/[soft]/drakwizard/trunk/sshd_wizard/Sshd.pm
ViewVC logotype

Contents of /drakwizard/trunk/sshd_wizard/Sshd.pm

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8720 - (show annotations) (download)
Fri Aug 23 23:53:27 2013 UTC (11 years ago) by djennings
File size: 11685 byte(s)
- fix race condition checking service status (mga#10934)
- fix directory definition in proxy wizard
- fix parameter format in proxy wizard
- updated default proxy config file

1 #!/usr/bin/perl
2
3 # Drakwizard
4 # Copyright (C) 2002,2008 Mandriva
5 #
6 # Authors: antoine Ginies <aginies@mandriva>
7 #
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 2, or (at your option)
11 # any later version.
12 #
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
17 #
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21
22 package MDK::Wizard::Sshd;
23 use strict;
24
25 use common;
26 use services;
27 use MDK::Wizard::Wizcommon;
28 use Libconf::Templates;
29 use Libconf::Glueconf::Networking::Sshd_config;
30
31
32 my $wiz = new MDK::Wizard::Wizcommon;
33 my $in = interactive->vnew;
34 my $conf = "/etc/ssh/sshd_config";
35 #my $SHORTHOSTNAME = chomp_(`hostname -s`);
36
37 # we ask glueconf to give us the structure representing /etc/ssh/sshd_config
38 my $sshd = new Libconf::Glueconf::Networking::Sshd_config({ filename => '/etc/ssh/sshd_config' });
39
40 # ------ debug
41 use Data::Dumper;
42 print Dumper($sshd);
43
44 my $o = {
45 name => 'SSH wizard',
46 var => {
47 wiz_port => '',
48 },
49 # init => sub {
50 # my ($err, $msg) = test_host_domain($SHORTHOSTNAME, $DOMAINNAME);
51 # if (!$err) {
52 # $in->ask_warn(N('Error'), $msg);
53 # die 'wizcancel';
54 # }
55 # },
56 needed_rpm => [ 'openssh-server' ],
57 defaultimage => "/usr/share/wizards/sshd_wizard/images/IC-Dssh-48.png",
58 };
59
60 my @yesorno = qw(yes no); push @yesorno, "";
61 my @yesnoother = qw(yes no without-password forced-commands-only); push @yesnoother, "";
62 my @syslog = qw(DAEMON USER AUTH LOCAL0 LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7); push @syslog, "";
63 my @loglevel = qw(QUIET FATAL ERROR INFO VERBOSE DEBUG DEBUG1 DEBUG2 DEBUG3); push @loglevel, "";
64
65 my %type = (
66 1 => N("Newbie - classical options"),
67 2 => N("Expert - advanced ssh options"),
68 );
69
70 $o->{pages} = {
71 welcome => {
72 name => N("OpenSSH daemon configuration") . "\n\n" . N("Which type of configuration do you want to do:"),
73 data => [
74 { label => "", type => 'list', val => \$o->{var}{wiz_type}, list => [ keys %type ], format => sub { $type{$_[0]} } },
75 ],
76 next => 'config_step1',
77 no_back => 1,
78 },
79 config_step1 => {
80 name => N("SSH server, classical options"),
81 pre => sub {
82 $o->{var}{ListenAddress} = $sshd->{ListenAddress} || "0.0.0.0";
83 $o->{var}{Port} = $sshd->{Port} || "22";
84 $o->{var}{PermitRootLogin} ||= $sshd->{PermitRootLogin};
85 },
86 data => [
87 { label => N("Permit root login:"), val => \$o->{var}{PermitRootLogin}, list_ref => \@yesnoother },
88 { label => N("Listen address:"), val => \$o->{var}{ListenAddress}, help => N("Specifies the local addresses sshd should listen on.") },
89 { label => N("Port number:"), val => \$o->{var}{Port}, help => N("Specifies the port number that sshd listens on. The default is 22.") },
90 ],
91 complete => sub {
92 if ($o->{var}{Port} !~ /^\d+$/) {
93 $::in->ask_warn(N("Error"), N("Port should be a number"));
94 return 1;
95 }
96 },
97 post => sub {
98 if ($o->{var}{wiz_type} == 2) {
99 return 'auth_options';
100 } elsif ($o->{var}{wiz_type} == 1) {
101 return 'summary';
102 }
103 },
104 next => 'auth_options',
105 },
106 auth_options => {
107 name => N("Authentication Method"),
108 pre => sub {
