Hinzugefuegt:
authorms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Mon, 18 Sep 2006 19:05:20 +0000 (19:05 +0000)
committerms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Mon, 18 Sep 2006 19:05:20 +0000 (19:05 +0000)
  * Konfiguration fuer Apache2
Kernelupgrade auf 2.4.33.3
Syslinux-Upgrade
Gefixt:
  * /tmp/ROOTFILES hat nichts in der ISO zu suchen.
  * Fehler im Installer wegen Apache2.

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@283 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

21 files changed:
config/httpd/conf.d/php5.conf [new file with mode: 0644]
config/httpd/default-server.conf [new file with mode: 0644]
config/httpd/global.conf [new file with mode: 0644]
config/httpd/httpd.conf
config/httpd/listen.conf [new file with mode: 0644]
config/httpd/loadmodule.conf [new file with mode: 0644]
config/httpd/mod_info.conf [new file with mode: 0644]
config/httpd/mod_log_config.conf [new file with mode: 0644]
config/httpd/mod_status.conf [new file with mode: 0644]
config/httpd/server-tuning.conf [new file with mode: 0644]
config/httpd/ssl-global.conf [new file with mode: 0644]
config/httpd/uid.conf [new file with mode: 0644]
config/httpd/vhosts.d/ipfire-interface-ssl.conf [new file with mode: 0644]
config/httpd/vhosts.d/ipfire-interface.conf [new file with mode: 0644]
lfs/apache2
lfs/cdrom
lfs/linux
lfs/openssl
lfs/syslinux
src/ROOTFILES.i386
src/install+setup/setup/passwords.c

