diff --git a/README.md b/README.md index 95ace483c..5363ee734 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ https://github.com/yast/yast-users/actions?query=branch%3Amaster) [![Jenkins Status](https://ci.opensuse.org/buildStatus/icon?job=yast-yast-users-master)]( https://ci.opensuse.org/view/Yast/job/yast-yast-users-master/) -This module allows to use YaST to manage local and LDAP users and groups. It also makes possible to +This module allows to use YaST to manage local users and groups. It also makes possible to configure some aspects of the system related to user management and authentication. For a partial description of what this module can do, check [the use-cases document](doc/use-cases.md). For an overview on how all the authentication-related YaST modules fit together, check diff --git a/doc/auth-modules.md b/doc/auth-modules.md index 9c703a206..a29327367 100644 --- a/doc/auth-modules.md +++ b/doc/auth-modules.md @@ -13,24 +13,16 @@ As explained in the [detailed document](./use-cases.md), the YaST Users module c `/etc/passwd`, `/etc/groups`, etc. * List users and groups from the NIS databases known to the system, with the possibility of defining additional membership to groups. - * List, add, modify and delete users and groups from an LDAP directory. The settings to access - the LDAP server are read from `/etc/openldap/ldap.conf`. + * ~~List, add, modify and delete users and groups from an LDAP directory. The settings to access + the LDAP server are read from `/etc/openldap/ldap.conf`.~~ The yast2-users package also offers a plugins system that allows to define properties for each type of user and group. Each plugin can then define how those properties are represented in the user interface and how they are stored in the system. -The package yast2-users itself offers the following plugins to configure LDAP users and groups: - - * LDAPAll: allows to manage the value of several attributes of the LDAP object representing a - given user (eg. *departmentOf*, *description*, *gecos*, *jpegPhoto*) or group (eg. - *businessCategory*, *description*, *memberOf*, *owner*). - * Kerberos: makes it possible to add, delete and edit Kerberos principals associated to a user. - * LDAPShadowAccount: enables to edit the following attributes of the LDAP object representing - a given user - *shadowInactive*, *shadowExpire*, *shadowLastChange*, *shadowMin*, *shadowMax*, - *shadowWarning* and *shadowFlag*. - * LDAPPasswordPolicy: allows to define the password policy applied to a user and the value of the - corresponding *pwdAccountLockedTime* attribute. +The package yast2-users itself used to offer the following plugins to configure +LDAP users and groups, but they were removed in yast2-users 4.5.3. See +https://github.com/yast/yast-users/pull/366. Additionally, the following plugin is available for local users: diff --git a/doc/plugins-system.md b/doc/plugins-system.md index 3311ab901..ad90ca702 100644 --- a/doc/plugins-system.md +++ b/doc/plugins-system.md @@ -12,7 +12,7 @@ In *yast2-users*, the forms for creating or editing users and groups contain a * A *yast2-users* plugin is a module file deployed at *yast2dir/modules* directory and whose name begins with *UsersPlugin*. For example, *yast2-samba-server* provides *yast2dir/modules/UsersPluginSamba.pm* and *yast2dir/modules/UsersPluginSambaGroups.pm* plugins. In essence, *yast2-users* will search for all *UsersPlugin\** modules and will list them in the *Plug-Ins* tab. -A plugin module is expected to provide an *Interface* method. That method returns a list of method names that can be sent to the module. For example, a module usually exposes methods like *GUIClient*, *Name*, *Summary*, *Restriction*, *InternalAttributes*, etc. *yast2-users* uses these methods to get information from the plugins or to execute some actions. For example, the methods *Name* and *Summary* are used to get the name and description of the plugins, and that information is then used in the table containing the list of available plugins. The *GUIClient* method returns a client name. Such a client is executed when a method is launched in the *Plug-Ins* tab. The client usually shows a dialog with extra attributes for the user or group. The *Restrictions* method returns a hash with the restrictions for the plugin. For example, `{"ldap => 1", "users" => 1}` means that the plugin can be used only for LDAP users, so it will not be listed when editing a group or a no LDAP user. +A plugin module is expected to provide an *Interface* method. That method returns a list of method names that can be sent to the module. For example, a module usually exposes methods like *GUIClient*, *Name*, *Summary*, *Restriction*, *InternalAttributes*, etc. *yast2-users* uses these methods to get information from the plugins or to execute some actions. For example, the methods *Name* and *Summary* are used to get the name and description of the plugins, and that information is then used in the table containing the list of available plugins. The *GUIClient* method returns a client name. Such a client is executed when a method is launched in the *Plug-Ins* tab. The client usually shows a dialog with extra attributes for the user or group. The *Restrictions* method returns a hash with the restrictions for the plugin. A plugin usually provides more methods like *Check*, *Add*, *AddBefore*, etc. @@ -22,10 +22,10 @@ Currently there are only two YasT modules that implement plugins for *yast2-user * *yast-samba-server/src/modules/UsersPluginSamba.pm* * *yast-samba-server/src/modules/UsersPluginSambaGroups.pm* -* *yast-users/src/modules/UsersPluginLDAPShadowAccount.pm* -* *yast-users/src/modules/UsersPluginLDAPPasswordPolicy.pm* +* *~~yast-users/src/modules/UsersPluginLDAPShadowAccount.pm~~* Dropped at https://github.com/yast/yast-users/pull/366 +* *~~yast-users/src/modules/UsersPluginLDAPPasswordPolicy.pm~~* Dropped at https://github.com/yast/yast-users/pull/366 * *yast-users/src/modules/UsersPluginQuota.pm* -* *yast-users/src/modules/UsersPluginKerberos.pm* -* *yast-users/src/modules/UsersPluginLDAPAll.pm* +* *~~yast-users/src/modules/UsersPluginKerberos.pm~~* Dropped at https://github.com/yast/yast-users/pull/366 +* *~~yast-users/src/modules/UsersPluginLDAPAll.pm~~* Dropped at https://github.com/yast/yast-users/pull/366 All these plugins are written in Perl code, but they should be perfectly loaded in Ruby code thanks to [*YCP::Import*](https://github.com/yast/yast-core/blob/master/libycp/src/include/ycp/Import.h). This would allow to rewrite some dialogs in Ruby code but still calling the existing plugins. Only note that plugins expect an user or group to be represented as a hash structure. Some glue code will be needed in order to convert an user/group object to a hash and the other way around. diff --git a/doc/use-cases.md b/doc/use-cases.md index 0257fcdda..7249fb773 100644 --- a/doc/use-cases.md +++ b/doc/use-cases.md @@ -19,12 +19,12 @@ The *Users* and *Groups* tabs contain an *Expert Options* menu button. Let's sta * Normal local users (1000 <= UID <= 60000) * System local users (100 <= UID <= 499) * NIS users - * LDAP users + * ~~LDAP users~~ Dropped at https://github.com/yast/yast-users/pull/366 * A filter allows to select the type of users to display: * Normal users only * System users only * NIS users only (visible only if the system is configured to get users via NIS) - * LDAP users only (may ask for LDAP authentication if not provided before) + * ~~LDAP users only (may ask for LDAP authentication if not provided before)~~ Dropped at https://github.com/yast/yast-users/pull/366 * Or several types at the same time (custom search) * Allows to add, edit and delete users @@ -32,11 +32,6 @@ The *Users* and *Groups* tabs contain an *Expert Options* menu button. Let's sta Note: normal users have UID in the range 1000 - 60000, and system users are in the range 100 - 499. These values are configured in */etc/login.defs*. -Obviously, to manage LDAP users and groups is necessary to connect to an LDAP directory. The -settings for such connection are read from */etc/openldap/ldap.conf*. On the first access to the -LDAP server (for example, when selecting "LDAP Users" in the mentioned filter) YaST asks for the -BindDN and password, allowing also to select "anonymous access" instead. - The forms for adding a new user or to edit an existing one depend on the type of user. When adding a new user, the type is chosen based on the current filter. For example, if the filter is set to "system users", then a system user would be added. In case the filter is customized to show several @@ -97,19 +92,9 @@ If a system is configured as a NIS server and as its own NIS client, then all th #### Managing LDAP users -The forms for adding and editing LDAP users contain fewer tabs than the equivalent ones for local -users because most of the LDAP properties are managed through plug-ins. The list of plug-ins varies -based on the installed YaST packages (eg. the plug-in to modify the Samba-related attributes of the -user is part of the yast2-samba-server package) and the configuration of the system (eg. the -Kerberos or Samba plug-ins are listed only if the system seems to be part of a Kerberos and/or Samba -infrastructure). - -![Add LDAP user](img/ldap_add1.png) - -![Add LDAP user](img/ldap_add2.png) - -![Add LDAP user](img/ldap_add3.png) - +**IMPORTANT:** this feature was removed in yast2-users 4.5.3. See +https://github.com/yast/yast-users/issues/364 and +https://github.com/yast/yast-users/pull/366 ### Tab "Groups" @@ -118,7 +103,7 @@ infrastructure). * Normal local groups * System local groups * NIS groups - * LDAP groups + * ~~LDAP groups~~ Dropped at https://github.com/yast/yast-users/pull/366 * A filter makes it possible to select the type of groups to display, with a mechanism equivalent to the one described for users * Allows to add, edit and delete groups @@ -175,18 +160,6 @@ There is an Expert Options select button with these options: * No way to see the encryption algorithm used for a user * Write changes now * Applies changes without closing the client -* LDAP search filter - * Allows more fine grained search for LDAP users or groups - * Allows to select attributes (e.g., objectClass, memberUid, etc) and a value for the attribute - * Observations: - * Looks like too complex, only for LDAP experts - * Seems to be misplaced because there is a filter button where to set criteria to filter users and groups. -* LDAP User and Group Configuration - * Allows to indicate whether to create a home directory in the machine for the LDAP users. - * Allows to configure Password Policies for LDAP - * Observations: - * Looks like too complex, only for LDAP experts - ## AutoYaST diff --git a/package/yast2-users.changes b/package/yast2-users.changes index c503974cb..8681ae2b4 100644 --- a/package/yast2-users.changes +++ b/package/yast2-users.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Aug 24 08:17:17 UTC 2022 - David Diaz + +- Remove LDAP support (gh#yast/yast-users#364) +- 4.5.3 + ------------------------------------------------------------------- Fri Aug 19 08:37:53 UTC 2022 - Josef Reidinger diff --git a/package/yast2-users.spec b/package/yast2-users.spec index 3724710d4..b2ffdf4f9 100644 --- a/package/yast2-users.spec +++ b/package/yast2-users.spec @@ -17,7 +17,7 @@ Name: yast2-users -Version: 4.5.2 +Version: 4.5.3 Release: 0 Summary: YaST2 - User and Group Configuration License: GPL-2.0-only @@ -55,9 +55,6 @@ Requires: yast2-security >= 4.4.1 # y2usernote, y2useritem Requires: yast2-perl-bindings >= 2.18.0 -# this forces using yast2-ldap with correct LDAP object names (fate#303596) -Requires: yast2-ldap >= 3.1.2 - # Y2Issues::WithIssues mixin Requires: yast2 >= 4.4.18 # cryptsha256, cryptsha516 diff --git a/src/Makefile.am b/src/Makefile.am index 99e2ae5c9..3771f4914 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -7,13 +7,8 @@ module_DATA = \ modules/UsersPluginQuota.pm \ modules/Users.pm \ modules/UsersPlugins.pm \ - modules/UsersPluginLDAPShadowAccount.pm \ - modules/UsersLDAP.pm \ modules/UsersSimple.pm \ modules/UsersCache.pm \ - modules/UsersPluginLDAPAll.pm \ - modules/UsersPluginLDAPPasswordPolicy.pm \ - modules/UsersPluginKerberos.pm \ modules/UsersPasswd.pm \ modules/Y2UsersLinux.rb @@ -29,9 +24,6 @@ client_DATA = \ clients/users_finish.rb \ clients/groups.rb \ clients/users_plugin_quota.rb \ - clients/users_plugin_ldap_all.rb \ - clients/users_plugin_ldap_shadowaccount.rb \ - clients/users_plugin_ldap_passwordpolicy.rb \ clients/users.rb \ clients/inst_root_first.rb \ clients/inst_user_first.rb \ @@ -46,7 +38,6 @@ yncludedir = @yncludedir@/users ynclude_DATA = \ include/users/widgets.rb \ include/users/wizards.rb \ - include/users/ldap_dialogs.rb \ include/users/dialogs.rb \ include/users/complex.rb \ include/users/routines.rb \ diff --git a/src/clients/groups.rb b/src/clients/groups.rb index 1c8d06f41..55f421dc4 100644 --- a/src/clients/groups.rb +++ b/src/clients/groups.rb @@ -145,11 +145,7 @@ def main "help" => _( "Add new group" ), - "options" => ["non_strict"], - # help text for unknown parameter name - "non_strict_help" => _( - "Additional (LDAP) group parameters" - ) + "options" => ["non_strict"] }, "edit" => { "handler" => fun_ref( @@ -160,11 +156,7 @@ def main "help" => _( "Edit an existing group" ), - "options" => ["non_strict"], - # help text for unknown parameter name - "non_strict_help" => _( - "Additional (LDAP) group parameters" - ) + "options" => ["non_strict"] } }, "options" => { @@ -180,12 +172,6 @@ def main "List of system groups" ) }, - "ldap" => { - # translators: command line help text for list ldap option - "help" => _( - "List of LDAP groups" - ) - }, "nis" => { # translators: command line help text for list nis option "help" => _( @@ -216,7 +202,7 @@ def main "userlist" => { # translators: command line help text for 'user' option "help" => _( - "List of group members, usually usernames, separated by commas. The list of LDAP user DNs must be separated by colons." + "List of group members, usually usernames, separated by commas." ), "type" => "string" }, @@ -241,13 +227,6 @@ def main ), "type" => "string" }, - "ldap_password" => { - # translators: command line help text for ldap_password option - "help" => _( - "Password for LDAP server" - ), - "type" => "string" - }, "batchmode" => { # translators: command line help text for batchmode option "help" => _( diff --git a/src/clients/users.rb b/src/clients/users.rb index 25f51cadc..252c4a046 100644 --- a/src/clients/users.rb +++ b/src/clients/users.rb @@ -39,7 +39,6 @@ def main Builtins.y2useritem("User and Group Management module started") Yast.import "CommandLine" - Yast.import "Ldap" Yast.import "Mode" Yast.import "Users" Yast.import "UsersCache" @@ -140,10 +139,6 @@ def main "Add new user" ), "options" => ["non_strict"], - # help text for unknown parameter name - "non_strict_help" => _( - "Additional (LDAP) user parameters" - ) }, "edit" => { "handler" => fun_ref( @@ -155,10 +150,6 @@ def main "Edit an existing user" ), "options" => ["non_strict"], - # help text for unknown parameter name - "non_strict_help" => _( - "Additional (LDAP) user parameters" - ) }, "delete" => { "handler" => fun_ref( @@ -184,12 +175,6 @@ def main "List of system users" ) }, - "ldap" => { - # translators: command line help text for list ldap option - "help" => _( - "List of LDAP users" - ) - }, "nis" => { # translators: command line help text for list nis option "help" => _( @@ -271,13 +256,6 @@ def main ), "type" => "string" }, - "ldap_password" => { - # translators: command line help text for ldap_password option - "help" => _( - "Password for LDAP server" - ), - "type" => "string" - }, "new_username" => { # translators: command line help text for new_username option "help" => _( diff --git a/src/clients/users_plugin_ldap_all.rb b/src/clients/users_plugin_ldap_all.rb deleted file mode 100644 index 422dbfef2..000000000 --- a/src/clients/users_plugin_ldap_all.rb +++ /dev/null @@ -1,360 +0,0 @@ -# encoding: utf-8 - -# ------------------------------------------------------------------------------ -# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ - -# File: -# include/users/users_plugin_ldap_all.ycp -# -# Package: -# Configuration of Users -# -# Summary: -# This is part GUI of UsersPluginLDAPAll - plugin for editing all LDAP -# user/group attributes. -# -# Authors: -# Jiri Suchomel -# -# $Id$ -module Yast - class UsersPluginLdapAllClient < Client - def main - Yast.import "UI" - textdomain "users" # use own textdomain for new plugins - - Yast.import "Label" - Yast.import "Popup" - Yast.import "Report" - Yast.import "Wizard" - - Yast.import "Ldap" - Yast.import "LdapPopup" - Yast.import "Users" - Yast.import "UsersLDAP" - Yast.import "UsersPluginLDAPAll" # plugin module - - @ret = nil - @func = "" - @config = {} - @data = {} - - # Check arguments - if Ops.greater_than(Builtins.size(WFM.Args), 0) && - Ops.is_string?(WFM.Args(0)) - @func = Convert.to_string(WFM.Args(0)) - if Ops.greater_than(Builtins.size(WFM.Args), 1) && - Ops.is_map?(WFM.Args(1)) - @config = Convert.convert( - WFM.Args(1), - :from => "any", - :to => "map " - ) - end - if Ops.greater_than(Builtins.size(WFM.Args), 2) && - Ops.is_map?(WFM.Args(2)) - @data = Convert.convert( - WFM.Args(2), - :from => "any", - :to => "map " - ) - end - end - Builtins.y2milestone("----------------------------------------") - Builtins.y2milestone("users plugin started: LDAPAll") - - Builtins.y2debug("func=%1", @func) - Builtins.y2debug("config=%1", @config) - Builtins.y2debug("data=%1", @data) - - if @func == "Summary" - @ret = UsersPluginLDAPAll.Summary(@config, {}) - elsif @func == "Name" - @ret = UsersPluginLDAPAll.Name(@config, {}) - elsif @func == "Dialog" - @caption = UsersPluginLDAPAll.Name(@config, {}) - @what = Ops.get_string(@config, "what", "user") - @action = Ops.get_string(@data, "what", "") - - @tmp_data = {} - @object_class = Convert.convert( - Builtins.sort(Ops.get_list(@data, "objectClass", [])), - :from => "list", - :to => "list " - ) - - # helptext 1/3 - @help_text = Ops.add( - Ops.add( - _( - "

\nHere, see the table of all allowed attributes for the current LDAP entry that were not set in previous dialogs.

