Hello community,
here is the log from the commit of package yast2-ldap-client for openSUSE:Factory checked in at 2012-02-23 15:35:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-ldap-client (Old)
and /work/SRC/openSUSE:Factory/.yast2-ldap-client.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-ldap-client", Maintainer is "jsuchome@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-ldap-client/yast2-ldap-client.changes 2012-02-03 10:27:09.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-ldap-client.new/yast2-ldap-client.changes 2012-02-23 15:35:24.000000000 +0100
@@ -1,0 +2,13 @@
+Wed Feb 22 16:38:12 CET 2012 - jsuchome@suse.cz
+
+- fixed handling of certificate download
+- 2.22.5
+
+-------------------------------------------------------------------
+Tue Feb 21 11:06:29 CET 2012 - jsuchome@suse.cz
+
+- removed password policies configuration from client, relevant parts
+ moved to server configuration (fate #313143)
+- 2.22.4
+
+-------------------------------------------------------------------
Old:
----
yast2-ldap-client-2.22.3.tar.bz2
New:
----
yast2-ldap-client-2.22.5.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-ldap-client.spec ++++++
--- /var/tmp/diff_new_pack.1ACKIy/_old 2012-02-23 15:35:25.000000000 +0100
+++ /var/tmp/diff_new_pack.1ACKIy/_new 2012-02-23 15:35:25.000000000 +0100
@@ -18,7 +18,7 @@
Name: yast2-ldap-client
-Version: 2.22.3
+Version: 2.22.5
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-ldap-client-2.22.3.tar.bz2 -> yast2-ldap-client-2.22.5.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.22.3/VERSION new/yast2-ldap-client-2.22.5/VERSION
--- old/yast2-ldap-client-2.22.3/VERSION 2012-02-02 15:01:18.000000000 +0100
+++ new/yast2-ldap-client-2.22.5/VERSION 2012-02-22 16:38:37.000000000 +0100
@@ -1 +1 @@
-2.22.3
+2.22.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.22.3/src/Ldap.ycp new/yast2-ldap-client-2.22.5/src/Ldap.ycp
--- old/yast2-ldap-client-2.22.3/src/Ldap.ycp 2012-02-02 14:59:38.000000000 +0100
+++ new/yast2-ldap-client-2.22.5/src/Ldap.ycp 2012-02-21 11:06:25.000000000 +0100
@@ -25,7 +25,7 @@
* Authors: Thorsten Kukuk
* Anas Nashif
*
- * $Id: Ldap.ycp 67232 2012-01-19 14:36:33Z jsuchome $
+ * $Id: Ldap.ycp 67491 2012-02-21 10:06:24Z jsuchome $
*/
{
@@ -312,9 +312,6 @@
*/
global boolean mkhomedir = false;
- // map with modifications of Password Policies objects
- global map ppolicies = $[];
-
// packages needed for pam_ldap/nss_ldap configuration
global list<string> pam_nss_packages = ["pam_ldap", "nss_ldap"];
@@ -3035,12 +3032,6 @@
ldap_modified = false;
}
}
- if (ppolicies != $[])
- {
- WriteLDAP (ppolicies);
- modified = true; // so data get reset in next step
- ppolicies = $[];
- }
// final stage
Progress::NextStage ();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.22.3/src/LdapPopup.ycp new/yast2-ldap-client-2.22.5/src/LdapPopup.ycp
--- old/yast2-ldap-client-2.22.3/src/LdapPopup.ycp 2012-01-19 15:36:39.000000000 +0100
+++ new/yast2-ldap-client-2.22.5/src/LdapPopup.ycp 2012-02-21 11:26:44.000000000 +0100
@@ -24,7 +24,7 @@
* Summary: Additional user interface functions: special edit popups
* Authors: Jiri Suchomel
*
- * $Id: LdapPopup.ycp 67232 2012-01-19 14:36:33Z jsuchome $
+ * $Id: LdapPopup.ycp 67492 2012-02-21 10:26:43Z jsuchome $
*
* Popups for editing the values of LDAP configuration tables.
