package install_steps; # $Id$

use diagnostics;
use strict;
use vars qw(@filesToSaveForUpgrade @filesNewerToUseAfterUpgrade);

#-######################################################################################
#- misc imports
#-######################################################################################
use common;
use install_any qw(:all);
use partition_table qw(:types);
use detect_devices;
use modules;
use run_program;
use lang;
use keyboard;
use fsedit;
use loopback;
use do_pkgs;
use pkgs;
use any;
use log;
use fs;

our @ISA = qw(do_pkgs);

@filesToSaveForUpgrade = qw(
/etc/ld.so.conf /etc/fstab /etc/hosts /etc/conf.modules /etc/modules.conf
);

@filesNewerToUseAfterUpgrade = qw(
/etc/profile
);

#-######################################################################################
#- OO Stuff
#-######################################################################################
sub new($$) {
    my ($type, $o) = @_;

    bless $o, ref($type) || $type;
    return $o;
}

sub charsetChanged {
    my ($_o) = @_;
}

#-######################################################################################
#- In/Out Steps Functions
#-######################################################################################
sub enteringStep {
    my ($_o, $step) = @_;
    log::l("starting step `$step'");
}
sub leavingStep {
    my ($o, $step) = @_;
    log::l("step `$step' finished");

    if (-d "$o->{prefix}/root/drakx") {
	eval { cp_af("/tmp/ddebug.log", "$o->{prefix}/root/drakx") };
	output(install_any::auto_inst_file(), install_any::g_auto_install(1));
    }

    foreach my $s (@{$o->{orderedSteps}}) {
	#- the reachability property must be recomputed each time to take
	#- into account failed step.
	next if $o->{steps}{$s}{done} && !$o->{steps}{$s}{redoable};

	my $reachable = 1;
	if (my $needs = $o->{steps}{$s}{needs}) {
	    my @l = ref($needs) ? @$needs : $needs;
	    $reachable = min(map { $o->{steps}{$_}{done} || 0 } @l);
	}
	$o->{steps}{$s}{reachable} = 1 if $reachable;
    }
    $o->{steps}{$step}{reachable} = $o->{steps}{$step}{redoable};

    while (my $f = shift @{$o->{steps}{$step}{toBeDone} || []}) {
	eval { &$f() };
	$o->ask_warn(N("Error"), [
N("An error occurred, but I don't know how to handle it nicely.
Continue at your own risk."), formatError($@) ]) if $@;
    }
}

sub errorInStep { 
    my ($_o, $_err) = @_;
    print "error :(\n"; 
    c::_exit(1);
}
sub kill_action {}

#-######################################################################################
#- Steps Functions
#-######################################################################################
#------------------------------------------------------------------------------
sub selectLanguage {
    my ($o) = @_;

    #- for auto_install compatibility with old $o->{lang}
    $o->{locale} = lang::system_locales_to_ourlocale($o->{lang}, $o->{lang}) if $o->{lang};
    $o->{locale}{langs} ||= { $o->{locale}{lang} => 1 };

    if (!exists $o->{locale}{country}) {
	$o->{locale}{country} = $1 if lang::l2locale($o->{locale}{lang}) =~ /^.._(..)/;
    }

    lang::set($o->{locale}, !$o->isa('interactive::gtk'));
    add2hash_($o->{locale}, { utf8 => lang::utf8_should_be_needed($o->{locale}) });

    log::l("selectLanguage: pack_langs: ", lang::pack_langs($o->{locale}{langs}), " utf8-flag: ", to_bool($o->{locale}{utf8}));

    #- for auto_install compatibility with old $o->{keyboard} containing directly $o->{keyboard}{KEYBOARD}
    $o->{keyboard} = { KEYBOARD => $o->{keyboard} } if $o->{keyboard} && !ref($o->{keyboard});

    if (!$o->{keyboard} || $o->{keyboard}{unsafe}) {
	$o->{keyboard} = keyboard::from_usb() || keyboard::lang2keyboard($o->{locale}{lang});
	$o->{keyboard}{unsafe} = 1;
	keyboard::setup($o->{keyboard});
    }

    $o->charsetChanged;

    addToBeDone {
	lang::write_langs($o->{locale}{langs});
    } 'formatPartitions';
    addToBeDone {
	lang::write($o->{prefix}, $o->{locale});
    } 'installPackages';
}
#------------------------------------------------------------------------------
sub selectKeyboard {
    my ($o) = @_;
    $o->{keyboard}{KBCHARSET} = lang::l2charset($o->{locale}{lang});
    keyboard::setup($o->{keyboard});

    addToBeDone {
	keyboard::write($o->{keyboard});
    } 'installPackages' if !$o->{isUpgrade} || !$o->{keyboard}{unsafe};

    if ($o->{raw_X}) {
	require Xconfig::default;
	Xconfig::default::config_keyboard($o->{raw_X}, $o->{keyboard});
	$o->{raw_X}->write;
    }
}
#------------------------------------------------------------------------------
sub acceptLicense {}

#------------------------------------------------------------------------------
sub setupSCSI {
    my ($o) = @_;
    modules::configure_pcmcia($o->{pcmcia}) if $o->{pcmcia};
    modules::load(modules::category2modules('disk/cdrom'));
    modules::load_category('bus/firewire');
    modules::load_category('disk/scsi|hardware_raid|firewire');

    install_any::getHds($o);
}

#------------------------------------------------------------------------------
sub selectInstallClass {
    my ($o) = @_;

    if ($o->{partitioning}{use_existing_root} || $o->{isUpgrade}) {
	# either one root is defined (and all is ok), or we take the first one we find
	my $p = fsedit::get_root_($o->{fstab}) || (first(install_any::find_root_parts($o->{fstab}, $o->{prefix})) || die)->{part};
	install_any::use_root_part($o->{all_hds}, $p, $o->{prefix});
    } 
}

#------------------------------------------------------------------------------
sub doPartitionDisksBefore {
    my ($o) = @_;
    eval { 
	eval { fs::umount("$o->{prefix}/proc") };
	eval {          fs::umount_all($o->{fstab}, $o->{prefix}) };
	eval { sleep 1; fs::umount_all($o->{fstab}, $o->{prefix}) } if $@; #- HACK
    } if $o->{fstab} && !$::testing;
}

#------------------------------------------------------------------------------
sub doPartitionDisksAfter {
    my ($o) = @_;

    if (!$::testing) {
	my $hds = $o->{all_hds}{hds};
	partition_table::write($_) foreach @$hds;
	$_->{rebootNeeded} and $o->rebootNeeded foreach @$hds;
    }

    fs::set_removable_mntpoints($o->{all_hds});
    fs::set_all_default_options($o->{all_hds}, %$o, lang::fs_options($o->{locale}))
	if !$o->{isUpgrade};

    $o->{fstab} = [ fsedit::get_all_fstab($o->{all_hds}) ];
    fsedit::get_root_($o->{fstab}) or die "Oops, no root partition";

    if (arch() =~ /ppc/ && detect_devices::get_mac_generation() =~ /NewWorld/) {
	die "Need bootstrap partition to boot system!" if !(defined $partition_table::mac::bootstrap_part);
    }
    
    if (arch() =~ /ia64/ && !fsedit::has_mntpoint("/boot/efi", $o->{all_hds})) {
	die N("You must have a FAT partition mounted in /boot/efi");
    }

    if ($o->{partitioning}{use_existing_root} && !$::recovery) {
	#- ensure those partitions are mounted so that they are not proposed in choosePartitionsToFormat
	fs::mount_part($_, $o->{prefix}) foreach sort { $a->{mntpoint} cmp $b->{mntpoint} }
						 grep { $_->{mntpoint} && maybeFormatted($_) } @{$o->{fstab}};
    }

    cat_("/proc/mounts") =~ m|(\S+)\s+/tmp/image nfs| &&
      !any { $_->{mntpoint} eq "/mnt/nfs" } @{$o->{all_hds}{nfss}} and
	push @{$o->{all_hds}{nfss}}, { type => 'nfs', mntpoint => "/mnt/nfs", device => $1, options => "noauto,ro,nosuid,soft,rsize=8192,wsize=8192" };
}

#------------------------------------------------------------------------------
sub doPartitionDisks {
    my ($o) = @_;

    if ($o->{partitioning}{auto_allocate}) {
	catch_cdie { fsedit::auto_allocate($o->{all_hds}, $o->{partitions}) } sub { 1 };
    }
}

#------------------------------------------------------------------------------

sub ask_mntpoint_s {#-}}}
    my ($_o, $fstab) = @_;

    #- TODO: set the mntpoints

    my %m; foreach (@$fstab) {
	my $m = $_->{mntpoint};

	next if !$m || $m eq 'swap'; #- there may be a lot of swap.

	$m{$m} and die N("Duplicate mount point %s", $m);
	$m{$m} = 1;

	#- in case the type does not correspond, force it to ext3
	$_->{type} = 0x483 if $m =~ m|^/| && !isTrueFS($_) && !isOtherAvailableFS($_);
    }
    1;
}


sub rebootNeeded($) {
    my ($_o) = @_;
    log::l("Rebooting...");
    c::_exit(0);
}

sub choosePartitionsToFormat($$) {
    my ($_o, $fstab) = @_;

    foreach (@$fstab) {
	$_->{mntpoint} = "swap" if isSwap($_);
	$_->{mntpoint} or next;
	
	add2hash_($_, { toFormat => $_->{notFormatted} });
        $_->{$::recovery ? 'toFormat' : 'toFormatUnsure'} ||= member($_->{mntpoint}, '/', '/usr');

	if (!$_->{toFormat}) {
	    my $t = fsedit::typeOfPart($_->{device});
	    $_->{toFormatUnsure} ||=
	      #- if detected dos/win, it's not precise enough to just compare the types (too many of them)
	      (!$t || isOtherAvailableFS({ type => $t }) ? !isOtherAvailableFS($_) : $t != $_->{type});
	}
    }
}

sub formatMountPartitions {
    my ($o) = @_;
    fs::formatMount_all($o->{all_hds}{raids}, $o->{fstab}, $o->{prefix});
}

#------------------------------------------------------------------------------
sub setPackages {
    my ($o, $rebuild_needed) = @_;

    install_any::setPackages($o, $rebuild_needed);
    pkgs::selectPackagesAlreadyInstalled($o->{packages}, $o->{prefix});
    $rebuild_needed and pkgs::selectPackagesToUpgrade($o->{packages}, $o->{prefix});
}

sub choosePackages {
    my ($o, $packages, $_compssUsers, $first_time) = @_;

    #- now for upgrade, package that must be upgraded are
    #- selected first, after is used the same scheme as install.

    #- make sure we kept some space left for available else the system may
    #- not be able to start (xfs at least).
    my $available = install_any::getAvailableSpace($o);
    my $availableCorrected = pkgs::invCorrectSize($available / sqr(1024)) * sqr(1024);
    log::l(sprintf "available size %s (corrected %s)", formatXiB($available), formatXiB($availableCorrected));

    add2hash_($o, { compssListLevel => 5 }) if !$::auto_install;

    #- avoid destroying user selection of packages but only
    #- for expert, as they may have done individual selection before.
    if ($first_time || !$::expert) {
	exists $o->{compssListLevel}
	  and pkgs::setSelectedFromCompssList($packages, $o->{compssUsersChoice}, $o->{compssListLevel}, $availableCorrected);
    }
    $availableCorrected;
}

sub beforeInstallPackages {
    my ($o) = @_;

    #- save these files in case of upgrade failure.
    if ($o->{isUpgrade}) {
	foreach (@filesToSaveForUpgrade) {
	    unlink "$o->{prefix}/$_.mdkgisave";
	    if (-e "$o->{prefix}/$_") {
		eval { cp_af("$o->{prefix}/$_", "$o->{prefix}/$_.mdkgisave") };
	    }
	}
	foreach (@filesNewerToUseAfterUpgrade) {
	    unlink "$o->{prefix}/$_.rpmnew";
	}
    }

    #- some packages need such files for proper installation.
    install_any::write_fstab($o);

    require network::network;
    network::network::add2hosts("$o->{prefix}/etc/hosts", "localhost.localdomain", "127.0.0.1");

    log::l("setting excludedocs to $o->{excludedocs}");
    substInFile { s/%_excludedocs.*//; $_ .= "%_excludedocs yes\n" if eof && $o->{excludedocs} } "$o->{prefix}/etc/rpm/macros";

    #- add oem theme if the files exists.
    mkdir_p("$o->{prefix}/usr/share");
    install_any::getAndSaveFile("Mandrake/base/oem-theme.rpm", "$o->{prefix}/usr/share/oem-theme.rpm");
}

sub pkg_install {
    my ($o, @l) = @_;
    log::l("selecting packages ".join(" ", @l));
    require pkgs;
    if ($::testing) {
	log::l(qq(selecting package "$_")) foreach @l;
    } else {
	$o->{packages}{rpmdb} ||= pkgs::rpmDbOpen($o->{prefix});
	pkgs::selectPackage($o->{packages}, pkgs::packageByName($o->{packages}, $_) || die "$_ rpm not found") foreach @l;
    }
    my @toInstall = pkgs::packagesToInstall($o->{packages});
    if (@toInstall) {
	log::l("installing packages");
	$o->installPackages;
    } else {
	log::l("all packages selected are already installed, nothing to do")
    }
}

sub pkg_install_if_requires_satisfied {
    my ($o, @l) = @_;
    require pkgs;
    $o->{packages}{rpmdb} ||= pkgs::rpmDbOpen($o->{prefix});
    foreach (@l) {
	my %newSelection;
	my $pkg = pkgs::packageByName($o->{packages}, $_) || die "$_ rpm not found";
	pkgs::selectPackage($o->{packages}, $pkg, 0, \%newSelection);
	if (scalar(keys %newSelection) == 1) {
	    pkgs::selectPackage($o->{packages}, $pkg);
	} else {
	    log::l("pkg_install_if_requires_satisfied: not selecting $_ because of ", join(", ", keys %newSelection));
	}
    }
    $o->installPackages;
}

sub installPackages($$) { #- complete REWORK, TODO and TOCHECK!
    my ($o) = @_;
    my $packages = $o->{packages};

    if (%{$packages->{state}{ask_remove} || {}}) {
	log::l("removing : ", join ', ', keys %{$packages->{state}{ask_remove}});
	pkgs::remove($o->{prefix}, [ keys %{$packages->{state}{ask_remove}} ], $packages);
    }

    #- small transaction will be built based on this selection and depslist.
    my @toInstall = pkgs::packagesToInstall($packages);

    my $time = time();
    $ENV{DURING_INSTALL} = 1;
    pkgs::install($o->{prefix}, $o->{isUpgrade}, \@toInstall, $packages);

    any::writeandclean_ldsoconf($o->{prefix});
    delete $ENV{DURING_INSTALL};
    run_program::rooted_or_die($o->{prefix}, 'ldconfig');
    log::l("Install took: ", formatTimeRaw(time() - $time));
    install_any::log_sizes($o);
    scalar(@toInstall); #- return number of packages installed.
}

sub afterInstallPackages($) {
    my ($o) = @_;

    die N("Some important packages didn't get installed properly.
Either your cdrom drive or your cdrom is defective.
Check the cdrom on an installed computer using \"rpm -qpl Mandrake/RPMS/*.rpm\"
") if any { m|read failed: Input/output error| } cat_("$o->{prefix}/root/drakx/install.log");

    if (arch() !~ /^sparc/) { #- TODO restore it as may be needed for sparc
	-x "$o->{prefix}/usr/bin/dumpkeys" or $::testing or die 
"Some important packages didn't get installed properly.

