAP'</span><span class="hl opt">) {</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} ||=</span> domain_to_ldap_domain<span class="hl opt">(</span><span class="hl kwb">$net</span><span class="hl opt">->{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">});</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">} =</span> <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl slc"># this package must be installed for 'Fetch DN' button to actually work</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">do_pkgs</span><span class="hl opt">-></span><span class="hl kwd">ensure_are_installed</span><span class="hl opt">([</span> <span class="hl str">'openldap-clients'</span> <span class="hl opt">],</span> <span class="hl num">1</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span>
<span class="hl opt">[ {</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Welcome to the Authentication Wizard"</span><span class="hl opt">),</span> title <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"You have selected LDAP authentication. Please review the configuration options below "</span><span class="hl opt">), },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"LDAP Server"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_server<span class="hl opt">} },</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Base dn"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} },</span>
<span class="hl opt">{</span> val <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Fetch base Dn "</span><span class="hl opt">),</span> type <span class="hl opt">=></span> <span class="hl str">'button'</span> <span class="hl opt">,</span> clicked_may_quit <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} =</span> fetch_dn<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_server<span class="hl opt">});</span> <span class="hl num">0</span> <span class="hl opt">} },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use encrypt connection with TLS "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>cafile<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> val <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Download CA Certificate "</span><span class="hl opt">),</span> type <span class="hl opt">=></span> <span class="hl str">'button'</span> <span class="hl opt">,</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>cafile<span class="hl opt">} },</span> clicked_may_quit <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>file<span class="hl opt">} =</span> add_cafile<span class="hl opt">();</span> <span class="hl num">0</span> <span class="hl opt">} },</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use Disconnect mode "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use anonymous BIND "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>anonymous<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span> <span class="hl opt">,</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Bind DN "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_binddn<span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>anonymous<span class="hl opt">} },</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Bind Password "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_bindpwd<span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>anonymous<span class="hl opt">} },</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Advanced path for group "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nssgrp<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span> <span class="hl opt">,</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Password base"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nss_pwd<span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nssgrp<span class="hl opt">} },</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Group base"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nss_grp<span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nssgrp<span class="hl opt">} },</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Shadow base"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nss_shadow<span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nssgrp<span class="hl opt">} },</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'KRB5'</span><span class="hl opt">) {</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_domain<span class="hl opt">} ||=</span> <span class="hl kwb">$net</span><span class="hl opt">->{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">};</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">do_pkgs</span><span class="hl opt">-></span><span class="hl kwd">ensure_are_installed</span><span class="hl opt">([</span> <span class="hl str">'perl-Net-DNS'</span> <span class="hl opt">],</span> <span class="hl num">1</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">@srvs</span> <span class="hl opt">=</span> query_srv_names<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_domain<span class="hl opt">});</span> <span class="hl slc">#FIXME: update this list if the REALM has changed</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_server<span class="hl opt">} ||=</span> <span class="hl kwb">$srvs</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]</span> <span class="hl kwa">if</span> <span class="hl kwb">@srvs</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$AD_user</span> <span class="hl opt">=</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_user<span class="hl opt">} =~</span> <span class="hl kwd">/(.*)\@\Q$authentication->{AD_domain}\E$/</span> ? <span class="hl kwb">$1</span> <span class="hl opt">:</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_user<span class="hl opt">};</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">} =</span> <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span>
<span class="hl opt">[ {</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Welcome to the Authentication Wizard"</span><span class="hl opt">),</span> title <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"You have selected Kerberos 5 authentication. Please review the configuration options below "</span><span class="hl opt">), },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Realm "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_domain<span class="hl opt">} },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"KDCs Servers"</span><span class="hl opt">),</span> title <span class="hl opt">=></span> <span class="hl num">1</span><span class="hl opt">,</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_server<span class="hl opt">} ,</span> list <span class="hl opt">=></span> \<span class="hl kwb">@srvs</span> <span class="hl opt">,</span> not_edit <span class="hl opt">=></span> <span class="hl num">0</span><span class="hl opt">,</span> title <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use DNS to locate KDC for the realm"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>KRB_host_lookup<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use DNS to locate realms"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>KRB_dns_lookup<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use Disconnect mode "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span> <span class="hl opt">},</span>
<span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">%level</span> <span class="hl opt">= (</span>
<span class="hl num">1</span> <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use local file for users information"</span><span class="hl opt">),</span>
<span class="hl num">2</span> <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use LDAP for users information"</span><span class="hl opt">),</span>
<span class="hl opt">);</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span>
<span class="hl opt">[ {</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span> title <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"You have selected Kerberos 5 for authentication, now you must choose the type of users information "</span><span class="hl opt">), },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> <span class="hl str">""</span> <span class="hl opt">,</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nsskrb<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'list'</span><span class="hl opt">,</span> list <span class="hl opt">=> [</span> <span class="hl kwc">keys</span> <span class="hl kwb">%level</span> <span class="hl opt">],</span> format <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$level</span><span class="hl opt">{</span><span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]} } },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"LDAP Server"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_server<span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"1"</span> <span class="hl opt">} },</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Base dn"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} ,</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"1"</span> <span class="hl opt">} },</span>
<span class="hl opt">{</span> val <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Fecth base Dn "</span><span class="hl opt">),</span> type <span class="hl opt">=></span> <span class="hl str">'button'</span> <span class="hl opt">,</span> clicked_may_quit <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} =</span> fetch_dn<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_server<span class="hl opt">});</span> <span class="hl num">0</span> <span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"1"</span> <span class="hl opt">} },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use encrypt connection with TLS "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>cafile<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span><span class="hl opt">,,</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"1"</span> <span class="hl opt">} },</span>
<span class="hl opt">{</span> val <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Download CA Certificate "</span><span class="hl opt">),</span> type <span class="hl opt">=></span> <span class="hl str">'button'</span> <span class="hl opt">,</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>cafile<span class="hl opt">} },</span> clicked_may_quit <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>file<span class="hl opt">} =</span> add_cafile<span class="hl opt">();</span> <span class="hl num">0</span> <span class="hl opt">} },</span>
<span class="hl opt">{</span> text <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Use anonymous BIND "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>anonymous<span class="hl opt">},</span> type <span class="hl opt">=></span> <span class="hl str">'bool'</span><span class="hl opt">,</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"1"</span> <span class="hl opt">} },</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Bind DN "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_binddn<span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>anonymous<span class="hl opt">} } },</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Bind Password "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_bindpwd<span class="hl opt">},</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>anonymous<span class="hl opt">} } },</span>
<span class="hl opt">{},</span>
<span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_user<span class="hl opt">} = !</span><span class="hl kwb">$AD_user</span> <span class="hl opt">||</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>sub_kind<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">'anonymous'</span> ? <span class="hl str">''</span> <span class="hl opt">:</span>
<span class="hl kwb">$AD_user</span> <span class="hl opt">=~</span> <span class="hl kwd">/@/</span> ? <span class="hl kwb">$AD_user</span> <span class="hl opt">:</span> <span class="hl str">"</span><span class="hl ipl">$AD_user\@$authentication</span><span class="hl str">->{AD_domain}"</span><span class="hl opt">;</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_password<span class="hl opt">} =</span> <span class="hl str">''</span> <span class="hl kwa">if</span> <span class="hl opt">!</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_user<span class="hl opt">};</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'NIS'</span><span class="hl opt">) {</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>NIS_server<span class="hl opt">} ||=</span> <span class="hl str">'broadcast'</span><span class="hl opt">;</span>
<span class="hl kwb">$net</span><span class="hl opt">->{</span>network<span class="hl opt">}{</span>NISDOMAIN<span class="hl opt">} ||=</span> <span class="hl kwb">$net</span><span class="hl opt">->{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">};</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span>
<span class="hl opt">[ {</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Welcome to the Authentication Wizard"</span><span class="hl opt">),</span> title <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"You have selected NIS authentication. Please review the configuration options below "</span><span class="hl opt">), },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"NIS Domain"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$net</span><span class="hl opt">->{</span>network<span class="hl opt">}{</span>NISDOMAIN<span class="hl opt">} },</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"NIS Server"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>NIS_server<span class="hl opt">},</span> list <span class="hl opt">=> [</span><span class="hl str">"broadcast"</span><span class="hl opt">],</span> not_edit <span class="hl opt">=></span> <span class="hl num">0</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'winbind'</span><span class="hl opt">) {</span>
<span class="hl slc">#- maybe we should browse the network like diskdrake --smb and get the 'doze server names in a list </span>
<span class="hl slc">#- but networking is not setup yet necessarily</span>
<span class="hl slc">#</span>
<span class="hl kwc">my</span> <span class="hl kwb">@sec_domain</span> <span class="hl opt">= (</span>
<span class="hl str">"Windows Active Directory Domain"</span><span class="hl opt">,</span>
<span class="hl str">"Windows NT4 Domain"</span><span class="hl opt">,</span>
<span class="hl opt">);</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>DNS_domain<span class="hl opt">} ||=</span> <span class="hl kwb">$net</span><span class="hl opt">->{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">};</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>WINDOMAIN<span class="hl opt">} ||=</span> <span class="hl kwb">$net</span><span class="hl opt">->{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">};</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">do_pkgs</span><span class="hl opt">-></span><span class="hl kwd">ensure_are_installed</span><span class="hl opt">([</span> <span class="hl str">'samba-client'</span> <span class="hl opt">],</span> <span class="hl num">1</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">@domains</span><span class="hl opt">=</span>list_domains<span class="hl opt">();</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">),</span>
<span class="hl opt">[ {</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Welcome to the Authentication Wizard"</span><span class="hl opt">),</span> title <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"You have selected Windows Domain authentication. Please review the configuration options below "</span><span class="hl opt">), },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Windows Domain"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>WINDOMAIN<span class="hl opt">},</span> list <span class="hl opt">=></span> \<span class="hl kwb">@domains,</span> not_edit <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Domain Model "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>model<span class="hl opt">},</span> list <span class="hl opt">=></span> \<span class="hl kwb">@sec_domain</span> <span class="hl opt">,</span> not_edit <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Active Directory Realm "</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_domain<span class="hl opt">} ,</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>model<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"Windows NT4 Domain"</span> <span class="hl opt">} },</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"DNS Domain"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>DNS_domain<span class="hl opt">} ,</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>model<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"Windows NT4 Domain"</span> <span class="hl opt">} },</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"DC Server"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_server<span class="hl opt">} ,</span> disabled <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>model<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"Windows NT4 Domain"</span> <span class="hl opt">} },</span>
<span class="hl opt">{},</span>
<span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span><span class="hl kwb">$kind</span><span class="hl opt">} ||=</span> <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> ask_root_password_and_authentication <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $net, $superuser, $authentication, $meta_class, $security</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$kind</span> <span class="hl opt">=</span> to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">@kinds</span> <span class="hl opt">=</span> kinds<span class="hl opt">(</span><span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">do_pkgs</span><span class="hl opt">,</span> <span class="hl kwb">$meta_class</span><span class="hl opt">);</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_from_</span><span class="hl opt">({</span>
title <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Authentication"</span><span class="hl opt">),</span>
messages <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Set administrator (root) password"</span><span class="hl opt">),</span>
advanced_label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Authentication method"</span><span class="hl opt">),</span>
advanced_messages <span class="hl opt">=></span> kind2description<span class="hl opt">(</span><span class="hl kwb">@kinds</span><span class="hl opt">),</span>
interactive_help_id <span class="hl opt">=></span> <span class="hl str">"setRootPassword"</span><span class="hl opt">,</span>
cancel <span class="hl opt">=> (</span><span class="hl kwb">$security</span> <span class="hl opt"><=</span> <span class="hl num">2</span> ?
