Mailinglist Archive: yast-commit (195 mails)

< Previous Next >
[yast-commit] r63611 - in /branches/SuSE-Code-11-SP2-Branch/ldap-client: src/Ldap.ycp src/ui.ycp testsuite/tests/Export.out testsuite/tests/Export.ycp testsuite/tests/Read.out testsuite/tests/Read.ycp
Author: jsuchome
Date: Fri Mar 18 17:09:18 2011
New Revision: 63611

URL: http://svn.opensuse.org/viewcvs/yast?rev=63611&view=rev
Log:
if sssd is active, ask for basic Kerberos settings (fate#308902)


Modified:
branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp
branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp
branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out
branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp
branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out
branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp?rev=63611&r1=63610&r2=63611&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/Ldap.ycp Fri Mar 18
17:09:18 2011
@@ -324,6 +324,12 @@
// enable/disable offline authentication ('cache_credentials' key)
global boolean sssd_cache_credentials = false;

+ // Kerberos default realm (for sssd)
+ global string krb5_realm = "";
+
+ // adress of KDC (key distribution centre) server for default realm
+ global string krb5_kdcip = "";
+
//----------------------------------------------------------------

/**
@@ -450,6 +456,8 @@
tls_checkpeer = settings ["tls_checkpeer"]:"yes";
mkhomedir = settings ["mkhomedir"]:mkhomedir;
sssd = settings ["sssd"]:sssd;
+ krb5_realm = settings ["krb5_realm"]:krb5_realm;
+ krb5_kdcip = settings ["krb5_kdcip"]:krb5_kdcip;
if (_start_autofs)
required_packages = (list<string>) union (required_packages,
["autofs"]);

@@ -492,7 +500,7 @@
"create_ldap" : create_ldap,
"login_enabled" : login_enabled,
"mkhomedir" : mkhomedir,
- "sssd" : sssd
+ "sssd" : sssd,
];
if (tls_checkpeer != "yes")
e["tls_checkpeer"] = tls_checkpeer;
@@ -508,6 +516,10 @@
e["nss_base_group"] = nss_base_group;
if (_autofs_allowed)
e["start_autofs"] = _start_autofs;
+ if (krb5_realm != "")
+ e["krb5_realm"] = krb5_realm;
+ if (krb5_kdcip != "")
+ e["krb5_kdcip"] = krb5_kdcip;
return e;
}

@@ -578,6 +590,26 @@
/* ------------- read/write functions ------------------------------- */

/**
+ * For sssd, some kerberos values are needed
+ */
+ global boolean ReadKrb5Conf ()
+ {
+
+ list<string> realm = (list<string>) SCR::Read
(.etc.krb5_conf.v.libdefaults.default_realm);
+ if (realm == nil)
+ realm = [];
+ krb5_realm = realm[0]:"";
+
+ list<string> kdcs = (list<string>) SCR::Read (add (add
(.etc.krb5_conf.v, krb5_realm), "kdc"));
+ if (kdcs == nil)
+ kdcs = [];
+ krb5_kdcip = mergestring (kdcs, " ");
+
+ return true;
+ }
+
+
+ /**
* Read single entry from /etc/ldap.conf file
* @param entry entry name
* @param defvalue default value if entry is not present
@@ -879,6 +911,21 @@

Autologin::Read ();

+ if (true || Pam::Enabled("krb5"))
+ {
+ ReadKrb5Conf ();
+ }
+ if (FileUtils::Exists ("/etc/sssd/sssd.conf"))
+ {
+ // read realm and kdc from sssd.conf if available
+ path domain = add (.etc.sssd_conf.v, "domain/default");
+ string realm = (string) SCR::Read (add (domain,
"krb5_realm"));
+ if (realm != nil)
+ krb5_realm = realm;
+ string kdc = (string) SCR::Read (add (domain,
"krb5_kdcip"));
+ if (kdc != nil)
+ krb5_kdcip = kdc;
+ }

// Now check if previous configuration of LDAP server didn't proposed
// some better values:
@@ -2074,31 +2121,13 @@
}