Please switch to console 2 (using ctrl-alt-f2)
and look at the log file /tmp/ddebug.log

Consoles 1,3,4,7 may also contain interesting information";
    }

    #-  why not? cuz weather is nice today :-) [pixel]
    common::sync(); common::sync();

    my $have_devfsd = do {
	my $p = pkgs::packageByName($o->{packages}, 'devfsd');
	$p && $p->flag_installed
    };
    require bootloader;
    bootloader::may_append($o->{bootloader}, devfs => $have_devfsd ? 'mount' : 'nomount');

    #- generate /etc/lvmtab needed for rc.sysinit
    run_program::rooted($o->{prefix}, 'lvm2', 'vgscan') if -e '/etc/lvmtab';

    #- configure PCMCIA services if needed.
    modules::write_pcmcia($o->{prefix}, $o->{pcmcia});

    #- for mandrake_firstime
    touch "$o->{prefix}/var/lock/TMP_1ST";

    any::config_dvd($o->{prefix}, $have_devfsd);
    any::config_mtools($o->{prefix});

    #- make sure wins is disabled in /etc/nsswitch.conf
    #- else if eth0 is not existing, glibc segfaults.
    substInFile { s/\s*wins// if /^\s*hosts\s*:/ } "$o->{prefix}/etc/nsswitch.conf";

    #- make sure some services have been enabled (or a catastrophic restart will occur).
    #- these are normally base package post install scripts or important services to start.
    run_program::rooted($o->{prefix}, "chkconfig", "--add", $_) foreach
			qw(random netfs network rawdevices sound kheader keytable syslog crond portmap);

    if ($o->{mouse}{device} =~ /ttyS/) {
	log::l("disabling gpm for serial mice (doesn't get along nicely with X)");
	run_program::rooted($o->{prefix}, "chkconfig", "--del", "gpm") 
    }

    #- install urpmi before as rpmdb will be opened, this will cause problem with update-menus.
    $o->install_urpmi;

    #- update menu scheme before calling update menus if desktop mode.
    if ($o->{meta_class} eq 'desktop') {
	run_program::rooted($o->{prefix}, "touch", "/etc/menu/do-not-create-menu-link");
	run_program::rooted($o->{prefix}, "touch", "/etc/menu/enable_simplified");
    } elsif (!$o->{isUpgrade}) {
	run_program::rooted($o->{prefix}, "touch", "/etc/menu/do-not-create-menu-link");
    }

    if ($o->{pcmcia}) {
	substInFile { s/.*(TaskBarShowAPMStatus).*/$1=1/ } "$o->{prefix}/usr/lib/X11/icewm/preferences";
	eval { cp_af("$o->{prefix}/usr/share/applnk/System/kapm.kdelnk",
		     "$o->{prefix}/etc/skel/Desktop/Autostart/kapm.kdelnk") };
    }

    if ($o->{brltty}) {
	output("$o->{prefix}/etc/brltty.conf", <<EOF);
braille-driver $o->{brltty}{driver}
braille-device $o->{brltty}{device}
text-table $o->{brltty}{table}
EOF
    }


    install_any::disable_user_view() if $o->{security} >= 3 || $o->{authentication}{NIS};
    run_program::rooted($o->{prefix}, "kdeDesktopCleanup");

    foreach (list_skels($o->{prefix}, '.kde/share/config/kfmrc')) {
	my $found;
	substInFile {
	    $found ||= /KFM Misc Defaults/;
	    $_ .= 
"[KFM Misc Defaults]
GridWidth=85
GridHeight=70
" if eof && !$found;
	} $_ 
    }

    #- move some file after an upgrade that may be seriously annoying.
    #- and rename saved files to .mdkgiorig.
    if ($o->{isUpgrade}) {
	my $pkg = pkgs::packageByName($o->{packages}, 'rpm');
	$pkg && ($pkg->flag_selected || $pkg->flag_installed) && $pkg->compare(">= 4.0") and pkgs::cleanOldRpmDb($o->{prefix});

	log::l("moving previous desktop files that have been updated to Trash of each user");
	install_any::kdemove_desktop_file($o->{prefix});

	foreach (@filesToSaveForUpgrade) {
	    renamef("$o->{prefix}/$_.mdkgisave", "$o->{prefix}/$_.mdkgiorig")
	      if -e "$o->{prefix}$_.mdkgisave";
	}

	foreach (@filesNewerToUseAfterUpgrade) {
	    if (-e "$o->{prefix}/$_.rpmnew" && -e "$o->{prefix}/$_") {
		renamef("$o->{prefix}/$_", "$o->{prefix}/$_.mdkgiorig");
		renamef("$o->{prefix}/$_.rpmnew", "$o->{prefix}/$_");
	    }
	}
    }

    any::fix_broken_alternatives();

    #- update theme directly from a package (simplest).
    if (-s "$o->{prefix}/usr/share/oem-theme.rpm") {
	run_program::rooted($o->{prefix}, "rpm", "-U", "/usr/share/oem-theme.rpm");
	unlink "/usr/share/oem-theme.rpm";
    }

    #- call update-menus at the end of package installation
    push @{$o->{waitpids}}, run_program::raw({ root => $o->{prefix}, detach => 1 }, "update-menus", "-n");

    if ($o->{blank} || $o->{updatemodules}) {
	my @l = detect_devices::floppies_dev();

	foreach (qw(blank updatemodules)) {
	    $o->{$_} eq "1" and $o->{$_} = $l[0] || die N("No floppy drive available");
	}

	$o->{blank} and $o->copyKernelFromFloppy;
	$o->{updatemodules} and $o->updateModulesFromFloppy;
    }
}

sub copyKernelFromFloppy {
    my ($o) = @_;
    return if $::testing || !$o->{blank};

    fs::mount($o->{blank}, "/floppy", "vfat", 0);
    eval { cp_af("/floppy/vmlinuz", "$o->{prefix}/boot/vmlinuz-default") };
    if ($@) {
	log::l("copying of /floppy/vmlinuz from blank modified disk failed: $@");
    }
    fs::umount("/floppy");
}

sub install_urpmi {
    my ($o) = @_;

    my $pkg = pkgs::packageByName($o->{packages}, 'urpmi');
    if ($pkg && ($pkg->flag_selected || $pkg->flag_installed)) {
	install_any::install_urpmi($o->{prefix}, 
				   $o->{method},
				   $o->{packages},
				   $o->{packages}{mediums});
	pkgs::saveCompssUsers($o->{prefix}, $o->{packages}, $o->{compssUsers}, $o->{compssUsersSorted});
    }
}

sub updateModulesFromFloppy {
    my ($o) = @_;
    return if $::testing || !$o->{updatemodules};

    fs::mount($o->{updatemodules}, "/floppy", "ext2", 0);
    foreach (glob_("$o->{prefix}/lib/modules/*")) {
	my ($kernelVersion) = m,lib/modules/(\S*),;
	log::l("examining updated modules for kernel $kernelVersion");
	if (-d "/floppy/$kernelVersion") {
	    my @src_files = glob_("/floppy/$kernelVersion/*");
	    my @dest_files = map { chomp_($_) } run_program::rooted_get_stdout($o->{prefix}, 'find', '/lib/modules');
	    foreach my $s (@src_files) {
		log::l("found updatable module $s");
		my ($sfile, $sext) = $s =~ m!([^/\.]*\.k?o)(?:\.gz|\.bz2)?$!;
		my $qsfile = quotemeta $sfile;
		my $qsext = quotemeta $sext;
		foreach my $target (@dest_files) {
		    $target =~ /$qsfile/ or next;
		    eval { cp_af($s, $target) };
		    if ($@) {
			log::l("updating module $target by $s failed: $@");
		    } else {
			log::l("updating module $target by $s");
		    }
		    if ($target !~ /$qsfile$qsext$/) {
			#- extension differ, first rename target file correctly,
			#- then uncompress source file, then compress it as expected.
			my ($basetarget, $text) = $target =~ /(.*?)(\.gz|\.bz2)$/;
			rename $target, "$basetarget$sext";
			$sext eq '.gz' and run_program::run("gzip", "-d", "$basetarget$sext");
			$sext eq '.bz2' and run_program::run("bzip2", "-d", "$basetarget$sext");
			$text eq '.gz' and run_program::run("gzip", $basetarget);
			$text eq '.bz2' and run_program::run("bzip2", $basetarget);
		    }
		}
	    }
	}
    }
    fs::umount("/floppy");
}

#------------------------------------------------------------------------------
sub selectMouse($) {
    my ($_o) = @_;
}

#------------------------------------------------------------------------------
sub configureNetwork {
    my ($o) = @_;
    require network::network;
    network::network::configureNetwork2($o, $o->{prefix}, $o->{netc}, $o->{intf});
    if ($o->{method} =~ /ftp|http|nfs/) {
	$o->{netcnx}{type} = 'lan';
	foreach ("up", "down") {
	    my $f = "$o->{prefix}/etc/sysconfig/network-scripts/net_cnx_$_";
	    output_with_perm($f, 0755, "\nif$_ eth0\n");
	}
	output "$o->{prefix}/etc/sysconfig/network-scripts/net_cnx_pg", "\n/usr/sbin/drakconnect\n";

	require network::netconnect;
	$o->{netcnx}{$_} = $o->{netc}{$_} foreach qw(NET_DEVICE NET_INTERFACE);
    }
}

#------------------------------------------------------------------------------
sub installUpdates {
    my ($o) = @_;
    my $u = $o->{updates} or return; $u->{updates} or return;

    upNetwork($o);
    require crypto;
    crypto::getPackages($o->{prefix}, $o->{packages}, $u->{mirror}) and
	$o->pkg_install(@{$u->{packages} || []});

    #- re-install urpmi with update security medium.
    $o->install_urpmi;
}

sub summaryBefore {}

sub summary {
    my ($o) = @_;
    configureTimezone($o);
    configurePrinter($o) if $o->{printer};
}

sub summaryAfter {
    my ($o) = @_;

    require bootloader;
    my $acpi = bootloader::get_append($o->{bootloader}, 'acpi');
    if (!member($acpi, 'off', 'ht') && !(-x "$::prefix/usr/bin/acpi" && -x "$::prefix/usr/sbin/acpid")) {
	$o->do_pkgs->install(qw(acpi acpid));
    }
}

#------------------------------------------------------------------------------
sub configureTimezone {
    my ($o) = @_;
    install_any::preConfigureTimezone($o);

    $o->pkg_install('ntp') if $o->{timezone}{ntp};

    require timezone;
    timezone::write($o->{timezone});
}

#------------------------------------------------------------------------------
sub configureServices {
    my ($o) = @_;
    if ($o->{services}) {
	require services;
	services::doit($o, $o->{services});
    }
}
#------------------------------------------------------------------------------
sub configurePrinter {
    my ($o) = @_;
    $o->do_pkgs->install('foomatic-filters', 'foomatic-db-engine', 'foomatic-db', 'printer-utils', 'printer-testpages',
			 if_($o->do_pkgs->is_installed('gimp'), 'gimpprint'));
    
    require printer::main;
    eval { add2hash($o->{printer} ||= {}, printer::main::getinfo($o->{prefix})) }; #- get existing configuration.

    require printer::printerdrake;
    printer::printerdrake::install_spooler($o->{printer}, $o); #- not interactive...

    foreach (values %{$o->{printer}{configured} || {}}) {
	log::l("configuring printer queue " . $_->{queuedata}{queue} || $_->{QUEUE});
	#- when copy is so adulée (sorry french taste :-)
	#- and when there are some configuration in one place and in another place...
	$o->{printer}{currentqueue} = {};
	printer::main::copy_printer_params($_->{queuedata}, $o->{printer}{currentqueue});
	printer::main::copy_printer_params($_, $o->{printer});
	#- setup all configured queues, which is not the case interactively where
	#- only the working queue is setup on configuration.
	printer::main::configure_queue($o->{printer});
    }
}

#------------------------------------------------------------------------------
sub setRootPassword {
    my ($o) = @_;
    $o->{superuser} ||= {};
    $o->{superuser}{name} = 'root';
    any::write_passwd_user($o->{superuser}, $o->{authentication}{md5});
    delete $o->{superuser}{name};
    install_any::set_authentication($o);
}

#------------------------------------------------------------------------------

sub addUser {
    my ($o) = @_;
    my $users = $o->{users} ||= [];

    my (%uids, %gids); 
    foreach (glob_("$::prefix/home")) { my ($u, $g) = (stat($_))[4,5]; $uids{$u} = 1; $gids{$g} = 1 }

    foreach (@$users) {
	$_->{home} ||= "/home/$_->{name}";

	my $u = $_->{uid} || ($_->{oldu} = (stat("$::prefix$_->{home}"))[4]) || int getpwnam($_->{name});
	my $g = $_->{gid} || ($_->{oldg} = (stat("$::prefix$_->{home}"))[5]) || int getgrnam($_->{name});
	#- search for available uid above 501 else initscripts may fail to change language for KDE.
	if (!$u || getpwuid($u)) { for ($u = 501; getpwuid($u) || $uids{$u}; $u++) {} }
	if (!$g)                 { for ($g = 501; getgrgid($g) || $gids{$g}; $g++) {} }
	
	$_->{uid} = $u; $uids{$u} = 1;
	$_->{gid} = $g; $gids{$g} = 1;
    }

    any::write_passwd_user($_, $o->{authentication}{md5}) foreach @$users;

    append_to_file("$::prefix/etc/group",
		   map { "$_->{name}:x:$_->{gid}:\n" } grep { ! getgrgid($_->{gid}) } @$users);

    foreach my $u (@$users) {
	if (! -d "$::prefix$u->{home}") {
	    my $mode = $o->{security} < 2 ? 0755 : 0750;
	    eval { cp_af("$::prefix/etc/skel", "$::prefix$u->{home}") };
	    if ($@) {
		log::l("copying of skel failed: $@"); mkdir("$::prefix$u->{home}", $mode); 
	    } else {
		chmod $mode, "$::prefix$u->{home}";
	    }
	}
	require commands;
	eval { commands::chown_("-r", "$u->{uid}.$u->{gid}", "$::prefix$u->{home}") }
	    if $u->{uid} != $u->{oldu} || $u->{gid} != $u->{oldg};
    }
    #- since we wrote the password in /etc/passwd, we must convert to shadow
    run_program::rooted($::prefix, 'pwconv') if $o->{authentication}{shadow};

    any::addUsers($users);

    if ($o->{autologin}) {
	$o->{desktop} ||= first(any::sessions());
	$o->pkg_install("autologin") if !member($o->{desktop}, 'KDE', 'GNOME');
    }
    any::set_autologin($o->{autologin}, $o->{desktop});

    install_any::disable_user_view() if @$users == ();
}

#------------------------------------------------------------------------------
sub readBootloaderConfigBeforeInstall {
    my ($o) = @_;

    require bootloader;
    add2hash($o->{bootloader} ||= {}, bootloader::read());

    $o->{bootloader}{bootUnsafe} = 0 if $o->{bootloader}{boot}; #- when upgrading, don't ask where to install the bootloader (mbr vs boot partition)

    #- since kernel or kernel-smp may not be upgraded, it should be checked
    #- if there is a need to update existing lilo.conf entries by following
    #- symlinks before kernel or other packages get installed.
    #- update everything that could be a filename (for following symlink).
    foreach my $e (@{$o->{bootloader}{entries}}) {
	while (my $v = readlink "$o->{prefix}/$e->{kernel_or_dev}") {
	    $v = "/boot/$v" if $v !~ m|^/|; -e "$o->{prefix}$v" or last;
	    log::l("renaming $e->{kernel_or_dev} entry by $v");
	    $e->{kernel_or_dev} = $v;
	}
	while (my $v = readlink "$o->{prefix}/$e->{initrd}") {
	    $v = "/boot/$v" if $v !~ m|^/|; -e "$o->{prefix}$v" or last;
	    log::l("renaming $e->{initrd} entry by $v");
	    $e->{initrd} = $v;
	}
    }
}

sub setupBootloaderBefore {
    my ($o) = @_;

    require bootloader;

    #- remove previous ide-scsi lines
    bootloader::modify_append($o->{bootloader}, sub {
	my ($_simple, $dict) = @_;
	@$dict = grep { $_->[1] ne 'ide-scsi' } @$dict;
    });

    if ($o->{miscellaneous}{HDPARM}) {
	bootloader::set_append($o->{bootloader}, $_, 'autotune') foreach grep { /ide/ } all("/proc/ide");
    }
    if (cat_("/proc/cmdline") =~ /mem=nopentium/) {
	bootloader::set_append($o->{bootloader}, 'mem', 'nopentium');
    }
    if (cat_("/proc/cmdline") =~ /\b(pci)=(\S+)/) {
	bootloader::set_append($o->{bootloader}, $1, $2);
    }
    if (cat_("/proc/cmdline") =~ /\bacpi=off/) {
	bootloader::set_append($o->{bootloader}, acpi => 'off');
    }
    if (cat_("/proc/cmdline") =~ /\bacpi=ht/) {
	bootloader::set_append($o->{bootloader}, acpi => 'ht');
    }
    if (cat_("/proc/cmdline") =~ /\bnoapic/) {
	bootloader::set_append($o->{bootloader}, 'noapic');
    }
    my ($MemTotal) = cat_("/proc/meminfo") =~ /^MemTotal:\s*(\d+)/m;
    if (my ($biggest_swap) = sort { $b->{size} <=> $a->{size} } grep { isSwap($_) } @{$o->{fstab}}) {
	log::l("MemTotal: $MemTotal < ", $biggest_swap->{size} / 2);
	bootloader::set_append($o->{bootloader}, resume => devices::make($biggest_swap->{device})) if $MemTotal < $biggest_swap->{size} / 2;
    }

    #- check for valid fb mode to enable a default boot with frame buffer.
    my $vga = $o->{allowFB} && (!detect_devices::matching_desc('3D Rage LT') &&
                                !detect_devices::matching_desc('Rage Mobility [PL]') &&
                                !detect_devices::matching_desc('i740') &&
                                !detect_devices::matching_desc('Matrox') &&
                                !detect_devices::matching_desc('Tseng.*ET6\d00') &&
                                !detect_devices::matching_desc('SiS.*SG86C2.5') &&
                                !detect_devices::matching_desc('SiS.*559[78]') &&
                                !detect_devices::matching_desc('SiS.*300') &&
                                !detect_devices::matching_desc('SiS.*540') &&
                                !detect_devices::matching_desc('SiS.*6C?326') &&
                                !detect_devices::matching_desc('SiS.*6C?236') &&
                                !detect_devices::matching_desc('Voodoo [35]|Voodoo Banshee') && #- 3d acceleration seems to bug in fb mode
                                !detect_devices::matching_desc('828[14][05].* CGC') #- i810 & i845 now have FB support during install but we disable it afterwards
                               );
    my $force_vga = $o->{allowFB} && (detect_devices::matching_desc('SiS.*630') || #- SiS 630 need frame buffer.
                                      detect_devices::matching_desc('GeForce.*Integrated') #- needed for fbdev driver (hack).
                                     );

