[yast-commit] r63611 - in /branches/SuSE-Code-11-SP2-Branch/ldap-client: src/Ldap.ycp src/ui.ycp testsuite/tests/Export.out testsuite/tests/Export.ycp testsuite/tests/Read.out testsuite/tests/Read.ycp
Author: jsuchome Date: Fri Mar 18 17:09:18 2011 New Revision: 63611 URL: http://svn.opensuse.org/viewcvs/yast?rev=63611&view=rev Log: if sssd is active, ask for basic Kerberos settings (fate#308902) Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp?rev=63611&r1=63610&r2=63611&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp Fri Mar 18 17:09:18 2011 @@ -324,6 +324,12 @@ // enable/disable offline authentication ('cache_credentials' key) global boolean sssd_cache_credentials = false; + // Kerberos default realm (for sssd) + global string krb5_realm = ""; + + // adress of KDC (key distribution centre) server for default realm + global string krb5_kdcip = ""; + //---------------------------------------------------------------- /** @@ -450,6 +456,8 @@ tls_checkpeer = settings ["tls_checkpeer"]:"yes"; mkhomedir = settings ["mkhomedir"]:mkhomedir; sssd = settings ["sssd"]:sssd; + krb5_realm = settings ["krb5_realm"]:krb5_realm; + krb5_kdcip = settings ["krb5_kdcip"]:krb5_kdcip; if (_start_autofs) required_packages = (list<string>) union (required_packages, ["autofs"]); @@ -492,7 +500,7 @@ "create_ldap" : create_ldap, "login_enabled" : login_enabled, "mkhomedir" : mkhomedir, - "sssd" : sssd + "sssd" : sssd, ]; if (tls_checkpeer != "yes") e["tls_checkpeer"] = tls_checkpeer; @@ -508,6 +516,10 @@ e["nss_base_group"] = nss_base_group; if (_autofs_allowed) e["start_autofs"] = _start_autofs; + if (krb5_realm != "") + e["krb5_realm"] = krb5_realm; + if (krb5_kdcip != "") + e["krb5_kdcip"] = krb5_kdcip; return e; } @@ -578,6 +590,26 @@ /* ------------- read/write functions ------------------------------- */ /** + * For sssd, some kerberos values are needed + */ + global boolean ReadKrb5Conf () + { + + list<string> realm = (list<string>) SCR::Read (.etc.krb5_conf.v.libdefaults.default_realm); + if (realm == nil) + realm = []; + krb5_realm = realm[0]:""; + + list<string> kdcs = (list<string>) SCR::Read (add (add (.etc.krb5_conf.v, krb5_realm), "kdc")); + if (kdcs == nil) + kdcs = []; + krb5_kdcip = mergestring (kdcs, " "); + + return true; + } + + + /** * Read single entry from /etc/ldap.conf file * @param entry entry name * @param defvalue default value if entry is not present @@ -879,6 +911,21 @@ Autologin::Read (); + if (true || Pam::Enabled("krb5")) + { + ReadKrb5Conf (); + } + if (FileUtils::Exists ("/etc/sssd/sssd.conf")) + { + // read realm and kdc from sssd.conf if available + path domain = add (.etc.sssd_conf.v, "domain/default"); + string realm = (string) SCR::Read (add (domain, "krb5_realm")); + if (realm != nil) + krb5_realm = realm; + string kdc = (string) SCR::Read (add (domain, "krb5_kdcip")); + if (kdc != nil) + krb5_kdcip = kdc; + } // Now check if previous configuration of LDAP server didn't proposed // some better values: @@ -2074,31 +2121,13 @@ } // In a mixed Kerberos/LDAP setup the following changes are needed in the [domain/default] section: - if (Pam::Enabled("krb5")) + if (krb5_realm != "" && krb5_kdcip != "") { -// FIXME: do not test for pam, it may be already off... SCR::Write (add (domain, "auth_provider"), "krb5"); SCR::Write (add (domain, "chpass_provider"), "krb5"); - /* - FIXME how to read krb settings: - a) use agent directly (moved out from yast2-kerberos-client) - b) use