*/
@@ -566,371 +566,4 @@
return $[ "attr": attr, "value": new_value ];
}
-/**
- * dialog for Password Policy configuration object
- * @param ppolicy data with Password Policy object to be edited (as obtained from LDAP search)
- * @return map with modifications of ppolicy object, nil in case of `cancel
- */
-global define map PasswordPolicyDialog (map ppolicy) {
-
- // reduce the list values to single ones
- ppolicy = mapmap (string a, any val, (map)ppolicy, {
- if (is (val, list) && (Ldap::SingleValued (a) || size ((list)val) == 1))
- val = ((list)val)[0]:nil;
- if (val == "TRUE" || val == "FALSE")
- val = (val == "TRUE");
- return $[ a: val ];
- });
- map ppolicy_orig = ppolicy;
-
- // help text for Password Policy Dialog
- string help_text = _("<p>Select the <b>Password Change Policies</b>, <b>Password Aging Policies</b>, and <b>Lockout Policies</b> tabs to choose LDAP password policy groups of attributes to configure.</p>");
-
-
- // tab-specific help texts
- map tabs_help_text = $[
- // help text for pwdInHistory attribute
- `pwchange : _("<p>Specify the <b>Maximum Number of Passwords Stored in History</b> to set how many previously used passwords should be saved. Saved passwords may not be used.</p>") +
-
- // help text for pwdMustChange attribute
- _("<p>Check <b>User Must Change Password after Reset</b> to force users to change their passwords after the password is reset or changed by an administrator.</p>") +
-
- // help text for pwdAllowUserChange attribute
- _("<p>Check <b>User Can Change Password</b> to allow users to change their passwords.</p>") +
-
- // help text for pwdSafeModify attribute
- _("<p>If the existing password must be provided along with the new password, check <b>Old Password Required for Password Change</b>.</p>") +
-
- // help text for pwdCheckQuality attribute
- _("<p>Select whether the password quality should be verified while passwords are modified or added. Select <b>No Checking</b> if passwords should not be evaluated. With <b>Accept Uncheckable Passwords</b>, passwords are accepted even if the check cannot be performed, for example, if the user provides an encrypted password. With <b>Only Accept Checked Passwords</b> passwords are refused if the quality test fails or the password cannot be checked.</p>") +
-
- // help text for pwdMinLength attribute
- _("Set the minimum number of characters that must be used in a password in <b>Minimum Password Length</b>.</p>"),
-
- // help text for pwdMinAge attribute
- `aging : _("<p><b>Minimum Password Age</b> sets how much time must pass between modifications to the password.</p>") +
-
- // help text for pwdMaxAge attribute
- _("<p><b>Maximum Password Age</b> sets how long after modification a password expires.</p>") +
-
- // help text for pwdExpireWarning attribute
- _("<p>In <b>Time before Password Expiration to Issue Warning</b> specify how long\nbefore expiration an authenticating user should be warned.</p>") +
-
- // help text for pwdGraceAuthNLimit attribute
- _("<p>Set the number of times an expired password can be used to authenticate in <b>Allowed Uses of an Expired Password</b>.</p>"),
-
- // help text for pwdLockout attribute
- `lockout : _("<p>Check <b>Enable Password Locking</b> to forbid use of a password after a specified number of consecutive failed bind attempts.</p>") +
-
- // help text for pwdMaxFailure attribute
- _("<p>Set the number of consecutive failed bind attempts after which the password may not be used to authenticate in <b>Bind Failures to Lock the Password</b>.</p>") +
-
- // help text for pwdLockoutDuration attribute
- _("<p>Set for how long the password cannot be used in <b>Password Lock Duration</b>.</p>") +
-
- // help text for pwdFailureCountInterval attribute
- _("<p><b>Bind Failures Cache Duration</b> specifies the time after which password failures are purged from the failure counter even if no successful authentication has occurred.</p>"),
