[yast-commit] r67492 - in /trunk: ldap-client/src/LdapPopup.ycp ldap-server/package/yast2-ldap-server.changes ldap-server/src/LdapDatabase.ycp ldap-server/src/widgets.ycp
Author: jsuchome Date: Tue Feb 21 11:26:43 2012 New Revision: 67492 URL: http://svn.opensuse.org/viewcvs/yast?rev=67492&view=rev Log: PasswordPolicyDialog moved from ldap-client to ldap-server Modified: trunk/ldap-client/src/LdapPopup.ycp trunk/ldap-server/package/yast2-ldap-server.changes trunk/ldap-server/src/LdapDatabase.ycp trunk/ldap-server/src/widgets.ycp Modified: trunk/ldap-client/src/LdapPopup.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/LdapPopup.ycp?rev=67492&r1=67491&r2=67492&view=diff ============================================================================== --- trunk/ldap-client/src/LdapPopup.ycp (original) +++ trunk/ldap-client/src/LdapPopup.ycp Tue Feb 21 11:26:43 2012 @@ -566,371 +566,4 @@ return $[ "attr": attr, "value": new_value ]; } -/** - * dialog for Password Policy configuration object - * @param ppolicy data with Password Policy object to be edited (as obtained from LDAP search) - * @return map with modifications of ppolicy object, nil in case of `cancel - */ -global define map PasswordPolicyDialog (map ppolicy) { - - // reduce the list values to single ones - ppolicy = mapmap (string a, any val, (map<string,any>)ppolicy, { - if (is (val, list) && (Ldap::SingleValued (a) || size ((list)val) == 1)) - val = ((list)val)[0]:nil; - if (val == "TRUE" || val == "FALSE") - val = (val == "TRUE"); - return $[ a: val ]; - }); - map ppolicy_orig = ppolicy; - - // help text for Password Policy Dialog - string help_text = _("<p>Select the <b>Password Change Policies</b>, <b>Password Aging Policies</b>, and <b>Lockout Policies</b> tabs to choose LDAP password policy groups of attributes to configure.</p>"); - - - // tab-specific help texts - map tabs_help_text = $[ - // help text for pwdInHistory attribute - `pwchange : _("<p>Specify the <b>Maximum Number of Passwords Stored in History</b> to set how many previously used passwords should be saved. Saved passwords may not be used.</p>") + - - // help text for pwdMustChange attribute - _("<p>Check <b>User Must Change Password after Reset</b> to force users to change their passwords after the password is reset or changed by an administrator.</p>") + - - // help text for pwdAllowUserChange attribute - _("<p>Check <b>User Can Change Password</b> to allow users to change their passwords.</p>") + - - // help text for pwdSafeModify attribute - _("<p>If the existing password must be provided along with the new password, check <b>Old Password Required for Password Change</b>.</p>") + - - // help text for pwdCheckQuality attribute - _("<p>Select whether the password quality should be verified while passwords are modified or added. Select <b>No Checking</b> if passwords should not be evaluated. With <b>Accept Uncheckable Passwords</b>, passwords are accepted even if the check cannot be performed, for example, if the user provides an encrypted password. With <b>Only Accept Checked Passwords</b> passwords are refused if the quality test fails or the password cannot be checked.</p>") + - - // help text for pwdMinLength attribute - _("Set the minimum number of characters that must be used in a password in <b>Minimum Password Length</b>.</p>"), - - // help text for pwdMinAge attribute - `aging : _("<p><b>Minimum Password Age</b> sets how much time must pass between modifications to the password.</p>") + - - // help text for pwdMaxAge attribute - _("<p><b>Maximum Password Age</b> sets how long after modification a password expires.