8Yc@sddlZddlZddlZddlZddlZddlZejZddlm Z m Z ddl Z ye j e j dWn$e jk rejjdnXdZedrddlZnde fdYZd e fd YZd fd YZd efdYZedkrejejejejdedrqeZn eZejejndS(iN(t OptionParsertIndentedHelpFormatterts%Warning: Unsupported locale setting. cCstjdj|dkS(Ni(tsystargvtfind(tname((s#/usr/share/authconfig/authconfig.pytrunsAs%ssauthconfig-tuitUnihelpOptionParsercBseZddZRS(cCs~|dkrtj}ntj}t|dd}| sI|dkrR|}n|j|jj|j |ddS(Ntencodingtasciitreplace( tNoneRtstdouttlocaletgetpreferredencodingtgetattrtwritet format_helptdecodetencode(tselftfilet srcencodingR ((s#/usr/share/authconfig/authconfig.pyt print_help,s    N(t__name__t __module__R R(((s#/usr/share/authconfig/authconfig.pyR+stNonWrapFormattercBseZdZRS(cCsg}|j|}|j|jd}t||kr[d|jd|f}|j}n8d|jd||f}d|jd||f}d}|j||jr|j|}|jd|d|fn |ddkr|jdndj|S(Nis%*s%s Rs %*s%-*s iis (toption_stringst help_positiontcurrent_indenttlentappendthelptexpand_defaulttjoin(Rtoptiontresulttoptst opt_widtht indent_firstt help_text((s#/usr/share/authconfig/authconfig.pyt format_option6s     (RRR*(((s#/usr/share/authconfig/authconfig.pyR5st AuthconfigcBs}eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d ZRS( cCsCt|_t|_t|_t|_t|_t|_d|_dS(Ni(tFalset nis_availtkerberos_availt ldap_availt sssd_availt cache_availt fprintd_availtretval(R((s#/usr/share/authconfig/authconfig.pyt__init__Zs      cCsdS(Nt authconfig((R((s#/usr/share/authconfig/authconfig.pytmodulecscCs$tjjd|j|fdS(Ns%s: %s (RtstderrRR6(Rterror((s#/usr/share/authconfig/authconfig.pyt printErrorfscCsud}d}xX|D]P}|dkr2|d7}n|rO|t|d7}n||7}|d7}qW|d7}|S(Nit(tstr(RtltaddidxtidxR!titem((s#/usr/share/authconfig/authconfig.pytlistHelpis     c CsBtd|j}|jdkr5|d7}nt|dtdt}|jdddd d td |jd d dd d td|jddd d td|jdddd d td|jddd d td|jdd|jtjtd td|jddd d td|jddd d td|jddtdd td|jd dtd!d td"|jd#dd d td$|jd%dd d td&|jd'dd d td(|jd)dd d td*|jd+dtd!d td,|jd-dtd.d td/|jd0d1dd d td2|jd3d4dd d td5|jd6dd d td7|jd8dd d td9|jd:dtd;d td<|jd=dd d td>|jd?dd d td@|jdAdd d tdB|jdCdd d tdD|jdEdtdFd tdG|jtj t }|jdHd|d tdI|jdJdd d tdK|jdLdd d tdM|jdNdd d tdO|jdPdd d tdQ|jdRdd d tdS|jdTdd d tdU|jdVdtd!d tdW|jdXdtd!d tdY|jdZdtd[d td\|jd]dd d td^|jd_dd d td`|jdadd d tdb|jdcdd d tdd|jdedd d tdf|jdgdd d tdh|jdidd d tdj|jdkdd d tdl|jdmddnd tdo|jdpdtd[d tdq|jdrdtdsd tdt|jdudtdvd tdw|jdxdydzdtd{d td||jd}dd~d td|jdddd td|jdddd td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jdddd td|jddd d td|jddd d td|jddtdd td|jddtd[d td|jddtdsd td|jddd d td|jddd d td|jdddd td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jdddd td|jdddd td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddtdd td|jddtdd td|jddtdd td|jddtdd td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddd d td|jddtdd td|jddd d td|jddd d td|jdkr|jddd d td|jddd d tdn"|jdddd d td|jddd d td|jd dd d td |jd dtd d td |jddtd d td|jddd d td|j \|_ }|r|j tdtjdn|jdk r>|j j r>|j j r>|j j r>|j j r>|j j r>|j j r>|j j r>|jtjdndS(Nsusage: %s [options]R5se {--update|--updateall|--test|--probe|--restorebackup |--savebackup |--restorelastbackup}tadd_help_optiont formatters-hs--helptactionR!sshow this help message and exits--enableshadows --useshadowt store_trues$enable shadowed passwords by defaults--disableshadows%disable shadowed passwords by defaults --enablemd5s--usemd5senable MD5 passwords by defaults --disablemd5s disable MD5 passwords by defaults --passalgotmetavars&hash/crypt algorithm for new passwordss --enableniss*enable NIS for user information by defaults --disableniss+disable NIS for user information by defaults --nisdomainssdefault NIS domains --nisserverssdefault NIS servers --enableldaps+enable LDAP for user information by defaults --disableldaps,disable LDAP for user information by defaults--enableldapauths)enable LDAP for authentication by defaults--disableldapauths*disable LDAP for authentication by defaults --ldapservers#default LDAP server hostname or URIs --ldapbasednssdefault LDAP base DNs--enableldaptlss--enableldapstarttlss&enable use of TLS with LDAP (RFC-2830)s--disableldaptlss--disableldapstarttlss'disable use of TLS with LDAP (RFC-2830)s--enablerfc2307bissBenable use of RFC-2307bis schema for LDAP user information lookupss--disablerfc2307bissCdisable use of RFC-2307bis schema for LDAP user information lookupss--ldaploadcacertss load CA certificate from the URLs--enablesmartcards0enable authentication with smart card by defaults--disablesmartcards1disable authentication with smart card by defaults--enablerequiresmartcards0require smart card for authentication by defaults--disablerequiresmartcards7do not require smart card for authentication by defaults--smartcardmoduless default smart card module to uses--smartcardactions(action to be taken on smart card removals--enablefingerprints9enable authentication with fingerprint readers by defaults--disablefingerprints:disable authentication with fingerprint readers by defaults--enableecryptfss"enable automatic per-user ecryptfss--disableecryptfss#disable automatic per-user ecryptfss --enablekrb5s)enable kerberos authentication by defaults --disablekrb5s*disable kerberos authentication by defaults --krb5kdcsdefault kerberos KDCs--krb5adminserversdefault kerberos admin servers --krb5realmssdefault kerberos realms--enablekrb5kdcdnss'enable use of DNS to find kerberos KDCss--disablekrb5kdcdnss(disable use of DNS to find kerberos KDCss--enablekrb5realmdnss)enable use of DNS to find kerberos realmss--disablekrb5realmdnss*disable use of DNS to find kerberos realmss--enablewinbinds.enable winbind for user information by defaults--disablewinbinds/disable winbind for user information by defaults--enablewinbindauths,enable winbind for authentication by defaults--disablewinbindauths-disable winbind for authentication by defaults --smbsecurityss*security mode to use for samba and winbinds --smbrealms5default realm for samba and