109 $o->{var}{RSAAuthentication} ||= $sshd->{RSAAuthentication};
110 $o->{var}{PubkeyAuthentication} ||= $sshd->{PubkeyAuthentication};
111 $o->{var}{AuthorizedKeysFile} = $sshd->{AuthorizedKeysFile} || ".ssh/authorized_keys2";
112 $o->{var}{PasswordAuthentication} ||= $sshd->{PasswordAuthentication};
113 $o->{var}{IgnoreRhosts} ||= $sshd->{IgnoreRhosts};
114 $o->{var}{PermitEmptyPasswords} ||= $sshd->{PermitEmptyPasswords};
115 },
116 data => [
117 { label => N("RSA auth:"), val => \$o->{var}{RSAAuthentication}, list_ref => \@yesorno },
118 { label => N("PubKey auth:"), val => \$o->{var}{PubkeyAuthentication}, list_ref => \@yesorno },
119 { label => N("Auth key file:"), val => \$o->{var}{AuthorizedKeysFile} },
120 { label => N("Password auth:"), val => \$o->{var}{PasswordAuthentication}, list_ref => \@yesorno },
121 { label => N("Ignore rhosts file:"), val => \$o->{var}{IgnoreRhosts}, list_ref => \@yesorno },
122 { label => N("Permit empty password:"), val => \$o->{var}{PermitEmptyPasswords}, list_ref => \@yesorno },
123 ],
124 next => 'log_options',
125 },
126 log_options => {
127 name => N("Log") . "\n\n" . N("Syslog facility: gives the facility code that is used when logging messages from sshd") . "\n" . N("Log level: gives the verbosity level that is used when logging messages from sshd."),
128 pre => sub {
129 $o->{var}{SyslogFacility} ||= $sshd->{SyslogFacility};
130 $o->{var}{LogLevel} ||= $sshd->{LogLevel};
131 },
132 data => [
133 { label => N("Syslog facility:"), val => \$o->{var}{SyslogFacility}, list_ref => \@syslog },
134 { label => N("Log level:"), val => \$o->{var}{LogLevel}, list_ref => \@loglevel },
135 ],
136 next => 'login_options',
137 },
138 login_options => {
139 name => N("Login options") . "\n\n" . N("Print last log: whether sshd should print the date and time when the user last logged in"),
140 pre => sub {
141 $o->{var}{LoginGraceTime} ||= $sshd->{LoginGraceTime};
142 $o->{var}{KeepAlive} ||= $sshd->{KeepAlive};
143 $o->{var}{PrintMotd} ||= $sshd->{PrintMotd};
144 $o->{var}{PrintLastLog} ||= $sshd->{PrintLastLog};
145 },
146 data => [
147 { label => N("Login Grace time:"), val => \$o->{var}{LoginGraceTime}, help => N("The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. The default is 120 seconds.") },
148 { label => N("Keep alive:"), val => \$o->{var}{KeepAlive}, list_ref => \@yesorno },
149 { label => N("Print motd:"), val => \$o->{var}{PrintMotd}, list_ref => \@yesorno },
150 { label => N("Print last log:"), val => \$o->{var}{PrintLastLog}, list_ref => \@yesorno },
151 ],
152 complete => sub {
153 if ($o->{var}{LoginGraceTime} !~ /^\d+$/ && $o->{var}{LoginGraceTime}) {
154 $::in->ask_warn(N("Error"), N("Login grace time should be a number"));
155 return 1;
156 }
157 },
158 next => 'user_login',
159 },
160 user_login => {
161 name => N("User Login options") . "\n\n" . N("Strict modes: specifies whether sshd should check file modes and ownership of the user's files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable"),
162 pre => sub {
163 $o->{var}{StrictModes} ||= $sshd->{StrictModes};
164 $o->{var}{AllowUsers} ||= $sshd->{AllowUsers};
165 $o->{var}{DenyUsers} ||= $sshd->{DenyUsers};
166 },
167 data => [
168
169 { label => N("Strict modes:"), val => \$o->{var}{StrictModes}, list_ref => \@yesorno },
170 { label => N("Allow users:"), val => \$o->{var}{AllowUsers}, help => N("If specified, login is allowed only for user names that match one of the patterns. ie: erwan aginies guibo") },
171 { label => N("Deny users:"), val => \$o->{var}{DenyUsers}, help => N("Login is disallowed for user names that match one of the patterns. ie: pirate guillomovitch") },
172 ],
173 next => 'other',
174 },
175 other => {
