Author: jsuchome
Date: Wed Mar 14 09:44:21 2012
New Revision: 67619
URL: http://svn.opensuse.org/viewcvs/yast?rev=67619&view=rev
Log:
PasswordPolicyDialog moved to users module (bnc#748004)
Modified:
trunk/ldap-server/src/LdapDatabase.ycp
trunk/ldap-server/src/widgets.ycp
Modified: trunk/ldap-server/src/LdapDatabase.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapDatabase.ycp?rev=67619&r1=67618&r2=67619&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapDatabase.ycp (original)
+++ trunk/ldap-server/src/LdapDatabase.ycp Wed Mar 14 09:44:21 2012
@@ -12,6 +12,7 @@
include "ldap-server/helps.ycp";
include "ldap-server/widgets.ycp";
+ include "users/ldap_dialogs.ycp";
map baseDb = $[ "rootdn" : "cn=Administrator", "directory" : "/var/lib/ldap" ];
Modified: trunk/ldap-server/src/widgets.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/widgets.ycp?rev=67619&r1=67618&r2=67619&view=diff
==============================================================================
--- trunk/ldap-server/src/widgets.ycp (original)
+++ trunk/ldap-server/src/widgets.ycp Wed Mar 14 09:44:21 2012
@@ -495,372 +495,4 @@
return retval;
}
-/**
- * dialog for Password Policy configuration object
- * @param ppolicy data with Password Policy object to be edited (as obtained from LDAP search)
- * @return map with modifications of ppolicy object, nil in case of `cancel
- */
-define map PasswordPolicyDialog (map ppolicy) {
-
- // reduce the list values to single ones
- ppolicy = mapmap (string a, any val, (map)ppolicy, {
- if (is (val, list) && (Ldap::SingleValued (a) || size ((list)val) == 1))
- val = ((list)val)[0]:nil;
- if (val == "TRUE" || val == "FALSE")
- val = (val == "TRUE");
- return $[ a: val ];
- });
- map ppolicy_orig = ppolicy;
-
- // help text for Password Policy Dialog
- string help_text = _("<p>Select the <b>Password Change Policies</b>, <b>Password Aging Policies</b>, and <b>Lockout Policies</b> tabs to choose LDAP password policy groups of attributes to configure.</p>");
-
-
- // tab-specific help texts
- map tabs_help_text = $[
- // help text for pwdInHistory attribute
- `pwchange : _("<p>Specify the <b>Maximum Number of Passwords Stored in History</b> to set how many previously used passwords should be saved. Saved passwords may not be used.</p>") +
-
- // help text for pwdMustChange attribute
- _("<p>Check <b>User Must Change Password after Reset</b> to force users to change their passwords after the password is reset or changed by an administrator.</p>") +
-
- // help text for pwdAllowUserChange attribute
- _("<p>Check <b>User Can Change Password</b> to allow users to change their passwords.</p>") +
-
- // help text for pwdSafeModify attribute
- _("<p>If the existing password must be provided along with the new password, check <b>Old Password Required for Password Change</b>.</p>") +
-
- // help text for pwdCheckQuality attribute
- _("<p>Select whether the password quality should be verified while passwords are modified or added. Select <b>No Checking</b> if passwords should not be evaluated. With <b>Accept Uncheckable Passwords</b>, passwords are accepted even if the check cannot be performed, for example, if the user provides an encrypted password. With <b>Only Accept Checked Passwords</b> passwords are refused if the quality test fails or the password cannot be checked.</p>") +
-
- // help text for pwdMinLength attribute
- _("Set the minimum number of characters that must be used in a password in <b>Minimum Password Length</b>.</p>"),
-