- ];
-
- // map of attribute names for each tab
- map attributes = $[
- `pwchange : [
- "pwdInHistory", "pwdMustChange", "pwdAllowUserChange",
- "pwdSafeModify", "pwdCheckQuality", "pwdMinLength"
- ],
- `aging : [
- "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdGraceAuthNLimit"
- ],
- `lockout : [
- "pwdLockout", "pwdLockoutDuration", "pwdMaxFailure",
- "pwdFailureCountInterval"
- ],
- ];
-
- list time_attributes = [
- "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdLockoutDuration",
- "pwdFailureCountInterval"
- ];
-
- map default_values = $[
- "pwdMustChange" : false,
- "pwdAllowUserChange" : true,
- "pwdSafeModify" : false,
- "pwdLockout" : false,
- ];
-
- // maximal value of IntFields
- integer max = 99999;
-
- list<term> tabs = [
- // tab label
- `item(`id(`pwchange), _("&Password Change Policies"), true),
- // tab label
- `item(`id(`aging), _("Pa&ssword Aging Policies")),
- // tab label
- `item(`id(`lockout), _("&Lockout Policies")),
- ];
- term tabs_term = `VBox (
- `DumbTab (`id(`tabs), tabs,
- `ReplacePoint(`id(`tabContents ), `VBox (`Empty ())))
- );
- boolean has_tabs = true;
- if (!UI::HasSpecialWidget (`DumbTab))
- {
- has_tabs = false;
- term tabbar = `HBox ();
- foreach (term it, tabs, {
- string label = it[1]:"";
- tabbar = add (tabbar,`PushButton (it[0]:`id(label), label));
- });
- tabs_term = `VBox (`Left(tabbar),
- `Frame ("", `ReplacePoint(`id(`tabContents), `Empty ()))
- );
- }
-
- term contents = tabs_term;
-
- // generate the term of password policy tab and update the help text
- void set_password_policies_term () {
- integer pwdcheckquality = tointeger (ppolicy["pwdCheckQuality"]:"0");
- term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox (
- `VSpacing (0.8),
- `IntField (`id ("pwdInHistory"),
- // IntField label
- _("Ma&ximum Number of Passwords Stored in History"),
- 0, max, tointeger (ppolicy["pwdInHistory"]:"0")),
- `VSpacing (0.4),
- `Left (`CheckBox (`id ("pwdMustChange"),
- // checkbox label
- _("U&ser Must Change Password after Reset"),
- ppolicy["pwdMustChange"]:true)),
- `VSpacing (0.2),
- `Left (`CheckBox (`id ("pwdAllowUserChange"),
- // checkbox label
- _("&User Can Change Password"),
- ppolicy["pwdAllowUserChange"]:true)),
- `VSpacing (0.2),
- `Left (`CheckBox (`id ("pwdSafeModify"),
- // checkbox label
- _("&Old Password Required for Password Change"),
- ppolicy["pwdSafeModify"]:false)),
- `VSpacing (0.4),
- // frame label
- `HBox (`HSpacing (2), `Frame (_("Password Quality Checking"), `VBox(
- `VSpacing (0.5),
- `RadioButtonGroup (`id("pwdCheckQuality"), `VBox (
- `Left (`RadioButton (`id(0), `opt (`notify),
- _("&No Checking"), pwdcheckquality == 0)),
- `Left (`RadioButton(`id(1), `opt (`notify),
- _("Acc&ept Uncheckable Passwords"),
- pwdcheckquality == 1)),
- `Left (`RadioButton(`id(2), `opt (`notify),
- _("&Only Accept Checked Passwords"),
- pwdcheckquality == 2))
- )),
- `VSpacing (0.4),
- // IntField label
- `IntField (`id ("pwdMinLength"), _("&Minimum Password Length"),
- 0, max, tointeger (ppolicy["pwdMinLength"]:"0"))
- )))
- ), `HSpacing (0.5)));
-
- UI::ReplaceWidget (`tabContents, tab_cont);
- UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, pwdcheckquality > 0);
- return;
- }
-
- term time_dialog (string id, string label) {
-
- integer value = tointeger (ppolicy[id]:"0");
- integer days = value / (24*60*60);
- if (days > 0) value = value - (days * 24*60*60);
- integer hours = value / (60*60);
- if (hours > 0) value = value - (hours * 60*60);
- integer minutes = value / 60;
- if (minutes > 0) value = value - (minutes * 60);
- return `HBox (`HSpacing (0.3), `Frame (label, `HBox (
- `IntField (`id (id + "d"), _("Days"), 0, max, days),
- `IntField (`id (id + "h"), _("Hours"), 0, 23, hours),
- `IntField (`id (id + "m"), _("Minutes"), 0, 59, minutes),
- `IntField (`id (id + "s"), _("Seconds"), 0, 59, value)
- )), `HSpacing (0.3));
- }
-
- integer get_seconds_value (string attr) {
