summaryrefslogtreecommitdiffstats
path: root/perl-install/pixmaps/mouse_2b_right.png
blob: d1bea042471627662b1b441c4ecb9ffa6c3fc214 (plain)
ofshex dumpascii
0000 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 5e 00 00 00 9e 08 06 00 00 00 bb 3a bd .PNG........IHDR...^..........:.
0020 da 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 09 70 48 59 73 00 00 0b 12 00 .....bKGD..............pHYs.....
0040 00 0b 12 01 d2 dd 7e fc 00 00 00 07 74 49 4d 45 07 d3 03 1e 12 06 22 33 80 0f 21 00 00 0f d6 49 ......~.....tIME......"3..!....I
0060 44 41 54 78 9c ed 9d 59 70 5c 57 5a 80 bf 73 97 5e 25 b5 64 2d 96 2d ef b6 2c 47 b1 25 3b f1 9a DATx...Yp\WZ..s.^%.d-.-..,G.%;..
0080 64 b2 b0 64 30 50 f0 c2 c3 f0 c2 0b 03 55 14 c5 13 3c 50 50 40 f1 42 41 11 5e e6 81 62 a8 e1 75 d..d0P.......U...<PP@.BA.^..b..u
00a0 6a de 80 2a 18 48 66 e2 38 89 63 8d 13 25 5e 12 af b2 2d 6b b1 f6 ad d5 cb bd 7d b7 c3 43 b7 2c j..*.Hf.8.c..%^...-k......}..C.,
00c0 99 58 52 4b dd ad b6 a5 f3 55 fd 6a d9 7d ee b9 bf fe f3 f7 7f fe f3 df 73 6f 83 42 b1 d5 38 58 .XRK.....U.j.}..........so.B..8X
00e0 6d 05 b6 24 e1 70 74 16 38 5d 6d 3d b6 1c 7f ff de 8f 82 70 38 92 06 7e b3 da ba 6c 29 3e ee e9 m..$.pt.8]m=.......p8..~...l)>..
0100 97 ff f4 83 9f c8 68 ac 26 a3 eb fa f7 ab ad cf 56 41 f3 7d 49 fb 91 e3 fc c5 df fe 6b 4c d3 8c ......h.&.......VA.}I.......kL..
0120 7f ac b6 42 5b 05 cd f3 03 3c 3f a0 b6 ae 11 44 b5 d5 d9 3a 68 7e 20 f1 7d 49 e0 07 d5 d6 65 4b ...B[....<?....D...:h~..}I....eK
0140 a1 f9 7e 80 ef 07 f8 81 ac b6 2e 5b 8a 45 c3 fb 12 94 ed 37 0c cd f3 25 9e 9f 0f 37 8a 8d 63 49 ..~........[.E.....7...%...7..cI
0160 a8 51 31 7e 23 51 86 af 12 9a ef 2f 64 35 2a d4 6c 24 da 82 b7 7b f9 ac 46 65 f2 1b c4 92 c9 55 .Q1~#Q...../d5*.l$...{..Fe.....U
0180 85 9a 8d 44 f3 83 7c 8c 0f 7c a9 b2 c9 0d 44 4d ae 55 e2 c9 e4 aa f2 f8 8d e5 49 91 4c c5 f8 8d ...D..|..|....DM.U........I.L...
01a0 45 d5 6a aa c4 62 a8 51 86 df 50 9e e4 f1 aa 2c bc b1 3c f1 78 4f 55 27 37 94 27 93 6b a0 d2 c9 E.j..b.Q..P....,..<.xOU'7.'.k...
01c0 0d e5 c9 02 4a a5 93 1b 8c 61 84 a4 61 84 a4 ae 87 a4 a6 69 52 68 9a 23 84 e6 18 46 f8 bf ab ad ....J....a..a......iRh.#...F....
01e0 db 66 c6 78 ef 9f 7f 46 d6 f2 c8 da 2e 96 e5 92 b5 5d f3 ee cd 1e 2e ff fc 87 75 9e 97 ab b6 7e .f.x...F.........]........u....~
0200 9b 16 23 14 8e e2 05 2e 5e a0 e3 f9 3a a6 af a3 eb 66 b5 f5 da f4 18 13 63 03 58 39 0f cb f2 b0 ..#.....^...:....f......c.X9....
0220 73 2e 96 ed 91 49 4f 57 5b af 4d 8f 68 68 dc 29 65 00 7e e0 e3 d8 29 89 10 93 00 41 10 bc ef 3a s....IOW[.M.hh.)e.~...)....A...:
0240 d6 ef 55 5b c1 cd 8a 91 b3 b3 80 20 90 3e be ef 01 84 25 20 d0 76 55 57 b5 cd 8d f1 37 7f f7 63 ..U[.........>....%..vUW....7..c
0260 2c db c3 b2 5d b2 b6 27 ec 9c 9b 18 78 74 87 8f 7f fa 83 dd 9e 67 57 5b bf 4d 8b 91 d8 d6 8c 69 ,...]..'....xt.......gW[.M.....i
0280 b9 18 96 8b 5e 90 68 ac 4e 5d 04 ac 30 c6 7c 72 06 cb 76 9f 78 bd 65 bb e4 ac 94 b2 7b 85 11 d1 ....^.h.N]..0.|r..v.x.e.....{...
02a0 58 42 4a 19 20 a5 c4 f7 1c 09 64 24 08 4d e8 57 5d d7 fa 4e b5 15 dc ac 18 d1 58 1d 81 94 f8 be XBJ.......d$.M.W]..N......X.....
02c0 8f 63 25 25 42 cc 49 29 09 64 90 aa b6 72 9b 19 e3 4f fe ec 3d 2c db c3 ce 79 d8 b6 ab d9 39 6f .c%%B.I).d...r...O..=,...y....9o
02e0 d7 e3 e1 07 5c fa e0 5f 5c 0f 35 b9 56 0a a3 6d d7 41 b2 96 fb 94 a4 d3 d9 6a eb b5 e9 d1 10 f0 ....\.._\.5.V..m.A.......j......
0300 6d 91 a0 aa f3 15 45 5b c8 5e 96 66 31 b1 78 03 9e 97 db 0e 84 ab a0 d3 96 40 83 45 a3 2f 38 7c m.....E[.^.f1.x..........@.E./8|
0320 6d 5d 33 2d 3b 8f 08 4d 33 ff a0 6a 9a 6d 72 34 84 60 51 78 22 c7 cf 7e 2f a6 e9 c6 5f 03 46 95 m]3-;..M3..j.mr4.`Qx"..~/..._.F.
0340 75 dc 94 68 48 49 df ed 5e 46 87 fb 48 ce 8e b3 50 bb 69 d9 79 84 ba fa 9d 51 e0 7b d5 56 72 33 u..hHI..^F..H...P.i.y....Q.{.Vr3
0360 22 e2 35 f5 32 93 9e 63 ef ee 36 92 f3 29 32 d9 2c 9e e7 13 0e 87 30 0d 03 4d d3 3c 5d d7 7b 65 ".5.2..c..6..)2.,.....0..M.<].{e
0380 10 8c e7 1c 77 3c 6b 59 63 c0 2c 30 53 78 9d 05 e6 80 9b a8 09 b9 68 04 20 85 10 04 53 7d 4f fe ....w<kYc.,0Sx........h.....S}O.
03a0 d3 71 1c a6 67 e6 98 9d 4b 32 33 97 cc bf ce e6 5f a7 67 e7 98 98 9a ce 4d 4e cf e4 26 a7 66 82 .q..g...K23....._.g.....MN..&.f.
03c0 99 d9 39 92 f3 29 31 32 36 51 1b 8f 45 67 42 21 f3 91 eb 7a 37 53 e9 cc d7 c0 fd 82 3c 00 b5 28 ..9..)126Q..EgB!...z7S......<..(
03e0 58 8a 00 a4 ae 6b 78 e3 77 4b ea c8 75 5d 1e 0d 3e e6 7e ff 00 f7 fb 07 b8 7d ef 81 73 f3 4e 9f X....kx.wK..u]..>.~......}..s.N.
