Hello community, here is the log from the commit of package yast2-ldap-client for openSUSE:Factory checked in at 2012-02-23 15:35:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-ldap-client (Old) and /work/SRC/openSUSE:Factory/.yast2-ldap-client.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-ldap-client", Maintainer is "jsuch...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-ldap-client/yast2-ldap-client.changes 2012-02-03 10:27:09.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-ldap-client.new/yast2-ldap-client.changes 2012-02-23 15:35:24.000000000 +0100 @@ -1,0 +2,13 @@ +Wed Feb 22 16:38:12 CET 2012 - jsuch...@suse.cz + +- fixed handling of certificate download +- 2.22.5 + +------------------------------------------------------------------- +Tue Feb 21 11:06:29 CET 2012 - jsuch...@suse.cz + +- removed password policies configuration from client, relevant parts + moved to server configuration (fate #313143) +- 2.22.4 + +------------------------------------------------------------------- Old: ---- yast2-ldap-client-2.22.3.tar.bz2 New: ---- yast2-ldap-client-2.22.5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-ldap-client.spec ++++++ --- /var/tmp/diff_new_pack.1ACKIy/_old 2012-02-23 15:35:25.000000000 +0100 +++ /var/tmp/diff_new_pack.1ACKIy/_new 2012-02-23 15:35:25.000000000 +0100 @@ -18,7 +18,7 @@ Name: yast2-ldap-client -Version: 2.22.3 +Version: 2.22.5 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-ldap-client-2.22.3.tar.bz2 -> yast2-ldap-client-2.22.5.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.22.3/VERSION new/yast2-ldap-client-2.22.5/VERSION --- old/yast2-ldap-client-2.22.3/VERSION 2012-02-02 15:01:18.000000000 +0100 +++ new/yast2-ldap-client-2.22.5/VERSION 2012-02-22 16:38:37.000000000 +0100 @@ -1 +1 @@ -2.22.3 +2.22.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.22.3/src/Ldap.ycp new/yast2-ldap-client-2.22.5/src/Ldap.ycp --- old/yast2-ldap-client-2.22.3/src/Ldap.ycp 2012-02-02 14:59:38.000000000 +0100 +++ new/yast2-ldap-client-2.22.5/src/Ldap.ycp 2012-02-21 11:06:25.000000000 +0100 @@ -25,7 +25,7 @@ * Authors: Thorsten Kukuk <ku...@suse.de> * Anas Nashif <nas...@suse.de> * - * $Id: Ldap.ycp 67232 2012-01-19 14:36:33Z jsuchome $ + * $Id: Ldap.ycp 67491 2012-02-21 10:06:24Z jsuchome $ */ { @@ -312,9 +312,6 @@ */ global boolean mkhomedir = false; - // map with modifications of Password Policies objects - global map<string,map> ppolicies = $[]; - // packages needed for pam_ldap/nss_ldap configuration global list<string> pam_nss_packages = ["pam_ldap", "nss_ldap"]; @@ -3035,12 +3032,6 @@ ldap_modified = false; } } - if (ppolicies != $[]) - { - WriteLDAP (ppolicies); - modified = true; // so data get reset in next step - ppolicies = $[]; - } // final stage Progress::NextStage (); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.22.3/src/LdapPopup.ycp new/yast2-ldap-client-2.22.5/src/LdapPopup.ycp --- old/yast2-ldap-client-2.22.3/src/LdapPopup.ycp 2012-01-19 15:36:39.000000000 +0100 +++ new/yast2-ldap-client-2.22.5/src/LdapPopup.ycp 2012-02-21 11:26:44.000000000 +0100 @@ -24,7 +24,7 @@ * Summary: Additional user interface functions: special edit popups * Authors: Jiri Suchomel <jsuch...