-
- integer days = (integer) UI::QueryWidget (`id (attr + "d"), `Value);
- integer hours = (integer) UI::QueryWidget (`id (attr + "h"), `Value);
- integer minutes = (integer) UI::QueryWidget (`id (attr + "m"), `Value);
- integer seconds = (integer) UI::QueryWidget (`id (attr + "s"), `Value);
- return (days * 24*60*60) + (hours * 60*60) + (minutes *60) + seconds;
- }
-
- // generate the term of password aging tab
- void set_aging_policies_term () {
-
- term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox (
- `VSpacing (0.7),
- // frame label
- time_dialog ("pwdMinAge", _("Minimum Password Age")),
- `VSpacing (0.4),
- // frame label
- time_dialog ("pwdMaxAge", _("Maximum Password Age")),
- `VSpacing (0.4),
- time_dialog ("pwdExpireWarning",
- // frame label
- _("Time before Password Expiration to Issue Warning")),
- `VSpacing (0.2),
- `IntField (`id ("pwdGraceAuthNLimit"),
- // IntField label
- _("Allowed Use of an Expired Password"), 0, max,
- tointeger (ppolicy["pwdGraceAuthNLimit"]:"0")
- )
- ), `HSpacing (0.5)));
- UI::ReplaceWidget (`tabContents, tab_cont);
- return;
- }
-
- // generate the term of lockout aging tab
- void set_lockout_policies_term () {
-
- boolean pwdlockout = ppolicy["pwdLockout"]:false;
-
- term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox (
- `VSpacing (0.8),
- `Left (`CheckBox (`id ("pwdLockout"), `opt (`notify),
- // check box label
- _("Enable Password Locking"),
- pwdlockout)),
- `VSpacing (0.4),
- `IntField (`id ("pwdMaxFailure"),
- // intField label
- _("Bind Failures to Lock the Password"),
- 0, max, tointeger (ppolicy["pwdMaxFailure"]:"0")),
- // frame label
- time_dialog ("pwdLockoutDuration", _("Password Lock Duration")),
- `VSpacing (0.4),
- time_dialog ("pwdFailureCountInterval",
- // frame label
- _("Bind Failures Cache Duration"))
- ), `HSpacing (0.5)));
-
- UI::ReplaceWidget (`tabContents, tab_cont);
- UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout);
- foreach (string suffix, [ "d", "h", "m", "s" ], {
- UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix),
- `Enabled, pwdlockout);
- UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix),
- `Enabled, pwdlockout);
- });
- return;
- }
-
- symbol current_tab = `pwchange;
- any result = nil;
-
- Wizard::OpenNextBackDialog ();
-
- // dialog label
- Wizard::SetContentsButtons (_("Password Policy Configuration"), contents,
- help_text + tabs_help_text[current_tab]:"",
- Label::CancelButton(), Label::OKButton());
- Wizard::HideAbortButton();
-
- set_password_policies_term ();
-
- while (true)
- {
- result = UI::UserInput ();
-
- if (is(result,symbol) &&
- contains ([`back, `cancel, `abort], (symbol)result))
- break;
-
- // save the values from UI
- foreach (string attr, attributes[current_tab]:[], {
- if (contains (time_attributes, attr))
- {
- ppolicy[attr] = sformat ("%1", get_seconds_value (attr));
- return;
- }
- any val = UI::QueryWidget (`id (attr), `Value);
- if (is (val, integer))
- val = sformat ("%1", val);
- ppolicy[attr] = val;
- });
-
- if ((result == `pwchange || result == `aging || result == `lockout) &&
- result!= current_tab)
- {
- if (result == `pwchange)
- set_password_policies_term ();
- else if (result == `aging)
- set_aging_policies_term ();
- else if (result == `lockout)
- set_lockout_policies_term ();
- current_tab = (symbol) result;
- if (has_tabs)
- UI::ChangeWidget (`id (`tabs), `CurrentItem, current_tab);
- Wizard::SetHelpText (help_text + tabs_help_text[current_tab]:"");
- continue;
- }
- if (result == `next)
- {
- boolean cont = false;
-
- // check the template required attributes...
- foreach (string oc, ppolicy["objectClass"]:[], ``{
- if (cont) return;
- foreach (string attr, Ldap::GetRequiredAttributes (oc), ``{
- any val = ppolicy[attr]:nil;
- if (!cont && val == nil || val == [] || val == "") {
- //error popup, %1 is attribute name
- Popup::Error (sformat (_("The \"%1\" attribute is mandatory.