0400 7d bf 7f 40 1b 9f 9c 8e 46 23 91 64 34 12 1e 08 64 70 67 2e 99 ba e6 fb fe 3d 16 07 c5 2a c3 df }..@....F#.d4...dpg......=...*..
0420 f2 42 21 00 69 1a 06 ce e8 cd 8a 9d c4 f3 bc 25 83 32 48 df c3 47 f2 eb db 7d d9 be 87 8f 18 9f .B!.i..........%.2H..G...}......
0440 98 0a d7 d6 c4 47 0d 43 ef 9d 9c 9e bd 20 a5 ec 05 ae b3 c9 07 43 00 32 14 32 c9 0d df a8 8a 02 .....G.C.............C.2.2......
0460 b9 9c c3 8d 5b 77 f9 f2 fa 4d 7e f1 e5 75 f7 f2 17 57 73 fd 83 8f 23 b5 35 f1 c7 42 70 65 66 36 ....[w...M~..u...Ws...#.5..Bpef6
0480 79 11 f8 12 b8 c1 26 0a 57 02 90 91 70 18 6b f0 ab 6a eb f2 04 db ce 71 fd e6 5d 7a af 7f 43 4f y.....&.W...p.k..j.....q..]z..CO
04a0 ef 75 bb a7 f7 9a 3b f8 78 34 5a 1b 8f 0f fa 41 d0 33 9f 4a 7f 4a 7e 30 be 06 5e c8 ad 10 02 90 .u....;.x4Z....A.3.J.J~0..^.....
04c0 b1 68 84 4c 7f 6f b5 75 59 91 6c d6 e2 fa ad bb f4 5e bb c9 e5 de 6b d9 9e de eb de e0 e3 d1 9a .h.L.o.uY.l......^....k.........
04e0 6d f5 89 fb 73 c9 f9 0f fc 20 f8 14 b8 08 4c 54 59 d5 a2 10 80 ac ad 89 31 7f ff 17 d5 d6 65 cd m...s.........LTY.......1.....e.
0500 04 41 c0 e5 2f ae f1 e9 95 af 82 9f 7d dc 93 ea f9 f2 46 d4 d0 f5 a4 ae eb 97 93 f3 a9 0f 80 cf .A../.......}.....F.............
0520 80 6f 00 bf ca aa 7e 0b 01 c8 44 6d 0d 73 f7 2e 55 5b 97 92 91 52 72 fb de 43 2e f7 5e e7 c2 a5 .o....~...Dm.s..U[...Rr..C..^...
0540 cf b3 17 7b be 0c a6 67 e7 8c 9a 78 ec 5a 2a 95 79 df f5 bc 4f 80 cf 81 74 b5 75 15 80 6c 48 d4 ...{...g...x.Z*.y...O...t.u..lH.
0560 31 73 fb e3 6a eb 52 11 26 a6 66 f8 ec f3 6b 7c 72 e5 2b f7 c3 4f af 58 77 ee 3f 8a d6 c4 63 03 1s..j.R.&.f...k|r.+..O.Xw.?...c.
0580 ae e7 7e 98 ce 58 17 c8 7f 2a 1e 6f b4 5e 02 90 8d 0d 09 a6 be b9 b0 d1 e7 ae 0a 96 65 d3 7b e3 ..~..X...*.o.^..............e.{.
05a0 16 97 3e bf 2e 7f fe e9 95 f4 95 ab df 98 42 88 74 c8 34 7b 66 93 f3 3f 91 52 fe 78 23 f4 10 80 ..>...........B.t.4{f..?.R.x#...
05c0 6c 69 6c 60 fc fa 07 1b 71 be e7 0e 29 25 b7 fb fa b9 dc 7b 83 3f fe cb 7f 70 1d d7 6b 02 e6 2b lil`....q...)%.....{.?...p..k..+
05e0 7d 5e 0d 40 d3 34 90 72 4b 8a 00 3a db f7 f3 fd df fd 6d ba 3b 0f db c0 1b 95 36 3a 14 4a be 79 }^.@.4.rK..:......m.;.....6:.J.y
0600 c3 ab 1b 13 ce bf 7d ae e6 76 5f ff 77 d3 59 eb a7 95 3e 97 06 a0 6b 22 6f f8 2d 2e 6f 9f 3d 2e ......}..v_.w.Y...>...k"o.-.o.=.
0620 42 21 f3 d7 2a 6d 74 28 78 bc ae eb 80 f2 f8 b3 af 74 92 ce 64 f7 03 b5 40 45 b7 b7 14 3c 7e eb B!..*mt(x........t..d...@E...<~.
0640 c6 f8 a5 12 0d 87 38 76 e4 e0 86 c4 f9 82 c7 17 42 8d 82 5f 7f fb 4c cd 9d 07 03 ef 66 b2 f6 ff ......8v........B.._..L.....f...
0660 54 f2 3c 4b 3c be fa 31 f6 79 90 b7 cf 74 8b 70 28 74 be 92 46 87 a7 b2 1a 75 d5 0e e0 dc 89 4e T.<K<..1.y...t.p(t..F....u.....N
0680 d2 99 ec 01 2a 1c e7 f3 1e af 2b 8f 5f 90 68 d8 e4 e8 e1 fd 36 f0 7a a5 8c 0e 0b 31 5e e5 f1 4f ....*.....+._.h.....6.z....1^..O
06a0 71 fe ad 53 f1 bb fd 43 df cd 64 ed ff ad d4 39 34 00 c3 d0 00 a9 a4 20 ef 9c e9 d2 22 15 ce e7 q..S...C..d....94..........."...
06c0 0d 00 43 79 fc 53 9c 3b de 41 2a 63 1d 04 6a a8 50 09 b9 90 4e 2a c3 2f 25 16 09 f1 72 fb 5e fb ..Cy.S.;.A*c..j.P...N*./%...r.^.
06e0 ea ad 07 af 03 ef 57 e2 1c 2a c6 2f c3 f9 37 5f 8d df eb 1f 7e 37 63 e5 2a 62 f8 7c 8c d7 d5 ca ......W..*./..7_....~7c.*b.|....
0700 f5 ff cb 3b a7 8e 6a 91 70 e5 f2 79 e5 f1 cb f0 da f1 0e e6 33 d6 21 2a 14 e7 f3 93 ab 8a f1 df ...;..j.p..y........3.!*........
0720 22 16 31 79 f9 e0 6e fb da 9d fe d7 80 b2 5f 25 5a b2 80 aa fe c7 fb 79 93 f3 df 39 11 8f 45 c2 ".1y..n......._%Z......y...9..E.
0740 ef 96 db e8 4f 0c 6f 1a 1a f9 b2 b0 92 a5 f2 ce a9 4e 2d 1a 31 2b 12 e7 55 3a b9 02 af 75 b7 33 ....O.o..........N-.1+..U:...u.3
0760 9f b6 da 81 38 90 29 67 df f9 ac 46 d5 e3 9f 29 f1 68 98 ce 83 bb 2a 52 b7 51 93 eb 2a 9c 7f bd ....8.)g...F...).h....*R.Q..*...
0780 3b 7e ef d1 e8 af 58 39 a7 ac 13 ec 92 3c be fa 95 c1 e7 51 7e e9 d4 4b 5a 2c 12 fa 8d 72 1a 1d ;~....X9.....<.....Q~..KZ,...r..
07a0 94 c7 af ca 6b dd 87 98 cf 58 ed 40 0c 28 db 9d d7 6a e5 ba 5a 9c 8f 84 68 df d3 6a 03 a7 ca 65 ....k....X.@.(...j..Z...h..j...e
07c0 74 28 78 bc a9 3c 7e 45 de 7a e5 70 e4 ee a3 d1 b3 7e 10 94 6d 83 a9 ca e3 8b 90 73 5d 07 cc 86 t(x..<~E.z.p.....~..m......s]...
07e0 ba d8 2f af db ca cf 60 49 8c 97 e5 ec 77 53 71 ba 73 3f b6 e3 be 5a ce 3e 55 a8 29 82 c3 7b 9a ../....`I....wSq.s?...Z.>U.)..{.
0800 f1 fd a0 06 68 05 c6 ca d1 a7 4a 27 8b 10 81 e4 44 c7 ee 1c 65 9c 60 35 21 16 f6 4e 56 3f 83 78 ....h.....J'....D...e.`5!..NV?.x