diff --git a/config/httpd/conf.d/php5.conf b/config/httpd/conf.d/php5.conf
new file mode 100644 (file)
index 0000000..5136b15
--- /dev/null
@@ -0,0 +1,14 @@
+<IfModule mod_php5.c>
+        AddType application/x-httpd-php .php3
+        AddType application/x-httpd-php .php4
+        AddType application/x-httpd-php .php5
+        AddType application/x-httpd-php .php
+        AddType application/x-httpd-php-source .php3s
+        AddType application/x-httpd-php-source .php4s
+        AddType application/x-httpd-php-source .php5s
+        AddType application/x-httpd-php-source .phps
+        DirectoryIndex index.php3
+        DirectoryIndex index.php4
+        DirectoryIndex index.php5
+        DirectoryIndex index.php
+</IfModule>
diff --git a/config/httpd/default-server.conf b/config/httpd/default-server.conf
new file mode 100644 (file)
index 0000000..824176f
--- /dev/null
@@ -0,0 +1,8 @@
+#
+# Global configuration that will be applicable for all virtual hosts, unless
+# deleted here, or overriden elswhere.
+#
+
+DocumentRoot /home/httpd/html
+
+#Include /etc/httpd/conf/conf.d/*.conf
diff --git a/config/httpd/global.conf b/config/httpd/global.conf
new file mode 100644 (file)
index 0000000..42bfaf3
--- /dev/null
@@ -0,0 +1,9 @@
+Timeout 300
+ServerSignature on
+UseCanonicalName off
+ServerTokens OS
+LogLevel warn
+CustomLog /var/log/httpd/access_log combined
+Include /etc/httpd/conf/hostname.conf
+HostnameLookups off
+AddHandler cgi-script .cgi
index 9422040..7e00b88 100644 (file)
-##\r
-## httpd.conf -- Apache HTTP server configuration file\r
-##\r
-ServerType standalone\r
-ServerRoot /etc/httpd\r
-\r
-LockFile /var/lock/httpd.lock\r
-PidFile /var/run/httpd.pid\r
-ScoreBoardFile /var/run/httpd.scoreboard\r
-Timeout 900\r
-KeepAlive On\r
-MaxKeepAliveRequests 100\r
-KeepAliveTimeout 15\r
-MinSpareServers 1\r
-MaxSpareServers 2\r
-StartServers 2\r
-MaxClients 10\r
-MaxRequestsPerChild 100\r
-Port 81\r
-Listen 81\r
-Listen 444\r
-User nobody\r
-Group nobody\r
-ServerAdmin root@localhost\r
-ServerTokens Prod\r
-DocumentRoot /home/httpd/html\r
-# Limit track/trace requests\r
-RewriteEngine on\r
-RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)\r
-RewriteRule .* - [F]\r
-\r
-<Directory />\r
-    Options None\r
-    AllowOverride None\r
-</Directory>\r
-<Directory /home/httpd/html>\r
-    Options ExecCGI\r
-    AllowOverride None\r
-    Order allow,deny\r
-    Allow from all\r
-</Directory>\r
-<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">\r
-    AuthName "IPFire - Restricted"\r
-    AuthType Basic\r
-    AuthUserFile /var/ipfire/auth/users\r
-    Require user admin\r
-</DirectoryMatch>\r
-ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/\r
-<Directory /home/httpd/cgi-bin>\r
-    AllowOverride None\r
-    Options None\r
-    AuthName "IPFire - Restricted"\r
-    AuthType Basic\r
-    AuthUserFile /var/ipfire/auth/users\r
-    Require user admin\r
-    <Files chpasswd.cgi>\r
-        Satisfy Any\r
-        Allow from All\r
-    </Files>\r
-    <Files webaccess.cgi>\r
-        Satisfy Any\r
-        Allow from All\r
-    </Files>\r
-    <Files credits.cgi>\r
-        Satisfy Any\r
-        Allow from All\r
-    </Files>\r
-    <Files dial.cgi>\r
-        Require user admin\r
-    </Files>\r
-</Directory>\r
-<Directory /home/httpd/cgi-bin/dial>\r
-    AllowOverride None\r
-    Options None\r
-    AuthName "IPFire - Restricted"\r
-    AuthType Basic\r
-    AuthUserFile /var/ipfire/auth/users\r
-    Require user dial admin\r
-</Directory>\r
-<IfModule mod_dir.c>\r
-    DirectoryIndex index.html index.htm index.shtml index.cgi\r
-</IfModule>\r
-AccessFileName .htaccess\r
-<Files ~ "^\.ht">\r
-    Order allow,deny\r
-    Deny from all\r
-</Files>\r
-<IfModule mod_mime.c>\r
-    TypesConfig /etc/mime.types\r
-</IfModule>\r
-DefaultType text/plain\r
-\r
-HostnameLookups Off\r
-ErrorLog /var/log/httpd/error_log\r
-LogLevel warn\r
-LogFormat "%h %l %u %t \"%r\" %>s %b" common\r
-CustomLog /var/log/httpd/access_log common\r
-ServerSignature Off\r
-AddHandler cgi-script .cgi\r
-<IfModule mod_setenvif.c>\r
-    BrowserMatch "Mozilla/2" nokeepalive\r
-    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0\r
-    BrowserMatch "RealPlayer 4\.0" force-response-1.0\r
-    BrowserMatch "Java/1\.0" force-response-1.0\r
-    BrowserMatch "JDK/1\.0" force-response-1.0\r
-</IfModule>\r
-\r
-###\r
-### SSL Configuration\r
-###\r
-AddType application/x-x509-ca-cert .crt\r
-AddType application/x-pkcs7-crl    .crl\r
-\r
-SSLPassPhraseDialog  builtin\r
-SSLSessionCache         dbm:/var/log/httpd/ssl_scache\r
-SSLSessionCacheTimeout  900\r
-SSLMutex  file:/var/log/httpd/ssl_mutex\r
-SSLRandomSeed startup builtin\r
-SSLRandomSeed connect builtin\r
-SSLLog      /var/log/httpd/ssl_engine_log\r
-SSLLogLevel info\r
-\r
-<VirtualHost _default_:444>\r
-    RewriteEngine on\r
-    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)\r
-    RewriteRule .* - [F]\r
-    DocumentRoot /home/httpd/html\r
-    ServerAdmin root@localhost\r
-    ErrorLog /var/log/httpd/error_log\r
-    TransferLog /var/log/httpd/access_log\r
-    SSLEngine on\r
-    SSLProtocol all -SSLv2\r
-    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP\r
-    SSLCertificateFile /etc/httpd/server.crt\r
-    SSLCertificateKeyFile /etc/httpd/server.key\r
-    <Files ~ "\.(cgi|shtml?)$">\r
-       SSLOptions +StdEnvVars\r
-    </Files>\r