</p>") + - - // help text for pwdExpireWarning attribute - _("<p>In <b>Time before Password Expiration to Issue Warning</b> specify how long\nbefore expiration an authenticating user should be warned.</p>") + - - // help text for pwdGraceAuthNLimit attribute - _("<p>Set the number of times an expired password can be used to authenticate in <b>Allowed Uses of an Expired Password</b>.</p>"), - - // help text for pwdLockout attribute - `lockout : _("<p>Check <b>Enable Password Locking</b> to forbid use of a password after a specified number of consecutive failed bind attempts.</p>") + - - // help text for pwdMaxFailure attribute - _("<p>Set the number of consecutive failed bind attempts after which the password may not be used to authenticate in <b>Bind Failures to Lock the Password</b>.</p>") + - - // help text for pwdLockoutDuration attribute - _("<p>Set for how long the password cannot be used in <b>Password Lock Duration</b>.</p>") + - - // help text for pwdFailureCountInterval attribute - _("<p><b>Bind Failures Cache Duration</b> specifies the time after which password failures are purged from the failure counter even if no successful authentication has occurred.</p>"), - ]; - - // map of attribute names for each tab - map attributes = $[ - `pwchange : [ - "pwdInHistory", "pwdMustChange", "pwdAllowUserChange", - "pwdSafeModify", "pwdCheckQuality", "pwdMinLength" - ], - `aging : [ - "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdGraceAuthNLimit" - ], - `lockout : [ - "pwdLockout", "pwdLockoutDuration", "pwdMaxFailure", - "pwdFailureCountInterval" - ], - ]; - - list time_attributes = [ - "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdLockoutDuration", - "pwdFailureCountInterval" - ]; - - map default_values = $[ - "pwdMustChange" : false, - "pwdAllowUserChange" : true, - "pwdSafeModify" : false, - "pwdLockout" : false, - ]; - - // maximal value of IntFields - integer max = 99999; - - list<term> tabs = [ - // tab label - `item(`id(`pwchange), _("&Password Change Policies"), true), - // tab label - `item(`id(`aging), _("Pa&ssword Aging Policies")), - // tab label - `item(`id(`lockout), _("&Lockout Policies")), - ]; - term tabs_term = `VBox ( - `DumbTab (`id(`tabs), tabs, - `ReplacePoint(`id(`tabContents ), `VBox (`Empty ()))) - ); - boolean has_tabs = true; - if (!UI::HasSpecialWidget (`DumbTab)) - { - has_tabs = false; - term tabbar = `HBox (); - foreach (term it, tabs, { - string label = it[1]:""; - tabbar = add (tabbar,`PushButton (it[0]:`id(label), label)); - }); - tabs_term = `VBox (`Left(tabbar), - `Frame ("", `ReplacePoint(`id(`tabContents), `Empty ())) - ); - } - - term contents = tabs_term; - - // generate the term of password policy tab and update the help text - void set_password_policies_term () { - integer pwdcheckquality = tointeger (ppolicy["pwdCheckQuality"]:"0"); - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.8), - `IntField (`id ("pwdInHistory"), - // IntField label - _("Ma&ximum Number of Passwords Stored in History"), - 0, max, tointeger (ppolicy["pwdInHistory"]:"0")), - `VSpacing (0.4), - `Left (`CheckBox (`id ("pwdMustChange"), - // checkbox label - _("U&ser Must Change Password after Reset"), - ppolicy["pwdMustChange"]:true)), - `VSpacing (0.2), - `Left (`CheckBox (`id ("pwdAllowUserChange"), - // checkbox label - _("&User Can Change Password"), - ppolicy["pwdAllowUserChange"]:true)), - `VSpacing (0.2), - `Left (`CheckBox (`id ("pwdSafeModify"), - // checkbox label - _("&Old Password Required for Password Change"), - ppolicy["pwdSafeModify"]:false)), - `VSpacing (0.4), - // frame label - `HBox (`HSpacing (2), `Frame (_("Password Quality Checking"), `VBox( - `VSpacing (0.5), - `RadioButtonGroup (`id("pwdCheckQuality"), `VBox ( - `Left (`RadioButton (`id(0), `opt (`notify), - _("&No Checking"), pwdcheckquality == 0)), - `Left (`RadioButton(`id(1), `opt (`notify), - _("Acc&ept Uncheckable Passwords"), - pwdcheckquality == 1)), - `Left (`RadioButton(`id(2), `opt (`notify), - _("&Only Accept Checked Passwords"), - pwdcheckquality == 2)) - )), - `VSpacing (0.4), - // IntField label - `IntField (`id ("pwdMinLength"), _("&Minimum Password Length"), - 0, max, tointeger (ppolicy["pwdMinLength"]:"0")) - ))) - ), `HSpacing (0.5))); - - UI::ReplaceWidget (`tabContents, tab_cont); - UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, pwdcheckquality > 0); - return; - } - - term time_dialog (string id, string label) { - - integer value = tointeger (ppolicy[id]:"0"); - integer days = value / (24*60*60); - if (days > 0) value = value - (days * 24*60*60); - integer hours = value / (60*60); - if (hours > 0) value = value - (hours * 60*60); - integer minutes = value / 60; - if (minutes > 0) value = value - (minutes * 60); - return `HBox (`HSpacing (0.3), `Frame (label, `HBox ( - `IntField (`id (id + "d"), _("Days"), 0, max, days), - `IntField (`id (id + "h"), _("Hours"), 0, 23, hours), - `IntField (`id (id + "m"), _("Minutes"), 0, 59, minutes), - `IntField (`id (id + "s"), _("Seconds"), 0, 59, value) - )), `HSpacing (0.3)); - } - - integer get_seconds_value (string attr) { - - integer days = (integer) UI::QueryWidget (`id (attr + "d"), `Value); - integer hours = (integer) UI::QueryWidget (`id (attr + "h"), `Value); - integer minutes = (integer) UI::QueryWidget (`id (attr + "m"), `Value); - integer seconds = (integer) UI::QueryWidget (`id (attr + "s"), `Value); - return (days * 24*60*60) + (hours * 60*60) + (minutes *60) + seconds; - } - - // generate the term of password aging tab - void set_aging_policies_term () { - - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.7), - // frame label - time_dialog ("pwdMinAge", _("Minimum Password Age")), - `VSpacing (0.4), - // frame label - time_dialog ("pwdMaxAge", _("Maximum Password Age")), - `VSpacing (0.4), - time_dialog ("pwdExpireWarning", - // frame label - _("Time before Password Expiration to Issue Warning")), - `VSpacing (0.2), - `IntField (`id ("pwdGraceAuthNLimit"), - // IntField label - _("Allowed Use of an Expired Password"), 0, max, - tointeger (ppolicy["pwdGraceAuthNLimit"]:"0") - ) - ), `HSpacing (0.5))); - UI::ReplaceWidget (`tabContents, tab_cont); - return; - } - - // generate the term of lockout aging tab - void set_lockout_policies_term () { - - boolean pwdlockout = ppolicy["pwdLockout"]:false; - - term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( - `VSpacing (0.8), - `Left (`CheckBox (`id ("pwdLockout"), `opt (`notify), - // check box label - _("Enable Password Locking"), - pwdlockout)), - `VSpacing (0.4), - `IntField (`id ("pwdMaxFailure"), - // intField label - _("Bind Failures to Lock the Password"), - 0, max, tointeger (ppolicy["pwdMaxFailure"]:"0")), - // frame label - time_dialog ("pwdLockoutDuration", _("Password Lock Duration")), - `VSpacing (0.4), - time_dialog ("pwdFailureCountInterval", - // frame label - _("Bind Failures Cache Duration")) - ), `HSpacing (0.5))); - - UI::ReplaceWidget (`tabContents, tab_cont); - UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout); - foreach (string suffix, [ "d", "h", "m", "s" ], { - UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix), - `Enabled, pwdlockout); - UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix), - `Enabled, pwdlockout); - }); - return; - } - - symbol