0820 9e e5 cd 13 ed f1 68 d8 2c db 0a d6 d0 84 58 dc b4 aa 58 96 b3 2f ef d5 7e 14 0d bf 63 e5 dc b2 ......h.,.....X...X../..~...c...
0840 f4 67 08 21 d0 05 ca f0 ab 70 fa a5 3d a4 b2 f6 31 0a 37 73 94 da 5f de f0 6a 27 d9 aa ec 68 ac .g.!.....p..=...1.7s.._..j'...h.
0860 a3 26 1a 96 39 c7 3b 04 f4 ad 7a c0 2a 68 42 80 a1 0b aa 9d 2b bf 08 72 a6 73 af 04 4e af d7 d8 .&..9.;...z.*hB.....+..r.s..N...
0880 4b d1 04 02 5d a3 ea 99 c3 8b 20 6f 1e df 1f af 8b 47 de 2a 87 e1 8d c5 ac 26 28 47 7f 9b 9a d3 K...]......o.....G.*.....&(G....
08a0 2f ed c6 d4 b5 b2 3c 04 b5 10 e3 85 8a f1 45 70 b2 a3 8d f9 8c 7d 10 08 01 4e 29 7d 19 02 54 56 /.....<.......Ep.....}...N)}..TV
08c0 53 24 b5 d1 10 6d cd 89 dc a3 b1 d9 63 e4 1f 62 b1 6e 54 a8 59 23 af 1f db 6b 0e 8c cf 9e 91 b2 S$...m......c..b.nT.Y#...k......
08e0 34 c3 6b 20 f2 0f 9f 7c 0e 56 87 2f 82 bc fe f2 9e 70 63 19 2a 95 86 10 85 a7 7e 2a 8f 2f 8a d3 4.k....|.V./.....pc.*.....~*./..
0900 47 da f0 fc e0 4c a9 fd e4 6f c5 11 90 cf 55 15 ab d1 75 b0 85 8c ed 6c 07 ea 28 e1 d6 7b 4d 2c G....L...o....U...u....l..(..{M,
0920 fc 78 0e 3e c6 2f 82 98 ba c6 4b 7b 9a 2d a0 a4 fa bc 81 0a 35 6b e6 cd ae 3d b1 db 83 93 e7 5c .x.>./....K{.-......5k...=.....\
0940 2f f8 68 bd 7d 14 3c 5e 52 ed 55 e1 8b 24 67 8f b4 e9 0d 35 91 92 26 58 03 44 fe 59 e6 52 96 d2 /.h.}.<^R.U..$g....5..&X.D.Y.R..
0960 cf 96 e2 74 c7 4e b2 39 f7 95 52 fa 30 04 72 d1 e3 15 45 71 68 67 02 29 89 02 3b 81 91 f5 f4 b1 ...t.N.9..R.0.r...Eqhg.)..;.....
0980 98 d5 28 c3 17 8d 00 5e 6d 6f 75 3f f9 7a e8 34 f0 1f eb e9 c3 40 08 e5 f1 eb e0 3b 47 77 c5 bf ..(....^mou?.z.4.....@.....;Gw..
09a0 ea 1b 7b 23 6d bb eb 34 3c 85 a2 bc 7a 10 f6 9a 38 d3 d1 2a a2 61 f3 9d b4 bd be 4b 81 06 48 74 ..{#m..4<...z...8..*.a.....K..Ht
09c0 4d 79 fc 5a 39 d9 de 42 ca ca 1d 59 ef f1 86 a0 b0 c7 43 19 7e 4d ec 68 88 61 ea ba 66 e3 ef 06 My.Z9..B...Y......C.~M.h.a..f...
09e0 86 d6 7a bc 2a 92 95 20 c7 f6 35 7a 40 f7 7a 06 ce 40 a5 93 eb e6 4c c7 f6 68 6f df f8 09 c7 0b ..z.*.....5z@.z..@....L..ho.....
0a00 fe 6b ad c7 e6 27 57 50 86 5f 07 27 f6 37 e9 89 78 f8 8d c9 e4 da 1f 75 bf 24 8f 57 59 cd 5a e9 .k...'WP._.'.7..x......u.$.WY.Z.
0a20 de d7 88 e3 fa c7 d6 73 6c c1 f0 12 55 16 5e 3b 47 76 25 c8 e4 bc 66 d6 71 b7 c8 a2 e1 55 a8 59 .......sl...U.^;Gv%...f.q....U.Y
0a40 33 21 43 b0 af a5 c6 ba 3f 3a 7f 0c b8 b2 96 63 0d 29 55 c9 a0 14 4e 1e 6a 36 ef 8f ce 77 b1 46 3!C.....?:.....c.)U...N.j6...w.F
0a60 c3 6b 4f 7e 3c 07 e9 d9 8b 28 a7 0e 36 45 12 b1 d0 b9 b5 0e 98 4a 27 4b a4 7b 5f 03 86 2e d6 bc .kO~<....(..6E.......J'K.{_.....
0a80 6f be 90 4e 2a c3 af 97 ae 3d f5 a4 2c f7 10 6b dc 45 ac d2 c9 12 69 ae 0b 13 0f 1b d2 f1 9c fd o..N*....=..,..k.E....i.........
0aa0 c0 c3 62 8f cb 4f ae ca e3 4b a2 6b 6f 83 f7 f1 ad f1 2e d6 60 f8 c2 83 fb 17 f2 78 25 eb da be ..b..O...K.ko.......`......x%...
0ac0 dd de 18 33 75 6d 4d 97 02 0d 89 5c cc 6a 14 eb e2 c4 be 7a 3d 11 33 5f 9f 4a 15 ff 5d 60 06 12 ...3umM....\.j.....z=.3_.J..]`..
0ae0 84 0a 35 25 d1 b5 27 41 ce f5 8f ae e5 18 43 08 08 02 5f 19 be 04 0e b7 c6 b1 5d bf 81 35 ec 2e ..5%..'A......C..._.......]..5..
0b00 33 00 82 20 50 86 2f 01 43 83 83 db 6b ac 3b 23 a9 63 e4 bf 57 6a f5 63 00 64 20 55 8c 2f 91 93 3...P./.C...k.;#.c..Wj.c.d.U./..
0b20 07 1a 42 77 46 52 dd 14 69 78 4d b0 c4 e3 95 ac 5b 4e 1f a8 8f 24 a2 46 d1 a5 83 bc c7 2f 74 a0 ..BwFR..ixM.....[N...$.F...../t.
0b40 58 37 5d bb 6b d1 34 71 b2 d8 f6 06 a2 e0 f1 6a 7b 47 49 74 ef a9 23 6d 7b 07 c8 af 8d 56 f5 62 X7].k.4q.......j{GIt..#m{....V.b
0b60 23 5f 2d 50 1e 5f 2a f5 31 9d 44 cc f4 a6 52 ce 21 e0 de 6a ed 55 56 53 46 ba 76 d7 72 e1 d6 74 #_-P._*.1.D...R.!..j.UVSF.v.r..t
0b80 37 45 18 5e 03 08 82 f2 d6 a8 b7 aa 9c dc 57 17 d5 04 45 2d a4 0a e9 a4 f2 f8 72 d0 b9 33 2e 12 7E.^..........W...E-......r..3..
0ba0 51 e3 c4 6c d6 5b b5 ad 0a 35 65 a4 a3 35 8a 84 ce 62 da aa 74 b2 8c 74 6c 8f 92 c9 f9 bb 29 e2 Q..l.[...5e..5...b..t..tl.....).
0bc0 a2 88 21 80 40 ca d5 da 29 8a a0 21 6e 10 31 35 5c df 6f 03 86 57 6a ab 62 7c 99 d9 df 14 09 6e ..!.@...)..!n.15\.o..Wj.b|.....n
0be0 0c 67 3a 28 c6 f0 2a c6 97 8f a3 3b 63 c6 8d e1 cc 61 e0 c3 95 da 19 20 91 0b 29 91 a2 64 ba 77 .g:(..*....;c....a........)..d.w
0c00 c7 8d 7f bf 3a 7d cc 72 57 76 64 e5 f1 65 e6 c8 f6 08 d1 90 d6 ad 0c bf c1 74 6c 8f e0 78 c1 e1 ....:}.rWvd..e...........tl..x..
0c20 d5 da 15 d2 49 15 6a ca c5 81 a6 10 96 1b 34 00 11 c0 5e ae 9d 88 18 42 fa 12 e2 21 8d 9a 88 4e ....I.j.......4...^....B...!...N