-Enter a value."), attr));
- UI::SetFocus (`id(`table));
- cont = true;
- }
- });
- });
- if (cont) continue;
- break;
- }
- // now solve events inside the tabs
- if (current_tab == `pwchange && is (result, integer))
- {
- UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, result != 0);
- }
- if (current_tab == `lockout && result == "pwdLockout")
- {
- boolean pwdlockout = (boolean) UI::QueryWidget (`id ("pwdLockout"), `Value);
- UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout);
- foreach (string suffix, [ "d", "h", "m", "s" ], {
- UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix),
- `Enabled, pwdlockout);
- UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix),
- `Enabled, pwdlockout);
- });
- }
- }
- Wizard::CloseDialog ();
-
- map ret = $[];
- if (result == `next)
- {
- foreach (string key, any val, (map) ppolicy, {
- if (!haskey (ppolicy_orig, key) &&
- (val == default_values[key]:nil || val == "0"))
- return;
- if (val != ppolicy_orig[key]:nil)
- {
- if (is (val, boolean))
- val = (val == true) ? "TRUE" : "FALSE";
- ret[key] = val;
- }
- });
- }
- return (result == `next) ? ret : nil;
-}
-
}//EOF
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.22.3/src/ui.ycp new/yast2-ldap-client-2.22.5/src/ui.ycp
--- old/yast2-ldap-client-2.22.3/src/ui.ycp 2012-02-02 14:58:17.000000000 +0100
+++ new/yast2-ldap-client-2.22.5/src/ui.ycp 2012-02-21 15:46:04.000000000 +0100
@@ -25,7 +25,7 @@
* Authors: Thorsten Kukuk
* Anas Nashif
*
- * $Id: ui.ycp 67232 2012-01-19 14:36:33Z jsuchome $
+ * $Id: ui.ycp 67491 2012-02-21 10:06:24Z jsuchome $
*
* All user interface functions.
*/
@@ -55,7 +55,7 @@
define boolean Modified () ``{
- return (Ldap::modified || Ldap::ldap_modified || Ldap::ppolicies != $[]);
+ return (Ldap::modified || Ldap::ldap_modified);
}
/**
@@ -183,6 +183,7 @@
*/
boolean SSLConfiguration () {
+ string certTmpFile = sformat ("%1/__LDAPcert.crt", Directory::tmpdir);
string tls_cacertdir = Ldap::tls_cacertdir;
string tls_cacertfile = Ldap::tls_cacertfile;
UI::OpenDialog (`opt (`decorated), `HBox (`HSpacing (1), `VBox(
@@ -247,6 +248,50 @@
UI::ChangeWidget (`id (`tls_cacertfile), `Value, file);
}
}
+ if (ret == `import_cert)
+ {
+ string dir = tls_cacertdir;
+ if (dir == "")
+ dir = "/etc/openldap/cacerts/";
+
+ boolean success = false;
+ string name = "";
+
+ string cert_url = (string) UI::QueryWidget (`id (`url), `Value);
+ string curlcmd = sformat("curl -f --connect-timeout 60 --max-time 120 '%1' -o %2", cert_url, certTmpFile);
+
+ if (SCR::Execute(.target.bash, curlcmd) != 0)
+ {
+ // error message
+ Popup::Error (_("Could not download the certificate file from specified URL."));
+ }
+ else if (FileUtils::CheckAndCreatePath (dir))
+ {
+ list <string> l = splitstring (cert_url, "/");
+ name = l[size(l) - 1]:"downloaded-by-yast2-ldap-client.pem";
+ success = SCR::Execute (.target.bash, sformat ("/bin/cp -a '%1' '%2/%3'", certTmpFile, dir, name)) == 0;
+ // rehash cert directory (bnc#662937)
+ map out = (map)SCR::Execute (.target.bash_output, sformat ("/usr/bin/c_rehash %1", dir));
+ if (out["stderr"]:"" != "")
+ {
+ y2error ("something went wrong: %1", out);
+ }
+ }
+
+ if (success)
+ {
+ // popup message, %1 is file name, %2 directory
+ Popup::Message (sformat (_("The downloaded certificate file
+
+'%1'
+
+has been copied to '%2' directory.