-    <Directory /home/httpd/cgi-bin>\r
-       SSLOptions +StdEnvVars\r
-    </Directory>\r
-    SetEnv HOME /home/nobody\r
-    SetEnvIf User-Agent ".*MSIE.*" \\r
-       nokeepalive ssl-unclean-shutdown \\r
-       downgrade-1.0 force-response-1.0\r
-    CustomLog /var/log/httpd/ssl_request_log \\r
-       "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"\r
-</VirtualHost>\r
-\r
-<Directory /home/httpd/html/backup>\r
-    Options None\r
-    AllowOverride None\r
-    AuthName "IPFire - Restricted"\r
-    AuthType Basic\r
-    AuthUserFile /var/ipfire/auth/users\r
-    require user admin\r
-</Directory>\r
-\r
-include /etc/httpd/conf/hostname.conf\r
+#
+# /etc/httpd/conf/httpd.conf 
+#
+# This is the main Apache2 server configuration file for IPFire.
+# Plese do not change this file!
+
+# Overview of include files, chronologically:
+#
+# httpd.conf
+#  | 
+#  |-- uid.conf  . . . . . . . . . . . . . .  UserID/GroupID to run under
+#  |-- server-tuning.conf  . . . . . . . . .  sizing of the server (how many processes to start, ...)
+#  |-- loadmodule.conf . . . . . . . . . . .  load these modules
+#  |-- listen.conf . . . . . . . . . . . . .  IP adresses / ports to listen on
+#  |-- mod_log_config.conf . . . . . . . . .  define logging formats
+#  |-- sysconfig.d/global.conf . . . . . . .  server-wide general settings
+#  |-- mod_status.conf . . . . . . . . . . .  restrict access to mod_status (server monitoring)
+#  |-- mod_info.conf . . . . . . . . . . . .  restrict access to mod_info
+#  |-- mod_usertrack.conf  . . . . . . . . .  defaults for cookie-based user tracking
+#  |-- mod_autoindex-defaults.conf . . . . .  defaults for displaying of server-generated directory listings
+#  |-- mod_mime-defaults.conf  . . . . . . .  defaults for mod_mime configuration
+#  |-- errors.conf . . . . . . . . . . . . .  customize error responses
+#  |-- ssl-global.conf . . . . . . . . . . .  SSL conf that applies to default server _and all_ virtual hosts
+#  |
+#  |-- default-server.conf . . . . . . . . .  set up the default server that replies to non-virtual-host requests
+#  |
+#  `-- vhosts.d/ . . . . . . . . . . . . . .  for each virtual host, place one file here
+#       `-- *.conf . . . . . . . . . . . . .     (*.conf is automatically included)
+#
+
+### Global Environment ######################################################
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests.
+
+# run under this user/group id
+Include /etc/httpd/conf/uid.conf
+
+# - how many server processes to start (server pool regulation)
+# - usage of KeepAlive
+Include /etc/httpd/conf/server-tuning.conf
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+ErrorLog /var/log/httpd/error_log
+
+# Load Modules here
+Include /etc/httpd/conf/loadmodule.conf
+
+# IP addresses / ports to listen on
+Include /etc/httpd/conf/listen.conf
+
+# predefined logging formats
+Include /etc/httpd/conf/mod_log_config.conf
+
+# global settings
+Include /etc/httpd/conf/global.conf
+
+# optional mod_status, mod_info
+#Include /etc/httpd/conf/mod_status.conf
+#Include /etc/httpd/conf/mod_info.conf
+
+# associate MIME types with filename extensions
+TypesConfig /etc/mime.types
+DefaultType text/plain
+
+# global (server-wide) SSL configuration, that is not specific to 
+# any virtual host
+Include /etc/httpd/conf/ssl-global.conf
+
+<Directory />
+    Options None
+    AllowOverride None
+</Directory>
+
+# use .htaccess files for overriding,
+AccessFileName .htaccess
+# and never show them
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+</Files>
+
+# List of resources to look for when the client requests a directory
+DirectoryIndex index.html index.htm index.shtml index.cgi
+
+### 'Main' server configuration #############################################
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+Include /etc/httpd/conf/default-server.conf
+
+
+### Virtual server configuration ############################################
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+# <URL:http://httpd.apache.org/docs-2.0/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+#
+Include /etc/httpd/conf/vhosts.d/*.conf
+
+
diff --git a/config/httpd/listen.conf b/config/httpd/listen.conf
new file mode 100644 (file)
index 0000000..cefce53
--- /dev/null
@@ -0,0 +1,2 @@
+Listen 81
+Listen 444
diff --git a/config/httpd/loadmodule.conf b/config/httpd/loadmodule.conf
new file mode 100644 (file)
index 0000000..88112b4
--- /dev/null
@@ -0,0 +1,51 @@
+LoadModule authn_file_module /usr/lib/apache/mod_authn_file.so
+LoadModule authn_dbm_module /usr/lib/apache/mod_authn_dbm.so
+LoadModule authn_anon_module /usr/lib/apache/mod_authn_anon.so
+LoadModule authn_dbd_module /usr/lib/apache/mod_authn_dbd.so
+LoadModule authn_default_module /usr/lib/apache/mod_authn_default.so
+LoadModule authz_host_module /usr/lib/apache/mod_authz_host.so
+LoadModule authz_groupfile_module /usr/lib/apache/mod_authz_groupfile.so
+LoadModule authz_user_module /usr/lib/apache/mod_authz_user.so
+LoadModule authz_dbm_module /usr/lib/apache/mod_authz_dbm.so
+LoadModule authz_owner_module /usr/lib/apache/mod_authz_owner.so
+LoadModule authz_default_module /usr/lib/apache/mod_authz_default.so
+LoadModule auth_basic_module /usr/lib/apache/mod_auth_basic.so
+LoadModule auth_digest_module /usr/lib/apache/mod_auth_digest.so
+#LoadModule dbd_module /usr/lib/apache/mod_dbd.so