    #- propose the default fb mode for kernel fb, if aurora or bootsplash is installed.
    my $need_fb = do {
        my $p = pkgs::packageByName($o->{packages}, 'bootsplash');
        $p && $p->flag_installed;
    };
    bootloader::suggest($o->{bootloader}, $o->{all_hds}{hds}, $o->{fstab},
                        vga_fb => ($force_vga || $vga && $need_fb) && $o->{vga}, 
                        quiet => $o->{meta_class} ne 'server');
    bootloader::suggest_floppy($o->{bootloader}) if $o->{security} <= 3 && arch() !~ /ppc/;

    $o->{bootloader}{keytable} ||= keyboard::keyboard2kmap($o->{keyboard});
}

sub setupBootloader {
    my ($o) = @_;

    require bootloader;
    bootloader::install($o->{bootloader}, $o->{fstab}, $o->{all_hds}{hds});
}

#------------------------------------------------------------------------------
sub configureXBefore {
    my ($o) = @_;

    #- keep this here if the package has to be updated.
    $o->pkg_install("XFree86");
}
sub configureX {
    my ($o) = @_;
    configureXBefore($o);

    require Xconfig::default;
    $o->{raw_X} = Xconfig::default::configure($o->{keyboard}, $o->{mouse});

    require Xconfig::main;
    Xconfig::main::configure_everything_auto_install($o->{raw_X}, $o->do_pkgs, $o->{X}, { allowFB => $o->{allowFB} });
    configureXAfter($o);
}
sub configureXAfter {
    my ($o) = @_;
    if ($o->{X}{bios_vga_mode}) {
	install_any::setupFB($o, $o->{X}{bios_vga_mode}) or do {
	    log::l("disabling automatic start-up of X11 if any as setup framebuffer failed");
	    Xconfig::various::runlevel(3); #- disable automatic start-up of X11 on error.
	};
    }
    if ($o->{X}{default_depth} >= 16 && $o->{X}{resolution_wanted} >= 1024) {
	log::l("setting large icon style for kde");
	install_any::kderc_largedisplay($o->{prefix});
    }
}

#------------------------------------------------------------------------------
sub miscellaneousBefore {
    my ($o) = @_;

    my %s = getVarsFromSh("$o->{prefix}/etc/sysconfig/system");
    $o->{miscellaneous}{HDPARM} = $s{HDPARM} if exists $s{HDPARM};
    require security::level;
    require security::various;
    $o->{security} ||= security::level::get() || ($o->{meta_class} =~ /server|firewall/ ? 3 : 2);
    $o->{security_user} ||= security::various::config_security_user($o->{prefix});
    $o->{libsafe} ||= security::various::config_libsafe($o->{prefix});

    log::l("security $o->{security}");

    add2hash_($o->{miscellaneous} ||= {}, { numlock => !detect_devices::isLaptop() });
}
sub miscellaneous {
    my ($_o) = @_;
    #- keep some given parameters
    #-TODO
}
sub miscellaneousAfter {
    my ($o) = @_;
    add2hash_ $o, { useSupermount => $o->{security} < 4 ? 'magicdev' : 0 };

    $ENV{SECURE_LEVEL} = $o->{security}; #- deprecated with chkconfig 1.3.4-2mdk, uses /etc/sysconfig/msec

    addToBeDone {
	setVarsInSh("$o->{prefix}/etc/sysconfig/system", { 
            CLASS => $::expert && 'expert' || 'beginner',
            SECURITY => $o->{security},
	    META_CLASS => $o->{meta_class} || 'PowerPack',
        });
	substInFile { s/KEYBOARD_AT_BOOT=.*/KEYBOARD_AT_BOOT=yes/ } "$o->{prefix}/etc/sysconfig/usb" if detect_devices::usbKeyboards();

    } 'installPackages';
}

#------------------------------------------------------------------------------
sub exitInstall { 
    my ($o) = @_;
    eval { 
	my $report = '/root/drakx/report.bug';
	unlink "$::prefix$report", "$::prefix$report.gz";
	output "$::prefix$report", install_any::report_bug($o->{prefix});
	run_program::rooted($::prefix, 'gzip', $report);
    };
    install_any::getAndSaveAutoInstallFloppies($o, 1);
    eval { output "$o->{prefix}/root/drakx/README", "This directory contains several installation-related files,
mostly log files (very useful if you ever report a bug!).

Beware that some Mandrake tools rely on the contents of some
of these files... so remove any file from here at your own
risk!
" };
    #- wait for remainging processes.
    foreach (@{$o->{waitpids}}) {
	waitpid $_, 0;
	log::l("pid $_ returned $?");
    }
    install_any::unlockCdrom();
    install_any::log_sizes($o);
}

#------------------------------------------------------------------------------
sub hasNetwork {
    my ($o) = @_;
    $o->{netcnx}{type} && $o->{netc}{NETWORKING} ne 'no' and return 1;
    log::l("no network seems to be configured for internet ($o->{netcnx}{type},$o->{netc}{NETWORKING})");
    0;
}

#------------------------------------------------------------------------------
sub upNetwork {
    my ($o, $b_pppAvoided) = @_;

    #- do not destroy this file if prefix is '' or even '/' (could it happens ?).
    if (length($o->{prefix}) > 1) {
	symlinkf("$o->{prefix}/etc/$_", "/etc/$_") foreach qw(resolv.conf protocols services);
    }
    member($o->{method}, qw(ftp http nfs)) and return 1;
    modules::write_conf();
    if (hasNetwork($o)) {
	if ($o->{netcnx}{type} =~ /adsl|lan|cable/) {
	    log::l("starting network ($o->{netcnx}{type})");
	    require network::netconnect;
	    network::netconnect::start_internet($o);
	    return 1;
	} elsif (!$b_pppAvoided) {
	    log::l("starting network (ppp: $o->{netcnx}{type})");
	    eval { modules::load(qw(serial ppp bsd_comp ppp_deflate)) };
	    run_program::rooted($o->{prefix}, "/etc/rc.d/init.d/syslog", "start");
	    require network::netconnect;
	    network::netconnect::start_internet($o);
	    return 1;
	} else {
	    log::l(qq(not starting network (b/c ppp avoided and type is "$o->{netcnx}{type})"));
	}
    }
    $::testing;
}

#------------------------------------------------------------------------------
sub downNetwork {
    my ($o, $costlyOnly) = @_;

    $o->{method} eq "ftp" || $o->{method} eq "http" || $o->{method} eq "nfs" and return 1;
    modules::write_conf();
    if (hasNetwork($o)) {
	if (!$costlyOnly) {
	    require network::netconnect;
	    network::netconnect::stop_internet($o);
	    return 1;
	} elsif ($o->{netc}{type} !~ /adsl|lan|cable/) {
	    require network::netconnect;
	    network::netconnect::stop_internet($o);
	    run_program::rooted($o->{prefix}, "/etc/rc.d/init.d/syslog", "stop");
	    eval { modules::unload(qw(ppp_deflate bsd_comp ppp serial)) };
	    return 1;
	}
    }
    $::testing;
}

#------------------------------------------------------------------------------
sub cleanIfFailedUpgrade($) {
    my ($o) = @_;

    #- if an upgrade has failed, there should be .mdkgisave files around.
    if ($o->{isUpgrade}) {
	foreach (@filesToSaveForUpgrade) {
	    if (-e "$o->{prefix}/$_" && -e "$o->{prefix}/$_.mdkgisave") {
		rename "$o->{prefix}/$_", "$o->{prefix}/$_.mdkginew"; #- keep new files around in case !
		rename "$o->{prefix}/$_.mdkgisave", "$o->{prefix}/$_";
	    }
	}
    }
}


1;
='#n911'>911</a>
<a id='n912' href='#n912'>912</a>
<a id='n913' href='#n913'>913</a>
<a id='n914' href='#n914'>914</a>
<a id='n915' href='#n915'>915</a>
<a id='n916' href='#n916'>916</a>
<a id='n917' href='#n917'>917</a>
<a id='n918' href='#n918'>918</a>
<a id='n919' href='#n919'>919</a>
<a id='n920' href='#n920'>920</a>
<a id='n921' href='#n921'>921</a>
<a id='n922' href='#n922'>922</a>
<a id='n923' href='#n923'>923</a>
<a id='n924' href='#n924'>924</a>
<a id='n925' href='#n925'>925</a>
<a id='n926' href='#n926'>926</a>
<a id='n927' href='#n927'>927</a>
<a id='n928' href='#n928'>928</a>
<a id='n929' href='#n929'>929</a>
<a id='n930' href='#n930'>930</a>
<a id='n931' href='#n931'>931</a>
<a id='n932' href='#n932'>932</a>
<a id='n933' href='#n933'>933</a>
<a id='n934' href='#n934'>934</a>
<a id='n935' href='#n935'>935</a>
<a id='n936' href='#n936'>936</a>
<a id='n937' href='#n937'>937</a>
<a id='n938' href='#n938'>938</a>
<a id='n939' href='#n939'>939</a>
<a id='n940' href='#n940'>940</a>
<a id='n941' href='#n941'>941</a>
<a id='n942' href='#n942'>942</a>
<a id='n943' href='#n943'>943</a>
<a id='n944' href='#n944'>944</a>
<a id='n945' href='#n945'>945</a>
<a id='n946' href='#n946'>946</a>
<a id='n947' href='#n947'>947</a>
<a id='n948' href='#n948'>948</a>
<a id='n949' href='#n949'>949</a>
</pre></td>
<td class='lines'><pre><code><span class="hl kwa">package</span> authentication<span class="hl opt">;</span> <span class="hl slc"># $Id$</span>

<span class="hl kwa">use</span> common<span class="hl opt">;</span>
<span class="hl kwc">my</span> <span class="hl kwb">$ccreds</span> <span class="hl opt">=</span> <span class="hl num">1</span><span class="hl opt">;</span>

<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

<span class="hl kwa">sub</span> kinds <span class="hl opt">{</span> 
    <span class="hl kwc">my</span> <span class="hl kwb">$no_para</span> <span class="hl opt">=</span> <span class="hl kwb">&#64;_</span> <span class="hl opt">==</span> <span class="hl num">0</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$do_pkgs, $_meta_class</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$allow_SmartCard</span> <span class="hl opt">=</span> <span class="hl kwb">$no_para</span> <span class="hl opt">||</span> <span class="hl kwb">$do_pkgs</span><span class="hl opt">-&gt;</span><span class="hl kwd">is_available</span><span class="hl opt">(</span><span class="hl str">&apos;castella-pam&apos;</span><span class="hl opt">);</span>
    <span class="hl opt">(</span>
	<span class="hl str">&apos;LDAP&apos;</span><span class="hl opt">,</span>
	<span class="hl str">&apos;KRB5&apos;</span><span class="hl opt">,</span>
	<span class="hl str">&apos;winbind&apos;</span><span class="hl opt">,</span> 
	<span class="hl str">&apos;NIS&apos;</span><span class="hl opt">,</span> 
	if_<span class="hl opt">(</span><span class="hl kwb">$allow_SmartCard,</span> <span class="hl str">&apos;SmartCard&apos;</span><span class="hl opt">),</span> 
	<span class="hl str">&apos;local&apos;</span><span class="hl opt">,</span>
    <span class="hl opt">);</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> kind2name <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl slc"># Keep the following strings in sync with kind2description ones!!!</span>
    <span class="hl opt">${{</span> <span class="hl kwc">local</span> <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Local file&quot;</span><span class="hl opt">),</span> 
    LDAP <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;LDAP&quot;</span><span class="hl opt">),</span> 
    NIS <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;NIS&quot;</span><span class="hl opt">),</span>
    SmartCard <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Smart Card&quot;</span><span class="hl opt">),</span>
    winbind <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Windows Domain&quot;</span><span class="hl opt">),</span> 
    KRB5 <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Kerberos 5&quot;</span><span class="hl opt">) }}{</span><span class="hl kwb">$kind</span><span class="hl opt">};</span>
<span class="hl opt">}</span>

<span class="hl kwc">my</span> <span class="hl kwb">%kind2pam_kind</span> <span class="hl opt">= (</span>
    <span class="hl kwc">local</span>     <span class="hl opt">=&gt; [],</span>
    SmartCard <span class="hl opt">=&gt; [</span><span class="hl str">&apos;castella&apos;</span><span class="hl opt">],</span>
    LDAP      <span class="hl opt">=&gt; [</span><span class="hl str">&apos;ldap&apos;</span><span class="hl opt">],</span> 
    NIS       <span class="hl opt">=&gt; [],</span>
    KRB5        <span class="hl opt">=&gt; [</span><span class="hl str">&apos;krb5&apos;</span><span class="hl opt">],</span>
    winbind   <span class="hl opt">=&gt; [</span><span class="hl str">&apos;winbind&apos;</span><span class="hl opt">],</span> 
<span class="hl opt">);</span>

<span class="hl kwc">my</span> <span class="hl kwb">%kind2nsswitch</span> <span class="hl opt">= (</span>
    <span class="hl kwc">local</span>     <span class="hl opt">=&gt; [],</span>
    SmartCard <span class="hl opt">=&gt; [],</span>
    LDAP      <span class="hl opt">=&gt; [</span><span class="hl str">&apos;ldap&apos;</span><span class="hl opt">],</span> 
    NIS       <span class="hl opt">=&gt; [</span><span class="hl str">&apos;nis&apos;</span><span class="hl opt">],</span>
    KRB5        <span class="hl opt">=&gt; [</span><span class="hl str">&apos;ldap&apos;</span><span class="hl opt">],</span>
    winbind   <span class="hl opt">=&gt; [</span><span class="hl str">&apos;winbind&apos;</span><span class="hl opt">],</span> 
<span class="hl opt">);</span>

<span class="hl kwc">my</span> <span class="hl kwb">%kind2packages</span> <span class="hl opt">= (</span>
    <span class="hl kwc">local</span>     <span class="hl opt">=&gt; [],</span>
    SmartCard <span class="hl opt">=&gt; [</span> <span class="hl str">&apos;castella-pam&apos;</span> <span class="hl opt">],</span>
    LDAP      <span class="hl opt">=&gt; [</span> <span class="hl str">&apos;openldap-clients&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;nss_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;autofs&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_ccreds&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;nss_updatedb&apos;</span> <span class="hl opt">],</span>
    KRB5       <span class="hl opt">=&gt; [</span> <span class="hl str">&apos;nss_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_krb5&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;libsasl2-plug-gssapi&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_ccreds&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;nss_updatedb&apos;</span> <span class="hl opt">],</span>
    NIS       <span class="hl opt">=&gt; [</span> <span class="hl str">&apos;ypbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;autofs&apos;</span> <span class="hl opt">],</span>
    winbind   <span class="hl opt">=&gt; [</span> <span class="hl str">&apos;samba-winbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;nss_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_krb5&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;libsasl2-plug-gssapi&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;samba-server&apos;</span> <span class="hl opt">],</span>
<span class="hl opt">);</span>


<span class="hl kwa">sub</span> kind2description <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">&#64;kinds</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%kind2description</span> <span class="hl opt">= (</span>
	<span class="hl kwc">local</span>     <span class="hl opt">=&gt; [</span> N<span class="hl opt">(</span><span class="hl str">&quot;Local file:&quot;</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use local for all authentication and information user tell in local file&quot;</span><span class="hl opt">), ],</span>
	LDAP      <span class="hl opt">=&gt; [</span> N<span class="hl opt">(</span><span class="hl str">&quot;LDAP:&quot;</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">&quot;Tells your computer to use LDAP for some or all authentication. LDAP consolidates certain types of information within your organization.&quot;</span><span class="hl opt">), ],</span>
	NIS       <span class="hl opt">=&gt; [</span> N<span class="hl opt">(</span><span class="hl str">&quot;NIS:&quot;</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">&quot;Allows you to run a group of computers in the same Network Information Service domain with a common password and group file.&quot;</span><span class="hl opt">), ],</span>
	winbind   <span class="hl opt">=&gt; [</span> N<span class="hl opt">(</span><span class="hl str">&quot;Windows Domain:&quot;</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">&quot;Winbind allows the system to retrieve information and authenticate users in a Windows domain.&quot;</span><span class="hl opt">), ],</span>
	KRB5        <span class="hl opt">=&gt; [</span> N<span class="hl opt">(</span><span class="hl str">&quot;Kerberos 5 :&quot;</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">&quot;With Kerberos and Ldap for authentication in Active Directory Server &quot;</span><span class="hl opt">), ],</span>
    <span class="hl opt">);</span>
    <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwb">$_</span> ? <span class="hl str">qq(</span><span class="hl ipl">$_</span><span class="hl str">-&gt;[0]</span><span class="hl esc">\n</span><span class="hl str"></span><span class="hl ipl">$_</span><span class="hl str">-&gt;[1]</span><span class="hl esc">\n\n</span><span class="hl str">)</span> <span class="hl opt">:</span> <span class="hl str">&apos;&apos;</span> <span class="hl opt">}</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwb">$kind2description</span><span class="hl opt">{</span><span class="hl kwb">$_</span><span class="hl opt">} }</span> <span class="hl kwb">&#64;kinds</span><span class="hl opt">);</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> to_kind <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl opt">(</span>find <span class="hl opt">{</span> <span class="hl kwc">exists</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$_</span><span class="hl opt">} }</span> kinds<span class="hl opt">()) ||</span> <span class="hl str">&apos;local&apos;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> domain_to_ldap_domain <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$domain</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos;,&apos;</span><span class="hl opt">,</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl str">&quot;dc=</span><span class="hl ipl">$_</span><span class="hl str">&quot;</span> <span class="hl opt">}</span> <span class="hl kwc">split</span> <span class="hl kwd">/\./</span><span class="hl opt">,</span> <span class="hl kwb">$domain</span><span class="hl opt">);</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> ask_parameters <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $net, $authentication, $kind</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl slc">#- keep only this authentication kind</span>
    <span class="hl kwa">foreach</span> <span class="hl opt">(</span>kinds<span class="hl opt">()) {</span>
	<span class="hl kwc">delete</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$_</span><span class="hl opt">}</span> <span class="hl kwa">if</span> <span class="hl kwb">$_</span> <span class="hl kwc">ne</span> <span class="hl kwb">$kind</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>