@suse.cz> * - * $Id: LdapPopup.ycp 67232 2012-01-19 14:36:33Z jsuchome $ + * $Id: LdapPopup.ycp 67492 2012-02-21 10:26:43Z jsuchome $ * * Popups for editing the values of LDAP configuration tables. */ @@ -566,371 +566,4 @@ return $[ "attr": attr, "value": new_value ]; } -/** - * dialog for Password Policy configuration object - * @param ppolicy data with Password Policy object to be edited (as obtained from LDAP search) - * @return map with modifications of ppolicy object, nil in case of `cancel - */ -global define map PasswordPolicyDialog (map ppolicy) { - - // reduce the list values to single ones - ppolicy = mapmap (string a, any val, (map<string,any>)ppolicy, { - if (is (val, list) && (Ldap::SingleValued (a) || size ((list)val) == 1)) - val = ((list)val)[0]:nil; - if (val == "TRUE" || val == "FALSE") - val = (val == "TRUE"); - return $[ a: val ]; - }); - map ppolicy_orig = ppolicy; - - // help text for Password Policy Dialog - string help_text = _("<p>Select the <b>Password Change Policies</b>, <b>Password Aging Policies</b>, and <b>Lockout Policies</b> tabs to choose LDAP password policy groups of attributes to configure.</p>"); - - - // tab-specific help texts - map tabs_help_text = $[ - // help text for pwdInHistory attribute - `pwchange : _("<p>Specify the <b>Maximum Number of Passwords Stored in History</b> to set how many previously used passwords should be saved. Saved passwords may not be used.</p>") + - - // help text for pwdMustChange attribute - _("<p>Check <b>User Must Change Password after Reset</b> to force users to change their passwords after the password is reset or changed by an administrator.</p>") + - - // help text for pwdAllowUserChange attribute - _("<p>Check <b>User Can Change Password</b> to allow users to change their passwords.</p>") + - - // help text for pwdSafeModify attribute - _("<p>If the existing password must be provided along with the new password, check <b>Old Password Required for Password Change</b>.</p>") + - - // help text for pwdCheckQuality attribute - _("<p>Select whether the password quality should be verified while passwords are modified or added. Select <b>No Checking</b> if passwords should not be evaluated. With <b>Accept Uncheckable Passwords</b>, passwords are accepted even if the check cannot be performed, for example, if the user provides an encrypted password. With <b>Only Accept Checked Passwords</b> passwords are refused if the quality test fails or the password cannot be checked.</p>") + - - // help text for pwdMinLength attribute - _("Set the minimum number of characters that must be used in a password in <b>Minimum Password Length</b>.</p>"), - - // help text for pwdMinAge attribute - `aging : _("<p><b>Minimum Password Age</b> sets how much time must pass between modifications to the password.</p>") + - - // help text for pwdMaxAge attribute - _("<p><b>Maximum Password Age</b> sets how long after modification a password expires.</p>") + - - // help text for pwdExpireWarning attribute - _("<p>In <b>Time before Password Expiration to Issue Warning</b> specify how long\nbefore expiration an authenticating user should be warned.</p>") + - - // help text for pwdGraceAuthNLimit attribute - _("<p>Set the number of times an expired password can be used to authenticate in <b>Allowed Uses of an Expired Password</b>.</p>"), - - // help text for pwdLockout attribute - `lockout : _("<p>Check <b>Enable Password Locking</b> to forbid use of a password after a specified number of consecutive failed bind attempts.</p>") + - - // help text for pwdMaxFailure attribute - _("<p>Set the number of consecutive failed bind attempts after which the password may not be used to authenticate in <b>Bind Failures to Lock the Password</b>.</p>") + - - // help text for pwdLockoutDuration attribute - _("<p>Set for how long the password cannot be used in <b>Password Lock Duration</b>.