0c40 7d 44 a7 3e a6 d3 18 37 68 ae 35 d9 91 30 d9 16 33 68 88 e9 d4 2f bc 46 17 ff 5d 13 d6 10 42 6c }D.>...7h.5..0..3h.../.F..]...Bl
0c60 dc 5f f6 02 d0 f6 e7 57 ad 91 a4 7b 06 f8 7a b9 36 86 ed e5 3d 7d ce f2 99 b3 fc 67 e6 40 ba 06 ._.....W...{..z.6...=}.....g.@..
0c80 21 3d ff 08 ad 85 95 81 1f 48 1c 5f e2 07 10 0b 69 c4 43 1a 75 11 9d 44 54 a7 21 9e 1f b8 96 1a !=.......H._....i.C.u..DT.!.....
0ca0 83 d6 84 c9 ae fa 10 ad 75 26 ad 09 93 d6 3a 93 96 5a 63 53 0f 56 c7 f6 88 18 49 ba 1d ac 64 f8 ........u&....:..ZcS.V....I...d.
0cc0 62 3a f2 03 b0 82 e5 17 59 59 27 20 eb 04 4c a6 9f 5d a3 08 1b 02 53 cf 1b da f5 25 39 4f 92 88 b:......YY'...L..]....S....%9O..
0ce0 68 6c 8b 1b b4 d6 99 ec 6e 08 b1 bf 31 44 6b c2 a4 bd 39 c2 c1 e6 30 ed 2d e1 fc 93 a3 5e 40 ba hl......n...1Dk...9...0.-....^@.
0d00 da a2 e6 c5 7b a9 23 2b 05 6f e3 48 67 37 ae eb e0 e4 72 b8 4e 0e c7 71 70 5d 07 d7 73 91 41 80 ....{.#+.o.Hg7....r.N..qp]..s.A.
0d20 94 12 4d d7 d1 34 0d 4d d3 10 42 43 06 01 ae e7 92 b3 8b bb 05 25 e7 e5 8d bd 94 a4 1d 90 b4 1d ..M..4.M..BC.........%..........
0d40 fa a7 1d 7a fa f3 df f4 53 1b d6 30 74 81 e7 4b 32 4e 40 63 dc 60 5f 63 88 a3 3b 22 74 6c 8f 70 ...z....S..0t..K2N@c.`_c..;"tl.p
0d60 b0 29 c4 fe a6 30 c7 77 45 9f eb 41 39 ba 23 ac d7 45 f5 13 49 cb 5f b6 8d f1 c3 7f fb cf 55 3b .)...0.wE..A9.#..E..I._.......U;
0d80 72 5d 87 5c ce 26 9b cd 90 9a 4f 32 3b 33 c5 ec cc 14 d3 d3 13 8c 8e 0e 31 3e f6 98 e9 a9 09 e6 r].\.&....O2;3..........1>......
0da0 e6 a6 49 a5 e6 09 7c 1f dd 30 d0 84 86 e7 b9 d8 45 0e 50 2a f7 74 66 35 99 f6 98 4c 7b 7c 31 90 ..I...|..0......E.P*.tf5...L{|1.
0dc0 25 1e 12 84 0d 0d 80 99 ac 4f 2c 24 d8 99 30 39 d0 18 a2 73 47 84 03 8d f9 4f cd be 82 d4 84 f5 %........O,$..09...sG....O......
0de0 a2 ce 59 09 3a 5a 42 68 f0 d2 4a 6d c4 c5 9e fe 8a a4 33 b3 33 53 4c 4d 4d 30 3e 36 cc d0 60 3f ..Y.:ZBh..Jm......3.3SLMM0>6..`?
0e00 0f 1f dc 61 68 b0 9f 89 b1 11 d2 e9 79 4c d3 04 21 70 9c 1c ae 53 d2 93 04 11 e4 e7 19 53 cf 87 ...ah.......yL..!p...S.......S..
0e20 c5 ac 1b 10 35 35 da 12 06 07 9a c2 74 b6 86 39 d4 1c ce 0f cc 36 93 bd db 42 44 4c ad 3c 7f e8 ....55......t..9.....6...BDL.<..
0e40 33 98 48 79 ec fe ab db 96 e3 cb d8 b2 3a 5f bc 5c 19 c3 af 84 94 92 e9 a9 fc a7 65 e4 f1 20 03 3.Hy.........:_.\..........e....
0e60 8f fa e8 7f d8 c7 c8 e3 01 a6 26 c7 f1 7d 0f c3 34 09 82 00 db b2 f2 1b ae 4a 24 6a e6 e7 19 3f ..........&..}..4........J$j...?
0e80 00 cb 0d a8 0d 6b b4 d5 9b 1c 68 34 39 de 16 65 47 c2 a0 29 6e d0 5c a3 d3 54 63 d0 14 d7 69 a9 .....k....h49..eG..)n.\..Tc...i.
0ea0 35 d6 1d d2 62 7f 7a 33 67 b9 72 2f 30 fe ac f7 c5 47 55 30 fc 6a 38 b9 1c 63 a3 c3 85 81 19 e0 5...b.z3g.r/0....GU0.j8..c......
0ec0 e1 83 bb 0c 0e 3c 60 6c 74 98 b9 d9 69 4c 33 84 a6 69 f8 81 4f 36 53 9e 6f fc 34 35 30 8d fc 93 .....<`lt...iL3..i..O6S.o.450...
0ee0 c5 03 09 5e 90 9f 9b c2 86 a0 2e ac 51 1f d3 69 8a eb 6c af 35 d8 51 67 14 12 06 08 e9 1a a1 c2 ...^........Q..i..l.5.Qg........
0f00 ef 93 69 9f 89 b4 c7 74 c6 f7 2f dc cb fa 8e 2f 7f 15 f8 e4 59 e7 13 1f 7d f6 f0 b9 33 fc 6a 24 ..i....t../..../....Y...}...3.j$
0f20 e7 66 18 19 19 64 74 64 88 c7 c3 f9 81 19 1e ea 67 72 62 14 db b6 08 85 c2 00 38 4e 8e 5c 6e d9 .f...dtd........grb.......8N.\n.
0f40 35 4c 25 19 06 fe 10 f8 02 98 7a 56 03 71 e1 05 34 fc 4a f8 9e c7 c4 c4 28 a3 85 81 19 1c 78 c8 5L%.......zV.q..4.J.....(.....x.
0f60 a3 fe 7b 8c 3c 1e 64 76 66 12 00 c3 0c 11 f8 3e b6 9d c5 f3 56 bf 4c b7 0e 06 81 bd 2b 35 10 1f ..{.<.dvf......>....V.L.....+5..
0f80 5e da 5c 86 5f 8d 6c 36 cd e8 c8 10 a3 23 43 8c 8d 0e d1 ff f0 1e 43 83 0f 19 1b 1d 26 99 9c 21 ^.\._.l6.....#C.......C.....&..!
0fa0 12 89 a1 eb 3a be ef e1 3a 2e b9 dc da ef da 26 ef e5 cd 2b 35 10 1f 5e 7a b0 a5 0c bf 1a d3 53 ....:...:......&...+5..^z......S
0fc0 13 0c 0f f5 33 3f 3f 47 72 6e 86 e4 dc 0c e3 e3 23 4c 4f 4d 30 3b 33 c9 fc fc 1c a9 d4 3c d9 6c ....3??Grn......#LOM0;3......<.l
0fe0 9a 90 19 02 96 2c 2b a5 04 21 f2 d7 52 85 c8 9a a6 f9 7e 3a 35 ff 3b cf 3a 8f a1 6a 63 4f b3 ad .....,+..!..R.....~:5.;.:..jcO..
1000 b1 85 6d 8d 2d 45 b5 f5 3c 97 7c 11 85 bc c1 61 a1 14 a2 4d 4e 8c d6 fc d1 ef ff d6 b2 5b fa 8a ..m.-E..<.|....a...MN........[..
1020 2a 19 28 9e 8d 61 98 cb be d7 d4 dc 4a ce c9 35 2d f7 fe ff 01 99 e5 99 6d 99 9e 6f b5 00 00 00 *.(..a......J..5-.......m..o....
1040 00 49 45 4e 44 ae 42 60 82 .IEND.B`.
id='n844' href='#n844'>844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001
package authentication; # $Id$