    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;LDAP&apos;</span><span class="hl opt">) {</span>
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} ||=</span> domain_to_ldap_domain<span class="hl opt">(</span><span class="hl kwb">$net</span><span class="hl opt">-&gt;{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">});</span>
	<span class="hl slc">#$authentication-&gt;{anonymous} = &quot;0&quot;;</span>
	<span class="hl slc">#$authentication-&gt;{cafile} = &quot;0&quot;;</span>
	<span class="hl slc">#$authentication-&gt;{nssgrp} = &quot;0&quot;;</span>

	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">&quot; &quot;</span><span class="hl opt">),</span>
		     <span class="hl opt">[ {</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Welcome to the Authentication Wizard&quot;</span><span class="hl opt">),</span> title <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
                     <span class="hl opt">{},</span>
                     <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;You have selected LDAP authentication. Please review the configuration options below &quot;</span><span class="hl opt">), },</span>
                     <span class="hl opt">{},</span>
		     <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;LDAP Server&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_server<span class="hl opt">} },</span>
		     <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Base dn&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} },</span>
                     <span class="hl opt">{</span> val <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Fetch base Dn &quot;</span><span class="hl opt">),</span> type  <span class="hl opt">=&gt;</span> button <span class="hl opt">,</span> clicked_may_quit <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} =</span> fetch_dn<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_server<span class="hl opt">});</span> <span class="hl num">0</span> <span class="hl opt">} },</span>
		     <span class="hl opt">{},</span>
		     <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use encrypt connection with TLS &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>cafile<span class="hl opt">},</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span> <span class="hl opt">},</span>
                     <span class="hl opt">{</span> val <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Download CA Certificate &quot;</span><span class="hl opt">),</span> type  <span class="hl opt">=&gt;</span> button <span class="hl opt">,</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>cafile<span class="hl opt">} },</span> clicked_may_quit <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>file<span class="hl opt">} =</span> add_cafile<span class="hl opt">();</span> <span class="hl num">0</span> <span class="hl opt">}  },</span>
		     
		     <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use Disconnect mode &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$ccreds,</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span> <span class="hl opt">},</span>
		     <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use anonymous BIND &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>anonymous<span class="hl opt">},</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span> <span class="hl opt">,</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		     <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;  &quot;</span><span class="hl opt">),</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
                     <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Bind DN &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_binddn<span class="hl opt">},</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>anonymous<span class="hl opt">} },</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span>  <span class="hl opt">},</span>
                     <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Bind Password &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_bindpwd<span class="hl opt">},</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>anonymous<span class="hl opt">} },</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		     <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;  &quot;</span><span class="hl opt">),</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		     <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Advanced path for group &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nssgrp<span class="hl opt">},</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span> <span class="hl opt">,</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		     <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;  &quot;</span><span class="hl opt">),</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
                     <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Password base&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nss_pwd<span class="hl opt">},</span>  disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nssgrp<span class="hl opt">} },</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
                     <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Group base&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nss_grp<span class="hl opt">},</span>  disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nssgrp<span class="hl opt">} },</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
                     <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Shadow base&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nss_shadow<span class="hl opt">},</span>  disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nssgrp<span class="hl opt">} },</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		     <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;  &quot;</span><span class="hl opt">),</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		     <span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;KRB5&apos;</span><span class="hl opt">) {</span>
	
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_domain<span class="hl opt">} ||=</span> <span class="hl kwb">$net</span><span class="hl opt">-&gt;{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">};</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">do_pkgs</span><span class="hl opt">-&gt;</span><span class="hl kwd">ensure_are_installed</span><span class="hl opt">([</span> <span class="hl str">&apos;perl-Net-DNS&apos;</span> <span class="hl opt">],</span> <span class="hl num">1</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
	<span class="hl kwc">my</span> <span class="hl kwb">&#64;srvs</span> <span class="hl opt">=</span> query_srv_names<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_domain<span class="hl opt">});</span>
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_server<span class="hl opt">} ||=</span> <span class="hl kwb">$srvs</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]</span> <span class="hl kwa">if</span> <span class="hl kwb">&#64;srvs</span><span class="hl opt">;</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$AD_user</span> <span class="hl opt">=</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_user<span class="hl opt">} =~</span> <span class="hl kwd">/(.*)\&#64;\Q$authentication-&gt;{AD_domain}\E$/</span> ? <span class="hl kwb">$1</span> <span class="hl opt">:</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_user<span class="hl opt">};</span>
	<span class="hl slc">#my $authentication-&gt;{ccreds} ;</span>

	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">&quot; &quot;</span><span class="hl opt">),</span>
                        <span class="hl opt">[ {</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Welcome to the Authentication Wizard&quot;</span><span class="hl opt">),</span> title <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
                        <span class="hl opt">{},</span>
                        <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;You have selected Kerberos 5 authentication. Please review the configuration options below &quot;</span><span class="hl opt">), },</span>
                        <span class="hl opt">{},</span>
		       <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Realm &quot;</span><span class="hl opt">),</span>  val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_domain<span class="hl opt">} },</span>
                       <span class="hl opt">{},</span>
		       <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;KDCs Servers&quot;</span><span class="hl opt">),</span>  title <span class="hl opt">=&gt;</span> <span class="hl num">1</span><span class="hl opt">,</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_server<span class="hl opt">} ,</span> list <span class="hl opt">=&gt;</span> \<span class="hl kwb">&#64;srvs</span> <span class="hl opt">,</span> not_edit <span class="hl opt">=&gt;</span> <span class="hl num">0</span><span class="hl opt">,</span>  title <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
                       <span class="hl opt">{},</span>
		       <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use DNS to resolve hosts for realms &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>KRB_host_lookup<span class="hl opt">},</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span> <span class="hl opt">},</span>
		       <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use DNS to resolve KDCs for realms &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>KRB_dns_lookup<span class="hl opt">},</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span> <span class="hl opt">},</span>
		       <span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use Disconnect mode &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$ccreds,</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span> <span class="hl opt">},</span>
		     <span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>

<span class="hl kwc">my</span> <span class="hl kwb">%level</span> <span class="hl opt">= (</span>
             <span class="hl num">1</span> <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use local file for users informations&quot;</span><span class="hl opt">),</span>
             <span class="hl num">2</span> <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use Ldap for users informations&quot;</span><span class="hl opt">),</span>
            <span class="hl opt">);</span>

 <span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">&quot; &quot;</span><span class="hl opt">),</span>
                        <span class="hl opt">[ {</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot; &quot;</span><span class="hl opt">),</span> title <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
                        <span class="hl opt">{},</span>
                        <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;You have selected Kerberos 5 for authentication, now you must choose the type of users information &quot;</span><span class="hl opt">), },</span>
                        <span class="hl opt">{},</span>
			<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> <span class="hl str">&quot;&quot;</span> <span class="hl opt">,</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nsskrb<span class="hl opt">},</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;list&apos;</span><span class="hl opt">,</span> list <span class="hl opt">=&gt; [</span> <span class="hl kwc">keys</span> <span class="hl kwb">%level</span> <span class="hl opt">],</span> format <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$level</span><span class="hl opt">{</span><span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]} } },</span>
			<span class="hl opt">{},</span>	
			<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;LDAP Server&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_server<span class="hl opt">},</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&quot;1&quot;</span>  <span class="hl opt">} },</span>
                     	<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Base dn&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} ,</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&quot;1&quot;</span>  <span class="hl opt">} },</span>
                     	<span class="hl opt">{</span> val <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Fecth base Dn &quot;</span><span class="hl opt">),</span> type  <span class="hl opt">=&gt;</span> button <span class="hl opt">,</span> clicked_may_quit <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} =</span> fetch_dn<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_server<span class="hl opt">});</span> <span class="hl num">0</span> <span class="hl opt">},</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&quot;1&quot;</span>  <span class="hl opt">} },</span>
			<span class="hl opt">{},</span>
                     	<span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use encrypt connection with TLS &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>cafile<span class="hl opt">},</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span><span class="hl opt">,,</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&quot;1&quot;</span>  <span class="hl opt">} },</span>
                     	<span class="hl opt">{</span> val <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Download CA Certificate &quot;</span><span class="hl opt">),</span> type  <span class="hl opt">=&gt;</span> button <span class="hl opt">,</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>cafile<span class="hl opt">} },</span> clicked_may_quit <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>file<span class="hl opt">} =</span> add_cafile<span class="hl opt">();</span> <span class="hl num">0</span> <span class="hl opt">}  },</span>
                     	<span class="hl opt">{</span> text <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Use anonymous BIND &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>anonymous<span class="hl opt">},</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;bool&apos;</span><span class="hl opt">,</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nsskrb<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&quot;1&quot;</span>  <span class="hl opt">} },</span>
                     	<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Bind DN &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_binddn<span class="hl opt">},</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>anonymous<span class="hl opt">} } },</span>
                     	<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Bind Password &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_bindpwd<span class="hl opt">},</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{ !</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>anonymous<span class="hl opt">} } },</span>
                     	<span class="hl opt">{},</span>
			<span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
	
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_user<span class="hl opt">} = !</span><span class="hl kwb">$AD_user</span> <span class="hl opt">||</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>sub_kind<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;anonymous&apos;</span> ? <span class="hl str">&apos;&apos;</span> <span class="hl opt">:</span> 
	                             <span class="hl kwb">$AD_user</span> <span class="hl opt">=~</span> <span class="hl kwd">/&#64;/</span> ? <span class="hl kwb">$AD_user</span> <span class="hl opt">:</span> <span class="hl str">&quot;</span><span class="hl ipl">$AD_user\&#64;$authentication</span><span class="hl str">-&gt;{AD_domain}&quot;</span><span class="hl opt">;</span>
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_password<span class="hl opt">} =</span> <span class="hl str">&apos;&apos;</span> <span class="hl kwa">if</span> <span class="hl opt">!</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_user<span class="hl opt">};</span>


    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;NIS&apos;</span><span class="hl opt">) {</span> 
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>NIS_server<span class="hl opt">} ||=</span> <span class="hl str">&apos;broadcast&apos;</span><span class="hl opt">;</span>
	<span class="hl kwb">$net</span><span class="hl opt">-&gt;{</span>network<span class="hl opt">}{</span>NISDOMAIN<span class="hl opt">} ||=</span> <span class="hl kwb">$net</span><span class="hl opt">-&gt;{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">};</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">&quot; &quot;</span><span class="hl opt">),</span>
		<span class="hl opt">[ {</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Welcome to the Authentication Wizard&quot;</span><span class="hl opt">),</span> title <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		<span class="hl opt">{},</span>
		<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;You have selected NIS authentication. Please review the configuration options below &quot;</span><span class="hl opt">), },</span>
		<span class="hl opt">{},</span>
		<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;NIS Domain&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$net</span><span class="hl opt">-&gt;{</span>network<span class="hl opt">}{</span>NISDOMAIN<span class="hl opt">} },</span>
		<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;NIS Server&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>NIS_server<span class="hl opt">},</span> list <span class="hl opt">=&gt; [</span><span class="hl str">&quot;broadcast&quot;</span><span class="hl opt">],</span> not_edit <span class="hl opt">=&gt;</span> <span class="hl num">0</span> <span class="hl opt">},</span>
		<span class="hl opt">{},</span>
		     <span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">) {</span>
	<span class="hl slc">#- maybe we should browse the network like diskdrake --smb and get the &apos;doze server names in a list </span>
	<span class="hl slc">#- but networking is not setup yet necessarily</span>
	<span class="hl slc">#</span>
	<span class="hl kwc">my</span> <span class="hl kwb">&#64;sec_domain</span> <span class="hl opt">= (</span>
		<span class="hl str">&quot;Windows NT4 Domain&quot;</span><span class="hl opt">,</span>
		<span class="hl str">&quot;Windows Active Directory Domain&quot;</span><span class="hl opt">,</span>
<span class="hl opt">);</span>


	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_domain<span class="hl opt">} ||=</span> <span class="hl kwb">$net</span><span class="hl opt">-&gt;{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">};</span>
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>WINDOMAIN<span class="hl opt">} ||=</span> <span class="hl kwb">$net</span><span class="hl opt">-&gt;{</span>resolv<span class="hl opt">}{</span>DOMAINNAME<span class="hl opt">};</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">do_pkgs</span><span class="hl opt">-&gt;</span><span class="hl kwd">ensure_are_installed</span><span class="hl opt">([</span> <span class="hl str">&apos;samba-client&apos;</span> <span class="hl opt">],</span> <span class="hl num">1</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
	<span class="hl kwc">my</span> <span class="hl kwb">&#64;domains</span><span class="hl opt">=</span>list_domains<span class="hl opt">();</span>

	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">&quot; &quot;</span><span class="hl opt">),</span>
			<span class="hl opt">[ {</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Welcome to the Authentication Wizard&quot;</span><span class="hl opt">),</span> title <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
			<span class="hl opt">{},</span>
			<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;You have selected Windows Domain authentication. Please review the configuration options below &quot;</span><span class="hl opt">), },</span>
		        <span class="hl opt">{},</span>
			<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Windows Domain&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>WINDOMAIN<span class="hl opt">},</span> list <span class="hl opt">=&gt;</span> \<span class="hl kwb">&#64;domains,</span> not_edit <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		        <span class="hl opt">{},</span>
		        <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Domain Model &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>model<span class="hl opt">},</span> list <span class="hl opt">=&gt;</span> \<span class="hl kwb">&#64;sec_domain</span> <span class="hl opt">,</span> not_edit <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		        <span class="hl opt">{},</span>
			<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Active Directory Realm &quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_domain<span class="hl opt">} ,</span> disabled <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>model<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&quot;Windows NT4 Domain&quot;</span>  <span class="hl opt">} },</span>
		        <span class="hl opt">{},</span>
		        <span class="hl opt">{},</span>
		        <span class="hl opt">{},</span>
			<span class="hl opt">])</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>
    <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$kind</span><span class="hl opt">} ||=</span> <span class="hl num">1</span><span class="hl opt">;</span>
    <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> ask_root_password_and_authentication <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $net, $superuser, $authentication, $meta_class, $security</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$kind</span> <span class="hl opt">=</span> to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
    <span class="hl kwc">my</span> <span class="hl kwb">&#64;kinds</span> <span class="hl opt">=</span> kinds<span class="hl opt">(</span><span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">do_pkgs</span><span class="hl opt">,</span> <span class="hl kwb">$meta_class</span><span class="hl opt">);</span>

    <span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from_</span><span class="hl opt">({</span>
	 title <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Authentication&quot;</span><span class="hl opt">),</span> 
	 messages <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Set administrator (root) password&quot;</span><span class="hl opt">),</span>
	 advanced_label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Authentication method&quot;</span><span class="hl opt">),</span>
	 advanced_messages <span class="hl opt">=&gt;</span> kind2description<span class="hl opt">(</span><span class="hl kwb">&#64;kinds</span><span class="hl opt">),</span>
	 interactive_help_id <span class="hl opt">=&gt;</span> <span class="hl str">&quot;setRootPassword&quot;</span><span class="hl opt">,</span>
	 cancel <span class="hl opt">=&gt; (</span><span class="hl kwb">$security</span> <span class="hl opt">&lt;=</span> <span class="hl num">2</span> ? 
		    <span class="hl slc">#-PO: keep this short or else the buttons will not fit in the window</span>
		    N<span class="hl opt">(</span><span class="hl str">&quot;No password&quot;</span><span class="hl opt">) :</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">),</span>
	 focus_first <span class="hl opt">=&gt;</span> <span class="hl num">1</span><span class="hl opt">,</span>
	 callbacks <span class="hl opt">=&gt; {</span> 
	     complete <span class="hl opt">=&gt;</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span>
		 check_given_password<span class="hl opt">(</span><span class="hl kwb">$in, $superuser,</span> <span class="hl num">2</span> <span class="hl opt">*</span> <span class="hl kwb">$security</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span> <span class="hl num">1</span><span class="hl opt">,</span><span class="hl num">0</span><span class="hl opt">;</span>
		 <span class="hl kwa">return</span> <span class="hl num">0</span><span class="hl opt">;</span>
        <span class="hl opt">} } }, [</span>
<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Password&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$superuser</span><span class="hl opt">-&gt;{</span>password<span class="hl opt">},</span>  hidden <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Password (again)&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$superuser</span><span class="hl opt">-&gt;{</span>password2<span class="hl opt">},</span> hidden <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Authentication&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$kind,</span> type <span class="hl opt">=&gt;</span> <span class="hl str">&apos;list&apos;</span><span class="hl opt">,</span> list <span class="hl opt">=&gt;</span> \<span class="hl kwb">&#64;kinds,</span> format <span class="hl opt">=&gt;</span> \<span class="hl opt">&amp;</span>kind2name<span class="hl opt">,</span> advanced <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
        <span class="hl opt">])</span> <span class="hl kwc">or delete</span> <span class="hl kwb">$superuser</span><span class="hl opt">-&gt;{</span>password<span class="hl opt">};</span>

    ask_parameters<span class="hl opt">(</span><span class="hl kwb">$in, $net, $authentication, $kind</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">goto</span> <span class="hl opt">&amp;</span>ask_root_password_and_authentication<span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> check_given_password <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $u, $min_length</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>password<span class="hl opt">}</span> <span class="hl kwc">ne</span> <span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>password2<span class="hl opt">}) {</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_warn</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">, [</span> N<span class="hl opt">(</span><span class="hl str">&quot;The passwords do not match&quot;</span><span class="hl opt">),</span> N<span class="hl opt">(</span><span class="hl str">&quot;Please try again&quot;</span><span class="hl opt">) ]);</span>
	<span class="hl num">0</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwc">length</span> <span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>password<span class="hl opt">} &lt;</span> <span class="hl kwb">$min_length</span><span class="hl opt">) {</span>
	<span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_warn</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">&quot;This password is too short (it must be at least</span> <span class="hl ipl">%d</span> <span class="hl str">characters long)&quot;</span><span class="hl opt">,</span> <span class="hl kwb">$min_length</span><span class="hl opt">));</span>
	<span class="hl num">0</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
	<span class="hl num">1</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> get<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$system_auth</span> <span class="hl opt">=</span> cat_<span class="hl opt">(</span><span class="hl str">&quot;/etc/pam.d/system-auth&quot;</span><span class="hl opt">);</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$authentication</span> <span class="hl opt">= {</span> 
	md5 <span class="hl opt">=&gt;</span> to_bool<span class="hl opt">(</span><span class="hl kwb">$system_auth</span> <span class="hl opt">=~</span> <span class="hl kwd">/md5/</span><span class="hl opt">),</span> shadow <span class="hl opt">=&gt;</span> to_bool<span class="hl opt">(</span><span class="hl kwb">$system_auth</span> <span class="hl opt">=~</span> <span class="hl kwd">/shadow/</span><span class="hl opt">),</span>
    <span class="hl opt">};</span>