</p>") + - - // help text for pwdFailureCountInterval attribute - _("<p><b>Bind Failures Cache Duration</b> specifies the time after which password failures are purged from the failure counter even if no successful authentication has occurred.</p>"), - ]; - - // map of attribute names for each tab - map attributes = $[ - `pwchange : [ - "pwdInHistory", "pwdMustChange", "pwdAllowUserChange", - "pwdSafeModify", "pwdCheckQuality", "pwdMinLength" - ], - `aging : [ - "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdGraceAuthNLimit" - ], - `lockout : [ - "pwdLockout", "pwdLockoutDuration", "pwdMaxFailure", - "pwdFailureCountInterval" - ], - ]; - - list time_attributes = [ - "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdLockoutDuration", - "pwdFailureCountInterval" - ]; - - map default_values = $[ - "pwdMustChange" : false, - "pwdAllowUserChange" : true, - "pwdSafeModify" : false, - "pwdLockout" : false, - ]; - - // maximal value of IntFields - integer max = 99999; - - list<term> tabs = [ - // tab label - `item(`id(`pwchange), _("&Password Change Policies"), true), - // tab label - `item(`id(`aging), _("Pa&ssword Aging Policies")), - // tab label - `item(`id(`lockout), _("&Lockout Policies")), - ]; - term tabs_term = `VBox ( - `DumbTab (`id(`tabs), tabs, - `ReplacePoint(`id(`tabContents ), `VBox (`Empty ()))) - ); - boolean has_tabs = true; - if (!UI::HasSpecialWidget (`DumbTab)) - { - has_tabs = false; - term tabbar = `HBox (); - foreach (term it, tabs, { - string label = it[1]:""; - tabbar = add (tabbar,`PushButton (it[0]:`id(label), label)); - }); - tabs_term = `VBox (`Left(tabbar), - `Frame ("", `ReplacePoint(`id(`tabContents), `Empty ())) - ); - } - - term contents = tabs_term; - - // generate the term of password policy tab and update the help text - void set_password_policies_term () { - integer pwdcheckquality = tointeger (ppolicy["pwdCheckQuality"]:"0"); - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.8), - `IntField (`id ("pwdInHistory"), - // IntField label - _("Ma&ximum Number of Passwords Stored in History"), - 0, max, tointeger (ppolicy["pwdInHistory"]:"0")), - `VSpacing (0.4), - `Left (`CheckBox (`id ("pwdMustChange"), - // checkbox label - _("U&ser Must Change Password after Reset"), - ppolicy["pwdMustChange"]:true)), - `VSpacing (0.2), - `Left (`CheckBox (`id ("pwdAllowUserChange"), - // checkbox label - _("&User Can Change Password"), - ppolicy["pwdAllowUserChange"]:true)), - `VSpacing (0.2), - `Left (`CheckBox (`id ("pwdSafeModify"), - // checkbox label - _("&Old Password Required for Password Change"), - ppolicy["pwdSafeModify"]:false)), - `VSpacing (0.4), - // frame label - `HBox (`HSpacing (2), `Frame (_("Password Quality Checking"), `VBox( - `VSpacing (0.5), - `RadioButtonGroup (`id("pwdCheckQuality"), `VBox ( - `Left (`RadioButton (`id(0), `opt (`notify), - _("&No Checking"), pwdcheckquality == 0)), - `Left (`RadioButton(`id(1), `opt (`notify), - _("Acc&ept Uncheckable Passwords"), - pwdcheckquality == 1)), - `Left (`RadioButton(`id(2), `opt (`notify), - _("&Only Accept Checked Passwords"), - pwdcheckquality == 2)) - )), - `VSpacing (0.4), - // IntField label - `IntField (`id ("pwdMinLength"), _("&Minimum Password Length"), - 0, max, tointeger (ppolicy["pwdMinLength"]:"0")) - ))) - ), `HSpacing (0.5))); - - UI::ReplaceWidget (`tabContents, tab_cont); - UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, pwdcheckquality > 0); - return; - } - - term time_dialog (string id, string label) { - - integer value = tointeger (ppolicy[id]:"0"); - integer days = value / (24*60*60); - if (days > 0) value = value - (days * 24*60*60); - integer hours = value / (60*60); - if (hours > 0) value = value - (hours * 60*60); - integer minutes = value / 60; - if (minutes > 0) value = value - (minutes * 60); - return `HBox (`HSpacing (0.3), `Frame (label, `HBox ( - `IntField (`id (id + "d"), _("Days"), 0, max, days), - `IntField (`id (id + "h"), _("Hours"), 0, 23, hours), - `IntField (`id (id + "m"), _("Minutes"), 0, 59, minutes), - `IntField (`id (id + "s"), _("Seconds"), 0, 59, value) - )), `HSpacing (0.3)); - } - - integer get_seconds_value (string attr) { - - integer days = (integer) UI::QueryWidget (`id (attr + "d"), `Value); - integer hours = (integer) UI::QueryWidget (`id (attr + "h"), `Value); - integer minutes = (integer) UI::QueryWidget (`id (attr + "m"), `Value); - integer seconds = (integer) UI::QueryWidget (`id (attr + "s"), `Value); - return (days * 24*60*60) + (hours * 60*60) + (minutes *60) + seconds; - } - - // generate the term of password aging tab - void set_aging_policies_term () { - - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.7), - // frame label - time_dialog ("pwdMinAge", _("Minimum Password Age")), - `VSpacing (0.4), - // frame label - time_dialog ("pwdMaxAge", _("Maximum Password Age")), - `VSpacing (0.4), - time_dialog ("pwdExpireWarning", - // frame label - _("Time before Password Expiration to Issue Warning")), - `VSpacing (0.2), - `IntField (`id ("pwdGraceAuthNLimit"), - // IntField label - _("Allowed Use of an Expired Password"), 0, max, - tointeger (ppolicy["pwdGraceAuthNLimit"]:"0") - ) - ), `HSpacing (0.5))); - UI::ReplaceWidget (`tabContents, tab_cont); - return; - } - - // generate the term of lockout aging tab - void set_lockout_policies_term () { - - boolean pwdlockout = ppolicy["pwdLockout"]:false; - - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.8), - `Left (`CheckBox (`id ("pwdLockout"), `opt (`notify), - // check box label - _("Enable Password Locking"), - pwdlockout)), - `VSpacing (0.4), - `IntField (`id ("pwdMaxFailure"), - // intField label - _("Bind Failures to Lock the Password"), - 0, max, tointeger (ppolicy["pwdMaxFailure"]:"0")), - // frame label - time_dialog ("pwdLockoutDuration", _("Password Lock Duration")), - `VSpacing (0.4), - time_dialog ("pwdFailureCountInterval", - // frame label - _("Bind Failures Cache Duration")) - ), `HSpacing (0.5))); - - UI::ReplaceWidget (`tabContents, tab_cont); - UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout); - foreach (string suffix, [ "d", "h", "m", "s" ], { - UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix), - `Enabled, pwdlockout); - UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix), - `Enabled, pwdlockout); - }); - return; - } - - symbol current_tab = `pwchange; - any result = nil; - - Wizard::OpenNextBackDialog (); - - // dialog label - Wizard::SetContentsButtons (_("Password Policy Configuration"), contents, - help_text + tabs_help_text[current_tab]:"", - Label::CancelButton(), Label::OKButton()); - Wizard::HideAbortButton(); - - set_password_policies_term (); - - while (true) - { - result = UI::UserInput (); - - if (is(result,symbol) && - contains ([`back, `cancel, `abort], (symbol)result)) - break; - - // save the values from UI - foreach (string attr, attributes[current_tab]:[], { - if (contains (time_attributes, attr)) - { - ppolicy[attr] = sformat ("%1", get_seconds_value (attr)); - return; - } - any val = UI::QueryWidget (`id (attr), `Value); - if (is (val, integer)) - val = sformat ("%1", val); - ppolicy[attr] = val; - }); - - if ((result == `pwchange || result == `aging || result == `lockout) && - result!