winbind when security=adss --smbserverss s(names of servers to authenticate againsts--smbworkgroups s'workgroup authentication servers are ins--smbidmapranges --smbidmapuids --smbidmapgidss4uid range winbind will assign to domain or ads userss--winbindseparators<\>sthe character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enableds--winbindtemplatehomedirs sGthe directory which winbind-created users will have as home directoriess--winbindtemplateshells sDthe shell which winbind-created users will have as their login shells--enablewinbindusedefaultdomains[configures winbind to assume that users with no domain in their user names are domain userss --disablewinbindusedefaultdomains_configures winbind to assume that users with no domain in their user names are not domain userss--enablewinbindofflines)configures winbind to allow offline logins--disablewinbindofflines+configures winbind to prevent offline logins--enablewinbindkrb5s+winbind will use Kerberos 5 to authenticates--disablewinbindkrb5s2winbind will use the default authentication methods --winbindjoinss>join the winbind domain or ads realm now as this administrators --enableipav2s?enable IPAv2 for user information and authentication by defaults--disableipav2s@disable IPAv2 for user information and authentication by defaults --ipav2domains-the IPAv2 domain the system should be part ofs --ipav2realmsthe realm for the IPAv2 domains --ipav2serversthe server for the IPAv2 domains--enableipav2nontps-do not setup the NTP against the IPAv2 domains--disableipav2nontps0setup the NTP against the IPAv2 domain (default)s --ipav2joins s%join the IPAv2 domain as this accounts --enablewinss#enable wins for hostname resolutions --disablewinss$disable wins for hostname resolutions--enablepreferdnss3prefer dns over wins or nis for hostname resolutions--disablepreferdnss:do not prefer dns over wins or nis for hostname resolutions--enablehesiods-enable hesiod for user information by defaults--disablehesiods.disable hesiod for user information by defaults --hesiodlhsssdefault hesiod LHSs --hesiodrhsssdefault hesiod RHSs --enablesssdsOenable SSSD for user information by default with manually managed configurations --disablesssdsVdisable SSSD for user information by default (still used for supported configurations)s--enablesssdauthsMenable SSSD for authentication by default with manually managed configurations--disablesssdauthsTdisable SSSD for authentication by default (still used for supported configurations)s--enableforcelegacys;never use SSSD implicitly even for supported configurationss--disableforcelegacys4use SSSD implicitly if it supports the configurations--enablecachecredss5enable caching of user credentials in SSSD by defaults--disablecachecredss6disable caching of user credentials in SSSD by defaults --enablecachesXenable caching of user information by default (automatically