#!/bin/bash
# knoppix-terminalserver - Generate initrd and config files for pxelinux
# and start/stop all services needed.
# (C) Klaus Knopper August 2001
#
# Spanish translation by Luis Llorente <luis.llorente@hispalinux.es>
# and Sergio Gonzalez <sergio.gonzalez@hispalinux.es>

PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin"
export PATH

umask 022

[ "`id -u`" != "0" ] && exec sudo "$0" "$@"

TITLE="KNOPPIX Terminal Server"
TMPSUFFIX="-knoppix-terminalserver-orig"
# These are the config files that CAN be modified
CONFIGFILES="/etc/dhcp3/dhcpd.conf /etc/exports /etc/hosts.allow /etc/default/dhcp3-server /etc/squid/squid.conf /etc/bind/named.conf"
# The KNOPPIX-Terminalserver config file
CONFIG="/etc/sysconfig/knoppix-terminalserver"
STATUS="/var/run/knoppix-terminalserver.status"
# extra Kernel bootoptions
APPEND=""

# Services to stop
STOPSERVICES="nfs-kernel-server nfs-common portmap dhcp3-server"

# LANG et al.
[ -f /etc/sysconfig/i18n ] && { . /etc/sysconfig/i18n;  export LANG LC_ALL; }
[ -f /etc/sysconfig/knoppix-terminalserver ] && . /etc/sysconfig/knoppix-terminalserver

XDIALOG_HIGH_DIALOG_COMPAT=1
export XDIALOG_HIGH_DIALOG_COMPAT

TMP="/tmp/knoppix-terminalserver.menu.tmp$$"
   
KERNEL="$(uname -r)"

# Utility functions, usually called in $0 "start"
# Variable substitution has to be finished before

bailout(){
# Leave and remove temporary files
   rm -f "$TMP"
   [ "$1" = "2" ] && rm -f "$CONFIG"
   exit $1
}

validip(){
echo "$1" | egrep -q -e '[0-9]+\.[0-9]+\.[0-9]+.[0-9]+'
return $?
}

mkdhcpdconf(){
# Generate dhcpd.conf from template
[ ! -f /etc/dhcp3/dhcpd.conf"$TMPSUFFIX" ] && mv -f /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf"$TMPSUFFIX"
ALLNAMESERVERS=""
case "$OPTIONS" in *dns*) ALLNAMESERVERS="${IP}";; esac
for i in $NAMESERVERS; do ALLNAMESERVERS="${ALLNAMESERVERS:+$ALLNAMESERVERS,} $i"; done
GATEWAYS="$GATEWAY"
case "$OPTIONS" in *masq*) GATEWAYS="${IP} $GATEWAYS";; esac
case "$OPTIONS" in *dhcp1067*)  DHCP_PORTS='local-port 1067; remote-port 1068;'  ;;  esac
ALLGATEWAYS=""
for i in $GATEWAYS; do ALLGATEWAYS="${ALLGATEWAYS:+$ALLGATEWAYS,} $i"; done
cat >/etc/dhcp3/dhcpd.conf <<EOT
# dhcpd.conf for KNOPPIX terminalserver

# global settings
allow booting;
allow bootp;
default-lease-time 600;
max-lease-time 7200;
$DHCP_PORTS

subnet ${NETWORK}.0 netmask ${NETMASK} {
  next-server $IP;
#  if substring (option vendor-class-identifier, 0, 9) = "Etherboot" { filename "etherboot.nbi"; }
#  else { filename "pxelinux.0"; }
  filename "pxelinux.0"; 
  option subnet-mask ${NETMASK};
  range ${IPRANGE_FROM} ${IPRANGE_TO};
  ${ALLNAMESERVERS:+option domain-name-servers $ALLNAMESERVERS;}
  ${ALLGATEWAYS:+option routers $ALLGATEWAYS;}
}
EOT
[ ! -f /etc/default/dhcp3-server"$TMPSUFFIX" ] && mv -f /etc/default/dhcp3-server /etc/default/dhcp3-server"$TMPSUFFIX"
echo "INTERFACES=\"$DEVICE\"" >/etc/default/dhcp3-server
}

mkexports(){
[ ! -f /etc/exports"$TMPSUFFIX" ] && mv -f /etc/exports /etc/exports"$TMPSUFFIX"
awk '{if(/^#/){print}else{exit}}' /etc/exports"$TMPSUFFIX" >/etc/exports
echo "/cdrom ${NETWORK}.0/${NETMASK}(ro,no_root_squash,async)" >>/etc/exports
awk '{if(body || /^[^#]/){body=1;print}}' /etc/exports"$TMPSUFFIX" >>/etc/exports
}