<span class="hl slc">#-PO: keep this short or else the buttons will not fit in the window</span>
N<span class="hl opt">(</span><span class="hl str">"No password"</span><span class="hl opt">) :</span> <span class="hl str">''</span><span class="hl opt">),</span>
focus_first <span class="hl opt">=></span> <span class="hl num">1</span><span class="hl opt">,</span>
callbacks <span class="hl opt">=> {</span>
complete <span class="hl opt">=></span> <span class="hl kwa">sub</span> <span class="hl opt">{</span>
check_given_password<span class="hl opt">(</span><span class="hl kwb">$in, $superuser,</span> <span class="hl num">2</span> <span class="hl opt">*</span> <span class="hl kwb">$security</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span> <span class="hl num">1</span><span class="hl opt">,</span><span class="hl num">0</span><span class="hl opt">;</span>
<span class="hl kwa">return</span> <span class="hl num">0</span><span class="hl opt">;</span>
<span class="hl opt">} } }, [</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Password"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$superuser</span><span class="hl opt">->{</span>password<span class="hl opt">},</span> hidden <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Password (again)"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$superuser</span><span class="hl opt">->{</span>password2<span class="hl opt">},</span> hidden <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Authentication"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$kind,</span> type <span class="hl opt">=></span> <span class="hl str">'list'</span><span class="hl opt">,</span> list <span class="hl opt">=></span> \<span class="hl kwb">@kinds,</span> format <span class="hl opt">=></span> \<span class="hl opt">&</span>kind2name<span class="hl opt">,</span> advanced <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">])</span> <span class="hl kwc">or delete</span> <span class="hl kwb">$superuser</span><span class="hl opt">->{</span>password<span class="hl opt">};</span>
ask_parameters<span class="hl opt">(</span><span class="hl kwb">$in, $net, $authentication, $kind</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">goto</span> <span class="hl opt">&</span>ask_root_password_and_authentication<span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> check_given_password <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $u, $min_length</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">->{</span>password<span class="hl opt">}</span> <span class="hl kwc">ne</span> <span class="hl kwb">$u</span><span class="hl opt">->{</span>password2<span class="hl opt">}) {</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_warn</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">, [</span> N<span class="hl opt">(</span><span class="hl str">"The passwords do not match"</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">"Please try again"</span><span class="hl opt">) ]);</span>
<span class="hl num">0</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwc">length</span> <span class="hl kwb">$u</span><span class="hl opt">->{</span>password<span class="hl opt">} <</span> <span class="hl kwb">$min_length</span><span class="hl opt">) {</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_warn</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">"This password is too short (it must be at least</span> <span class="hl ipl">%d</span> <span class="hl str">characters long)"</span><span class="hl opt">,</span> <span class="hl kwb">$min_length</span><span class="hl opt">));</span>
<span class="hl num">0</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> get<span class="hl opt">() {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$system_auth</span> <span class="hl opt">=</span> cat_<span class="hl opt">(</span><span class="hl str">"/etc/pam.d/system-auth"</span><span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">$authentication</span> <span class="hl opt">= {</span>
blowfish <span class="hl opt">=></span> to_bool<span class="hl opt">(</span><span class="hl kwb">$system_auth</span> <span class="hl opt">=~</span> <span class="hl kwd">/\$2a\$/</span><span class="hl opt">),</span>
md5 <span class="hl opt">=></span> to_bool<span class="hl opt">(</span><span class="hl kwb">$system_auth</span> <span class="hl opt">=~</span> <span class="hl kwd">/md5/</span><span class="hl opt">),</span>
shadow <span class="hl opt">=></span> to_bool<span class="hl opt">(</span><span class="hl kwb">$system_auth</span> <span class="hl opt">=~</span> <span class="hl kwd">/shadow/</span><span class="hl opt">),</span>
<span class="hl opt">};</span>
<span class="hl kwc">my</span> <span class="hl kwb">@pam_kinds</span> <span class="hl opt">=</span> get_pam_authentication_kinds<span class="hl opt">();</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$kind</span> <span class="hl opt">=</span> find <span class="hl opt">{</span> intersection<span class="hl opt">(</span>\<span class="hl kwb">@pam_kinds, $kind2pam_kind</span><span class="hl opt">{</span><span class="hl kwb">$_</span><span class="hl opt">}) }</span> <span class="hl kwc">keys</span> <span class="hl kwb">%kind2pam_kind</span><span class="hl opt">) {</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span><span class="hl kwb">$kind</span><span class="hl opt">} =</span> <span class="hl str">''</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl slc">#- we can't use pam to detect NIS</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$yp_conf</span> <span class="hl opt">=</span> read_yp_conf<span class="hl opt">()) {</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>NIS<span class="hl opt">} =</span> <span class="hl num">1</span><span class="hl opt">;</span>
map_each <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span><span class="hl str">"NIS_$::a"</span><span class="hl opt">} = $::</span>b <span class="hl opt">}</span> <span class="hl kwb">%$yp_conf</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwb">$authentication</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> install_needed_packages <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$do_pkgs, $kind, $ccreds</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$pkgs</span> <span class="hl opt">=</span> <span class="hl kwb">$kind2packages</span><span class="hl opt">{</span><span class="hl kwb">$kind</span><span class="hl opt">}) {</span>
<span class="hl slc"># install ccreds if required</span>
<span class="hl kwb">$ccreds</span> <span class="hl kwc">and push</span><span class="hl opt">(</span><span class="hl kwb">@$pkgs,</span> <span class="hl str">'pam_ccreds'</span><span class="hl opt">);</span>
<span class="hl slc">#- automatic during install</span>
<span class="hl kwb">$do_pkgs</span><span class="hl opt">-></span><span class="hl kwd">ensure_are_installed</span><span class="hl opt">(</span><span class="hl kwb">$pkgs,</span> <span class="hl opt">$::</span>isInstall<span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl kwc">log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">"ERROR:</span> <span class="hl ipl">$kind</span> <span class="hl str">not listed in kind2packages"</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> set <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $net, $authentication, $o_when_network_is_up</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
install_needed_packages<span class="hl opt">(</span><span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">do_pkgs</span><span class="hl opt">,</span> to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">),</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">})</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
set_raw<span class="hl opt">(</span><span class="hl kwb">$net, $authentication, $o_when_network_is_up</span><span class="hl opt">);</span>
<span class="hl kwa">require</span> services<span class="hl opt">;</span>
services<span class="hl opt">::</span>set_status<span class="hl opt">(</span><span class="hl str">'network-auth'</span><span class="hl opt">,</span> to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">)</span> <span class="hl kwc">ne</span> <span class="hl str">'local'</span><span class="hl opt">,</span> <span class="hl str">'dont_apply'</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> set_raw <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$net, $authentication, $o_when_network_is_up</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$conf_file</span> <span class="hl opt">=</span> <span class="hl str">"$::prefix/etc/sysconfig/drakauth"</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$when_network_is_up</span> <span class="hl opt">=</span> <span class="hl kwb">$o_when_network_is_up</span> <span class="hl opt">||</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$f</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span> <span class="hl kwb">$f</span><span class="hl opt">->() };</span>
enable_shadow<span class="hl opt">()</span> <span class="hl kwa">if</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>shadow<span class="hl opt">};</span>
<span class="hl kwc">my</span> <span class="hl kwb">$kind</span> <span class="hl opt">=</span> to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
<span class="hl kwc">log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">"authentication::set</span> <span class="hl ipl">$kind</span><span class="hl str">"</span><span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">$pam_modules</span> <span class="hl opt">=</span> <span class="hl kwb">$kind2pam_kind</span><span class="hl opt">{</span><span class="hl kwb">$kind</span><span class="hl opt">}</span> <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">"kind2pam_kind does not know</span> <span class="hl ipl">$kind</span><span class="hl str">"</span><span class="hl opt">);</span>
<span class="hl kwb">$pam_modules</span> <span class="hl opt">||= [];</span>
set_pam_authentication<span class="hl opt">(</span><span class="hl kwb">$pam_modules, $authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">});</span>
<span class="hl kwc">my</span> <span class="hl kwb">$nsswitch</span> <span class="hl opt">=</span> <span class="hl kwb">$kind2nsswitch</span><span class="hl opt">{</span><span class="hl kwb">$kind</span><span class="hl opt">}</span> <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">"kind2nsswitch does not know</span> <span class="hl ipl">$kind</span><span class="hl str">"</span><span class="hl opt">);</span>
<span class="hl kwb">$nsswitch</span> <span class="hl opt">||= [];</span>
set_nsswitch_priority<span class="hl opt">(</span><span class="hl kwb">$nsswitch, $authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">});</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'local'</span><span class="hl opt">) {</span>
output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str"><<EOF);</span>
<span class="hl str">auth=Local File </span>
<span class="hl str">server=none </span>
<span class="hl str">realm=none</span>
<span class="hl str">EOF</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'SmartCard'</span><span class="hl opt">) {</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'LDAP'</span><span class="hl opt">) {</span>
configure_nss_ldap<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str"><<EOF);</span>
<span class="hl str">auth=LDAP Directory</span>
<span class="hl str">server=</span><span class="hl ipl">$authentication</span><span class="hl str">->{LDAP_server}</span>
<span class="hl str">realm=</span><span class="hl ipl">$authentication</span><span class="hl str">->{LDAPDOMAIN}</span>
<span class="hl str">EOF</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>ccreds<span class="hl opt">}) {</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'/usr/sbin/nss_updatedb.cron'</span><span class="hl opt">);</span> <span class="hl slc"># updates offline cache.</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'KRB5'</span><span class="hl opt">) {</span>
configure_krb5_for_AD<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
configure_nss_ldap<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str"><<EOF);</span>
<span class="hl str">auth=Kerberos 5</span>
<span class="hl str">server=</span><span class="hl ipl">$authentication</span><span class="hl str">->{AD_server}</span>
<span class="hl str">realm=</span><span class="hl ipl">$authentication</span><span class="hl str">->{AD_domain}</span>
<span class="hl str">EOF</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'NIS'</span><span class="hl opt">) {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwb">$net</span><span class="hl opt">->{</span>network<span class="hl opt">}{</span>NISDOMAIN<span class="hl opt">};</span>
<span class="hl kwc">my</span> <span class="hl kwb">$NIS_server</span> <span class="hl opt">=</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>NIS_server<span class="hl opt">};</span>
<span class="hl kwb">$domain</span> <span class="hl opt">||</span> <span class="hl kwb">$NIS_server</span> <span class="hl kwc">ne</span> <span class="hl str">"broadcast"</span> <span class="hl kwc">or die</span> N<span class="hl opt">(</span><span class="hl str">"Cannot use broadcast with no NIS domain"</span><span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">$t</span> <span class="hl opt">=</span> <span class="hl kwb">$domain</span> ?