Read + Export of Kerberos.ycp - - * Set "krb5_kdcip" to the hostname of the kerberos kdc - * Set "krb5_realm" to kerberos realm - */ - if (Package::Installed ("yast2-kerberos-client")) - { - WFM::CallFunction ("kerberos-client_auto", ["Read"]); - any e = WFM::CallFunction ("kerberos-client_auto",["Export"]); - if (is (e,map) && e != $[]) - { - map kerberos = (map) e; - SCR::Write (add (domain, "krb5_realm"), kerberos["kerberos_client","default_realm"]:nil); - SCR::Write (add (domain, "krb5_kdcip"), kerberos["kerberos_client","kdc_server"]:nil); - } - } + SCR::Write (add (domain, "krb5_realm"), krb5_realm); + SCR::Write (add (domain, "krb5_kdcip"), krb5_kdcip); } else { Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp?rev=63611&r1=63610&r2=63611&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp Fri Mar 18 17:09:18 2011 @@ -713,6 +713,8 @@ string tls_cacertdir = Ldap::tls_cacertdir; string tls_cacertfile = Ldap::tls_cacertfile; boolean sssd = Ldap::sssd; + string krb5_realm = Ldap::krb5_realm; + string krb5_kdcip = Ldap::krb5_kdcip; list<term>member_attributes = [ `item (`id("member"), "member", member_attribute == "member"), @@ -831,12 +833,8 @@ ); } - define void set_client_term () { - - term cont = `Top (`HBox(`HSpacing (5), `VBox( - `VSpacing(0.4), - `Left (`CheckBox (`id (`sssd), `opt (`notify), _("Use S&ystem Security Services Daemon (SSSD)"), sssd)), - `VSpacing(0.4), + term get_frame_nss () { + return // frame label `Frame (_("Naming Contexts"), `HBox( `HSpacing (1), `VBox( @@ -874,7 +872,28 @@ `VSpacing(0.4) ), `HSpacing (1) - )), + )); + } + + term get_frame_krb () { + return + // frame label + `Frame (_("Basic Kerberos Settings"), `HBox (`HSpacing (1), `VBox ( + // textentry label + `TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm), + // textentry label + `TextEntry (`id (`krb5_kdcip), _("&KDC Server Address"), krb5_kdcip), + `VSpacing (0.4) + ), `HSpacing (1))); + } + + define void set_client_term () { + + term cont = `Top (`HBox(`HSpacing (5), `VBox( + `VSpacing(0.4), + `Left (`CheckBox (`id (`sssd), `opt (`notify), _("Use S&ystem Security Services Daemon (SSSD)"), sssd)), + `VSpacing(0.4), + `ReplacePoint (`id (`rp_frame), `VBox (sssd ? get_frame_krb () : get_frame_nss ())), `VSpacing (0.4), `ComboBox (`id (`pam_password), `opt(`notify,`hstretch,`editable), // combobox label @@ -913,10 +932,6 @@ UI::ReplaceWidget (`tabContents, cont); if (has_tabs) UI::ChangeWidget (`id (`tabs), `CurrentItem, `client); - - foreach (symbol ui, [ `nss_base_passwd, `nss_base_group, `nss_base_shadow, `br_passwd, `br_shadow, `br_group ], { - UI::ChangeWidget (`id (ui), `Enabled, UI::QueryWidget (`id (`sssd), `Value) == false); - }); } define void set_admin_term () { @@ -1012,12 +1027,23 @@ if (current == `client) { member_attribute =(string)UI::QueryWidget(`id(`group_style),`Value); - nss_base_passwd = (string) - UI::QueryWidget(`id(`nss_base_passwd),`Value); - nss_base_shadow = (string) - UI::QueryWidget(`id(`nss_base_shadow),`Value); - nss_base_group = (string) - UI::QueryWidget(`id(`nss_base_group),`Value); + + if (sssd) + { + krb5_realm = (string) + UI::QueryWidget (`id (`krb5_realm), `Value); + krb5_kdcip = (string) + UI::QueryWidget (`id (`krb5_kdcip), `Value); + } + else + { + nss_base_passwd = (string) + UI::QueryWidget(`id(`nss_base_passwd),`Value); + nss_base_shadow = (string) + UI::QueryWidget(`id(`nss_base_shadow),`Value); + nss_base_group = (string) + UI::QueryWidget(`id(`nss_base_group),`Value); + } pam_password = (string) UI::QueryWidget(`id(`pam_password), `Value); tls_cacertfile = (string) UI::QueryWidget(`id(`tls_cacertfile), `Value); @@ -1077,9 +1103,7 @@ if (result == `sssd) { sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value); - foreach (symbol ui, [ `nss_base_passwd, `nss_base_group, `nss_base_shadow, `br_passwd, `br_shadow, `br_group ], { - UI::ChangeWidget (`id (ui), `Enabled, !sssd); - }); + UI::ReplaceWidget (`id (`rp_frame), sssd ? get_frame_krb () : get_frame_nss ()); } if (result == `br_tls_cacertdir) { @@ -1268,7 +1292,9 @@ Ldap::ldap_v2 != ldap_v2 || Ldap::tls_cacertdir != tls_cacertdir || Ldap::tls_cacertfile != tls_cacertfile || - Ldap::sssd != sssd + Ldap::sssd != sssd || + Ldap::krb5_realm != krb5_realm || + Ldap::krb5_kdcip != krb5_kdcip ) { Ldap::bind_dn = bind_dn; @@ -1284,6 +1310,8 @@ Ldap::tls_cacertdir = tls_cacertdir; Ldap::tls_cacertfile = tls_cacertfile; Ldap::sssd = sssd; + Ldap::krb5_realm = krb5_realm; + Ldap::krb5_kdcip = krb5_kdcip; Ldap::modified = true; } break; Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out?rev=63611&r1=63610&r2=63611&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out Fri Mar 18 17:09:18 2011 @@ -17,6 +17,8 @@ Read .etc.ldap_conf.v."/etc/ldap.conf"."nss_map_attribute" 0 Execute .passwd.init $["base_directory":"/etc"] true Read .passwd.passwd.pluslines ["+"] +Read .etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"] +Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"] Return true Dump ============================================ -Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "ldap_v2":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":false, "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"] +Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "ldap_v2":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":false, "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"] Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp?rev=63611&r1=63610&r2=63611&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp Fri Mar 18 17:09:18 2011 @@ -36,6 +36,16 @@ ] ] ], + "krb5_conf" : $[ + "v" : $[ + "libdefaults": $[ + "default_realm": ["SUSE.CZ"], + ], + "SUSE.CZ": $[ + "kdc": ["kdc.suse.cz"], + ], + ], + ], // /etc/security/pam_* "security": $[ "section": $[ Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out?rev=63611&r1=63610&r2=63611&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out Fri Mar 18 17:09:18 2011 @@ -16,6 +16,8 @@ Read .etc.ldap_conf.v."/etc/ldap.conf"."nss_map_attribute" 0 Execute .passwd.init $["base_directory":"/etc"] true Read .passwd.passwd.pluslines ["+"] +Read .etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"] +Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"] Return true Dump ============================================ Dump ldap used: -true- Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp?rev=63611&r1=63610&r2=63611&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp (original) +++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp Fri Mar 18 17:09:18 2011 @@ -36,6 +36,16 @@ ] ] ], + "krb5_conf" : $[ + "v" : $[ + "libdefaults": $[ + "default_realm": ["SUSE.CZ"], + ], + "SUSE.CZ": $[ + "kdc": ["kdc.suse.cz"], + ], + ], + ], // /etc/security/pam_* "security": $[ "section": $[ -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org
participants (1)
-
jsuchome@svn2.opensuse.org