disabled when SSSD is used)s--disablecaches.disable caching of user information by defaults--enablelocauthorizes1local authorization is sufficient for local userss--disablelocauthorizes1authorize local users also through remote services--enablepamaccesss.check access.conf during account authorizations--disablepamaccesss5do not check access.conf during account authorizations--enablesysnetauths0authenticate system accounts by network servicess--disablesysnetauths0authenticate system accounts by local files onlys--enablemkhomedirs6create home directories for users on their first logins--disablemkhomedirs=do not create home directories for users on their first logins --passminlenssminimum length of a passwords--passminclasss1minimum number of character classes in a passwords--passmaxrepeats;maximum number of same consecutive characters in a passwords--passmaxclassrepeatsDmaximum number of consecutive characters of same class in a passwords--enablereqlowers6require at least one lowercase character in a passwords--disablereqlowers1do not require lowercase characters in a passwords--enablerequppers6require at least one uppercase character in a passwords--disablerequppers1do not require uppercase characters in a passwords--enablereqdigits(require at least one digit in a passwords--disablereqdigits#do not require digits in a passwords--enablereqothers2require at least one other character in a passwords--disablereqothers-do not require other characters in a passwords--enablefaillocksNenable account locking in case of too many consecutive authentication failuress--disablefaillocksGdisable account locking on too many consecutive authentication failuress--faillockargss sthe pam_faillock module optionss --nostarts+do not start/stop portmap, ypbind, and nscds--tests>do not update the configuration files, only print new settingssauthconfig-tuis--backs<display Back instead of Cancel in the main dialog of the TUIs --kickstarts1do not display the deprecated text user interfaces--updatesDopposite of --test, update configuration files with changed settingss --updateallsupdate all configuration filess--probes)probe network for defaults and print thems --savebackupss(save a backup of all configuration filess--restorebackups)restore the backup of configuration filess--restorelastbackupsXrestore the backup of configuration files saved before the previous configuration changesunexpected argumenti(t_R6RR,Rt add_optionRCtauthinfotpassword_algorithmstgetSmartcardActionstTruet parse_argstoptionsR9Rtexittprobettesttupdatet updateallt savebackupt restorebackuptrestorelastbackupR(Rtusagetparsertactshelptargs((s#/usr/share/authconfig/authconfig.pyt parseOptionsvs                                                                                                                        '  cCstj|j}|j|jrF|jrFd|j|jfGHn|jrp|jrpd|j|jfGHn|jrd|j|j pd|j pdfGHndS(Ns