    <span class="hl kwc">my</span> <span class="hl kwb">&#64;pam_kinds</span> <span class="hl opt">=</span> get_pam_authentication_kinds<span class="hl opt">();</span>
    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$kind</span> <span class="hl opt">=</span> find <span class="hl opt">{</span> intersection<span class="hl opt">(</span>\<span class="hl kwb">&#64;pam_kinds, $kind2pam_kind</span><span class="hl opt">{</span><span class="hl kwb">$_</span><span class="hl opt">}) }</span> <span class="hl kwc">keys</span> <span class="hl kwb">%kind2pam_kind</span><span class="hl opt">) {</span>
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl kwb">$kind</span><span class="hl opt">} =</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
	<span class="hl slc">#- we can&apos;t use pam to detect NIS</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$yp_conf</span> <span class="hl opt">=</span> read_yp_conf<span class="hl opt">()) {</span>
	    <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>NIS<span class="hl opt">} =</span> <span class="hl num">1</span><span class="hl opt">;</span>
	    map_each <span class="hl opt">{</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span><span class="hl str">&quot;NIS_$::a&quot;</span><span class="hl opt">} = $::</span>b <span class="hl opt">}</span> <span class="hl kwb">%$yp_conf</span><span class="hl opt">;</span>
	<span class="hl opt">}</span>
    <span class="hl opt">}</span>
    <span class="hl kwb">$authentication</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> install_needed_packages <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$do_pkgs, $kind</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$pkgs</span> <span class="hl opt">=</span> <span class="hl kwb">$kind2packages</span><span class="hl opt">{</span><span class="hl kwb">$kind</span><span class="hl opt">}) {</span>
	<span class="hl slc">#- automatic during install</span>
	<span class="hl kwb">$do_pkgs</span><span class="hl opt">-&gt;</span><span class="hl kwd">ensure_are_installed</span><span class="hl opt">(</span><span class="hl kwb">$pkgs,</span> <span class="hl opt">$::</span>isInstall<span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
	<span class="hl kwc">log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">&quot;ERROR:</span> <span class="hl ipl">$kind</span> <span class="hl str">not listed in kind2packages&quot;</span><span class="hl opt">);</span>
    <span class="hl opt">}</span>
    <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$in, $net, $authentication, $o_when_network_is_up</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    install_needed_packages<span class="hl opt">(</span><span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">do_pkgs</span><span class="hl opt">,</span> to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">))</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    set_raw<span class="hl opt">(</span><span class="hl kwb">$net, $authentication, $o_when_network_is_up</span><span class="hl opt">);</span>

    <span class="hl kwa">require</span> services<span class="hl opt">;</span>
    services<span class="hl opt">::</span>set_status<span class="hl opt">(</span><span class="hl str">&apos;network-auth&apos;</span><span class="hl opt">,</span> to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">)</span> <span class="hl kwc">ne</span> <span class="hl str">&apos;local&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;dont_apply&apos;</span><span class="hl opt">);</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set_raw <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$net, $authentication, $o_when_network_is_up</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$conf_file</span> <span class="hl opt">=</span> <span class="hl str">&quot;$::prefix/etc/sysconfig/drakauth&quot;</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$when_network_is_up</span> <span class="hl opt">=</span> <span class="hl kwb">$o_when_network_is_up</span> <span class="hl opt">||</span> <span class="hl kwa">sub</span> <span class="hl opt">{</span> <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$f</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span> <span class="hl kwb">$f</span><span class="hl opt">-&gt;() };</span>

    enable_shadow<span class="hl opt">()</span> <span class="hl kwa">if</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>shadow<span class="hl opt">};</span>    

    <span class="hl kwc">my</span> <span class="hl kwb">$kind</span> <span class="hl opt">=</span> to_kind<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>

    <span class="hl kwc">log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">&quot;authentication::set</span> <span class="hl ipl">$kind</span><span class="hl str">&quot;</span><span class="hl opt">);</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$pam_modules</span> <span class="hl opt">=</span> <span class="hl kwb">$kind2pam_kind</span><span class="hl opt">{</span><span class="hl kwb">$kind</span><span class="hl opt">}</span> <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">&quot;kind2pam_kind does not know</span> <span class="hl ipl">$kind</span><span class="hl str">&quot;</span><span class="hl opt">);</span>
    <span class="hl kwb">$pam_modules</span> <span class="hl opt">||= [];</span>
    sshd_config_UsePAM<span class="hl opt">(</span><span class="hl kwb">&#64;$pam_modules</span> <span class="hl opt">&gt;</span> <span class="hl num">0</span><span class="hl opt">);</span>
    set_pam_authentication<span class="hl opt">(</span><span class="hl kwb">$pam_modules, $ccreds</span><span class="hl opt">);</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$nsswitch</span> <span class="hl opt">=</span> <span class="hl kwb">$kind2nsswitch</span><span class="hl opt">{</span><span class="hl kwb">$kind</span><span class="hl opt">}</span> <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">&quot;kind2nsswitch does not know</span> <span class="hl ipl">$kind</span><span class="hl str">&quot;</span><span class="hl opt">);</span>
    <span class="hl kwb">$nsswitch</span> <span class="hl opt">||= [];</span>
    set_nsswitch_priority<span class="hl opt">(</span><span class="hl kwb">$nsswitch,$ccreds</span><span class="hl opt">);</span>

    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;local&apos;</span><span class="hl opt">) {</span>

output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str">&lt;&lt;EOF);</span>
<span class="hl str">auth=Local File </span>
<span class="hl str">server=none </span>
<span class="hl str">realm=none</span>
<span class="hl str">EOF</span>



    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;SmartCard&apos;</span><span class="hl opt">) {</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;LDAP&apos;</span><span class="hl opt">) {</span>

	configure_nss_ldap<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>

output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str">&lt;&lt;EOF);</span>
<span class="hl str">auth=Ldap Directory</span>
<span class="hl str">server=</span><span class="hl ipl">$authentication</span><span class="hl str">-&gt;{LDAP_server}</span>
<span class="hl str">realm=</span><span class="hl ipl">$authentication</span><span class="hl str">-&gt;{LDAPDOMAIN}</span>
<span class="hl str">EOF</span>

    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;KRB5&apos;</span><span class="hl opt">) {</span>

	configure_krb5_for_AD<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
	configure_nss_ldap<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>

output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str">&lt;&lt;EOF);</span>
<span class="hl str">auth=Kerberos 5</span>
<span class="hl str">server=</span><span class="hl ipl">$authentication</span><span class="hl str">-&gt;{AD_server}</span>
<span class="hl str">realm=</span><span class="hl ipl">$authentication</span><span class="hl str">-&gt;{AD_domain}</span>
<span class="hl str">EOF</span>

    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;NIS&apos;</span><span class="hl opt">) {</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwb">$net</span><span class="hl opt">-&gt;{</span>network<span class="hl opt">}{</span>NISDOMAIN<span class="hl opt">};</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$NIS_server</span> <span class="hl opt">=</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>NIS_server<span class="hl opt">};</span>
	<span class="hl kwb">$domain</span> <span class="hl opt">||</span> <span class="hl kwb">$NIS_server</span> <span class="hl kwc">ne</span> <span class="hl str">&quot;broadcast&quot;</span> <span class="hl kwc">or die</span> N<span class="hl opt">(</span><span class="hl str">&quot;Can not use broadcast with no NIS domain&quot;</span><span class="hl opt">);</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$t</span> <span class="hl opt">=</span> <span class="hl kwb">$domain</span> ? 
	  <span class="hl opt">(</span><span class="hl kwb">$NIS_server</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;broadcast&apos;</span> ? 
	     <span class="hl str">&quot;domain</span> <span class="hl ipl">$domain</span> <span class="hl str">broadcast&quot;</span> <span class="hl opt">:</span> 
	     <span class="hl str">&quot;domain</span> <span class="hl ipl">$domain</span> <span class="hl str">server</span> <span class="hl ipl">$NIS_server</span><span class="hl str">&quot;</span><span class="hl opt">) :</span>
	     <span class="hl str">&quot;server</span> <span class="hl ipl">$NIS_server</span><span class="hl str">&quot;</span><span class="hl opt">;</span>

	substInFile <span class="hl opt">{</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwd">/^#/</span><span class="hl opt">) {</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">&apos;&apos;</span> <span class="hl kwa">if</span> <span class="hl kwd">/^#\Q[PREVIOUS]/</span><span class="hl opt">;</span>
	    <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">&quot;#[PREVIOUS]</span> <span class="hl ipl">$_</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
	    <span class="hl opt">}</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl str">&quot;</span><span class="hl ipl">$t\n</span><span class="hl str">&quot;</span> <span class="hl kwa">if</span> <span class="hl kwc">eof</span><span class="hl opt">;</span>
	<span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/yp.conf&quot;</span><span class="hl opt">;</span>

	<span class="hl slc">#- no need to modify system-auth for nis</span>

	<span class="hl kwb">$when_network_is_up</span><span class="hl opt">-&gt;(</span><span class="hl kwa">sub</span> <span class="hl opt">{</span>
	    run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;nisdomainname&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$domain</span><span class="hl opt">);</span>
	    run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;service&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;ypbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;restart&apos;</span><span class="hl opt">);</span>
	<span class="hl opt">});</span>

output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str">&lt;&lt;EOF);</span>
<span class="hl str">auth=</span><span class="hl ipl">$kind</span>
<span class="hl str">server=</span><span class="hl ipl">$NIS_server</span>
<span class="hl str">realm=</span><span class="hl ipl">$domain</span>
<span class="hl str">EOF</span>

<span class="hl slc">#    } elsif ($kind eq &apos;winbind&apos; || $kind eq &apos;AD&apos; &amp;&amp; $authentication-&gt;{subkind} eq &apos;winbind&apos;) {</span>

    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$kind</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">) {</span>

	<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwc">uc</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>WINDOMAIN<span class="hl opt">};</span>
	<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winuser<span class="hl opt">},</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winpass<span class="hl opt">}) =</span> auth<span class="hl opt">();</span>

	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>model<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&quot;Windows NT4 Domain&quot;</span><span class="hl opt">) {</span>

	<span class="hl kwa">require</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">;</span>
	fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">::</span>write_smb_conf<span class="hl opt">(</span><span class="hl kwb">$domain</span><span class="hl opt">);</span>
	run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&quot;chkconfig&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;--level&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;35&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;winbind&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;on&quot;</span><span class="hl opt">);</span>
	mkdir_p<span class="hl opt">(</span><span class="hl str">&quot;$::prefix/home/</span><span class="hl ipl">$domain</span><span class="hl str">&quot;</span><span class="hl opt">);</span>
	run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;service&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;smb&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;restart&apos;</span><span class="hl opt">);</span>
	run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;service&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;restart&apos;</span><span class="hl opt">);</span>
	
	<span class="hl slc">#- defer running smbpassword until the network is up</span>

	<span class="hl kwb">$when_network_is_up</span><span class="hl opt">-&gt;(</span><span class="hl kwa">sub</span> <span class="hl opt">{</span>
	    run_program<span class="hl opt">::</span>raw<span class="hl opt">({</span> root <span class="hl opt">=&gt; $::</span>prefix<span class="hl opt">,</span> sensitive_arguments <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
		    <span class="hl slc">#&apos;net&apos;, &apos;join&apos;, $domain, &apos;-U&apos;, $authentication-&gt;{winuser} . &apos;%&apos; . $authentication-&gt;{winpass});</span>
			     <span class="hl str">&apos;echo&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;&quot;&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;net&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;join&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$domain,</span> <span class="hl str">&apos;-U&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winuser<span class="hl opt">} .</span> <span class="hl str">&apos;%&apos;</span> <span class="hl opt">.</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winpass<span class="hl opt">},</span> <span class="hl str">&apos;&quot;&apos;</span><span class="hl opt">);</span>
	<span class="hl opt">});</span>

output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str">&lt;&lt;EOF);</span>
<span class="hl str">auth=Windows NT4 Domain</span>
<span class="hl str">server= none </span>
<span class="hl str">realm=</span><span class="hl ipl">$domain</span>
<span class="hl str">EOF</span>




	<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span> 	
		
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_server<span class="hl opt">} ||=</span> <span class="hl str">&apos;ads.&apos;</span> <span class="hl opt">.</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_domain<span class="hl opt">};</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$domain</span> <span class="hl opt">=</span> <span class="hl kwc">uc</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>WINDOMAIN<span class="hl opt">};</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$realm</span> <span class="hl opt">=</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_domain<span class="hl opt">};</span>
	<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winuser<span class="hl opt">},</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winpass<span class="hl opt">}) =</span> auth<span class="hl opt">();</span>
	configure_krb5_for_AD<span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">);</span>
		
	<span class="hl kwa">require</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">;</span>
	fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">::</span>write_smb_ads_conf<span class="hl opt">(</span><span class="hl kwb">$domain,$realm</span><span class="hl opt">);</span>
	run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&quot;chkconfig&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;--level&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;35&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;winbind&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;on&quot;</span><span class="hl opt">);</span>
	mkdir_p<span class="hl opt">(</span><span class="hl str">&quot;$::prefix/home/</span><span class="hl ipl">$domain</span><span class="hl str">&quot;</span><span class="hl opt">);</span>
	run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;net&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;time&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;set&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-S&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_server<span class="hl opt">});</span>
	run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;service&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;smb&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;restart&apos;</span><span class="hl opt">);</span>
	run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;service&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;restart&apos;</span><span class="hl opt">);</span>
	
	<span class="hl kwb">$when_network_is_up</span><span class="hl opt">-&gt;(</span><span class="hl kwa">sub</span> <span class="hl opt">{</span>
	    run_program<span class="hl opt">::</span>raw<span class="hl opt">({</span> root <span class="hl opt">=&gt; $::</span>prefix<span class="hl opt">,</span> sensitive_arguments <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span> 
			     <span class="hl str">&apos;net&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;ads&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;join&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-U&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winuser<span class="hl opt">} .</span> <span class="hl str">&apos;%&apos;</span> <span class="hl opt">.</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winpass<span class="hl opt">});</span>
	<span class="hl opt">});</span>


output<span class="hl opt">(</span><span class="hl kwb">$conf_file,</span> <span class="hl str">&lt;&lt;EOF);</span>
<span class="hl str">auth=Windows Active Directory Domain</span>
<span class="hl str">server= none</span>
<span class="hl str">realm=</span><span class="hl ipl">$realm</span>
<span class="hl str">EOF</span>
    <span class="hl opt">} }</span>
    <span class="hl num">1</span><span class="hl opt">;</span>
<span class="hl opt">}</span>


