Hello community, here is the log from the commit of package yast2-auth-client for openSUSE:Factory checked in at 2015-06-30 10:15:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-auth-client (Old) and /work/SRC/openSUSE:Factory/.yast2-auth-client.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-auth-client" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-auth-client/yast2-auth-client.changes 2015-04-21 10:53:42.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-auth-client.new/yast2-auth-client.changes 2015-06-30 10:15:47.000000000 +0200 @@ -1,0 +2,26 @@ +Tue Jun 16 09:31:17 UTC 2015 - hguo@suse.com + +- Upgrade to version 3.3.1: + * Simply the UI of the Initial Customisation dialog. + * Fix a typo on main screen. + * Fix a regression in "delete parameter" feature". + * Fix incorrect value defaults of several provider options. + (Implements part of fate#316349) + +------------------------------------------------------------------- +Wed May 27 08:37:01 UTC 2015 - hguo@suse.com + +- Upgrade to version 3.3.0: + Introduction of new features, bug fixes, and improved user experience - + * Add ability to disable SSSD daemon along with its configuration. + * Add ability to remove customisation from an optional parameter. + * New diaglog "Initial Customisation" helps with customising important parameters + for joining a new domain. + * Prompt user when sssd or autofs daemon fail to be started. + * Fix several parameter descriptions and value defaults. + * Fix configuration of autofs and sudo NSS databases. + * Fix relevant parameters not showing up in "More Parameters" list. + * Other cosmetic fixes on UI labels and layout. + (Implements part of fate#316349) + +------------------------------------------------------------------- Old: ---- yast2-auth-client-3.2.1.tar.bz2 New: ---- yast2-auth-client-3.3.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-auth-client.spec ++++++ --- /var/tmp/diff_new_pack.W9lchI/_old 2015-06-30 10:15:48.000000000 +0200 +++ /var/tmp/diff_new_pack.W9lchI/_new 2015-06-30 10:15:48.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package yast2-auth-client # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 3.2.1 +Version: 3.3.1 Release: 0 Summary: YaST2 - Network Authentication Configuration License: GPL-2.0 @@ -66,7 +66,6 @@ %{yast_desktopdir}/auth-client.desktop %{yast_moduledir}/AuthClient.rb %{yast_clientdir}/auth-client*.rb -%{yast_scrconfdir}/*.scr %{yast_schemadir}/autoyast/rnc/auth-client.rnc %dir %{yast_libdir}/yauthclient %{yast_libdir}/yauthclient/* ++++++ yast2-auth-client-3.2.1.tar.bz2 -> yast2-auth-client-3.3.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/package/yast2-auth-client.changes new/yast2-auth-client-3.3.1/package/yast2-auth-client.changes --- old/yast2-auth-client-3.2.1/package/yast2-auth-client.changes 2015-04-20 14:37:09.000000000 +0200 +++ new/yast2-auth-client-3.3.1/package/yast2-auth-client.changes 2015-06-24 15:29:02.000000000 +0200 @@ -1,4 +1,30 @@ ------------------------------------------------------------------- +Tue Jun 16 09:31:17 UTC 2015 - hguo@suse.com + +- Upgrade to version 3.3.1: + * Simply the UI of the Initial Customisation dialog. + * Fix a typo on main screen. + * Fix a regression in "delete parameter" feature". + * Fix incorrect value defaults of several provider options. + (Implements part of fate#316349) + +------------------------------------------------------------------- +Wed May 27 08:37:01 UTC 2015 - hguo@suse.com + +- Upgrade to version 3.3.0: + Introduction of new features, bug fixes, and improved user experience - + * Add ability to disable SSSD daemon along with its configuration. + * Add ability to remove customisation from an optional parameter. + * New diaglog "Initial Customisation" helps with customising important parameters + for joining a new domain. + * Prompt user when sssd or autofs daemon fail to be started. + * Fix several parameter descriptions and value defaults. + * Fix configuration of autofs and sudo NSS databases. + * Fix relevant parameters not showing up in "More Parameters" list. + * Other cosmetic fixes on UI labels and layout. + (Implements part of fate#316349) + +------------------------------------------------------------------- Mon Apr 20 11:30:36 UTC 2015 - hguo@suse.com - Fix the handling of boolean type parameters when invoked by autoyast. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/package/yast2-auth-client.spec new/yast2-auth-client-3.3.1/package/yast2-auth-client.spec --- old/yast2-auth-client-3.2.1/package/yast2-auth-client.spec 2015-04-20 14:37:09.000000000 +0200 +++ new/yast2-auth-client-3.3.1/package/yast2-auth-client.spec 2015-06-24 15:29:02.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 3.2.1 +Version: 3.3.1 Release: 0 Group: System/YaST License: GPL-2.0 @@ -59,7 +59,6 @@ %{yast_desktopdir}/auth-client.desktop %{yast_moduledir}/AuthClient.rb %{yast_clientdir}/auth-client*.rb -%{yast_scrconfdir}/*.scr %{yast_schemadir}/autoyast/rnc/auth-client.rnc %dir %{yast_libdir}/yauthclient %{yast_libdir}/yauthclient/* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/src/lib/yauthclient/edit_param_dialog.rb new/yast2-auth-client-3.3.1/src/lib/yauthclient/edit_param_dialog.rb --- old/yast2-auth-client-3.2.1/src/lib/yauthclient/edit_param_dialog.rb 2015-04-20 13:22:12.000000000 +0200 +++ new/yast2-auth-client-3.3.1/src/lib/yauthclient/edit_param_dialog.rb 2015-06-24 15:29:02.000000000 +0200 @@ -88,6 +88,7 @@ sect_conf = UIData.instance.get_conf.fetch(UIData.instance.get_curr_section, Hash[]) sect_conf[@param_name] = val.to_s UIData.instance.get_conf[UIData.instance.get_curr_section] = sect_conf + UIData.instance.reload_section return :ok when :cancel return :cancel diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/src/lib/yauthclient/initial_customisation_dialog.rb new/yast2-auth-client-3.3.1/src/lib/yauthclient/initial_customisation_dialog.rb --- old/yast2-auth-client-3.2.1/src/lib/yauthclient/initial_customisation_dialog.