<span class="hl opt">(</span><span class="hl kwb">$NIS_server</span> <span class="hl kwc">eq</span> <span class="hl str">'broadcast'</span> ?
<span class="hl str">"domain</span> <span class="hl ipl">$domain</span> <span class="hl str">broadcast"</span> <span class="hl opt">:</span>
<span class="hl str">"domain</span> <span class="hl ipl">$domain</span> <span class="hl str">server</span> <span class="hl ipl">$NIS_server</span><span class="hl str">"</span><span class="hl opt">) :</span>
<span class="hl str">"server</span> <span class="hl ipl">$NIS_server</span><span class="hl str">"</span><span class="hl opt">;</span>
substInFile <span class="hl opt">{</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwd">/^#/</span><span class="hl opt">) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">''</span> <span class="hl kwa">if</span> <span class="hl kwd">/^#\Q[PREVIOUS]/</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">"#[PREVIOUS]</span> <span class="hl ipl">$_</span><span class="hl str">"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl str">"</span><span class="hl ipl">$t\n</span><span class="hl str">"</span> <span class="hl kwa">if</span> <span class="hl kwc">eof</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl str">"$::prefix/etc/yp.conf"</span><span class="hl opt">;</span>
<span class="hl slc">#- no need to modify system-auth for nis</span>
<span class="hl kwb">$when_network_is_up</span><span class="hl opt">->(</span><span class="hl kwa">sub</span> <span class="hl opt">{</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'nisdomainname'</span><span class="hl opt">,</span> <span class="hl kwb">$domain</span><span class="hl opt">);</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'service'</span><span class="hl opt">,</span> <span class="hl str">'ypbind'</span><span class="hl opt">,</span> <span class="hl str">'restart'</span><span class="hl opt">);</span>
<span class="hl opt">});</span>
output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str"><<EOF);</span>
<span class="hl str">auth=</span><span class="hl ipl">$kind</span>
<span class="hl str">server=</span><span class="hl ipl">$NIS_server</span>
<span class="hl str">realm=</span><span class="hl ipl">$domain</span>
<span class="hl str">EOF</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">'winbind'</span><span class="hl opt">) {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwc">uc</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>WINDOMAIN<span class="hl opt">};</span>
<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winuser<span class="hl opt">},</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winpass<span class="hl opt">}) =</span> auth<span class="hl opt">();</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>model<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">"Windows NT4 Domain"</span><span class="hl opt">) {</span>
<span class="hl kwa">require</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">;</span>
fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">::</span>write_smb_conf<span class="hl opt">(</span><span class="hl kwb">$domain</span><span class="hl opt">);</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">"chkconfig"</span><span class="hl opt">,</span> <span class="hl str">"--level"</span><span class="hl opt">,</span> <span class="hl str">"35"</span><span class="hl opt">,</span> <span class="hl str">"winbind"</span><span class="hl opt">,</span> <span class="hl str">"on"</span><span class="hl opt">);</span>
mkdir_p<span class="hl opt">(</span><span class="hl str">"$::prefix/home/</span><span class="hl ipl">$domain</span><span class="hl str">"</span><span class="hl opt">);</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'service'</span><span class="hl opt">,</span> <span class="hl str">'smb'</span><span class="hl opt">,</span> <span class="hl str">'restart'</span><span class="hl opt">);</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'service'</span><span class="hl opt">,</span> <span class="hl str">'winbind'</span><span class="hl opt">,</span> <span class="hl str">'restart'</span><span class="hl opt">);</span>
<span class="hl slc">#- defer running smbpassword until the network is up</span>
<span class="hl kwb">$when_network_is_up</span><span class="hl opt">->(</span><span class="hl kwa">sub</span> <span class="hl opt">{</span>
run_program<span class="hl opt">::</span>raw<span class="hl opt">({</span> root <span class="hl opt">=> $::</span>prefix<span class="hl opt">,</span> sensitive_arguments <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl slc">#'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass});</span>
<span class="hl str">'echo'</span><span class="hl opt">,</span> <span class="hl str">'"'</span><span class="hl opt">,</span> <span class="hl str">'net'</span><span class="hl opt">,</span> <span class="hl str">'join'</span><span class="hl opt">,</span> <span class="hl kwb">$domain,</span> <span class="hl str">'-U'</span><span class="hl opt">,</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winuser<span class="hl opt">} .</span> <span class="hl str">'%'</span> <span class="hl opt">.</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winpass<span class="hl opt">},</span> <span class="hl str">'"'</span><span class="hl opt">);</span>
<span class="hl opt">});</span>
output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str"><<EOF);</span>
<span class="hl str">auth=Windows NT4 Domain</span>
<span class="hl str">server= none </span>
<span class="hl str">realm=</span><span class="hl ipl">$domain</span>
<span class="hl str">EOF</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl slc"># FIXME: the DC isn't named ads.domain... try to do reserve lookup?</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_server<span class="hl opt">} ||=</span> <span class="hl str">'ads.'</span> <span class="hl opt">.</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_domain<span class="hl opt">};</span>
<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwc">uc</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>WINDOMAIN<span class="hl opt">};</span>
<span class="hl kwc">my</span> <span class="hl kwb">$realm</span> <span class="hl opt">=</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_domain<span class="hl opt">};</span>
<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winuser<span class="hl opt">},</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winpass<span class="hl opt">}) =</span> auth<span class="hl opt">();</span>
configure_krb5_for_AD<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
<span class="hl kwa">require</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">;</span>
fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">::</span>write_smb_ads_conf<span class="hl opt">(</span><span class="hl kwb">$domain,$realm</span><span class="hl opt">);</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">"chkconfig"</span><span class="hl opt">,</span> <span class="hl str">"--level"</span><span class="hl opt">,</span> <span class="hl str">"35"</span><span class="hl opt">,</span> <span class="hl str">"winbind"</span><span class="hl opt">,</span> <span class="hl str">"on"</span><span class="hl opt">);</span>
mkdir_p<span class="hl opt">(</span><span class="hl str">"$::prefix/home/</span><span class="hl ipl">$domain</span><span class="hl str">"</span><span class="hl opt">);</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'net'</span><span class="hl opt">,</span> <span class="hl str">'time'</span><span class="hl opt">,</span> <span class="hl str">'set'</span><span class="hl opt">,</span> <span class="hl str">'-S'</span><span class="hl opt">,</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_server<span class="hl opt">});</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'service'</span><span class="hl opt">,</span> <span class="hl str">'smb'</span><span class="hl opt">,</span> <span class="hl str">'restart'</span><span class="hl opt">);</span>
<span class="hl kwb">$when_network_is_up</span><span class="hl opt">->(</span><span class="hl kwa">sub</span> <span class="hl opt">{</span>
run_program<span class="hl opt">::</span>raw<span class="hl opt">({</span> root <span class="hl opt">=> $::</span>prefix<span class="hl opt">,</span> sensitive_arguments <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl str">'net'</span><span class="hl opt">,</span> <span class="hl str">'ads'</span><span class="hl opt">,</span> <span class="hl str">'join'</span><span class="hl opt">,</span> <span class="hl str">'-U'</span><span class="hl opt">,</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winuser<span class="hl opt">} .</span> <span class="hl str">'%'</span> <span class="hl opt">.</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winpass<span class="hl opt">});</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'service'</span><span class="hl opt">,</span> <span class="hl str">'winbind'</span><span class="hl opt">,</span> <span class="hl str">'restart'</span><span class="hl opt">);</span>
<span class="hl opt">});</span>
<span class="hl slc">#FIXME: perhaps save the defaults values ?</span>
output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str"><<EOF);</span>
<span class="hl str">auth=Windows Active Directory Domain</span>
<span class="hl str">server= none</span>
<span class="hl str">realm=</span><span class="hl ipl">$realm</span>
<span class="hl str">EOF</span>
<span class="hl opt">} }</span>
<span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_modules<span class="hl opt">() {</span>
<span class="hl str">'pam_ldap'</span><span class="hl opt">,</span> <span class="hl str">'pam_castella'</span><span class="hl opt">,</span> <span class="hl str">'pam_winbind'</span><span class="hl opt">,</span> <span class="hl str">'pam_krb5'</span><span class="hl opt">,</span> <span class="hl str">'pam_mkhomedir'</span><span class="hl opt">,</span> <span class="hl str">'pam_ccreds'</span><span class="hl opt">,</span> <span class="hl str">'pam_deny'</span> <span class="hl opt">,</span> <span class="hl str">'pam_permit'</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_module_from_path <span class="hl opt">{</span>
<span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">] &&</span> <span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">] =~</span> m<span class="hl opt">|(</span><span class="hl kwd">/lib/s</span>ecurity<span class="hl opt">/)</span>?<span class="hl opt">(</span>pam_<span class="hl opt">.*)</span>\<span class="hl opt">.</span>so<span class="hl opt">| &&</span> <span class="hl kwb">$2</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_module_to_path <span class="hl opt">{</span>
<span class="hl str">"</span><span class="hl ipl">$_</span><span class="hl str">[0].so"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_format_line <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $control, $module, @para</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">sprintf</span><span class="hl opt">(</span><span class="hl str">"%-11s %-13s</span> <span class="hl ipl">%s\n</span><span class="hl str">"</span><span class="hl opt">,</span> <span class="hl kwb">$type, $control,</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">' '</span><span class="hl opt">,</span> pam_module_to_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">),</span> <span class="hl kwb">@para</span><span class="hl opt">));</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> get_raw_pam_authentication<span class="hl opt">() {</span>
