Author: rhafer Date: Fri Jun 27 15:59:21 2008 New Revision: 48629 URL: http://svn.opensuse.org/viewcvs/yast?rev=48629&view=rev Log: Support for admin password change Modified: trunk/ldap-server/src/LdapServer.pm trunk/ldap-server/src/agent/SlapdConfigAgent.cc trunk/ldap-server/src/tree_structure.ycp trunk/ldap-server/src/widgets.ycp Modified: trunk/ldap-server/src/LdapServer.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev... ============================================================================== --- trunk/ldap-server/src/LdapServer.pm (original) +++ trunk/ldap-server/src/LdapServer.pm Fri Jun 27 15:59:21 2008 @@ -16,6 +16,9 @@ use Data::Dumper; +use Digest::MD5 qw(md5_hex); +use Digest::SHA1 qw(sha1); +use MIME::Base64; use X500::DN; use ycp; use YaST::YCP qw(Boolean); @@ -612,12 +615,48 @@ sub UpdateDatabase { my ($self, $index, $changes) = @_; + y2milestone( "UpdateDatabase: ".Data::Dumper->Dump([$changes]) ); my $rc = SCR->Write(".ldapserver.database.{".$index."}", $changes); - y2milestone( "Database: ".Data::Dumper->Dump([$rc]) ); + y2milestone( "result: ".Data::Dumper->Dump([$rc]) ); return $rc; } +BEGIN { $TYPEINFO {HashPassword} = ["function", "string", "string", "string" ] ; } +sub HashPassword +{ + my ($self, $hashAlgo, $cleartext) = @_; + my $hashed; + if( !grep( ($_ eq $hashAlgo), ("CRYPT", "SMD5", "SHA", "SSHA", "PLAIN") ) ) { + # unsupported password hash + return ""; + } + + if( $hashAlgo eq "CRYPT" ) { + my $salt = pack("C2",(int(rand 26)+65),(int(rand 26)+65)); + $hashed = crypt $cleartext,$salt; + $hashed = "{CRYPT}".$hashed; + } elsif( $hashAlgo eq "SMD5" ) { + my $salt = pack("C5",(int(rand 26)+65),(int(rand 26)+65),(int(rand 26)+65), + (int(rand 26)+65), (int(rand 26)+65)); + my $ctx = new Digest::MD5(); + $ctx->add($cleartext); + $ctx->add($salt); + $hashed = "{SMD5}".encode_base64($ctx->digest.$salt, ""); + } elsif( $hashAlgo eq "SHA"){ + my $digest = sha1($cleartext); + $hashed = "{SHA}".encode_base64($digest, ""); + } elsif( $hashAlgo eq "SSHA"){ + my $salt = pack("C5",(int(rand 26)+65),(int(rand 26)+65),(int(rand 26)+65), + (int(rand 26)+65), (int(rand 26)+65)); + my $digest = sha1($cleartext.$salt); + $hashed = "{SSHA}".encode_base64($digest.$salt, ""); + } else { + $hashed = $cleartext; + } + return $hashed; +} + BEGIN { $TYPEINFO {HaveCommonServerCertificate} = ["function", "boolean" ]; } sub HaveCommonServerCertificate { Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfig... ============================================================================== --- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original) +++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Fri Jun 27 15:59:21 2008 @@ -622,11 +622,16 @@ { if ( path->length() == 1 ) { - YCPValue val = changesMap.value( YCPString("rootdn") ); - if ( val->isString() ) + YCPValue val = changesMap.value( YCPString("rootdn") ); + if ( ! val.isNull() && val->isString() ) { (*i)->setStringValue( "olcRootDn", val->asString()->value_cstr() ); } + val = changesMap.value( YCPString("rootpw") ); + if ( ! val.isNull() && val->isString() ) + { + (*i)->setStringValue( "olcRootPw", val->asString()->value_cstr() ); + } } else { std::string dbComponent = path->component_str(1); y2milestone("Component '%s'", dbComponent.c_str()); Modified: trunk/ldap-server/src/tree_structure.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/tree_structure.yc... ============================================================================== --- trunk/ldap-server/src/tree_structure.ycp (original) +++ trunk/ldap-server/src/tree_structure.ycp Fri Jun 27 15:59:21 2008 @@ -725,8 +725,8 @@ define boolean cb_check_db() ``{ - string suffix =(string)widget_map[current_tree_item,"name"]:nil; - y2milestone( "calling db check handler for suffix '%1'", suffix ); + string label =(string)widget_map[current_tree_item,"name"]:nil; + y2milestone( "calling db check handler for suffix '%1'", label ); string rootpw = (string)UI::QueryWidget( `te_rootpw, `Value ); if( rootpw != (string)UI::QueryWidget( `te_valid_rootpw, `Value ) ) @@ -757,7 +757,8 @@ if( db["rootdn"]:"" != "" && (boolean)UI::QueryWidget( `cb_append_basedn, `Value ) ) { - string suffix = (string)widget_map[current_tree_item,"name"]:""; + map<string,string> olddb = LdapServer::GetDatabase(index); + string suffix = olddb["suffix"]:""; db["rootdn"] = db["rootdn"]:"" + "," + suffix; } @@ -971,6 +972,7 @@ ``{ string suffix = current_tree_item; y2milestone( "calling db input handler for suffix '%1'", suffix ); + integer index = (integer)widget_map[current_tree_item,"index"]:nil; if ( handler_cmd == `cb_ppolicy_overlay ) { if ( UI::QueryWidget( `cb_ppolicy_overlay, `Value ) == true ) { UI::ChangeWidget( `cb_ppolicy_hashcleartext, `Enabled , true ); @@ -981,7 +983,21 @@ UI::ChangeWidget( `cb_ppolicy_uselockout, `Enabled , false ); UI::ChangeWidget( `te_ppolicy_defaultpolicy, `Enabled , false ); } + } else if ( handler_cmd == `pb_changepw ) { + map<string,string> newpw = ChangeAdminPassword(); + if ( newpw != nil ) + { + y2milestone("set password"); + string newhash = LdapServer::HashPassword(newpw["hashAlgo"]:"", newpw["password"]:""); + y2milestone("new hash: %1", newhash ); + LdapServer::UpdateDatabase( index, $[ "rootpw" : newhash] ); + } + else + { + y2milestone("password change cancelled"); + } } + return true; } @@ -1139,7 +1155,7 @@ * tree generation functions ** *****************************************/ -void addDatabaseWidgetMap( string suffix, string item_name, integer index, boolean new_db ) +void addDatabaseWidgetMap( string label, string item_name, integer index, boolean new_db ) { if( haskey( widget_map, item_name ) ) return; map<string, any> dbIndex = $[ @@ -1150,7 +1166,7 @@ "cb_input" : ``(cb_input_bdb_index() ) ]; map<string,any> item_map = $[ - "name" : suffix, + "name" : label, "children" : [ item_name + "_index" ], "index" : index, "widget" : editBdbDatabase, @@ -1162,7 +1178,7 @@ "cb_write" : ``( cb_write_db() ), "cb_input" : ``( cb_input_db() ) ]; - y2milestone( "adding database item '%1' as '%2'", suffix, item_name ); + y2milestone( "adding database item '%1' as '%2'", label, item_name ); widget_map[item_name] = item_map; widget_map[item_name + "_index"] = dbIndex; Modified: trunk/ldap-server/src/widgets.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/widgets.ycp?rev=4... ============================================================================== --- trunk/ldap-server/src/widgets.ycp (original) +++ trunk/ldap-server/src/widgets.ycp Fri Jun 27 15:59:21 2008 @@ -390,6 +390,60 @@ ) ); + define map<string,string> ChangeAdminPassword() + { + map<string,string> result = nil; + term content = + `VBox( + `Heading( _("Change Administrator Password") ), + `Password( `id( `te_rootpw ), _("New Administrator &Password") ), + `HSpacing( 0.5 ), + `Password( `id( `te_valid_rootpw ), _("&Validate Password") ), + `HSpacing( 0.5 ), + `ComboBox( `id( `cb_cryptmethod ), _("Password &Encryption"), enc_types ), + `HBox( + `PushButton( `id( `pb_ok ), Label::OKButton() ), + `PushButton( `id( `pb_cancel ), Label::CancelButton() ) + ) + ); + UI::OpenDialog( `opt(`decorated), content ); + while ( true ) + { + any ret = UI::UserInput(); + if (ret == `pb_cancel ) + { + break; + } + else if ( ret == `pb_ok ) + { + string pw = (string)UI::QueryWidget( `te_rootpw, `Value ); + string verifypw = (string)UI::QueryWidget( `te_valid_rootpw, `Value ); + string hashAlgo = (string)UI::QueryWidget( `cb_cryptmethod, `Value ); + if ( size(pw) == 0 ) + { + Popup::Error( _("Please enter a password") ); + UI::ChangeWidget( `te_rootpw, `Value, "" ); + UI::ChangeWidget( `te_valid_rootpw, `Value, "" ); + } + else if ( pw == verifypw ) + { + result = $[]; + result["password"] = pw; + result["hashAlgo"] = hashAlgo; + break; + } + else + { + Popup::Error( _("The passwords you have enter do not match. Please try again") ); + UI::ChangeWidget( `te_rootpw, `Value, "" ); + UI::ChangeWidget( `te_valid_rootpw, `Value, "" ); + } + } + } + UI::CloseDialog(); + return result; + } + define map<string,any> DatabaseIndexPopup( list<string> skipAttrs, string editAttr, map<string, boolean> currentIdx ) { -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org