+LoadModule dumpio_module /usr/lib/apache/mod_dumpio.so
+LoadModule ext_filter_module /usr/lib/apache/mod_ext_filter.so
+LoadModule include_module /usr/lib/apache/mod_include.so
+LoadModule filter_module /usr/lib/apache/mod_filter.so
+LoadModule deflate_module /usr/lib/apache/mod_deflate.so
+LoadModule log_config_module /usr/lib/apache/mod_log_config.so
+LoadModule log_forensic_module /usr/lib/apache/mod_log_forensic.so
+LoadModule logio_module /usr/lib/apache/mod_logio.so
+LoadModule env_module /usr/lib/apache/mod_env.so
+LoadModule mime_magic_module /usr/lib/apache/mod_mime_magic.so
+LoadModule cern_meta_module /usr/lib/apache/mod_cern_meta.so
+LoadModule expires_module /usr/lib/apache/mod_expires.so
+LoadModule headers_module /usr/lib/apache/mod_headers.so
+LoadModule ident_module /usr/lib/apache/mod_ident.so
+LoadModule usertrack_module /usr/lib/apache/mod_usertrack.so
+LoadModule unique_id_module /usr/lib/apache/mod_unique_id.so
+LoadModule setenvif_module /usr/lib/apache/mod_setenvif.so
+LoadModule version_module /usr/lib/apache/mod_version.so
+LoadModule mime_module /usr/lib/apache/mod_mime.so
+LoadModule dav_module /usr/lib/apache/mod_dav.so
+LoadModule status_module /usr/lib/apache/mod_status.so
+LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so
+LoadModule asis_module /usr/lib/apache/mod_asis.so
+LoadModule info_module /usr/lib/apache/mod_info.so
+LoadModule cgi_module /usr/lib/apache/mod_cgi.so
+LoadModule dav_fs_module /usr/lib/apache/mod_dav_fs.so
+LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so
+LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so
+LoadModule dir_module /usr/lib/apache/mod_dir.so
+LoadModule imagemap_module /usr/lib/apache/mod_imagemap.so
+LoadModule actions_module /usr/lib/apache/mod_actions.so
+LoadModule speling_module /usr/lib/apache/mod_speling.so
+LoadModule userdir_module /usr/lib/apache/mod_userdir.so
+LoadModule alias_module /usr/lib/apache/mod_alias.so
+LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
+LoadModule ssl_module /usr/lib/apache/mod_ssl.so
+LoadModule php5_module        /usr/lib/apache/libphp5.so
diff --git a/config/httpd/mod_info.conf b/config/httpd/mod_info.conf
new file mode 100644 (file)
index 0000000..f19885b
--- /dev/null
@@ -0,0 +1,14 @@
+#
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+#
+# see http://httpd.apache.org/docs-2.0/mod/mod_info.html
+#
+<IfModule mod_info.c>
+    <Location /server-info>
+           SetHandler server-info
+           Order deny,allow
+           Deny from all
+           Allow from localhost
+    </Location>
+</IfModule>
diff --git a/config/httpd/mod_log_config.conf b/config/httpd/mod_log_config.conf
new file mode 100644 (file)
index 0000000..89ad09a
--- /dev/null
@@ -0,0 +1,31 @@
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+
+#
+#         Format string:                               Nickname:
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b"          common
+LogFormat "%v %h %l %u %t \"%r\" %>s %b"               vhost_common
+LogFormat "%{Referer}i -> %U"                  referer
+LogFormat "%{User-agent}i"                             agent
+LogFormat "%h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\""            combined
+LogFormat "%v %h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\""            vhost_combined
+
+# To use %I and %O, you need to enable mod_logio
+<IfModule mod_logio.c>
+LogFormat "%h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\" %I %O"              combinedio
+</IfModule>
+
+# Use one of these when you want a compact non-error SSL logfile on a virtual
+# host basis:
+<IfModule mod_ssl.c>
+Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
+\"%r\" %b"                                             ssl_common
+Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
+\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\""  ssl_combined
+</IfModule>
diff --git a/config/httpd/mod_status.conf b/config/httpd/mod_status.conf
new file mode 100644 (file)
index 0000000..dc73122
--- /dev/null
@@ -0,0 +1,14 @@
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+#
+# see http://httpd.apache.org/docs-2.0/mod/mod_status.html
+#
+<IfModule mod_status.c>
+    <Location /server-status>
+       SetHandler server-status
+       Order deny,allow
+       Deny from all
+       Allow from localhost
+    </Location>
+</IfModule>
diff --git a/config/httpd/server-tuning.conf b/config/httpd/server-tuning.conf
new file mode 100644 (file)
index 0000000..9cb7662
--- /dev/null
@@ -0,0 +1,34 @@
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+MinSpareServers 1
+MaxSpareServers 2
+StartServers 2
+MaxClients 10
+MaxRequestsPerChild 100
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
diff --git a/config/httpd/ssl-global.conf b/config/httpd/ssl-global.conf
new file mode 100644 (file)
index 0000000..458339a
--- /dev/null
@@ -0,0 +1,69 @@
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+# These are the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.
+
+# This global SSL configuration is ignored if 
+# "SSL" is not defined, or if "NOSSL" is defined.
+<IfDefine SSL>
+<IfDefine !NOSSL>
+<IfModule mod_ssl.c>
+
+       #
+       #   Some MIME-types for downloading Certificates and CRLs
+       #
+       AddType application/x-x509-ca-cert .crt
+       AddType application/x-pkcs7-crl    .crl
+
+       #   Pass Phrase Dialog:
+       #   Configure the pass phrase gathering process.