" - ), - # helptext 1/3 (don't translate objectclass"), - # %1 is list of values - Builtins.sformat( - _( - "

\n" + - "The list of attributes is given by the value of \"objectClass\"\n" + - "(which is currently:\n" + - "
%1).\n" + - "

\n" - ), - Builtins.mergestring(@object_class, ",
") - ) - ), - # helptext 3/3 - _( - "

\n" + - "Edit each attribute using Edit. Some attributes \n" + - "could be required, as defined in the user template in the LDAP Client Module.

\n" - ) - ) - - @items = [] - @used_attributes = [] - @new_attributes = [] - @modified = false - - # which LDAP keys should not be edited here - # (either because they were edited before or it is to hard to edit - # them (objectclass, DN) - @do_not_show_keys = @what == "user" ? - [ - "uid", - "username", - "uidNumber", - "homeDirectory", - # "givenName", "sn", - "userPassword", - "objectClass", - "loginShell", - "gidNumber", - "shadowLastChange", - "shadowWarning", - "shadowInactive", - "shadowExpire", - "shadowMin", - "shadowMax", - "shadowFlag" - ] : - # and now for groups - [ - "groupname", - "gidNumber", - "userPassword", - "objectClass", - "userlist", - "cn", - Ldap.member_attribute - ] - - # keys in user's map which are not saved anywhere - @internal_keys = @what == "user" ? - UsersLDAP.GetUserInternal : - UsersLDAP.GetGroupInternal - # show only attributes allowed by schema - @allowed_attrs = Ldap.GetObjectAttributes(@object_class) - - # do not allow editing of binary values (perl converts them to string) - @binary_attrs = ["jpegPhoto", "userCertificate"] - - # generate table items from already existing values - Builtins.foreach(@data) do |attr, val| - next if Builtins.contains(@internal_keys, attr) - next if Builtins.contains(@do_not_show_keys, attr) - next if !Builtins.contains(@allowed_attrs, attr) - next if Ops.is_map?(val) || val == nil - value = [] - if Ops.is_list?(val) - value = Convert.convert(val, :from => "any", :to => "list ") - end - if Builtins.contains(@binary_attrs, attr) || Ops.is_byteblock?(val) || - Ops.is_list?(val) && Ops.is_byteblock?(Ops.get(value, 0)) - Builtins.y2warning("binary value (%1) cannot be edited", attr) - next - elsif Ops.is_integer?(val) - value = [Builtins.sformat("%1", val)] - Ops.set(@data, attr, value) - elsif Ops.is_string?(val) - value = [Convert.to_string(val)] - Ops.set(@data, attr, value) - end - @used_attributes = Builtins.add(@used_attributes, attr) - @items = Builtins.add( - @items, - Item(Id(attr), attr, Builtins.mergestring(value, ",")) - ) - end - - # generate table items with empty values - # (not set for this user/group yet) - # we need to read available attributes from Ldap - Builtins.foreach(@object_class) do |_class| - Builtins.foreach( - Convert.convert( - Ldap.GetAllAttributes(_class), - :from => "list", - :to => "list " - ) - ) do |at| - # remove already used (uid, uidnumber, homedirectory etc.) - if !Builtins.haskey(@data, at) && - !Builtins.contains(@do_not_show_keys, at) - Ops.set(@data, at, []) - @new_attributes = Builtins.add(@new_attributes, at) - @items = Builtins.add(@items, Item(Id(at), at, "")) - end - end - end - - @contents = HBox( - HSpacing(1.5), - VBox( - VSpacing(0.5), - Table( - Id(:table), - Opt(:notify), - Header( - # table header 1/2 - _("Attribute") + " ", - # table header 2/2 - _("Value") - ), - @items - ), - HBox( - PushButton(Id(:edit), Opt(:key_F4), Label.EditButton), - HStretch() - ), - VSpacing(0.5) - ), - HSpacing(1.5) - ) - - Wizard.CreateDialog - Wizard.SetDesktopIcon("org.opensuse.yast.Users") - - # dialog caption - Wizard.SetContentsButtons( - _("Additional LDAP Settings"), - @contents, - @help_text, - Label.CancelButton, - Label.OKButton - ) - - Wizard.HideAbortButton - - if Builtins.size(@items) == 0 - UI.ChangeWidget(Id(:edit), :Enabled, false) - end - - @ret = :next - UI.SetFocus(Id(:table)) - begin - @ret = UI.UserInput - if @ret == :edit || @ret == :table - @attr = Convert.to_string(UI.QueryWidget(Id(:table), :CurrentItem)) - @value = Ops.get_list( - @tmp_data, - @attr, - Ops.get_list(@data, @attr, []) - ) - @value = LdapPopup.EditAttribute( - { - "attr" => @attr, - "value" => @value, - "single" => Ldap.SingleValued(@attr) - } - ) - if @value == - Ops.get_list(@tmp_data, @attr, Ops.get_list(@data, @attr, [])) - @ret = :notnext - next - end - UI.ChangeWidget( - Id(:table), - term(:Item, @attr, 1), - Builtins.mergestring(@value, ",") - ) - Ops.set(@tmp_data, @attr, @value) - end - if @ret == :next - @err = UsersPluginLDAPAll.Check( - @config, - Convert.convert( - Builtins.union(@data, @tmp_data), - :from => "map", - :to => "map " - ) - ) - - if @err != "" - Report.Error(@err) - @ret = :notnext - next - end - - break if @tmp_data == {} - # if this plugin wasn't in default set, we must save its name - if !Builtins.contains( - Ops.get_list(@data, "plugins", []), - "UsersPluginLDAPAll" - ) - Ops.set( - @tmp_data, - "plugins", - Builtins.add( - Ops.get_list(@tmp_data, "plugins", []), - "UsersPluginLDAPAll" - ) - ) - end - if Ops.get_string(@data, "what", "") == "edit_user" - Users.EditUser(@tmp_data) - elsif Ops.get_string(@data, "what", "") == "add_user" - Users.AddUser(@tmp_data) - elsif Ops.get_string(@data, "what", "") == "edit_group" - Users.EditGroup(@tmp_data) - elsif Ops.get_string(@data, "what", "") == "add_group" - Users.AddGroup(@tmp_data) - end - end - end until Ops.is_symbol?(@ret) && - Builtins.contains( - [:next, :abort, :back, :cancel], - Convert.to_symbol(@ret) - ) - - Wizard.CloseDialog - else - Builtins.y2error("unknown function: %1", @func) - @ret = false - end - - Builtins.y2debug("ret=%1", @ret) - Builtins.y2milestone("users plugin finished") - Builtins.y2milestone("----------------------------------------") - - deep_copy(@ret) - end - end -end - -Yast::UsersPluginLdapAllClient.new.main diff --git a/src/clients/users_plugin_ldap_passwordpolicy.rb b/src/clients/users_plugin_ldap_passwordpolicy.rb deleted file mode 100644 index 4f26229da..000000000 --- a/src/clients/users_plugin_ldap_passwordpolicy.rb +++ /dev/null @@ -1,225 +0,0 @@ -# encoding: utf-8 - -# ------------------------------------------------------------------------------ -# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ - -# File: -# include/users/users_plugin_ldap_passwordpolicy.ycp -# -# Package: -# Configuration of Users -# -# Summary: -# This is GUI part of UsersPluginLDAPPasswordPolicy -# - plugin for editing LDAP user password policy (see feature 301179) -# -# Authors: -# Jiri Suchomel -# -# $Id$ -module Yast - class UsersPluginLdapPasswordpolicyClient < Client - def main - Yast.import "UI" - textdomain "users" - - Yast.import "Label" - Yast.import "LdapPopup" - Yast.import "Report" - Yast.import "Users" - Yast.import "UsersPluginLDAPPasswordPolicy" # plugin module - Yast.import "Wizard" - - @ret = nil - @func = "" - @config = {} - @data = {} - - # Check arguments - if Ops.greater_than(Builtins.size(WFM.Args), 0) && - Ops.is_string?(WFM.Args(0)) - @func = Convert.to_string(WFM.Args(0)) - if Ops.greater_than(Builtins.size(WFM.Args), 1) && - Ops.is_map?(WFM.Args(1)) - @config = Convert.convert( - WFM.Args(1), - :from => "any", - :to => "map " - ) - end - if Ops.greater_than(Builtins.size(WFM.Args), 2) && - Ops.is_map?(WFM.Args(2)) - @data = Convert.convert( - WFM.Args(2), - :from => "any", - :to => "map " - ) - end - end - Builtins.y2milestone("----------------------------------------") - Builtins.y2milestone("users plugin started: LDAPPasswordPolicy") - - Builtins.y2debug("func=%1", @func) - Builtins.y2debug("config=%1", @config) - Builtins.y2debug("data=%1", @data) - - if @func == "Summary" - @ret = UsersPluginLDAPPasswordPolicy.Summary(@config, {}) - elsif @func == "Name" - @ret = UsersPluginLDAPPasswordPolicy.Name(@config, {}) - elsif @func == "Dialog" - @caption = UsersPluginLDAPPasswordPolicy.Name(@config, {}) - @tmp_data = {} - - # helptext - @help_text = _( - "

Assign a password policy object to this user in DN of Password Policy object. Activate Reset Password to reset the password of modified user.