= current_tab) - { - if (result == `pwchange) - set_password_policies_term (); - else if (result == `aging) - set_aging_policies_term (); - else if (result == `lockout) - set_lockout_policies_term (); - current_tab = (symbol) result; - if (has_tabs) - UI::ChangeWidget (`id (`tabs), `CurrentItem, current_tab); - Wizard::SetHelpText (help_text + tabs_help_text[current_tab]:""); - continue; - } - if (result == `next) - { - boolean cont = false; - - // check the template required attributes... - foreach (string oc, ppolicy["objectClass"]:[], ``{ - if (cont) return; - foreach (string attr, Ldap::GetRequiredAttributes (oc), ``{ - any val = ppolicy[attr]:nil; - if (!cont && val == nil || val == [] || val == "") { - //error popup, %1 is attribute name - Popup::Error (sformat (_("The \"%1\" attribute is mandatory. -Enter a value."), attr)); - UI::SetFocus (`id(`table)); - cont = true; - } - }); - }); - if (cont) continue; - break; - } - // now solve events inside the tabs - if (current_tab == `pwchange && is (result, integer)) - { - UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, result != 0); - } - if (current_tab == `lockout && result == "pwdLockout") - { - boolean pwdlockout = (boolean) UI::QueryWidget (`id ("pwdLockout"), `Value); - UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout); - foreach (string suffix, [ "d", "h", "m", "s" ], { - UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix), - `Enabled, pwdlockout); - UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix), - `Enabled, pwdlockout); - }); - } - } - Wizard::CloseDialog (); - - map<string,any> ret = $[]; - if (result == `next) - { - foreach (string key, any val, (map<string,any>) ppolicy, { - if (!haskey (ppolicy_orig, key) && - (val == default_values[key]:nil || val == "0")) - return; - if (val != ppolicy_orig[key]:nil) - { - if (is (val, boolean)) - val = (val == true) ? "TRUE" : "FALSE"; - ret[key] = val; - } - }); - } - return (result == `next) ? ret : nil; -} - }//EOF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.22.3/src/ui.ycp new/yast2-ldap-client-2.22.5/src/ui.ycp --- old/yast2-ldap-client-2.22.3/src/ui.ycp 2012-02-02 14:58:17.000000000 +0100 +++ new/yast2-ldap-client-2.22.5/src/ui.ycp 2012-02-21 15:46:04.000000000 +0100 @@ -25,7 +25,7 @@ * Authors: Thorsten Kukuk <ku...@suse.de> * Anas Nashif <nas...@suse.de> * - * $Id: ui.ycp 67232 2012-01-19 14:36:33Z jsuchome $ + * $Id: ui.ycp 67491 2012-02-21 10:06:24Z jsuchome $ * * All user interface functions. */ @@ -55,7 +55,7 @@ define boolean Modified () ``{ - return (Ldap::modified || Ldap::ldap_modified || Ldap::ppolicies != $[]); + return (Ldap::modified || Ldap::ldap_modified); } /** @@ -183,6 +183,7 @@ */ boolean SSLConfiguration () { + string certTmpFile = sformat ("%1/__LDAPcert.crt", Directory::tmpdir); string tls_cacertdir = Ldap::tls_cacertdir; string tls_cacertfile = Ldap::tls_cacertfile; UI::OpenDialog (`opt (`decorated), `HBox (`HSpacing (1), `VBox( @@ -247,6 +248,50 @@ UI::ChangeWidget (`id (`tls_cacertfile), `Value, file); } } + if (ret == `import_cert) + { + string dir = tls_cacertdir; + if (dir == "") + dir = "/etc/openldap/cacerts/"; + + boolean success = false; + string name = ""; + + string cert_url = (string) UI::QueryWidget (`id (`url), `Value); + string curlcmd = sformat("curl -f --connect-timeout 60 --max-time 120 '%1' -o %2", cert_url, certTmpFile); + + if (SCR::Execute(.target.bash, curlcmd) != 0) + { + // error message + Popup::Error (_("Could not download the certificate file from specified URL.")); + } + else if (FileUtils::CheckAndCreatePath (dir)) + { + list <string> l = splitstring (cert_url, "/"); + name = l[size(l) - 1]:"downloaded-by-yast2-ldap-client.pem"; + success = SCR::Execute (.target.bash, sformat ("/bin/cp -a '%1' '%2/%3'", certTmpFile, dir, name)) == 0; + // rehash cert directory (bnc#662937) + map out = (map)SCR::Execute (.target.bash_output, sformat ("/usr/bin/c_rehash %1", dir)); + if (out["stderr"]:"" != "") + { + y2error ("something went wrong: %1", out); + } + } + + if (success) + { + // popup message, %1 is file name, %2 directory + Popup::Message (sformat (_("The downloaded certificate file + +'%1' + +has been copied to '%2' directory. +"), name, dir)); + + tls_cacertdir = dir; + Ldap::modified = true; + } + } } while (ret != `ok && ret != `cancel); UI::CloseDialog (); @@ -323,7 +368,6 @@ boolean ldap_tls = Ldap::ldap_tls || Ldap::sssd; // force TLS to true if sssd is used string tls_checkpeer = Ldap::tls_checkpeer; boolean login_enabled = Ldap::login_enabled; - string certTmpFile = sformat ("%1/__LDAPcert.crt", Directory::tmpdir); boolean ssl_changed = false; boolean autofs = Ldap::_start_autofs; term autofs_con = `Empty (); @@ -474,82 +518,6 @@ UI::ChangeWidget (`id (`ldaps), `Value, false); } } - if (result == `import_cert) - { - string dir = Ldap::tls_cacertdir; - if (Ldap::tls_cacertdir == "") - dir = "/etc/openldap/cacerts/"; - - UI::OpenDialog ( `opt(`decorated), `HBox( - `HSpacing(1), - `VBox ( - `HSpacing (75), - // InputField label - `InputField (`id (`url), `opt (`hstretch), - _("CA Certificate URL for Download")), - `ButtonBox ( - `PushButton(`id(`ok),`opt(`default,`key_F10), Label::OKButton()), - `PushButton(`id(`cancel),`opt (`key_F9), Label::CancelButton()) - ) - ), - `HSpacing(1) - )); - UI::SetFocus (`id (`url)); - - any ret = nil; - boolean success = false; - string name = ""; - - while (true) - { - ret = UI::UserInput (); - if (ret == `cancel) - break; - if (ret == `ok) - { - string cert_url = (string) UI::QueryWidget (`id (`url), `Value); - string curlcmd = sformat("curl -f --connect-timeout 60 --max-time 120 '%1' -o %2", cert_url, certTmpFile); - - if (SCR::Execute(.target.bash, curlcmd) != 0) - { - // error message - Popup::Error (_("Could not download the certificate file from specified URL.")); - } - else if (FileUtils::CheckAndCreatePath (dir)) - { - list <string> l = splitstring (cert_url, "/"); - name = l[size(l) - 1]:"downloaded-by-yast2-ldap-client.pem"; - success = SCR::Execute (.target.bash, sformat ("/bin/cp -a '%1' '%2/%3'", certTmpFile, dir, name)) == 0; - // rehash cert directory (bnc#662937) - map out = (map)SCR::Execute (.target.bash_output, sformat ("/usr/bin/c_rehash %1", dir)); - if (out["stderr"]:"" != "") - { - y2error ("something went wrong: %1", out); - } - break; - } - } - } - UI::CloseDialog (); - - if (ret == `cancel) - { - continue; - } - if (success) - { - // popup message, %1 is file name, %2 directory - Popup::Message (sformat (_("The downloaded certificate file - -'%1' - -has been copied to '%2' directory. -"), name, dir)); - - Ldap::tls_cacertdir = dir; - Ldap::modified = true; - } - } if (result == `next || result == `advanced) { @@ -786,14 +754,6 @@ check the appropriate option. Changing this value does not cause any direct action. It is only information for the YaST users module, which manages user home directories.</p> -") + - - // password policy help text caption - _("<p><b>Password Policy</b></p>") + - - // password policy help - _("<p>Configure the selected password policy with <b>Edit</b>. Use <b>Add</b> to -add a new password policy. Password policies must be enabled on the LDAP server.</p> ") ]; @@ -847,64 +807,6 @@ "rfc2307bis" ]; - list ppolicy_list = []; - - boolean ppolicies_enabled = false; - map<string,map> ppolicies = $[]; - map<string,map> ppolicies_orig= $[]; - list<string> ppolicies_deleted = []; // list of DN - - // read the list of pwdpolicy objects under base_config_dn - void read_ppolicies () { - - if (base_dn == "") return; - - if (Ldap::ldap_initialized && Ldap::tls_when_initialized != Ldap::ldap_tls) - { - Ldap::LDAPClose (); - } - - if (Ldap::ldap_initialized || Ldap::LDAPInit () == "") - { - ppolicies_enabled = (boolean) SCR::Execute (.ldap.ppolicy, $[ - "hostname" : Ldap::GetFirstServer (Ldap::server), - "bind_dn" : Ldap::GetBaseDN () - ]); - - list schemas = (list)SCR::Read (.ldap.search, $[ - "base_dn": "", - "attrs": [ "subschemaSubentry" ], - "scope": 0, - ]); - string schema_dn = schemas[0,"subschemaSubentry",0]:""; - if (schemas != nil && schema_dn != "" && - SCR::Execute (.ldap.schema, $[ "schema_dn": schema_dn ])== true) - { - map<string,map> pp = (map<string,map>) SCR::Read (.ldap.search, - $[ - "base_dn" : base_dn, - "filter" : "objectClass=pwdPolicy", - "scope" : 2, - "map" : true, - "not_found_ok" : true - ]); - if (pp != nil) - { - ppolicies = pp; - ppolicies_orig = ppolicies; - } - } - } - // TODO re-read is not supported, is it correct? - foreach (string dn, map ppolicy, Ldap::ppolicies, { - if (ppolicy["modified"]:"" == "deleted" && haskey (ppolicies, dn)) - ppolicies = remove (ppolicies, dn); - else if (ppolicy["modified"]:"" == "added") - ppolicies[dn] = ppolicy; - else ppolicies[dn] = union (ppolicies[dn]:$[], ppolicy); - }); - } - list<term> tabs = [ // tab label `item(`id(`client), _("C&lient Settings"), true), @@ -1026,19 +928,7 @@ `Right (`PushButton (`id(`configure), // pushbutton label _("Configure User Management &Settings..."))), - `VSpacing (), - `Table (`id (`ppolicy_table), `opt(`notify), `header ( - // table header - _("Password Policy")), - maplist (string dn, map pp, ppolicies, ``(`item (`id (dn), dn))) - ), - `HBox ( - `PushButton (`id (`add), Label::AddButton ()), - `PushButton (`id (`edit), Label::EditButton ()), - `PushButton (`id (`delete), Label::DeleteButton ()), - `HStretch () - ), - `VSpacing(0.4) + `VStretch () ), `HSpacing (4)); UI::ReplaceWidget (`tabContents, cont); @@ -1049,9 +939,6 @@ if (Mode::config ()) UI::ChangeWidget (`id(`configure), `Enabled, false); - foreach (symbol s, [ `ppolicy_table, `add, `edit, `delete ], { - UI::ChangeWidget (`id (s), `Enabled, ppolicies_enabled); - }); } @@ -1065,7 +952,6 @@ symbol current = `client; set_client_term (); - read_ppolicies (); while (true) { @@ -1146,105 +1032,6 @@ UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb); UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb); } - if (result == `add) - { - string suffix = base_dn; - UI::OpenDialog ( `opt(`decorated), `HBox( - `HSpacing(1), - `VBox( - // InputField label - `InputField (`id (`cn), `opt (`hstretch), - _("Name of Password Policy Object")), - `ReplacePoint (`id (`rp_suf), `HBox ( - // text label,suffix will follow in next label - `Label (`id (`suffix_label), _("Suffix:")), - `Label (`id (`suffix), base_dn), - // pushbutton label - `PushButton (`id (`br_suf), _("Change Suffix")) - )), - `ButtonBox ( - `PushButton(`id(`ok),`opt(`default,`key_F10),Label::OKButton()), - `PushButton(`id(`cancel),`opt (`key_F9), Label::CancelButton()) - ) - ), - `HSpacing(1) - )); - UI::SetFocus (`id (`cn)); - any ret = nil; - string new_dn = ""; - while (true) - { - ret = UI::UserInput (); - if (ret == `cancel) - break; - if (ret == `br_suf) - { - string suf = LdapPopup::InitAndBrowseTree (base_dn, $[ - "hostname" : Ldap::GetFirstServer (Ldap::server), - "port" : Ldap::GetFirstPort (Ldap::server), - "use_tls" : Ldap::ldap_tls ? "yes" : "no", - "cacertdir" : Ldap::tls_cacertdir, - "cacertfile" : Ldap::tls_cacertfile - ]); - if (suf != "") - UI::ReplaceWidget (`id (`rp_suf), `HBox ( - // text label,suffix will follow in next label - `Label (`id (`suffix_label), _("Suffix:")), - `Label (`id (`suffix), suf), - // pushbutton label - `PushButton (`id (`br_suf), _("Change Suffix")) - )); - } - if (ret == `ok) - { - string cn = (string) UI::QueryWidget (`id (`cn), `Value); - if (cn == "") break; - string suffix = (string) UI::QueryWidget (`id (`suffix), `Value); - new_dn = sformat ("cn=%1,%2", cn, suffix); - if (haskey (ppolicies, new_dn)) - { - Popup::Error (sformat (_("The Policy \'%1\' already exists. -Please select another one."), new_dn)); - continue; - } - break; - } - } - UI::CloseDialog (); - if (ret == `ok && new_dn != "") - { - map new = LdapPopup::PasswordPolicyDialog ($["dn": new_dn ]); - if (new != nil) - { - ppolicies[new_dn] = new; - UI::ChangeWidget (`id (`ppolicy_table), `Items, - maplist (string dn, map pp, ppolicies, ``(`item (`id (dn), dn))) - ); - UI::ChangeWidget (`id (`edit), `Enabled, size (ppolicies) > 0); - UI::ChangeWidget (`id (`delete), `Enabled, size (ppolicies) > 0); - } - } - } - if (result == `edit || result == `ppolicy_table) - { - string dn = (string) UI::QueryWidget (`id (`ppolicy_table), `CurrentItem); - map changes = LdapPopup::PasswordPolicyDialog (ppolicies[dn]:$[]); - if (changes != nil) - { - ppolicies[dn] = union (ppolicies[dn]:$[], changes); - } - } - if (result == `delete) - { - string dn = (string) UI::QueryWidget (`id (`ppolicy_table), `CurrentItem); - ppolicies = remove (ppolicies, dn); - ppolicies_deleted = (list<string>) union (ppolicies_deleted, [dn]); - UI::ChangeWidget (`id (`ppolicy_table), `Items, - maplist (string dn, map pp, ppolicies, ``(`item (`id (dn), dn))) - ); - UI::ChangeWidget (`id (`edit), `Enabled, size (ppolicies) > 0); - UI::ChangeWidget (`id (`delete), `Enabled, size (ppolicies) > 0); - } if (result == `next || result == `configure) { @@ -1263,44 +1050,6 @@ UI::SetFocus (`id (`base_config_dn)); continue; } - foreach (string dn, map ppolicy, ppolicies, { - // new ppolicy - if (!haskey (ppolicies_orig, dn)) - { - ppolicy["modified"] = "added"; - ppolicy["pwdAttribute"] = "userPassword"; - ppolicy["objectClass"] = ["pwdPolicy", "namedObject"]; - ppolicy["cn"] = get_cn (dn); - Ldap::ppolicies[dn] = ppolicy; - - } - else - { - map pp = $[]; - foreach (string a, any val, (map<string,any>) ppolicy, { - if (val != ppolicies_orig[dn,a]:nil) - pp[a] = val; - }); - if (pp != $[]) - { - pp["modified"] = "edited"; - Ldap::ppolicies[dn] = pp; - } - } - }); - // deleted ppolicies - foreach (string dn, ppolicies_deleted, { - map pp = Ldap::ppolicies[dn]:$[]; - if (pp["modified"]:"" == "added") - { - Ldap::ppolicies = remove (Ldap::ppolicies, dn); - } - else if (haskey (ppolicies_orig, dn)) - { - pp["modified"] = "deleted"; - Ldap::ppolicies[dn] = pp; - } - }); if (krb5_realm == "" || krb5_kdcip == "" || !Ldap::sssd) sssd_with_krb = false; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org