- // help text for pwdMinAge attribute
- `aging : _("<p><b>Minimum Password Age</b> sets how much time must pass between modifications to the password.</p>") +
-
- // help text for pwdMaxAge attribute
- _("<p><b>Maximum Password Age</b> sets how long after modification a password expires.</p>") +
-
- // help text for pwdExpireWarning attribute
- _("<p>In <b>Time before Password Expiration to Issue Warning</b> specify how long\nbefore expiration an authenticating user should be warned.</p>") +
-
- // help text for pwdGraceAuthNLimit attribute
- _("<p>Set the number of times an expired password can be used to authenticate in <b>Allowed Uses of an Expired Password</b>.</p>"),
-
- // help text for pwdLockout attribute
- `lockout : _("<p>Check <b>Enable Password Locking</b> to forbid use of a password after a specified number of consecutive failed bind attempts.</p>") +
-
- // help text for pwdMaxFailure attribute
- _("<p>Set the number of consecutive failed bind attempts after which the password may not be used to authenticate in <b>Bind Failures to Lock the Password</b>.</p>") +
-
- // help text for pwdLockoutDuration attribute
- _("<p>Set for how long the password cannot be used in <b>Password Lock Duration</b>.</p>") +
-
- // help text for pwdFailureCountInterval attribute
- _("<p><b>Bind Failures Cache Duration</b> specifies the time after which password failures are purged from the failure counter even if no successful authentication has occurred.</p>"),
- ];
-
- // map of attribute names for each tab
- map attributes = $[
- `pwchange : [
- "pwdInHistory", "pwdMustChange", "pwdAllowUserChange",
- "pwdSafeModify", "pwdCheckQuality", "pwdMinLength"
- ],
- `aging : [
- "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdGraceAuthNLimit"
- ],
- `lockout : [
- "pwdLockout", "pwdLockoutDuration", "pwdMaxFailure",
- "pwdFailureCountInterval"
- ],
- ];
-
- list time_attributes = [
- "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdLockoutDuration",
- "pwdFailureCountInterval"
- ];
-
- map default_values = $[
- "pwdMustChange" : false,
- "pwdAllowUserChange" : true,
- "pwdSafeModify" : false,
- "pwdLockout" : false,
- ];
-
- // maximal value of IntFields
- integer max = 99999;
-
- list<term> tabs = [
- // tab label
- `item(`id(`pwchange), _("&Password Change Policies"), true),
- // tab label
- `item(`id(`aging), _("Pa&ssword Aging Policies")),
- // tab label
- `item(`id(`lockout), _("&Lockout Policies")),
- ];
- term tabs_term = `VBox (
- `DumbTab (`id(`tabs), tabs,
- `ReplacePoint(`id(`tabContents ), `VBox (`Empty ())))
- );
- boolean has_tabs = true;
- if (!UI::HasSpecialWidget (`DumbTab))
- {
- has_tabs = false;
- term tabbar = `HBox ();
- foreach (term it, tabs, {
- string label = it[1]:"";
- tabbar = add (tabbar,`PushButton (it[0]:`id(label), label));
- });
- tabs_term = `VBox (`Left(tabbar),
- `Frame ("", `ReplacePoint(`id(`tabContents), `Empty ()))
- );
- }
-
- term contents = tabs_term;
-
- // generate the term of password policy tab and update the help text
- void set_password_policies_term () {
- integer pwdcheckquality = tointeger (ppolicy["pwdCheckQuality"]:"0");
- term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox (
- `VSpacing (0.8),
- `IntField (`id ("pwdInHistory"),
- // IntField label
- _("Ma&ximum Number of Passwords Stored in History"),
- 0, max, tointeger (ppolicy["pwdInHistory"]:"0")),
- `VSpacing (0.4),
- `Left (`CheckBox (`id ("pwdMustChange"),
- // checkbox label
- _("U&ser Must Change Password after Reset"),