" - ) - - @pwdreset = Ops.get_string(@data, "pwdReset", "FALSE") == "TRUE" - @pwdpolicysubentry = Ops.get_string(@data, "pwdPolicySubentry", "") - @usedefault = @pwdpolicysubentry == "" - - @contents = HBox( - HSpacing(3), - VBox( - Left( - CheckBox( - Id(:usedefault), - Opt(:notify), - # check box label - _("Use &Default Password Policy"), - @usedefault - ) - ), - HBox( - # text entry label - TextEntry( - Id("pwdPolicySubentry"), - _("DN of &Password Policy object"), - @pwdpolicysubentry - ), - VBox(Label(""), PushButton(Id(:browse), Label.BrowseButton)) - ), - Left(CheckBox(Id("pwdReset"), _("&Reset Password"), @pwdreset)) - ), - HSpacing(3) - ) - - Wizard.CreateDialog - Wizard.SetDesktopIcon("org.opensuse.yast.Users") - - # dialog caption - Wizard.SetContentsButtons( - _("Password Policy Settings"), - @contents, - @help_text, - Label.CancelButton, - Label.OKButton - ) - - Wizard.HideAbortButton - if @usedefault - UI.ChangeWidget(Id(:browse), :Enabled, false) - UI.ChangeWidget(Id("pwdPolicySubentry"), :Enabled, false) - end - - @ret = :next - begin - @ret = UI.UserInput - if @ret == :browse - @dn = LdapPopup.BrowseTree("") - UI.ChangeWidget(Id("pwdPolicySubentry"), :Value, @dn) if @dn != "" - elsif @ret == :usedefault - @usedefault = Convert.to_boolean( - UI.QueryWidget(Id(:usedefault), :Value) - ) - UI.ChangeWidget(Id(:browse), :Enabled, !@usedefault) - UI.ChangeWidget(Id("pwdPolicySubentry"), :Enabled, !@usedefault) - elsif @ret == :next - @new_pwdpolicysubentry = "" - if !@usedefault - @new_pwdpolicysubentry = Convert.to_string( - UI.QueryWidget(Id("pwdPolicySubentry"), :Value) - ) - end - - if @new_pwdpolicysubentry != @pwdpolicysubentry - Ops.set(@tmp_data, "pwdPolicySubentry", @new_pwdpolicysubentry) - end - - @new_pwdreset = Convert.to_boolean( - UI.QueryWidget(Id("pwdReset"), :Value) - ) - if @new_pwdreset != @pwdreset - Ops.set(@tmp_data, "pwdReset", @new_pwdreset ? "TRUE" : "FALSE") - end - - break if @tmp_data == {} - - @err = UsersPluginLDAPPasswordPolicy.Check(@config, @tmp_data) - - if @err != "" - Report.Error(@err) - @ret = :notnext - next - end - - # if this plugin wasn't in default set, we must save its name - if !Builtins.contains( - Ops.get_list(@data, "plugins", []), - "UsersPluginLDAPPasswordPolicy" - ) - Ops.set( - @tmp_data, - "plugins", - Builtins.add( - Ops.get_list(@tmp_data, "plugins", []), - "UsersPluginLDAPPasswordPolicy" - ) - ) - end - if Ops.get_string(@data, "what", "") == "edit_user" - Users.EditUser(@tmp_data) - elsif Ops.get_string(@data, "what", "") == "add_user" - Users.AddUser(@tmp_data) - end - end - end until Ops.is_symbol?(@ret) && - Builtins.contains( - [:next, :abort, :back, :cancel], - Convert.to_symbol(@ret) - ) - - Wizard.CloseDialog - else - Builtins.y2error("unknown function: %1", @func) - @ret = false - end - - Builtins.y2debug("ret=%1", @ret) - Builtins.y2milestone("users plugin finished") - Builtins.y2milestone("----------------------------------------") - - deep_copy(@ret) - end - end -end - -Yast::UsersPluginLdapPasswordpolicyClient.new.main diff --git a/src/clients/users_plugin_ldap_shadowaccount.rb b/src/clients/users_plugin_ldap_shadowaccount.rb deleted file mode 100644 index 209adae04..000000000 --- a/src/clients/users_plugin_ldap_shadowaccount.rb +++ /dev/null @@ -1,333 +0,0 @@ -# encoding: utf-8 - -# ------------------------------------------------------------------------------ -# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ - -# File: -# include/users/users_plugin_ldap_shadowaccount.ycp -# -# Package: -# Configuration of Users -# -# Summary: -# This is GUI part of UsersPluginLDAPShadowAccount -# - plugin for editing ShadowAccount LDAP user attributes. -# -# Authors: -# Jiri Suchomel -# - -require "shellwords" - -module Yast - class UsersPluginLdapShadowaccountClient < Client - def main - Yast.import "UI" - textdomain "users" - - Yast.import "Label" - Yast.import "Popup" - Yast.import "Report" - Yast.import "Users" - Yast.import "UsersPluginLDAPShadowAccount" # plugin module - Yast.import "Wizard" - - Yast.include self, "users/helps.rb" - Yast.include self, "users/routines.rb" - - @ret = nil - @func = "" - @config = {} - @data = {} - - # Check arguments - if Ops.greater_than(Builtins.size(WFM.Args), 0) && - Ops.is_string?(WFM.Args(0)) - @func = Convert.to_string(WFM.Args(0)) - if Ops.greater_than(Builtins.size(WFM.Args), 1) && - Ops.is_map?(WFM.Args(1)) - @config = Convert.convert( - WFM.Args(1), - :from => "any", - :to => "map " - ) - end - if Ops.greater_than(Builtins.size(WFM.Args), 2) && - Ops.is_map?(WFM.Args(2)) - @data = Convert.convert( - WFM.Args(2), - :from => "any", - :to => "map " - ) - end - end - Builtins.y2milestone("----------------------------------------") - Builtins.y2milestone("users plugin started: LDAPShadowAccount") - - Builtins.y2debug("func=%1", @func) - Builtins.y2debug("config=%1", @config) - Builtins.y2debug("data=%1", @data) - - if @func == "Summary" - @ret = UsersPluginLDAPShadowAccount.Summary(@config, {}) - elsif @func == "Name" - @ret = UsersPluginLDAPShadowAccount.Name(@config, {}) - elsif @func == "Dialog" - @caption = UsersPluginLDAPShadowAccount.Name(@config, {}) - @tmp_data = {} - - @help_text = EditUserPasswordDialogHelp() - - # date of password expiration - @exp_date = "" - - @last_change = GetString(Ops.get(@data, "shadowLastChange"), "0") - @expires = GetString(Ops.get(@data, "shadowExpire"), "0") - @expires = "0" if @expires == "" - - @inact = GetInt(Ops.get(@data, "shadowInactive"), 0) - @max = GetInt(Ops.get(@data, "shadowMax"), 0) - @min = GetInt(Ops.get(@data, "shadowMin"), 0) - @warn = GetInt(Ops.get(@data, "shadowWarning"), 0) - - if @last_change != "0" - @out = Convert.to_map( - SCR.Execute( - path(".target.bash_output"), - Builtins.sformat( - "/usr/bin/date --date='1970-01-01 00:00:01 '%1' days' +\"%%x\"", - @last_change.to_s.shellescape - ) - ) - ) - # label (date of last password change) - @last_change = Ops.get_locale(@out, "stdout", _("Unknown")) - else - # label (date of last password change) - @last_change = _("Never") - end - if @expires != "0" && @expires != "-1" && @expires != "" - @out = SCR.Execute( - path(".target.bash_output"), - "/usr/bin/date --date='1970-01-01 00:00:01 '#{@expires.to_s.shellescape}' days' +\"%Y-%m-%d\"" - ) - # remove \n from the end - @exp_date = Builtins.deletechars( - Ops.get_string(@out, "stdout", ""), - "\n" - ) - end - @contents = HBox( - HSpacing(3), - VBox( - VStretch(), - Left(Label("")), - HSquash( - VBox( - Left( - Label( - Builtins.sformat( - # label - _("Last Password Change: %1"), - @last_change - ) - ) - ), - VSpacing(1), - IntField( - Id("shadowWarning"), - # intfield label - _("Days &before Password Expiration to Issue Warning"), - -1, - 99999, - @warn - ), - VSpacing(0.5), - IntField( - Id("shadowInactive"), - # intfield label - _("Days after Password Expires with Usable &Login"), - -1, - 99999, - @inact - ), - VSpacing(0.5), - IntField( - Id("shadowMax"), - # intfield label - _("Ma&ximum Number of Days for the Same Password"), - -1, - 99999, - @max - ), - VSpacing(0.5), - IntField( - Id("shadowMin"), - # intfield label - _("&Minimum Number of Days for the Same Password"), - -1, - 99999, - @min - ), - VSpacing(0.5), - TextEntry( - Id("shadowExpire"), - # textentry label - _("Ex&piration Date"), - @exp_date - ) - ) - ), - VStretch() - ), - HSpacing(3) - ) - - Wizard.CreateDialog - Wizard.SetDesktopIcon("org.opensuse.yast.Users") - - # dialog caption - Wizard.SetContentsButtons( - _("Shadow Account Settings"), - @contents, - EditUserPasswordDialogHelp(), - Label.CancelButton, - Label.OKButton - ) - - Wizard.HideAbortButton - - @ret = :next - begin - @ret = UI.UserInput - if @ret == :next - @exp = Convert.to_string(UI.QueryWidget(Id("shadowExpire"), :Value)) - if @exp != "" && - !Builtins.regexpmatch( - @exp, - "[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]" - ) - # popup text: Don't reorder the letters YYYY-MM-DD!!! - # The date must stay in this format - Popup.Message( - _("The expiration date must be in the format YYYY-MM-DD.") - ) - UI.SetFocus(Id("shadowExpire")) - next - end - - Builtins.foreach( - ["shadowWarning", "shadowMax", "shadowMin", "shadowInactive"] - ) do |shadowsymbol| - sval = Builtins.sformat( - "%1", - UI.QueryWidget(Id(shadowsymbol), :Value) - ) - if Builtins.sformat("%1", Ops.get_string(@data, shadowsymbol, "")) != sval - Ops.set(@tmp_data, shadowsymbol, sval) - end - end - - @new_exp_date = Convert.to_string( - UI.QueryWidget(Id("shadowExpire"), :Value) - ) - if @new_exp_date != @exp_date - @exp_date = @new_exp_date - if @exp_date == "" - Ops.set(@tmp_data, "shadowExpire", "") - else - @out = SCR.Execute( - path(".target.bash_output"), - "/usr/bin/date --date=#{@exp_date.to_s.shellescape}' UTC' +%s" - ) - @seconds_s = Builtins.deletechars( - Ops.get_string(@out, "stdout", "0"), - "\n" - ) - if @seconds_s != "" - @days = Ops.divide( - Builtins.tointeger(@seconds_s), - 60 * 60 * 24 - ) - Ops.set( - @tmp_data, - "shadowExpire", - Builtins.sformat("%1", @days) - ) - end - end - end - @err = UsersPluginLDAPShadowAccount.Check( - @config, - Convert.convert( - Builtins.union(@data, @tmp_data), - :from => "map", - :to => "map " - ) - ) - - if @err != "" - Report.Error(@err) - @ret = :notnext - next - end - - break if @tmp_data == {} - # if this plugin wasn't in default set, we must save its name - if !Builtins.contains( - Ops.get_list(@data, "plugins", []), - "UsersPluginLDAPShadowAccount" - ) - Ops.set( - @tmp_data, - "plugins", - Builtins.add( - Ops.get_list(@tmp_data, "plugins", []), - "UsersPluginLDAPShadowAccount" - ) - ) - end - if Ops.get_string(@data, "what", "") == "edit_user" - Users.EditUser(@tmp_data) - elsif Ops.get_string(@data, "what", "") == "add_user" - Users.AddUser(@tmp_data) - end - end - end until Ops.is_symbol?(@ret) && - Builtins.contains( - [:next, :abort, :back, :cancel], - Convert.to_symbol(@ret) - ) - - Wizard.CloseDialog - else - Builtins.y2error("unknown function: %1", @func) - @ret = false - end - - Builtins.y2debug("ret=%1", @ret) - Builtins.y2milestone("users plugin finished") - Builtins.y2milestone("----------------------------------------") - - deep_copy(@ret) - end - end -end - -Yast::UsersPluginLdapShadowaccountClient.new.main diff --git a/src/include/users/cmdline.rb b/src/include/users/cmdline.rb index 2fd5c87f4..44bed3921 100644 --- a/src/include/users/cmdline.rb +++ b/src/include/users/cmdline.rb @@ -33,10 +33,8 @@ def initialize_users_cmdline(include_target) textdomain "users" Yast.import "CommandLine" - Yast.import "Ldap" Yast.import "Users" Yast.import "UsersCache" - Yast.import "UsersLDAP" Yast.import "UsersSimple" Yast.import "Report" end @@ -44,33 +42,6 @@ def initialize_users_cmdline(include_target) # -------------------------------------------------------------------------- # --------------------------------- helper functions ----------------------- - # set LDAP admin password and read LDAP users and groups - def bind_and_read_LDAP(options) - options = deep_copy(options) - pw = Ops.get_string(options, "ldap_password", "") - if Users.LDAPAvailable && Users.LDAPNotRead - if Ldap.bind_pass == nil - if pw == "" && !Builtins.haskey(options, "batchmode") - # password entering label - pw = CommandLine.PasswordInput(_("LDAP Server Password:")) - end - Ldap.SetBindPassword(pw) - # TODO check bind... - end - error = UsersLDAP.ReadSettings - if error != "" - CommandLine.Print(error) - return false - end - error = Users.ReadLDAPSet("Users") - if error != "" - CommandLine.Print(error) - return false - end - end - true - end - def convert_keys(input) input = deep_copy(input) ret = {} @@ -88,7 +59,6 @@ def convert_keys(input) "new_groupname" => "cn", "new_uid" => "uidNumber", "new_gid" => "gidNumber", - UsersLDAP.GetMemberAttribute => "userlist" } Builtins.foreach(input) do |key, value| new_key = Ops.get_string(keys, key, key) @@ -154,10 +124,6 @@ def UsersListHandler(options) if type == "nis" && Users.NISAvailable && Users.NISNotRead Users.ReadNewSet("nis") end - if type == "ldap" && Users.LDAPAvailable && Users.LDAPNotRead - Ldap.SetAnonymous(true) - Users.ReadNewSet("ldap") - end Builtins.foreach( Convert.convert( Users.GetUsers("uid", type), @@ -211,10 +177,6 @@ def UserShowHandler(options) if type == "nis" && Users.NISAvailable && Users.NISNotRead Users.ReadNewSet("nis") end - if type == "ldap" && Users.LDAPAvailable && Users.LDAPNotRead - Ldap.SetAnonymous(true) - Users.ReadNewSet("ldap") - end if uid != -1 && uid != nil user = Users.GetUser(uid, "") @@ -288,12 +250,6 @@ def UserAddHandler(options) user = convert_keys(options) type = Ops.get_string(user, "type", "local") - if type == "ldap" - return false if !bind_and_read_LDAP(options) - if !Builtins.haskey(user, "sn") - Ops.set(user, "sn", Ops.get_string(user, "uid", "")) - end - end Users.ResetCurrentUser @@ -341,10 +297,6 @@ def UserAddHandler(options) return false end - if Ops.get_string(user, "type", "local") == "ldap" - Users.SubstituteUserValues - end - error = Users.CheckUser({}) if error != "" CommandLine.Print(error) @@ -369,7 +321,6 @@ def UserDeleteHandler(options) delete_home = Builtins.haskey(options, "delete_home") type = Ops.get_string(options, "type", "local") - return false if !bind_and_read_LDAP(options) if type == "ldap" if uid != -1 && uid != nil Users.SelectUser(uid) elsif username != "" @@ -419,7 +370,6 @@ def UserEditHandler(options) username = Ops.get_string(options, "username", "") type = Ops.get_string(options, "type", "local") - return false if !bind_and_read_LDAP(options) if type == "ldap" if uid != -1 && uid != nil Users.SelectUser(uid) elsif username != "" @@ -476,18 +426,11 @@ def GroupsListHandler(options) if !Builtins.contains(attributes, "cn") attributes = Builtins.prepend(attributes, "cn") end - if Builtins.contains(attributes, "userlist") - attributes = Builtins.add(attributes, UsersLDAP.GetMemberAttribute) - end Builtins.foreach(sets) do |type| if type == "nis" && Users.NISAvailable && Users.NISNotRead Users.ReadNewSet("nis") end - if type == "ldap" && Users.LDAPAvailable && Users.LDAPNotRead - Ldap.SetAnonymous(true) - Users.ReadNewSet("ldap") - end Builtins.foreach( Convert.convert( Users.GetGroups("cn", type), @@ -543,10 +486,6 @@ def GroupShowHandler(options) if type == "nis" && Users.NISAvailable && Users.NISNotRead Users.ReadNewSet("nis") end - if type == "ldap" && Users.LDAPAvailable && Users.LDAPNotRead - Ldap.SetAnonymous(true) - Users.ReadNewSet("ldap") - end if gid != -1 && gid != nil group = Users.GetGroup(gid, "") @@ -573,10 +512,6 @@ def GroupShowHandler(options) "userlist" => _( "List of Members:" ), - # label shown at command line (user attribute) - UsersLDAP.GetMemberAttribute => _( - "List of Members:" - ) } Builtins.foreach(group) do |key, value| key = Ops.get_string(keys, key, "") @@ -614,7 +549,6 @@ def GroupDeleteHandler(options) ) type = Ops.get_string(options, "type", "local") - return false if !bind_and_read_LDAP(options) if type == "ldap" if gid != -1 && gid != nil Users.SelectGroup(gid) elsif groupname != "" @@ -640,16 +574,6 @@ def GroupAddHandler(options) group = convert_keys(options) type = Ops.get_string(group, "type", "local") - return false if !bind_and_read_LDAP(options) if type == "ldap" - member_attr = type == "ldap" ? UsersLDAP.GetMemberAttribute : "userlist" - if Builtins.haskey(group, "userlist") - if type == "ldap" - Ops.set(group, member_attr, Ops.get_map(group, "userlist", {})) - group = Builtins.remove(group, "userlist") - end - else - Ops.set(group, member_attr, {}) - end Users.ResetCurrentGroup error = Users.AddGroup(group) @@ -659,10 +583,6 @@ def GroupAddHandler(options) return false end - if Ops.get_string(group, "type", "local") == "ldap" - Users.SubstituteGroupValues - end - error = Users.CheckGroup({}) if error != "" CommandLine.Print(error) @@ -689,7 +609,6 @@ def GroupEditHandler(options) ) type = Ops.get_string(options, "type", "local") - return false if !bind_and_read_LDAP(options) if type == "ldap" if gid != -1 && gid != nil Users.SelectGroup(gid) elsif groupname != "" @@ -707,14 +626,6 @@ def GroupEditHandler(options) Ops.set(changes, "dn", Ops.get_string(group, "dn", "")) # for groupname changes... end - if type == "ldap" && Builtins.haskey(changes, "userlist") - Ops.set( - changes, - UsersLDAP.GetMemberAttribute, - Ops.get_map(changes, "userlist", {}) - ) - changes = Builtins.remove(changes, "userlist") - end error = Users.EditGroup( Convert.convert(changes, :from => "map", :to => "map ") ) diff --git a/src/include/users/complex.rb b/src/include/users/complex.rb index a87e1f354..a8611ac7d 100644 --- a/src/include/users/complex.rb +++ b/src/include/users/complex.rb @@ -35,7 +35,6 @@ def initialize_users_complex(include_target) Yast.import "Autologin" Yast.import "Label" - Yast.import "Ldap" Yast.import "Popup" Yast.import "Report" Yast.import "Security" @@ -81,15 +80,6 @@ def WriteDialog(useUI) # Set help text Wizard.RestoreHelp(WriteDialogHelp()) if useUI - if Users.LDAPModified && (Ldap.anonymous || Ldap.bind_pass == nil) - # ask for real LDAP password if reading was anonymous - Ldap.SetBindPassword(Ldap.LDAPAskAndBind(false)) - if Ldap.bind_pass == nil - # popup text - return :back if Popup.YesNo(_("Really abort the writing process?")) - end - end - Users.SetGUI(useUI) ret = :next ret = :abort if !Stage.cont if Users.Write != "" diff --git a/src/include/users/dialogs.rb b/src/include/users/dialogs.rb index 2d5e181ce..8dee6adcc 100644 --- a/src/include/users/dialogs.rb +++ b/src/include/users/dialogs.rb @@ -43,8 +43,6 @@ def initialize_users_dialogs(include_target) Yast.import "GetInstArgs" Yast.import "FileUtils" Yast.import "Label" - Yast.import "Ldap" - Yast.import "LdapPopup" Yast.import "Message" Yast.import "Package" Yast.import "Popup" @@ -54,7 +52,6 @@ def initialize_users_dialogs(include_target) Yast.import "String" Yast.import "Users" Yast.import "UsersCache" - Yast.import "UsersLDAP" Yast.import "UsersPlugins" Yast.import "UsersRoutines" Yast.import "UsersSimple" @@ -807,15 +804,7 @@ def EditUserDialog(what) # selection box label _("Additional Gr&oups"), additional_groups - ), - user_type == "ldap" ? - MultiSelectionBox( - Id(:ldapgrouplist), - # selection box label - _("&LDAP Groups"), - additional_ldap_groups - ) : - Empty() + ) ) ), text_mode ? Empty() : HSpacing(1) @@ -882,9 +871,7 @@ def EditUserDialog(what) # dialog caption: "local" => _("New Local User"), # dialog caption: - "system" => _("New System User"), - # dialog caption: - "ldap" => _("New LDAP User") + "system" => _("New System User") }, "edit_user" => { # dialog caption: @@ -892,8 +879,6 @@ def EditUserDialog(what) # dialog caption: "system" => _("Existing System User"), # dialog caption: - "ldap" => _("Existing LDAP User"), - # dialog caption: "nis" => _("Existing NIS User") } } @@ -993,7 +978,6 @@ def EditUserDialog(what) current = nil login_modified = false tabids = [:edit, :details, :passwordsettings, :plugins] - ldap_user_defaults = UsersLDAP.GetUserDefaults # switch focus to specified tab (after error message) and widget inside focus_tab = lambda do |tab, widget| @@ -1054,49 +1038,12 @@ def EditUserDialog(what) end # now gather user data from dialog - if user_type == "ldap" - # Form the fullname for LDAP user - # sn (surname) and cn (fullname) are required attributes, - # they cannot be empty - givenname = Convert.to_string( - UI.QueryWidget(Id(:givenname), :Value) - ) - sn = Convert.to_string(UI.QueryWidget(Id(:sn), :Value)) - - # create default cn/sn if they are not marked for substitution - if sn == "" && - (what == "edit_user" || - !Builtins.haskey(ldap_user_defaults, "sn")) - if givenname == "" - sn = username - else - sn = givenname - givenname = "" - end - end - # enable changing of cn value only if LDAP user is not saved yet (bnc#904645) - if (cn == "" || action == "added") && - # no substitution when editing: TODO bug 238282 - (what == "edit_user" || - !# cn should not be substituted: - Builtins.haskey(ldap_user_defaults, "cn")) - # if 'givenname' or 'sn' should be substituted, wait for it - # and do not create cn now: - if !Builtins.haskey(ldap_user_defaults, "sn") && - !Builtins.haskey(ldap_user_defaults, "givenName") - cn = Ops.add(Ops.add(givenname, givenname != "" ? " " : ""), sn) - end - end - UI.ChangeWidget(Id(:givenname), :Value, givenname) - UI.ChangeWidget(Id(:sn), :Value, sn) - else - cn = Convert.to_string(UI.QueryWidget(Id(:cn), :Value)) - error = UsersSimple.CheckFullname(cn) - if error != "" - Report.Error(error) - focus_tab.call(current, :cn) - next - end + cn = Convert.to_string(UI.QueryWidget(Id(:cn), :Value)) + error = UsersSimple.CheckFullname(cn) + if error != "" + Report.Error(error) + focus_tab.call(current, :cn) + next end if Builtins.haskey(user, "givenName") && Ops.is_list?(Ops.get(user, "givenName")) @@ -1116,7 +1063,6 @@ def EditUserDialog(what) end # generate a login name from the full name - # (not for LDAP, there are customized rules...) if ret == :cn uname = Convert.to_string(UI.QueryWidget(Id(:username), :Value)) login_modified = false if login_modified && uname == "" # reenable suggestion @@ -1207,21 +1153,12 @@ def EditUserDialog(what) # build default home dir if home == "" || home == default_home || Builtins.issubstring(home, "%") - # LDAP: maybe value of homedirectory should be substituted? - if user_type == "ldap" && Builtins.issubstring(home, "%") - user = UsersLDAP.SubstituteValues("user", user) - home = Ops.get_string(user, "homeDirectory", default_home) - end if home == default_home || home == "" home = Ops.add(default_home, username) end end if ret != :details && username != org_username generated_home = Ops.add(default_home, username) - if user_type == "ldap" && Builtins.issubstring(default_home, "%") - tmp_user = UsersLDAP.SubstituteValues("user", user) - generated_home = Ops.get_string(tmp_user, "homeDirectory", home) - end if home != generated_home && (what == "add_user" || Popup.YesNo( @@ -1738,19 +1675,6 @@ def EditUserDialog(what) UI.ChangeWidget(Id(:autologin), :Value, false) end - # LDAP users can be disabled only with certain plugins (bnc#557714) - if UI.WidgetExists(Id(:ena)) && user_type == "ldap" - ena = Builtins.contains( - Ops.get_list(user, "plugins", []), - "UsersPluginLDAPShadowAccount" - ) || - Builtins.contains( - Ops.get_list(user, "plugins", []), - "UsersPluginLDAPPasswordPolicy" - ) - UI.ChangeWidget(Id(:ena), :Enabled, ena) - end - current = ret end if ret == :details @@ -1774,12 +1698,6 @@ def EditUserDialog(what) UI.ChangeWidget(Id(widget), :Enabled, false) end end - if user_type == "ldap" && !Ldap.file_server - UI.ChangeWidget(Id(:browse), :Enabled, false) - if UI.WidgetExists(Id(:move_home)) - UI.ChangeWidget(Id(:move_home), :Enabled, false) - end - end if !FileUtils.Exists(home) && UI.WidgetExists(Id(:move_home)) UI.ChangeWidget(Id(:move_home), :Enabled, false) end @@ -1977,11 +1895,6 @@ def EditGroupDialog(what) group_type = Ops.get_string(group, "type", "") new_type = group_type additional_users = [] - member_attribute = UsersLDAP.GetMemberAttribute - - if group_type == "ldap" - userlist = Ops.get_map(group, member_attribute, {}) - end more = Ops.greater_than(Builtins.size(more_users), 0) @@ -1991,16 +1904,12 @@ def EditGroupDialog(what) "local" => _("New Local Group"), # dialog caption: "system" => _("New System Group"), - # dialog caption: - "ldap" => _("New LDAP Group") }, "edit_group" => { # dialog caption: "local" => _("Existing Local Group"), # dialog caption: "system" => _("Existing System Group"), - # dialog caption: - "ldap" => _("Existing LDAP Group") } } diff --git a/src/include/users/helps.rb b/src/include/users/helps.rb index fd20dd5ac..6624a50f6 100644 --- a/src/include/users/helps.rb +++ b/src/include/users/helps.rb @@ -34,11 +34,9 @@ def initialize_users_helps(include_target) textdomain "users" Yast.import "Label" - Yast.import "Ldap" Yast.import "Stage" Yast.import "Users" Yast.import "UsersCache" - Yast.import "UsersLDAP" Yast.import "UsersRoutines" end @@ -47,6 +45,9 @@ def initialize_users_helps(include_target) # @return [String] help text def help_password(type) password_length = "" + # CRITICAL!!!! + # LITERALLY NONE OF THESE TYPES ARE ACCEPTABLE IN 2022! + enc_to_string = { # encryption type "des" => _("DES"), @@ -56,7 +57,6 @@ def help_password(type) "md5" => _("MD5") } method = Users.EncryptionMethod - method = UsersLDAP.GetEncryption if type == "ldap" # help text 1/4 help_text = _( @@ -187,24 +187,12 @@ def WriteDialogHelp # @return [String] help text def EditUserDialogHelp(mail, type, what) help = "" - if type == "ldap" - # help text 1/7 - help = _( - "