+       #   The filtering dialog program (`builtin' is a internal
+       #   terminal dialog) has to provide the pass phrase on stdout.
+       SSLPassPhraseDialog  builtin
+
+       #   Inter-Process Session Cache:
+       #   Configure the SSL Session Cache: First the mechanism 
+       #   to use and second the expiring timeout (in seconds).
+       #   shm means the same as shmht. 
+       #   Note that on most platforms shared memory segments are not allowed to be on 
+       #   network-mounted drives, so in that case you need to use the dbm method.
+       #SSLSessionCache        none
+       #SSLSessionCache         dbm:/var/log/httpd/ssl_scache
+       #SSLSessionCache        shmht:/var/log/httpd/ssl_scache(512000)
+       SSLSessionCache         shmcb:/var/log/httpd/ssl_scache(512000)
+       SSLSessionCacheTimeout  900
+
+       #   Semaphore:
+       #   Configure the path to the mutual exclusion semaphore the
+       #   SSL engine uses internally for inter-process synchronization. 
+       SSLMutex  file:/var/log/httpd/ssl_mutex
+
+       #   Pseudo Random Number Generator (PRNG):
+       #   Configure one or more sources to seed the PRNG of the 
+       #   SSL library. The seed data should be of good random quality.
+       #   WARNING! On some platforms /dev/random blocks if not enough entropy
+       #   is available. This means you then cannot use the /dev/random device
+       #   because it would lead to very long connection times (as long as
+       #   it requires to make more entropy available). But usually those
+       #   platforms additionally provide a /dev/urandom device which doesn't
+       #   block. So, if available, use this one instead. Read the mod_ssl User
+       #   Manual for more details.
+       SSLRandomSeed startup builtin
+       SSLRandomSeed connect builtin
+
+       SSLLog      /var/log/httpd/ssl_engine_log
+       SSLLogLevel info
+
+</IfModule>
+</IfDefine>
+</IfDefine>
diff --git a/config/httpd/uid.conf b/config/httpd/uid.conf
new file mode 100644 (file)
index 0000000..cb69637
--- /dev/null
@@ -0,0 +1,2 @@
+User nobody
+Group nobody
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
new file mode 100644 (file)
index 0000000..830d312
--- /dev/null
@@ -0,0 +1,71 @@
+<VirtualHost *:444>
+
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+    RewriteRule .* - [F]
+    DocumentRoot /home/httpd/html
+    ServerAdmin root@localhost
+    ErrorLog /var/log/httpd/error_log
+    TransferLog /var/log/httpd/access_log
+    SSLEngine on
+    SSLProtocol all -SSLv2
+    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
+    SSLCertificateFile /etc/httpd/server.crt
+    SSLCertificateKeyFile /etc/httpd/server.key
+    <Directory /home/httpd/html>
+        Options ExecCGI
+        AllowOverride None
+        Order allow,deny
+        Allow from all
+    </Directory>
+    <DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+    </DirectoryMatch>
+    ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+    <Directory /home/httpd/cgi-bin>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+         <Files chpasswd.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files webaccess.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files credits.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files dial.cgi>
+            Require user admin
+        </Files>
+    </Directory>
+    <Directory /home/httpd/cgi-bin/dial>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user dial admin
+    </Directory>
+    <Files ~ "\.(cgi|shtml?)$">
+       SSLOptions +StdEnvVars
+    </Files>
+    <Directory /home/httpd/cgi-bin>
+       SSLOptions +StdEnvVars
+    </Directory>
+    SetEnv HOME /home/nobody
+    SetEnvIf User-Agent ".*MSIE.*" \
+       nokeepalive ssl-unclean-shutdown \
+       downgrade-1.0 force-response-1.0
+    CustomLog /var/log/httpd/ssl_request_log \
+       "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</VirtualHost>
diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf
new file mode 100644 (file)
index 0000000..85dea4c
--- /dev/null
@@ -0,0 +1,54 @@
+<VirtualHost *:81>
+
+    DocumentRoot /home/httpd/html
+
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+    RewriteRule .* - [F]
+
+    <Directory /home/httpd/html>
+        Options ExecCGI
+        AllowOverride None
+        Order allow,deny
+        Allow from all
+    </Directory>
+    <DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+    </DirectoryMatch>
+    ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+    <Directory /home/httpd/cgi-bin>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+         <Files chpasswd.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files webaccess.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files credits.cgi>
+            Satisfy Any
+            Allow from All
+        </Files>
+        <Files dial.cgi>
+            Require user admin
+        </Files>
+    </Directory>
+    <Directory /home/httpd/cgi-bin/dial>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user dial admin
+    </Directory>
+
+</VirtualHost>
\ No newline at end of file
index aee8150..2e79faf 100644 (file)
@@ -117,7 +117,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
            /usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \
            /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8
 