<span class="hl kwc">my</span> <span class="hl kwb">%before_deny</span><span class="hl opt">;</span>
<span class="hl kwa">foreach</span> <span class="hl opt">(</span>cat_<span class="hl opt">(</span><span class="hl str">"$::prefix/etc/pam.d/system-auth"</span><span class="hl opt">)) {</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $_control, $other</span><span class="hl opt">) =</span> <span class="hl kwd">/(\S+)\s+(\[.*?\]|\S+)\s+(.*)/</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$module, @para</span><span class="hl opt">) =</span> <span class="hl kwc">split</span><span class="hl opt">(</span><span class="hl str">' '</span><span class="hl opt">,</span> <span class="hl kwb">$other</span><span class="hl opt">);</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl opt">=</span> pam_module_from_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">)) {</span>
<span class="hl kwb">$before_deny</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}{</span><span class="hl kwb">$module</span><span class="hl opt">} =</span> \<span class="hl kwb">@para</span> <span class="hl kwa">if</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> pam_modules<span class="hl opt">());</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
\<span class="hl kwb">%before_deny</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> get_pam_authentication_kinds<span class="hl opt">() {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$before_deny</span> <span class="hl opt">=</span> get_raw_pam_authentication<span class="hl opt">();</span>
<span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwd">s/pam_//</span><span class="hl opt">;</span> <span class="hl kwb">$_</span> <span class="hl opt">}</span> <span class="hl kwc">keys</span> <span class="hl opt">%{</span><span class="hl kwb">$before_deny</span><span class="hl opt">->{</span>auth<span class="hl opt">}};</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> sufficient <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$ccreds, $module, $type</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwb">$ccreds</span> <span class="hl opt">&&</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">'pam_tcb'</span> <span class="hl opt">,</span> <span class="hl str">'pam_winbind'</span><span class="hl opt">)</span> ?
<span class="hl str">'sufficient'</span> <span class="hl opt">:</span>
<span class="hl kwb">$ccreds</span> <span class="hl opt">&&</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">'pam_ldap'</span><span class="hl opt">,</span> <span class="hl str">'pam_krb5'</span><span class="hl opt">) &&</span> <span class="hl kwb">$type</span> <span class="hl kwc">eq</span> <span class="hl str">'account'</span> ?
<span class="hl str">'[authinfo_unavail=ignore default=done]'</span> <span class="hl opt">:</span>
<span class="hl kwb">$ccreds</span> <span class="hl opt">&&</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">'pam_ldap'</span><span class="hl opt">,</span> <span class="hl str">'pam_krb5'</span><span class="hl opt">) &&</span> <span class="hl kwb">$type</span> <span class="hl kwc">eq</span> <span class="hl str">'password'</span> ?
<span class="hl str">'sufficient'</span> <span class="hl opt">:</span>
<span class="hl kwb">$ccreds</span> <span class="hl opt">&&</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">'pam_ldap'</span><span class="hl opt">,</span> <span class="hl str">'pam_krb5'</span><span class="hl opt">)</span> ?
<span class="hl str">'[authinfo_unavail=ignore user_unknown=ignore success=1 default=2]'</span> <span class="hl opt">:</span>
<span class="hl str">'sufficient'</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_sufficient_line <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$ccreds, $type, $module, @para</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$control</span> <span class="hl opt">=</span> sufficient<span class="hl opt">(</span><span class="hl kwb">$ccreds, $module, $type</span><span class="hl opt">);</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl kwc">eq</span> <span class="hl str">'pam_winbind'</span><span class="hl opt">) {</span>
<span class="hl kwc">push</span> <span class="hl kwb">@para,</span> <span class="hl str">'cached_login'</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
pam_format_line<span class="hl opt">(</span><span class="hl kwb">$type, $control, $module, @para</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> set_pam_authentication <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication_kinds, $o_ccreds</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">%special</span> <span class="hl opt">= (</span>
auth <span class="hl opt">=> [</span> difference2<span class="hl opt">(</span><span class="hl kwb">$authentication_kinds,,</span> <span class="hl opt">[</span> <span class="hl str">'mount'</span> <span class="hl opt">]) ],</span>
account <span class="hl opt">=> [</span> difference2<span class="hl opt">(</span><span class="hl kwb">$authentication_kinds,</span> <span class="hl opt">[</span> <span class="hl str">'castella'</span><span class="hl opt">,</span> <span class="hl str">'mount'</span><span class="hl opt">,</span> <span class="hl str">'ccreds'</span> <span class="hl opt">]) ],</span>
password <span class="hl opt">=> [</span> intersection<span class="hl opt">(</span><span class="hl kwb">$authentication_kinds,</span> <span class="hl opt">[</span> <span class="hl str">'ldap'</span><span class="hl opt">,</span> <span class="hl str">'krb5'</span><span class="hl opt">,</span> <span class="hl str">'ccreds'</span> <span class="hl opt">]) ],</span>
<span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">%before_first</span> <span class="hl opt">= (</span>
auth <span class="hl opt">=></span> member<span class="hl opt">(</span><span class="hl str">'mount'</span><span class="hl opt">,</span> <span class="hl kwb">@$authentication_kinds</span><span class="hl opt">)</span> ? pam_format_line<span class="hl opt">(</span><span class="hl str">'auth'</span><span class="hl opt">,</span> <span class="hl str">'required'</span><span class="hl opt">,</span> <span class="hl str">'pam_mount'</span><span class="hl opt">) :</span> <span class="hl str">''</span><span class="hl opt">,</span>
session <span class="hl opt">=></span>
intersection<span class="hl opt">(</span><span class="hl kwb">$authentication_kinds,</span> <span class="hl opt">[</span> <span class="hl str">'winbind'</span><span class="hl opt">,</span> <span class="hl str">'krb5'</span><span class="hl opt">,</span> <span class="hl str">'ldap'</span> <span class="hl opt">])</span>
? pam_format_line<span class="hl opt">(</span><span class="hl str">'session'</span><span class="hl opt">,</span> <span class="hl str">'optional'</span><span class="hl opt">,</span> <span class="hl str">'pam_mkhomedir'</span><span class="hl opt">,</span> <span class="hl str">'skel=/etc/skel/'</span><span class="hl opt">,</span> <span class="hl str">'umask=0022'</span><span class="hl opt">) :</span>
member<span class="hl opt">(</span><span class="hl str">'castella'</span><span class="hl opt">,</span> <span class="hl kwb">@$authentication_kinds</span><span class="hl opt">)</span>
? pam_format_line<span class="hl opt">(</span><span class="hl str">'session'</span><span class="hl opt">,</span> <span class="hl str">'optional'</span><span class="hl opt">,</span> <span class="hl str">'pam_castella'</span><span class="hl opt">) :</span> <span class="hl str">''</span><span class="hl opt">,</span>
<span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl kwb">%after_deny</span> <span class="hl opt">= (</span>
session <span class="hl opt">=></span>
member<span class="hl opt">(</span><span class="hl str">'krb5'</span><span class="hl opt">,</span> <span class="hl kwb">@$authentication_kinds</span><span class="hl opt">)</span>
? pam_format_line<span class="hl opt">(</span><span class="hl str">'session'</span><span class="hl opt">,</span> <span class="hl str">'optional'</span><span class="hl opt">,</span> <span class="hl str">'pam_krb5'</span><span class="hl opt">) :</span>
member<span class="hl opt">(</span><span class="hl str">'mount'</span><span class="hl opt">,</span> <span class="hl kwb">@$authentication_kinds</span><span class="hl opt">)</span>
? pam_format_line<span class="hl opt">(</span><span class="hl str">'session'</span><span class="hl opt">,</span> <span class="hl str">'optional'</span><span class="hl opt">,</span> <span class="hl str">'pam_mount'</span><span class="hl opt">) :</span> <span class="hl str">''</span><span class="hl opt">,</span>
<span class="hl opt">);</span>
substInFile <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $control, $other</span><span class="hl opt">) =</span> <span class="hl kwd">/(\S+)\s+(\[.*?\]|\S+)\s+(.*)/</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$module, @para</span><span class="hl opt">) =</span> <span class="hl kwc">split</span><span class="hl opt">(</span><span class="hl str">' '</span><span class="hl opt">,</span> <span class="hl kwb">$other</span><span class="hl opt">);</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl opt">=</span> pam_module_from_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">)) {</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span>member<span class="hl opt">(</span><span class="hl kwb">$module,</span> pam_modules<span class="hl opt">())) {</span>
<span class="hl slc">#- first removing previous config</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">''</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl kwc">eq</span> <span class="hl str">'pam_tcb'</span> <span class="hl opt">&&</span> <span class="hl kwb">$special</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}) {</span>
<span class="hl kwc">my</span> <span class="hl kwb">@para_for_last</span> <span class="hl opt">=</span>
member<span class="hl opt">(</span><span class="hl kwb">$type,</span> <span class="hl str">'auth'</span><span class="hl opt">,</span> <span class="hl str">'account'</span><span class="hl opt">)</span> ? <span class="hl str">qw(use_first_pass)</span> <span class="hl opt">: @{[]};</span>
<span class="hl kwb">@para</span> <span class="hl opt">=</span> difference2<span class="hl opt">(</span>\<span class="hl kwb">@para,</span> \<span class="hl kwb">@para_for_last</span><span class="hl opt">);</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$before_noask, $ask</span><span class="hl opt">) =</span> partition <span class="hl opt">{</span> <span class="hl kwb">$_</span> <span class="hl kwc">eq</span> <span class="hl str">'castella'</span> <span class="hl opt">} @{</span><span class="hl kwb">$special</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}};</span>