current_tab = `pwchange; - any result = nil; - - Wizard::OpenNextBackDialog (); - - // dialog label - Wizard::SetContentsButtons (_("Password Policy Configuration"), contents, - help_text + tabs_help_text[current_tab]:"", - Label::CancelButton(), Label::OKButton()); - Wizard::HideAbortButton(); - - set_password_policies_term (); - - while (true) - { - result = UI::UserInput (); - - if (is(result,symbol) && - contains ([`back, `cancel, `abort], (symbol)result)) - break; - - // save the values from UI - foreach (string attr, attributes[current_tab]:[], { - if (contains (time_attributes, attr)) - { - ppolicy[attr] = sformat ("%1", get_seconds_value (attr)); - return; - } - any val = UI::QueryWidget (`id (attr), `Value); - if (is (val, integer)) - val = sformat ("%1", val); - ppolicy[attr] = val; - }); - - if ((result == `pwchange || result == `aging || result == `lockout) && - result!= current_tab) - { - if (result == `pwchange) - set_password_policies_term (); - else if (result == `aging) - set_aging_policies_term (); - else if (result == `lockout) - set_lockout_policies_term (); - current_tab = (symbol) result; - if (has_tabs) - UI::ChangeWidget (`id (`tabs), `CurrentItem, current_tab); - Wizard::SetHelpText (help_text + tabs_help_text[current_tab]:""); - continue; - } - if (result == `next) - { - boolean cont = false; - - // check the template required attributes... - foreach (string oc, ppolicy["objectClass"]:[], ``{ - if (cont) return; - foreach (string attr, Ldap::GetRequiredAttributes (oc), ``{ - any val = ppolicy[attr]:nil; - if (!cont && val == nil || val == [] || val == "") { - //error popup, %1 is attribute name - Popup::Error (sformat (_("The \"%1\" attribute is mandatory. -Enter a value."), attr)); - UI::SetFocus (`id(`table)); - cont = true; - } - }); - }); - if (cont) continue; - break; - } - // now solve events inside the tabs - if (current_tab == `pwchange && is (result, integer)) - { - UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, result != 0); - } - if (current_tab == `lockout && result == "pwdLockout") - { - boolean pwdlockout = (boolean) UI::QueryWidget (`id ("pwdLockout"), `Value); - UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout); - foreach (string suffix, [ "d", "h", "m", "s" ], { - UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix), - `Enabled, pwdlockout); - UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix), - `Enabled, pwdlockout); - }); - } - } - Wizard::CloseDialog (); - - map<string,any> ret = $[]; - if (result == `next) - { - foreach (string key, any val, (map<string,any>) ppolicy, { - if (!haskey (ppolicy_orig, key) && - (val == default_values[key]:nil || val == "0")) - return; - if (val != ppolicy_orig[key]:nil) - { - if (is (val, boolean)) - val = (val == true) ? "TRUE" : "FALSE"; - ret[key] = val; - } - }); - } - return (result == `next) ? ret : nil; -} - }//EOF Modified: trunk/ldap-server/package/yast2-ldap-server.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/package/yast2-ldap-server.changes?rev=67492&r1=67491&r2=67492&view=diff ============================================================================== --- trunk/ldap-server/package/yast2-ldap-server.changes (original) +++ trunk/ldap-server/package/yast2-ldap-server.changes Tue Feb 21 11:26:43 2012 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Feb 21 11:25:21 CET 2012 - jsuchome@suse.cz + +- password policy popup moved here from ldap-client module + (fate#313143) + +------------------------------------------------------------------- Wed Dec 7 10:05:50 UTC 2011 - coolo@suse.com - fix license to be in spdx.org format Modified: trunk/ldap-server/src/LdapDatabase.