176 name => N("Compression: Specifies whether compression is allowed.") . "\n" . N("X11 forwarding: specifies whether X11 forwarding is permitted. Note that disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders."),
177 pre => sub {
178 $o->{var}{Compression} ||= $sshd->{Compression};
179 $o->{var}{X11Forwarding} ||= $sshd->{X11Forwarding};
180 },
181 data => [
182 { label => N("Compression:"), val => \$o->{var}{Compression}, list_ref => \@yesorno },
183 { label => N("X11 forwarding:"), val => \$o->{var}{X11Forwarding}, list_ref => \@yesorno },
184 ],
185 next => 'summary',
186 },
187 summary => {
188 name => N("Summary of OpenSSH configuration."),
189 data => [
190 { label => N("Permit root login:"), val_ref => \$o->{var}{PermitRootLogin} },
191 { label => N("Listen address:"), val_ref => \$o->{var}{ListenAddress} },
192 { label => N("Port number:"), val_ref => \$o->{var}{Port} },
193 ],
194 post => \&do_it,
195 next => 'end',
196 },
197 end => {
198 name => N("Congratulations") . "\n\n" . N("The wizard successfully configured your SSH server."),
199 no_back => 1,
200 end => 1,
201 },
202 error_end => {
203 name => N("Failed"),
204 data => [ { label => N("Please relaunch drakwizard, and try to change some parameters.") } ],
205 no_back => 1,
206 end => 1,
207 },
208 };
209
210 sub new {
211 my ($class) = @_;
212 bless $o, $class;
213 }
214
215 sub write_conf_restart_ssh {
216 $sshd->write_conf($conf);
217 reload_or_restart('sshd');
218 }
219
220 sub global_config {
221 $sshd->{Port} = $o->{var}{Port};
222 # force sshd protocol 2
223 $o->{var}{Protocol} = $sshd->{Protocol} || "2";
224 $o->{var}{ListenAddress} and $sshd->{ListenAddress} = $o->{var}{ListenAddress};
225
226 $o->{var}{SyslogFacility} and $sshd->{SyslogFacility} = $o->{var}{SyslogFacility};
227 $o->{var}{LogLevel} and $sshd->{LogLevel} = $o->{var}{LogLevel};
228
229 $o->{var}{PermitRootLogin} and $sshd->{PermitRootLogin} = $o->{var}{PermitRootLogin};
230 $o->{var}{StrictModes} and $sshd->{StrictModes} = $o->{var}{StrictModes};
231 $o->{var}{AllowUsers} and $sshd->{AllowUsers} = $o->{var}{AllowUsers};
232 $o->{var}{DenyUsers} and $sshd->{DenyUsers} = $o->{var}{DenyUsers};
233
234 $o->{var}{LoginGraceTime} and $sshd->{LoginGraceTime} = $o->{var}{LoginGraceTime};
235 $o->{var}{KeepAlive} and $sshd->{KeepAlive} = $o->{var}{KeepAlive};
236 $o->{var}{PrintMotd} and $sshd->{PrintMotd} = $o->{var}{PrintMotd};
237 $o->{var}{PrintLastLog} and $sshd->{PrintLastLog} = $o->{var}{PrintLastLog};
238
239 $o->{var}{RSAAuthentication} and $sshd->{RSAAuthentication} = $o->{var}{RSAAuthentication};
240 $o->{var}{PubkeyAuthentication} and $sshd->{PubkeyAuthentication} = $o->{var}{PubkeyAuthentication};
241 $o->{var}{AuthorizedKeysFile} and $sshd->{AuthorizedKeysFile} = $o->{var}{AuthorizedKeysFile};
242 $o->{var}{PasswordAuthentication} and $sshd->{PasswordAuthentication} = $o->{var}{PasswordAuthentication};
243 $o->{var}{IgnoreRhosts} and $sshd->{IgnoreRhosts} = $o->{var}{IgnoreRhosts};
244 $o->{var}{PermitEmptyPasswords} and $sshd->{PermitEmptyPasswords} = $o->{var}{PermitEmptyPasswords};
245 $o->{var}{X11Forwarding} and $sshd->{X11Forwarding} = $o->{var}{X11Forwarding};
246 $o->{var}{Compression} and $sshd->{Compression} = $o->{var}{Compression};
247 #$sshd->{UsePrivilegeSeparation} yes
248 }
249
250 sub do_it {
251 $::testing and return;
252 # display a wait dialog box
253 my $in = 'interactive'->vnew('su', 'SSH');
254 my $w = $in->wait_message(N("OpenSSH server"), N("Configuring your OpenSSH server..."));
255 global_config();
256 write_conf_restart_ssh();
257 # remove wait message
258 undef $w;
259 check_started('sshd');
260 }
261
262 1;

Properties

Name Value
svn:executable *

  ViewVC Help
Powered by ViewVC 1.1.30