\n" + - "Enter the First Name, Last Name, \n" + - "Username, and\n" + - "Password to assign to this user.\n" + - "

\n" - ) - else - # alternative help text 1/7 - help = _( - "

\n" + - "Enter the User's Full Name, Username, and Password to\n" + - "assign to this user account.\n" + - "

\n" - ) - end + help = _( + "

\n" + + "Enter the User's Full Name, Username, and Password to\n" + + "assign to this user account.\n" + + "

\n" + ) help = Ops.add(help, help_password(type)) @@ -350,7 +338,7 @@ def EditGroupDialogHelp(more) # Help for EditUserDetailsDialog. # - # @param [String] user_type type of added/edited user (local/system/ldap/nis) + # @param [String] user_type type of added/edited user (local/system/nis) # @param [String] what what to do with a user (add_user/edit_user) # # @return [String] help text @@ -421,13 +409,7 @@ def EditUserDetailsDialogHelp(user_type, what) ) end - if user_type == "ldap" - helptext << _( - "

\n" \ - "The home directory of an LDAP user can be changed only on the\n" \ - "file server.

" - ) - elsif user_type == "system" || user_type == "local" + if user_type == "system" || user_type == "local" helptext << _( "

Additional Information:\n" \ "Some additional user data could be set here. This field may contain up to\n" \ diff --git a/src/include/users/ldap_dialogs.rb b/src/include/users/ldap_dialogs.rb deleted file mode 100644 index 58d17b320..000000000 --- a/src/include/users/ldap_dialogs.rb +++ /dev/null @@ -1,946 +0,0 @@ -# encoding: utf-8 - -# ------------------------------------------------------------------------------ -# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ - -# File: include/users/widgets.ycp -# Package: Configuration of users and groups -# Summary: Widgets definitions and helper functions -# Authors: Jiri Suchomel -# -# $Id$ -module Yast - module UsersLdapDialogsInclude - def initialize_users_ldap_dialogs(include_target) - Yast.import "UI" - - Yast.import "Label" - Yast.import "Ldap" - Yast.import "LdapPopup" - Yast.import "Popup" - Yast.import "Users" - Yast.import "Wizard" - - textdomain "users" - end - - # dialog for Password Policy configuration object - # @param [Hash] ppolicy data with Password Policy object to be edited (as obtained from LDAP search) - # @return [Hash] with modifications of ppolicy object, nil in case of `cancel - def PasswordPolicyDialog(ppolicy) - ppolicy = deep_copy(ppolicy) - # reduce the list values to single ones - ppolicy = Builtins.mapmap( - Convert.convert(ppolicy, :from => "map", :to => "map ") - ) do |a, val| - if Ops.is_list?(val) && - (Ldap.SingleValued(a) || Builtins.size(Convert.to_list(val)) == 1) - val = Ops.get(Convert.to_list(val), 0) - end - val = val == "TRUE" if val == "TRUE" || val == "FALSE" - { a => val } - end - ppolicy_orig = deep_copy(ppolicy) - - # help text for Password Policy Dialog - help_text = _( - "

Select the Password Change Policies, Password Aging Policies, and Lockout Policies tabs to choose LDAP password policy groups of attributes to configure.

" - ) - - - # tab-specific help texts - tabs_help_text = { - # help text for pwdInHistory attribute - :pwchange => _( - "

Specify the Maximum Number of Passwords Stored in History to set how many previously used passwords should be saved. Saved passwords may not be used.

" - ) + - # help text for pwdMustChange attribute - _( - "

Check User Must Change Password after Reset to force users to change their passwords after the the password is reset or changed by an administrator.

" - ) + - # help text for pwdAllowUserChange attribute - _( - "

Check User Can Change Password to allow users to change their passwords.

" - ) + - # help text for pwdSafeModify attribute - _( - "

If the existing password must be provided along with the new password, check Old Password Required for Password Change.

" - ) + - # help text for pwdCheckQuality attribute - _( - "

Select whether the password quality should be verified while passwords are modified or added. Select No Checking if passwords should not be checked at all. With Accept Uncheckable Passwords, passwords are accepted even if the check cannot be performed, for example, if the user has provided an encrypted password. With Only Accept Checked Passwords passwords are refused if the quality test fails or the password cannot be checked.

" - ) + - # help text for pwdMinLength attribute - _( - "Set the minimum number of characters that must be used in a password in Minimum Password Length.

" - ), - # help text for pwdMinAge attribute - :aging => _( - "

Minimum Password Age sets how much time must pass between modifications to the password.

" - ) + - # help text for pwdMaxAge attribute - _( - "

Maximum Password Age sets how long after modification a password expires.

" - ) + - # help text for pwdExpireWarning attribute - _( - "

In Time before Password Expiration to Issue Warning set how long before a password is due to expire that an expiration warning messages should be given to an authenticating user.

" - ) + - # help text for pwdGraceAuthNLimit attribute - _( - "

Set the number of times an expired password can be used to authenticate in Allowed Uses of an Expired Password.

" - ), - # help text for pwdLockout attribute - :lockout => _( - "

Check Enable Password Locking to forbid use of a password after a specified number of consecutive failed bind attempts.

" - ) + - # help text for pwdMaxFailure attribute - _( - "

Set the number of consecutive failed bind attempts after which the password may not be used to authenticate in Bind Failures to Lock the Password.

" - ) + - # help text for pwdLockoutDuration attribute - _( - "

Set how long the password cannot be used in Password Lock Duration.

" - ) + - # help text for pwdFailureCountInterval attribute - _( - "

Bind Failures Cache Duration sets how long before password failures are purged from the failure counter even though no successful authentication has occurred.

" - ) - } - - # map of attribute names for each tab - attributes = { - :pwchange => [ - "pwdInHistory", - "pwdMustChange", - "pwdAllowUserChange", - "pwdSafeModify", - "pwdCheckQuality", - "pwdMinLength" - ], - :aging => [ - "pwdMinAge", - "pwdMaxAge", - "pwdExpireWarning", - "pwdGraceAuthNLimit" - ], - :lockout => [ - "pwdLockout", - "pwdLockoutDuration", - "pwdMaxFailure", - "pwdFailureCountInterval" - ] - } - - time_attributes = [ - "pwdMinAge", - "pwdMaxAge", - "pwdExpireWarning", - "pwdLockoutDuration", - "pwdFailureCountInterval" - ] - - default_values = { - "pwdMustChange" => false, - "pwdAllowUserChange" => true, - "pwdSafeModify" => false, - "pwdLockout" => false - } - - # maximal value of IntFields - max = 99999 - - tabs = [ - # tab label - Item(Id(:pwchange), _("&Password Change Policies"), true), - # tab label - Item(Id(:aging), _("Pa&ssword Aging Policies")), - # tab label - Item(Id(:lockout), _("&Lockout Policies")) - ] - tabs_term = VBox( - DumbTab(Id(:tabs), tabs, ReplacePoint(Id(:tabContents), VBox(Empty()))) - ) - has_tabs = true - if !UI.HasSpecialWidget(:DumbTab) - has_tabs = false - tabbar = HBox() - Builtins.foreach(tabs) do |it| - label = Ops.get_string(it, 1, "") - tabbar = Builtins.add(tabbar, PushButton(Ops.get_term(it, 0) do - Id(label) - end, label)) - end - tabs_term = VBox( - Left(tabbar), - Frame("", ReplacePoint(Id(:tabContents), Empty())) - ) - end - - contents = deep_copy(tabs_term) - - # generate the term of password policy tab and update the help text - set_password_policies_term = lambda do - pwdcheckquality = Builtins.tointeger( - Ops.get_string(ppolicy, "pwdCheckQuality", "0") - ) - tab_cont = Top( - HBox( - HSpacing(0.5), - VBox( - VSpacing(0.8), - IntField( - Id("pwdInHistory"), - # IntField label - _("Ma&ximum Number of Passwords Stored in History"), - 0, - max, - Builtins.tointeger(Ops.get_string(ppolicy, "pwdInHistory", "0")) - ), - VSpacing(0.4), - Left( - CheckBox( - Id("pwdMustChange"), - # checkbox label - _("U&ser Must Change Password after Reset"), - Ops.get_boolean(ppolicy, "pwdMustChange", true) - ) - ), - VSpacing(0.2), - Left( - CheckBox( - Id("pwdAllowUserChange"), - # checkbox label - _("&User Can Change Password"), - Ops.get_boolean(ppolicy, "pwdAllowUserChange", true) - ) - ), - VSpacing(0.2), - Left( - CheckBox( - Id("pwdSafeModify"), - # checkbox label - _("&Old Password Required for Password Change"), - Ops.get_boolean(ppolicy, "pwdSafeModify", false) - ) - ), - VSpacing(0.4), - # frame label - HBox( - HSpacing(2), - Frame( - _("Password Quality Checking"), - VBox( - VSpacing(0.5), - RadioButtonGroup( - Id("pwdCheckQuality"), - VBox( - Left( - RadioButton( - Id(0), - Opt(:notify), - _("&No Checking"), - pwdcheckquality == 0 - ) - ), - Left( - RadioButton( - Id(1), - Opt(:notify), - _("Acc&ept Uncheckable Passwords"), - pwdcheckquality == 1 - ) - ), - Left( - RadioButton( - Id(2), - Opt(:notify), - _("&Only Accept Checked Passwords"), - pwdcheckquality == 2 - ) - ) - ) - ), - VSpacing(0.4), - # IntField label - IntField( - Id("pwdMinLength"), - _("&Minimum Password Length"), - 0, - max, - Builtins.tointeger( - Ops.get_string(ppolicy, "pwdMinLength", "0") - ) - ) - ) - ) - ) - ), - HSpacing(0.5) - ) - ) - - UI.ReplaceWidget(:tabContents, tab_cont) - UI.ChangeWidget( - Id("pwdMinLength"), - :Enabled, - Ops.greater_than(pwdcheckquality, 0) - ) - nil - end - - time_dialog = lambda do |id, label| - value = Builtins.tointeger(Ops.get_string(ppolicy, id, "0")) - days = Ops.divide(value, 24 * 60 * 60) - if Ops.greater_than(days, 0) - value = Ops.subtract( - value, - Ops.multiply(Ops.multiply(Ops.multiply(days, 24), 60), 60) - ) - end - hours = Ops.divide(value, 60 * 60) - if Ops.greater_than(hours, 0) - value = Ops.subtract(value, Ops.multiply(Ops.multiply(hours, 60), 60)) - end - minutes = Ops.divide(value, 60) - if Ops.greater_than(minutes, 0) - value = Ops.subtract(value, Ops.multiply(minutes, 60)) - end - HBox( - HSpacing(0.3), - Frame( - label, - HBox( - IntField(Id(Ops.add(id, "d")), _("Days"), 0, max, days), - IntField(Id(Ops.add(id, "h")), _("Hours"), 0, 23, hours), - IntField(Id(Ops.add(id, "m")), _("Minutes"), 0, 59, minutes), - IntField(Id(Ops.add(id, "s")), _("Seconds"), 0, 59, value) - ) - ), - HSpacing(0.3) - ) - end - - get_seconds_value = lambda do |attr| - days = Convert.to_integer( - UI.QueryWidget(Id(Ops.add(attr, "d")), :Value) - ) - hours = Convert.to_integer( - UI.QueryWidget(Id(Ops.add(attr, "h")), :Value) - ) - minutes = Convert.to_integer( - UI.QueryWidget(Id(Ops.add(attr, "m")), :Value) - ) - seconds = Convert.to_integer( - UI.QueryWidget(Id(Ops.add(attr, "s")), :Value) - ) - Ops.add( - Ops.add( - Ops.add( - Ops.multiply(Ops.multiply(Ops.multiply(days, 24), 60), 60), - Ops.multiply(Ops.multiply(hours, 60), 60) - ), - Ops.multiply(minutes, 60) - ), - seconds - ) - end - - # generate the term of password aging tab - set_aging_policies_term = lambda do - tab_cont = Top( - HBox( - HSpacing(0.5), - VBox( - VSpacing(0.7), - # frame label - time_dialog.call("pwdMinAge", _("Minimum Password Age")), - VSpacing(0.4), - # frame label - time_dialog.call("pwdMaxAge", _("Maximum Password Age")), - VSpacing(0.4), - time_dialog.call( - "pwdExpireWarning", - # frame label - _("Time before Password Expiration to Issue Warning") - ), - VSpacing(0.2), - IntField( - Id("pwdGraceAuthNLimit"), - # IntField label - _("Allowed Uses of an Expired Password"), - 0, - max, - Builtins.tointeger( - Ops.get_string(ppolicy, "pwdGraceAuthNLimit", "0") - ) - ) - ), - HSpacing(0.5) - ) - ) - UI.ReplaceWidget(:tabContents, tab_cont) - nil - end - - # generate the term of lockout aging tab - set_lockout_policies_term = lambda do - pwdlockout = Ops.get_boolean(ppolicy, "pwdLockout", false) - - tab_cont = Top( - HBox( - HSpacing(0.5), - VBox( - VSpacing(0.8), - Left( - CheckBox( - Id("pwdLockout"), - Opt(:notify), - # check box label - _("Enable Password Locking"), - pwdlockout - ) - ), - VSpacing(0.4), - IntField( - Id("pwdMaxFailure"), - # intField label - _("Bind Failures to Lock the Password"), - 0, - max, - Builtins.tointeger( - Ops.get_string(ppolicy, "pwdMaxFailure", "0") - ) - ), - # frame label - time_dialog.call( - "pwdLockoutDuration", - _("Password Lock Duration") - ), - VSpacing(0.4), - time_dialog.call( - "pwdFailureCountInterval", - # frame label - _("Bind Failures Cache Duration") - ) - ), - HSpacing(0.5) - ) - ) - - UI.ReplaceWidget(:tabContents, tab_cont) - UI.ChangeWidget(Id("pwdMaxFailure"), :Enabled, pwdlockout) - Builtins.foreach(["d", "h", "m", "s"]) do |suffix| - UI.ChangeWidget( - Id(Ops.add("pwdLockoutDuration", suffix)), - :Enabled, - pwdlockout - ) - UI.ChangeWidget( - Id(Ops.add("pwdFailureCountInterval", suffix)), - :Enabled, - pwdlockout - ) - end - nil - end - - current_tab = :pwchange - result = nil - - Wizard.OpenNextBackDialog - - # dialog label - Wizard.SetContentsButtons( - _("Password Policy Configuration"), - contents, - Ops.add(help_text, Ops.get_string(tabs_help_text, current_tab, "")), - Label.CancelButton, - Label.OKButton - ) - Wizard.HideAbortButton - - set_password_policies_term.call - - while true - result = UI.UserInput - - if Ops.is_symbol?(result) && - Builtins.contains( - [:back, :cancel, :abort], - Convert.to_symbol(result) - ) - break - end - - # save the values from UI - Builtins.foreach(Ops.get_list(attributes, current_tab, [])) do |attr| - if Builtins.contains(time_attributes, attr) - Ops.set( - ppolicy, - attr, - Builtins.sformat("%1", get_seconds_value.call(attr)) - ) - next - end - val = UI.QueryWidget(Id(attr), :Value) - val = Builtins.sformat("%1", val) if Ops.is_integer?(val) - Ops.set(ppolicy, attr, val) - end - - if (result == :pwchange || result == :aging || result == :lockout) && - result != current_tab - if result == :pwchange - set_password_policies_term.call - elsif result == :aging - set_aging_policies_term.call - elsif result == :lockout - set_lockout_policies_term.call - end - current_tab = Convert.to_symbol(result) - UI.ChangeWidget(Id(:tabs), :CurrentItem, current_tab) if has_tabs - Wizard.SetHelpText( - Ops.add(help_text, Ops.get_string(tabs_help_text, current_tab, "")) - ) - next - end - if result == :next - cont = false - - # check the template required attributes... - Builtins.foreach(Ops.get_list(ppolicy, "objectClass", [])) do |oc| - next if cont - Builtins.foreach(Ldap.GetRequiredAttributes(oc)) do |attr| - val = Ops.get(ppolicy, attr) - if !cont && val == nil || val == [] || val == "" - #error popup, %1 is attribute name - Popup.Error( - Builtins.sformat( - _("The \"%1\" attribute is mandatory.\nEnter a value."), - attr - ) - ) - UI.SetFocus(Id(:table)) - cont = true - end - end - end - next if cont - break - end - # now solve events inside the tabs - if current_tab == :pwchange && Ops.is_integer?(result) - UI.ChangeWidget(Id("pwdMinLength"), :Enabled, result != 0) - end - if current_tab == :lockout && result == "pwdLockout" - pwdlockout = Convert.to_boolean( - UI.QueryWidget(Id("pwdLockout"), :Value) - ) - UI.ChangeWidget(Id("pwdMaxFailure"), :Enabled, pwdlockout) - Builtins.foreach(["d", "h", "m", "s"]) do |suffix| - UI.ChangeWidget( - Id(Ops.add("pwdFailureCountInterval", suffix)), - :Enabled, - pwdlockout - ) - UI.ChangeWidget( - Id(Ops.add("pwdLockoutDuration", suffix)), - :Enabled, - pwdlockout - ) - end - end - end - Wizard.CloseDialog - - ret = {} - if result == :next - Builtins.foreach( - Convert.convert(ppolicy, :from => "map", :to => "map ") - ) do |key, val| - if !Builtins.haskey(ppolicy_orig, key) && - (val == Ops.get(default_values, key) || val == "0") - next - end - if val != Ops.get(ppolicy_orig, key) - val = val == true ? "TRUE" : "FALSE" if Ops.is_boolean?(val) - Ops.set(ret, key, val) - end - end - end - result == :next ? ret : nil - end - - # Dialog for administering User & Group specific LDAP settigns - def LdapAdministrationDialog - Users.SetLdapSettingsRead(Ldap.Read) if !Users.LdapSettingsRead - - base_dn = Ldap.GetBaseDN - file_server = Ldap.file_server - modified = true - - ppolicy_list = [] - - ppolicies_enabled = false - ppolicies = {} - ppolicies_orig = {} - ppolicies_deleted = [] # list of DN - - # map with modifications of Password Policies objects - write_ppolicies = {} - - # read the list of pwdpolicy objects under base_config_dn - read_ppolicies = lambda do - return if base_dn == "" - - if Ldap.ldap_initialized && Ldap.tls_when_initialized != Ldap.ldap_tls - Ldap.LDAPClose - end - - if Ldap.ldap_initialized || Ldap.LDAPInit == "" - ppolicies_enabled = Convert.to_boolean( - SCR.Execute( - path(".ldap.ppolicy"), - { - "hostname" => Ldap.GetFirstServer(Ldap.server), - "bind_dn" => Ldap.GetBaseDN - } - ) - ) - - schemas = Convert.to_list( - SCR.Read( - path(".ldap.search"), - { - "base_dn" => "", - "attrs" => ["subschemaSubentry"], - "scope" => 0 - } - ) - ) - schema_dn = Ops.get_string(schemas, [0, "subschemaSubentry", 0], "") - if schemas != nil && schema_dn != "" && - SCR.Execute(path(".ldap.schema"), { "schema_dn" => schema_dn }) == true - pp = Convert.convert( - SCR.Read( - path(".ldap.search"), - { - "base_dn" => base_dn, - "filter" => "objectClass=pwdPolicy", - "scope" => 2, - "map" => true, - "not_found_ok" => true - } - ), - :from => "any", - :to => "map " - ) - if pp != nil - ppolicies = deep_copy(pp) - ppolicies_orig = deep_copy(ppolicies) - end - end - end - - nil - end - - read_ppolicies.call - - help_text = _("

Home Directories

") + - # help text - _( - "

If home directories of LDAP users should be stored on this machine,\n" + - "check the appropriate option. Changing this value does not cause any direct\n" + - "action. It is only information for the YaST users module, which can manage\n" + - "user home directories.

\n" - ) + # help text caption - # help text - _( - "

Press Configure to configure settings stored on the\n" + - "LDAP server. You will be asked for the password if you are not connected yet or\n" + - "have changed your configuration.

\n" - ) + - # password policy help text caption - _("

Password Policy

") + - # password policy help - _( - "

Configure the selected password policy with Edit. Use Add to add a new password policy. The configuration is only possible,\n if the password policies are already enabled on the LDAP server.

" - ) - - contents = VBox( - VSpacing(0.4), - Left( - CheckBox( - Id(:file_server), - # checkbox label - _("&Home Directories on This Machine"), - file_server - ) - ), - VSpacing(0.5), - Right( - PushButton( - Id(:configure), - # pushbutton label - _("Configure User Management &Settings...") - ) - ), - VSpacing(), - Table( - Id(:ppolicy_table), - Opt(:notify), - Header( - # table header - _("Password Policy") - ), - Builtins.maplist(ppolicies) { |dn, pp| Item(Id(dn), dn) } - ), - HBox( - PushButton(Id(:add), Label.AddButton), - PushButton(Id(:edit), Label.EditButton), - PushButton(Id(:delete), Label.DeleteButton), - HStretch() - ), - VSpacing(0.4) - ) - - Wizard.CreateDialog - # dialog title - Wizard.SetContentsButtons( - _("LDAP Administration Settings"), - contents, - help_text, - Label.CancelButton, - Label.OKButton - ) - Wizard.HideAbortButton - - Builtins.foreach([:ppolicy_table, :add, :edit, :delete]) do |s| - UI.ChangeWidget(Id(s), :Enabled, ppolicies_enabled) - end - - ret = :cancel - - while true - ret = Convert.to_symbol(UI.UserInput) - if ret == :add - suffix = base_dn - UI.OpenDialog( - Opt(:decorated), - HBox( - HSpacing(1), - VBox( - # InputField label - InputField( - Id(:cn), - Opt(:hstretch), - _("Name of Password Policy Object") - ), - ReplacePoint( - Id(:rp_suf), - HBox( - # text label,suffix will follow in next label - Label(Id(:suffix_label), _("Suffix:")), - Label(Id(:suffix), base_dn), - # pushbutton label - PushButton(Id(:br_suf), _("Change Suffix")) - ) - ), - ButtonBox( - PushButton(Id(:ok), Opt(:default, :key_F10), Label.OKButton), - PushButton(Id(:cancel), Opt(:key_F9), Label.CancelButton) - ) - ), - HSpacing(1) - ) - ) - UI.SetFocus(Id(:cn)) - ret2 = nil - new_dn = "" - while true - ret2 = UI.UserInput - break if ret2 == :cancel - if ret2 == :br_suf - suf = LdapPopup.InitAndBrowseTree( - base_dn, - { - "hostname" => Ldap.GetFirstServer(Ldap.server), - "port" => Ldap.GetFirstPort(Ldap.server), - "use_tls" => Ldap.ldap_tls ? "yes" : "no", - "cacertdir" => Ldap.tls_cacertdir, - "cacertfile" => Ldap.tls_cacertfile - } - ) - if suf != "" - UI.ReplaceWidget( - Id(:rp_suf), - HBox( - # text label,suffix will follow in next label - Label(Id(:suffix_label), _("Suffix:")), - Label(Id(:suffix), suf), - # pushbutton label - PushButton(Id(:br_suf), _("Change Suffix")) - ) - ) - end - end - if ret2 == :ok - cn = Convert.to_string(UI.QueryWidget(Id(:cn), :Value)) - break if cn == "" - suffix2 = Convert.to_string(UI.QueryWidget(Id(:suffix), :Value)) - new_dn = Builtins.sformat("cn=%1,%2", cn, suffix2) - if Builtins.haskey(ppolicies, new_dn) - Popup.Error( - Builtins.sformat( - _( - "The Policy '%1' already exists.\nPlease select another one." - ), - new_dn - ) - ) - next - end - break - end - end - UI.CloseDialog - if ret2 == :ok && new_dn != "" - new = PasswordPolicyDialog({ "dn" => new_dn }) - if new != nil - Ops.set(ppolicies, new_dn, new) - UI.ChangeWidget( - Id(:ppolicy_table), - :Items, - Builtins.maplist(ppolicies) { |dn, pp| Item(Id(dn), dn) } - ) - UI.ChangeWidget( - Id(:edit), - :Enabled, - Ops.greater_than(Builtins.size(ppolicies), 0) - ) - UI.ChangeWidget( - Id(:delete), - :Enabled, - Ops.greater_than(Builtins.size(ppolicies), 0) - ) - end - end - end - if ret == :edit || ret == :ppolicy_table - dn = Convert.to_string( - UI.QueryWidget(Id(:ppolicy_table), :CurrentItem) - ) - changes = PasswordPolicyDialog(Ops.get(ppolicies, dn, {})) - if changes != nil - Ops.set( - ppolicies, - dn, - Builtins.union(Ops.get(ppolicies, dn, {}), changes) - ) - end - end - if ret == :delete - dn = Convert.to_string( - UI.QueryWidget(Id(:ppolicy_table), :CurrentItem) - ) - ppolicies = Builtins.remove(ppolicies, dn) - ppolicies_deleted = Convert.convert( - Builtins.union(ppolicies_deleted, [dn]), - :from => "list", - :to => "list " - ) - UI.ChangeWidget( - Id(:ppolicy_table), - :Items, - Builtins.maplist(ppolicies) { |dn2, pp| Item(Id(dn2), dn2) } - ) - UI.ChangeWidget( - Id(:edit), - :Enabled, - Ops.greater_than(Builtins.size(ppolicies), 0) - ) - UI.ChangeWidget( - Id(:delete), - :Enabled, - Ops.greater_than(Builtins.size(ppolicies), 0) - ) - end - # open "LDAP User objects configuration" - if ret == :configure - result = WFM.CallFunction("ldap_config") - modified = true if result == :next - next - end - break if ret == :back || ret == :cancel || ret == :abort - if ret == :next - file_server = Convert.to_boolean( - UI.QueryWidget(Id(:file_server), :Value) - ) - if file_server != Ldap.file_server - Users.SetLdapSysconfigModified(true) - Ldap.file_server = file_server - end - Builtins.foreach(ppolicies) do |dn, ppolicy| - # new ppolicy - if !Builtins.haskey(ppolicies_orig, dn) - Ops.set(ppolicy, "modified", "added") - Ops.set(ppolicy, "pwdAttribute", "userPassword") - Ops.set(ppolicy, "objectClass", ["pwdPolicy", "namedObject"]) - Ops.set(ppolicy, "cn", Ldap.get_cn(dn)) - Ops.set(write_ppolicies, dn, ppolicy) - else - pp = {} - Builtins.foreach( - Convert.convert( - ppolicy, - :from => "map", - :to => "map " - ) - ) do |a, val| - Ops.set(pp, a, val) if val != Ops.get(ppolicies_orig, [dn, a]) - end - if pp != {} - Ops.set(pp, "modified", "edited") - Ops.set(write_ppolicies, dn, pp) - end - end - end - # deleted ppolicies - Builtins.foreach(ppolicies_deleted) do |dn| - pp = Ops.get(write_ppolicies, dn, {}) - if Ops.get_string(pp, "modified", "") == "added" - write_ppolicies = Builtins.remove(write_ppolicies, dn) - elsif Builtins.haskey(ppolicies_orig, dn) - Ops.set(pp, "modified", "deleted") - Ops.set(write_ppolicies, dn, pp) - end - end - if write_ppolicies != {} - Ldap.WriteLDAP(write_ppolicies) - write_ppolicies = {} - end - break - end - end - Wizard.CloseDialog - modified || ret == :next - end - end -end diff --git a/src/include/users/widgets.rb b/src/include/users/widgets.rb index b1ebf5e02..d465de6a9 100644 --- a/src/include/users/widgets.rb +++ b/src/include/users/widgets.rb @@ -35,7 +35,6 @@ def initialize_users_widgets(include_target) Yast.import "Autologin" Yast.import "CWMTab" Yast.import "Label" - Yast.import "Ldap" Yast.import "Message" Yast.import "Mode" Yast.import "Package" @@ -47,13 +46,11 @@ def initialize_users_widgets(include_target) Yast.import "Summary" Yast.import "Users" Yast.import "UsersCache" - Yast.import "UsersLDAP" Yast.import "UsersRoutines" Yast.import "Wizard" Yast.include include_target, "users/complex.rb" Yast.include include_target, "users/routines.rb" - Yast.include include_target, "users/ldap_dialogs.rb" textdomain "users" @@ -66,8 +63,6 @@ def initialize_users_widgets(include_target) # the type of user set "nis" => _("&NIS Users"), # the type of user set - "ldap" => _("L&DAP Users"), - # the type of user set "samba" => _("Sam&ba Users"), # the type of user set "custom" => _("&Custom") @@ -82,8 +77,6 @@ def initialize_users_widgets(include_target) # the type of user set "nis" => _("NIS Users"), # the type of user set - "ldap" => _("LDAP Users"), - # the type of user set "samba" => _("Samba Users"), # the type of user set "custom" => _("Custom") @@ -98,8 +91,6 @@ def initialize_users_widgets(include_target) # the type of group set "nis" => _("&NIS Groups"), # the type of group set - "ldap" => _("L&DAP Groups"), - # the type of group set "samba" => _("Sam&ba Groups"), # the type of group set "custom" => _("&Custom") @@ -113,8 +104,6 @@ def initialize_users_widgets(include_target) # the type of group set "nis" => _("NIS Groups"), # the type of group set - "ldap" => _("LDAP Groups"), - # the type of group set "samba" => _("Samba Groups"), # the type of group set "custom" => _("Custom") @@ -266,7 +255,6 @@ def initialize_users_widgets(include_target) # these are for user/group types "local", "system", - "ldap", "nis", "custom", :customize @@ -304,8 +292,6 @@ def initialize_users_widgets(include_target) :enc, :autologinconf, :save, - :ldapfilter, - :ldapconf ], "no_help" => true }, @@ -584,344 +570,6 @@ def AskForNISServerEncryptionPopup(encr) ret end - # Popup for configuration user/group filter for making the LDAP search - # @return modified? - def LDAPSearchFilterPopup - default_user_f = UsersLDAP.GetDefaultUserFilter - default_group_f = UsersLDAP.GetDefaultGroupFilter - - user_f = UsersLDAP.GetCurrentUserFilter - group_f = UsersLDAP.GetCurrentGroupFilter - - user_f = default_user_f if user_f == "" - group_f = default_group_f if group_f == "" - - ret = false - - # attributes are listed here, because during filter editing, the connection - # to LDAP server doesn't have to be run yet - user_attributes = [ - "objectClass", - "loginShell", - "gecos", - "description", - "cn", - "uid", - "uidNumber", - "gidNumber", - "homeDirectory", - "shadowLastChange", - "shadowMin", - "shadowMax", - "shadowWarning", - "shadowInactive", - "shadowExpire", - "shadowFlag", - "audio", - "businessCategory", - "carLicense", - "departmentNumber", - "displayName", - "employeeNumber", - "employeeType", - "givenName", - "homePhone", - "homePostalAddress", - "initials", - "jpegPhoto", - "labeledUri", - "mail", - "manager", - "mobile", - "o", - "pager", - "photo", - "roomNumber", - "secretary", - "userCertificate", - "x500uniqueIdentifier", - "preferredLanguage", - "userSMIMECertificate", - "userPKCS12", - "title", - "x121Address", - "registeredAddress", - "destinationIndicator", - "preferredDeliveryMethod", - "telexNumber", - "teletexTerminalIdentifier", - "telephoneNumber", - "internationalISDNNumber", - "facsimileTelephoneNumber", - "street", - "postOfficeBox", - "postalCode", - "postalAddress", - "physicalDeliveryOfficeName", - "ou", - "st", - "l", - "seeAlso", - "sn" - ] - group_attributes = [ - "objectClass", - "memberUid", - "description", - "gidNumber", - "businessCategory", - "seeAlso", - "owner", - "ou", - "o", - "member", - "cn" - ] - - connectives = [ - # combo box item - Item(Id("and"), _("AND")), - # combo box item - Item(Id("or"), _("OR")) - ] - equality = ["=", "~=", "<=", ">="] - curr_shown = UsersCache.GetCurrentSummary == "users" ? :users : :groups - - help_text = - # helptext 1/4 - caption - _("

LDAP Search Filter Changes

") + - # helptext 2/4 - _( - "

Here, extend the search filters for users and groups beyond the default search filters.

" - ) + - # helptext 3/4 - _( - "

With Default, load the default filter from the user and group\n" + - "configuration modules saved on the LDAP server (values of 'suseSearchFilter' attributes).\n" + - "If you are not connected yet, you are prompted for the password.

\n" - ) + - # helptext 4/4 (do not translate the value (written as font)) - _( - "

Example:\n" + - "
With the user filter\n" + - "
\n" + - "(&(objectClass=posixAccount)(uid=u*))\n" + - "
\n" + - "only obtain users with a username beginning with 'u'.

\n" - ) - - - contents = HBox( - HSpacing(1.5), - VBox( - HSpacing(70), # max 65 with help on left side... - VSpacing(0.5), - Left( - RadioButtonGroup( - VBox( - Left( - RadioButton( - Id(:users), - Opt(:notify), - # radiobutton label - _("Search Filter for &Users"), - curr_shown == :users - ) - ), - Left( - RadioButton( - Id(:groups), - Opt(:notify), - # radiobutton label - _("Search Filter for &Groups"), - curr_shown == :groups - ) - ) - ) - ) - ), - TextEntry(Id(:currf), "", curr_shown == :users ? user_f : group_f), - VSpacing(0.5), - # frame label - Frame( - _("New Condition for Current Filter"), - HBox( - HSpacing(0.5), - VBox( - Left(ComboBox(Id(:andor), "", connectives)), - HBox( - ReplacePoint( - Id(:rpa), - # combobox label - ComboBox( - Id(:atrs), - Opt(:editable), - _("&Attribute"), - curr_shown == :users ? user_attributes : group_attributes - ) - ), - HSpacing(), - VBox(Label(""), ComboBox(Id(:eq), "", equality)), - HSpacing(), - # textentry label - TextEntry(Id(:val), _("&Value"), "") - ), - # pushbuttton label - Right(PushButton(Id(:addu), _("A&dd to Filter"))) - ), - HSpacing(0.5) - ) - ), - VSpacing(), - HBox( - PushButton(Id(:ok), Opt(:default, :key_F10), Label.OKButton), - PushButton(Id(:cancel), Opt(:key_F9), Label.CancelButton), - PushButton(Id(:help), Opt(:key_F2), Label.HelpButton), - # Pushbutton label - PushButton(Id(:read), Opt(:key_F3), _("De&fault")) - ), - VSpacing(0.5) - ), - HSpacing(1.5) - ) - - UI.OpenDialog(Opt(:decorated), contents) - button = :notnext - begin - button = Convert.to_symbol(UI.UserInput) - - if button == :help - Wizard.ShowHelp(help_text) - next - end - if button == :read - if Ldap.bind_pass == nil - Ldap.SetBindPassword(Ldap.GetLDAPPassword(true)) - end - if Ldap.bind_pass != nil && UsersLDAP.ReadFilters == "" - UI.ChangeWidget( - Id(:currf), - :Value, - curr_shown == :users ? - UsersLDAP.GetDefaultUserFilter : - UsersLDAP.GetDefaultGroupFilter - ) - end - next - end - curr_f = Convert.to_string(UI.QueryWidget(Id(:currf), :Value)) - if button == :addu - if Convert.to_string(UI.QueryWidget(Id(:val), :Value)) == "" - # error popup - Popup.Error(_("Enter the value for the attribute.")) - UI.SetFocus(Id(:val)) - next - end - new_value = Builtins.sformat( - "%1%2%3", - Convert.to_string(UI.QueryWidget(Id(:atrs), :Value)), - Convert.to_string(UI.QueryWidget(Id(:eq), :Value)), - Convert.to_string(UI.QueryWidget(Id(:val), :Value)) - ) - - conn = Convert.to_string(UI.QueryWidget(Id(:andor), :Value)) - UI.ChangeWidget( - Id(:currf), - :Value, - UsersLDAP.AddToFilter(curr_f, new_value, conn) - ) - end - if button == :ok || button == :users || button == :groups - if (button == :groups || button == :ok && curr_shown == :users) && - user_f != curr_f - curr_user_f = curr_f - if curr_user_f == "" - # error popup - Popup.Error(_("Enter the value of the user filter.")) - UI.SetFocus(Id(:currf)) - button = :notnext - next - end - if !Builtins.issubstring( - Builtins.tolower(curr_user_f), - Builtins.tolower(default_user_f) - ) && - # yes/no popup question - !Popup.YesNo( - _( - "The new user filter does not contain the default user filter.\nReally use it?\n" - ) - ) - UI.SetFocus(Id(:currf)) - button = :notnext - next - end - user_f = curr_user_f - end - if (button == :users || button == :ok && curr_shown == :groups) && - group_f != curr_f - curr_group_f = curr_f - if curr_group_f == "" - # error popup - Popup.Error(_("Enter the value of the group filter.")) - UI.SetFocus(Id(:currf)) - button = :notnext - next - end - if !Builtins.issubstring( - Builtins.tolower(curr_group_f), - Builtins.tolower(default_group_f) - ) - # yes/no popup question - if !Popup.YesNo( - _( - "The new group filter does not contain the default group filter.\nReally use it?\n" - ) - ) - UI.SetFocus(Id(:currf)) - button = :notnext - next - end - end - group_f = curr_group_f - end - if button == :ok - # checks are OK, let's update the values now - if user_f != UsersLDAP.GetCurrentUserFilter - UsersLDAP.SetCurrentUserFilter(user_f) - ret = true - end - if group_f != UsersLDAP.GetCurrentGroupFilter - UsersLDAP.SetCurrentGroupFilter(group_f) - ret = true - end - else - UI.ChangeWidget(Id(curr_shown), :Value, false) - curr_shown = curr_shown == :users ? :groups : :users - UI.ChangeWidget(Id(curr_shown), :Value, true) - UI.ChangeWidget( - Id(:currf), - :Value, - curr_shown == :users ? user_f : group_f - ) - UI.ReplaceWidget( - Id(:rpa), - # combobox label - ComboBox( - Id(:atrs), - Opt(:editable), - _("&Attribute"), - curr_shown == :users ? user_attributes : group_attributes - ) - ) - end - end - end while button != :ok && button != :cancel - - UI.CloseDialog - ret - end - # Popup for Login settings (Auotolgin feature, login without passwords) # @return modified? # @@ -953,8 +601,6 @@ def AutologinPopup pw_less = Autologin.pw_less auto_used = user != "" - # TODO check if nis/ldap users were read? - usernames = UsersCache.GetUsernames("local") UI.OpenDialog( @@ -1105,10 +751,6 @@ def DeleteUserPopup no_home = false # check if dir exists with this owner stat = Convert.to_map(SCR.Read(path(".target.stat"), home)) - if type == "ldap" && !Ldap.file_server || - Ops.get_integer(stat, "uid", -1) != uid - no_home = true - end # if the user want to delete a system user if type == "system" @@ -1177,12 +819,10 @@ def DeleteGroupPopup delete = true type = UsersCache.GetGroupType group = Users.GetCurrentGroup - member_attribute = UsersLDAP.GetMemberAttribute # if no user is in this group if Ops.get_map(group, "userlist", {}) == {} && - Ops.get_map(group, "more_users", {}) == {} && - Ops.get_map(group, member_attribute, {}) == {} + Ops.get_map(group, "more_users", {}) == {} #if the group is a system group ask the user .. if type == "system" # yes-no popup headline @@ -1299,12 +939,6 @@ def CustomizePopup(what) end if ret == :ok UI.CloseDialog if modified - if Builtins.contains(new_customs, "ldap") && Ldap.bind_pass == nil - Ldap.SetBindPassword(Ldap.GetLDAPPassword(true)) - if Ldap.bind_pass == nil || UsersLDAP.ReadSettings != "" - new_customs = Builtins.filter(new_customs) { |set| set != "ldap" } - end - end modified = Users.ChangeCustoms(what, new_customs) end modified @@ -1322,11 +956,6 @@ def ChooseTypePopup(sets, what) ), # type of user/group # (item of list with the headline 'Choose the type of user to add') - "ldap" => _( - "LDAP" - ), - # type of user/group - # (item of list with the headline 'Choose the type of user to add') "system" => _( "System" ) @@ -1450,27 +1079,6 @@ def GetExpertList deep_copy(expert_list) end - # return the list of menu items for LDAP expert options - def GetLDAPExpertList - expert_list = [] - if !Mode.config && Users.LDAPAvailable && !Users.LDAPModified - expert_list = Builtins.add( - expert_list, - # menubutton label - Item(Id(:ldapfilter), _("LDAP &Search Filter")) - ) - expert_list = Builtins.add( - expert_list, - # menubutton label - Item(Id(:ldapconf), _("L&DAP User and Group Configuration")) - ) - end - deep_copy(expert_list) - end - - #================================================================ - #----------------- some help texts ------------------------------ - # First part of the help text. # @return [String] help text def help_main_start @@ -1484,7 +1092,6 @@ def help_main_start ) end - # Last part of the help text. # @return [String] help text def help_main_end @@ -1870,7 +1477,7 @@ def SummaryTableInit(widget_id) MenuButton( Id(:expertlist), _("E&xpert Options"), - Builtins.union(GetExpertList(), GetLDAPExpertList()) + GetExpertList() ) ) @@ -1982,65 +1589,6 @@ def HandleSummaryTable(widget_id, event) SummaryTableInit("table") return nil end - if ev_id == :ldapfilter - # change of search filter (only when LDAP was not modified yet) - if LDAPSearchFilterPopup() && !Users.LDAPModified - Users.SetLDAPNotRead(true) - current = current_summary == "users" ? - Users.GetCurrentUsers : - Users.GetCurrentGroups - if Builtins.contains(current, "ldap") - # simulate the action "show LDAP users" - HandleFilterLine(widget_id, { "ID" => "ldap" }) - end - # now update the other list (not current_summary) - current = current_summary == "users" ? - Users.GetCurrentGroups : - Users.GetCurrentUsers - if Builtins.contains(current, "ldap") - # customize view is lost... TODO - if current_summary == "users" - Users.ChangeCurrentGroups("ldap") - else - Users.ChangeCurrentUsers("ldap") - end - end - end - return nil - end - if ev_id == :ldapconf - if LdapAdministrationDialog() && Ldap.ldap_modified - if !Users.LDAPNotRead && - # yes/no popup (data were changed) - Popup.YesNo(_("Reread all data from LDAP server?")) - # read all LDAP configuration again! - Users.SetLDAPNotRead(true) - UsersLDAP.SetFiltersRead(false) - UsersLDAP.SetInitialized(false) - current = current_summary == "users" ? - Users.GetCurrentUsers : - Users.GetCurrentGroups - if Builtins.contains(current, "ldap") - # simulate the action "show LDAP users" - HandleFilterLine(widget_id, { "ID" => "ldap" }) - end - # now update the other list (not current_summary) - current = current_summary == "users" ? - Users.GetCurrentGroups : - Users.GetCurrentUsers - if Builtins.contains(current, "ldap") - # customize view is lost... TODO - if current_summary == "users" - Users.ChangeCurrentGroups("ldap") - else - Users.ChangeCurrentUsers("ldap") - end - end - end - Ldap.ldap_modified = false - end - return nil - end if !Ops.is_symbol?(ev_id) Builtins.y2error("strange ev_id value: %1", ev_id) return nil @@ -2104,20 +1652,7 @@ def HandleFilterLine(widget_id, event) Users.GetAvailableUserSets, Convert.to_string(ev_id) ) - if ev_id == "ldap" && Ldap.bind_pass == nil - Ldap.SetBindPassword(Ldap.GetLDAPPassword(true)) - return nil if Ldap.bind_pass == nil - end popup = false - if ev_id == "ldap" && Users.LDAPNotRead || - ev_id == "nis" && Users.NISNotRead - UI.OpenDialog( - Opt(:decorated), - # wait popup - Label(_("Reading sets of users and groups. Please wait...")) - ) - popup = true - end if Users.ChangeCurrentUsers(Convert.to_string(ev_id)) if popup UI.CloseDialog @@ -2136,19 +1671,7 @@ def HandleFilterLine(widget_id, event) Users.GetAvailableGroupSets, Convert.to_string(ev_id) ) - if ev_id == "ldap" && Ldap.bind_pass == nil - Ldap.SetBindPassword(Ldap.GetLDAPPassword(true)) - end popup = false - if ev_id == "ldap" && Users.LDAPNotRead || - ev_id == "nis" && Users.NISNotRead - UI.OpenDialog( - Opt(:decorated), - # wait popup - Label(_("Reading sets of users and groups. Please wait...")) - ) - popup = true - end if Users.ChangeCurrentGroups(Convert.to_string(ev_id)) if popup UI.CloseDialog @@ -2331,14 +1854,12 @@ def HandleAuthData(key, event) def StoreAuthData(key, event) event = deep_copy(event) was_nis_available = Users.NISAvailable - was_ldap_available = Users.LDAPAvailable Users.ReadSourcesSettings - # enabling NIS/LDAP could add + lines (they are not in current cache that + # enabling NIS could add + lines (they are not in current cache that # would be saved after user modifications): - if !was_nis_available && Users.NISAvailable || - !was_ldap_available && Users.LDAPAvailable - Builtins.y2milestone("ldap or nis enabled now") + if !was_nis_available && Users.NISAvailable + Builtins.y2milestone("nis enabled now") Users.AddPlusPasswd("+::::::") Users.AddPlusGroup("+:::") Users.AddPlusShadow("+") diff --git a/src/include/users/wizards.rb b/src/include/users/wizards.rb index 2830ce342..b67f2a305 100644 --- a/src/include/users/wizards.rb +++ b/src/include/users/wizards.rb @@ -36,7 +36,6 @@ def initialize_users_wizards(include_target) Yast.import "CWM" Yast.import "CWMTab" Yast.import "Label" - Yast.import "Ldap" Yast.import "Mode" Yast.import "Popup" Yast.import "Sequencer" @@ -62,14 +61,9 @@ def ReallyBack end # Before showing the table for first time, - # read LDAP/NIS if they are included in custom set + # read NIS if they are included in custom set def InitializeTableItems if UsersCache.CustomizedUsersView || UsersCache.CustomizedGroupsView - if (Builtins.contains(Users.GetUserCustomSets, "ldap") || - Builtins.contains(Users.GetGroupCustomSets, "ldap")) && - Ldap.bind_pass == nil - Ldap.SetBindPassword(Ldap.GetLDAPPassword(true)) - end Users.ChangeCurrentUsers("custom") if UsersCache.CustomizedUsersView Users.ChangeCurrentGroups("custom") if UsersCache.CustomizedGroupsView end @@ -130,20 +124,11 @@ def SummaryDialog old_gui = Users.GetGUI Users.SetGUI(false) Users.Read - # read also LDAP again: bug #41299 - current_users = Users.GetCurrentUsers - if Builtins.contains(current_users, "ldap") - Users.SetLDAPNotRead(true) - Users.ChangeCurrentUsers("ldap") - else - # update the user item list - Users.ChangeCurrentUsers("custom") - end Users.SetGUI(old_gui) ret = :back end - Convert.to_symbol(ret) + ret end @@ -269,9 +254,6 @@ def UsersSequence(start) UI.CloseDialog if !Stage.cont - # read LDAP again in the next run - Users.SetLDAPNotRead(true) - Convert.to_symbol(ret) end diff --git a/src/modules/Users.pm b/src/modules/Users.pm index b2462a7e0..8a9cd37eb 100644 --- a/src/modules/Users.pm +++ b/src/modules/Users.pm @@ -137,24 +137,17 @@ my $read_local = 1; my $users_modified = 0; my $groups_modified = 0; -my $ldap_modified = 0; my $customs_modified = 0; my $defaults_modified = 0; my $security_modified = 0; -my $sysconfig_ldap_modified = 0; -my $ldap_settings_read = 0; # variables describing available users sets: my $nis_available = 1; -my $ldap_available = 1; my $nis_master = 0; # nis users are not read by default, but could be read on demand: my $nis_not_read = 1; -# ldap users are not read by default, but could be read on demand: -my $ldap_not_read = 1; - # check if config files were read before w try to write them my $passwd_not_read = 1; my $shadow_not_read = 1; @@ -219,7 +212,6 @@ YaST::YCP::Import ("Autologin"); YaST::YCP::Import ("Call"); YaST::YCP::Import ("Directory"); YaST::YCP::Import ("FileUtils"); -YaST::YCP::Import ("Ldap"); YaST::YCP::Import ("Linuxrc"); YaST::YCP::Import ("Installation"); YaST::YCP::Import ("MailAliases"); @@ -237,7 +229,6 @@ YaST::YCP::Import ("Stage"); YaST::YCP::Import ("String"); YaST::YCP::Import ("Syslog"); YaST::YCP::Import ("UsersCache"); -YaST::YCP::Import ("UsersLDAP"); YaST::YCP::Import ("UsersPasswd"); YaST::YCP::Import ("UsersPlugins"); YaST::YCP::Import ("UsersRoutines"); @@ -312,7 +303,6 @@ sub Modified { my $ret = $users_modified || $groups_modified || - $ldap_modified || $customs_modified || $defaults_modified || $security_modified; @@ -353,27 +343,6 @@ sub NISNotRead { return $nis_not_read; } -BEGIN { $TYPEINFO{LDAPAvailable} = ["function", "boolean"]; } -sub LDAPAvailable { - return $ldap_available; -} - -BEGIN { $TYPEINFO{LDAPModified} = ["function", "boolean"]; } -sub LDAPModified { - return $ldap_modified; -} - -BEGIN { $TYPEINFO{LDAPNotRead} = ["function", "boolean"]; } -sub LDAPNotRead { - return $ldap_not_read; -} - -BEGIN { $TYPEINFO{SetLDAPNotRead} = ["function", "void", "boolean"]; } -sub SetLDAPNotRead { - my $self = shift; - $ldap_not_read = $_[0]; -} - # OBSOLETE BEGIN { $TYPEINFO{GetRootMail} = ["function", "string"]; } sub GetRootMail { @@ -523,12 +492,6 @@ sub ChangeCurrentUsers { else { @current_users = ( $new ); } - if (contains (\@current_users, "ldap") && $ldap_not_read) { - if (!$self->ReadNewSet ("ldap")) { - @current_users = @backup; - return 0; - } - } if (contains (\@current_users, "nis") && $nis_not_read) { if (!$self->ReadNewSet ("nis")) { @@ -563,13 +526,6 @@ sub ChangeCurrentGroups { @current_groups = ( $new ); } - if (contains (\@current_groups, "ldap") && $ldap_not_read) { - if (!