mkhostsallow(){
[ ! -f /etc/hosts.allow"$TMPSUFFIX" ] && mv -f /etc/hosts.allow /etc/hosts.allow"$TMPSUFFIX"
awk '{if(/^#/){print}else{exit}}' /etc/hosts.allow"$TMPSUFFIX" >/etc/hosts.allow
echo "portmap in.tftpd rpc.mountd mountd rpc.lockd lockd rpc.nfsd nfsd : 127.0.0.1 LOCAL ${NETWORK}.0/${NETMASK} : ALLOW" >>/etc/hosts.allow
awk '{if(body || /^[^#]/){body=1;print}}' /etc/hosts.allow"$TMPSUFFIX" >>/etc/hosts.allow
}

mktftpboot(){
# Create tftpboot directory and config
mkdir -p /tmp/tftpboot/pxelinux.cfg
[ ! -L /tftpboot ] && ln -s /tmp/tftpboot /
install -m 644 /usr/lib/syslinux/pxelinux.0 /usr/share/knoppix-terminalserver/templates/tftpboot/* /tftpboot/
[ -e /cdrom/boot/isolinux/logo.16 ] && install -m 644 /cdrom/boot/isolinux/logo.16 /tftpboot/
install -m 644 /boot/vmlinuz-$KERNEL /tftpboot/vmlinuz
rdev /tftpboot/vmlinuz /dev/ram1
KEYTABLE=""
case "$LANGUAGE" in de|at|ch) KEYTABLE="KBDMAP german.kbd";; esac
SECURE=""
case "$OPTIONS" in *secure*) SECURE=" secure";; esac
case "$OPTIONS" in *nx*) APPEND="${APPEND:+ $APPEND} desktop=nx nx_server_host=${IP}";; esac
cat >/tftpboot/pxelinux.cfg/default <<EOT
DEFAULT vmlinuz
APPEND$SECURE nfsdir=${IP}:/cdrom nodhcp lang=$LANGUAGE ramdisk_size=100000 init=/etc/init apm=power-off nomce vga=791 initrd=miniroot.gz quiet${APPEND:+ $APPEND} BOOT_IMAGE=knoppix
TIMEOUT 300
$KEYTABLE
PROMPT 1
DISPLAY boot.msg
LABEL knoppix
KERNEL vmlinuz
APPEND$SECURE nfsdir=${IP}:/cdrom nodhcp lang=$LANGUAGE ramdisk_size=100000 init=/etc/init apm=power-off nomce vga=791 initrd=miniroot.gz quiet${APPEND:+ $APPEND} BOOT_IMAGE=knoppix
LABEL knoppix-txt
KERNEL vmlinuz
APPEND$SECURE nfsdir=${IP}:/cdrom nodhcp lang=$LANGUAGE ramdisk_size=100000 init=/etc/init apm=power-off nomce vga=normal initrd=miniroot.gz${APPEND:+ $APPEND} BOOT_IMAGE=knoppix
LABEL expert
KERNEL vmlinuz
APPEND$SECURE nfsdir=${IP}:/cdrom nodhcp lang=$LANGUAGE ramdisk_size=100000 init=/etc/init apm=power-off nomce vga=791 initrd=miniroot.gz${APPEND:+ $APPEND} BOOT_IMAGE=expert
LABEL fb1024x768
KERNEL vmlinuz
APPEND$SECURE nfsdir=${IP}:/cdrom nodhcp lang=$LANGUAGE ramdisk_size=100000 init=/etc/init apm=power-off nomce vga=791 xmodule=fbdev initrd=miniroot.gz${APPEND:+ $APPEND} BOOT_IMAGE=knoppix
LABEL fb800x600
KERNEL vmlinuz
APPEND$SECURE nfsdir=${IP}:/cdrom nodhcp lang=$LANGUAGE ramdisk_size=100000 init=/etc/init apm=power-off nomce vga=788 xmodule=fbdev initrd=miniroot.gz${APPEND:+ $APPEND} BOOT_IMAGE=knoppix
EOT
}

mketherboot(){
# Make etherboot image
rm -f /tmp/net-boot.img
drivex='drive x: file="/tmp/net-boot.img"'
( grep -v -i "drive.*x:" ~/.mtoolsrc 2>/dev/null ; echo "$drivex" ) > ~/.mtoolsrc.new
mv -f ~/.mtoolsrc.new ~/.mtoolsrc
mformat -C -t 80 -s 36 -h 2 x:
mcopy /tftpboot/pxelinux.cfg/default x:syslinux.cfg
mcopy /tftpboot/vmlinuz /tftpboot/miniroot.gz \
      /usr/share/knoppix-terminalserver/templates/tftpboot/* x:
syslinux /tmp/net-boot.img
# Kanotix uses --rdbase=0x367400, why?
mknbi-dos --rdbase=0x220000 /tmp/net-boot.img  >/tftpboot/etherboot.nbi
rm -f /tmp/net-boot.img
}

mknamedconf(){
[ ! -f /etc/bind/named.conf"$TMPSUFFIX" ] && mv -f /etc/bind/named.conf /etc/bind/named.conf"$TMPSUFFIX"
FORWARDERS=""
for i in $NAMESERVERS; do FORWARDERS="$FORWARDERS $i;"; done
[ -n "$FORWARDERS" ] && FORWARDERS=" forwarders {${FORWARDERS}};"
cat >/etc/bind/named.conf <<EOT
// bind9 configuration file for KNOPPIX-Terminalserver
options { directory "/var/cache/bind"; query-source address * port 53;${FORWARDERS} auth-nxdomain no; };
zone "."                { type hint; file "/etc/bind/db.root"; };
zone "localhost"        { type master; file "/etc/bind/db.local"; };
zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
zone "0.in-addr.arpa"   { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
EOT
}

mksquidconf(){
# Not used yet
[ ! -f /etc/squid/squid.conf"$TMPSUFFIX" ] && mv -f /etc/squid/squid.conf /etc/squid/squid.conf"$TMPSUFFIX"
cat >/etc/squid/squid.conf <<EOT
# squid.conf for KNOPPIX-Terminalserver
# Transparent proxy config
visible_hostname Knoppix
http_port ${IP}:3128
http_port 127.0.0.1:3128
http_port ${IP}:8080
http_port 127.0.0.1:8080
cache_mem ${SQUID_CACHE_MEM:-8} MB
cache_dir ufs /var/spool/squid ${SQUID_CACHE_DISK:-16} 16 256
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src ${NETWORK}.0/${NETMASK}
acl SSL_ports port 443 563
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443 563	# https, snews
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 631		# cups
acl Safe_ports port 777		# multiling http
acl Safe_ports port 901		# SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
icp_access deny all
EOT
}

mkinitrd(){
# Replaces the mkinitrd script that is normally present
echo "Making Mini Rootdisk."
MINISIZE=6000 # In kilobytes
MINIROOT="/tmp/knoppix-terminalserver-miniroot"
RAMDEV=""
rm -rf "$MINIROOT"
mkdir -p "$MINIROOT"
RAMDISK="/tmp/knoppix-ramdisk.$$"
rm -f "$RAMDISK"
dd if=/dev/zero of="$RAMDISK" bs="${MINISIZE}k" count=1
mke2fs -L "KNOPPIX Miniroot" -b 1024 -N 8192 -O none -F -q -m 0 "$RAMDISK" "${MINISIZE}"
mount -o loop,rw -t ext2 "$RAMDISK" "$MINIROOT"
rm -rf "$MINIROOT/lost+found"
for i in cdrom dev etc KNOPPIX lib mnt modules/net modules/scsi proc sys static tmp var/run; do
mkdir -p "$MINIROOT/$i"
done
for i in bin boot opt sbin usr; do
ln -s /KNOPPIX/"$i" "$MINIROOT/$i"
done
ln -s /tmp "$MINIROOT"/var/tmp
# Copy Templates
cp -a /usr/share/knoppix-terminalserver/templates/miniroot/* "${MINIROOT}/"
# Copy Programs
cp -a /bin/ash.static "${MINIROOT}/static/ash"
ln -s /static/ash "${MINIROOT}/static/init"
ln -s /static/ash "${MINIROOT}/static/sh"

# Check if we need the Kernel 2.6 insmod
INSMOD=""
case "$KERNEL" in 2.6.*) INSMOD=/sbin/insmod ;; esac

# Unfortunately, these are not integrated in ash-knoppix yet, so we need some shared
# libs. :-(
for i in /bin/mount /sbin/{pump,ifconfig,portmap} $INSMOD; do
 cp -a "$i" "${MINIROOT}/static/"
 ldd "$i" | while read lib skip path relax; do
  if [ -f "$lib" ]; then
   cp -up "$lib" "${MINIROOT}/lib/${lib##*/}"
  else
   [ -n "$path" ] && cp -up "$path" "${MINIROOT}/lib/${lib##*/}"
  fi
 done
done
cp /lib/libacl*.so.? /lib/libattr*.so.? /lib/libnss_files*.so.? /lib/libnss_dns*.so.? "${MINIROOT}/lib/"
strip "${MINIROOT}"/lib/*
# Copy device nodes
cp -a /dev/{null,zero,console,cloop*,hd*,sd*,ub*,init*,kmem,fd*,loop*,mem,ram*,*random,pts,psaux,ptmx,std*,systty,sndstat,tty,tty[0-9]*} "${MINIROOT}/dev/"
# Copy kernel modules
cp /lib/modules/$KERNEL/kernel/*/*/{af_packet,sunrpc,lockd,nfs}.*o "${MINIROOT}/modules/net/"
# New in Kernel 2.4
for i in /lib/modules/$KERNEL/kernel/lib/crc32.*o; do
cp "$i" "${MINIROOT}/modules/net/00_${i##*/}" 2>/dev/null
done
cp /lib/modules/$KERNEL/kernel/*/*/cloop.*o /lib/modules/$KERNEL/kernel/*/*/unionfs.*o "${MINIROOT}/modules/"
for i in $MODULES; do
find /lib/modules/$KERNEL/kernel/drivers/net -name "$i" -exec cp {} "${MINIROOT}/modules/net/" \;
done