// In a mixed Kerberos/LDAP setup the following changes are needed in
the [domain/default] section:
- if (Pam::Enabled("krb5"))
+ if (krb5_realm != "" && krb5_kdcip != "")
{
-// FIXME: do not test for pam, it may be already off...
SCR::Write (add (domain, "auth_provider"), "krb5");
SCR::Write (add (domain, "chpass_provider"), "krb5");
- /*
- FIXME how to read krb settings:
- a) use agent directly (moved out from yast2-kerberos-client)
- b) use Read + Export of Kerberos.ycp
-
- * Set "krb5_kdcip" to the hostname of the kerberos kdc
- * Set "krb5_realm" to kerberos realm
- */
- if (Package::Installed ("yast2-kerberos-client"))
- {
- WFM::CallFunction ("kerberos-client_auto", ["Read"]);
- any e = WFM::CallFunction ("kerberos-client_auto",["Export"]);
- if (is (e,map) && e != $[])
- {
- map kerberos = (map) e;
- SCR::Write (add (domain, "krb5_realm"),
kerberos["kerberos_client","default_realm"]:nil);
- SCR::Write (add (domain, "krb5_kdcip"),
kerberos["kerberos_client","kdc_server"]:nil);
- }
- }

+ SCR::Write (add (domain, "krb5_realm"), krb5_realm);
+ SCR::Write (add (domain, "krb5_kdcip"), krb5_kdcip);
}
else
{

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp?rev=63611&r1=63610&r2=63611&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/src/ui.ycp Fri Mar 18 17:09:18
2011
@@ -713,6 +713,8 @@
string tls_cacertdir = Ldap::tls_cacertdir;
string tls_cacertfile = Ldap::tls_cacertfile;
boolean sssd = Ldap::sssd;
+ string krb5_realm = Ldap::krb5_realm;
+ string krb5_kdcip = Ldap::krb5_kdcip;

list<term>member_attributes = [
`item (`id("member"), "member", member_attribute == "member"),
@@ -831,12 +833,8 @@
);
}

- define void set_client_term () {
-
- term cont = `Top (`HBox(`HSpacing (5), `VBox(
- `VSpacing(0.4),
- `Left (`CheckBox (`id (`sssd), `opt (`notify), _("Use S&ystem
Security Services Daemon (SSSD)"), sssd)),
- `VSpacing(0.4),
+ term get_frame_nss () {
+ return
// frame label
`Frame (_("Naming Contexts"), `HBox(
`HSpacing (1), `VBox(
@@ -874,7 +872,28 @@
`VSpacing(0.4)
),
`HSpacing (1)
- )),
+ ));
+ }
+
+ term get_frame_krb () {
+ return
+ // frame label
+ `Frame (_("Basic Kerberos Settings"), `HBox (`HSpacing (1), `VBox (
+ // textentry label
+ `TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm),
+ // textentry label
+ `TextEntry (`id (`krb5_kdcip), _("&KDC Server Address"),
krb5_kdcip),
+ `VSpacing (0.4)
+ ), `HSpacing (1)));
+ }
+
+ define void set_client_term () {
+
+ term cont = `Top (`HBox(`HSpacing (5), `VBox(
+ `VSpacing(0.4),
+ `Left (`CheckBox (`id (`sssd), `opt (`notify), _("Use S&ystem
Security Services Daemon (SSSD)"), sssd)),
+ `VSpacing(0.4),
+ `ReplacePoint (`id (`rp_frame), `VBox (sssd ? get_frame_krb () :
get_frame_nss ())),
`VSpacing (0.4),
`ComboBox (`id (`pam_password), `opt(`notify,`hstretch,`editable),
// combobox label
@@ -913,10 +932,6 @@
UI::ReplaceWidget (`tabContents, cont);
if (has_tabs)
UI::ChangeWidget (`id (`tabs), `CurrentItem, `client);
-
- foreach (symbol ui, [ `nss_base_passwd, `nss_base_group,
`nss_base_shadow, `br_passwd, `br_shadow, `br_group ], {
- UI::ChangeWidget (`id (ui), `Enabled, UI::QueryWidget (`id (`sssd),
`Value) == false);
- });
}

define void set_admin_term () {
@@ -1012,12 +1027,23 @@
if (current == `client)
{
member_attribute =(string)UI::QueryWidget(`id(`group_style),`Value);
- nss_base_passwd = (string)
- UI::QueryWidget(`id(`nss_base_passwd),`Value);
- nss_base_shadow = (string)
- UI::QueryWidget(`id(`nss_base_shadow),`Value);
- nss_base_group = (string)
- UI::QueryWidget(`id(`nss_base_group),`Value);
+
+ if (sssd)
+ {
+ krb5_realm = (string)
+ UI::QueryWidget (`id (`krb5_realm), `Value);
+ krb5_kdcip = (string)
+ UI::QueryWidget (`id (`krb5_kdcip), `Value);
+ }
+ else
+ {
+ nss_base_passwd = (string)
+ UI::QueryWidget(`id(`nss_base_passwd),`Value);
+ nss_base_shadow = (string)
+ UI::QueryWidget(`id(`nss_base_shadow),`Value);
+ nss_base_group = (string)
+ UI::QueryWidget(`id(`nss_base_group),`Value);
+ }
pam_password = (string) UI::QueryWidget(`id(`pam_password), `Value);