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-auth-client-3.3.1/src/lib/yauthclient/initial_customisation_dialog.rb 2015-06-24 15:29:02.000000000 +0200 @@ -0,0 +1,161 @@ +# encoding: utf-8 + +# ------------------------------------------------------------------------------ +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of version 2 of the GNU General Public License as published by the +# Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, contact SUSE Linux GmbH. +# +# ------------------------------------------------------------------------------ + +require "yast" +require "yauthclient/uidata.rb" +require "yauthclient/params.rb" + +module YAuthClient + # Customise important parameters for a newly created domain/service. + class InitialCustomisationDialog + include Yast::UIShortcuts + include Yast::I18n + include Yast::Logger + + def initialize(param_categories) + textdomain "auth-client" + # Array of all parameter categories relevant to this new section + # e.g. [ldap, krb] or [ipa, ipa] + @param_categories = param_categories + # Figure out the required and important parameters ready for customisation + @custom_params = Hash[] + param_categories.each { |cat_name| + @custom_params.merge!( + Params.instance.get_by_category(cat_name).keep_if { |name, defi| + defi["req"] || defi["important"] + } + ) + } + @custom_param_vals = Hash[] + # The already-customised or default value of the custom_params + @custom_params.each { |name, defi| + val = UIData.instance.get_param_val(name) + if val == nil + @custom_param_vals[name] = defi["def"] # default value + else + @custom_param_vals[name] = val # already-set value + end + } + end + + def run + return :ok if @custom_params.empty? + return if !render_all + begin + return ui_event_loop + ensure + Yast::UI.CloseDialog() + end + end + + private + # Create parameter editor controls (label, input, help text) and return them. + def make_editor(param_names) + if param_names.empty? + return [Left(Label(_("None.")))] + end + param_controls = [] + param_names.sort.each { |name| + defi = @custom_params[name] + param_val = @custom_param_vals[name] + # Make value input + input_control = nil + case defi["type"] + when "int" + input_control = IntField(Id("val-" + name), defi["desc"], 0, 10000000, param_val.to_i) + when "boolean" + input_control = CheckBox(Id("val-" + name), defi["desc"], !!/true/i.match(param_val.to_s)) + else + if defi["vals"].empty? + input_control = InputField(Id("val-" + name), defi["desc"], param_val.to_s) + else + choices = defi["vals"].split(%r{[\s,]+}) + input_control = ComboBox(Id("val-" + name), defi["desc"], choices.map { |val| + Item(val, val == param_val) + }) + end + end + param_controls.push(Left(HSquash(input_control))) + param_controls.push(VSpacing(0.2)) + } + return param_controls + end + + # Render controls for editing parameter values, according to parameter data type. + def render_all + Yast::UI.OpenDialog( + VBox( + VSpacing(0.5), + Frame( + _("Mandatory Parameters"), + VBox(*make_editor(@custom_params.select { + |name, defi| defi["req"] && !defi["no_init_customisation"] + }.keys)) + ), + VSpacing(0.5), + Frame( + _("Optional Parameters"), + VBox(*make_editor(@custom_params.select { + |name, defi| defi["important"] && !defi["no_init_customisation"] + }.keys)) + ), + ButtonBox( + PushButton(Id(:ok), Yast::Label.OKButton), + PushButton(Id(:cancel), Yast::Label.CancelButton) + ) + ) + ) + end + + # Return :ok or :cancel depends user action. + def ui_event_loop + loop do + case Yast::UI.UserInput + when :ok + # Check that all mandatory parameters are set + missing = @custom_params.select { + |name, defi| defi["req"] && !defi["no_init_customisation"] + }.keys.select { |name| + Yast::UI.QueryWidget(Id("val-" + name), :Value).to_s.empty? + } + if !missing.empty? + descs = missing.map { |pname| @custom_params[pname]["desc"] } + Yast::Popup.Error(_("Please complete all of the following mandatory parameters:\n") + descs.join("\n")) + redo + end + # Save parameter values + @custom_params.each { |name, defi| + val = Yast::UI.QueryWidget(Id("val-" + name), :Value).to_s + if !val.empty? + sect_conf = UIData.instance.get_conf.fetch(UIData.instance.get_curr_section, Hash[]) + sect_conf[name] = val + UIData.instance.get_conf[UIData.instance.get_curr_section] = sect_conf + end + } + UIData.instance.reload_section + return :ok + + when :cancel + # Remove the section and return to main screen + UIData.instance.del_curr_section + return :cancel + end + end + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/src/lib/yauthclient/main_dialog.rb new/yast2-auth-client-3.3.1/src/lib/yauthclient/main_dialog.rb --- old/yast2-auth-client-3.2.1/src/lib/yauthclient/main_dialog.rb 2015-04-20 13:22:12.000000000 +0200 +++ new/yast2-auth-client-3.3.1/src/lib/yauthclient/main_dialog.rb 2015-06-24 15:29:02.000000000 +0200 @@ -58,15 +58,23 @@ # Overview of all config sections HWeight(35, VBox( VSpacing(0.2), - Left(CheckBox(Id(:mkhomedir), Opt(:notify), - _("Create Home Directory on Login"), - Yast::AuthClient.auth["mkhomedir"])), + Frame( + _("Global Configuration"), + VBox( + Left(CheckBox(Id(:mkhomedir), Opt(:notify), + _("Create Home Directory on Login"), + Yast::AuthClient.auth["mkhomedir"])), + Left(CheckBox(Id(:enable_daemon), Opt(:notify), + _("Enable SSSD daemon"), + Yast::AuthClient.auth["sssd"])) + ) + ), VSpacing(0.2), Left(Label(Opt(:boldFont), _("Sections"))), Tree(Id(:section_tree), Opt(:immediate), "", []), HBox( - PushButton(Id(:new_sec), _("New Section")), - PushButton(Id(:del_sec), _("Delete Section")) + PushButton(Id(:new_sec), _("New Service/Domain")), + PushButton(Id(:del_sec), _("Delete Service/Domain")) ) )), # Config editor @@ -110,10 +118,13 @@ # Display a brief of parameter description desc = detail[2].lines[0] desc = desc && desc.strip || "" - Item(detail[0], detail[1], desc.length > 60 && desc[0..59] + "..." || desc) + Item(detail[0], detail[1], desc) } ), - PushButton(Id(:edit_param), Yast::Label.EditButton), + VBox( + PushButton(Id(:edit_param), Yast::Label.EditButton), + PushButton(Id(:del_param), Yast::Label.DeleteButton) + ) ) )) end @@ -144,7 +155,7 @@ # Display a brief of parameter description desc = detail["desc"].lines[0] desc = desc && desc.strip || "" - Item(name, desc.length > 60 && desc[0..59] + "..." || desc) + Item(name, desc) } ) end @@ -171,9 +182,6 @@ return false end end - Yast::AuthClient.auth["sssd"] = true; - Yast::AuthClient.auth["nssldap"] = false; - Yast::AuthClient.auth["oes"] = false; if ! Yast::AuthClient.auth.has_key?