+"), name, dir));
+
+ tls_cacertdir = dir;
+ Ldap::modified = true;
+ }
+ }
} while (ret != `ok && ret != `cancel);
UI::CloseDialog ();
@@ -323,7 +368,6 @@
boolean ldap_tls = Ldap::ldap_tls || Ldap::sssd; // force TLS to true if sssd is used
string tls_checkpeer = Ldap::tls_checkpeer;
boolean login_enabled = Ldap::login_enabled;
- string certTmpFile = sformat ("%1/__LDAPcert.crt", Directory::tmpdir);
boolean ssl_changed = false;
boolean autofs = Ldap::_start_autofs;
term autofs_con = `Empty ();
@@ -474,82 +518,6 @@
UI::ChangeWidget (`id (`ldaps), `Value, false);
}
}
- if (result == `import_cert)
- {
- string dir = Ldap::tls_cacertdir;
- if (Ldap::tls_cacertdir == "")
- dir = "/etc/openldap/cacerts/";
-
- UI::OpenDialog ( `opt(`decorated), `HBox(
- `HSpacing(1),
- `VBox (
- `HSpacing (75),
- // InputField label
- `InputField (`id (`url), `opt (`hstretch),
- _("CA Certificate URL for Download")),
- `ButtonBox (
- `PushButton(`id(`ok),`opt(`default,`key_F10), Label::OKButton()),
- `PushButton(`id(`cancel),`opt (`key_F9), Label::CancelButton())
- )
- ),
- `HSpacing(1)
- ));
- UI::SetFocus (`id (`url));
-
- any ret = nil;
- boolean success = false;
- string name = "";
-
- while (true)
- {
- ret = UI::UserInput ();
- if (ret == `cancel)
- break;
- if (ret == `ok)
- {
- string cert_url = (string) UI::QueryWidget (`id (`url), `Value);
- string curlcmd = sformat("curl -f --connect-timeout 60 --max-time 120 '%1' -o %2", cert_url, certTmpFile);
-
- if (SCR::Execute(.target.bash, curlcmd) != 0)
- {
- // error message
- Popup::Error (_("Could not download the certificate file from specified URL."));
- }
- else if (FileUtils::CheckAndCreatePath (dir))
- {
- list <string> l = splitstring (cert_url, "/");
- name = l[size(l) - 1]:"downloaded-by-yast2-ldap-client.pem";
- success = SCR::Execute (.target.bash, sformat ("/bin/cp -a '%1' '%2/%3'", certTmpFile, dir, name)) == 0;
- // rehash cert directory (bnc#662937)
- map out = (map)SCR::Execute (.target.bash_output, sformat ("/usr/bin/c_rehash %1", dir));
- if (out["stderr"]:"" != "")
- {
- y2error ("something went wrong: %1", out);
- }
- break;
- }
- }
- }
- UI::CloseDialog ();
-
- if (ret == `cancel)
- {
- continue;
- }
- if (success)
- {
- // popup message, %1 is file name, %2 directory
- Popup::Message (sformat (_("The downloaded certificate file
-
-'%1'
-
-has been copied to '%2' directory.