# Find and copy module dependencies as well
for i in $MODULES; do
awk -F: '{if($1~/'"$i"'/) {print $2}}' /lib/modules/$KERNEL/modules.dep
done | sort | uniq | while read module relax; do [ -n "$module" ] && cp "$module" "${MINIROOT}/modules/net/00_${module##*/}"; done

umount "${MINIROOT}"
dd if="$RAMDISK" bs=${MINISIZE}k count=1 | gzip -9v > "${MINIROOT}.gz"
rm -r "$RAMDISK"
mv -f "${MINIROOT}.gz" /tftpboot/miniroot.gz
}

runnfs(){
/etc/init.d/nfs-kernel-server stop >/dev/null 2>&1
/etc/init.d/nfs-common stop >/dev/null 2>&1
/etc/init.d/portmap stop >/dev/null 2>&1
mkexports
mkhostsallow
/etc/init.d/portmap start
/etc/init.d/nfs-common start
/etc/init.d/nfs-kernel-server start
}

rundhcpd(){
/etc/init.d/dhcp3-server stop >/dev/null 2>&1
mkdhcpdconf
rm -f /var/lib/dhcp3/dhcpd.leases* 2>/dev/null
touch /var/lib/dhcp3/dhcpd.leases
/etc/init.d/dhcp3-server start
}

killtftpd(){
PID="$(ps auxww | awk '/in\.tftpd/{if(!/awk/){print $2}}')"
[ -n "$PID" ] && kill $PID 2>/dev/null
}

runtftpd(){
killtftpd
in.tftpd -l -s /tftpboot
}

runiptables(){
case "$OPTIONS" in *masq*)
iptables -P FORWARD DROP
ip6tables -P FORWARD DROP >/dev/null 2>&1
echo "1" >/proc/sys/net/ipv4/ip_forward
for ARGS in "FORWARD -i ${DEVICE} -s ${NETWORK}.0/${NETMASK} -j ACCEPT" \
            "FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" \
	    "POSTROUTING -t nat -j MASQUERADE"; do
iptables -D $ARGS >/dev/null 2>&1 ; iptables -A $ARGS
ip6tables -D $ARGS >/dev/null 2>&1 ; ip6tables -A $ARGS >/dev/null 2>&1
done
;;
esac
}

runbind(){
case "$OPTIONS" in *dns*)
if [ -x /etc/init.d/bind9 ]; then
/etc/init.d/bind9 stop >/dev/null 2>&1; mknamedconf; /etc/init.d/bind9 start
else
echo "bind9 not installed, skipping." >&2
fi
;;
esac
}

runsquid(){
# Not used yet
case "$OPTIONS" in *squid*)
if [ -x /etc/init.d/squid ]; then
/etc/init.d/squid stop >/dev/null 2>&1
[ ! -d /var/spool/squid/00 ] && squid -z
mksquidconf
/etc/init.d/squid start
for ARGS in "PREROUTING -t nat -i ${DEVICE} -p tcp -s ${NETWORK}.0/${NETMASK} --dport 80 -j REDIRECT --to-port 8080"; do
iptables -D $ARGS >/dev/null 2>&1 ; iptables -I $ARGS
done
else
echo "squid not installed, skipping." >&2
fi
;;
esac
}

killsquid(){
case "$OPTIONS" in *squid*)
if [ -x /etc/init.d/squid ]; then
/etc/init.d/squid stop >/dev/null 2>&1
for ARGS in "PREROUTING -t nat -i ${DEVICE} -p tcp -s ${NETWORK}.0/${NETMASK} --dport 80 -j REDIRECT --to-port 8080"; do
iptables -D $ARGS >/dev/null 2>&1
done
fi
;;
esac
}