<span class="hl kwa">if</span> <span class="hl opt">(!</span><span class="hl kwb">@$ask</span><span class="hl opt">) {</span>
<span class="hl kwb">@para_for_last</span> <span class="hl opt">=</span> <span class="hl kwc">grep</span> <span class="hl opt">{</span> <span class="hl kwb">$_</span> <span class="hl kwc">ne</span> <span class="hl str">'use_first_pass'</span> <span class="hl opt">}</span> <span class="hl kwb">@para_for_last</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwc">my</span> <span class="hl kwb">@l</span> <span class="hl opt">= ((</span><span class="hl kwc">map</span> <span class="hl opt">{ [</span> <span class="hl str">"pam_</span><span class="hl ipl">$_</span><span class="hl str">"</span> <span class="hl opt">] }</span> <span class="hl kwb">@$before_noask</span><span class="hl opt">),</span>
<span class="hl opt">[</span> <span class="hl str">'pam_tcb'</span><span class="hl opt">,</span> <span class="hl kwb">@para</span> <span class="hl opt">],</span>
<span class="hl opt">(</span><span class="hl kwc">map</span> <span class="hl opt">{ [</span> <span class="hl str">"pam_</span><span class="hl ipl">$_</span><span class="hl str">"</span> <span class="hl opt">] }</span> <span class="hl kwb">@$ask</span><span class="hl opt">),</span>
<span class="hl opt">);</span>
<span class="hl kwc">push</span> <span class="hl opt">@{</span><span class="hl kwb">$l</span><span class="hl opt">[-</span><span class="hl num">1</span><span class="hl opt">]},</span> <span class="hl kwb">@para_for_last</span><span class="hl opt">;</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> pam_sufficient_line<span class="hl opt">(</span><span class="hl kwb">$o_ccreds, $type, @$_</span><span class="hl opt">) }</span> <span class="hl kwb">@l</span><span class="hl opt">);</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$control</span> <span class="hl kwc">eq</span> <span class="hl str">'required'</span><span class="hl opt">) {</span>
<span class="hl slc">#- ensure a pam_deny line is there. it will be added below</span>
<span class="hl opt">(</span><span class="hl kwb">$module, @para</span><span class="hl opt">) = (</span><span class="hl str">'pam_deny'</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$type</span> <span class="hl kwc">eq</span> <span class="hl str">'auth'</span> <span class="hl opt">&&</span> <span class="hl kwb">$o_ccreds</span><span class="hl opt">) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pam_format_line<span class="hl opt">(</span><span class="hl str">'auth'</span><span class="hl opt">,</span> <span class="hl str">'[default=done]'</span><span class="hl opt">,</span> <span class="hl str">'pam_ccreds'</span><span class="hl opt">,</span> <span class="hl str">'action=validate use_first_pass'</span><span class="hl opt">);</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pam_format_line<span class="hl opt">(</span><span class="hl str">'auth'</span><span class="hl opt">,</span> <span class="hl str">'[default=done]'</span><span class="hl opt">,</span> <span class="hl str">'pam_ccreds'</span><span class="hl opt">,</span> <span class="hl str">'action=store'</span><span class="hl opt">);</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pam_format_line<span class="hl opt">(</span><span class="hl str">'auth'</span><span class="hl opt">,</span> <span class="hl str">'[default=bad]'</span><span class="hl opt">,</span> <span class="hl str">'pam_ccreds'</span><span class="hl opt">,</span> <span class="hl str">'action=update'</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span>member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">'pam_deny'</span><span class="hl opt">,</span> <span class="hl str">'pam_permit'</span><span class="hl opt">)) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pam_format_line<span class="hl opt">(</span><span class="hl kwb">$type, $control,</span>
<span class="hl kwb">$type</span> <span class="hl kwc">eq</span> <span class="hl str">'account'</span> <span class="hl opt">&&</span> <span class="hl kwb">$o_ccreds</span> ? <span class="hl str">'pam_permit'</span> <span class="hl opt">:</span> <span class="hl str">'pam_deny'</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$s</span> <span class="hl opt">=</span> <span class="hl kwc">delete</span> <span class="hl kwb">$before_first</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$s</span> <span class="hl opt">.</span> <span class="hl kwb">$_</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$control</span> <span class="hl kwc">eq</span> <span class="hl str">'required'</span> <span class="hl opt">&&</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">'pam_deny'</span><span class="hl opt">,</span> <span class="hl str">'pam_permit'</span><span class="hl opt">,</span> <span class="hl str">'pam_tcb'</span><span class="hl opt">)) {</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$s</span> <span class="hl opt">=</span> <span class="hl kwc">delete</span> <span class="hl kwb">$after_deny</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span> <span class="hl str">"$::prefix/etc/pam.d/system-auth"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> set_nsswitch_priority <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$kinds, $connected</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">@known</span> <span class="hl opt">=</span> <span class="hl str">qw(nis ldap winbind compat)</span><span class="hl opt">;</span>
substInFile <span class="hl opt">{</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$database, $l</span><span class="hl opt">) =</span> <span class="hl kwd">/^(\s*(?:passwd|shadow|group|automount):\s*)(.*)/</span><span class="hl opt">) {</span>
<span class="hl kwc">my</span> <span class="hl kwb">@l</span> <span class="hl opt">=</span> difference2<span class="hl opt">([</span> <span class="hl kwc">split</span><span class="hl opt">(</span><span class="hl str">' '</span><span class="hl opt">,</span> <span class="hl kwb">$l</span><span class="hl opt">) ],</span> \<span class="hl kwb">@known</span><span class="hl opt">);</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$database</span> <span class="hl opt">.</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">' '</span><span class="hl opt">,</span> uniq<span class="hl opt">(</span><span class="hl str">'files'</span><span class="hl opt">,</span> <span class="hl kwb">@$kinds, @l</span><span class="hl opt">)) .</span> <span class="hl str">"</span><span class="hl esc">\n</span><span class="hl str">"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwd">/^\s*(?:passwd|group):/</span><span class="hl opt">) {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$option</span> <span class="hl opt">=</span> <span class="hl str">'[NOTFOUND=return] db'</span><span class="hl opt">;</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$connected</span><span class="hl opt">) {</span>
<span class="hl kwd">s/$/ $option/</span> <span class="hl kwa">if</span> <span class="hl opt">!</span><span class="hl kwd">/\Q$option/</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl kwd">s/\s*\Q$option//</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span> <span class="hl str">"$::prefix/etc/nsswitch.conf"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> read_yp_conf<span class="hl opt">() {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$yp_conf</span> <span class="hl opt">=</span> cat_<span class="hl opt">(</span><span class="hl str">"$::prefix/etc/yp.conf"</span><span class="hl opt">);</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$yp_conf</span> <span class="hl opt">=~</span> <span class="hl kwd">/^domain\s+(\S+)\s+(\S+)\s*(.*)/m</span><span class="hl opt">) {</span>
<span class="hl opt">{</span> domain <span class="hl opt">=></span> <span class="hl kwb">$1,</span> server <span class="hl opt">=></span> <span class="hl kwb">$2</span> <span class="hl kwc">eq</span> <span class="hl str">'broadcast'</span> ? <span class="hl str">'broadcast'</span> <span class="hl opt">:</span> <span class="hl kwb">$3</span> <span class="hl opt">};</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$yp_conf</span> <span class="hl opt">=~</span> <span class="hl kwd">/^server\s+(.*)/m</span><span class="hl opt">) {</span>
<span class="hl opt">{</span> server <span class="hl opt">=></span> <span class="hl kwb">$1</span> <span class="hl opt">};</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl kwc">undef</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwc">my</span> <span class="hl kwb">$special_ldap_cmds</span> <span class="hl opt">=</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">'|'</span><span class="hl opt">,</span> <span class="hl str">'nss_map_attribute'</span><span class="hl opt">,</span> <span class="hl str">'nss_map_objectclass'</span><span class="hl opt">);</span>
<span class="hl kwa">sub</span> _after_read_ldap_line <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$s</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwb">$s</span> <span class="hl opt">=~</span> <span class="hl kwd">s/\b($special_ldap_cmds)\s*/$1 . '_'/e</span><span class="hl opt">;</span>
<span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> _pre_write_ldap_line <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$s</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwb">$s</span> <span class="hl opt">=~</span> <span class="hl kwd">s/\b($special_ldap_cmds)_/$1 . ' '/e</span><span class="hl opt">;</span>
<span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> read_ldap_conf<span class="hl opt">() {</span>
<span class="hl kwc">my</span> <span class="hl kwb">%conf</span> <span class="hl opt">=</span> <span class="hl kwc">map</span> <span class="hl opt">{</span>
<span class="hl kwd">s/^\s*#.*//</span><span class="hl opt">;</span>
if_<span class="hl opt">(</span>_after_read_ldap_line<span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">) =~</span> <span class="hl kwd">/(\S+)\s+(.*)/</span><span class="hl opt">,</span> <span class="hl kwb">$1</span> <span class="hl opt">=></span> <span class="hl kwb">$2</span><span class="hl opt">);</span>
<span class="hl opt">}</span> cat_<span class="hl opt">(</span><span class="hl str">"$::prefix/etc/ldap.conf"</span><span class="hl opt">);</span>
\<span class="hl kwb">%conf</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> update_ldap_conf <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">%conf</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
substInFile <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$cmd</span><span class="hl opt">) =</span> _after_read_ldap_line<span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">) =~</span> <span class="hl kwd">/^\s*#?\s*(\w+)\s/</span><span class="hl opt">;</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$cmd</span> <span class="hl opt">&&</span> <span class="hl kwc">exists</span> <span class="hl kwb">$conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">}) {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl kwb">$conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">};</span>