<span class="hl kwa">sub</span> pam_modules<span class="hl opt">() {</span>
    <span class="hl str">&apos;pam_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_castella&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_winbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_krb5&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_mkhomedir&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_ccreds&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_deny&apos;</span> <span class="hl opt">,</span> <span class="hl str">&apos;pam_permit&apos;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_module_from_path <span class="hl opt">{</span> 
    <span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">] &amp;&amp;</span> <span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">] =~</span> m<span class="hl opt">|(</span><span class="hl kwd">/lib/s</span>ecurity<span class="hl opt">/)</span>?<span class="hl opt">(</span>pam_<span class="hl opt">.*)</span>\<span class="hl opt">.</span>so<span class="hl opt">| &amp;&amp;</span> <span class="hl kwb">$2</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_module_to_path <span class="hl opt">{</span> 
    <span class="hl str">&quot;</span><span class="hl ipl">$_</span><span class="hl str">[0].so&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pam_format_line <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $control, $module, &#64;para</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">sprintf</span><span class="hl opt">(</span><span class="hl str">&quot;%-11s %-13s</span> <span class="hl ipl">%s\n</span><span class="hl str">&quot;</span><span class="hl opt">,</span> <span class="hl kwb">$type, $control,</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos; &apos;</span><span class="hl opt">,</span> pam_module_to_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">),</span> <span class="hl kwb">&#64;para</span><span class="hl opt">));</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> get_raw_pam_authentication<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%before_deny</span><span class="hl opt">;</span>
    <span class="hl kwa">foreach</span> <span class="hl opt">(</span>cat_<span class="hl opt">(</span><span class="hl str">&quot;$::prefix/etc/pam.d/system-auth&quot;</span><span class="hl opt">)) {</span>
	<span class="hl slc">#my ($type, $control, $module, &#64;para) = split;</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $_control, $other</span><span class="hl opt">) =</span> <span class="hl kwd">/(\S+)\s+(\[.*?\]|\S+)\s+(.*)/</span><span class="hl opt">;</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$module, &#64;para</span><span class="hl opt">) =</span> <span class="hl kwc">split</span><span class="hl opt">(</span><span class="hl str">&apos; &apos;</span><span class="hl opt">,</span> <span class="hl kwb">$other</span><span class="hl opt">);</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl opt">=</span> pam_module_from_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">)) {</span>
	    <span class="hl slc">#$before_deny{$type}{$module} = \&#64;para if $control eq &apos;sufficient&apos; &amp;&amp; member($module, pam_modules());</span>
	    <span class="hl kwb">$before_deny</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}{</span><span class="hl kwb">$module</span><span class="hl opt">} =</span> \<span class="hl kwb">&#64;para</span> <span class="hl kwa">if</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> pam_modules<span class="hl opt">());</span>
	<span class="hl opt">}</span>
    <span class="hl opt">}</span>
    \<span class="hl kwb">%before_deny</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> get_pam_authentication_kinds<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$before_deny</span> <span class="hl opt">=</span> get_raw_pam_authentication<span class="hl opt">();</span>
    <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwd">s/pam_//</span><span class="hl opt">;</span> <span class="hl kwb">$_</span> <span class="hl opt">}</span> <span class="hl kwc">keys</span> <span class="hl opt">%{</span><span class="hl kwb">$before_deny</span><span class="hl opt">-&gt;{</span>auth<span class="hl opt">}};</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> sufficient <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$ccreds, $module, $type</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwb">$ccreds</span> <span class="hl opt">&amp;&amp;</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">&apos;pam_tcb&apos;</span> <span class="hl opt">,</span> <span class="hl str">&apos;pam_winbind&apos;</span><span class="hl opt">)</span> ?
      <span class="hl str">&apos;sufficient&apos;</span> <span class="hl opt">:</span>
    <span class="hl kwb">$ccreds</span> <span class="hl opt">&amp;&amp;</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">&apos;pam_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_krb5&apos;</span><span class="hl opt">) &amp;&amp;</span> <span class="hl kwb">$type</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;account&apos;</span> ?
      <span class="hl str">&apos;[authinfo_unavail=ignore default=done]&apos;</span> <span class="hl opt">:</span>
    <span class="hl kwb">$ccreds</span> <span class="hl opt">&amp;&amp;</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">&apos;pam_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_krb5&apos;</span><span class="hl opt">) &amp;&amp;</span> <span class="hl kwb">$type</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;password&apos;</span> ?
      <span class="hl str">&apos;sufficient&apos;</span> <span class="hl opt">:</span>
    <span class="hl kwb">$ccreds</span> <span class="hl opt">&amp;&amp;</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">&apos;pam_ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_krb5&apos;</span><span class="hl opt">)</span> ?
      <span class="hl str">&apos;[authinfo_unavail=ignore user_unknown=ignore success=1 default=2]&apos;</span> <span class="hl opt">:</span>
      <span class="hl str">&apos;sufficient&apos;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> pam_sufficient_line <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$ccreds, $type, $module, &#64;para</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$control</span> <span class="hl opt">=</span> sufficient<span class="hl opt">(</span><span class="hl kwb">$ccreds, $module, $type</span><span class="hl opt">);</span>
    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;pam_winbind&apos;</span><span class="hl opt">) {</span>
	<span class="hl kwc">push</span> <span class="hl kwb">&#64;para,</span> <span class="hl str">&apos;cached_login&apos;</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>
    pam_format_line<span class="hl opt">(</span><span class="hl kwb">$type, $control, $module, &#64;para</span><span class="hl opt">);</span>
<span class="hl opt">}</span>






<span class="hl kwa">sub</span> set_pam_authentication <span class="hl opt">{</span>
    <span class="hl slc">#my (&#64;authentication_kinds) = &#64;_;</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication_kinds, $ccreds</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    
    <span class="hl kwc">my</span> <span class="hl kwb">%special</span> <span class="hl opt">= (</span>
	    <span class="hl slc">#auth =&gt; [ difference2(\&#64;authentication_kinds,, [ &apos;mount&apos; ]) ],</span>
	    <span class="hl slc">#account =&gt; [ difference2(\&#64;authentication_kinds, [ &apos;castella&apos;, &apos;mount&apos; ]) ],</span>
	    <span class="hl slc">#password =&gt; [ intersection(\&#64;authentication_kinds, [ &apos;ldap&apos;, &apos;krb5&apos; ]) ],</span>
	auth <span class="hl opt">=&gt; [</span> difference2<span class="hl opt">(</span><span class="hl kwb">$authentication_kinds,,</span> <span class="hl opt">[</span> <span class="hl str">&apos;mount&apos;</span> <span class="hl opt">]) ],</span>
	account <span class="hl opt">=&gt; [</span> difference2<span class="hl opt">(</span><span class="hl kwb">$authentication_kinds,</span> <span class="hl opt">[</span> <span class="hl str">&apos;castella&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;mount&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;ccreds&apos;</span> <span class="hl opt">]) ],</span>
	password <span class="hl opt">=&gt; [</span> intersection<span class="hl opt">(</span><span class="hl kwb">$authentication_kinds,</span> <span class="hl opt">[</span> <span class="hl str">&apos;ldap&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;krb5&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;ccreds&apos;</span> <span class="hl opt">]) ],</span>
    <span class="hl opt">);</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%before_first</span> <span class="hl opt">= (</span>
	    <span class="hl slc">#auth =&gt; member(&apos;mount&apos;, &#64;authentication_kinds) ? pam_format_line(&apos;auth&apos;, &apos;required&apos;, &apos;pam_mount&apos;) : &apos;&apos;,</span>
	auth <span class="hl opt">=&gt;</span> member<span class="hl opt">(</span><span class="hl str">&apos;mount&apos;</span><span class="hl opt">,</span> <span class="hl kwb">&#64;$authentication_kinds</span><span class="hl opt">)</span> ? pam_format_line<span class="hl opt">(</span><span class="hl str">&apos;auth&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;required&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_mount&apos;</span><span class="hl opt">) :</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">,</span>
	session <span class="hl opt">=&gt;</span> 
	  <span class="hl slc">#intersection(\&#64;authentication_kinds, [ &apos;winbind&apos;, &apos;krb5&apos;, &apos;ldap&apos; ]) </span>
	  intersection<span class="hl opt">(</span><span class="hl kwb">$authentication_kinds,</span> <span class="hl opt">[</span> <span class="hl str">&apos;winbind&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;krb5&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;ldap&apos;</span> <span class="hl opt">])</span>
	    ? pam_format_line<span class="hl opt">(</span><span class="hl str">&apos;session&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;optional&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_mkhomedir&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;skel=/etc/skel/&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;umask=0022&apos;</span><span class="hl opt">) :</span>
	    <span class="hl slc">#member(&apos;castella&apos;, &#64;authentication_kinds)</span>
	    member<span class="hl opt">(</span><span class="hl str">&apos;castella&apos;</span><span class="hl opt">,</span> <span class="hl kwb">&#64;$authentication_kinds</span><span class="hl opt">)</span>
	    ? pam_format_line<span class="hl opt">(</span><span class="hl str">&apos;session&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;optional&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_castella&apos;</span><span class="hl opt">) :</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">,</span>
    <span class="hl opt">);</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%after_deny</span> <span class="hl opt">= (</span>
	session <span class="hl opt">=&gt;</span>
          member<span class="hl opt">(</span><span class="hl str">&apos;krb5&apos;</span><span class="hl opt">,</span> <span class="hl kwb">&#64;$authentication_kinds</span><span class="hl opt">)</span>
            ? pam_format_line<span class="hl opt">(</span><span class="hl str">&apos;session&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;optional&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_krb5&apos;</span><span class="hl opt">) :</span>
          member<span class="hl opt">(</span><span class="hl str">&apos;mount&apos;</span><span class="hl opt">,</span> <span class="hl kwb">&#64;$authentication_kinds</span><span class="hl opt">)</span>
            ? pam_format_line<span class="hl opt">(</span><span class="hl str">&apos;session&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;optional&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_mount&apos;</span><span class="hl opt">) :</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">,</span>
    <span class="hl opt">);</span>

    substInFile <span class="hl opt">{</span>
	    <span class="hl slc">#my ($type, $control, $module, &#64;para) = split;</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$type, $control, $other</span><span class="hl opt">) =</span> <span class="hl kwd">/(\S+)\s+(\[.*?\]|\S+)\s+(.*)/</span><span class="hl opt">;</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$module, &#64;para</span><span class="hl opt">) =</span> <span class="hl kwc">split</span><span class="hl opt">(</span><span class="hl str">&apos; &apos;</span><span class="hl opt">,</span> <span class="hl kwb">$other</span><span class="hl opt">);</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl opt">=</span> pam_module_from_path<span class="hl opt">(</span><span class="hl kwb">$module</span><span class="hl opt">)) {</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span>member<span class="hl opt">(</span><span class="hl kwb">$module,</span> pam_modules<span class="hl opt">())) {</span>
		<span class="hl slc">#- first removing previous config</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
	    <span class="hl opt">}</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$module</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;pam_tcb&apos;</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwb">$special</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}) {</span>
		<span class="hl kwc">my</span> <span class="hl kwb">&#64;para_for_last</span> <span class="hl opt">=</span> 
		    member<span class="hl opt">(</span><span class="hl kwb">$type,</span> <span class="hl str">&apos;auth&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;account&apos;</span><span class="hl opt">)</span> ? <span class="hl str">qw(use_first_pass)</span> <span class="hl opt">: &#64;{[]};</span>
		<span class="hl kwb">&#64;para</span> <span class="hl opt">=</span> difference2<span class="hl opt">(</span>\<span class="hl kwb">&#64;para,</span> \<span class="hl kwb">&#64;para_for_last</span><span class="hl opt">);</span>

		<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$before_noask, $ask</span><span class="hl opt">) =</span> partition <span class="hl opt">{</span> <span class="hl kwb">$_</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;castella&apos;</span> <span class="hl opt">} &#64;{</span><span class="hl kwb">$special</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}};</span>

		<span class="hl kwa">if</span> <span class="hl opt">(!</span><span class="hl kwb">&#64;$ask</span><span class="hl opt">) {</span>
		    <span class="hl kwb">&#64;para_for_last</span> <span class="hl opt">=</span> <span class="hl kwc">grep</span> <span class="hl opt">{</span> <span class="hl kwb">$_</span> <span class="hl kwc">ne</span> <span class="hl str">&apos;use_first_pass&apos;</span> <span class="hl opt">}</span> <span class="hl kwb">&#64;para_for_last</span><span class="hl opt">;</span>
		<span class="hl opt">}</span>

		<span class="hl kwc">my</span> <span class="hl kwb">&#64;l</span> <span class="hl opt">= ((</span><span class="hl kwc">map</span> <span class="hl opt">{ [</span> <span class="hl str">&quot;pam_</span><span class="hl ipl">$_</span><span class="hl str">&quot;</span> <span class="hl opt">] }</span> <span class="hl kwb">&#64;$before_noask</span><span class="hl opt">),</span>
			 <span class="hl opt">[</span> <span class="hl str">&apos;pam_tcb&apos;</span><span class="hl opt">,</span> <span class="hl kwb">&#64;para</span> <span class="hl opt">],</span>
			 <span class="hl opt">(</span><span class="hl kwc">map</span> <span class="hl opt">{ [</span> <span class="hl str">&quot;pam_</span><span class="hl ipl">$_</span><span class="hl str">&quot;</span> <span class="hl opt">] }</span> <span class="hl kwb">&#64;$ask</span><span class="hl opt">),</span>
			 <span class="hl opt">);</span>
		<span class="hl kwc">push</span> <span class="hl opt">&#64;{</span><span class="hl kwb">$l</span><span class="hl opt">[-</span><span class="hl num">1</span><span class="hl opt">]},</span> <span class="hl kwb">&#64;para_for_last</span><span class="hl opt">;</span>
		<span class="hl slc">#$_ = join(&apos;&apos;, map { pam_format_line($type, &apos;sufficient&apos;, &#64;$_) } &#64;l);</span>
		<span class="hl slc">### $_ = join(&apos;&apos;, map { pam_format_line($type, sufficient($ccreds, $_-&gt;[0], $type), &#64;$_) } &#64;l);</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> pam_sufficient_line<span class="hl opt">(</span><span class="hl kwb">$ccreds, $type, &#64;$_</span><span class="hl opt">) }</span> <span class="hl kwb">&#64;l</span><span class="hl opt">);</span>

		<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$control</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;required&apos;</span><span class="hl opt">) {</span>
		    <span class="hl slc">#- ensure a pam_deny line is there. it will be added below</span>
		    <span class="hl opt">(</span><span class="hl kwb">$module, &#64;para</span><span class="hl opt">) = (</span><span class="hl str">&apos;pam_deny&apos;</span><span class="hl opt">);</span>
		<span class="hl opt">}</span>

		<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$type</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;auth&apos;</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwb">$ccreds</span><span class="hl opt">) {</span>
			<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pam_format_line<span class="hl opt">(</span><span class="hl str">&apos;auth&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;[default=done]&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_ccreds&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;action=validate use_first_pass&apos;</span><span class="hl opt">);</span>
			<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pam_format_line<span class="hl opt">(</span><span class="hl str">&apos;auth&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;[default=done]&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_ccreds&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;action=store&apos;</span><span class="hl opt">);</span>
			<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pam_format_line<span class="hl opt">(</span><span class="hl str">&apos;auth&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;[default=bad]&apos;</span><span class="hl opt">,</span>  <span class="hl str">&apos;pam_ccreds&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;action=update&apos;</span><span class="hl opt">);</span>
		<span class="hl opt">}</span>
	    <span class="hl opt">}</span>


	    <span class="hl kwa">if</span> <span class="hl opt">(</span>member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">&apos;pam_deny&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_permit&apos;</span><span class="hl opt">)) {</span>
		<span class="hl kwb">$_</span> <span class="hl opt">.=</span> pam_format_line<span class="hl opt">(</span><span class="hl kwb">$type, $control,</span> 
				      <span class="hl kwb">$type</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;account&apos;</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwb">$ccreds</span> ? <span class="hl str">&apos;pam_permit&apos;</span> <span class="hl opt">:</span> <span class="hl str">&apos;pam_deny&apos;</span><span class="hl opt">);</span>
	    <span class="hl opt">}</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$s</span> <span class="hl opt">=</span> <span class="hl kwc">delete</span> <span class="hl kwb">$before_first</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}) {</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$s</span> <span class="hl opt">.</span> <span class="hl kwb">$_</span><span class="hl opt">;</span>
	    <span class="hl opt">}</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$control</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;required&apos;</span> <span class="hl opt">&amp;&amp;</span> member<span class="hl opt">(</span><span class="hl kwb">$module,</span> <span class="hl str">&apos;pam_deny&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_permit&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;pam_tcb&apos;</span><span class="hl opt">)) {</span>
		<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$s</span> <span class="hl opt">=</span> <span class="hl kwc">delete</span> <span class="hl kwb">$after_deny</span><span class="hl opt">{</span><span class="hl kwb">$type</span><span class="hl opt">}) {</span>
		    <span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl kwb">$s</span><span class="hl opt">;</span>
		<span class="hl opt">}</span>
	    <span class="hl opt">}</span>
	<span class="hl opt">}</span>
    <span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/pam.d/system-auth&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set_nsswitch_priority <span class="hl opt">{</span>
	<span class="hl slc">#my (&#64;kinds) = &#64;_;</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$kinds, $connected</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">&#64;known</span> <span class="hl opt">=</span> <span class="hl str">qw(nis ldap winbind)</span><span class="hl opt">;</span>
    substInFile <span class="hl opt">{</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$database, $l</span><span class="hl opt">) =</span> <span class="hl kwd">/^(\s*(?:passwd|shadow|group|automount):\s*)(.*)/</span><span class="hl opt">) {</span>
	    <span class="hl kwc">my</span> <span class="hl kwb">&#64;l</span> <span class="hl opt">=</span> difference2<span class="hl opt">([</span> <span class="hl kwc">split</span><span class="hl opt">(</span><span class="hl str">&apos; &apos;</span><span class="hl opt">,</span> <span class="hl kwb">$l</span><span class="hl opt">) ],</span> \<span class="hl kwb">&#64;known</span><span class="hl opt">);</span>
	    <span class="hl slc">#    $_ = $database . join(&apos; &apos;, uniq(&apos;files&apos;, &#64;kinds, &#64;l)) . &quot;\n&quot;;</span>
	    <span class="hl slc">#}</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$database</span> <span class="hl opt">.</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos; &apos;</span><span class="hl opt">,</span> uniq<span class="hl opt">(</span><span class="hl str">&apos;files&apos;</span><span class="hl opt">,</span> <span class="hl kwb">&#64;$kinds, &#64;l</span><span class="hl opt">)) .</span> <span class="hl str">&quot;</span><span class="hl esc">\n</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
	<span class="hl opt">}</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwd">/^\s*(?:passwd|group):/</span><span class="hl opt">) {</span>
		<span class="hl kwc">my</span> <span class="hl kwb">$option</span> <span class="hl opt">=</span> <span class="hl str">&apos;[NOTFOUND=return] db&apos;</span><span class="hl opt">;</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$connected</span><span class="hl opt">) {</span>
		<span class="hl kwd">s/$/ $option/</span> <span class="hl kwa">if</span> <span class="hl opt">!</span><span class="hl kwd">/\Q$option/</span><span class="hl opt">;</span>
	<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
		<span class="hl kwd">s/\s*\Q$option//</span><span class="hl opt">;</span>
	<span class="hl opt">}</span>
<span class="hl opt">}</span>	