hesiod %s/%ss ldap %s/%s skrb5 %s/%s/%s R( RKtAuthInfoR9RRt hesiodLHSt hesiodRHSt ldapServert ldapBaseDNt kerberosRealmt kerberosKDCtkerberosAdminServer(Rtinfo((s#/usr/share/authconfig/authconfig.pyRRs     cCsLtj|j|_|jj|_|jjdkrHt|j_ndS(N( RKtreadR9Rftcopyt pristineinfotenableLocAuthorizeR RN(R((s#/usr/share/authconfig/authconfig.pyt readAuthInfoscCstjtjtjo-tjtjtj|_tjtjtj|_tjtj tjo{tjtj tj|_ tjtj tjotjtj tj|_tjtjtj|_tjtjtj|_dS(N(tostaccessRKt PATH_YPBINDtX_OKtPATH_LIBNSS_NISR-t PATH_PAM_KRB5R.t PATH_PAM_LDAPtPATH_LIBNSS_LDAPR/t PATH_PAM_SSStPATH_LIBNSS_SSSR0t PATH_NSCDR1tPATH_PAM_FPRINTDR2(R((s#/usr/share/authconfig/authconfig.pyttestAvailableSubsysscCsi%dd6dd6dd6dd6d d 6d d 6d d6dd6dd6dd6dd6dd6dd6dd6dd6dd 6d!d"6d#d$6d%d&6d'd(6d)d*6d+d,6d-d.6d/d06d1d26d3d46d5d66d7d86d9d:6d;d<6d=d>6d?d@6dAdB6dCdD6dEdF6dGdH6dIdJ6}idKdL6dMdN6dOdP6dQdR6dSdT6dUdV6dWdX6dYdZ6d[d\6d]d^6d_d`6dadb6dcdd6dedf6dgdh6didj6dkdl6dmdn6dodp6dqdr6dsdt6dudv6dwdx6dydz6d{d|6d}d~6dd6dd6dd6}xr|jD]d\}}t|jd|rt|j|tnt|jd|rt|j|tqqWy+|jjrmd|j_n d|j_Wnt k rnX|jj r|jj |jj kr|jj |jj |j_ |jj|jj |j_nyb|jj}|dkrRt|}|dkrR|jtdd|j_d|_qRnWn9tk r|jtdd|j_d|_nXy|jj}|dkr't|}|dkr|jtdd|j_d|_n|dkr'|jtdd|j_d|_q'nWn9tk rc|jtdd|j_d|_nXyb|jj}|dkrt|}|dkr|jtdd|j_d|_qnWn9tk r|jtdd|j_d|_nXyb|jj}|dkrct|}|dkrc|jtdd|j_d|_qcnWn9tk r|jtdd|j_d|_nXxT|jD]F\}}t|j|dkrt|j|t|j|qqW|jjrS|jjjdd}|d|j_t|dkrS|d|j_qSn|jjdkrz|jj|j_n|jj ry,t|jj }t!j"||j_#Wqtt$fk r|jtdd|j_#qXn|jj%r.|jj&d8kr.|jtdt|j_%n|jj'ss|jj(rUd|j_)n|jj*rd|j_)qn@|jj't!j+kr|jtdd|j_)d|_ndS(Nt enableShadowtshadowRjt locauthorizetenablePAMAccesst pamaccesstenableSysNetAutht sysnetauthtenableMkHomeDirt mkhomedirt enableCachetcachetenableEcryptfstecryptfst enableHesiodthesiodt enableLDAPtldapt enableLDAPStldaptlstenableRFC2307bist rfc2307bistenableLDAPAuthtldapauthtenableKerberostkrb5t enableNIStnistkerberosKDCviaDNSt krb5kdcdnstkerberosRealmviaDNSt krb5realmdnstenableSmartcardt smartcardt enableFprintdt fingerprinttforceSmartcardtrequiresmartcardt enableWinbindtwinbindtenableWinbindAutht winbindauthtwinbindUseDefaultDomaintwinbindusedefaultdomaintwinbindOfflinetwinbindofflinet winbindKrb5t winbindkrb5t enableIPAv2tipav2t ipav2NoNTPt ipav2nontpt enableWINStwinst enableSSSDtsssdtenableSSSDAuthtsssdauthtenableForceLegacyt forcelegacytenableCacheCredst cachecredstpreferDNSinHostst preferdnst passReqLowertreqlowert passReqUppertrequppert passReqDigittreqdigitt passReqOthertreqothertenableFaillocktfaillocktpasswordAlgorithmtpassalgoR_t hesiodlhsR`t hesiodrhsRat ldapserverRbt ldapbasednt ldapCacertURLtldaploadcacertRct krb5realmRdtkrb5kdcRetkrb5adminservertsmartcardModuletsmartcardmoduletsmartcardActiontsmartcardactiont nisDomaint nisdomaint nisServert nisservert smbWorkgroupt smbworkgroupt smbServerst smbserverst smbSecurityt smbsecuritytsmbRealmtsmbrealmt smbIdmapRanget smbidmaprangetwinbindSeparatortwinbindseparatortwinbindTemplateHomedirtwinbindtemplatehomedirtwinbindTemplateShelltwinbindtemplateshellt ipav2Domaint ipav2domaint ipav2Realmt ipav2realmt ipav2Servert ipav2servert passMinLent passminlent passMinClasst passminclasst passMaxRepeatt passmaxrepeattpassMaxClassRepeattpassmaxclassrepeatt faillockArgst faillockargstenabletdisableRis!The passminlen minimum value is 6is-The passminlen option value is not an integeris+The passminclass value must not be negativeis0The passminclass value must not be higher than 4s/The passminclass option value is not an integers,The passmaxrepeat value must not be negatives0The passmaxrepeat option value is not an integers1The passmaxclassrepeat value must not be negatives5The passmaxclassrepeat option value is not an integert%is(Bad smart card removal action specified.sO--enablerequiresmartcard is not supported for module 'sssd', option is ignored.tmd5tdescrypts;Unknown password hashing algorithm specified, using sha256.tsha256(,t iteritemsRRPtsetattrRfRNR,Rt ldapSchematAttributeErrorRRctgetKerberosKDCRdtgetKerberosAdminServerReRR tintR9RIR3t ValueErrorRRRt winbindjointsplittjoinUserRt joinPasswordt ipav2joinRRKRMRt IndexErrortenablerequiresmartcardRRt enablemd5Rt disablemd5RL(Rt bool_settingststring_settingstopttaivaltvaltlstRA((s#/usr/share/authconfig/authconfig.pytoverrideSettingssB      $!                                   &      cCstS(N(RN(R((s#/usr/share/authconfig/authconfig.pytdoUIgscCsht}|jjr'|jjt}n|jjdkrd|jjtr[|jjqdt }n|S(N( RNRPRRft joinDomainRR t joinIPADomaintwriteSysconfigR,(Rtret((s#/usr/share/authconfig/authconfig.pyRjs  cCs|jj|jjr7|jjs7d|_q7n|jj|jjrn|jjsd|_qn!|jj |j sd|_n|j sd|_n|jj |jj dS(Niiii(RfttestLDAPCACertsRtdownloadLDAPCACertR3trehashLDAPCACertsRPRURt writeChangedRiRtposttnostart(R((s#/usr/share/authconfig/authconfig.pyt writeAuthInfoxs       cCs|j|jjr0|jtjdn|jj rrtjdkrr|jt dtjdn|j |jj r|j j }tjt| n|jjr|j j|jj}tjt| n|jjr$|j j|jj}tjt| n|j|j|jsv|jjrf|jt dntjdn|jjr|j jn |j|jS(Niscan only be run as rootisdialog was cancelledi(R]RPRRRRQRSRltgetuidR9RIRkRXRft restoreLastRRWt restoreBackupRVt saveBackupRxRRt printInfoRR3(Rtrv((s#/usr/share/authconfig/authconfig.pytruns6             (RRR4R6R9RCR]RRRkRxRRRRR%(((s#/usr/share/authconfig/authconfig.pyR+Ys   $    t AuthconfigTUIcBseZdZdZdZdZdddZdZdZ dZ dZ d Z d Z d Zd Zd ZdZRS(cCsdS(Nsauthconfig-tui((R((s#/usr/share/authconfig/authconfig.pyR6scCs/|jjr+|jjr+|jjtndS(N(RPt kickstartRRfRRN(R((s#/usr/share/authconfig/authconfig.pyRscCs|s dSx|r|d}|d}t|tkrv|jjr_|d}|d}qv|d}|d}ntj|tjstd||d|f}tj |j td|tdgn|d}q WdS(NiiisThe %s file was not found, but it is required for %s support to work properly. Install the %s package, which provides this file.tWarningtOki( ttypettupleRft sssdSupportedRlRmtR_OKRItsnacktButtonChoiceWindowtscreen(Rttoggletwarningtpathtpackagettext((s#/usr/share/authconfig/authconfig.pytwarns         +c# CsEtjtdddg}tjtdddg}tjtjftdd6dg}tjtjftdd7dg}tjtj ftd d8dg}tj td d dg}tj tdddg}tj tdddg}tj tdd|g} tjtdd| g} tjdd} tjtd} | j| ddddddtjtdt|jj} }| j|ddddddtjtdt|jj}}| j|ddddddtjtdt|jj}}| j|ddddddtjtdt|jj}}| j|dd ddddtjtd!t|jj}}| j|dd"ddddtjdd#}tjtd$} |j| ddddddtjtd%t|jjd&k}}|j|ddddddtjtd't|jj}}|j|ddddddtjtd(t|jj}}|j|ddddddtjtd)t|jj}}|j|dd ddddtjtd*t|jj}}|j|dd"ddddtjtd+t|jj }}|j|ddddddtjtd,t|jj!