<span class="hl kwb">$conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">} =</span> <span class="hl str">''</span><span class="hl opt">;</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$val</span> ? _pre_write_ldap_line<span class="hl opt">(</span><span class="hl str">"</span><span class="hl ipl">$cmd</span> <span class="hl str"></span><span class="hl ipl">$val\n</span><span class="hl str">"</span><span class="hl opt">) :</span> <span class="hl kwd">/^\s*#/</span> ? <span class="hl kwb">$_</span> <span class="hl opt">:</span> <span class="hl str">"#</span><span class="hl ipl">$_</span><span class="hl str">"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">eof</span><span class="hl opt">) {</span>
<span class="hl kwa">foreach</span> <span class="hl kwc">my</span> <span class="hl kwb">$cmd</span> <span class="hl opt">(</span><span class="hl kwc">keys</span> <span class="hl kwb">%conf</span><span class="hl opt">) {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl kwb">$conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">}</span> <span class="hl kwc">or</span> <span class="hl kwa">next</span><span class="hl opt">;</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> _pre_write_ldap_line<span class="hl opt">(</span><span class="hl str">"</span><span class="hl ipl">$cmd</span> <span class="hl str"></span><span class="hl ipl">$val\n</span><span class="hl str">"</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span> <span class="hl str">"$::prefix/etc/ldap.conf"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> configure_krb5_for_AD <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$uc_domain</span> <span class="hl opt">=</span> <span class="hl kwc">uc</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_domain<span class="hl opt">};</span>
<span class="hl kwc">my</span> <span class="hl kwb">$krb5_conf_file</span> <span class="hl opt">=</span> <span class="hl str">"$::prefix/etc/krb5.conf"</span><span class="hl opt">;</span>
krb5_conf_update<span class="hl opt">(</span><span class="hl kwb">$krb5_conf_file,</span>
libdefaults <span class="hl opt">=> (</span>
default_realm <span class="hl opt">=></span> <span class="hl kwb">$uc_domain,</span>
dns_lookup_realm <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>KRB_dns_lookup<span class="hl opt">}</span> ? <span class="hl str">'true'</span> <span class="hl opt">:</span> <span class="hl str">'false'</span><span class="hl opt">,</span>
dns_lookup_kdc <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>KRB_host_lookup<span class="hl opt">}</span> ? <span class="hl str">'true'</span> <span class="hl opt">:</span> <span class="hl str">'false'</span><span class="hl opt">,</span>
default_tgs_enctypes <span class="hl opt">=></span> <span class="hl kwc">undef</span><span class="hl opt">,</span>
default_tkt_enctypes <span class="hl opt">=></span> <span class="hl kwc">undef</span><span class="hl opt">,</span>
permitted_enctypes <span class="hl opt">=></span> <span class="hl kwc">undef</span><span class="hl opt">,</span>
<span class="hl opt">));</span>
<span class="hl kwc">my</span> <span class="hl kwb">@sections</span> <span class="hl opt">= (</span>
realms <span class="hl opt">=></span> <span class="hl str"><<EOF,</span>
<span class="hl str"></span> <span class="hl ipl">$uc_domain</span> <span class="hl str">= {</span>
<span class="hl str"> kdc =</span> <span class="hl ipl">$authentication</span><span class="hl str">->{AD_server}:88</span>
<span class="hl str"> admin_server =</span> <span class="hl ipl">$authentication</span><span class="hl str">->{AD_server}:749</span>
<span class="hl str"> default_domain =</span> <span class="hl ipl">$authentication</span><span class="hl str">->{DNS_domain}</span>
<span class="hl str"> }</span>
<span class="hl str">EOF</span>
domain_realm <span class="hl opt">=></span> <span class="hl str"><<EOF,</span>
<span class="hl str"> .</span><span class="hl ipl">$authentication</span><span class="hl str">->{DNS_domain} =</span> <span class="hl ipl">$uc_domain</span>
<span class="hl str"></span> <span class="hl ipl">$authentication</span><span class="hl str">->{DNS_domain} =</span> <span class="hl ipl">$uc_domain</span>
<span class="hl str">EOF</span>
kdc <span class="hl opt">=></span> <span class="hl str"><<'EOF',</span>
<span class="hl str"> profile = /etc/kerberos/krb5kdc/kdc.conf</span>
<span class="hl str">EOF</span>
pam <span class="hl opt">=></span> <span class="hl str"><<'EOF',</span>
<span class="hl str"> debug = false</span>
<span class="hl str"> ticket_lifetime = 36000</span>
<span class="hl str"> renew_lifetime = 36000</span>
<span class="hl str"> forwardable = true</span>
<span class="hl str"> krb4_convert = false</span>
<span class="hl str">EOF</span>
login <span class="hl opt">=></span> <span class="hl str"><<'EOF',</span>
<span class="hl str"> krb4_convert = false</span>
<span class="hl str"> krb4_get_tickets = false</span>
<span class="hl str">EOF</span>
<span class="hl opt">);</span>
<span class="hl kwa">foreach</span> <span class="hl opt">(</span>group_by2<span class="hl opt">(</span><span class="hl kwb">@sections</span><span class="hl opt">)) {</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$section, $txt</span><span class="hl opt">) =</span> <span class="hl kwb">@$_</span><span class="hl opt">;</span>
krb5_conf_overwrite_category<span class="hl opt">(</span><span class="hl kwb">$krb5_conf_file, $section</span> <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>AD_server<span class="hl opt">}</span> ? <span class="hl kwb">$txt</span> <span class="hl opt">:</span> <span class="hl str">''</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> krb5_conf_overwrite_category <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$file, $category, $new_val</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$done</span><span class="hl opt">;</span>
substInFile <span class="hl opt">{</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$i</span> <span class="hl opt">=</span> <span class="hl kwd">/^\s*\[\Q$category\E\]/i</span> <span class="hl opt">...</span> <span class="hl kwd">/^\[/</span><span class="hl opt">) {</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$new_val</span><span class="hl opt">) {</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$i</span> <span class="hl opt">==</span> <span class="hl num">1</span><span class="hl opt">) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl kwb">$new_val</span><span class="hl opt">;</span>
<span class="hl kwb">$done</span> <span class="hl opt">=</span> <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$i</span> <span class="hl opt">=~</span> <span class="hl kwd">/E/</span><span class="hl opt">) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">"</span><span class="hl esc">\n</span><span class="hl str"></span><span class="hl ipl">$_</span><span class="hl str">"</span><span class="hl opt">;</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">''</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">''</span> <span class="hl kwa">if</span> <span class="hl kwb">$i</span> <span class="hl opt">!~</span> <span class="hl kwd">/E/</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl slc">#- if category has not been found above.</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">eof</span> <span class="hl opt">&&</span> <span class="hl kwb">$new_val</span> <span class="hl opt">&& !</span><span class="hl kwb">$done</span><span class="hl opt">) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl str">"</span><span class="hl esc">\n</span><span class="hl str">[</span><span class="hl ipl">$category</span><span class="hl str">]</span><span class="hl esc">\n</span><span class="hl str"></span><span class="hl ipl">$new_val</span><span class="hl str">"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span> <span class="hl kwb">$file</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl slc">#- same as update_gnomekderc(), but allow spaces around "="</span>
<span class="hl kwa">sub</span> krb5_conf_update <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$file, $category, %subst_</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">%subst</span> <span class="hl opt">=</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwc">lc</span><span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">) => [</span> <span class="hl kwb">$_, $subst_</span><span class="hl opt">{</span><span class="hl kwb">$_</span><span class="hl opt">} ] }</span> <span class="hl kwc">keys</span> <span class="hl kwb">%subst_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl kwa">foreach</span> <span class="hl opt">(</span>MDK<span class="hl opt">::</span>Common<span class="hl opt">::</span>File<span class="hl opt">::</span>cat_<span class="hl opt">(</span><span class="hl kwb">$file</span><span class="hl opt">),</span> <span class="hl str">"[NOCATEGORY]</span><span class="hl esc">\n</span><span class="hl str">"</span><span class="hl opt">) {</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$i</span> <span class="hl opt">=</span> <span class="hl kwd">/^\s*\[\Q$category\E\]/i</span> <span class="hl opt">...</span> <span class="hl kwd">/^\[/</span><span class="hl opt">) {</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$i</span> <span class="hl opt">=~</span> <span class="hl kwd">/E/</span><span class="hl opt">) {</span> <span class="hl slc">#- for last line of category</span>
<span class="hl kwc">chomp</span> <span class="hl kwb">$s</span><span class="hl opt">;</span> <span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl str">"</span><span class="hl esc">\n</span><span class="hl str">"</span><span class="hl opt">;</span>
<span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl str">"</span> <span class="hl ipl">$_</span><span class="hl str">->[0] =</span> <span class="hl ipl">$_</span><span class="hl str">->[1]</span><span class="hl esc">\n</span><span class="hl str">"</span> <span class="hl kwa">foreach</span> <span class="hl kwc">grep</span> <span class="hl opt">{</span> <span class="hl kwc">defined</span><span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">->[</span><span class="hl num">1</span><span class="hl opt">]) }</span> <span class="hl kwc">values</span> <span class="hl kwb">%subst</span><span class="hl opt">;</span>
<span class="hl kwb">%subst</span> <span class="hl opt">= ();</span>
<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwd">/^\s*([^=]*?)\s*=/</span><span class="hl opt">) {</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$e</span> <span class="hl opt">=</span> <span class="hl kwc">delete</span> <span class="hl kwb">$subst</span><span class="hl opt">{</span><span class="hl kwc">lc</span><span class="hl opt">(</span><span class="hl kwb">$1</span><span class="hl opt">)}) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwc">defined</span><span class="hl opt">(</span><span class="hl kwb">$e</span><span class="hl opt">->[</span><span class="hl num">1</span><span class="hl opt">])</span> ? <span class="hl str">"</span> <span class="hl ipl">$1</span> <span class="hl str">=</span> <span class="hl ipl">$e</span><span class="hl str">->[1]</span><span class="hl esc">\n</span><span class="hl str">"</span> <span class="hl opt">:</span> <span class="hl str">''</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl kwb">$_</span> <span class="hl kwa">if</span> <span class="hl opt">!</span><span class="hl kwd">/^\Q[NOCATEGORY]/</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl slc">#- if category has not been found above.</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">keys</span> <span class="hl kwb">%subst</span><span class="hl opt">) {</span>