-"), name, dir));
-
- Ldap::tls_cacertdir = dir;
- Ldap::modified = true;
- }
- }
if (result == `next || result == `advanced)
{
@@ -786,14 +754,6 @@
check the appropriate option. Changing this value does not cause any direct
action. It is only information for the YaST users module, which manages
user home directories.</p>
-") +
-
- // password policy help text caption
- _("<p><b>Password Policy</b></p>") +
-
- // password policy help
- _("<p>Configure the selected password policy with <b>Edit</b>. Use <b>Add</b> to
-add a new password policy. Password policies must be enabled on the LDAP server.</p>
")
];
@@ -847,64 +807,6 @@
"rfc2307bis"
];
- list ppolicy_list = [];
-
- boolean ppolicies_enabled = false;
- map ppolicies = $[];
- map ppolicies_orig= $[];
- list<string> ppolicies_deleted = []; // list of DN
-
- // read the list of pwdpolicy objects under base_config_dn
- void read_ppolicies () {
-
- if (base_dn == "") return;
-
- if (Ldap::ldap_initialized && Ldap::tls_when_initialized != Ldap::ldap_tls)
- {
- Ldap::LDAPClose ();
- }
-
- if (Ldap::ldap_initialized || Ldap::LDAPInit () == "")
- {
- ppolicies_enabled = (boolean) SCR::Execute (.ldap.ppolicy, $[
- "hostname" : Ldap::GetFirstServer (Ldap::server),
- "bind_dn" : Ldap::GetBaseDN ()
- ]);
-
- list schemas = (list)SCR::Read (.ldap.search, $[
- "base_dn": "",
- "attrs": [ "subschemaSubentry" ],
- "scope": 0,
- ]);
- string schema_dn = schemas[0,"subschemaSubentry",0]:"";
- if (schemas != nil && schema_dn != "" &&
- SCR::Execute (.ldap.schema, $[ "schema_dn": schema_dn ])== true)
- {
- map pp = (map) SCR::Read (.ldap.search,
- $[
- "base_dn" : base_dn,
- "filter" : "objectClass=pwdPolicy",
- "scope" : 2,
- "map" : true,
- "not_found_ok" : true
- ]);
- if (pp != nil)
- {
- ppolicies = pp;
- ppolicies_orig = ppolicies;
- }
- }
- }
- // TODO re-read is not supported, is it correct?
- foreach (string dn, map ppolicy, Ldap::ppolicies, {
- if (ppolicy["modified"]:"" == "deleted" && haskey (ppolicies, dn))
- ppolicies = remove (ppolicies, dn);
- else if (ppolicy["modified"]:"" == "added")
- ppolicies[dn] = ppolicy;
- else ppolicies[dn] = union (ppolicies[dn]:$[], ppolicy);
- });
- }
-
list<term> tabs = [
// tab label
`item(`id(`client), _("C&lient Settings"), true),
@@ -1026,19 +928,7 @@
`Right (`PushButton (`id(`configure),
// pushbutton label
_("Configure User Management &Settings..."))),
- `VSpacing (),
- `Table (`id (`ppolicy_table), `opt(`notify), `header (
- // table header
- _("Password Policy")),
- maplist (string dn, map pp, ppolicies, ``(`item (`id (dn), dn)))
- ),
- `HBox (
- `PushButton (`id (`add), Label::AddButton ()),
- `PushButton (`id (`edit), Label::EditButton ()),
- `PushButton (`id (`delete), Label::DeleteButton ()),
- `HStretch ()
- ),
- `VSpacing(0.4)
+ `VStretch ()
), `HSpacing (4));
UI::ReplaceWidget (`tabContents, cont);
@@ -1049,9 +939,6 @@
if (Mode::config ())
UI::ChangeWidget (`id(`configure), `Enabled, false);
- foreach (symbol s, [ `ppolicy_table, `add, `edit, `delete ], {
- UI::ChangeWidget (`id (s), `Enabled, ppolicies_enabled);
- });
}
@@ -1065,7 +952,6 @@
symbol current = `client;
set_client_term ();
- read_ppolicies ();
while (true)
{
@@ -1146,105 +1032,6 @@
UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb);
UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb);
}
- if (result == `add)
- {
- string suffix = base_dn;
- UI::OpenDialog ( `opt(`decorated), `HBox(
- `HSpacing(1),
- `VBox(
- // InputField label
- `InputField (`id (`cn), `opt (`hstretch),
- _("Name of Password Policy Object")),
- `ReplacePoint (`id (`rp_suf), `HBox (
- // text label,suffix will follow in next label
- `Label (`id (`suffix_label), _("Suffix:")),
- `Label (`id (`suffix), base_dn),
- // pushbutton label
- `PushButton (`id (`br_suf), _("Change Suffix"))
- )),
- `ButtonBox (
- `PushButton(`id(`ok),`opt(`default,`key_F10),Label::OKButton()),
- `PushButton(`id(`cancel),`opt (`key_F9), Label::CancelButton())
- )
- ),
- `HSpacing(1)
- ));
- UI::SetFocus (`id (`cn));
- any ret = nil;
- string new_dn = "";
- while (true)
- {
- ret = UI::UserInput ();
- if (ret == `cancel)
- break;
- if (ret == `br_suf)
- {
- string suf = LdapPopup::InitAndBrowseTree (base_dn, $[
- "hostname" : Ldap::GetFirstServer (Ldap::server),
- "port" : Ldap::GetFirstPort (Ldap::server),
- "use_tls" : Ldap::ldap_tls ? "yes" : "no",
- "cacertdir" : Ldap::tls_cacertdir,
- "cacertfile" : Ldap::tls_cacertfile
- ]);
- if (suf != "")
- UI::ReplaceWidget (`id (`rp_suf), `HBox (
- // text label,suffix will follow in next label
- `Label (`id (`suffix_label), _("Suffix:")),
- `Label (`id (`suffix), suf),
- // pushbutton label
- `PushButton (`id (`br_suf), _("Change Suffix"))
- ));
- }
- if (ret == `ok)
- {
- string cn = (string) UI::QueryWidget (`id (`cn), `Value);
- if (cn == "") break;
- string suffix = (string) UI::QueryWidget (`id (`suffix), `Value);
- new_dn = sformat ("cn=%1,%2", cn, suffix);
- if (haskey (ppolicies, new_dn))
- {
- Popup::Error (sformat (_("The Policy \'%1\' already exists.