tls_cacertfile = (string)
UI::QueryWidget(`id(`tls_cacertfile), `Value);
@@ -1077,9 +1103,7 @@
if (result == `sssd)
{
sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value);
- foreach (symbol ui, [ `nss_base_passwd, `nss_base_group,
`nss_base_shadow, `br_passwd, `br_shadow, `br_group ], {
- UI::ChangeWidget (`id (ui), `Enabled, !sssd);
- });
+ UI::ReplaceWidget (`id (`rp_frame), sssd ? get_frame_krb () :
get_frame_nss ());
}
if (result == `br_tls_cacertdir)
{
@@ -1268,7 +1292,9 @@
Ldap::ldap_v2 != ldap_v2 ||
Ldap::tls_cacertdir != tls_cacertdir ||
Ldap::tls_cacertfile != tls_cacertfile ||
- Ldap::sssd != sssd
+ Ldap::sssd != sssd ||
+ Ldap::krb5_realm != krb5_realm ||
+ Ldap::krb5_kdcip != krb5_kdcip
)
{
Ldap::bind_dn = bind_dn;
@@ -1284,6 +1310,8 @@
Ldap::tls_cacertdir = tls_cacertdir;
Ldap::tls_cacertfile = tls_cacertfile;
Ldap::sssd = sssd;
+ Ldap::krb5_realm = krb5_realm;
+ Ldap::krb5_kdcip = krb5_kdcip;
Ldap::modified = true;
}
break;

Modified:
branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out?rev=63611&r1=63610&r2=63611&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out
(original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.out Fri
Mar 18 17:09:18 2011
@@ -17,6 +17,8 @@
Read .etc.ldap_conf.v."/etc/ldap.conf"."nss_map_attribute" 0
Execute .passwd.init $["base_directory":"/etc"] true
Read .passwd.passwd.pluslines ["+"]
+Read .etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"]
+Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"]
Return true
Dump ============================================
-Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz",
"create_ldap":false, "file_server":false, "ldap_domain":"dc=suse,dc=cz",
"ldap_server":"localhost", "ldap_tls":false, "ldap_v2":false,
"login_enabled":true, "member_attribute":"member", "mkhomedir":true,
"nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt",
"sssd":false, "start_autofs":false, "start_ldap":true,
"tls_cacertdir":"/etc/openldap/cacerts/"]
+Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz",
"create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz",
"krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz",
"ldap_server":"localhost", "ldap_tls":false, "ldap_v2":false,
"login_enabled":true, "member_attribute":"member", "mkhomedir":true,
"nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt",
"sssd":false, "start_autofs":false, "start_ldap":true,
"tls_cacertdir":"/etc/openldap/cacerts/"]

Modified:
branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp?rev=63611&r1=63610&r2=63611&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp
(original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Export.ycp Fri
Mar 18 17:09:18 2011
@@ -36,6 +36,16 @@
]
]
],
+ "krb5_conf" : $[
+ "v" : $[
+ "libdefaults": $[
+ "default_realm": ["SUSE.CZ"],
+ ],
+ "SUSE.CZ": $[
+ "kdc": ["kdc.suse.cz"],
+ ],
+ ],
+ ],
// /etc/security/pam_*
"security": $[
"section": $[

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out?rev=63611&r1=63610&r2=63611&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out
(original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.out Fri
Mar 18 17:09:18 2011
@@ -16,6 +16,8 @@
Read .etc.ldap_conf.v."/etc/ldap.conf"."nss_map_attribute" 0
Execute .passwd.init $["base_directory":"/etc"] true
Read .passwd.passwd.pluslines ["+"]
+Read .etc.krb5_conf.v.libdefaults.default_realm ["SUSE.CZ"]
+Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"]
Return true
Dump ============================================
Dump ldap used: -true-

Modified: branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp?rev=63611&r1=63610&r2=63611&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp
(original)
+++ branches/SuSE-Code-11-SP2-Branch/ldap-client/testsuite/tests/Read.ycp Fri
Mar 18 17:09:18 2011
@@ -36,6 +36,16 @@
]
]
],
+ "krb5_conf" : $[
+ "v" : $[
+ "libdefaults": $[
+ "default_realm": ["SUSE.CZ"],
+ ],
+ "SUSE.CZ": $[
+ "kdc": ["kdc.suse.cz"],
+ ],
+ ],
+ ],
// /etc/security/pam_*
"security": $[
"section": $[

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages