Author: jsuchome Date: Wed Mar 14 09:44:21 2012 New Revision: 67619 URL: http://svn.opensuse.org/viewcvs/yast?rev=67619&view=rev Log: PasswordPolicyDialog moved to users module (bnc#748004) Modified: trunk/ldap-server/src/LdapDatabase.ycp trunk/ldap-server/src/widgets.ycp Modified: trunk/ldap-server/src/LdapDatabase.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapDatabase.ycp?rev=67619&r1=67618&r2=67619&view=diff ============================================================================== --- trunk/ldap-server/src/LdapDatabase.ycp (original) +++ trunk/ldap-server/src/LdapDatabase.ycp Wed Mar 14 09:44:21 2012 @@ -12,6 +12,7 @@ include "ldap-server/helps.ycp"; include "ldap-server/widgets.ycp"; + include "users/ldap_dialogs.ycp"; map baseDb = $[ "rootdn" : "cn=Administrator", "directory" : "/var/lib/ldap" ]; Modified: trunk/ldap-server/src/widgets.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/widgets.ycp?rev=67619&r1=67618&r2=67619&view=diff ============================================================================== --- trunk/ldap-server/src/widgets.ycp (original) +++ trunk/ldap-server/src/widgets.ycp Wed Mar 14 09:44:21 2012 @@ -495,372 +495,4 @@ return retval; } -/** - * dialog for Password Policy configuration object - * @param ppolicy data with Password Policy object to be edited (as obtained from LDAP search) - * @return map with modifications of ppolicy object, nil in case of `cancel - */ -define map PasswordPolicyDialog (map ppolicy) { - - // reduce the list values to single ones - ppolicy = mapmap (string a, any val, (map)ppolicy, { - if (is (val, list) && (Ldap::SingleValued (a) || size ((list)val) == 1)) - val = ((list)val)[0]:nil; - if (val == "TRUE" || val == "FALSE") - val = (val == "TRUE"); - return $[ a: val ]; - }); - map ppolicy_orig = ppolicy; - - // help text for Password Policy Dialog - string help_text = _("<p>Select the <b>Password Change Policies</b>, <b>Password Aging Policies</b>, and <b>Lockout Policies</b> tabs to choose LDAP password policy groups of attributes to configure.</p>"); - - - // tab-specific help texts - map tabs_help_text = $[ - // help text for pwdInHistory attribute - `pwchange : _("<p>Specify the <b>Maximum Number of Passwords Stored in History</b> to set how many previously used passwords should be saved. Saved passwords may not be used.</p>") + - - // help text for pwdMustChange attribute - _("<p>Check <b>User Must Change Password after Reset</b> to force users to change their passwords after the password is reset or changed by an administrator.</p>") + - - // help text for pwdAllowUserChange attribute - _("<p>Check <b>User Can Change Password</b> to allow users to change their passwords.</p>") + - - // help text for pwdSafeModify attribute - _("<p>If the existing password must be provided along with the new password, check <b>Old Password Required for Password Change</b>.</p>") + - - // help text for pwdCheckQuality attribute - _("<p>Select whether the password quality should be verified while passwords are modified or added. Select <b>No Checking</b> if passwords should not be evaluated. With <b>Accept Uncheckable Passwords</b>, passwords are accepted even if the check cannot be performed, for example, if the user provides an encrypted password. With <b>Only Accept Checked Passwords</b> passwords are refused if the quality test fails or the password cannot be checked.</p>") + - - // help text for pwdMinLength attribute - _("Set the minimum number of characters that must be used in a password in <b>Minimum Password Length</b>.</p>"), - - // help text for pwdMinAge attribute - `aging : _("<p><b>Minimum Password Age</b> sets how much time must pass between modifications to the password.</p>") + - - // help text for pwdMaxAge attribute - _("<p><b>Maximum Password Age</b> sets how long after modification a password expires.</p>") + - - // help text for pwdExpireWarning attribute - _("<p>In <b>Time before Password Expiration to Issue Warning</b> specify how long\nbefore expiration an authenticating user should be warned.</p>") + - - // help text for pwdGraceAuthNLimit attribute - _("<p>Set the number of times an expired password can be used to authenticate in <b>Allowed Uses of an Expired Password</b>.</p>"), - - // help text for pwdLockout attribute - `lockout : _("<p>Check <b>Enable Password Locking</b> to forbid use of a password after a specified number of consecutive failed bind attempts.</p>") + - - // help text for pwdMaxFailure attribute - _("<p>Set the number of consecutive failed bind attempts after which the password may not be used to authenticate in <b>Bind Failures to Lock the Password</b>.</p>") + - - // help text for pwdLockoutDuration attribute - _("<p>Set for how long the password cannot be used in <b>Password Lock Duration</b>.</p>") + - - // help text for pwdFailureCountInterval attribute - _("<p><b>Bind Failures Cache Duration</b> specifies the time after which password failures are purged from the failure counter even if no successful authentication has occurred.</p>"), - ]; - - // map of attribute names for each tab - map attributes = $[ - `pwchange : [ - "pwdInHistory", "pwdMustChange", "pwdAllowUserChange", - "pwdSafeModify", "pwdCheckQuality", "pwdMinLength" - ], - `aging : [ - "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdGraceAuthNLimit" - ], - `lockout : [ - "pwdLockout", "pwdLockoutDuration", "pwdMaxFailure", - "pwdFailureCountInterval" - ], - ]; - - list time_attributes = [ - "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdLockoutDuration", - "pwdFailureCountInterval" - ]; - - map default_values = $[ - "pwdMustChange" : false, - "pwdAllowUserChange" : true, - "pwdSafeModify" : false, - "pwdLockout" : false, - ]; - - // maximal value of IntFields - integer max = 99999; - - list<term> tabs = [ - // tab label - `item(`id(`pwchange), _("&Password Change Policies"), true), - // tab label - `item(`id(`aging), _("Pa&ssword Aging Policies")), - // tab label - `item(`id(`lockout), _("&Lockout Policies")), - ]; - term tabs_term = `VBox ( - `DumbTab (`id(`tabs), tabs, - `ReplacePoint(`id(`tabContents ), `VBox (`Empty ()))) - ); - boolean has_tabs = true; - if (!UI::HasSpecialWidget (`DumbTab)) - { - has_tabs = false; - term tabbar = `HBox (); - foreach (term it, tabs, { - string label = it[1]:""; - tabbar = add (tabbar,`PushButton (it[0]:`id(label), label)); - }); - tabs_term = `VBox (`Left(tabbar), - `Frame ("", `ReplacePoint(`id(`tabContents), `Empty ())) - ); - } - - term contents = tabs_term; - - // generate the term of password policy tab and update the help text - void set_password_policies_term () { - integer pwdcheckquality = tointeger (ppolicy["pwdCheckQuality"]:"0"); - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.8), - `IntField (`id ("pwdInHistory"), - // IntField label - _("Ma&ximum Number of Passwords Stored in History"), - 0, max, tointeger (ppolicy["pwdInHistory"]:"0")), - `VSpacing (0.4), - `Left (`CheckBox (`id ("pwdMustChange"), - // checkbox label - _("U&ser Must Change Password after Reset"), - ppolicy["pwdMustChange"]:true)), - `VSpacing (0.2), - `Left (`CheckBox (`id ("pwdAllowUserChange"), - // checkbox label - _("&User Can Change Password"), - ppolicy["pwdAllowUserChange"]:true)), - `VSpacing (0.2), - `Left (`CheckBox (`id ("pwdSafeModify"), - // checkbox label - _("&Old Password Required for Password Change"), - ppolicy["pwdSafeModify"]:false)), - `VSpacing (0.4), - // frame label - `HBox (`HSpacing (2), `Frame (_("Password Quality Checking"), `VBox( - `VSpacing (0.5), - `RadioButtonGroup (`id("pwdCheckQuality"), `VBox ( - `Left (`RadioButton (`id(0), `opt (`notify), - _("&No Checking"), pwdcheckquality == 0)), - `Left (`RadioButton(`id(1), `opt (`notify), - _("Acc&ept Uncheckable Passwords"), - pwdcheckquality == 1)), - `Left (`RadioButton(`id(2), `opt (`notify), - _("&Only Accept Checked Passwords"), - pwdcheckquality == 2)) - )), - `VSpacing (0.4), - // IntField label - `IntField (`id ("pwdMinLength"), _("&Minimum Password Length"), - 0, max, tointeger (ppolicy["pwdMinLength"]:"0")) - ))) - ), `HSpacing (0.5))); - - UI::ReplaceWidget (`tabContents, tab_cont); - UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, pwdcheckquality > 0); - return; - } - - term time_dialog (string id, string label) { - - integer value = tointeger (ppolicy[id]:"0"); - integer days = value / (24*60*60); - if (days > 0) value = value - (days * 24*60*60); - integer hours = value / (60*60); - if (hours > 0) value = value - (hours * 60*60); - integer minutes = value / 60; - if (minutes > 0) value = value - (minutes * 60); - return `HBox (`HSpacing (0.3), `Frame (label, `HBox ( - `IntField (`id (id + "d"), _("Days"), 0, max, days), - `IntField (`id (id + "h"), _("Hours"), 0, 23, hours), - `IntField (`id (id + "m"), _("Minutes"), 0, 59, minutes), - `IntField (`id (id + "s"), _("Seconds"), 0, 59, value) - )), `HSpacing (0.3)); - } - - integer get_seconds_value (string attr) { - - integer days = (integer) UI::QueryWidget (`id (attr + "d"), `Value); - integer hours = (integer) UI::QueryWidget (`id (attr + "h"), `Value); - integer minutes = (integer) UI::QueryWidget (`id (attr + "m"), `Value); - integer seconds = (integer) UI::QueryWidget (`id (attr + "s"), `Value); - return (days * 24*60*60) + (hours * 60*60) + (minutes *60) + seconds; - } - - // generate the term of password aging tab - void set_aging_policies_term () { - - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.7), - // frame label - time_dialog ("pwdMinAge", _("Minimum Password Age")), - `VSpacing (0.4), - // frame label - time_dialog ("pwdMaxAge", _("Maximum Password Age")), - `VSpacing (0.4), - time_dialog ("pwdExpireWarning", - // frame label - _("Time before Password Expiration to Issue Warning")), - `VSpacing (0.2), - `IntField (`id ("pwdGraceAuthNLimit"), - // IntField label - _("Allowed Use of an Expired Password"), 0, max, - tointeger (ppolicy["pwdGraceAuthNLimit"]:"0") - ) - ), `HSpacing (0.5))); - UI::ReplaceWidget (`tabContents, tab_cont); - return; - } - - // generate the term of lockout aging tab - void set_lockout_policies_term () { - - boolean pwdlockout = ppolicy["pwdLockout"]:false; - - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.8), - `Left (`CheckBox (`id ("pwdLockout"), `opt (`notify), - // check box label - _("Enable Password Locking"), - pwdlockout)), - `VSpacing (0.4), - `IntField (`id ("pwdMaxFailure"), - // intField label - _("Bind Failures to Lock the Password"), - 0, max, tointeger (ppolicy["pwdMaxFailure"]:"0")), - // frame label - time_dialog ("pwdLockoutDuration", _("Password Lock Duration")), - `VSpacing (0.4), - time_dialog ("pwdFailureCountInterval", - // frame label - _("Bind Failures Cache Duration")) - ), `HSpacing (0.5))); - - UI::ReplaceWidget (`tabContents, tab_cont); - UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout); - foreach (string suffix, [ "d", "h", "m", "s" ], { - UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix), - `Enabled, pwdlockout); - UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix), - `Enabled, pwdlockout); - }); - return; - } - - symbol current_tab = `pwchange; - any result = nil; - - Wizard::OpenNextBackDialog (); - - // dialog label - Wizard::SetContentsButtons (_("Password Policy Configuration"), contents, - help_text + tabs_help_text[current_tab]:"", - Label::CancelButton(), Label::OKButton()); - Wizard::HideAbortButton(); - - set_password_policies_term (); - - while (true) - { - result = UI::UserInput (); - - if (is(result,symbol) && - contains ([`back, `cancel, `abort], (symbol)result)) - break; - - // save the values from UI - foreach (string attr, attributes[current_tab]:[], { - if (contains (time_attributes, attr)) - { - ppolicy[attr] = sformat ("%1", get_seconds_value (attr)); - return; - } - any val = UI::QueryWidget (`id (attr), `Value); - if (is (val, integer)) - val = sformat ("%1", val); - ppolicy[attr] = val; - }); - - if ((result == `pwchange || result == `aging || result == `lockout) && - result!= current_tab) - { - if (result == `pwchange) - set_password_policies_term (); - else if (result == `aging) - set_aging_policies_term (); - else if (result == `lockout) - set_lockout_policies_term (); - current_tab = (symbol) result; - if (has_tabs) - UI::ChangeWidget (`id (`tabs), `CurrentItem, current_tab); - Wizard::SetHelpText (help_text + tabs_help_text[current_tab]:""); - continue; - } - if (result == `next) - { - boolean cont = false; - - // check the template required attributes... - foreach (string oc, ppolicy["objectClass"]:[], ``{ - if (cont) return; - foreach (string attr, Ldap::GetRequiredAttributes (oc), ``{ - any val = ppolicy[attr]:nil; - if (!cont && val == nil || val == [] || val == "") { - //error popup, %1 is attribute name - Popup::Error (sformat (_("The \"%1\" attribute is mandatory. -Enter a value."), attr)); - UI::SetFocus (`id(`table)); - cont = true; - } - }); - }); - if (cont) continue; - break; - } - // now solve events inside the tabs - if (current_tab == `pwchange && is (result, integer)) - { - UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, result != 0); - } - if (current_tab == `lockout && result == "pwdLockout") - { - boolean pwdlockout = (boolean) UI::QueryWidget (`id ("pwdLockout"), `Value); - UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout); - foreach (string suffix, [ "d", "h", "m", "s" ], { - UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix), - `Enabled, pwdlockout); - UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix), - `Enabled, pwdlockout); - }); - } - } - Wizard::CloseDialog (); - - map ret = $[]; - if (result == `next) - { - foreach (string key, any val, (map) ppolicy, { - if (!haskey (ppolicy_orig, key) && - (val == default_values[key]:nil || val == "0")) - return; - if (val != ppolicy_orig[key]:nil) - { - if (is (val, boolean)) - val = (val == true) ? "TRUE" : "FALSE"; - ret[key] = val; - } - }); - } - return (result == `next) ? ret : nil; -} - - } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org