-       sed 's+CONFIG_ROOT+$(CONFIG_ROOT)+g' $(DIR_SRC)/config/httpd/httpd.conf > /etc/httpd/conf/httpd.conf
+       cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
        ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
 
        # Copy all html/cgi-bin files
index b346f10..a94a739 100644 (file)
--- a/lfs/cdrom
+++ b/lfs/cdrom
@@ -89,8 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        mkdir -p /install/cdrom/{doc,dosutils,images}
        sed -e "s/KVER/$(KVER)/g" $(DIR_SRC)/src/ROOTFILES.$(MACHINE) > /tmp/ROOTFILES
        tar -c -C / --files-from=/tmp/ROOTFILES \
-           -f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \
-           --exclude='proc/*'
+               -f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \
+               --exclude='proc/*' --exclude='tmp/ROOTFILES'
        rm -f /tmp/ROOTFILES
        tar -x -C /tmp -f /$(SNAME).tar
        rm -f /$(SNAME).tar
index d6e227a..59a0b9b 100644 (file)
--- a/lfs/linux
+++ b/lfs/linux
@@ -27,6 +27,7 @@
 include Config
 
 VER        = 2.4.33
+PATCHLEVEL = 2.4.33.3
 
 THISAPP    = linux-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,19 +41,19 @@ CXXFLAGS   =
 ifeq "$(ROOT)" ""
 ifeq "$(LFS_PASS)" "ipfire"
 ifeq "$(SMP)" ""
-  TARGET = $(DIR_INFO)/$(THISAPP)-ipfire
+  TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
 endif
 ifeq "$(SMP)" "1"
-  TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-smp
+  TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
 endif
 ifeq "$(SMP)" "installer"
-  TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-installer
+  TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-installer
 endif
 else
-  TARGET = $(DIR_INFO)/$(THISAPP)
+  TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)
 endif
 else
-  TARGET = $(DIR_INFO)/$(THISAPP)-tools
+  TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-tools
 endif
 
 ###############################################################################
@@ -64,25 +65,26 @@ objects =$(DL_FILE) \
        patch-o-matic-ng-20060206.tar.bz2 \
        kbc_option_2420.patch \
        net4801.kernel.patch_2.4.31 \
-       netfilter-layer7-v2.1.tar.gz
+       netfilter-layer7-v2.1.tar.gz \
+       patch-$(PATCHLEVEL).bz2
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+patch-$(PATCHLEVEL).bz2                 = $(DL_FROM)/patch-$(PATCHLEVEL).bz2
 openswan-1.0.10rc2.tar.gz              = $(URL_IPFIRE)/openswan-1.0.10rc2.tar.gz
 patch-o-matic-ng-20060206.tar.bz2      = $(URL_IPFIRE)/patch-o-matic-ng-20060206.tar.bz2
 iptables-1.3.5.tar.bz2                 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
 kbc_option_2420.patch                   = $(URL_IPFIRE)/kbc_option_2420.patch
 net4801.kernel.patch_2.4.31             = $(URL_IPFIRE)/net4801.kernel.patch_2.4.31
 netfilter-layer7-v2.1.tar.gz           = $(URL_IPFIRE)/netfilter-layer7-v2.1.tar.gz
-#bootsplash-3.0.7-2.4.31-vanilla.diff  = $(URL_IPFIRE)/bootsplash-3.0.7-2.4.31-vanilla.diff
 
 $(DL_FILE)_MD5                         = 4d258d4267de64f0a22e23f6ab026990
+patch-$(PATCHLEVEL).bz2_MD5             = 3597da59e82a495d97e1f0ecd8fc5d4d
 openswan-1.0.10rc2.tar.gz_MD5          = 20d51ff963da78f826f4e0f0ebc4bcef
 patch-o-matic-ng-20060206.tar.bz2_MD5  = eca9893afb753e331caddfe63142b566
 iptables-1.3.5.tar.bz2_MD5             = 00fb916fa8040ca992a5ace56d905ea5
 kbc_option_2420.patch_MD5               = 6d37870344f7fcf97ace1fbf43323c60
 net4801.kernel.patch_2.4.31_MD5         = c7d64e3caedb2f2b10e1c11db7f73a04
 netfilter-layer7-v2.1.tar.gz_MD5       = 551626a158c2a2cbfd937d27ecc7fac1
-#bootsplash-3.0.7-2.4.31-vanilla.diff    = 767c263d1d28827d51abc83945e4b893
 
 install : $(TARGET)
 