}}|j|dd-ddddtjdd}|j| ddddd.dd/d9|j|ddd0dd.dd/d:tjdd}tj"|j#j$rtd1ptd2}tj"td3}|j|dd|j|ddtjdd}|j|dddd|j|ddddtj%} |j&j'|td4| j(|| j)} | |kr.| j*|j_|j*|j_|j*|j_|j*|j_|j*|j_|j*|j_|j*rd&|j_n!|jjd&krd5|j_n|j*|j_|j*|j_|j*|j_ |j*|j_!|j*|j_|jj|f|jj|f|jj|f|jj| f|jj|f|jj|f|jj|f|jj|f|jj | fg }!x)|!D]}"|j+|"d|"dq Wn|j&j,| |kS(;NtcachingtnscdsFingerprint readert pam_fprintdtKerberostpam_krb5s sssd-clientsLDAP authenticationtpam_ldaptLDAPs nss-pam-ldapdtNIStypbindsshadow passwords shadow-utilstWinbinds samba-clientsWinbind authentications samba-winbindiisUser Informationit anchorLefttgrowxsCache InformationsUse LDAPisUse NISis Use IPAv2is Use WinbindiitAuthenticationsUse MD5 PasswordsRsUse Shadow PasswordssUse LDAP Authentications Use KerberossUse Fingerprint readersUse Winbind Authentications!Local authorization is sufficientit anchorToptpaddingt anchorRighttBacktCanceltNextsAuthentication ConfigurationR(R;s sssd-client(R<s sssd-client(s nss-pam-ldapds sssd-client(iiii(iiii(-RKRvRIR RwRqRtRrRsRuRnt PATH_PWCONVtPATH_WINBIND_NETtPATH_PAM_WINBINDtPATH_LIBNSS_WINBINDR.tGridtLabeltsetFieldtCheckboxtboolRfRRRRRRRyRRRRRjtButtonRPtbacktFormR0tgridWrappedWindowtaddR%tselectedR6t popWindow(#Rt warnCachet warnFprintdt warnKerberost warnLDAPAuthtwarnLDAPtwarnNISt warnShadowtwarnWinbindNettwarnWinbindAutht warnWinbindtinfoGridtcompRtcbRRRRtauthGridRRztldapaRtfprintdRR{tmechGridt buttonGridtcanceltoktmainGridtformt allwarningsR2((s#/usr/share/authconfig/authconfig.pytgetMainChoicess$$$(((((.((((((%%-       cCst|}tjd|}d} g} xn|D]f\} } } }| dkrtj| tt|j| }| j||jtj dd| dd|j|d| ddn| dkrEtj | }|j|d| d dddtj d t|j| d |}| j||j|d| d dnH| d kr:tj | }|j|d| d dddddy#t|j| }|j |Wnt k r|d}nXd}g}x*|D]"}|j||||kfqWtjd|}| j||j|d| ddnS| dkrtjd| dddd}| j||j|d| ddn| d7} q1Wtj|rdpdd}tj|}tj|}|rtj|pd}|j|dd|r!|j|ddn|j||r6dp9ddtjdd}|j|ddd dd d|j|ddd dd dtj}|jj|||j|xtr|j}||krPn| }x|D]\} } } }| dkr2t|j| |jdjq| dkrct|j| |jdjq| d krt|j| |jdjq| dkr|jdqqW||krPn|r|qqW|jj||kS(NiittfvalueRRFiRAtsvalueREi(thiddenRBtrvalueRDtlvaluei2tflexDowntflexUpi(iiii(iiii(iiii(iiii(RR.RNRQRRRRfR RPROtEntrytindexRR tRadioBartTextboxReflowedRSRUR0RVRWRNR%RtpopRXtvaluet getSelectionRY(Rtdtitletitemst canceltxttoktxtt anothertxtt anothercbtrowst questionGridtrowtwidgetstttdesctattrRRfRetselt buttonlisttvtradioBarRkRlRmtanotherRnRotwcopy((s#/usr/share/authconfig/authconfig.pytgetGenericChoices6s  $ " $  %            % % %   c Csdtdddfdtdddfdtdddfg}|jtd |td |rrtd p{td d tdd|jS(NRssDomain:RisRealm:RsServer:RsIPAv2 SettingsRGRIR)Rs Join DomainR(RIRtmaybeGetJoinSettings(Rtnextt