# EOF Utility functions

trap bailout 2 15

[ -f /etc/sysconfig/i18n ] && . /etc/sysconfig/i18n

DIALOG="dialog"
[ -n "$DISPLAY" ] && [ -x /usr/bin/Xdialog ] && DIALOG="Xdialog"

case "$1" in
stop)
{ [ ! -f "$STATUS" ] || [ "$(<$STATUS)" != "running" ]; } && { echo "KNOPPIX-Terminalserver not running."; exit 1; }
for s in $STOPSERVICES; do /etc/init.d/$s stop; done
killsquid
killtftpd
echo "configured" >"$STATUS"
;;
start)
[ -f "$CONFIG" ] || { echo "KNOPPIX-Terminalserver not configured yet, entering setup."; exec "$0" setup; }
[ -f "$STATUS" ] && [ "$(<$STATUS)" = "running" ] && { echo "KNOPPIX-Terminalserver already running."; exit 1; }
mktftpboot
mkinitrd
mketherboot
rundhcpd
runtftpd
runnfs
runiptables
runbind
runsquid
echo "running" >"$STATUS"
;;
unsetup|uninstall|unconfigure|deconfigure)
[ -f "$STATUS" ] && [ "$(<$STATUS)" = "running" ] && { echo "KNOPPIX-Terminalserver running, stopping services."; $0 stop; }
for f in $CONFIGFILES; do [ -f "$f$TMPSUFFIX" ] && { rm -f "$f"; mv -f "$f$TMPSUFFIX" "$f"; }; done
rm -f "$STATUS" "$CONFIG"
;;
setup|install|configure)
# Build $CONFIG configfile
rm -f "$CONFIG"
echo "# KNOPPIX Terminalserver config `date`" >"$CONFIG"

BACKTITLE="KNOPPIX TERMINALSERVER SETUP"

case "$LANGUAGE" in
de|at|ch)
TITLE_CARD="Bitte wählen Sie die Netzwerkkarte aus, die am Client-Netzwerk angeschlossen ist."
MESSAGE_CARD="Verfügbare Netzwerkkarten:"
TITLE_RUNCONFIG="Netcardconfig aufrufen"
MESSAGE_RUNCONFIG="Diese Netzwerkkarte wurde bisher noch nicht konfiguriert. Möchten Sie dies jetzt nachholen?"
TITLE_IPRANGE="IP Adressraum für clients"
MESSAGE_IPRANGE="
Bitte geben Sie den gewünschten Bereich von IP-Adressen ein, der an Clients vergeben werden darf, Anfangs- und Endadresse durch ein einzelnes Leerzeichen getrennt.

Beispiel:
          192.168.0.100 192.168.0.200

für Adressvergabe von 192.168.0.100 bis (einschließlich) 192.168.0.200.

"
MESSAGE_CARDS="Wählen Sie die auf den Clients zu unterstützenden Netzwerkkarten-Typen aus:"
TITLE_CARDS="Client Hardware"
TITLE_OPTIONS="Optionen"
MESSAGE_OPTIONS="Diese Optionen sind verantwortlich für Performance und Sicherheit von Server und Clients. Die Webproxy-Option sollten Sie nur auswählen, wenn Ihr Rechner über mindestens 256MB Hauptspeicher verfügt."
TITLE_START="Server starten"
MESSAGE_START="Der KNOPPIX-Terminalserver wird nun im Hintergrund gestartet. Sie können die einzelnen Dienste (dhcpd, in.tftpd, nfsd, ...) in der Prozessliste des Systems verfolgen, und mit \"$0 stop\" oder dem entsprechenden Menü den Terminalserver ggf. wieder beenden. Über PXE netzwerk-bootfähige Rechner sollten nun von diesem Rechner booten können, und mit den notwendigen Dateien über das Netz versorgt werden. Server jetzt starten?"
TITLE_APPEND="Client Boot-Optionen"
MESSAGE_APPEND="Einige Hardware (bestimmte Grafikkarten, Monitore etc.) benötigen spezielle Bootoptionen, da sie nicht automatisch erkannt werden können (s. knoppix-cheatcodes.txt). Sie können hier eine durch Leerzeichen getrennte Liste von Bootoptionen und Parametern angeben, die auf den Clients ausgeführt wird. Lassen Sie das Feld leer und wählen Sie \"OK\", falls keine speziellen Bootoptionen notwendig sind."
ITEM_SECURE="Root Zugang auf den Clients abschalten"
ITEM_DNS="Nameserver Cache/Proxy"
ITEM_SQUID="Transparenter WWW Cache/Proxy"
ITEM_IPTABLES="IP Masquerading+Forwarding"
ITEM_NX="NX ThinClient setup"
ITEM_DHCP1067="DHCP auf wechselnden Toren"
;;
es)
TITLE_CARD="Selecciona el dispositivo de red conectado a la red de clientes"
MESSAGE_CARD="Dispositivos de red disponibles:"
TITLE_RUNCONFIG="Ejecutari netcardconfig"
MESSAGE_RUNCONFIG="Esta tarjeta de red aún no ha sido configurada. ¿Le gustaría hacerlo ahora?"
TITLE_IPRANGE="Rango de direcciones IP para los clientes"
MESSAGE_IPRANGE="
Por favor, introduzca los rangos de direcciones IP que deberían ser accesibles por los clientes, separados por un espacio single.