<span class="hl kwc">chomp</span> <span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl str">"</span><span class="hl esc">\n</span><span class="hl str">[</span><span class="hl ipl">$category</span><span class="hl str">]</span><span class="hl esc">\n</span><span class="hl str">"</span><span class="hl opt">;</span>
<span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl str">"</span> <span class="hl ipl">$_</span><span class="hl str">->[0] =</span> <span class="hl ipl">$_</span><span class="hl str">->[1]</span><span class="hl esc">\n</span><span class="hl str">"</span> <span class="hl kwa">foreach</span> <span class="hl kwc">grep</span> <span class="hl opt">{</span> <span class="hl kwc">defined</span><span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">->[</span><span class="hl num">1</span><span class="hl opt">]) }</span> <span class="hl kwc">values</span> <span class="hl kwb">%subst</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
MDK<span class="hl opt">::</span>Common<span class="hl opt">::</span>File<span class="hl opt">::</span>output<span class="hl opt">(</span><span class="hl kwb">$file, $s</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> query_srv_names <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$domain</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">eval</span> <span class="hl opt">{</span> <span class="hl kwa">require</span> Net<span class="hl opt">::</span>DNS<span class="hl opt">;</span> <span class="hl num">1</span> <span class="hl opt">}</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$res</span> <span class="hl opt">=</span> Net<span class="hl opt">::</span>DNS<span class="hl opt">::</span>Resolver-<span class="hl opt">></span><span class="hl kwd">new</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$query</span> <span class="hl opt">=</span> <span class="hl kwb">$res</span><span class="hl opt">-></span><span class="hl kwd">query</span><span class="hl opt">(</span><span class="hl str">"_ldap._tcp.</span><span class="hl ipl">$domain</span><span class="hl str">"</span><span class="hl opt">,</span> <span class="hl str">'srv'</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwb">$_</span><span class="hl opt">-></span><span class="hl kwd">target</span> <span class="hl opt">}</span> <span class="hl kwb">$query</span><span class="hl opt">-></span><span class="hl kwd">answer</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> enable_shadow<span class="hl opt">() {</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">"pwconv"</span><span class="hl opt">)</span> <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">"pwconv failed"</span><span class="hl opt">);</span>
run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">"grpconv"</span><span class="hl opt">)</span> <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">"grpconv failed"</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> salt <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$nb</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwa">require</span> devices<span class="hl opt">;</span>
<span class="hl kwc">open</span><span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$F,</span> <span class="hl str">"/dev/urandom"</span><span class="hl opt">)</span> <span class="hl kwc">or die</span> <span class="hl str">"missing urandom"</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$s</span><span class="hl opt">;</span> <span class="hl kwc">read</span> <span class="hl kwb">$F, $s, $nb</span><span class="hl opt">;</span>
<span class="hl kwb">$s</span> <span class="hl opt">=</span> <span class="hl kwc">pack</span><span class="hl opt">(</span><span class="hl str">"b8"</span> x <span class="hl kwb">$nb,</span> <span class="hl kwc">unpack</span> <span class="hl str">"b6"</span> x <span class="hl kwb">$nb, $s</span><span class="hl opt">);</span>
<span class="hl kwb">$s</span> <span class="hl opt">=~</span> tr<span class="hl opt">|</span>\<span class="hl num">0</span><span class="hl opt">-</span><span class="hl esc">\x3f</span><span class="hl opt">|</span><span class="hl num">0</span><span class="hl opt">-</span><span class="hl num">9</span>a-zA-Z<span class="hl opt">./|;</span>
<span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> user_crypted_passwd <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$u, $authentication</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">->{</span>password<span class="hl opt">}) {</span>
<span class="hl kwa">require</span> utf8<span class="hl opt">;</span>
utf8<span class="hl opt">::</span>encode<span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">->{</span>password<span class="hl opt">});</span> <span class="hl slc">#- we don't want perl to do "smart" things in crypt()</span>
<span class="hl kwc">crypt</span><span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">->{</span>password<span class="hl opt">},</span>
<span class="hl opt">!</span><span class="hl kwb">$authentication</span> <span class="hl opt">||</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>blowfish<span class="hl opt">}</span> ? <span class="hl str">'</span><span class="hl ipl">$2a$08$</span><span class="hl str">'</span> <span class="hl opt">.</span> salt<span class="hl opt">(</span><span class="hl num">60</span><span class="hl opt">) :</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>md5<span class="hl opt">}</span> ? <span class="hl str">'</span><span class="hl ipl">$1$</span><span class="hl str">'</span> <span class="hl opt">.</span> salt<span class="hl opt">(</span><span class="hl num">8</span><span class="hl opt">) :</span> salt<span class="hl opt">(</span><span class="hl num">2</span><span class="hl opt">));</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
<span class="hl kwb">$u</span><span class="hl opt">->{</span>pw<span class="hl opt">} ||</span> <span class="hl str">''</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> set_root_passwd <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$superuser, $authentication</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwb">$superuser</span><span class="hl opt">->{</span>name<span class="hl opt">} =</span> <span class="hl str">'root'</span><span class="hl opt">;</span>
write_passwd_user<span class="hl opt">(</span><span class="hl kwb">$superuser, $authentication</span><span class="hl opt">);</span>
<span class="hl kwc">delete</span> <span class="hl kwb">$superuser</span><span class="hl opt">->{</span>name<span class="hl opt">};</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> write_passwd_user <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$u, $authentication</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwb">$u</span><span class="hl opt">->{</span>pw<span class="hl opt">} =</span> user_crypted_passwd<span class="hl opt">(</span><span class="hl kwb">$u, $authentication</span><span class="hl opt">);</span>
<span class="hl kwb">$u</span><span class="hl opt">->{</span>shell<span class="hl opt">} ||=</span> <span class="hl str">'/bin/bash'</span><span class="hl opt">;</span>
substInFile <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl kwb">$l</span> <span class="hl opt">=</span> unpack_passwd<span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">);</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$l</span><span class="hl opt">->{</span>name<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl kwb">$u</span><span class="hl opt">->{</span>name<span class="hl opt">}) {</span>
add2hash_<span class="hl opt">(</span><span class="hl kwb">$u, $l</span><span class="hl opt">);</span>
<span class="hl kwb">$_</span> <span class="hl opt">=</span> pack_passwd<span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">);</span>
<span class="hl kwb">$u</span> <span class="hl opt">= {};</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">eof</span> <span class="hl opt">&&</span> <span class="hl kwb">$u</span><span class="hl opt">->{</span>name<span class="hl opt">}) {</span>
<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pack_passwd<span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span> <span class="hl str">"$::prefix/etc/passwd"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwc">my</span> <span class="hl kwb">@etc_pass_fields</span> <span class="hl opt">=</span> <span class="hl str">qw(name pw uid gid realname home shell)</span><span class="hl opt">;</span>
<span class="hl kwa">sub</span> unpack_passwd <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$l</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">%l</span><span class="hl opt">;</span> <span class="hl kwb">@l</span><span class="hl opt">{</span><span class="hl kwb">@etc_pass_fields</span><span class="hl opt">} =</span> <span class="hl kwc">split</span> <span class="hl str">':'</span><span class="hl opt">,</span> chomp_<span class="hl opt">(</span><span class="hl kwb">$l</span><span class="hl opt">);</span>
\<span class="hl kwb">%l</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pack_passwd <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$l</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">':'</span><span class="hl opt">,</span> <span class="hl kwb">@$l</span><span class="hl opt">{</span><span class="hl kwb">@etc_pass_fields</span><span class="hl opt">}) .</span> <span class="hl str">"</span><span class="hl esc">\n</span><span class="hl str">"</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> add_cafile<span class="hl opt">() {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$in</span> <span class="hl opt">=</span> interactive-<span class="hl opt">></span><span class="hl kwd">vnew</span><span class="hl opt">;</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_filename</span><span class="hl opt">({</span> title <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Select file"</span><span class="hl opt">) })</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> auth<span class="hl opt">() {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$in</span> <span class="hl opt">=</span> interactive-<span class="hl opt">></span><span class="hl kwd">vnew</span><span class="hl opt">;</span>
<span class="hl kwb">$in</span><span class="hl opt">-></span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">''</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">" "</span><span class="hl opt">), [</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Domain Windows for authentication : "</span><span class="hl opt">) .</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>WINDOMAIN<span class="hl opt">} },</span>
<span class="hl opt">{},</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Domain Admin User Name"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winuser<span class="hl opt">} },</span>