questions((s#/usr/share/authconfig/authconfig.pytgetIPAv2Settingss *cCsdtdddfdtdddfdtdd dfg}|jtd |td |rrtd p{td S(NRrsUse TLSRRssServer:RaisBase DN:Rbs LDAP SettingsRGRIR)(RIR R(RRR((s#/usr/share/authconfig/authconfig.pytgetLDAPSettingss cCsjdtdddfdtdddfg}|jtd|td|r]td pftd S( NRssDomain:RisServer:Rs NIS SettingsRGRIR)(RIR(RRR((s#/usr/share/authconfig/authconfig.pytgetNISSettingsscCsdtdddfdtdddfdtdddfd td d dfd td d dfg}|jtd|td|rtdptdS(NRssRealm:RcisKDC:Rds Admin Server:ReRrs"Use DNS to resolve hosts to realmsRs!Use DNS to locate KDCs for realmsRsKerberos SettingsRGRIR)(RIR R(RRR((s#/usr/share/authconfig/authconfig.pytgetKerberosSettingsscCsdtdddfdtdddfg}|jjsKd|j_n|jtd |td td r|jj|jj|jjr|jjt n|jj r|jj t n|jj nt S( NRssDomain Administrator:Ris Password:Rit Administrators Join SettingsRHR)( RIRfRRR0tsuspendRTRRRNRRtresume(RR((s#/usr/share/authconfig/authconfig.pytgetJoinSettingss     cCsdtdddfg}tj|j}|j|jjt}|jj|r|j td|tdtd}n|r|jj n|j t S(NRvsSome of the configuration changes you've made should be saved to disk before continuing. If you do not save them, then your attempt to join the domain may fail. Save changes?s Save SettingstNotYes( RIR RKRgR9RTRfR,tdiffersRRRRN(RRt orig_infoR((s#/usr/share/authconfig/authconfig.pyRs    c Csddg}ddddddg}d }t||}d td d |fd tdddfd tdddfd tdddfd tdd|fg}|jtd|td|rtdptddtdd|jS(Ntadstdomains /sbin/nologins/bin/shs /bin/bashs /bin/tcshs/bin/kshs/bin/zshcSstj|tjS(N(RlRmRo(tshell((s#/usr/share/authconfig/authconfig.pyt shellexistssRusSecurity Model:RRssDomain:RisDomain Controllers:Rs ADS Realm:RsTemplate Shell:RsWinbind SettingsRGRIR)Rs Join DomainR(tfilterRIRR(RRtsecuritytshellsRR((s#/usr/share/authconfig/authconfig.pytgetWinbindSettingss   *cCs:d}t}x!|dkr/|dkr/|jj|dkrO|j}n|dkr|jjr|jjp|jjp|jjp|jjp|jj p|jj }|j |}qn>|dkr-|jjs|jjr|jjp|jjp|jj p|jj }|j |}qn|dkr~|jjr|jjpf|jj pf|jj }|j |}qn|dkr|jjr|jj p|jj }|j|}qn?|dkr|jj s|jj rt}|j|}qn|jj|r"|d7}q|d8}qW|dkS( Niiiiiiii(R,RfRTRqRRRRRRRRRRRR(RRtrctmore((s#/usr/share/authconfig/authconfig.pyt getChoicessT                           cCsBtd|jj}tj|jtd|tdgdS(NsTo connect to a LDAP server with TLS protocol enabled you need a CA certificate which signed your server's certificate. Copy the certificate in the PEM format to the '%s' directory. Then press OK.R(R)(RIRft ldapCacertDirR.R/R0(RR5((s#/usr/share/authconfig/authconfig.pytdisplayCACertsMessages  cCs|jjrtSztj|_|j}|jjtd|jj dd|d|j s{|jj t S|j jr|j jr|jnWd|jj XtS(NsN / between elements | selects | next screenis - (c) 1999-2005 Red Hat, Inc.(RPR'RNR.t SnackScreenR0R6t pushHelpLineRIt drawRootTextRtfinishR,RfRRR(Rtpackageversion((s#/usr/share/authconfig/authconfig.pyRs    N(RRR6RR6RqR RRRRRRRRRRR(((s#/usr/share/authconfig/authconfig.pyR&s    r_       - t__main__R5(RKtacutiltgettextRltsignalRtlgettextRItoptparseRRRt setlocaletLC_ALLtErrorR7RRR.RRR+R&RtSIGINTtSIG_DFLt textdomainR6RQR%(((s#/usr/share/authconfig/authconfig.pyts20     $P