    <span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/nsswitch.conf&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> read_yp_conf<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$yp_conf</span> <span class="hl opt">=</span> cat_<span class="hl opt">(</span><span class="hl str">&quot;$::prefix/etc/yp.conf&quot;</span><span class="hl opt">);</span>
    
    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$yp_conf</span> <span class="hl opt">=~</span> <span class="hl kwd">/^domain\s+(\S+)\s+(\S+)\s*(.*)/m</span><span class="hl opt">) {</span>
	<span class="hl opt">{</span> domain <span class="hl opt">=&gt;</span> <span class="hl kwb">$1,</span> server <span class="hl opt">=&gt;</span> <span class="hl kwb">$2</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;broadcast&apos;</span> ? <span class="hl str">&apos;broadcast&apos;</span> <span class="hl opt">:</span> <span class="hl kwb">$3</span> <span class="hl opt">};</span>
    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$yp_conf</span> <span class="hl opt">=~</span> <span class="hl kwd">/^server\s+(.*)/m</span><span class="hl opt">) {</span>
	<span class="hl opt">{</span> server <span class="hl opt">=&gt;</span> <span class="hl kwb">$1</span> <span class="hl opt">};</span>
    <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
	<span class="hl kwc">undef</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>    
<span class="hl opt">}</span>

<span class="hl kwc">my</span> <span class="hl kwb">$special_ldap_cmds</span> <span class="hl opt">=</span> <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos;|&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;nss_map_attribute&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;nss_map_objectclass&apos;</span><span class="hl opt">);</span>
<span class="hl kwa">sub</span> _after_read_ldap_line <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$s</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwb">$s</span> <span class="hl opt">=~</span> <span class="hl kwd">s/\b($special_ldap_cmds)\s*/$1 . &apos;_&apos;/e</span><span class="hl opt">;</span>
    <span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> _pre_write_ldap_line <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$s</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwb">$s</span> <span class="hl opt">=~</span> <span class="hl kwd">s/\b($special_ldap_cmds)_/$1 . &apos; &apos;/e</span><span class="hl opt">;</span>
    <span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> read_ldap_conf<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%conf</span> <span class="hl opt">=</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> 
	<span class="hl kwd">s/^\s*#.*//</span><span class="hl opt">;</span> 
	if_<span class="hl opt">(</span>_after_read_ldap_line<span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">) =~</span> <span class="hl kwd">/(\S+)\s+(.*)/</span><span class="hl opt">,</span> <span class="hl kwb">$1</span> <span class="hl opt">=&gt;</span> <span class="hl kwb">$2</span><span class="hl opt">);</span>
    <span class="hl opt">}</span> cat_<span class="hl opt">(</span><span class="hl str">&quot;$::prefix/etc/ldap.conf&quot;</span><span class="hl opt">);</span>
    \<span class="hl kwb">%conf</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> update_ldap_conf <span class="hl opt">{</span>    
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">%conf</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    substInFile <span class="hl opt">{</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$cmd</span><span class="hl opt">) =</span> _after_read_ldap_line<span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">) =~</span> <span class="hl kwd">/^\s*#?\s*(\w+)\s/</span><span class="hl opt">;</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$cmd</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwc">exists</span> <span class="hl kwb">$conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">}) {</span>
	    <span class="hl kwc">my</span> <span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl kwb">$conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">};</span>
	    <span class="hl kwb">$conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">} =</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwb">$val</span> ? _pre_write_ldap_line<span class="hl opt">(</span><span class="hl str">&quot;</span><span class="hl ipl">$cmd</span> <span class="hl str"></span><span class="hl ipl">$val\n</span><span class="hl str">&quot;</span><span class="hl opt">) :</span> <span class="hl kwd">/^\s*#/</span> ? <span class="hl kwb">$_</span> <span class="hl opt">:</span> <span class="hl str">&quot;#</span><span class="hl ipl">$_</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
        <span class="hl opt">}</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">eof</span><span class="hl opt">) {</span>
	    <span class="hl kwa">foreach</span> <span class="hl kwc">my</span> <span class="hl kwb">$cmd</span> <span class="hl opt">(</span><span class="hl kwc">keys</span> <span class="hl kwb">%conf</span><span class="hl opt">) {</span>
		<span class="hl kwc">my</span> <span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl kwb">$conf</span><span class="hl opt">{</span><span class="hl kwb">$cmd</span><span class="hl opt">}</span> <span class="hl kwc">or</span> <span class="hl kwa">next</span><span class="hl opt">;</span>
		<span class="hl kwb">$_</span> <span class="hl opt">.=</span> _pre_write_ldap_line<span class="hl opt">(</span><span class="hl str">&quot;</span><span class="hl ipl">$cmd</span> <span class="hl str"></span><span class="hl ipl">$val\n</span><span class="hl str">&quot;</span><span class="hl opt">);</span>
	    <span class="hl opt">}</span>
	<span class="hl opt">}</span>
    <span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/ldap.conf&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> configure_krb5_for_AD <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$uc_domain</span> <span class="hl opt">=</span> <span class="hl kwc">uc</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_domain<span class="hl opt">};</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$krb5_conf_file</span> <span class="hl opt">=</span> <span class="hl str">&quot;$::prefix/etc/krb5.conf&quot;</span><span class="hl opt">;</span>

    krb5_conf_update<span class="hl opt">(</span><span class="hl kwb">$krb5_conf_file,</span>
		     libdefaults <span class="hl opt">=&gt; (</span>
				     default_realm <span class="hl opt">=&gt;</span> <span class="hl kwb">$uc_domain,</span>
				     dns_lookup_realm <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>KRB_dns_lookup<span class="hl opt">}</span> ? <span class="hl str">&apos;true&apos;</span> <span class="hl opt">:</span> <span class="hl str">&apos;false&apos;</span><span class="hl opt">,</span>
				     dns_lookup_kdc <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>KRB_host_lookup<span class="hl opt">}</span> ? <span class="hl str">&apos;true&apos;</span> <span class="hl opt">:</span> <span class="hl str">&apos;false&apos;</span><span class="hl opt">,</span>
				     default_tgs_enctypes <span class="hl opt">=&gt;</span> <span class="hl kwc">undef</span><span class="hl opt">,</span> 
				     default_tkt_enctypes <span class="hl opt">=&gt;</span> <span class="hl kwc">undef</span><span class="hl opt">,</span>
				     permitted_enctypes <span class="hl opt">=&gt;</span> <span class="hl kwc">undef</span><span class="hl opt">,</span>
				    <span class="hl opt">));</span>

    <span class="hl kwc">my</span> <span class="hl kwb">&#64;sections</span> <span class="hl opt">= (</span>
		    realms <span class="hl opt">=&gt;</span> <span class="hl str">&lt;&lt;EOF,</span>
<span class="hl str"></span> <span class="hl ipl">$uc_domain</span> <span class="hl str">= {</span>
<span class="hl str">  kdc =</span> <span class="hl ipl">$authentication</span><span class="hl str">-&gt;{AD_server}:88</span>
<span class="hl str">  admin_server =</span> <span class="hl ipl">$authentication</span><span class="hl str">-&gt;{AD_server}:749</span>
<span class="hl str">  default_domain =</span> <span class="hl ipl">$authentication</span><span class="hl str">-&gt;{AD_domain}</span>
<span class="hl str"> }</span>
<span class="hl str">EOF</span>
		    domain_realm <span class="hl opt">=&gt;</span> <span class="hl str">&lt;&lt;EOF,</span>
<span class="hl str"> .</span><span class="hl ipl">$authentication</span><span class="hl str">-&gt;{AD_domain} =</span> <span class="hl ipl">$uc_domain</span>
<span class="hl str">EOF</span>
		    kdc <span class="hl opt">=&gt;</span> <span class="hl str">&lt;&lt;&apos;EOF&apos;,</span>
<span class="hl str"> profile = /etc/kerberos/krb5kdc/kdc.conf</span>
<span class="hl str">EOF</span>
		    pam <span class="hl opt">=&gt;</span> <span class="hl str">&lt;&lt;&apos;EOF&apos;,</span>
<span class="hl str"> debug = false</span>
<span class="hl str"> ticket_lifetime = 36000</span>
<span class="hl str"> renew_lifetime = 36000</span>
<span class="hl str"> forwardable = true</span>
<span class="hl str"> krb4_convert = false</span>
<span class="hl str">EOF</span>
		    login <span class="hl opt">=&gt;</span> <span class="hl str">&lt;&lt;&apos;EOF&apos;,</span>
<span class="hl str"> krb4_convert = false</span>
<span class="hl str"> krb4_get_tickets = false</span>
<span class="hl str">EOF</span>
		       <span class="hl opt">);</span>
    <span class="hl kwa">foreach</span> <span class="hl opt">(</span>group_by2<span class="hl opt">(</span><span class="hl kwb">&#64;sections</span><span class="hl opt">)) {</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$section, $txt</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;$_</span><span class="hl opt">;</span>
	krb5_conf_overwrite_category<span class="hl opt">(</span><span class="hl kwb">$krb5_conf_file, $section</span> <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>AD_server<span class="hl opt">}</span> ? <span class="hl kwb">$txt</span> <span class="hl opt">:</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">);</span>
    <span class="hl opt">}</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> krb5_conf_overwrite_category <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$file, $category, $new_val</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$done</span><span class="hl opt">;</span>
    substInFile <span class="hl opt">{</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$i</span> <span class="hl opt">=</span> <span class="hl kwd">/^\s*\[\Q$category\E\]/i</span> <span class="hl opt">...</span> <span class="hl kwd">/^\[/</span><span class="hl opt">) {</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$new_val</span><span class="hl opt">) {</span>
		<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$i</span> <span class="hl opt">==</span> <span class="hl num">1</span><span class="hl opt">) {</span>
		    <span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl kwb">$new_val</span><span class="hl opt">;</span>
		    <span class="hl kwb">$done</span> <span class="hl opt">=</span> <span class="hl num">1</span><span class="hl opt">;</span>
		<span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwb">$i</span> <span class="hl opt">=~</span> <span class="hl kwd">/E/</span><span class="hl opt">) {</span>
		    <span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">&quot;</span><span class="hl esc">\n</span><span class="hl str"></span><span class="hl ipl">$_</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
		<span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
		    <span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
		<span class="hl opt">}</span>
	    <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
		<span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl str">&apos;&apos;</span> <span class="hl kwa">if</span> <span class="hl kwb">$i</span> <span class="hl opt">!~</span> <span class="hl kwd">/E/</span><span class="hl opt">;</span>
	    <span class="hl opt">}</span>
	<span class="hl opt">}</span>
	<span class="hl slc">#- if category has not been found above.</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">eof</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwb">$new_val</span> <span class="hl opt">&amp;&amp; !</span><span class="hl kwb">$done</span><span class="hl opt">) {</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl str">&quot;</span><span class="hl esc">\n</span><span class="hl str">[</span><span class="hl ipl">$category</span><span class="hl str">]</span><span class="hl esc">\n</span><span class="hl str"></span><span class="hl ipl">$new_val</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
	<span class="hl opt">}</span>
    <span class="hl opt">}</span> <span class="hl kwb">$file</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl slc">#- same as update_gnomekderc(), but allow spaces around &quot;=&quot;</span>
<span class="hl kwa">sub</span> krb5_conf_update <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$file, $category, %subst_</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwc">my</span> <span class="hl kwb">%subst</span> <span class="hl opt">=</span> <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwc">lc</span><span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">) =&gt; [</span> <span class="hl kwb">$_, $subst_</span><span class="hl opt">{</span><span class="hl kwb">$_</span><span class="hl opt">} ] }</span> <span class="hl kwc">keys</span> <span class="hl kwb">%subst_</span><span class="hl opt">;</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$s</span><span class="hl opt">;</span>
    <span class="hl kwa">foreach</span> <span class="hl opt">(</span>MDK<span class="hl opt">::</span>Common<span class="hl opt">::</span>File<span class="hl opt">::</span>cat_<span class="hl opt">(</span><span class="hl kwb">$file</span><span class="hl opt">),</span> <span class="hl str">&quot;[NOCATEGORY]</span><span class="hl esc">\n</span><span class="hl str">&quot;</span><span class="hl opt">) {</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$i</span> <span class="hl opt">=</span> <span class="hl kwd">/^\s*\[\Q$category\E\]/i</span> <span class="hl opt">...</span> <span class="hl kwd">/^\[/</span><span class="hl opt">) {</span>
	    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$i</span> <span class="hl opt">=~</span> <span class="hl kwd">/E/</span><span class="hl opt">) {</span> <span class="hl slc">#- for last line of category</span>
		<span class="hl kwc">chomp</span> <span class="hl kwb">$s</span><span class="hl opt">;</span> <span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl str">&quot;</span><span class="hl esc">\n</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
		<span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl str">&quot;</span> <span class="hl ipl">$_</span><span class="hl str">-&gt;[0] =</span> <span class="hl ipl">$_</span><span class="hl str">-&gt;[1]</span><span class="hl esc">\n</span><span class="hl str">&quot;</span> <span class="hl kwa">foreach</span> <span class="hl kwc">grep</span> <span class="hl opt">{</span> <span class="hl kwc">defined</span><span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">-&gt;[</span><span class="hl num">1</span><span class="hl opt">]) }</span> <span class="hl kwc">values</span> <span class="hl kwb">%subst</span><span class="hl opt">;</span>
		<span class="hl kwb">%subst</span> <span class="hl opt">= ();</span>
	    <span class="hl opt">}</span> <span class="hl kwa">elsif</span> <span class="hl opt">(</span><span class="hl kwd">/^\s*([^=]*?)\s*=/</span><span class="hl opt">) {</span>
		<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$e</span> <span class="hl opt">=</span> <span class="hl kwc">delete</span> <span class="hl kwb">$subst</span><span class="hl opt">{</span><span class="hl kwc">lc</span><span class="hl opt">(</span><span class="hl kwb">$1</span><span class="hl opt">)}) {</span>
		    <span class="hl kwb">$_</span> <span class="hl opt">=</span> <span class="hl kwc">defined</span><span class="hl opt">(</span><span class="hl kwb">$e</span><span class="hl opt">-&gt;[</span><span class="hl num">1</span><span class="hl opt">])</span> ? <span class="hl str">&quot;</span> <span class="hl ipl">$1</span> <span class="hl str">=</span> <span class="hl ipl">$e</span><span class="hl str">-&gt;[1]</span><span class="hl esc">\n</span><span class="hl str">&quot;</span> <span class="hl opt">:</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
		<span class="hl opt">}</span>
	      <span class="hl opt">}</span>
	<span class="hl opt">}</span>
	<span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl kwb">$_</span> <span class="hl kwa">if</span> <span class="hl opt">!</span><span class="hl kwd">/^\Q[NOCATEGORY]/</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>

    <span class="hl slc">#- if category has not been found above.</span>
    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">keys</span> <span class="hl kwb">%subst</span><span class="hl opt">) {</span>
	<span class="hl kwc">chomp</span> <span class="hl kwb">$s</span><span class="hl opt">;</span>
	<span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl str">&quot;</span><span class="hl esc">\n</span><span class="hl str">[</span><span class="hl ipl">$category</span><span class="hl str">]</span><span class="hl esc">\n</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
	<span class="hl kwb">$s</span> <span class="hl opt">.=</span> <span class="hl str">&quot;</span> <span class="hl ipl">$_</span><span class="hl str">-&gt;[0] =</span> <span class="hl ipl">$_</span><span class="hl str">-&gt;[1]</span><span class="hl esc">\n</span><span class="hl str">&quot;</span> <span class="hl kwa">foreach</span> <span class="hl kwc">grep</span> <span class="hl opt">{</span> <span class="hl kwc">defined</span><span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">-&gt;[</span><span class="hl num">1</span><span class="hl opt">]) }</span> <span class="hl kwc">values</span> <span class="hl kwb">%subst</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>

    MDK<span class="hl opt">::</span>Common<span class="hl opt">::</span>File<span class="hl opt">::</span>output<span class="hl opt">(</span><span class="hl kwb">$file, $s</span><span class="hl opt">);</span>