use common;

my ($authentication) = @_;

sub kinds { 
    my $no_para = @_ == 0;
    my ($do_pkgs, $_meta_class) = @_;
    my $allow_SmartCard = $no_para || $do_pkgs->is_available('castella-pam');
    (
	'LDAP',
	'KRB5',
	'winbind', 
	'NIS', 
	if_($allow_SmartCard, 'SmartCard'), 
	'local',
    );
}

sub kind2name {
    my ($kind) = @_;
    # Keep the following strings in sync with kind2description ones!!!
    ${{ local => N("Local file"), 
    LDAP => N("LDAP"), 
    NIS => N("NIS"),
    SmartCard => N("Smart Card"),
    winbind => N("Windows Domain"), 
    KRB5 => N("Kerberos 5") }}{$kind};
}

my %kind2pam_kind = (
    local     => [],
    SmartCard => ['castella'],
    LDAP      => ['ldap'], 
    NIS       => [],
    KRB5        => ['krb5'],
    winbind   => ['winbind'], 
);

my %kind2nsswitch = (
    local     => [],
    SmartCard => [],
    LDAP      => ['ldap'], 
    NIS       => ['nis'],
    KRB5        => ['ldap'],
    winbind   => ['winbind'], 
);

my %kind2packages = (
    local     => [],
    SmartCard => [ 'castella-pam' ],
    LDAP      => [ 'openldap-clients', 'nss_ldap', 'pam_ldap', 'autofs', 'nss_updatedb' ],
    KRB5       => [ 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi', 'nss_updatedb' ],
    NIS       => [ 'ypbind', 'autofs' ],
    winbind   => [ 'samba-winbind', 'nss_ldap', 'pam_krb5', 'libsasl2-plug-gssapi' ],
);


sub kind2description_raw {
    my (@kinds) = @_;
    my %kind2description = (
	local     => [ N("Local file:"), N("Use local for all authentication and information user tell in local file"), ],
	LDAP      => [ N("LDAP:"), N("Tells your computer to use LDAP for some or all authentication. LDAP consolidates certain types of information within your organization."), ],
	NIS       => [ N("NIS:"), N("Allows you to run a group of computers in the same Network Information Service domain with a common password and group file."), ],
	winbind   => [ N("Windows Domain:"), N("Winbind allows the system to retrieve information and authenticate users in a Windows domain."), ],
	KRB5        => [ N("Kerberos 5 :"), N("With Kerberos and Ldap for authentication in Active Directory Server "), ],
    );
    join('', map { $_ ? qq($_->[0]\n$_->[1]) : '' } map { $kind2description{$_} } @kinds);
}

sub kind2description {
    my (@kinds) = @_;
    join('', map { $_ ? qq($_\n\n) : '' } map { kind2description_raw($_) } @kinds);
}

sub to_kind {
    my ($authentication) = @_;
    (find { exists $authentication->{$_} } kinds()) || 'local';
}

sub domain_to_ldap_domain {
    my ($domain) = @_;
    join(',', map { "dc=$_" } split /\./, $domain);
}

sub ask_parameters {
    my ($in, $net, $authentication, $kind) = @_;

    #- keep only this authentication kind
    foreach (kinds()) {
	delete $authentication->{$_} if $_ ne $kind;
    }
    # do not enable ccreds unless required
    undef $authentication->{ccreds};

    if ($kind eq 'LDAP') {
	$authentication->{LDAPDOMAIN} ||= domain_to_ldap_domain($net->{resolv}{DOMAINNAME});
	#$authentication->{anonymous} = "0";
	#$authentication->{cafile} = "0";
	#$authentication->{nssgrp} = "0";
	$authentication->{ccreds} = 1;

    # this package must be installed for 'Fetch DN' button to actually work
    $in->do_pkgs->ensure_are_installed([ 'openldap-clients' ], 1) or return;
    
	$in->ask_from('', N(" "),
		     [ { label => N("Welcome to the Authentication Wizard"), title => 1 },
                     {},
                     { label => N("You have selected LDAP authentication. Please review the configuration options below "), },
                     {},
		     { label => N("LDAP Server"), val => \$authentication->{LDAP_server} },
		     { label => N("Base dn"), val => \$authentication->{LDAPDOMAIN} },
                     { val => N("Fetch base Dn "), type  => button , clicked_may_quit => sub { $authentication->{LDAPDOMAIN} = fetch_dn($authentication->{LDAP_server}); 0 } },
		     {},
		     { text => N("Use encrypt connection with TLS "), val => \$authentication->{cafile}, type => 'bool' },
                     { val => N("Download CA Certificate "), type  => button , disabled => sub { !$authentication->{cafile} }, clicked_may_quit => sub { $authentication->{file} = add_cafile(); 0 }  },
		     
		     { text => N("Use Disconnect mode "), val => \$authentication->{ccreds}, type => 'bool' },
		     { text => N("Use anonymous BIND "), val => \$authentication->{anonymous}, type => 'bool' , advanced => 1 },
		     { text => N("  "), advanced => 1 },
                     { label => N("Bind DN "), val => \$authentication->{LDAP_binddn}, disabled => sub { !$authentication->{anonymous} }, advanced => 1  },
                     { label => N("Bind Password "), val => \$authentication->{LDAP_bindpwd}, disabled => sub { !$authentication->{anonymous} }, advanced => 1 },
		     { text => N("  "), advanced => 1 },
		     { text => N("Advanced path for group "), val => \$authentication->{nssgrp}, type => 'bool' , advanced => 1 },
		     { text => N("  "), advanced => 1 },
                     { label => N("Password base"), val => \$authentication->{nss_pwd},  disabled => sub { !$authentication->{nssgrp} }, advanced => 1 },
                     { label => N("Group base"), val => \$authentication->{nss_grp},  disabled => sub { !$authentication->{nssgrp} }, advanced => 1 },
                     { label => N("Shadow base"), val => \$authentication->{nss_shadow},  disabled => sub { !$authentication->{nssgrp} }, advanced => 1 },
		     { text => N("  "), advanced => 1 },
		     ]) or return;
    } elsif ($kind eq 'KRB5') {
	
	$authentication->{AD_domain} ||= $net->{resolv}{DOMAINNAME};
	$in->do_pkgs->ensure_are_installed([ 'perl-Net-DNS' ], 1) or return;
	my @srvs = query_srv_names($authentication->{AD_domain}); #FIXME: update this list if the REALM has changed
	$authentication->{AD_server} ||= $srvs[0] if @srvs;
	my $AD_user = $authentication->{AD_user} =~ /(.*)\@\Q$authentication->{AD_domain}\E$/ ? $1 : $authentication->{AD_user};
	$authentication->{ccreds} = 1;

	$in->ask_from('', N(" "),
                        [ { label => N("Welcome to the Authentication Wizard"), title => 1 },
                        {},
                        { label => N("You have selected Kerberos 5 authentication. Please review the configuration options below "), },
                        {},
		       { label => N("Realm "),  val => \$authentication->{AD_domain} },
                       {},
		       { label => N("KDCs Servers"), title => 1, val => \$authentication->{AD_server} , list => \@srvs , not_edit => 0,  title => 1 },
                       {},
		       { text => N("Use DNS to locate KDC for the realm"), val => \$authentication->{KRB_host_lookup}, type => 'bool' },
		       { text => N("Use DNS to locate realms"), val => \$authentication->{KRB_dns_lookup}, type => 'bool' },
		       { text => N("Use Disconnect mode "), val => \$authentication->{ccreds}, type => 'bool' },
		     ]) or return;

my %level = (
             1 => N("Use local file for users information"),
             2 => N("Use Ldap for users information"),
            );