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapDatabase.ycp?rev=67492&r1=67491&r2=67492&view=diff ============================================================================== --- trunk/ldap-server/src/LdapDatabase.ycp (original) +++ trunk/ldap-server/src/LdapDatabase.ycp Tue Feb 21 11:26:43 2012 @@ -9,7 +9,9 @@ import "Sequencer"; import "String"; import "Wizard"; - include "helps.ycp"; + + include "ldap-server/helps.ycp"; + include "ldap-server/widgets.ycp"; map <string, any> baseDb = $[ "rootdn" : "cn=Administrator", "directory" : "/var/lib/ldap" ]; @@ -557,7 +559,7 @@ } } } - map ppolicyEntry_new = LdapPopup::PasswordPolicyDialog(ppolicyEntry); + map ppolicyEntry_new = PasswordPolicyDialog(ppolicyEntry); // PasswordPolicyDialog only returns the changes made to the original // Entry, try to merge them here foreach ( string key, any val, (map<string,any>) ppolicyEntry_new, Modified: trunk/ldap-server/src/widgets.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/widgets.ycp?rev=67492&r1=67491&r2=67492&view=diff ============================================================================== --- trunk/ldap-server/src/widgets.ycp (original) +++ trunk/ldap-server/src/widgets.ycp Tue Feb 21 11:26:43 2012 @@ -3,7 +3,9 @@ textdomain "ldap-server"; import "CWMFirewallInterfaces"; import "Label"; + import "Ldap"; import "Popup"; + import "Wizard"; map<string, any> firewall_settings = $[ "services": [ "service:openldap" ], @@ -493,4 +495,372 @@ return retval; } +/** + * dialog for Password Policy configuration object + * @param ppolicy data with Password Policy object to be edited (as obtained from LDAP search) + * @return map with modifications of ppolicy object, nil in case of `cancel + */ +define map PasswordPolicyDialog (map ppolicy) { + + // reduce the list values to single ones + ppolicy = mapmap (string a, any val, (map<string,any>)ppolicy, { + if (is (val, list) && (Ldap::SingleValued (a) || size ((list)val) == 1)) + val = ((list)val)[0]:nil; + if (val == "TRUE" || val == "FALSE") + val = (val == "TRUE"); + return $[ a: val ]; + }); + map ppolicy_orig = ppolicy; + + // help text for Password Policy Dialog + string help_text = _("<p>Select the <b>Password Change Policies</b>, <b>Password Aging Policies</b>, and <b>Lockout Policies</b> tabs to choose LDAP password policy groups of attributes to configure.</p>"); + + + // tab-specific help texts + map tabs_help_text = $[ + // help text for pwdInHistory attribute + `pwchange : _("<p>Specify the <b>Maximum Number of Passwords Stored in History</b> to set how many previously used passwords should be saved. Saved passwords may not be used.</p>") + + + // help text for pwdMustChange attribute + _("<p>Check <b>User Must Change Password after Reset</b> to force users to change their passwords after the password is reset or changed by an administrator.</p>") + + + // help text for pwdAllowUserChange attribute + _("<p>Check <b>User Can Change Password</b> to allow users to change their passwords.</p>") + + + // help text for pwdSafeModify attribute + _("<p>If the existing password must be provided along with the new password, check <b>Old Password Required for Password Change</b>.</p>") + + + // help text for pwdCheckQuality attribute + _("<p>Select whether the password quality should be verified while passwords are modified or added. Select <b>No Checking</b> if passwords should not be evaluated. With <b>Accept Uncheckable Passwords</b>, passwords are accepted even if the check cannot be performed, for example, if the user provides an encrypted password. With <b>Only Accept Checked Passwords</b> passwords are refused if the quality test fails or the password cannot be checked.