("sssd_conf") Yast::AuthClient.CreateBasicSSSD end @@ -201,7 +209,6 @@ result = NewSectionDialog.new.run if result != :cancel # Re-render to display the new section - UIData.instance.switch_section(result) render_section_tree render_section_conf render_list_more_params @@ -216,19 +223,8 @@ elsif !Yast::Popup.YesNo(_("Do you really wish to delete section %s?" % sect_name)) redo end - if sect_name.include? "domain/" - # Remove domain - the section name has prefix 'domain/' - UIData.instance.get_conf[sect_name]["DeleteSection"] = true - # Domain names in parameter "domains" do not use prefix - sect_name = sect_name.sub("domain/", "") - UIData.instance.get_conf["sssd"]["domains"] = UIData.instance.get_enabled_domains.delete_if { |d| d == sect_name }.join(",") - else - # Remove service - UIData.instance.get_conf[sect_name]["DeleteSection"] = true - UIData.instance.get_conf["sssd"]["services"] = UIData.instance.get_enabled_services.delete_if { |d| d == sect_name }.join(",") - end + UIData.instance.del_curr_section # Re-render to display section SSSD - UIData.instance.switch_section("sssd") render_section_tree render_section_conf render_list_more_params @@ -236,6 +232,10 @@ when :mkhomedir # Change the create-home-directory-on-login settings Yast::AuthClient.auth["mkhomedir"] = Yast::UI.QueryWidget(Id(:mkhomedir), :Value) + + when :enable_daemon + # Enable/disable SSSD daemon + Yast::AuthClient.auth["sssd"] = Yast::UI.QueryWidget(Id(:enable_daemon), :Value) # Right side when :edit_param @@ -245,10 +245,41 @@ redo end if EditParamDialog.new(param_name).run == :ok - UIData.instance.reload_section render_section_conf + render_list_more_params end + when :del_param + # Delete a parameter customisation + param_name = Yast::UI.QueryWidget(Id(:conf_table), :CurrentItem) + if param_name == nil + redo + end + # Forbid removal of mandatory parameters + is_important = Params.instance.get_by_name(param_name)["important"] + if [ + UIData.instance.get_curr_section, + UIData.instance.get_current_id_provider, + UIData.instance.get_current_auth_provider + ].any? { |param_category| + Params.instance.is_required?(param_category, param_name) + } + Yast::Popup.Error(_("This is a mandatory parameter and it may not be deleted.")) + redo + end + # Warn against removal of important parameters + if is_important && !Yast::Popup.ContinueCancelHeadline( + _("Confirm parameter removal: ") + param_name, + _("The parameter is important. Removal of the parameter may cause SSSD startup failure.\n" + + "Please consult SSSD manual page before moving on.\n" + + "Do you still wish to continue?")) + redo + end + UIData.instance.get_conf[UIData.instance.get_curr_section][param_name] = Yast::AuthClientClass::DELETED_VALUE + UIData.instance.reload_section + render_section_conf + render_list_more_params + when :param_filter # Reload parameter table according to the filter filter_val = Yast::UI.QueryWidget(Id(:param_filter), :Value) @@ -261,7 +292,6 @@ redo end if EditParamDialog.new(param_name).run == :ok - UIData.instance.reload_section render_section_conf render_list_more_params end @@ -280,7 +310,7 @@ misspelt_names = UIData.instance.get_enabled_domains - all_domains if misspelt_names != [] Yast::Popup.Error( - "Certain domains mentioned in [sssd] \"domains\" aprameter do not have " + + "Certain domains mentioned in [sssd] \"domains\" parameter do not have " + "configuration:\n%s\n\n" % misspelt_names.join(", ") + "This could be a spelling mistake. SSSD will not start in this configuration.\n" + "Note that domain names are case sensitive. Please correct the parameter value.") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/src/lib/yauthclient/new_section_dialog.rb new/yast2-auth-client-3.3.1/src/lib/yauthclient/new_section_dialog.rb --- old/yast2-auth-client-3.2.1/src/lib/yauthclient/new_section_dialog.rb 2015-04-20 13:22:12.000000000 +0200 +++ new/yast2-auth-client-3.3.1/src/lib/yauthclient/new_section_dialog.rb 2015-06-24 15:29:02.000000000 +0200 @@ -18,6 +18,7 @@ require "yast" require "yauthclient/uidata.rb" +require "yauthclient/initial_customisation_dialog.rb" module YAuthClient # Create a new section, whether a Service or Domain. @@ -57,7 +58,7 @@ Left(RadioButton(Id(:type_dom), Opt(:notify), _("Domain"))), VBox( Id(:section_dom), - InputField(Id(:dom_name), Opt(:hstretch), _("Name:"),""), + InputField(Id(:dom_name), Opt(:hstretch), _("Domain name (example.com):"),""), SelectionBox( Id(:id_provider), _("Identification provider:"), @@ -66,7 +67,7 @@ SelectionBox( Id(:auth_provider), _("Authentication provider:"), - ["(default)"] + UIData.instance.get_auth_providers + ["(same as ID provider)"] + UIData.instance.get_auth_providers ), Left(CheckBox(Id(:activate), _("Activate Domain"), true)) ) @@ -83,7 +84,7 @@ Yast::UI.ChangeWidget(Id(:section_type), :CurrentButton, :type_svc) end - # Return name of the new section if it was created, or :cancel otherwise. + # Switch to new section and return :ok if section was created, or :cancel otherwise. def ui_event_loop loop do case Yast::UI.UserInput @@ -106,6 +107,12 @@ end UIData.instance.get_conf[sect_name] = Hash[] UIData.instance.get_conf["sssd"]["services"] = (UIData.instance.get_enabled_services + [sect_name]).join(",") + # Swtich to this new section + UIData.instance.switch_section(sect_name) + # Instruct user to create initial customisation + if InitialCustomisationDialog.new(["services", sect_name]).run != :ok + return :cancel + end else # Create new domain sect_name = Yast::UI.QueryWidget(Id(:dom_name), :Value).to_s.strip @@ -115,12 +122,14 @@ if sect_name == "" Yast::Popup.Error(_("Please enter a name for the new domain.")) redo + elsif UIData.instance.get_all_domains.include?(sect_name) + Yast::Popup.Error(_("The domain name is already in-use.")) + redo end - if auth_provider == "(default)" + if auth_provider == "(same as ID provider)" auth_provider = id_provider end # Activate the new domain in SSSD daemon config - log.info "activate? " + activate_dom.to_s if activate_dom UIData.instance.get_conf["sssd"]["domains"] = (UIData.instance.get_enabled_domains + [sect_name]).uniq.join(",") end @@ -132,9 +141,15 @@ if id_provider == "ldap" && sect_conf["ldap_schema"] == nil sect_conf["ldap_schema"] = "rfc2307bis" end + # Swtich to this new section UIData.instance.get_conf[sect_name] = sect_conf + UIData.instance.switch_section(sect_name) + # Instruct user to create initial customisation + if InitialCustomisationDialog.new(["domain", sect_conf["id_provider"], sect_conf["auth_provider"]]).run != :ok + return :cancel + end end - return sect_name + return :ok when :cancel return :cancel end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/src/lib/yauthclient/params.rb new/yast2-auth-client-3.3.1/src/lib/yauthclient/params.rb --- old/yast2-auth-client-3.2.1/src/lib/yauthclient/params.rb 2015-04-20 13:22:12.000000000 +0200 +++ new/yast2-auth-client-3.3.1/src/lib/yauthclient/params.rb 2015-06-24 15:29:02.000000000 +0200 @@ -39,32 +39,60 @@ return @all_params end - # Return the parameter description, type, default value and value choices. + # Return the parameter description, type, default value, is_required, is_important, section name, and value choices. def get_by_name(name) - sect_defi = @all_params.find(ifnone=lambda{ [nil, Hash[]] }) { |sect, defi| defi.has_key? name }[1] - defi = sect_defi.fetch(name, Hash[]) + sect_defi = @all_params.find(ifnone=lambda{ [nil, Hash[]] }) { |sect, defi| defi.has_key? name } + defi = sect_defi[1].fetch(name, Hash[]) + # Parameter attributes: + # desc - Help text for the parameter. + # type - Data type (boolean, string, int). + # vals - Limited value choices. + # def - Default value (or default value choice). + # req - Value must be customised. Cannot be deleted. + # sect - Name of the category the parameter belongs to. + # important - Should be customised when section is created. May be deleted with caution. return Hash[ "desc", defi["desc"] && defi["desc"] || "", "type", defi["type"] && defi["type"] || "string", "vals", defi["vals"] && defi["vals"] || [], - "def", defi["def"] && defi["def"] || "" + "def", defi["def"] && defi["def"] || "", + "req", defi["req"] && defi["req"] || false, + "important", defi["important"] && defi["important"] || false, + "no_init_customisation", defi["no_init_customisation"] && defi["no_init_customisation"] || false, + "sect", sect_defi[0] ] end - # Return all parameter details that belong to the specified section. - def get_by_section(section_name) - defs = @all_params.fetch(section_name, Hash[]).keys.map { |pname| [pname, get_by_name(pname)] } + # Return true only if the parameter is mandatory in the context of the specified section (Not category). + def is_required?(sect_name, param_name) + param_def = get_by_name(param_name) + return param_def["req"] && (param_def["sect"] == "domain" || param_def["sect"] == sect_name) + end + + # Return all parameter details that are customisable for the specified category. + def get_by_category(category_name) + defs = @all_params.fetch(category_name, Hash[]).keys.map { |pname| [pname, get_by_name(pname)] } return Hash[[*defs]] end - # Return the parameter details common to all domains. - def get_common_domain_section - return get_by_section("domain") + # Return all parameter details that are customisable for every domain. + def get_common_domain_params + return get_by_category("domain") end - # Return the parameter details of SSSD daemon. - def get_daemon_section - return get_by_section("sssd") + # Return all parameter details that are customisable for every service. + def get_common_service_params + return get_by_category("services") + end + + # Return all parameter details that are customisable for the specified ID/authentication provider. + def get_by_provider(provider_name) + defs = get_by_category(provider_name) + if provider_name == "ipa" || provider_name == "ad" + defs.merge!(get_by_category("ldap")) + defs.merge!(get_by_category("krb5")) + end + return defs end private @@ -76,10 +104,13 @@ "type" => "int", "def" => 2, "vals" => "2", + "req" => true, "desc" => _("Indicates what is the syntax of the config file.") }, "services" => { "type" => "string", + "req" => true, + "def" => "nss, pam", "desc" => _("Comma separated list of services that are started when sssd itself starts.") + _("\nSupported services: nss, pam, sudo, autofs, ssh") }, @@ -90,6 +121,7 @@ }, "domains" => { "type" => "string", + "req" => true, "desc" => _("SSSD can use more domains at the same time, but at least one must be configured or SSSD won't start.") + _("This parameter contains the list of domains in the order these will be queried.") }, @@ -177,12 +209,14 @@ "filter_users" => { "type" => "string", "def" => "root", - "desc" => _("Exclude certain users from being fetched from the sss NSS database.") + "important" => true, + "desc" => _("Exclude certain users from being fetched by SSS backend") }, "filter_groups" => { "type" => "string", "def" => "root", - "desc" => _("Exclude certain groups from being fetched from the sss NSS database.") + "important" => true, + "desc" => _("Exclude certain groups from being fetched by SSS backend") }, "filter_users_in_groups" => { "type" => "boolean", @@ -312,7 +346,8 @@ "enumerate" => { "type" => "boolean", "def" => false, - "desc" => _("Determines if a domain can be enumerated.") + "important" => true, + "desc" => _("Read all entities from backend database (increase server load)") }, "force_timeout" => { "type" => "int", @@ -357,7 +392,8 @@ "cache_credentials" => { "type" => "boolean", "def" => false, - "desc" => _("Determines if user credentials are also cached in the local LDB cache.") + "important" => true, + "desc" => _("Cache credentials for offline use") }, "account_cache_expiration" => { "type" => "int", @@ -367,6 +403,8 @@ "id_provider" => { "type" => "string", "vals" => "ldap, local, ipa, ad", + "req" => true, + "no_init_customisation" => true, "desc" => _("The identification provider used for the domain.") }, "use_fully_qualified_names" => { @@ -377,7 +415,9 @@ "auth_provider" => { "type" => "string", "vals" => "ldap, krb5, ipa, ad, proxy, local, none", - "desc" => _("The authentication provider used for the domain.") + "important" => true, + "no_init_customisation" => true, + "desc" => _("The authentication provider used for the domain") }, "access_provider" => { "type" => "string", @@ -392,31 +432,31 @@ }, "sudo_provider" => { "type" => "string", - "def" => "id_provider", - "vals" => "ldap, none", + "def" => "", + "vals" => "ldap, ipa, none", "desc" => _("The SUDO provider used for the domain.") }, "selinux_provider" => { "type" => "string", - "def" => "id_provider", + "def" => "", "vals" => "ipa, none", "desc" => _("The provider which should handle loading of selinux settings.") }, "subdomains_provider" => { "type" => "string", - "def" => "id_provider", + "def" => "", "vals" => "ipa, none", "desc" => _("The provider which should handle fetching of subdomains.") }, "autofs_provider" => { "type" => "string", - "def" => "id_provider", + "def" => "", "vals" => "ldap, ipa, none", "desc" => _("The autofs provider used for the domain.") }, "hostid_provider" => { "type" => "string", - "def" => "id_provider", + "def" => "", "vals" => "ipa, none", "desc" => _("The provider used for retrieving host identity information.") }, @@ -478,18 +518,7 @@ "simple_deny_users" => { "type" => "string", "def" => "", - "desc" => _("Comma separated list of users who are explicitly denied access.") - }, - "simple_deny_users" => { - "type" => "string", - "def" => "", "desc" => _("Comma separated list of groups that are explicitly denied access. This applies only to groups within this SSSD domain.") - }, - "ldap_sudo_search_base" => { - "type" => "string", - "def" => "", - "rule" => /(^[\s]*[\w]+=[\w]+|^$)/, - "desc" => _("The default base DN to use for performing LDAP sudo rules.") } }, #The local domain section @@ -534,9 +563,15 @@ "ldap" => { "ldap_uri" => { "type" => "string", - "req" => 1, "rule" => /(ldap[s]?:\/\/|^$)/, - "desc" => _("Specifies the comma-separated list of URIs of the LDAP servers to which SSSD should connect in the order of preference.") + "important" => true, + "desc" => _("URIs (ldap://) of LDAP servers (comma separated)") + }, + "ldap_sudo_search_base" => { + "type" => "string", + "def" => "", + "rule" => /(^[\s]*[\w]+=[\w]+|^$)/, + "desc" => _("The default base DN to use for performing LDAP sudo rules.") }, "ldap_backup_uri" => { "type" => "string", @@ -558,13 +593,15 @@ "ldap_search_base" => { "type" => "string", "rule" => /(^[\s]*[\w]+=[\w]+|^$)/, - "desc" => _("The default base DN to use for performing LDAP user operations.") + "important" => true, + "desc" => _("Base DN for LDAP search") }, "ldap_schema" => { "type" => "string", "vals" => "rfc2307, rfc2307bis, ipa, ad", "def" => "rfc2307", - "desc" => _("Specifies the Schema Type in use on the target LDAP server.") + "important" => true, + "desc" => _("LDAP schema type") }, "ldap_default_bind_dn" => { "type" => "string", @@ -898,7 +935,6 @@ }, "ldap_sasl_minssf" => { "type" => "int", - "def" => "system default", "desc" => _("When communicating with an LDAP server using SASL, specify the minimum security level necessary to establish the connection.") }, "ldap_deref_threshold" => { @@ -908,18 +944,17 @@ }, "ldap_tls_reqcert" => { "type" => "string", - "def" => "hard", "vals" => "never, allow, try, demand, hard", - "desc" => _("Specifies what checks to perform on server certificates in a TLS session, if any.") + "def" => "hard", + "important" => true, + "desc" => _("Validate server certification in LDAP TLS session") }, "ldap_tls_cacert" => { "type" => "string", - "def" => "OpenLDAP defaults", "desc" => _("Specifies the file that contains certificates for all of the Certificate Authorities that sssd will recognize.") }, "ldap_tls_cacertdir" => { "type" => "string", - "def" => "OpenLDAP defaults", "desc" => _("Specifies the path of a directory that contains Certificate Authority certificates in separate individual files.") }, "ldap_tls_cert" => { @@ -956,7 +991,7 @@ }, "ldap_sasl_realm" => { "type" => "string", - "def" => "value of krb5_realm.", + "def" => ".", "desc" => _("Specify the SASL realm to use.") }, "ldap_sasl_canonicalize" => { @@ -966,7 +1001,7 @@ }, "ldap_krb5_keytab" => { "type" => "string", - "def" => "System keytab", + "def" => "", "desc" => _("Specify the keytab to use when using SASL/GSSAPI.") }, "ldap_krb5_init_creds" => { @@ -976,7 +1011,7 @@ }, "ldap_krb5_ticket_lifetime" => { "type" => "int", - "def" => "86400 (24 hours)", + "def" => "86400", "desc" => _("Specifies the lifetime in seconds of the TGT if GSSAPI is used.") }, "ldap_pwd_policy" => { @@ -1039,8 +1074,8 @@ }, "krb5_server" => { "type" => "string", - "req" => 1, - "desc" => _("Specifies the comma-separated list of IP addresses or hostnames of the Kerberos servers to which SSSD should connect, in the order of preference.") + "important" => true, + "desc" => _("IP address or host names of Kerberos servers (comma separated)") }, "krb5_backup_server" => { "type" => "string", @@ -1048,12 +1083,11 @@ }, "krb5_realm" => { "type" => "string", - "req" => 1, - "desc" => _("The name of the Kerberos realm.") + "req" => true, + "desc" => _("Kerberos realm (e.g. EXAMPLE.COM)") }, "krb5_kpasswd" => { "type" => "string", - "def" => "Use the KDC", "desc" => _("If the change password service is not running on the KDC, alternative servers can be defined here.") }, "krb5_backup_kpasswd" => { @@ -1125,14 +1159,14 @@ }, #The Active Directory domain section "ad" => { - "ad_domain" => { "type" => "string", "desc" => _("Specifies the name of the Active Directory domain.") }, "ad_server" => { "type" => "string", - "desc" => _("The comma-separated list of IP addresses or hostnames of the AD servers to which SSSD should connect in order of preference.") + "important" => true, + "desc" => _("IP addresses or host names of AD servers (comma separated)") }, "ad_backup_server" => { "type" => "string", @@ -1194,14 +1228,20 @@ "type" => "string", "desc" => _("Specifies the name of the IPA domain.") }, - "ipa_server," => { + "ipa_server" => { "type" => "string", - "desc" => _("The comma-separated list of IP addresses or hostnames of the IPA servers to which SSSD should connect in the order of preference.") + "important" => true, + "desc" => _("IP addresses or host names of IPA servers (comma separated)") }, "ipa_hostname" => { "type" => "string", "desc" => _("May be set on machines where the hostname(5) does not reflect the fully qualified name.") }, + "ipa_automount_location" => { + "type" => "string", + "def" => "default", + "desc" => _("The automounter location this IPA client will be using.") + }, "dyndns_update" => { "type" => "boolean", "def" => "False", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/src/lib/yauthclient/uidata.rb new/yast2-auth-client-3.3.1/src/lib/yauthclient/uidata.rb --- old/yast2-auth-client-3.2.1/src/lib/yauthclient/uidata.rb 2015-04-20 13:22:12.000000000 +0200 +++ new/yast2-auth-client-3.3.1/src/lib/yauthclient/uidata.rb 2015-06-24 15:29:02.000000000 +0200 @@ -17,7 +17,6 @@ # ------------------------------------------------------------------------------ require "yauthclient/params.rb" - Yast.import "AuthClient" module YAuthClient @@ -44,7 +43,7 @@ return [] end return @sssd_conf.keys.select { |k| - k.start_with?