- ppolicy["pwdMustChange"]:true)),
- `VSpacing (0.2),
- `Left (`CheckBox (`id ("pwdAllowUserChange"),
- // checkbox label
- _("&User Can Change Password"),
- ppolicy["pwdAllowUserChange"]:true)),
- `VSpacing (0.2),
- `Left (`CheckBox (`id ("pwdSafeModify"),
- // checkbox label
- _("&Old Password Required for Password Change"),
- ppolicy["pwdSafeModify"]:false)),
- `VSpacing (0.4),
- // frame label
- `HBox (`HSpacing (2), `Frame (_("Password Quality Checking"), `VBox(
- `VSpacing (0.5),
- `RadioButtonGroup (`id("pwdCheckQuality"), `VBox (
- `Left (`RadioButton (`id(0), `opt (`notify),
- _("&No Checking"), pwdcheckquality == 0)),
- `Left (`RadioButton(`id(1), `opt (`notify),
- _("Acc&ept Uncheckable Passwords"),
- pwdcheckquality == 1)),
- `Left (`RadioButton(`id(2), `opt (`notify),
- _("&Only Accept Checked Passwords"),
- pwdcheckquality == 2))
- )),
- `VSpacing (0.4),
- // IntField label
- `IntField (`id ("pwdMinLength"), _("&Minimum Password Length"),
- 0, max, tointeger (ppolicy["pwdMinLength"]:"0"))
- )))
- ), `HSpacing (0.5)));
-
- UI::ReplaceWidget (`tabContents, tab_cont);
- UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, pwdcheckquality > 0);
- return;
- }
-
- term time_dialog (string id, string label) {
-
- integer value = tointeger (ppolicy[id]:"0");
- integer days = value / (24*60*60);
- if (days > 0) value = value - (days * 24*60*60);
- integer hours = value / (60*60);
- if (hours > 0) value = value - (hours * 60*60);
- integer minutes = value / 60;
- if (minutes > 0) value = value - (minutes * 60);
- return `HBox (`HSpacing (0.3), `Frame (label, `HBox (
- `IntField (`id (id + "d"), _("Days"), 0, max, days),
- `IntField (`id (id + "h"), _("Hours"), 0, 23, hours),
- `IntField (`id (id + "m"), _("Minutes"), 0, 59, minutes),
- `IntField (`id (id + "s"), _("Seconds"), 0, 59, value)
- )), `HSpacing (0.3));
- }
-
- integer get_seconds_value (string attr) {
-
- integer days = (integer) UI::QueryWidget (`id (attr + "d"), `Value);
- integer hours = (integer) UI::QueryWidget (`id (attr + "h"), `Value);
- integer minutes = (integer) UI::QueryWidget (`id (attr + "m"), `Value);
- integer seconds = (integer) UI::QueryWidget (`id (attr + "s"), `Value);
- return (days * 24*60*60) + (hours * 60*60) + (minutes *60) + seconds;
- }
-
- // generate the term of password aging tab
- void set_aging_policies_term () {
-
- term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox (
- `VSpacing (0.7),
- // frame label
- time_dialog ("pwdMinAge", _("Minimum Password Age")),
- `VSpacing (0.4),
- // frame label
- time_dialog ("pwdMaxAge", _("Maximum Password Age")),
- `VSpacing (0.4),
- time_dialog ("pwdExpireWarning",
- // frame label
- _("Time before Password Expiration to Issue Warning")),
- `VSpacing (0.2),
- `IntField (`id ("pwdGraceAuthNLimit"),
- // IntField label
- _("Allowed Use of an Expired Password"), 0, max,
- tointeger (ppolicy["pwdGraceAuthNLimit"]:"0")
- )
- ), `HSpacing (0.5)));
- UI::ReplaceWidget (`tabContents, tab_cont);
- return;
- }
-
- // generate the term of lockout aging tab
- void set_lockout_policies_term () {
-
- boolean pwdlockout = ppolicy["pwdLockout"]:false;
-
- term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox (
- `VSpacing (0.8),
- `Left (`CheckBox (`id ("pwdLockout"), `opt (`notify),
- // check box label
- _("Enable Password Locking"),
- pwdlockout)),
- `VSpacing (0.4),
- `IntField (`id ("pwdMaxFailure"),
- // intField label
- _("Bind Failures to Lock the Password"),
- 0, max, tointeger (ppolicy["pwdMaxFailure"]:"0")),