<span class="hl opt">}</span>

<span class="hl kwa">sub</span> sshd_config_UsePAM <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$UsePAM</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$sshd</span> <span class="hl opt">=</span> <span class="hl str">&quot;$::prefix/etc/ssh/sshd_config&quot;</span><span class="hl opt">;</span>
    <span class="hl opt">-</span>e <span class="hl kwb">$sshd</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>

    <span class="hl kwc">my</span> <span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl str">&quot;UsePAM &quot;</span> <span class="hl opt">.</span> bool2yesno<span class="hl opt">(</span><span class="hl kwb">$UsePAM</span><span class="hl opt">);</span>
    substInFile <span class="hl opt">{</span>
	<span class="hl kwb">$val</span> <span class="hl opt">=</span> <span class="hl str">&apos;&apos;</span> <span class="hl kwa">if</span> <span class="hl kwd">s/^#?UsePAM.*/$val/</span><span class="hl opt">;</span>
	<span class="hl kwb">$_</span> <span class="hl opt">.=</span> <span class="hl str">&quot;</span><span class="hl ipl">$val\n</span><span class="hl str">&quot;</span> <span class="hl kwa">if</span> <span class="hl kwc">eof</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwb">$val</span><span class="hl opt">;</span>
    <span class="hl opt">}</span> <span class="hl kwb">$sshd</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> query_srv_names <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$domain</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwc">eval</span> <span class="hl opt">{</span> <span class="hl kwa">require</span> Net<span class="hl opt">::</span>DNS<span class="hl opt">;</span> <span class="hl num">1</span> <span class="hl opt">}</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$res</span> <span class="hl opt">=</span> Net<span class="hl opt">::</span>DNS<span class="hl opt">::</span>Resolver-<span class="hl opt">&gt;</span><span class="hl kwd">new</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$query</span> <span class="hl opt">=</span> <span class="hl kwb">$res</span><span class="hl opt">-&gt;</span><span class="hl kwd">query</span><span class="hl opt">(</span><span class="hl str">&quot;_ldap._tcp.</span><span class="hl ipl">$domain</span><span class="hl str">&quot;</span><span class="hl opt">,</span> <span class="hl str">&apos;srv&apos;</span><span class="hl opt">)</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
    <span class="hl kwc">map</span> <span class="hl opt">{</span> <span class="hl kwb">$_</span><span class="hl opt">-&gt;</span><span class="hl kwd">target</span> <span class="hl opt">}</span> <span class="hl kwb">$query</span><span class="hl opt">-&gt;</span><span class="hl kwd">answer</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> enable_shadow<span class="hl opt">() {</span>
    run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&quot;pwconv&quot;</span><span class="hl opt">)</span>  <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">&quot;pwconv failed&quot;</span><span class="hl opt">);</span>
    run_program<span class="hl opt">::</span>rooted<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&quot;grpconv&quot;</span><span class="hl opt">)</span> <span class="hl kwc">or log</span><span class="hl opt">::</span>l<span class="hl opt">(</span><span class="hl str">&quot;grpconv failed&quot;</span><span class="hl opt">);</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> salt <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$nb</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwa">require</span> devices<span class="hl opt">;</span>
    <span class="hl kwc">open</span><span class="hl opt">(</span><span class="hl kwc">my</span> <span class="hl kwb">$F,</span> devices<span class="hl opt">::</span>make<span class="hl opt">(</span><span class="hl str">&quot;random&quot;</span><span class="hl opt">))</span> <span class="hl kwc">or die</span> <span class="hl str">&quot;missing random&quot;</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$s</span><span class="hl opt">;</span> <span class="hl kwc">read</span> <span class="hl kwb">$F, $s, $nb</span><span class="hl opt">;</span>
    <span class="hl kwb">$s</span> <span class="hl opt">=</span> <span class="hl kwc">pack</span><span class="hl opt">(</span><span class="hl str">&quot;b8&quot;</span> x <span class="hl kwb">$nb,</span> <span class="hl kwc">unpack</span> <span class="hl str">&quot;b6&quot;</span> x <span class="hl kwb">$nb, $s</span><span class="hl opt">);</span>
    <span class="hl kwb">$s</span> <span class="hl opt">=~</span> tr<span class="hl opt">|</span>\<span class="hl num">0</span><span class="hl opt">-</span><span class="hl esc">\x3f</span><span class="hl opt">|</span><span class="hl num">0</span><span class="hl opt">-</span><span class="hl num">9</span>a-zA-Z<span class="hl opt">./|;</span>
    <span class="hl kwb">$s</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> user_crypted_passwd <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$u, $isMD5</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>password<span class="hl opt">}) {</span>
	<span class="hl kwa">require</span> utf8<span class="hl opt">;</span>
	utf8<span class="hl opt">::</span>encode<span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>password<span class="hl opt">});</span> <span class="hl slc">#- we don&apos;t want perl to do &quot;smart&quot; things in crypt()</span>

	<span class="hl kwc">crypt</span><span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>password<span class="hl opt">},</span> <span class="hl kwb">$isMD5</span> ? <span class="hl str">&apos;</span><span class="hl ipl">$1$</span><span class="hl str">&apos;</span> <span class="hl opt">.</span> salt<span class="hl opt">(</span><span class="hl num">8</span><span class="hl opt">) :</span> salt<span class="hl opt">(</span><span class="hl num">2</span><span class="hl opt">));</span>
    <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>
	<span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>pw<span class="hl opt">} ||</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> set_root_passwd <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$superuser, $authentication</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwb">$superuser</span><span class="hl opt">-&gt;{</span>name<span class="hl opt">} =</span> <span class="hl str">&apos;root&apos;</span><span class="hl opt">;</span>
    write_passwd_user<span class="hl opt">(</span><span class="hl kwb">$superuser, $authentication</span><span class="hl opt">-&gt;{</span>md5<span class="hl opt">});</span>    
    <span class="hl kwc">delete</span> <span class="hl kwb">$superuser</span><span class="hl opt">-&gt;{</span>name<span class="hl opt">};</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> write_passwd_user <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$u, $isMD5</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>

    <span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>pw<span class="hl opt">} =</span> user_crypted_passwd<span class="hl opt">(</span><span class="hl kwb">$u, $isMD5</span><span class="hl opt">);</span>      
    <span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>shell<span class="hl opt">} ||=</span> <span class="hl str">&apos;/bin/bash&apos;</span><span class="hl opt">;</span>

    substInFile <span class="hl opt">{</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$l</span> <span class="hl opt">=</span> unpack_passwd<span class="hl opt">(</span><span class="hl kwb">$_</span><span class="hl opt">);</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$l</span><span class="hl opt">-&gt;{</span>name<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>name<span class="hl opt">}) {</span>
	    add2hash_<span class="hl opt">(</span><span class="hl kwb">$u, $l</span><span class="hl opt">);</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">=</span> pack_passwd<span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">);</span>
	    <span class="hl kwb">$u</span> <span class="hl opt">= {};</span>
	<span class="hl opt">}</span>
	<span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwc">eof</span> <span class="hl opt">&amp;&amp;</span> <span class="hl kwb">$u</span><span class="hl opt">-&gt;{</span>name<span class="hl opt">}) {</span>
	    <span class="hl kwb">$_</span> <span class="hl opt">.=</span> pack_passwd<span class="hl opt">(</span><span class="hl kwb">$u</span><span class="hl opt">);</span>
	<span class="hl opt">}</span>
    <span class="hl opt">}</span> <span class="hl str">&quot;$::prefix/etc/passwd&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwc">my</span> <span class="hl kwb">&#64;etc_pass_fields</span> <span class="hl opt">=</span> <span class="hl str">qw(name pw uid gid realname home shell)</span><span class="hl opt">;</span>
<span class="hl kwa">sub</span> unpack_passwd <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$l</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%l</span><span class="hl opt">;</span> <span class="hl kwb">&#64;l</span><span class="hl opt">{</span><span class="hl kwb">&#64;etc_pass_fields</span><span class="hl opt">} =</span> <span class="hl kwc">split</span> <span class="hl str">&apos;:&apos;</span><span class="hl opt">,</span> chomp_<span class="hl opt">(</span><span class="hl kwb">$l</span><span class="hl opt">);</span>
    \<span class="hl kwb">%l</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> pack_passwd <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$l</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
    <span class="hl kwc">join</span><span class="hl opt">(</span><span class="hl str">&apos;:&apos;</span><span class="hl opt">,</span> <span class="hl kwb">&#64;$l</span><span class="hl opt">{</span><span class="hl kwb">&#64;etc_pass_fields</span><span class="hl opt">}) .</span> <span class="hl str">&quot;</span><span class="hl esc">\n</span><span class="hl str">&quot;</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> add_cafile<span class="hl opt">() {</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$file</span><span class="hl opt">;</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$in</span> <span class="hl opt">=</span> interactive-<span class="hl opt">&gt;</span><span class="hl kwd">vnew</span><span class="hl opt">;</span>
	<span class="hl kwb">$file</span> <span class="hl opt">=</span> <span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_filename</span><span class="hl opt">({</span> title <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Select file&quot;</span><span class="hl opt">) })</span> <span class="hl kwc">or</span> <span class="hl kwa">return</span><span class="hl opt">;</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> auth<span class="hl opt">() {</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$in</span> <span class="hl opt">=</span> interactive-<span class="hl opt">&gt;</span><span class="hl kwd">vnew</span><span class="hl opt">;</span>
        <span class="hl kwb">$in</span><span class="hl opt">-&gt;</span><span class="hl kwd">ask_from</span><span class="hl opt">(</span><span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> N<span class="hl opt">(</span><span class="hl str">&quot; &quot;</span><span class="hl opt">), [</span>
		<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Domain Windows for authentication : &quot;</span> <span class="hl opt">,</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>WINDOMAIN<span class="hl opt">}) },</span>
		<span class="hl opt">{},</span>
		<span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Domain Admin User Name&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winuser<span class="hl opt">} },</span>
	        <span class="hl opt">{</span> label <span class="hl opt">=&gt;</span> N<span class="hl opt">(</span><span class="hl str">&quot;Domain Admin Password&quot;</span><span class="hl opt">),</span> val <span class="hl opt">=&gt;</span> \<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winpass<span class="hl opt">},</span> hidden <span class="hl opt">=&gt;</span> <span class="hl num">1</span> <span class="hl opt">},</span>
	<span class="hl opt">]);</span>
	<span class="hl kwa">return</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winuser<span class="hl opt">},</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>winpass<span class="hl opt">};</span>
<span class="hl opt">}</span>

<span class="hl kwa">require</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb<span class="hl opt">;</span>
<span class="hl kwa">sub</span> list_domains<span class="hl opt">() {</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$smb</span> <span class="hl opt">=</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb-<span class="hl opt">&gt;</span><span class="hl kwd">new</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%domains</span><span class="hl opt">;</span>
    <span class="hl kwa">foreach</span> <span class="hl kwc">my</span> <span class="hl kwb">$server</span> <span class="hl opt">(</span><span class="hl kwb">$smb</span><span class="hl opt">-&gt;</span><span class="hl kwd">find_servers</span><span class="hl opt">) {</span>
        <span class="hl kwb">$domains</span><span class="hl opt">{</span><span class="hl kwb">$server</span><span class="hl opt">-&gt;{</span>group<span class="hl opt">}} =</span> <span class="hl num">1</span><span class="hl opt">;</span>
    <span class="hl opt">}</span>
    <span class="hl kwa">return</span> <span class="hl kwc">sort keys</span> <span class="hl kwb">%domains</span><span class="hl opt">;</span>
<span class="hl opt">}</span>
<span class="hl kwa">sub</span> get_server_for_domain <span class="hl opt">{</span>
    <span class="hl kwc">my</span> <span class="hl kwb">$smb</span> <span class="hl opt">=</span> fs<span class="hl opt">::</span>remote<span class="hl opt">::</span>smb-<span class="hl opt">&gt;</span><span class="hl kwd">new</span><span class="hl opt">;</span>
    <span class="hl kwc">my</span> <span class="hl kwb">%domains</span><span class="hl opt">;</span>
    <span class="hl kwa">foreach</span> <span class="hl kwc">my</span> <span class="hl kwb">$server</span> <span class="hl opt">(</span><span class="hl kwb">$smb</span><span class="hl opt">-&gt;</span><span class="hl kwd">find_servers</span><span class="hl opt">) {</span>
        <span class="hl kwa">return</span> <span class="hl kwb">$server</span><span class="hl opt">-&gt;{</span>name<span class="hl opt">}</span> <span class="hl kwa">if</span> <span class="hl kwb">$server</span><span class="hl opt">-&gt;{</span>group<span class="hl opt">} ==</span> <span class="hl kwb">$_</span><span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">];</span>
    <span class="hl opt">}</span>
<span class="hl opt">}</span>

<span class="hl kwa">sub</span> fetch_dn <span class="hl opt">{</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$srv</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
	<span class="hl slc">#print &quot;$srv&quot;;</span>
	<span class="hl kwc">my</span> <span class="hl kwb">$s</span> <span class="hl opt">=</span> run_program<span class="hl opt">::</span>rooted_get_stdout<span class="hl opt">($::</span>prefix<span class="hl opt">,</span> <span class="hl str">&apos;ldapsearch&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-x&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-h&apos;</span><span class="hl opt">,</span> <span class="hl kwb">$srv,</span> <span class="hl str">&apos;-b&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;-s&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;base&apos;</span><span class="hl opt">,</span> <span class="hl str">&apos;+&apos;</span><span class="hl opt">);</span>
	<span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} =</span> first<span class="hl opt">(</span><span class="hl kwb">$s</span> <span class="hl opt">=~</span> <span class="hl kwd">/namingContexts: (.+)/</span><span class="hl opt">);</span>
	<span class="hl kwa">return</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">};</span>
<span class="hl opt">}</span>
	
<span class="hl kwa">sub</span> configure_nss_ldap <span class="hl opt">{</span>
	<span class="hl kwc">my</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">) =</span> <span class="hl kwb">&#64;_</span><span class="hl opt">;</span>
	<span class="hl slc">#my $authentication-&gt;{domain} = $authentication-&gt;{LDAPDOMAIN} || do {</span>
        <span class="hl slc">#    my $s = run_program::rooted_get_stdout($::prefix, &apos;ldapsearch&apos;, &apos;-x&apos;, &apos;-h&apos;, $authentication-&gt;{LDAP_server}, &apos;-b&apos;, &apos;&apos;, &apos;-s&apos;, &apos;base&apos;, &apos;+&apos;);</span>
        <span class="hl slc">#    first($s =~ /namingContexts: (.+)/);</span>
        <span class="hl slc">#} or log::l(&quot;no ldap domain found on server $authentication-&gt;{LDAP_server}&quot;), return;</span>
	update_ldap_conf<span class="hl opt">(</span>
                         host <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_server<span class="hl opt">},</span>
                         base <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">},</span>
                        <span class="hl opt">);</span>

        <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nssgrp<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;1&apos;</span><span class="hl opt">) {</span>

        update_ldap_conf<span class="hl opt">(</span>
                         nss_base_shadow <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nss_shadow<span class="hl opt">} .</span> <span class="hl str">&quot;?sub&quot;</span><span class="hl opt">,</span>
                         nss_base_passwd <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nss_pwd<span class="hl opt">} .</span> <span class="hl str">&quot;?sub&quot;</span><span class="hl opt">,</span>
                         nss_base_group <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>nss_grp<span class="hl opt">} .</span> <span class="hl str">&quot;?sub&quot;</span><span class="hl opt">,</span>
                        <span class="hl opt">);</span>
        <span class="hl opt">}</span> <span class="hl kwa">else</span> <span class="hl opt">{</span>

        update_ldap_conf<span class="hl opt">(</span>
                         nss_base_shadow <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} .</span> <span class="hl str">&quot;?sub&quot;</span><span class="hl opt">,</span>
                         nss_base_passwd <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">} .</span> <span class="hl str">&quot;?sub&quot;</span><span class="hl opt">,</span>
                         nss_base_group <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAPDOMAIN<span class="hl opt">}  .</span> <span class="hl str">&quot;?sub&quot;</span><span class="hl opt">,</span>
                        <span class="hl opt">);</span>
                <span class="hl opt">}</span>
        <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>anonymous<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;1&apos;</span><span class="hl opt">) {</span>
                 update_ldap_conf<span class="hl opt">(</span>
                         binddn <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_binddn<span class="hl opt">},</span>
                         bindpw <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>LDAP_bindpwd<span class="hl opt">},</span>
                        <span class="hl opt">);</span>
        <span class="hl opt">}</span>

        <span class="hl kwa">if</span> <span class="hl opt">(</span><span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>cafile<span class="hl opt">}</span> <span class="hl kwc">eq</span> <span class="hl str">&apos;1&apos;</span><span class="hl opt">) {</span>
                 update_ldap_conf<span class="hl opt">(</span>
                 ssl <span class="hl opt">=&gt;</span> <span class="hl str">&quot;on&quot;</span><span class="hl opt">,</span>
                 tls_checkpeer <span class="hl opt">=&gt;</span> <span class="hl str">&quot;yes&quot;</span><span class="hl opt">,</span>
                 tls_cacertfile <span class="hl opt">=&gt;</span> <span class="hl kwb">$authentication</span><span class="hl opt">-&gt;{</span>file<span class="hl opt">},</span>
                <span class="hl opt">);</span>
        <span class="hl opt">}</span>
 <span class="hl opt">}</span>
<span class="hl num">1</span><span class="hl opt">;</span>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.1</a> (<a href='https://git-scm.com/'>git 2.21.0</a>) at 2025-01-23 17:06:19 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>