("domain/") && !@sssd_conf[k].fetch("DeleteSection", false) + k.start_with?("domain/") && !@sssd_conf[k].fetch(Yast::AuthClientClass::DELETED_SECTION, false) }.uniq end @@ -70,7 +69,7 @@ return [] end sections = @sssd_conf.keys.select { |k| - !k.start_with?("domain/") && k != "sssd" && !@sssd_conf[k].fetch("DeleteSection", false) + !k.start_with?("domain/") && k != "sssd" && !@sssd_conf[k].fetch(Yast::AuthClientClass::DELETED_SECTION, false) } # Pull in more service names from "services" parameter sections += @sssd_conf.fetch("sssd", Hash[]).fetch("services", "").split(%r{[\s,]+}) @@ -94,6 +93,23 @@ return @curr_section end + # Delete the currently chosen configuration section. + def del_curr_section + sect_name = get_curr_section + if sect_name == "sssd" + return + end + UIData.instance.get_conf[sect_name][Yast::AuthClientClass::DELETED_SECTION] = true + if sect_name.include? "domain/" + sect_name = sect_name.sub("domain/", "") + @sssd_conf["sssd"]["domains"] = get_enabled_domains.delete_if { |d| d == sect_name }.join(",") + else + @sssd_conf["sssd"]["services"] = get_enabled_services.delete_if { |d| d == sect_name }.join(",") + end + # Switch away from the deleted section + switch_section("sssd") + end + # Return tuples of parameter name, value, and description for the current section. def get_section_conf return @curr_section_conf @@ -115,6 +131,16 @@ return ["proxy", "local", "ldap", "ipa", "ad"].sort end + # If current section is a domain, return its ID provider. Nil otherwise. + def get_current_id_provider + return @sssd_conf.fetch(@curr_section, Hash[]).fetch("id_provider", nil) + end + + # If current section is a domain, return its authentication provider. Nil otherwise. + def get_current_auth_provider + return @sssd_conf.fetch(@curr_section, Hash[]).fetch("auth_provider", nil) + end + # Get list of supported authentication providers. def get_auth_providers return ["ldap", "krb5", "ipa", "ad", "proxy", "local", "none"].sort @@ -149,7 +175,11 @@ # Reload (tuples of) parameter name, value, and description for the current section. def reload_section_conf params = @sssd_conf.fetch(@curr_section, Hash[]) - @curr_section_conf = params.map { |k, v| [k, v.to_s, Params.instance.get_by_name(k)["desc"]] } + @curr_section_conf = params.select { |k, v| + v != Yast::AuthClientClass::DELETED_VALUE + }.map { |k, v| + [k, v.to_s, Params.instance.get_by_name(k)["desc"]] + } end # Reload (hash of) additional parameter name and descriptions for the current section. @@ -158,19 +188,16 @@ more_params = Hash[] # Collect relevant parameters depending on the current section if @curr_section =~ /^domain/ + more_params.merge!(Params.instance.get_common_domain_params) # Provider-specific parameters - id_provider = current_conf.fetch("id_provider", "") - auth_provider = current_conf.fetch("auth_provider", "") - if id_provider != "" - more_params.merge!(Params.instance.get_by_section(id_provider)) - end - if auth_provider != "" - more_params.merge!(Params.instance.get_by_section(auth_provider)) - end - # Common domain parameters - more_params.merge!(Params.instance.get_common_domain_section) + more_params.merge!(Params.instance.get_by_provider(get_current_id_provider())) + more_params.merge!(Params.instance.get_by_provider(get_current_auth_provider())) else - more_params = Params.instance.get_by_section(@curr_section) + more_params = Params.instance.get_by_category(@curr_section) + if @curr_section != "sssd" + # Common service parameters + more_params.merge!(Params.instance.get_common_service_params) + end end # Remove customised parameters more_params.delete_if { |name, detail| current_conf.has_key? name } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/src/modules/AuthClient.rb new/yast2-auth-client-3.3.1/src/modules/AuthClient.rb --- old/yast2-auth-client-3.2.1/src/modules/AuthClient.rb 2015-04-20 13:22:12.000000000 +0200 +++ new/yast2-auth-client-3.3.1/src/modules/AuthClient.rb 2015-06-24 15:29:02.000000000 +0200 @@ -27,9 +27,12 @@ module Yast class AuthClientClass < Module + include Yast::Logger + DELETED_VALUE = "##DeleteValue##" + DELETED_SECTION = "##DeletedSection##" - NSS_DBS = ["passwd", "group", "passwd_compat", "group_compat", "services", "netgroup", "aliases", "automount" ] - SSS_DBS = ["passwd", "group" ] + NSS_DBS = ["passwd", "group", "passwd_compat", "group_compat", "services", "netgroup", "aliases", "automount", "sudoers"] + SSS_DBS = ["passwd", "group", "sudoers", "automount"] def main textdomain "auth-client" @@ -50,7 +53,8 @@ "automount" => [], "services" => [], "netgroup" => [], - "aliases" => [] + "aliases" => [], + "sudoers" => [] } @@ -87,19 +91,18 @@ ( @nsswitch["passwd"].include?("ldap") && @nsswitch["passwd_compat"].include?("ldap") ) || ( @auth["oes"] && @nsswitch["passwd"].include?("nam") ) - #Check if sssd is used in nss - @auth["sssd"] = @nsswitch["passwd"].include?("sss") + #Check if sssd service is enabled + @auth["sssd"] = Service.Enabled("sssd") - if @auth["sssd"] - _sections = SCR.Dir(path(".etc.sssd_conf.section")) - _sections.each { |s| - _values = SCR.Read(path( ".etc.sssd_conf.all.\"#{s}\"" ) ) - _values["value"].each { |v| - next if v["kind"] == "comment" - @auth["sssd_conf"][s][v["name"]] = v["value"] - } + #Load sssd configurations + _sections = SCR.Dir(path(".etc.sssd_conf.section")) + _sections.each { |s| + _values = SCR.Read(path( ".etc.sssd_conf.all.\"#{s}\"" ) ) + _values["value"].each { |v| + next if v["kind"] == "comment" + @auth["sssd_conf"][s][v["name"]] = v["value"] } - end + } Builtins.y2milestone("auth: %1",@auth) true end @@ -117,10 +120,6 @@ filter_groups = [] filter_users = [] to_install = [] - if !Package.Installed("sssd") && Package.Available("sssd") - to_install << "sssd" - end - need_sssd = { "ldap" => false, "ipa" => false, @@ -129,60 +128,20 @@ "proxy" => false } - #Add sss to pam - Pam.Add("sss") - - #Enable pam_mkhomedir if required. - if @auth["mkhomedir"] - Pam.Add("mkhomedir") - else - Pam.Remove("mkhomedir") - end - - #Remove ldap only nss databases - NSS_DBS.each { |db| - @nsswitch[db] = Nsswitch.ReadDb(db).reject{ |v| v =~ /ldap/ } - @nsswitch[db] = ["files"] if @nsswitch[db] == [] - } - - # Add "sss" to the passwd and group databases in nsswitch.conf - SSS_DBS.each { |db| @nsswitch[db].push("sss") if ! @nsswitch[db].include?("sss") } - - - #Remove kerberos if activated - if Pam.Enabled("krb5") - Builtins.y2milestone( "configuring 'sss', so 'krb5' will be removed") - Pam.Remove("ldap-account_only") - Pam.Remove("krb5") + #Gather attributes from the proposed configuration + if !Package.Installed("sssd") && Package.Available("sssd") + to_install << "sssd" end - Pam.Remove("ldap") - if @auth["sssd_conf"]["sssd"].has_key?("services") services = @auth["sssd_conf"]["sssd"]["services"].split(%r{,\s*}) end - - #Enable autofs if service is enabled - if services.include?("autofs") - @nsswitch["automount"].push("sss") if ! @nsswitch["automount"].include?("sss") - Service.Enable("autofs") - Service.Start("autofs") - end - - # Write the new nss tables - NSS_DBS.each { |db| Nsswitch.WriteDb(db, @nsswitch[db]) } - Nsswitch.Write - if @auth["sssd_conf"]["sssd"].has_key?("domains") domains = @auth["sssd_conf"]["sssd"]["domains"].split(%r{,\s*}) end - - #Be sure filter_groups and filter_users contains root in nss section if @auth["sssd_conf"].has_key?("nss") if @auth["sssd_conf"]["nss"].has_key?("filter_users") filter_users = @auth["sssd_conf"]["nss"]["filter_users"].split(%r{,\s*}) end - end - if @auth["sssd_conf"].has_key?("nss") if @auth["sssd_conf"]["nss"].has_key?("filter_groups") filter_groups = @auth["sssd_conf"]["nss"]["filter_groups"].split(%r{,\s*}) end @@ -192,52 +151,96 @@ @auth["sssd_conf"]["nss"]["filter_users"] = filter_users.join(", ") @auth["sssd_conf"]["nss"]["filter_groups"] = filter_groups.join(", ") - #Now we write the sssd configuration + #Write sssd.conf and gather package installation requirements @auth["sssd_conf"].each_key { |s| - if @auth["sssd_conf"][s].has_key?('DeleteSection') + if @auth["sssd_conf"][s].has_key?(DELETED_SECTION) SCR.Write(path(".etc.sssd_conf.section.\"#{s}\""), nil ) next end @auth["sssd_conf"][s].each_key { |k| - value = @auth["sssd_conf"][s][k] - if value == "##DeleteValue##" + value = @auth["sssd_conf"][s][k] + if value == DELETED_VALUE SCR.Write(path(".etc.sssd_conf.value.\"#{s}\".#{k}"), nil ) else SCR.Write(path(".etc.sssd_conf.value.\"#{s}\".#{k}"),value) end - if k == "id_provider" or k == "auth_provider" + if k == "id_provider" or k == "auth_provider" need_sssd[value] = true; end } } - #Add section for each services _sections = SCR.Dir(path(".etc.sssd_conf.section")) services.each { |s| SCR.Write(path(".etc.sssd_conf.section_comment.\"#{s}\""), '') if ! _sections.include?(s) } SCR.Write(path(".etc.sssd_conf"),nil) - need_sssd.each_pair do |key, needed| pkg = "sssd-#{key}" if needed && !Package.Installed(pkg) && Package.Available(pkg) to_install << pkg end end + #Fix permission of sssd.conf + FileUtils.Chmod("600", "/etc/sssd/sssd.conf", false) - Package.DoInstall(to_install) unless to_install.empty? + #Enable pam_mkhomedir if required + if @auth["mkhomedir"] + Pam.Add("mkhomedir") + else + Pam.Remove("mkhomedir") + end + #Configure PAM and NSS for SSSD + if @auth["sssd"] && !domains.empty? + #Configure PAM + Pam.Add("sss") + Pam.Remove("krb5") + Pam.Remove("ldap") + Pam.Remove("ldap-account_only") + #Remove ldap and add sss to the NSS databases + NSS_DBS.each { |db| + @nsswitch[db] = Nsswitch.ReadDb(db).reject{ |v| v =~ /ldap/ } + @nsswitch[db] = ["files"] if @nsswitch[db] == [] + } + SSS_DBS.each { |db| @nsswitch[db].push("sss") if ! @nsswitch[db].include?("sss") } + else + Pam.Remove("sss") + #Remove sss from NSS databases + SSS_DBS.each { |db| @nsswitch[db].delete("sss") } + end + NSS_DBS.each { |db| Nsswitch.WriteDb(db, @nsswitch[db]) } + Nsswitch.Write - #Start sssd only if there are more then one domain defined - if !domains.empty? - Service.Enable("sssd") - Service.Disable("nscd") - Service.Stop("nscd") - Service.Active("sssd") ? Service.Restart("sssd") : Service.Start("sssd") + #Configure daemons + if @auth["sssd"] && !domains.empty? + #Install necessary packages + Package.DoInstall(to_install) unless to_install.empty? + #It is strongly recommended against using nscd along with sssd + Service.Disable("nscd") + Service.Stop("nscd") + #Enable and start SSSD and autofs too (if sss is a provider) + daemons_to_enable = ["sssd"] + if services.include?("autofs") + #autofs may only start after sssd is started + daemons_to_enable.push("autofs") + end + successful = false + daemons_to_enable.each { |name| + if !Service.Enable(name) + Report.Error(_("Failed to enable %s service. Please use system journal to diagnose." % name)) + elsif !(Service.Active(name) ? Service.Restart(name) : Service.Start(name)) + Report.Error(_("Failed to start %s service. Please use system journal (journalctl -n -u %s) to diagnose." % [name, name])) + else + successful = true + end + } + return successful else - Service.Disable("sssd") - Service.Stop("sssd") + #Disable SSSD if there is not any domains or SSSD daemon is to be disabled + Service.Disable("sssd") + Service.Stop("sssd") + return true end - return true end # end Write ################################################################# diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/src/scrconf/nscd_conf.scr new/yast2-auth-client-3.3.1/src/scrconf/nscd_conf.scr --- old/yast2-auth-client-3.2.1/src/scrconf/nscd_conf.scr 2015-04-20 13:22:12.000000000 +0200 +++ new/yast2-auth-client-3.3.1/src/scrconf/nscd_conf.scr 1970-01-01 01:00:00.000000000 +0100 @@ -1,23 +0,0 @@ -/** - * File: - * nscd_conf.scr - * Summary: - * SCR Agent for reading/writing /etc/nscd.conf using the ini-agent - * - * - * .etc.ldap_conf - */ -.etc.nscd_conf - -`ag_ini( - `IniAgent( - "/etc/nscd.conf", - $[ - "options" : ["global_values", "repeat_names"], - "comments" : [ "^#.*", "^[ \t]*$", ], - "params" : [ - $[ "match" : [ "^[ \t]*([a-zA-Z_-]+)[ \t]+(.+)[ \t]*$", "\t%s\t%s" ] ], - ] - ] - ) -) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/test/params_test.rb new/yast2-auth-client-3.3.1/test/params_test.rb --- old/yast2-auth-client-3.2.1/test/params_test.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-auth-client-3.3.1/test/params_test.rb 2015-06-24 15:29:02.000000000 +0200 @@ -0,0 +1,53 @@ +#!/usr/bin/env rspec +ENV['Y2DIR'] = File.expand_path('../../src', __FILE__) + +require 'yast' +require 'yauthclient/uidata.rb' + +Yast.import "AuthClient" + +describe YAuthClient::Params do + describe "Parameter database" do + it "Contain parameter definitions" do + params = YAuthClient::Params.instance + expect(params.all_params["sssd"].length).to be > 5 + + expect(params.all_params["services"].length).to be > 5 + expect(params.all_params["nss"].length).to be > 5 + expect(params.all_params["pam"].length).to be > 5 + expect(params.all_params["sudo"].length).to be > 0 + expect(params.all_params["autofs"].length).to be > 0 + expect(params.all_params["ssh"].length).to be > 0 + + expect(params.all_params["domain"].length).to be > 5 + expect(params.all_params["local"].length).to be > 5 + expect(params.all_params["ldap"].length).to be > 5 + expect(params.all_params["krb5"].length).to be > 5 + expect(params.all_params["ipa"].length).to be > 5 + end + + it "Get parameter definition by parameter name" do + params = YAuthClient::Params.instance + defi = params.get_by_name("filter_users") + expect(defi["desc"]).to eq("Exclude certain users from being fetched by SSS backend") + expect(defi["sect"]).to eq("nss") + expect(defi["type"]).to eq("string") + expect(defi["def"]).to eq("root") + expect(defi["req"]).to eq(false) + expect(defi["important"]).to eq(true) + end + + it "Get parameter definitions by category and provider" do + params = YAuthClient::Params.instance + expect(params.get_common_domain_params).to eq(params.get_by_category("domain")) + expect(params.get_common_service_params).to eq(params.get_by_category("services")) + + ldap_and_krb5 = params.get_by_category("ldap").merge(params.get_by_category("krb5")) + expect(params.get_by_provider("ipa")).to eq(params.get_by_category("ipa").merge(ldap_and_krb5)) + expect(params.get_by_provider("ad")).to eq(params.get_by_category("ad").merge(ldap_and_krb5)) + + expect(params.get_by_provider("nss")).to eq(params.get_by_category("nss")) + expect(params.get_by_provider("sssd")).to eq(params.get_by_category("sssd")) + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.2.1/test/uidata_test.rb new/yast2-auth-client-3.3.1/test/uidata_test.rb --- old/yast2-auth-client-3.2.1/test/uidata_test.rb 2015-04-20 13:22:12.000000000 +0200 +++ new/yast2-auth-client-3.3.1/test/uidata_test.rb 2015-06-24 15:29:02.000000000 +0200 @@ -19,6 +19,7 @@ "ldap_uri"=>"ldap://ldap.suse.de", "ldap_search_base"=>"dc=suse,dc=de", "ldap_schema"=>"rfc2307bis", + "auth_provider"=>"krb5", "id_provider"=>"ldap" }, {"domain_name"=>"dom2", @@ -39,7 +40,7 @@ expect(Yast::AuthClient.Import(preload_conf)).to eq(true) uidata = YAuthClient::UIData.instance expect(uidata.get_conf).to eq({ - "domain/dom1" => {"ldap_uri"=>"ldap://ldap.suse.de", "ldap_search_base"=>"dc=suse,dc=de", "ldap_schema"=>"rfc2307bis", "id_provider"=>"ldap"}, + "domain/dom1" => {"ldap_uri"=>"ldap://ldap.suse.de", "ldap_search_base"=>"dc=suse,dc=de", "ldap_schema"=>"rfc2307bis", "id_provider"=>"ldap", "auth_provider"=>"krb5"}, "domain/dom2" => {"ldap_uri"=>"ldap://ldap.suse.de", "ldap_search_base"=>"dc=suse,dc=de", "id_provider"=>"ldap", "auth_provider"=>"local", "ldap_service_object_class"=>"ipService", "ldap_netgroup_object_class"=>"nisNetgroup", "ldap_search_timeout"=>6, "ldap_tls_reqcert"=>"never"}, "sssd" => {"config_file_version"=>2, "services"=>"nss, pam", "domains"=>"dom2"} }) @@ -64,20 +65,25 @@ it "Switch section to look at domain/dom1" do uidata = YAuthClient::UIData.instance match = [ - ["ldap_uri", "ldap://ldap.suse.de", "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD should connect in the order of preference."], - ["ldap_search_base", "dc=suse,dc=de", "The default base DN to use for performing LDAP user operations."], - ["ldap_schema", "rfc2307bis", "Specifies the Schema Type in use on the target LDAP server."], + ["ldap_uri", "ldap://ldap.suse.de", "URIs (ldap://) of LDAP servers (comma separated)"], + ["ldap_search_base", "dc=suse,dc=de", "Base DN for LDAP search"], + ["ldap_schema", "rfc2307bis", "LDAP schema type"], + ["auth_provider", "krb5", "The authentication provider used for the domain"], ["id_provider", "ldap", "The identification provider used for the domain."] ] uidata.switch_section("domain/dom1") expect(uidata.get_curr_section).to eq("domain/dom1") expect(uidata.get_section_conf).to eq(match) expect(uidata.get_section_more_params.length).to be > 10 + expect(uidata.get_current_id_provider).to eq("ldap") + expect(uidata.get_current_auth_provider).to eq("krb5") uidata.reload_section uidata.switch_section("domain/dom1") expect(uidata.get_curr_section).to eq("domain/dom1") expect(uidata.get_section_conf).to eq(match) expect(uidata.get_section_more_params.length).to be > 10 + expect(uidata.get_current_id_provider).to eq("ldap") + expect(uidata.get_current_auth_provider).to eq("krb5") end it "Return the customised value of the current section" do @@ -85,8 +91,8 @@ uidata.switch_section("domain/dom1") expect(uidata.get_param_val("ldap_uri")).to eq "ldap://ldap.suse.de" expect(uidata.get_param_val("id_provider")).to eq "ldap" + expect(uidata.get_param_val("auth_provider")).to eq "krb5" expect(uidata.get_param_val("this_does_not_exist")).to eq nil - expect(uidata.get_param_val("auth_provider")).to eq nil end it "Detect enabled services domains" do @@ -103,7 +109,7 @@ expect(uidata.get_unused_svcs).to eq ["sudo", "autofs", "ssh"].sort end - it "Provider list" do + it "Get provider list" do uidata = YAuthClient::UIData.instance sorted = uidata.get_id_providers.uniq.sort expect(uidata.get_id_providers).to eq sorted