- // frame label
- time_dialog ("pwdLockoutDuration", _("Password Lock Duration")),
- `VSpacing (0.4),
- time_dialog ("pwdFailureCountInterval",
- // frame label
- _("Bind Failures Cache Duration"))
- ), `HSpacing (0.5)));
-
- UI::ReplaceWidget (`tabContents, tab_cont);
- UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout);
- foreach (string suffix, [ "d", "h", "m", "s" ], {
- UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix),
- `Enabled, pwdlockout);
- UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix),
- `Enabled, pwdlockout);
- });
- return;
- }
-
- symbol current_tab = `pwchange;
- any result = nil;
-
- Wizard::OpenNextBackDialog ();
-
- // dialog label
- Wizard::SetContentsButtons (_("Password Policy Configuration"), contents,
- help_text + tabs_help_text[current_tab]:"",
- Label::CancelButton(), Label::OKButton());
- Wizard::HideAbortButton();
-
- set_password_policies_term ();
-
- while (true)
- {
- result = UI::UserInput ();
-
- if (is(result,symbol) &&
- contains ([`back, `cancel, `abort], (symbol)result))
- break;
-
- // save the values from UI
- foreach (string attr, attributes[current_tab]:[], {
- if (contains (time_attributes, attr))
- {
- ppolicy[attr] = sformat ("%1", get_seconds_value (attr));
- return;
- }
- any val = UI::QueryWidget (`id (attr), `Value);
- if (is (val, integer))
- val = sformat ("%1", val);
- ppolicy[attr] = val;
- });
-
- if ((result == `pwchange || result == `aging || result == `lockout) &&
- result!= current_tab)
- {
- if (result == `pwchange)
- set_password_policies_term ();
- else if (result == `aging)
- set_aging_policies_term ();
- else if (result == `lockout)
- set_lockout_policies_term ();
- current_tab = (symbol) result;
- if (has_tabs)
- UI::ChangeWidget (`id (`tabs), `CurrentItem, current_tab);
- Wizard::SetHelpText (help_text + tabs_help_text[current_tab]:"");
- continue;
- }
- if (result == `next)
- {
- boolean cont = false;
-
- // check the template required attributes...
- foreach (string oc, ppolicy["objectClass"]:[], ``{
- if (cont) return;
- foreach (string attr, Ldap::GetRequiredAttributes (oc), ``{
- any val = ppolicy[attr]:nil;
- if (!cont && val == nil || val == [] || val == "") {
- //error popup, %1 is attribute name
- Popup::Error (sformat (_("The \"%1\" attribute is mandatory.
-Enter a value."), attr));
- UI::SetFocus (`id(`table));
- cont = true;
- }
- });
- });
- if (cont) continue;
- break;
- }
- // now solve events inside the tabs
- if (current_tab == `pwchange && is (result, integer))
- {
- UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, result != 0);
- }
- if (current_tab == `lockout && result == "pwdLockout")
- {
- boolean pwdlockout = (boolean) UI::QueryWidget (`id ("pwdLockout"), `Value);
- UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout);
- foreach (string suffix, [ "d", "h", "m", "s" ], {
- UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix),
- `Enabled, pwdlockout);
- UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix),
- `Enabled, pwdlockout);
- });
- }
- }
- Wizard::CloseDialog ();
-
- map ret = $[];
- if (result == `next)
- {
- foreach (string key, any val, (map) ppolicy, {
- if (!haskey (ppolicy_orig, key) &&
- (val == default_values[key]:nil || val == "0"))
- return;
- if (val != ppolicy_orig[key]:nil)
- {
- if (is (val, boolean))
- val = (val == true) ? "TRUE" : "FALSE";
- ret[key] = val;
- }
- });
- }
- return (result == `next) ? ret : nil;
-}
-
-
}
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org