@@ -112,6 +114,11 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && bzcat $(DIR_DL)/patch-$(PATCHLEVEL).bz2 | patch -p1
+       # Remove patch level in EXTRAVERSION.
+       # We want to avoid the need to supply a full kernel
+       # (installed in a different place) if only one part could be updated
+       cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile
        cd $(DIR_SRC) && ln -sf linux-$(VER) linux
        cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile
 
index fe40b73..5beb4a2 100644 (file)
@@ -72,11 +72,12 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       @rm -rf /etc/ssl
        cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-m486/-mcpu=i386/' Configure
        cd $(DIR_APP) && chmod 755 Configure
        cd $(DIR_APP) && ./config --openssldir=/etc/ssl --prefix=/usr 386 \
            no-idea no-threads no-mdc2 no-rc5 no-ec zlib-dynamic shared
-       cd $(DIR_APP) && sed -i 's%SHLIBDIRS= fips crypto ssl%SHLIBDIRS= crypto ssl%g' Makefile
+       cd $(DIR_APP) && sed -i 's/^PROCESSOR= 386/PROCESSOR=386/g' Makefile
        cd $(DIR_APP) && make depend
        cd $(DIR_APP) && make MANDIR=/usr/share/man
        cd $(DIR_APP) && make MANDIR=/usr/share/man install
index 94035d5..a22f13f 100644 (file)
@@ -22,7 +22,7 @@
 # ??-12-2003 Mark Wormgoor < mark@wormgoor.com>                               #
 #          - Modified Makefile for IPCop build                                #
 #                                                                             #
-# $Id: syslinux,v 1.6.2.9 2005/02/05 15:38:16 gespinasse Exp $
+# $Id: syslinux,v 1.6.2.11 2006/09/18 06:23:26 gespinasse Exp $
 #                                                                             #
 ###############################################################################
 
 
 include Config
 
-VER        = 2.11
+VER        = 3.20
 
 THISAPP    = syslinux-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
-DL_FROM    = $(URL_KERNEL)/linux/utils/boot/syslinux/Old
+DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = a73c4b32629c925676660c468ef3cf1a
+$(DL_FILE)_MD5 = dbb7c5acfa58220a158cd67854ef4625
 
 install : $(TARGET)
 