</p>") + + + // help text for pwdMinLength attribute + _("Set the minimum number of characters that must be used in a password in <b>Minimum Password Length</b>.</p>"), + + // help text for pwdMinAge attribute + `aging : _("<p><b>Minimum Password Age</b> sets how much time must pass between modifications to the password.</p>") + + + // help text for pwdMaxAge attribute + _("<p><b>Maximum Password Age</b> sets how long after modification a password expires.</p>") + + + // help text for pwdExpireWarning attribute + _("<p>In <b>Time before Password Expiration to Issue Warning</b> specify how long\nbefore expiration an authenticating user should be warned.</p>") + + + // help text for pwdGraceAuthNLimit attribute + _("<p>Set the number of times an expired password can be used to authenticate in <b>Allowed Uses of an Expired Password</b>.</p>"), + + // help text for pwdLockout attribute + `lockout : _("<p>Check <b>Enable Password Locking</b> to forbid use of a password after a specified number of consecutive failed bind attempts.</p>") + + + // help text for pwdMaxFailure attribute + _("<p>Set the number of consecutive failed bind attempts after which the password may not be used to authenticate in <b>Bind Failures to Lock the Password</b>.</p>") + + + // help text for pwdLockoutDuration attribute + _("<p>Set for how long the password cannot be used in <b>Password Lock Duration</b>.</p>") + + + // help text for pwdFailureCountInterval attribute + _("<p><b>Bind Failures Cache Duration</b> specifies the time after which password failures are purged from the failure counter even if no successful authentication has occurred.</p>"), + ]; + + // map of attribute names for each tab + map attributes = $[ + `pwchange : [ + "pwdInHistory", "pwdMustChange", "pwdAllowUserChange", + "pwdSafeModify", "pwdCheckQuality", "pwdMinLength" + ], + `aging : [ + "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdGraceAuthNLimit" + ], + `lockout : [ + "pwdLockout", "pwdLockoutDuration", "pwdMaxFailure", + "pwdFailureCountInterval" + ], + ]; + + list time_attributes = [ + "pwdMinAge", "pwdMaxAge", "pwdExpireWarning", "pwdLockoutDuration", + "pwdFailureCountInterval" + ]; + + map default_values = $[ + "pwdMustChange" : false, + "pwdAllowUserChange" : true, + "pwdSafeModify" : false, + "pwdLockout" : false, + ]; + + // maximal value of IntFields + integer max = 99999; + + list<term> tabs = [ + // tab label + `item(`id(`pwchange), _("&Password Change Policies"), true), + // tab label + `item(`id(`aging), _("Pa&ssword Aging Policies")), + // tab label + `item(`id(`lockout), _("&Lockout Policies")), + ]; + term tabs_term = `VBox ( + `DumbTab (`id(`tabs), tabs, + `ReplacePoint(`id(`tabContents ), `VBox (`Empty ()))) + ); + boolean has_tabs = true; + if (!UI::HasSpecialWidget (`DumbTab)) + { + has_tabs = false; + term tabbar = `HBox (); + foreach (term it, tabs, { + string label = it[1]:""; + tabbar = add (tabbar,`PushButton (it[0]:`id(label), label)); + }); + tabs_term = `VBox (`Left(tabbar), + `Frame ("", `ReplacePoint(`id(`tabContents), `Empty ())) + ); + } + + term contents = tabs_term; + + // generate the term of password policy tab and update the help text + void set_password_policies_term () { + integer pwdcheckquality = tointeger (ppolicy["pwdCheckQuality"]:"0"); + term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( + `VSpacing (0.8), + `IntField (`id ("pwdInHistory"), + // IntField label + _("Ma&ximum Number of Passwords Stored in History"), + 