 $in->ask_from('', N(" "),
                        [ { label => N(" "), title => 1 },
                        {},
                        { label => N("You have selected Kerberos 5 for authentication, now you must choose the type of users information "), },
                        {},
			{ label => "" , val => \$authentication->{nsskrb}, type => 'list', list => [ keys %level ], format => sub { $level{$_[0]} } },
			{},	
			{ label => N("LDAP Server"), val => \$authentication->{LDAP_server}, disabled => sub { $authentication->{nsskrb} eq "1"  } },
                     	{ label => N("Base dn"), val => \$authentication->{LDAPDOMAIN} , disabled => sub { $authentication->{nsskrb} eq "1"  } },
                     	{ val => N("Fecth base Dn "), type  => button , clicked_may_quit => sub { $authentication->{LDAPDOMAIN} = fetch_dn($authentication->{LDAP_server}); 0 }, disabled => sub { $authentication->{nsskrb} eq "1"  } },
			{},
                     	{ text => N("Use encrypt connection with TLS "), val => \$authentication->{cafile}, type => 'bool',, disabled => sub { $authentication->{nsskrb} eq "1"  } },
                     	{ val => N("Download CA Certificate "), type  => button , disabled => sub { !$authentication->{cafile} }, clicked_may_quit => sub { $authentication->{file} = add_cafile(); 0 }  },
                     	{ text => N("Use anonymous BIND "), val => \$authentication->{anonymous}, type => 'bool', disabled => sub { $authentication->{nsskrb} eq "1"  } },
                     	{ label => N("Bind DN "), val => \$authentication->{LDAP_binddn}, disabled => sub { !$authentication->{anonymous} } },
                     	{ label => N("Bind Password "), val => \$authentication->{LDAP_bindpwd}, disabled => sub { !$authentication->{anonymous} } },
                     	{},
			]) or return;
	
	$authentication->{AD_user} = !$AD_user || $authentication->{sub_kind} eq 'anonymous' ? '' : 
	                             $AD_user =~ /@/ ? $AD_user : "$AD_user\@$authentication->{AD_domain}";
	$authentication->{AD_password} = '' if !$authentication->{AD_user};


    } elsif ($kind eq 'NIS') {
	$authentication->{NIS_server} ||= 'broadcast';
	$net->{network}{NISDOMAIN} ||= $net->{resolv}{DOMAINNAME};
	$in->ask_from('', N(" "),
		[ { label => N("Welcome to the Authentication Wizard"), title => 1 },
		{},
		{ label => N("You have selected NIS authentication. Please review the configuration options below "), },
		{},
		{ label => N("NIS Domain"), val => \$net->{network}{NISDOMAIN} },
		{ label => N("NIS Server"), val => \$authentication->{NIS_server}, list => ["broadcast"], not_edit => 0 },
		{},
		     ]) or return;
    } elsif ($kind eq 'winbind') {
	#- maybe we should browse the network like diskdrake --smb and get the 'doze server names in a list 
	#- but networking is not setup yet necessarily
	#
	my @sec_domain = (
		"Windows Active Directory Domain",
		"Windows NT4 Domain",
);


	$authentication->{DNS_domain} ||= $net->{resolv}{DOMAINNAME};
	$authentication->{WINDOMAIN} ||= $net->{resolv}{DOMAINNAME};
	$in->do_pkgs->ensure_are_installed([ 'samba-client' ], 1) or return;
	my @domains=list_domains();

	$in->ask_from('', N(" "),
			[ { label => N("Welcome to the Authentication Wizard"), title => 1 },
			{},
			{ label => N("You have selected Windows Domain authentication. Please review the configuration options below "), },
		        {},
			{ label => N("Windows Domain"), val => \$authentication->{WINDOMAIN}, list => \@domains, not_edit => 1 },
		        {},
		        { label => N("Domain Model "), val => \$authentication->{model}, list => \@sec_domain , not_edit => 1 },
		        {},
			{ label => N("Active Directory Realm "), val => \$authentication->{AD_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain"  } },
			{ label => N("DNS Domain"), val => \$authentication->{DNS_domain} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain"  } },
			{ label => N("DC Server"), val => \$authentication->{AD_server} , disabled => sub { $authentication->{model} eq "Windows NT4 Domain"  } },
		        {},
			]) or return;
    }
    $authentication->{$kind} ||= 1;
    1;
}
sub ask_root_password_and_authentication {
    my ($in, $net, $superuser, $authentication, $meta_class, $security) = @_;

    my $kind = to_kind($authentication);
    my @kinds = kinds($in->do_pkgs, $meta_class);

    $in->ask_from_({
	 title => N("Authentication"), 
	 messages => N("Set administrator (root) password"),
	 advanced_label => N("Authentication method"),
	 advanced_messages => kind2description(@kinds),
	 interactive_help_id => "setRootPassword",
	 cancel => ($security <= 2 ? 
		    #-PO: keep this short or else the buttons will not fit in the window
		    N("No password") : ''),
	 focus_first => 1,
	 callbacks => { 
	     complete => sub {
		 check_given_password($in, $superuser, 2 * $security) or return 1,0;
		 return 0;
        } } }, [
{ label => N("Password"), val => \$superuser->{password},  hidden => 1 },
{ label => N("Password (again)"), val => \$superuser->{password2}, hidden => 1 },
{ label => N("Authentication"), val => \$kind, type => 'list', list => \@kinds, format => \&kind2name, advanced => 1 },
        ]) or delete $superuser->{password};

    ask_parameters($in, $net, $authentication, $kind) or goto &ask_root_password_and_authentication;
}

sub check_given_password {
    my ($in, $u, $min_length) = @_;
    if ($u->{password} ne $u->{password2}) {
	$in->ask_warn('', [ N("The passwords do not match"), N("Please try again") ]);
	0;
    } elsif (length $u->{password} < $min_length) {
	$in->ask_warn('', N("This password is too short (it must be at least %d characters long)", $min_length));
	0;
    } else {
	1;
    }
}

sub get() {
    my $system_auth = cat_("/etc/pam.d/system-auth");
    my $authentication = {
	blowfish => to_bool($system_auth =~ /\$2a\$/),
	md5      => to_bool($system_auth =~ /md5/), 
	shadow   => to_bool($system_auth =~ /shadow/),
    };

    my @pam_kinds = get_pam_authentication_kinds();
    if (my $kind = find { intersection(\@pam_kinds, $kind2pam_kind{$_}) } keys %kind2pam_kind) {
	$authentication->{$kind} = '';
    } else {
	#- we can't use pam to detect NIS
	if (my $yp_conf = read_yp_conf()) {
	    $authentication->{NIS} = 1;
	    map_each { $authentication->{"NIS_$::a"} = $::b } %$yp_conf;
	}
    }
    $authentication;
}

sub install_needed_packages {
    my ($do_pkgs, $kind, $ccreds) = @_;
    if (my $pkgs = $kind2packages{$kind}) {
	# install ccreds if required
	$ccreds and push(@$pkgs, 'pam_ccreds');
	#- automatic during install
	$do_pkgs->ensure_are_installed($pkgs, $::isInstall) or return;
    } else {
	log::l("ERROR: $kind not listed in kind2packages");
    }
    1;
}

sub set {
    my ($in, $net, $authentication, $o_when_network_is_up) = @_;

    install_needed_packages($in->do_pkgs, to_kind($authentication), $authentication->{ccreds}) or return;
    set_raw($net, $authentication, $o_when_network_is_up);

    require services;
    services::set_status('network-auth', to_kind($authentication) ne 'local', 'dont_apply');
}

sub set_raw {
    my ($net, $authentication, $o_when_network_is_up) = @_;

    my $conf_file = "$::prefix/etc/sysconfig/drakauth";
    my $when_network_is_up = $o_when_network_is_up || sub { my ($f) = @_; $f->() };

    enable_shadow() if $authentication->{shadow};    

    my $kind = to_kind($authentication);

    log::l("authentication::set $kind");

    my $pam_modules = $kind2pam_kind{$kind} or log::l("kind2pam_kind does not know $kind");
    $pam_modules ||= [];
    sshd_config_UsePAM(@$pam_modules > 0);
    set_pam_authentication($pam_modules, $authentication->{ccreds});

    my $nsswitch = $kind2nsswitch{$kind} or log::l("kind2nsswitch does not know $kind");
    $nsswitch ||= [];
    set_nsswitch_priority($nsswitch, $authentication->{ccreds});

    if ($kind eq 'local') {

output($conf_file, <<EOF);
auth=Local File 
server=none 
realm=none
EOF



    } elsif ($kind eq 'SmartCard') {
    } elsif ($kind eq 'LDAP') {

	configure_nss_ldap($authentication);

output($conf_file, <<EOF);
auth=Ldap Directory
server=$authentication->{LDAP_server}
realm=$authentication->{LDAPDOMAIN}
EOF

    if ($authentication->{ccreds}) {
	run_program::rooted($::prefix, '/usr/sbin/nss_updatedb.cron');  # updates offline cache.
    }