@@ -78,8 +78,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP)/sample && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -I../com32/include%' Makefile
-       cd $(DIR_APP) && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -D_FILE_OFFSET_BITS=64%' Makefile
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/syslinux-3.11-nossp.patch
        cd $(DIR_APP) && make install
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
index 929ac29..2b101fe 100644 (file)
@@ -20995,6 +20995,22 @@ usr/sbin/Fw-usb_A.bin
 #etc/httpd/conf/extra/httpd-userdir.conf
 #etc/httpd/conf/extra/httpd-vhosts.conf
 etc/httpd/conf/httpd.conf
+etc/httpd/conf/conf.d
+etc/httpd/conf/default-server.conf
+etc/httpd/conf/global.conf
+etc/httpd/conf/hostname.conf
+etc/httpd/conf/httpd.conf
+etc/httpd/conf/listen.conf
+etc/httpd/conf/loadmodule.conf
+etc/httpd/conf/mod_info.conf
+etc/httpd/conf/mod_log_config.conf
+etc/httpd/conf/mod_status.conf
+etc/httpd/conf/server-tuning.conf
+etc/httpd/conf/ssl-global.conf
+etc/httpd/conf/uid.conf
+#etc/httpd/conf/vhosts.d
+etc/httpd/conf/vhosts.d/ipfire-interface.conf
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
 #etc/httpd/conf/magic
 #etc/httpd/conf/mime.types
 #etc/httpd/conf/original
index 37e855c..a2f28f9 100644 (file)
-/* SmoothWall setup program.\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence.  See the file COPYING for details.\r
- *\r
- * (c) Lawrence Manning, 2001\r
- * Password stuff.\r
- * \r
- * $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $\r
- * \r
- */\r
-\r
-#include "setup.h"\r
-\r
-extern FILE *flog;\r
-extern char *mylog;\r
-\r
-extern char **ctr;\r
-\r
-extern int automode;\r
-\r
-int getpassword(char *password, char *text);\r
-\r
-/* Root password. */\r
-int handlerootpassword(void)\r
-{\r
-       char password[STRING_SIZE];\r
-       char commandstring[STRING_SIZE];\r
-               \r
-       /* Root password. */\r
-       if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2)\r
-               return 0;\r
-       \r
-       snprintf(commandstring, STRING_SIZE,\r
-               "/bin/echo 'root:%s' | /usr/sbin/chpasswd",     password);\r
-       if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD]))\r
-       {\r
-               errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]);\r
-               return 0;\r
-       }\r
-       \r
-       return 1;\r
-}\r
-\r
-int handleadminpassword(void)\r
-{\r
-       char password[STRING_SIZE];\r
-       char commandstring[STRING_SIZE];\r
-       char message[1000];\r
-               \r
-       /* web interface admin password. */\r
-       sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME);\r
-       if (getpassword(password, message) == 2)\r
-               return 0;\r
-       \r
-       snprintf(commandstring, STRING_SIZE,\r
-               "/usr/bin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);\r
-       sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME);\r
-       if (runhiddencommandwithstatus(commandstring, message))\r
-       {\r
-               sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME);\r
-               errorbox(message);\r
-               return 0;\r
-       }\r
-\r
-       return 1;\r
-}\r
-\r
-/* Taken from the cdrom one. */\r
-int getpassword(char *password, char *text)\r
-{\r
-       char *values[] = {      NULL, NULL, NULL };     /* pointers for the values. */\r
-       struct newtWinEntry entries[] =\r
-       { \r
-               { ctr[TR_PASSWORD_PROMPT], &values[0], 2 },\r
-               { ctr[TR_AGAIN_PROMPT], &values[1], 2 },\r
-               { NULL, NULL, 0 }\r
-       };\r
-       char title[STRING_SIZE];\r
-       int rc;\r
-       int done;\r
-       \r
-       do\r
-       {\r
-               done = 1;\r
-               sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN);\r
-               rc = newtWinEntries(title, text,\r
-                       50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL);\r
-\r
-               if (rc != 2)\r
-               {\r
-                       if (strlen(values[0]) == 0 || strlen(values[1]) == 0)\r
-                       {\r
-                               errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]);\r
-                               done = 0;\r
-                               strcpy(values[0], "");\r
-                               strcpy(values[1], "");\r
-                       }\r
-                       else if (strcmp(values[0], values[1]) != 0)\r
-                       {\r
-                               errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]);\r
-                               done = 0;\r
-                               strcpy(values[0], "");\r
-                               strcpy(values[1], "");\r
-                       }\r
-                       else if (strchr(values[0], ' '))\r
-                       {\r
-                               errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]);\r
-                               done = 0;\r
-                               strcpy(values[0], "");\r
-                               strcpy(values[1], "");\r
-                       }\r
-               }\r
-       }\r
-       while (!done);\r
-\r
-       strncpy(password, values[0], STRING_SIZE);\r
-\r
-       if (values[0]) free(values[0]);\r
-       if (values[1]) free(values[1]);\r
-\r
-       return rc;\r
-}\r
+/* SmoothWall setup program.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ * (c) Lawrence Manning, 2001
+ * Password stuff.
+ * 
+ * $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $
+ * 
+ */
+
+#include "setup.h"
+
+extern FILE *flog;
+extern char *mylog;
+
+extern char **ctr;
+
+extern int automode;
+
+int getpassword(char *password, char *text);
+
+/* Root password. */
+int handlerootpassword(void)
+{
+       char password[STRING_SIZE];
+       char commandstring[STRING_SIZE];
+               
+       /* Root password. */
+       if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2)
+               return 0;
+       
+       snprintf(commandstring, STRING_SIZE,
+               "/bin/echo 'root:%s' | /usr/sbin/chpasswd",     password);
+       if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD]))
+       {
+               errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]);
+               return 0;
+       }
+       
+       return 1;
+}
+
+int handleadminpassword(void)
+{
+       char password[STRING_SIZE];
+       char commandstring[STRING_SIZE];
+       char message[1000];
+               
+       /* web interface admin password. */
+       sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME);
+       if (getpassword(password, message) == 2)
+               return 0;
+       
+       snprintf(commandstring, STRING_SIZE,
+               "/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
+       sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME);
+       if (runhiddencommandwithstatus(commandstring, message))
+       {
+               sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME);
+               errorbox(message);
+               return 0;
+       }
+
+       return 1;
+}
+
+/* Taken from the cdrom one. */
+int getpassword(char *password, char *text)
+{
+       char *values[] = {      NULL, NULL, NULL };     /* pointers for the values. */
+       struct newtWinEntry entries[] =
+       { 
+               { ctr[TR_PASSWORD_PROMPT], &values[0], 2 },
+               { ctr[TR_AGAIN_PROMPT], &values[1], 2 },
+               { NULL, NULL, 0 }
+       };
+       char title[STRING_SIZE];
+       int rc;
+       int done;
+       
+       do
+       {
+               done = 1;
+               sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN);
+               rc = newtWinEntries(title, text,
+                       50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL);
+
+               if (rc != 2)
+               {
+                       if (strlen(values[0]) == 0 || strlen(values[1]) == 0)
+                       {
+                               errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]);
+                               done = 0;
+                               strcpy(values[0], "");
+                               strcpy(values[1], "");
+                       }
+                       else if (strcmp(values[0], values[1]) != 0)
+                       {
+                               errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]);
+                               done = 0;
+                               strcpy(values[0], "");
+                               strcpy(values[1], "");
+                       }
+                       else if (strchr(values[0], ' '))
+                       {
+                               errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]);
+                               done = 0;
+                               strcpy(values[0], "");
+                               strcpy(values[1], "");
+                       }
+               }
+       }
+       while (!done);
+
+       strncpy(password, values[0], STRING_SIZE);
+
+       if (values[0]) free(values[0]);
+       if (values[1]) free(values[1]);
+
+       return rc;
+}