0, max, tointeger (ppolicy["pwdInHistory"]:"0")), + `VSpacing (0.4), + `Left (`CheckBox (`id ("pwdMustChange"), + // checkbox label + _("U&ser Must Change Password after Reset"), + ppolicy["pwdMustChange"]:true)), + `VSpacing (0.2), + `Left (`CheckBox (`id ("pwdAllowUserChange"), + // checkbox label + _("&User Can Change Password"), + ppolicy["pwdAllowUserChange"]:true)), + `VSpacing (0.2), + `Left (`CheckBox (`id ("pwdSafeModify"), + // checkbox label + _("&Old Password Required for Password Change"), + ppolicy["pwdSafeModify"]:false)), + `VSpacing (0.4), + // frame label + `HBox (`HSpacing (2), `Frame (_("Password Quality Checking"), `VBox( + `VSpacing (0.5), + `RadioButtonGroup (`id("pwdCheckQuality"), `VBox ( + `Left (`RadioButton (`id(0), `opt (`notify), + _("&No Checking"), pwdcheckquality == 0)), + `Left (`RadioButton(`id(1), `opt (`notify), + _("Acc&ept Uncheckable Passwords"), + pwdcheckquality == 1)), + `Left (`RadioButton(`id(2), `opt (`notify), + _("&Only Accept Checked Passwords"), + pwdcheckquality == 2)) + )), + `VSpacing (0.4), + // IntField label + `IntField (`id ("pwdMinLength"), _("&Minimum Password Length"), + 0, max, tointeger (ppolicy["pwdMinLength"]:"0")) + ))) + ), `HSpacing (0.5))); + + UI::ReplaceWidget (`tabContents, tab_cont); + UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, pwdcheckquality > 0); + return; + } + + term time_dialog (string id, string label) { + + integer value = tointeger (ppolicy[id]:"0"); + integer days = value / (24*60*60); + if (days > 0) value = value - (days * 24*60*60); + integer hours = value / (60*60); + if (hours > 0) value = value - (hours * 60*60); + integer minutes = value / 60; + if (minutes > 0) value = value - (minutes * 60); + return `HBox (`HSpacing (0.3), `Frame (label, `HBox ( + `IntField (`id (id + "d"), _("Days"), 0, max, days), + `IntField (`id (id + "h"), _("Hours"), 0, 23, hours), + `IntField (`id (id + "m"), _("Minutes"), 0, 59, minutes), + `IntField (`id (id + "s"), _("Seconds"), 0, 59, value) + )), `HSpacing (0.3)); + } + + integer get_seconds_value (string attr) { + + integer days = (integer) UI::QueryWidget (`id (attr + "d"), `Value); + integer hours = (integer) UI::QueryWidget (`id (attr + "h"), `Value); + integer minutes = (integer) UI::QueryWidget (`id (attr + "m"), `Value); + integer seconds = (integer) UI::QueryWidget (`id (attr + "s"), `Value); + return (days * 24*60*60) + (hours * 60*60) + (minutes *60) + seconds; + } + + // generate the term of password aging tab + void set_aging_policies_term () { + + term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( + `VSpacing (0.7), + // frame label + time_dialog ("pwdMinAge", _("Minimum Password Age")), + `VSpacing (0.4), + // frame label + time_dialog ("pwdMaxAge", _("Maximum Password Age")), + `VSpacing (0.4), + time_dialog ("pwdExpireWarning", + // frame label + _("Time before Password Expiration to Issue Warning")), + `VSpacing (0.2), + `IntField (`id ("pwdGraceAuthNLimit"), + // IntField label + _("Allowed Use of an Expired Password"), 0, max, + tointeger (ppolicy["pwdGraceAuthNLimit"]:"0") + ) + ), `HSpacing (0.5))); + UI::ReplaceWidget (`tabContents, tab_cont); + return; + } + + // generate the term of lockout aging tab + void set_lockout_policies_term () { + + boolean pwdlockout = ppolicy["pwdLockout"]:false; + + term tab_cont = `Top (`HBox (`HSpacing (0.5), `VBox ( + `VSpacing (0.8), + `Left (`CheckBox (`id ("pwdLockout"), `opt (`notify), + // check box label + _("Enable Password Locking"), + pwdlockout)), + `VSpacing (0.4), + `IntField (`id ("pwdMaxFailure"), + // intField label + _("Bind Failures to Lock the