Ejemplo:
          192.168.0.101 192.168.0.200

para direcciones desde 192.168.0.101 hasta (inclusive) 192.168.0.200.

"
MESSAGE_CARDS="Seleccione tarjeta(s) de red para probar en las máquinas cliente:"
TITLE_CARDS="Hardware del cliente"
TITLE_OPTIONS="Opciones"
MESSAGE_OPTIONS="Estas opciones determinan el rendimiento y la seguridad del servidor y los clientes. Debería seleccionar la opción webproxy sólo si su servidor tiene al menos 265MB de memoria."
TITLE_START="Arrancando el servidor"
MESSAGE_START="El servidor KNOPPIX-Terminal se arrancará ahora. Puede observar los servicios individuales (dhcpd, in.tftpd, nfsd, ...) en el listado de procesos de su sistema. Si quiere finalizar el servidor de terminales, por favor, utilice \"$0 stop\" o el correspondiente elemento del menú. Los ordenadores con una tarjeta de red arrancable PXE deberían ser capaces de arrancar remotamente desde este ordenador a partir de ahora. ¿Arrancar el servidor?"
TITLE_APPEND="Opciones de arranque del cliente"
MESSAGE_APPEND="Para algún hardware (algunas tarjetas gráficas, monitores) puede ser necesario tener que especificar opciones de arranque (ver knoppix-cheatcodes.txt). Aquí puede añadir una lista de opciones y parámetros separadas por espacios que serán añadidos a la línea de comandos de arranque en las máquinas cliente. Deje vacío y pulse \"OK\" si sus clientes no necesitan ninguna."
ITEM_SECURE="Desactivar acceso root en cliente(s)"
ITEM_DNS="Caché de servidor de nombres/proxy"
ITEM_SQUID="Proxy WWW transparente caché"
ITEM_IPTABLES="Enmascaramiento IP + reenvío"
ITEM_NX="Configuración del ThinClient NX"
ITEM_DHCP1067="Alternate DHCP ports"
;;
*)
TITLE_CARD="Choose network device connected to client network"
MESSAGE_CARD="Available network devices:"
TITLE_RUNCONFIG="Run netcardconfig"
MESSAGE_RUNCONFIG="This network card has not been configured yet. Would you like to do this now?"
TITLE_IPRANGE="IP Address range for clients"
MESSAGE_IPRANGE="
Please enter the desired IP-Range of addresses that should be allocated by clients, separated by a single space.

Example:
          192.168.0.101 192.168.0.200

for addresses from 192.168.0.101 to (and including) 192.168.0.200.

"
MESSAGE_CARDS="Choose network card(s) to support/probe on client machines:"
TITLE_CARDS="Client hardware"
TITLE_OPTIONS="Options"
MESSAGE_OPTIONS="These options determine performance and security of server and clients. You should select the webproxy option only if your server has at least 265MB of memory."
TITLE_START="Starting server"
MESSAGE_START="The KNOPPIX-Terminal Server will now be started. You may observe the individual services (dhcpd, in.tftpd, nfsd, ...) in the process list of your system. If you want to end the terminal server, please use \"$0 stop\" or the corresponding menu item. Computers with a PXE-bootable network card should be able to boot remotely from this machine now. Start server?"
TITLE_APPEND="Client boot options"
MESSAGE_APPEND="For some hardware (certain graphics adapters, monitors) it can be necessary to specify boot options (see knoppix-cheatcodes.txt). You may add a space-separated list of options and parameters here that will be added to the boot commandline on the client machines. Leave empty and hit \"OK\" if your clients don't require any."
ITEM_SECURE="Disable root access on client(s)"
ITEM_DNS="Nameserver cache/proxy"
ITEM_SQUID="Transparent WWW cache/proxy"
ITEM_IPTABLES="IP masquerading+forwarding"
ITEM_NX="NX ThinClient setup"
ITEM_DHCP1067="DHCP on alternate ports (1067/1068)"
;;
esac

rm -f "$TMP"

NETDEVICES="$(cat /proc/net/dev | awk -F: '/ath.:|wlan.:|eth.:|tr.:/{print $1}')"
DEVICELIST=""
for DEVICE in $NETDEVICES; do DEVICELIST="$DEVICELIST ${DEVICE} Netzwerkkarte_${DEVICE##eth}"; done
rm -f "$TMP"
$DIALOG --backtitle "$BACKTITLE" --title "$TITLE_CARD" --menu "$MESSAGE_CARD" 18 70 12 $DEVICELIST 2>"$TMP" || bailout 0
DEVICE="$(<$TMP)" ; rm -f "$TMP"

while true; do
IP="$(LANG=C LC_ALL=C ifconfig "$DEVICE" | awk '/[Ii]net [Aa]ddr/{FS="[: 	]*"; $0=$0; print $4; exit}')"
NETMASK="$(LANG=C LC_ALL=C ifconfig "$DEVICE" | awk '/[Mm]ask/{FS="[: 	]*"; $0=$0; print $8; exit}')"
validip "$IP" && break
$DIALOG --backtitle "$BACKTITLE" --title "$TITLE_RUNCONFIG" --yesno "$MESSAGE_RUNCONFIG" 18 45 && netcardconfig || bailout 2
done