    } elsif ($kind eq 'KRB5') {

	configure_krb5_for_AD($authentication);
	configure_nss_ldap($authentication);

output($conf_file, <<EOF);
auth=Kerberos 5
server=$authentication->{AD_server}
realm=$authentication->{AD_domain}
EOF

    } elsif ($kind eq 'NIS') {
	my $domain = $net->{network}{NISDOMAIN};
	my $NIS_server = $authentication->{NIS_server};
	$domain || $NIS_server ne "broadcast" or die N("Can not use broadcast with no NIS domain");
	my $t = $domain ? 
	  ($NIS_server eq 'broadcast' ? 
	     "domain $domain broadcast" : 
	     "domain $domain server $NIS_server") :
	     "server $NIS_server";

	substInFile {
	    if (/^#/) {
		$_ = '' if /^#\Q[PREVIOUS]/;
	    } else {
		$_ = "#[PREVIOUS] $_";
	    }
	    $_ .= "$t\n" if eof;
	} "$::prefix/etc/yp.conf";

	#- no need to modify system-auth for nis

	$when_network_is_up->(sub {
	    run_program::rooted($::prefix, 'nisdomainname', $domain);
	    run_program::rooted($::prefix, 'service', 'ypbind', 'restart');
	});

output($conf_file, <<EOF);
auth=$kind
server=$NIS_server
realm=$domain
EOF

#    } elsif ($kind eq 'winbind' || $kind eq 'AD' && $authentication->{subkind} eq 'winbind') {

    } elsif ($kind eq 'winbind') {

	my $domain = uc $authentication->{WINDOMAIN};
	($authentication->{winuser}, $authentication->{winpass}) = auth();

	if ($authentication->{model} eq "Windows NT4 Domain") {

	require fs::remote::smb;
	fs::remote::smb::write_smb_conf($domain);
	run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on");
	mkdir_p("$::prefix/home/$domain");
	run_program::rooted($::prefix, 'service', 'smb', 'restart');
	run_program::rooted($::prefix, 'service', 'winbind', 'restart');
	
	#- defer running smbpassword until the network is up

	$when_network_is_up->(sub {
	    run_program::raw({ root => $::prefix, sensitive_arguments => 1 },
		    #'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass});
			     'echo', '"', 'net', 'join', $domain, '-U', $authentication->{winuser} . '%' . $authentication->{winpass}, '"');
	});

output($conf_file, <<EOF);
auth=Windows NT4 Domain
server= none 
realm=$domain
EOF




	} else { 	
	# FIXME: the DC isn't named ads.domain... try to do reserve lookup?
	$authentication->{AD_server} ||= 'ads.' . $authentication->{AD_domain};
	my $domain = uc $authentication->{WINDOMAIN};
	my $realm = $authentication->{AD_domain};
	($authentication->{winuser}, $authentication->{winpass}) = auth();
	configure_krb5_for_AD($authentication);
		
	require fs::remote::smb;
	fs::remote::smb::write_smb_ads_conf($domain,$realm);
	run_program::rooted($::prefix, "chkconfig", "--level", "35", "winbind", "on");
	mkdir_p("$::prefix/home/$domain");
	run_program::rooted($::prefix, 'net', 'time', 'set', '-S', $authentication->{AD_server});
	run_program::rooted($::prefix, 'service', 'smb', 'restart');
	
	$when_network_is_up->(sub {
	    run_program::raw({ root => $::prefix, sensitive_arguments => 1 }, 
			     'net', 'ads', 'join', '-U', $authentication->{winuser} . '%' . $authentication->{winpass});
	    run_program::rooted($::prefix, 'service', 'winbind', 'restart');
	});

#FIXME: perhaps save the defaults values ?
output($conf_file, <<EOF);
auth=Windows Active Directory Domain
server= none
realm=$realm
EOF
    } }
    1;
}


sub pam_modules() {
    'pam_ldap', 'pam_castella', 'pam_winbind', 'pam_krb5', 'pam_mkhomedir', 'pam_ccreds', 'pam_deny' , 'pam_permit';
}
sub pam_module_from_path { 
    $_[0] && $_[0] =~ m|(/lib/security/)?(pam_.*)\.so| && $2;
}
sub pam_module_to_path { 
    "$_[0].so";
}
sub pam_format_line {
    my ($type, $control, $module, @para) = @_;
    sprintf("%-11s %-13s %s\n", $type, $control, join(' ', pam_module_to_path($module), @para));
}

sub get_raw_pam_authentication() {
    my %before_deny;
    foreach (cat_("$::prefix/etc/pam.d/system-auth")) {
	#my ($type, $control, $module, @para) = split;
	my ($type, $_control, $other) = /(\S+)\s+(\[.*?\]|\S+)\s+(.*)/;
	my ($module, @para) = split(' ', $other);
	if ($module = pam_module_from_path($module)) {
	    #$before_deny{$type}{$module} = \@para if $control eq 'sufficient' && member($module, pam_modules());
	    $before_deny{$type}{$module} = \@para if member($module, pam_modules());
	}
    }
    \%before_deny;
}

sub get_pam_authentication_kinds() {
    my $before_deny = get_raw_pam_authentication();
    map { s/pam_//; $_ } keys %{$before_deny->{auth}};
}

sub sufficient {
    my ($ccreds, $module, $type) = @_;

    $ccreds && member($module, 'pam_tcb' , 'pam_winbind') ?
      'sufficient' :
    $ccreds && member($module, 'pam_ldap', 'pam_krb5') && $type eq 'account' ?
      '[authinfo_unavail=ignore default=done]' :
    $ccreds && member($module, 'pam_ldap', 'pam_krb5') && $type eq 'password' ?
      'sufficient' :
    $ccreds && member($module, 'pam_ldap', 'pam_krb5') ?
      '[authinfo_unavail=ignore user_unknown=ignore success=1 default=2]' :
      'sufficient';
}

sub pam_sufficient_line {
    my ($ccreds, $type, $module, @para) = @_;
    my $control = sufficient($ccreds, $module, $type);
    if ($module eq 'pam_winbind') {
	push @para, 'cached_login';
    }
    pam_format_line($type, $control, $module, @para);
}






sub set_pam_authentication {
    #my (@authentication_kinds) = @_;
    my ($authentication_kinds, $ccreds) = @_;
    
    my %special = (
	    #auth => [ difference2(\@authentication_kinds,, [ 'mount' ]) ],
	    #account => [ difference2(\@authentication_kinds, [ 'castella', 'mount' ]) ],
	    #password => [ intersection(\@authentication_kinds, [ 'ldap', 'krb5' ]) ],
	auth => [ difference2($authentication_kinds,, [ 'mount' ]) ],
	account => [ difference2($authentication_kinds, [ 'castella', 'mount', 'ccreds' ]) ],
	password => [ intersection($authentication_kinds, [ 'ldap', 'krb5', 'ccreds' ]) ],
    );
    my %before_first = (
	    #auth => member('mount', @authentication_kinds) ? pam_format_line('auth', 'required', 'pam_mount') : '',
	auth => member('mount', @$authentication_kinds) ? pam_format_line('auth', 'required', 'pam_mount') : '',
	session => 
	  #intersection(\@authentication_kinds, [ 'winbind', 'krb5', 'ldap' ]) 
	  intersection($authentication_kinds, [ 'winbind', 'krb5', 'ldap' ])
	    ? pam_format_line('session', 'optional', 'pam_mkhomedir', 'skel=/etc/skel/', 'umask=0022') :
	    #member('castella', @authentication_kinds)
	    member('castella', @$authentication_kinds)
	    ? pam_format_line('session', 'optional', 'pam_castella') : '',
    );
    my %after_deny = (
	session =>
          member('krb5', @$authentication_kinds)
            ? pam_format_line('session', 'optional', 'pam_krb5') :
          member('mount', @$authentication_kinds)
            ? pam_format_line('session', 'optional', 'pam_mount') : '',
    );

    substInFile {
	    #my ($type, $control, $module, @para) = split;
	my ($type, $control, $other) = /(\S+)\s+(\[.*?\]|\S+)\s+(.*)/;
	my ($module, @para) = split(' ', $other);
	if ($module = pam_module_from_path($module)) {
	    if (member($module, pam_modules())) {
		#- first removing previous config
		$_ = '';
	    }
	    if ($module eq 'pam_tcb' && $special{$type}) {
		my @para_for_last = 
		    member($type, 'auth', 'account') ? qw(use_first_pass) : @{[]};
		@para = difference2(\@para, \@para_for_last);

		my ($before_noask, $ask) = partition { $_ eq 'castella' } @{$special{$type}};

		if (!@$ask) {
		    @para_for_last = grep { $_ ne 'use_first_pass' } @para_for_last;
		}

		my @l = ((map { [ "pam_$_" ] } @$before_noask),
			 [ 'pam_tcb', @para ],
			 (map { [ "pam_$_" ] } @$ask),
			 );
		push @{$l[-1]}, @para_for_last;
		#$_ = join('', map { pam_format_line($type, 'sufficient', @$_) } @l);
		### $_ = join('', map { pam_format_line($type, sufficient($ccreds, $_->[0], $type), @$_) } @l);
		$_ = join('', map { pam_sufficient_line($ccreds, $type, @$_) } @l);

		if ($control eq 'required') {
		    #- ensure a pam_deny line is there. it will be added below
		    ($module, @para) = ('pam_deny');
		}

		if ($type eq 'auth' && $ccreds) {
			$_ .= pam_format_line('auth', '[default=done]', 'pam_ccreds', 'action=validate use_first_pass');
			$_ .= pam_format_line('auth', '[default=done]', 'pam_ccreds', 'action=store');
			$_ .= pam_format_line('auth', '[default=bad]',  'pam_ccreds', 'action=update');
		}
	    }


	    if (member($module, 'pam_deny', 'pam_permit')) {
		$_ .= pam_format_line($type, $control, 
				      $type eq 'account' && $ccreds ? 'pam_permit' : 'pam_deny');
	    }
	    if (my $s = delete $before_first{$type}) {
		$_ = $s . $_;
	    }
	    if ($control eq 'required' && member($module, 'pam_deny', 'pam_permit', 'pam_tcb')) {
		if (my $s = delete $after_deny{$type}) {
		    $_ .= $s;
		}
	    }
	}
    } "$::prefix/etc/pam.d/system-auth";
}

sub set_nsswitch_priority {
	#my (@kinds) = @_;
    my ($kinds, $connected) = @_;
    my @known = qw(nis ldap winbind compat);
    substInFile {
	if (my ($database, $l) = /^(\s*(?:passwd|shadow|group|automount):\s*)(.*)/) {
	    my @l = difference2([ split(' ', $l) ], \@known);
	    #    $_ = $database . join(' ', uniq('files', @kinds, @l)) . "\n";
	    #}
		$_ = $database . join(' ', uniq('files', @$kinds, @l)) . "\n";
	}
	if (/^\s*(?:passwd|group):/) {
		my $option = '[NOTFOUND=return] db';
	if ($connected) {
		s/$/ $option/ if !/\Q$option/;
	} else {
		s/\s*\Q$option//;
	}
}	

    } "$::prefix/etc/nsswitch.conf";
}

sub read_yp_conf() {
    my $yp_conf = cat_("$::prefix/etc/yp.conf");
    
    if ($yp_conf =~ /^domain\s+(\S+)\s+(\S+)\s*(.*)/m) {
	{ domain => $1, server => $2 eq 'broadcast' ? 'broadcast' : $3 };
    } elsif ($yp_conf =~ /^server\s+(.*)/m) {
	{ server => $1 };
    } else {
	undef;
    }    
}

my $special_ldap_cmds = join('|', 'nss_map_attribute', 'nss_map_objectclass');
sub _after_read_ldap_line {
    my ($s) = @_;
    $s =~ s/\b($special_ldap_cmds)\s*/$1 . '_'/e;
    $s;
}
sub _pre_write_ldap_line {
    my ($s) = @_;
    $s =~ s/\b($special_ldap_cmds)_/$1 . ' '/e;
    $s;
}

sub read_ldap_conf() {
    my %conf = map { 
	s/^\s*#.*//; 
	if_(_after_read_ldap_line($_) =~ /(\S+)\s+(.*)/, $1 => $2);
    } cat_("$::prefix/etc/ldap.conf");
    \%conf;
}

sub update_ldap_conf {    
    my (%conf) = @_;

    substInFile {
	my ($cmd) = _after_read_ldap_line($_) =~ /^\s*#?\s*(\w+)\s/;
	if ($cmd && exists $conf{$cmd}) {
	    my $val = $conf{$cmd};
	    $conf{$cmd} = '';
	    $_ = $val ? _pre_write_ldap_line("$cmd $val\n") : /^\s*#/ ? $_ : "#$_";
        }
	if (eof) {
	    foreach my $cmd (keys %conf) {
		my $val = $conf{$cmd} or next;
		$_ .= _pre_write_ldap_line("$cmd $val\n");
	    }
	}
    } "$::prefix/etc/ldap.conf";
}

sub configure_krb5_for_AD {
    my ($authentication) = @_;

    my $uc_domain = uc $authentication->{AD_domain};
    my $krb5_conf_file = "$::prefix/etc/krb5.conf";

    krb5_conf_update($krb5_conf_file,
		     libdefaults => (
				     default_realm => $uc_domain,
				     dns_lookup_realm => $authentication->{KRB_dns_lookup} ? 'true' : 'false',
				     dns_lookup_kdc => $authentication->{KRB_host_lookup} ? 'true' : 'false',
				     default_tgs_enctypes => undef, 
				     default_tkt_enctypes => undef,
				     permitted_enctypes => undef,
				    ));

    my @sections = (
		    realms => <<EOF,
 $uc_domain = {
  kdc = $authentication->{AD_server}:88
  admin_server = $authentication->{AD_server}:749
  default_domain = $authentication->{DNS_domain}
 }
EOF
		    domain_realm => <<EOF,
 .$authentication->{DNS_domain} = $uc_domain
 $authentication->{DNS_domain} = $uc_domain
EOF
		    kdc => <<'EOF',
 profile = /etc/kerberos/krb5kdc/kdc.conf
EOF
		    pam => <<'EOF',
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false
EOF
		    login => <<'EOF',
 krb4_convert = false
 krb4_get_tickets = false
EOF
		       );
    foreach (group_by2(@sections)) {
	my ($section, $txt) = @$_;
	krb5_conf_overwrite_category($krb5_conf_file, $section => $authentication->{AD_server} ? $txt : '');
    }
}

sub krb5_conf_overwrite_category {
    my ($file, $category, $new_val) = @_;

    my $done;
    substInFile {
	if (my $i = /^\s*\[\Q$category\E\]/i ... /^\[/) {
	    if ($new_val) {
		if ($i == 1) {
		    $_ .= $new_val;
		    $done = 1;
		} elsif ($i =~ /E/) {
		    $_ = "\n$_";
		} else {
		    $_ = '';
		}
	    } else {
		$_ = '' if $i !~ /E/;
	    }
	}
	#- if category has not been found above.
	if (eof && $new_val && !$done) {
	    $_ .= "\n[$category]\n$new_val";
	}
    } $file;
}

#- same as update_gnomekderc(), but allow spaces around "="
sub krb5_conf_update {
    my ($file, $category, %subst_) = @_;

    my %subst = map { lc($_) => [ $_, $subst_{$_} ] } keys %subst_;

    my $s;
    foreach (MDK::Common::File::cat_($file), "[NOCATEGORY]\n") {
	if (my $i = /^\s*\[\Q$category\E\]/i ... /^\[/) {
	    if ($i =~ /E/) { #- for last line of category
		chomp $s; $s .= "\n";
		$s .= " $_->[0] = $_->[1]\n" foreach grep { defined($_->[1]) } values %subst;
		%subst = ();
	    } elsif (/^\s*([^=]*?)\s*=/) {
		if (my $e = delete $subst{lc($1)}) {
		    $_ = defined($e->[1]) ? " $1 = $e->[1]\n" : '';
		}
	      }
	}
	$s .= $_ if !/^\Q[NOCATEGORY]/;
    }

    #- if category has not been found above.
    if (keys %subst) {
	chomp $s;
	$s .= "\n[$category]\n";
	$s .= " $_->[0] = $_->[1]\n" foreach grep { defined($_->[1]) } values %subst;
    }

    MDK::Common::File::output($file, $s);

}

sub sshd_config_UsePAM {
    my ($UsePAM) = @_;
    my $sshd = "$::prefix/etc/ssh/sshd_config";
    -e $sshd or return;