-Please select another one."), new_dn));
- continue;
- }
- break;
- }
- }
- UI::CloseDialog ();
- if (ret == `ok && new_dn != "")
- {
- map new = LdapPopup::PasswordPolicyDialog ($["dn": new_dn ]);
- if (new != nil)
- {
- ppolicies[new_dn] = new;
- UI::ChangeWidget (`id (`ppolicy_table), `Items,
- maplist (string dn, map pp, ppolicies, ``(`item (`id (dn), dn)))
- );
- UI::ChangeWidget (`id (`edit), `Enabled, size (ppolicies) > 0);
- UI::ChangeWidget (`id (`delete), `Enabled, size (ppolicies) > 0);
- }
- }
- }
- if (result == `edit || result == `ppolicy_table)
- {
- string dn = (string) UI::QueryWidget (`id (`ppolicy_table), `CurrentItem);
- map changes = LdapPopup::PasswordPolicyDialog (ppolicies[dn]:$[]);
- if (changes != nil)
- {
- ppolicies[dn] = union (ppolicies[dn]:$[], changes);
- }
- }
- if (result == `delete)
- {
- string dn = (string) UI::QueryWidget (`id (`ppolicy_table), `CurrentItem);
- ppolicies = remove (ppolicies, dn);
- ppolicies_deleted = (list<string>) union (ppolicies_deleted, [dn]);
- UI::ChangeWidget (`id (`ppolicy_table), `Items,
- maplist (string dn, map pp, ppolicies, ``(`item (`id (dn), dn)))
- );
- UI::ChangeWidget (`id (`edit), `Enabled, size (ppolicies) > 0);
- UI::ChangeWidget (`id (`delete), `Enabled, size (ppolicies) > 0);
- }
if (result == `next || result == `configure)
{
@@ -1263,44 +1050,6 @@
UI::SetFocus (`id (`base_config_dn));
continue;
}
- foreach (string dn, map ppolicy, ppolicies, {
- // new ppolicy
- if (!haskey (ppolicies_orig, dn))
- {
- ppolicy["modified"] = "added";
- ppolicy["pwdAttribute"] = "userPassword";
- ppolicy["objectClass"] = ["pwdPolicy", "namedObject"];
- ppolicy["cn"] = get_cn (dn);
- Ldap::ppolicies[dn] = ppolicy;
-
- }
- else
- {
- map pp = $[];
- foreach (string a, any val, (map) ppolicy, {
- if (val != ppolicies_orig[dn,a]:nil)
- pp[a] = val;
- });
- if (pp != $[])
- {
- pp["modified"] = "edited";
- Ldap::ppolicies[dn] = pp;
- }
- }
- });
- // deleted ppolicies
- foreach (string dn, ppolicies_deleted, {
- map pp = Ldap::ppolicies[dn]:$[];
- if (pp["modified"]:"" == "added")
- {
- Ldap::ppolicies = remove (Ldap::ppolicies, dn);
- }
- else if (haskey (ppolicies_orig, dn))
- {
- pp["modified"] = "deleted";
- Ldap::ppolicies[dn] = pp;
- }
- });
if (krb5_realm == "" || krb5_kdcip == "" || !Ldap::sssd)
sssd_with_krb = false;
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org