NETWORK="${IP%.*}"
HOST="${IP##*.}"

[ "$HOST" -lt 201 ] && START=201 || START=151
[ "$START" = "201" ] && END=250 || END=200

IPRANGE_FROM=""
IPRANGE_TO=""
while [ -z "$IPRANGE_FROM" -o -z "$IPRANGE_TO" -o -z "$IPRANGE" ]; do
IPRANGE="$NETWORK.$START $NETWORK.$END"
rm -f "$TMP"
$DIALOG --clear --backtitle "$BACKTITLE" --title "$TITLE_IPRANGE ($DEVICE=$IP/$NETMASK)" --inputbox "$MESSAGE_IPRANGE" 18 75 "$IPRANGE" 2>"$TMP" || bailout 2
IPRANGE="$(<$TMP)"
IPRANGE_FROM="${IPRANGE%% *}"
IPRANGE_TO="${IPRANGE##* }"
for i in "$IPRANGE_FROM" "$IPRANGE_TO"; do
validip "$i" || IPRANGE=""
done
done

NAMESERVERS="$(awk '/^nameserver/{printf "%s ",$2}' /etc/resolv.conf)"
GATEWAY="$(LANG=C LC_ALL=C route -n | awk '/^0\.0\.0\.0/{print $2; exit}')"

echo "DEVICE=\"$DEVICE\"" >>"$CONFIG"
echo "IP=\"$IP\"" >>"$CONFIG"
echo "NETWORK=\"$NETWORK\"" >>"$CONFIG"
echo "NETMASK=\"$NETMASK\"" >>"$CONFIG"
echo "GATEWAY=\"$GATEWAY\"" >>"$CONFIG"
echo "NAMESERVERS=\"$NAMESERVERS\"" >>"$CONFIG"
echo "IPRANGE_FROM=\"$IPRANGE_FROM\"" >>"$CONFIG"
echo "IPRANGE_TO=\"$IPRANGE_TO\"" >>"$CONFIG"

find /lib/modules/$KERNEL/kernel/drivers/net -name \*.\*o | awk -F/ '{print $NF}' > $TMP
CARDLIST=$(echo -e $(modinfo -d $(find /lib/modules/$KERNEL/kernel/drivers/net -name \*.\*o) | sed 's/"$/"\\n/g; s/>$/>\\n/g') | paste $TMP - | sort | sed 's/<none>/Kernel-Module/g;' | awk -F"\t" '{printf("%s|%s|",$1,$2)}; /^8139too|^3c59x|^tulip|^eepro100|^sis900/{ print "on|" }; { print "off|" }' | grep "\..*o" | tr -d '\n' )
rm -f "$TMP"
IFS='|'
$DIALOG --clear --backtitle "$BACKTITLE" --title "$TITLE_CARDS" --checklist "$MESSAGE_CARDS" 22 70 15 \
$CARDLIST 2>"$TMP" || bailout 2
unset IFS
MODULES="$(sed 's,",,g;s,/, ,g;s,'\'',,g;' <$TMP)"
echo "MODULES=\"$MODULES\"" >>"$CONFIG"