Password"), + 0, max, tointeger (ppolicy["pwdMaxFailure"]:"0")), + // frame label + time_dialog ("pwdLockoutDuration", _("Password Lock Duration")), + `VSpacing (0.4), + time_dialog ("pwdFailureCountInterval", + // frame label + _("Bind Failures Cache Duration")) + ), `HSpacing (0.5))); + + UI::ReplaceWidget (`tabContents, tab_cont); + UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout); + foreach (string suffix, [ "d", "h", "m", "s" ], { + UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix), + `Enabled, pwdlockout); + UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix), + `Enabled, pwdlockout); + }); + return; + } + + symbol current_tab = `pwchange; + any result = nil; + + Wizard::OpenNextBackDialog (); + + // dialog label + Wizard::SetContentsButtons (_("Password Policy Configuration"), contents, + help_text + tabs_help_text[current_tab]:"", + Label::CancelButton(), Label::OKButton()); + Wizard::HideAbortButton(); + + set_password_policies_term (); + + while (true) + { + result = UI::UserInput (); + + if (is(result,symbol) && + contains ([`back, `cancel, `abort], (symbol)result)) + break; + + // save the values from UI + foreach (string attr, attributes[current_tab]:[], { + if (contains (time_attributes, attr)) + { + ppolicy[attr] = sformat ("%1", get_seconds_value (attr)); + return; + } + any val = UI::QueryWidget (`id (attr), `Value); + if (is (val, integer)) + val = sformat ("%1", val); + ppolicy[attr] = val; + }); + + if ((result == `pwchange || result == `aging || result == `lockout) && + result!= current_tab) + { + if (result == `pwchange) + set_password_policies_term (); + else if (result == `aging) + set_aging_policies_term (); + else if (result == `lockout) + set_lockout_policies_term (); + current_tab = (symbol) result; + if (has_tabs) + UI::ChangeWidget (`id (`tabs), `CurrentItem, current_tab); + Wizard::SetHelpText (help_text + tabs_help_text[current_tab]:""); + continue; + } + if (result == `next) + { + boolean cont = false; + + // check the template required attributes... + foreach (string oc, ppolicy["objectClass"]:[], ``{ + if (cont) return; + foreach (string attr, Ldap::GetRequiredAttributes (oc), ``{ + any val = ppolicy[attr]:nil; + if (!cont && val == nil || val == [] || val == "") { + //error popup, %1 is attribute name + Popup::Error (sformat (_("The \"%1\" attribute is mandatory. +Enter a value."), attr)); + UI::SetFocus (`id(`table)); + cont = true; + } + }); + }); + if (cont) continue; + break; + } + // now solve events inside the tabs + if (current_tab == `pwchange && is (result, integer)) + { + UI::ChangeWidget (`id ("pwdMinLength"), `Enabled, result != 0); + } + if (current_tab == `lockout && result == "pwdLockout") + { + boolean pwdlockout = (boolean) UI::QueryWidget (`id ("pwdLockout"), `Value); + UI::ChangeWidget (`id ("pwdMaxFailure"), `Enabled, pwdlockout); + foreach (string suffix, [ "d", "h", "m", "s" ], { + UI::ChangeWidget (`id ("pwdFailureCountInterval" + suffix), + `Enabled, pwdlockout); + UI::ChangeWidget (`id ("pwdLockoutDuration" + suffix), + `Enabled, pwdlockout); + }); + } + } + Wizard::CloseDialog (); + + map<string,any> ret = $[]; + if (result == `next) + { + foreach (string key, any val, (map<string,any>) ppolicy, { + if (!haskey (ppolicy_orig, key) && + (val == default_values[key]:nil || val == "0")) + return; + if (val != ppolicy_orig[key]:nil) + { + if (is (val, boolean)) + val = (val == true) ? "TRUE" : "FALSE"; + ret[key] = val; + } + }); + } + return (result == `next) ? ret : nil; +} + + } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org
participants (1)
-
jsuchome@svn2.opensuse.org