<span class="hl opt">{</span> label <span class="hl opt">=></span> N<span class="hl opt">(</span><span class="hl str">"Domain Admin Password"</span><span class="hl opt">),</span> val <span class="hl opt">=></span> \<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winpass<span class="hl opt">},</span> hidden <span class="hl opt">=></span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">]);</span>
<span class="hl kwa">return</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winuser<span class="hl opt">},</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>winpass<span class="hl opt">};</span>
<span class="hl opt">}</span>
<span class="hl kwa">require</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">;</span>
<span class="hl kwa">sub</span> list_domains<span class="hl opt">() {</span>
<span class="hl kwc">my</span> <span class="hl kwb">$smb</span> <span class="hl opt">=</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb-<span class="hl opt">></span><span class="hl kwd">new</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">%domains</span><span class="hl opt">;</span>
<span class="hl kwa">foreach</span> <span class="hl kwc">my</span> <span class="hl kwb">$server</span> <span class="hl opt">(</span><span class="hl kwb">$smb</span><span class="hl opt">-></span><span class="hl kwd">find_servers</span><span class="hl opt">) {</span>
<span class="hl kwb">$domains</span><span class="hl opt">{</span><span class="hl kwb">$server</span><span class="hl opt">->{</span>group<span class="hl opt">}} =</span> <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">return</span> <span class="hl kwc">sort keys</span> <span class="hl kwb">%domains</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> get_server_for_domain <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl kwb">$smb</span> <span class="hl opt">=</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb-<span class="hl opt">></span><span class="hl kwd">new</span><span class="hl opt">;</span>
<span class="hl kwa">foreach</span> <span class="hl kwc">my</span> <span class="hl kwb">$server</span> <span class="hl opt">(</span><span class="hl kwb">$smb</span><span class="hl opt">-></span><span class="hl kwd">find_servers</span><span class="hl opt">) {</span>
<span class="hl kwa">return</span> <span class="hl kwb">$server</span><span class="hl opt">->{</span>name<span class="hl opt">}</span> <span class="hl kwa">if</span> <span class="hl kwb">$server</span><span class="hl opt">->{</span>group<span class="hl opt">} ==</span> <span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">];</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> fetch_dn <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$srv</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$s</span> <span class="hl opt">=</span> run_program<span class="hl opt">::</span>rooted_get_stdout<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">'ldapsearch'</span><span class="hl opt">,</span> <span class="hl str">'-x'</span><span class="hl opt">,</span> <span class="hl str">'-h'</span><span class="hl opt">,</span> <span class="hl kwb">$srv,</span> <span class="hl str">'-b'</span><span class="hl opt">,</span> <span class="hl str">''</span><span class="hl opt">,</span> <span class="hl str">'-s'</span><span class="hl opt">,</span> <span class="hl str">'base'</span><span class="hl opt">,</span> <span class="hl str">'+'</span><span class="hl opt">);</span>
<span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} =</span> first<span class="hl opt">(</span><span class="hl kwb">$s</span> <span class="hl opt">=~</span> <span class="hl kwd">/namingContexts: (.+)/</span><span class="hl opt">);</span>
<span class="hl kwa">return</span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">};</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> configure_nss_ldap <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
update_ldap_conf<span class="hl opt">(</span>
host <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_server<span class="hl opt">},</span>
base <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">},</span>
<span class="hl opt">);</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nssgrp<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">'1'</span><span class="hl opt">) {</span>
update_ldap_conf<span class="hl opt">(</span>
nss_base_shadow <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nss_shadow<span class="hl opt">} .</span> <span class="hl str">"?sub"</span><span class="hl opt">,</span>
nss_base_passwd <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nss_pwd<span class="hl opt">} .</span> <span class="hl str">"?sub"</span><span class="hl opt">,</span>
nss_base_group <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>nss_grp<span class="hl opt">} .</span> <span class="hl str">"?sub"</span><span class="hl opt">,</span>
<span class="hl opt">);</span>
<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
update_ldap_conf<span class="hl opt">(</span>
nss_base_shadow <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} .</span> <span class="hl str">"?sub"</span><span class="hl opt">,</span>
nss_base_passwd <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} .</span> <span class="hl str">"?sub"</span><span class="hl opt">,</span>
nss_base_group <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAPDOMAIN<span class="hl opt">} .</span> <span class="hl str">"?sub"</span><span class="hl opt">,</span>
<span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>anonymous<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">'1'</span><span class="hl opt">) {</span>
update_ldap_conf<span class="hl opt">(</span>
binddn <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_binddn<span class="hl opt">},</span>
bindpw <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>LDAP_bindpwd<span class="hl opt">},</span>
<span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">->{</span>cafile<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">'1'</span><span class="hl opt">) {</span>
update_ldap_conf<span class="hl opt">(</span>
ssl <span class="hl opt">=></span> <span class="hl str">"on"</span><span class="hl opt">,</span>
tls_checkpeer <span class="hl opt">=></span> <span class="hl str">"yes"</span><span class="hl opt">,</span>
tls_cacertfile <span class="hl opt">=></span> <span class="hl kwb">$authentication</span><span class="hl opt">->{</span>file<span class="hl opt">},</span>
<span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> compute_password_weakness <span class="hl opt">{</span>
<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$password</span><span class="hl opt">) =</span> <span class="hl kwb">@_</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$score</span> <span class="hl opt">=</span> <span class="hl num">0</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$len</span> <span class="hl opt">=</span> <span class="hl kwc">length</span><span class="hl opt">(</span><span class="hl kwb">$password</span><span class="hl opt">);</span>
<span class="hl kwa">return</span> <span class="hl num">0</span> <span class="hl kwa">if</span> <span class="hl kwb">$len</span> <span class="hl opt">==</span> <span class="hl num">0</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">=</span> <span class="hl kwb">$len</span> <span class="hl opt"><</span> <span class="hl num">5</span> ? <span class="hl num">3</span> <span class="hl opt">:</span>
<span class="hl kwb">$len</span> <span class="hl opt">></span> <span class="hl num">4</span> <span class="hl opt">&&</span> <span class="hl kwb">$len</span> <span class="hl opt"><</span> <span class="hl num">8</span> ? <span class="hl num">6</span> <span class="hl opt">:</span>
<span class="hl kwb">$len</span> <span class="hl opt">></span> <span class="hl num">7</span> <span class="hl opt">&&</span> <span class="hl kwb">$len</span> <span class="hl opt"><</span> <span class="hl num">16</span> ? <span class="hl num">12</span> <span class="hl opt">:</span> <span class="hl num">18</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">1</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/[a-z]/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">5</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/[A-Z]/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">5</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/\d+/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">5</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/(.*[0-9].*[0-9].*[0-9])/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">5</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/.[!@#$%^&*?_~,]/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">5</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/(.*[!@#$%^&*?_~,].*[!@#$%^&*?_~,])/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">2</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/([a-z].*[A-Z])|([A-Z].*[a-z])/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">2</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/([a-zA-Z])/</span> <span class="hl opt">&&</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/([0-9])/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">2</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/([a-z].*[A-Z])|([A-Z].*[a-z])/</span><span class="hl opt">;</span>
<span class="hl kwb">$score</span> <span class="hl opt">+=</span> <span class="hl num">2</span> <span class="hl kwa">if</span> <span class="hl kwb">$password</span> <span class="hl opt">=~</span> <span class="hl kwd">/([a-zA-Z0-9].*[!@#$%^&*?_~])|([!@#$%^&*?_~,].*[a-zA-Z0-9])/</span><span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$level</span> <span class="hl opt">=</span> <span class="hl kwb">$score</span> <span class="hl opt"><</span> <span class="hl num">11</span> ? <span class="hl num">1</span> <span class="hl opt">:</span>
<span class="hl kwb">$score</span> <span class="hl opt">></span> <span class="hl num">10</span> <span class="hl opt">&&</span> <span class="hl kwb">$score</span> <span class="hl opt"><</span> <span class="hl num">20</span> ? <span class="hl num">2</span> <span class="hl opt">:</span>
<span class="hl kwb">$score</span> <span class="hl opt">></span> <span class="hl num">19</span> <span class="hl opt">&&</span> <span class="hl kwb">$score</span> <span class="hl opt"><</span> <span class="hl num">30</span> ? <span class="hl num">3</span> <span class="hl opt">:</span>
<span class="hl kwb">$score</span> <span class="hl opt">></span> <span class="hl num">29</span> <span class="hl opt">&&</span> <span class="hl kwb">$score</span> <span class="hl opt"><</span> <span class="hl num">40</span> ? <span class="hl num">4</span> <span class="hl opt">:</span> <span class="hl num">5</span><span class="hl opt">;</span>
<span class="hl kwa">return</span> <span class="hl kwb">$level</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl num">1</span><span class="hl opt">;</span>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.1</a> (<a href='https://git-scm.com/'>git 2.21.0</a>) at 2025-03-02 15:55:43 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>