# Check if iptables, bind9 or squid are present to build option list
USE_SQUID=""; [ -x /etc/init.d/squid ] && USE_SQUID="true"
# Caution: Use DNS cache only if we have other nameservers
USE_BIND=""; [ -x /etc/init.d/bind9 -a -n "$NAMESERVERS" ] && USE_BIND="true"
USE_IPTABLES=""; [ -x /sbin/iptables ] && USE_IPTABLES="true"
USE_NX=""; [ -x /usr/bin/nxserver ] && USE_NX="true"
rm -f "$TMP"
$DIALOG --clear --backtitle "$BACKTITLE" --title "$TITLE_OPTIONS" --checklist "$MESSAGE_OPTIONS" 22 70 15 \
"secure" "$ITEM_SECURE" on \
${USE_IPTABLES:+masq "$ITEM_IPTABLES" on} \
${USE_BIND:+dns "$ITEM_DNS (+4MB)" on} \
${USE_SQUID:+squid "$ITEM_SQUID (+40MB)" off} \
${USE_NX:+nx "$ITEM_NX" off} \
dhcp1067 "$ITEM_DHCP1067" off \
2>"$TMP" || bailout 2
OPTIONS="$(sed 's,",,g;s,/, ,g' <$TMP)"
echo "OPTIONS=\"$OPTIONS\"" >>"$CONFIG"
rm -f "$TMP"
$DIALOG --clear --backtitle "$BACKTITLE" --title "$TITLE_APPEND" --inputbox "$MESSAGE_APPEND" 18 75 "" 2>"$TMP" || bailout 2
APPEND="$(<$TMP)"
[ -n "$APPEND" ] && echo "APPEND=\"$APPEND\"" >>"$CONFIG"
rm -f "$TMP"
echo "configured" >"$STATUS"
$DIALOG --clear --backtitle "$BACKTITLE" --title "$TITLE_START" --yesno "$MESSAGE_START" 20 75 || bailout 0
# Finally start it.
exec $0 start
;;
*)
# No options given, display chooser
BACKTITLE="KNOPPIX TERMINALSERVER"
case "$LANGUAGE" in
de|at|ch)
TITLE_INTRO="Informationen zum KNOPPIX-Terminalserver"
MESSAGE_INTRO="Der KNOPPIX-Terminalserver ist eine Sammlung von Skripten und Utilities, um auf einem Rechner, auf dem bereits KNOPPIX läuft, Services wie DHCP, TFTP und NFS zu starten, so dass der Kernel, eine dynamisch generierte Init-Ramdisk sowie das komprimierte KNOPPIX-Image über das Netzwerk exportiert werden können.

Um KNOPPIX über das Netzwerk zu booten, benötigen die Client-Rechner eine von Linux unterstützte, PXE-bootfähige Netzwerkkarte. Die serverseitig gestarteten Skripte erlauben es, die IP-Bereiche für die Clients festzulegen und einige sicherheitsrelevante Optionen zu setzen (beispielsweise, ob ein Root-Zugang auf den Clients erlaubt sein soll oder nicht)."
TITLE_CHOOSER="Terminalserver Menü"
MESSAGE_CHOOSER="Bitte auswählen"
MESSAGE_CONFIG="Server (neu) konfigurieren und (neu) starten"
MESSAGE_START="Server starten"
MESSAGE_STOP="Server anhalten"
;;
es)
TITLE_INTRO="Información sobre el servidor de terminal KNOPPIX"
MESSAGE_INTRO="El servidor de terminal KNOPPIX es una colección de scripts que arranca servicios como dhcp, tftp, nfs en una máquina que ya esté ejecutando KNOPPIX, de manera que el Kernel, una imagen dinámica generada por initrd y la imagen-loop comprimida se comparten a través de la red.

Para arrancar Knoppix a través de la red, necesita una tarjeta de red soportada por linux y arrancable mediante PXE en cada máquina cliente. Los scripts de arranque en el servidor le dejan elegir el rango de direcciones IP asignadas así como algunas opciones relativas a la seguridad (por ejemplo, el permitir o no root-Shells en las máquinas cliente)."
TITLE_CHOOSER="Menú Terminalserver"
MESSAGE_CHOOSER="Por favor, seleccione:"
MESSAGE_CONFIG="(Re)configurar el servidor y (re)arrancar"
MESSAGE_START="Arrancar el servidor"
MESSAGE_STOP="Parar el servidor"
;;
*)
TITLE_INTRO="Information about the KNOPPIX terminal server"
MESSAGE_INTRO="The KNOPPIX terminal server is a collection of scripts that starts services like dhcp, tftp, nfs on a machine already running KNOPPIX, so that the Kernel, a dynamically generated initrd and the compressed loop-image are shared over the network.

To boot Knoppix over the network, you need a Linux-supported, PXE-bootable Network card on each client machine. The server-side startup scripts let you chose the range of dynamically assigned IP addresses and some options concerning security (for example, whether or not to allow root-Shells on the client machines)."
TITLE_CHOOSER="Terminalserver Menu"
MESSAGE_CHOOSER="Please select:"
MESSAGE_CONFIG="(Re)configure server and (re)start"
MESSAGE_START="Start server"
MESSAGE_STOP="Stop server"
;;
esac
$DIALOG --clear --backtitle "$BACKTITLE" --title "$TITLE_INTRO" --msgbox "$MESSAGE_INTRO" 18 75
rm -f "$TMP"
$DIALOG --backtitle "$BACKTITLE" --title "$TITLE_CHOOSER" --menu "$MESSAGE_CHOOSER" 18 45 12 \
"setup" "$MESSAGE_CONFIG" \
"start" "$MESSAGE_START" \
"stop"  "$MESSAGE_STOP"  \
2>"$TMP" || bailout 0
OPTION="$(<$TMP)" ; rm -f "$TMP"
exec $0 $OPTION
;;
esac
bailout 0