$self->ReadNewSet ("ldap")) { - @current_groups = @backup; - return 0; - } - } - if (contains (\@current_groups, "nis") && $nis_not_read) { if (!$self->ReadNewSet ("nis")) { @current_groups = @backup; @@ -788,12 +744,6 @@ sub GetDefaultGrouplist { my %grouplist = (); my $grouplist = ""; - if ($type eq "ldap") { - $grouplist = UsersLDAP->GetDefaultGrouplist (); - foreach my $group (split (/,/, $grouplist)) { - $grouplist{$group} = 1; - } - } return \%grouplist; } @@ -805,9 +755,6 @@ sub GetDefaultGID { my $type = $_[0]; my $gid = $useradd_defaults{"group"}; - if ($type eq "ldap") { - $gid = UsersLDAP->GetDefaultGID (); - } return $gid; } @@ -818,12 +765,7 @@ sub GetDefaultShell { my $self = shift; my $type = $_[0]; - if ($type eq "ldap") { - return UsersLDAP->GetDefaultShell (); - } - else { - return $useradd_defaults{"shell"}; - } + return $useradd_defaults{"shell"}; } ##------------------------------------ @@ -833,9 +775,6 @@ sub GetDefaultHome { my $self = shift; my $home = $useradd_defaults{"home"} || ""; - if ($_[0] eq "ldap") { - $home = UsersLDAP->GetDefaultHome (); - } if (substr ($home, -1, 1) ne "/") { $home.="/"; } @@ -861,9 +800,6 @@ sub GetDefaultShadow { "shadowLastChange" => "", "userPassword" => undef ); - if ($type eq "ldap") { - %ret = %{UsersLDAP->GetDefaultShadow()}; - } return \%ret; } @@ -881,9 +817,6 @@ sub GetDefaultGroupname { my $gid = $self->GetDefaultGID ($type); my %group = (); - if ($type eq "ldap") { - %group = %{$self->GetGroup ($gid, "ldap")}; - } if (!%group) { %group = %{$self->GetGroup ($gid, "local")}; } @@ -934,8 +867,8 @@ sub SetLoginDefaults { ##------------------------------------ # Returns the map of user specified by its UID -# @param uid user's identification number (UID) or uidnumber attribute for LDAP users -# @param type "local"/"system"/"nis"/"ldap"; if empty, all types are searched +# @param uid user's identification number (UID) +# @param type "local"/"system"/"nis"; if empty, all types are searched # @return the map of _first_ user matching the parameters BEGIN { $TYPEINFO{GetUser} = [ "function", ["map", "string", "any" ], @@ -1088,7 +1021,7 @@ sub GetGroups { ##------------------------------------ # Returns the map of first group with given GID -# @param name group's GID (or gidnumber attribute for LDAP groups) +# @param name group's GID # @param type if empty, all types are searched # @return the map of first group matching parameters BEGIN { $TYPEINFO{GetGroup} = [ "function", @@ -1119,7 +1052,7 @@ sub GetGroup { ##------------------------------------ # Returns the map of first group with given name -# @param name group's name (or cn attribute for LDAP groups) +# @param name group's name # @param type if empty, all types are searched # @return the map of first group matching parameters BEGIN { $TYPEINFO{GetGroupByName} = [ "function", @@ -1159,18 +1092,11 @@ sub FindGroupsBelongUser { foreach my $type (keys %groups) { my $uname = $user->{"uid"}; - if ($type eq "ldap") {# LDAP groups have list of user DN's - $uname = $user->{"dn"}; - } if (!defined $uname) { next; } foreach my $gid (keys %{$groups{$type}}) { my $group = $groups{$type}{$gid}; my $userlist = $group->{"userlist"}; - if ($type eq "ldap") { - my $member_attribute = UsersLDAP->GetMemberAttribute (); - $userlist = $group->{$member_attribute}; - } if (defined $userlist->{$uname}) { $grouplist{$group->{"cn"}} = 1; } @@ -1203,12 +1129,6 @@ sub ReadCustomSets { SCR->Write (".target.ycp", $file, \%customs); $customs_modified = 1; - if ($ldap_available && Ldap->initial_defaults_used () && - !Mode->config ()) - { - @user_custom_sets = ("ldap"); - @group_custom_sets = ("ldap"); - } } else { my $customs = SCR->Read (".target.ycp", $file); @@ -1244,15 +1164,6 @@ sub ReadCustomSets { if (@group_custom_sets == 0) { @group_custom_sets = ("local"); } - # LDAP is not set in nsswitch, but in customs: remove from customs (#360600) - if (!$ldap_available && - (contains (\@user_custom_sets, "ldap") || - contains (\@group_custom_sets, "ldap"))) - { - @user_custom_sets = grep (!/^ldap$/, @user_custom_sets); - @group_custom_sets = grep (!/^ldap$/, @group_custom_sets); - $customs_modified = 1; - } } ##------------------------------------ @@ -1278,7 +1189,7 @@ sub ReadAllShells { } ##------------------------------------ -# Checks the possible user sources (NIS/LDAP available?) +# Checks the possible user sources (NIS available?) BEGIN { $TYPEINFO{ReadSourcesSettings} = ["function", "void"]; } sub ReadSourcesSettings { @@ -1287,16 +1198,11 @@ sub ReadSourcesSettings { $nis_available = ReadNISAvailable (); $nis_master = ReadNISMaster (); - $ldap_available = UsersLDAP->ReadAvailable (); if (!$nis_master && $nis_available) { push @available_usersets, "nis"; push @available_groupsets, "nis"; } - if ($ldap_available) { - push @available_usersets, "ldap"; - push @available_groupsets, "ldap"; - } push @available_usersets, "custom"; push @available_groupsets, "custom"; } @@ -1368,9 +1274,6 @@ sub ReadLoginDefaults { load_useradd_defaults (Y2UsersLinux->read_useradd_config()); - UsersLDAP->InitConstants (\%useradd_defaults); - UsersLDAP->SetDefaultShadow ($self->GetDefaultShadow ("local")); - if (%useradd_defaults) { return 1; } @@ -1378,76 +1281,31 @@ sub ReadLoginDefaults { } ##------------------------------------ -BEGIN { $TYPEINFO{ReadLDAPSet} = ["function", "string", "string"]; } -sub ReadLDAPSet { - - my $self = shift; - my $type = "ldap"; - # generate ldap users/groups list in the agent: - my $ldap_mesg = UsersLDAP->Read(); - if ($ldap_mesg ne "") { - Ldap->LDAPErrorMessage ("read", $ldap_mesg); - return $ldap_mesg; - } - # read the LDAP data (users, groups, items) - $users{$type} = \%{SCR->Read (".ldap.users")}; - $users_by_uidnumber{$type} = \%{SCR->Read (".ldap.users.by_uidnumber")}; - $groups{$type} = \%{SCR->Read (".ldap.groups")}; - $groups_by_gidnumber{$type} = \%{SCR->Read (".ldap.groups.by_gidnumber")}; - # read the necessary part of LDAP user configuration - UsersSimple->SetMinPasswordLength("ldap",UsersLDAP->GetMinPasswordLength()); - UsersSimple->SetMaxPasswordLength("ldap",UsersLDAP->GetMaxPasswordLength()); - - if ($use_gui) { - UsersCache->BuildUserItemList ($type, $users{$type}); - UsersCache->BuildGroupItemList ($type, $groups{$type}); - } - - UsersCache->ReadUsers ($type); - UsersCache->ReadGroups ($type); - - $ldap_not_read = 0; - - return $ldap_mesg; -} - ##------------------------------------ # Read new set of users - "on demand" (called from running module) -# @param type the type of users, currently "ldap" or "nis" +# @param type the type of users, currently "nis" # @return success BEGIN { $TYPEINFO{ReadNewSet} = ["function", "boolean", "string"]; } sub ReadNewSet { - my $self = shift; my $type = $_[0]; - if ($type eq "nis") { - $nis_not_read = 0; - - $users{$type} = \%{SCR->Read (".nis.users")}; - $users_by_uidnumber{$type} = \%{SCR->Read (".nis.users.by_uidnumber")}; - $groups{$type} = \%{SCR->Read (".nis.groups")}; - $groups_by_gidnumber{$type} = \%{SCR->Read (".nis.groups.by_gidnumber")}; + if ($type eq "nis") { + $nis_not_read = 0; + $users{$type} = \%{SCR->Read (".nis.users")}; + $users_by_uidnumber{$type} = \%{SCR->Read (".nis.users.by_uidnumber")}; + $groups{$type} = \%{SCR->Read (".nis.groups")}; + $groups_by_gidnumber{$type} = \%{SCR->Read (".nis.groups.by_gidnumber")}; - if ($use_gui) { + if ($use_gui) { UsersCache->BuildUserItemList ($type, $users{$type}); UsersCache->BuildGroupItemList ($type, $groups{$type}); - } - UsersCache->ReadUsers ($type); - UsersCache->ReadGroups ($type); - } - elsif ($type eq "ldap") { + } - # read all needed LDAP settings now: - if (UsersLDAP->ReadSettings () ne "") { - return 0; - } - - # and now the real user/group data - if ($self->ReadLDAPSet () ne "") { - return 0; - } + UsersCache->ReadUsers ($type); + UsersCache->ReadGroups ($type); } + return 1; } @@ -1516,39 +1374,6 @@ sub ReadAvailablePlugins { if (Mode->test ()) { return; } UsersPlugins->Read (); - - # update internal keys with the values from plugins - - my @user_internals = @{UsersLDAP->GetUserInternal ()}; - my $internals = UsersPlugins->Apply ("InternalAttributes", { - "what" => "user" }, {}); - if (defined $internals && ref ($internals) eq "HASH") { - foreach my $plugin (keys %{$internals}) { - if (ref ($internals->{$plugin}) eq "ARRAY") { - foreach my $int (@{$internals->{$plugin}}) { - if (!contains (\@user_internals, $int)) { - push @user_internals, $int; - } - } - } - } - UsersLDAP->SetUserInternal (\@user_internals); - } - my @group_internals = @{UsersLDAP->GetGroupInternal ()}; - $internals = UsersPlugins->Apply ("InternalAttributes", { - "what" => "group" }, {}); - if (defined $internals && ref ($internals) eq "HASH") { - foreach my $plugin (keys %{$internals}) { - if (ref ($internals->{$plugin}) eq "ARRAY") { - foreach my $int (@{$internals->{$plugin}}) { - if (!contains (\@group_internals, $int)) { - push @group_internals, $int; - } - } - } - } - UsersLDAP->SetGroupInternal (\@group_internals); - } } ##------------------------------------ @@ -1731,19 +1556,7 @@ sub RemoveUserFromGroup { my $group_type = $group_in_work{"type"}; CreateGroupOrg(); - if ($group_type eq "ldap") { - $user = $user_in_work{"dn"}; - if (defined $user_in_work{"org_dn"}) { - $user = $user_in_work{"org_dn"}; - } - my $member_attribute = UsersLDAP->GetMemberAttribute (); - if (defined $group_in_work{$member_attribute}{$user}) { - delete $group_in_work{$member_attribute}{$user}; - $ret = 1; - $group_in_work{"what"} = "user_change"; - } - } - elsif (defined $group_in_work{"userlist"}{$user}) { + if (defined $group_in_work{"userlist"}{$user}) { $ret = 1; $group_in_work{"what"} = "user_change"; delete $group_in_work{"userlist"}{$user}; @@ -1762,16 +1575,7 @@ sub AddUserToGroup { my $group_type = $group_in_work{"type"}; CreateGroupOrg(); - if ($group_type eq "ldap") { - $user = $user_in_work{"dn"}; - my $member_attribute = UsersLDAP->GetMemberAttribute (); - if (!defined $group_in_work{$member_attribute}{$user}) { - $group_in_work{$member_attribute}{$user} = 1; - $group_in_work{"what"} = "user_change"; - $ret = 1; - } - } - elsif (!defined $group_in_work{"userlist"}{$user}) { + if (!defined $group_in_work{"userlist"}{$user}) { $group_in_work{"userlist"}{$user} = 1; $ret = 1; $group_in_work{"what"} = "user_change"; @@ -1782,14 +1586,11 @@ sub AddUserToGroup { ##------------------------------------ # local users have to load shadow settings from global map sub LoadShadow { - - if (%user_in_work && ($user_in_work{"type"} || "") ne "ldap") { my $username = $user_in_work{"uid"}; my $type = $user_in_work{"type"}; foreach my $key (keys %{$shadow{$type}{$username}}) { $user_in_work{$key} = $shadow{$type}{$username}{$key}; } - } } @@ -1819,25 +1620,6 @@ sub SelectUser { UsersCache->SetUserType ($user_in_work{"type"}); } -##------------------------------------ -# this is hacked a bit; there probably could be a case when more groups have -# different DN, but same 'cn' -# (let's rule out this case with properly set "group_base") -BEGIN { $TYPEINFO{SelectGroupByDN} = [ "function", - "void", - "string"]; -} -sub SelectGroupByDN { - - my $self = shift; - my $cn = UsersCache->get_first ($_[0]); - my $group = $self->GetGroupByName ($cn, "ldap"); - if (defined $group->{"dn"} && $group->{"dn"} eq $_[0]) { - %group_in_work = %$group; - } -} - - ##------------------------------------ BEGIN { $TYPEINFO{SelectGroupByName} = [ "function", "void", @@ -1926,12 +1708,7 @@ sub GetUserPlugins { my $adding = shift; my @plugins = (); - if ($type eq "ldap") { - @plugins = @{UsersLDAP->GetUserPlugins ()}; - } - else { @plugins = @local_plugins; - } # check for default plug-ins for adding user # (and only when adding user, otherwise the check for presence was already done...) if (defined $adding) { @@ -1956,12 +1733,7 @@ BEGIN { $TYPEINFO{GetGroupPlugins} = ["function", ["list", "string"], "string"]} sub GetGroupPlugins { my $self = shift; - if ($_[0] eq "ldap") { - return UsersLDAP->GetGroupPlugins (); - } - else { return \@local_plugins; - } } ##------------------------------------ @@ -2121,30 +1893,6 @@ sub EnableUser { return ""; } -# read the rest of attributes of LDAP user which will be edited -sub ReadLDAPUser { - - my $dn = $user_in_work{"dn"} || ""; - my $res = SCR->Read (".ldap.search", { - "base_dn" => $dn, - "scope" => YaST::YCP::Integer (0), - "single_values" => YaST::YCP::Boolean (1), - "attrs" => [ "*", "+" ] # read also operational attributes (#238254) - }); - my $u = {}; - if (defined $res && ref ($res) eq "ARRAY" && ref ($res->[0]) eq "HASH") { - $u = $res->[0]; - } - - foreach my $key (keys %$u) { - if (!defined $user_in_work{$key}) { - $user_in_work{$key} = $u->{$key}; - next; - } - } -} - - ##------------------------------------ #Edit is used in 2 diffr. situations # 1. initialization (creates "org_user") - could be in SelectUser? @@ -2168,10 +1916,6 @@ sub EditUser { # check if user is edited for first time if (!defined $user_in_work{"org_user"} && ($user_in_work{"what"} || "") ne "add_user") { - # read the rest of LDAP if necessary - if ($type eq "ldap" && ($user_in_work{"modified"} || "") ne "added") { - ReadLDAPUser (); - } # password we have read was real -> set "encrypted" flag my $pw = $user_in_work{"userPassword"}; @@ -2199,8 +1943,8 @@ sub EditUser { # save first map for later checks of modification (in Commit) my %org_user = %user_in_work; $user_in_work{"org_user"} = \%org_user; - # grouplist wasn't fully generated while reading nis & ldap users - if ($type eq "nis" || $type eq "ldap") { + # grouplist wasn't fully generated while reading nis + if ($type eq "nis" ) { $user_in_work{"grouplist"} = FindGroupsBelongUser (\%org_user); # set 'groupname' if default group is not LDAP (#43433) if (!defined $user_in_work{"groupname"}) { @@ -2293,17 +2037,6 @@ sub EditUser { $user_in_work{$org_key} = $user_in_work{$key}; } } - # change of DN requires special handling: - if ($type eq "ldap" && $key eq "dn") { - - my $new_dn = UsersLDAP->CreateUserDN (\%data); - if (defined $new_dn && ($user_in_work{$key} ne $new_dn || - !defined $user_in_work{"org_dn"})) { - $user_in_work{"org_dn"} = $user_in_work{$key}; - $user_in_work{$key} = $new_dn; - next; - } - } # compare the differences, create removed_grouplist if ($key eq "grouplist" && defined $user_in_work{$key}) { my %removed = (); @@ -2505,18 +2238,6 @@ sub EditGroup { $group_in_work{$org_key} = $group_in_work{$key}; } } - # change of DN requires special handling: - if ($type eq "ldap" && $key eq "dn") { - - my $new_dn = UsersLDAP->CreateGroupDN (\%data); - if (defined $new_dn && ($group_in_work{$key} ne $new_dn || - !defined $group_in_work{"org_dn"})) - { - $group_in_work{"org_dn"} = $group_in_work{$key}; - $group_in_work{$key} = $new_dn; - next; - } - } # compare the differences, create removed_userlist if ($key eq "userlist" && defined $group_in_work{"userlist"}) { my %removed = (); @@ -2529,21 +2250,6 @@ sub EditGroup { $group_in_work{"removed_userlist"} = \%removed; } } - # same, but for LDAP groups - my $member_attribute = UsersLDAP->GetMemberAttribute (); - if ($key eq $member_attribute && - defined $group_in_work{$member_attribute}) - { - my %removed = (); - foreach my $user (keys %{$group_in_work{$member_attribute}}) { - if (!defined $data{$member_attribute}{$user}) { - $removed{$user} = 1; - } - } - if (%removed) { - $group_in_work{"removed_userlist"} = \%removed; - } - } $group_in_work{$key} = $data{$key}; } $group_in_work{"what"} = "edit_group"; @@ -3133,22 +2839,6 @@ sub AddUser { $user_in_work{"no_skeleton"} = YaST::YCP::Boolean (1); } - if ($type eq "ldap") { - # add other default values - my %ldap_defaults = %{UsersLDAP->GetUserDefaults()}; - foreach my $attr (keys %ldap_defaults) { - if (!defined ($user_in_work{$attr})) { - $user_in_work{$attr} = $ldap_defaults{$attr}; - } - }; - # created DN if not present yet - if (!defined $user_in_work{"dn"}) { - my $dn = UsersLDAP->CreateUserDN (\%data); - if (defined $dn) { - $user_in_work{"dn"} = $dn; - } - } - } # --------------------------------- now call Add function from plugins foreach my $plugin (sort @{$plugins}) { if ($plugin_error) { last; } @@ -3297,22 +2987,6 @@ sub AddGroup { $group_in_work{"gidNumber"} = UsersCache->NextFreeGID ($type); } - if ($type eq "ldap") { - # add other default values - my %ldap_defaults = %{UsersLDAP->GetGroupDefaults()}; - foreach my $attr (keys %ldap_defaults) { - if (!defined ($group_in_work{$attr})) { - $group_in_work{$attr} = $ldap_defaults{$attr}; - } - }; - # created DN if not present yet - if (!defined $group_in_work{"dn"}) { - my $dn = UsersLDAP->CreateGroupDN (\%data); - if (defined $dn) { - $group_in_work{"dn"} = $dn; - } - } - } # --------------------------------- now call Add function from plugins foreach my $plugin (sort @{$plugins}) { if ($plugin_error) { last; } @@ -3373,7 +3047,7 @@ sub UserReallyModified { if (defined $user{"org_user"}) { %org_user = %{$user{"org_user"}}; } - if ($user{"type"} ne "ldap") { + if (($user{"plugin_modified"} || 0) == 1) { return 1; #TODO save special plugin_modified global value? } @@ -3418,12 +3092,11 @@ sub UserReallyModified { } } return $ret; - } - my @internal_keys = @{UsersLDAP->GetUserInternal ()}; + foreach my $key (keys %user) { last if $ret; my $value = $user{$key}; - if (!defined $user{$key} || contains (\@internal_keys, $key) || + if (!defined $user{$key} || ref ($value) eq "HASH" ) { next; } @@ -3455,19 +3128,6 @@ sub UserReallyModified { return $ret; } - -# Substitute the values of LDAP atributes, predefined in LDAP user configuration -BEGIN { $TYPEINFO{SubstituteUserValues} = ["function", "void"] } -sub SubstituteUserValues { - - my $self = shift; - my $substituted = UsersLDAP->SubstituteValues ("user", \%user_in_work); - if (defined $substituted && ref ($substituted) eq "HASH") { - %user_in_work = %{$substituted}; - } -} - - ##------------------------------------ # Update the global map of users using current user or group BEGIN { $TYPEINFO{CommitUser} = ["function", "boolean"] } @@ -3503,24 +3163,14 @@ sub CommitUser { !$users_modified && $self->UserReallyModified (\%user)) { $users_modified = 1; } - if ($type eq "ldap" && !$ldap_modified && $self->UserReallyModified (\%user)) { - $ldap_modified = 1; - } - y2milestone ("commiting user '$username', action is '$what_user', modified: $users_modified, ldap modified: $ldap_modified"); + y2milestone ("commiting user '$username', action is '$what_user', modified: $users_modified"); # --- 1. do the special action if ($what_user eq "add_user") { $user{"modified"} = "added"; - if ($type eq "ldap") { - my $substituted = UsersLDAP->SubstituteValues ("user", \%user); - if (defined $substituted && ref ($substituted) eq "HASH") { - %user = %{$substituted}; - } - } - # update the affected groups foreach my $group (keys %grouplist) { %group_in_work = %{$self->GetGroupByName ($group, "")}; @@ -3659,7 +3309,7 @@ sub CommitUser { } # store deleted directories... someone could want to use them - if ($type ne "ldap" && bool ($user{"delete_home"})) { + if (bool ($user{"delete_home"})) { my $h = $home; if (defined $user{"org_user"}{"homeDirectory"}) { $h = $user{"org_user"}{"homeDirectory"}; @@ -3678,9 +3328,8 @@ sub CommitUser { delete $users_by_uidnumber{$type}{$uid}{$username}; } - if ($type ne "ldap") { - delete $shadow{$type}{$username}; - } + delete $shadow{$type}{$username}; + if (defined $modified_users{$type}{$username}) { delete $modified_users{$type}{$username}; } @@ -3731,18 +3380,6 @@ sub CommitUser { return 1; } -# Substitute the values of LDAP atributes,predefined in LDAP group configuration -BEGIN { $TYPEINFO{SubstituteGroupValues} = ["function", "void"] } -sub SubstituteGroupValues { - - my $self = shift; - my $substituted = UsersLDAP->SubstituteValues ("group", \%group_in_work); - if (defined $substituted && ref ($substituted) eq "HASH") { - %group_in_work = %{$substituted}; - } -} - - ##------------------------------------ # Update the global map of groups using current group BEGIN { $TYPEINFO{CommitGroup} = ["function", "boolean"]; } @@ -3783,13 +3420,6 @@ sub CommitGroup { ($type eq "system" || $type eq "local")) { $groups_modified = 1; } - if ($type eq "ldap" && $what_group ne "") { - $ldap_modified = 1; - my $member_attribute = UsersLDAP->GetMemberAttribute (); - if (defined $group{$member_attribute}) { - %userlist = %{$group{$member_attribute}}; - } - } # 1. specific action if ( $what_group eq "add_group" ) { @@ -4151,22 +3781,18 @@ sub Write { # progress caption my $caption = __("Writing User and Group Configuration"); - my $no_of_steps = 8; + my $no_of_steps = 6; return $ret if (Stage->cont () && !$self->Modified ()); if ($use_gui) { Progress->New ($caption, " ", $no_of_steps, [ - # progress stage label - __("Write LDAP users, groups and settings"), # progress stage label __("Write local users, groups and settings"), # progress stage label __("Write the custom settings") ], [ - # progress step label - __("Writing LDAP users, groups and settings..."), # progress step label __("Writing local users, groups and settings..."), # progress step label @@ -4176,76 +3802,6 @@ sub Write { ], "" ); } - # Write LDAP users and groups - if ($use_gui) { Progress->NextStage (); } - - if ($ldap_modified) { - my $error_msg = ""; - - if (defined ($removed_users{"ldap"})) { - $error_msg = UsersLDAP->WriteUsers ($removed_users{"ldap"}); - if ($error_msg ne "") { - Ldap->LDAPErrorMessage ("users", $error_msg); - } - else { - delete $removed_users{"ldap"}; - } - $nscd_passwd = 1; - } - - if ($error_msg eq "" && defined ($modified_users{"ldap"})) { - - # only remember for which users we need to call cryptconfig - foreach my $username (keys %{$modified_users{"ldap"}}) { - my %user = %{$modified_users{"ldap"}{$username}}; - } - $error_msg = UsersLDAP->WriteUsers ($modified_users{"ldap"}); - if ($error_msg ne "") { - Ldap->LDAPErrorMessage ("users", $error_msg); - } - else { - $self->UpdateUsersAfterWrite ("ldap"); - delete $modified_users{"ldap"}; - } - $nscd_passwd = 1; - } - - if ($error_msg eq "" && defined ($removed_groups{"ldap"})) { - $error_msg = UsersLDAP->WriteGroups ($removed_groups{"ldap"}); - if ($error_msg ne "") { - Ldap->LDAPErrorMessage ("groups", $error_msg); - } - else { - delete $removed_groups{"ldap"}; - } - $nscd_group = 1; - } - - if ($error_msg eq "" && defined ($modified_groups{"ldap"})) { - $error_msg = UsersLDAP->WriteGroups ($modified_groups{"ldap"}); - if ($error_msg ne "") { - Ldap->LDAPErrorMessage ("groups", $error_msg); - } - else { - $self->UpdateGroupsAfterWrite ("ldap"); - delete $modified_groups{"ldap"}; - } - $nscd_group = 1; - } - - if ($error_msg eq "") { - $ldap_modified = 0; - } - else { - return $error_msg; - } - } - - if ($sysconfig_ldap_modified) { - SCR->Write (".sysconfig.ldap.FILE_SERVER", Ldap->file_server? "yes": "no"); - SCR->Write (".sysconfig.ldap", undef); - } - # Write groups and users if ($use_gui) { Progress->NextStage (); } @@ -4254,7 +3810,6 @@ sub Write { if ($groups_modified) { # -------------------------------------- call WriteBefore on plugins foreach my $type (keys %modified_groups) { - if ($type eq "ldap") { next; } foreach my $groupname (keys %{$modified_groups{$type}}) { if ($plugin_error) { last;} my $args = { @@ -4275,7 +3830,6 @@ sub Write { if ($users_modified) { # -------------------------------------- call WriteBefore on plugins foreach my $type (keys %modified_users) { - if ($type eq "ldap") { next; } foreach my $username (keys %{$modified_users{$type}}) { if ($plugin_error) { last;} my $args = { @@ -4294,7 +3848,6 @@ sub Write { } # There used to be a big loop here managing homedir changes, but is not longer necessary: - # - work with homes for LDAP users are ruled in WriteLDAP # - homes for local and system users are handed by Y2Users # - is not possible to add NIS users or to configure their homes } @@ -4326,7 +3879,6 @@ sub Write { if ($users_modified) { # -------------------------------------- call Write on plugins foreach my $type (keys %modified_users) { - if ($type eq "ldap") { next; } foreach my $username (keys %{$modified_users{$type}}) { if ($plugin_error) { last;} my $args = { @@ -4354,7 +3906,6 @@ sub Write { # -------------------------------------- call Write on plugins, # (+do some other work while looping over groups) foreach my $type (keys %modified_groups) { - if ($type eq "ldap") { next; } foreach my $groupname (keys %{$modified_groups{$type}}) { if ($plugin_error) { last;} my $args = { @@ -4493,11 +4044,6 @@ sub CheckUID { return ""; } - if ($type eq "ldap" && $uid >=0 && $uid <= $max) { - # LDAP uid could be from any range (#38556) - return ""; - } - if (($type ne "system" && $type ne "local" && ($uid < $min || $uid > $max)) || # allow change of type: "local" <-> "system" @@ -4548,21 +4094,6 @@ Really use it?"); } } - if (($ui_map{"ldap_range"} || -1) != $uid) { - if ($type eq "ldap" && - $uid < UsersCache->GetMinUID ("ldap")) - { - $ret{"question_id"} = "ldap_range"; - $ret{"question"} = sprintf( -# popup question, %i are numbers -__("The selected user ID is not from a range -defined for LDAP users (%i-%i). -Really use it?"), - UsersCache->GetMinUID ("ldap"), UsersCache->GetMaxUID ("ldap")); - return \%ret; - } - } - if (($ui_map{"local"} || -1) != $uid) { if ($type eq "system" && $uid > UsersCache->GetMinUID ("local") && @@ -4617,9 +4148,9 @@ sub CheckUsername { if (UsersCache->UsernameExists ($username)) { # additional sentence for error popup - my $more = (($self->NISAvailable () || $self->LDAPAvailable ()) && + my $more = (($self->NISAvailable ()) && ($type eq "local" || $type eq "system")) ? __(" -The existing username might belong to a NIS or LDAP user. +The existing username might belong to a NIS user. ") : ""; # error popup, %1 might be additional sentence ("The existing username...") return sformat (__("There is a conflict between the entered @@ -4738,8 +4269,7 @@ Try again."); } # check if directory is writable - if (!Mode->config () && !Mode->test () && - ($type ne "ldap" || Ldap->file_server ())) + if (!Mode->config () && !Mode->test ()) { my $home_path = substr ($home, 0, rindex ($home, "/")); $home_path = $self->IsDirWritable ($home_path); @@ -4787,10 +4317,6 @@ sub CheckHomeUI { return \%ret; } - if ($type eq "ldap" && !Ldap->file_server ()) { - return \%ret; - } - my %stat = %{SCR->Read (".target.stat", $home)}; if ((($ui_map{"not_dir"} || "") ne $home) && @@ -4888,11 +4414,6 @@ sub CheckGID { return ""; } - if ($type eq "ldap" && $gid >=0 && $gid <= $max) { - # LDAP gid could be from any range (#38556) - return ""; - } - if (($type ne "system" && $type ne "local" && ($gid < $min || $gid > $max)) || # allow change of type: "local" <-> "system" @@ -4941,21 +4462,6 @@ Really use it?"); } } - if (($ui_map{"ldap_range"} || -1) != $gid) { - if ($type eq "ldap" && - $gid < UsersCache->GetMinGID ("ldap")) - { - $ret{"question_id"} = "ldap_range"; - $ret{"question"} = sprintf( -# popup question, %i are numbers -__("The selected group ID is not from a range -defined for LDAP groups (%i-%i). -Really use it?"), - UsersCache->GetMinGID ("ldap"), UsersCache->GetMaxGID ("ldap")); - return \%ret; - } - } - if (($ui_map{"local"} || -1) != $gid) { if ($type eq "system" && $gid > UsersCache->GetMinGID ("local") && @@ -5078,11 +4584,11 @@ sub CheckUser { $error = $self->CheckHome ($user{"homeDirectory"}); } - if ($error eq "" && $type ne "ldap") { + if ($error eq "") { $error = $self->CheckFullname ($user{"cn"}); } - if ($error eq "" && $type ne "ldap") { + if ($error eq "") { $error = $self->CheckGECOS ($user{"addit_data"}); } @@ -5199,7 +4705,6 @@ sub CheckGroupForDelete { $group = shift; } my $error = ""; - my $m_attr = UsersLDAP->GetMemberAttribute (); if (defined $group->{"more_users"} && %{$group->{"more_users"}}) { @@ -5208,8 +4713,7 @@ sub CheckGroupForDelete { there are users that use this group as their default group."); } - elsif ((defined $group->{"userlist"} && %{$group->{"userlist"}}) || - (defined $group->{$m_attr} && %{$group->{$m_attr}})) { + elsif ((defined $group->{"userlist"} && %{$group->{"userlist"}})) { # error message: group cannot be deleted $error = __("You cannot delete this group because there are users in the group. @@ -5247,51 +4751,6 @@ sub SetEncryptionMethod { UsersSimple->SetEncryptionMethod ($_[0]); } -##------------------------------------ -# hash user password for LDAP users -# (code provided by rhafer) -sub _hashPassword { - - my ($mech, $password) = @_; - if ($mech eq "crypt" ) { - my $salt = pack("C2",(int(rand 26)+65),(int(rand 26)+65)); - $password = crypt $password,$salt; - $password = "{crypt}".$password; - } - elsif ($mech eq "md5") { - my $ctx = new Digest::MD5(); - $ctx->add($password); - $password = "{md5}".encode_base64($ctx->digest, ""); - } - elsif ($mech eq "smd5") { - my $salt = pack("C5",(int(rand 26)+65), - (int(rand 26)+65), - (int(rand 26)+65), - (int(rand 26)+65), - (int(rand 26)+65) - ); - my $ctx = new Digest::MD5(); - $ctx->add($password); - $ctx->add($salt); - $password = "{smd5}".encode_base64($ctx->digest.$salt, ""); - } - elsif( $mech eq "sha") { - $password = sha1($password); - $password = "{sha}".encode_base64($password, ""); - } - elsif( $mech eq "ssha") { - my $salt = pack("C5", (int(rand 26)+65), - (int(rand 26)+65), - (int(rand 26)+65), - (int(rand 26)+65), - (int(rand 26)+65) - ); - $password = sha1($password.$salt); - $password = "{ssha}".encode_base64($password.$salt, ""); - } - return $password; -} - ##------------------------------------ # crypt given password; parameters: 1.password 2.type (local etc.) 3.user/group BEGIN { $TYPEINFO{CryptPassword} = ["function", @@ -5316,13 +4775,6 @@ sub CryptPassword { return "crypted_".$pw; } - if ($type eq "ldap") { - $method = lc (UsersLDAP->GetEncryption ()); - if ($method eq "clear") { - return $pw; - } - return _hashPassword ($method, $pw); - } # TODO crypt using some perl function... return UsersUI->HashPassword ($method, $pw); } @@ -6255,7 +5707,7 @@ sub Summary { ##------------------------------------------------------------------------- ##------------------------------------------------------------------------- -# Sets modified flags, except of ldap_modified! +# Sets modified flags BEGIN { $TYPEINFO{SetModified} = ["function", "void", "boolean"];} sub SetModified { my $self = shift; @@ -6263,26 +5715,6 @@ sub SetModified { $defaults_modified = $security_modified = $_[0]; } -# Sets modified flag for sysconfig/ldap -BEGIN { $TYPEINFO{SetLdapSysconfigModified} = ["function", "void", "boolean"];} -sub SetLdapSysconfigModified { - my $self = shift; - $sysconfig_ldap_modified = shift; -} - -# Remember reading Ldap client config -BEGIN { $TYPEINFO{SetLdapSettingsRead} = ["function", "void", "boolean"];} -sub SetLdapSettingsRead { - my $self = shift; - $ldap_settings_read = shift; -} - -# Check if Ldap client config was read -BEGIN { $TYPEINFO{LdapSettingsRead} = ["function", "boolean"];} -sub LdapSettingsRead { - return $ldap_settings_read; -} - BEGIN { $TYPEINFO{SetExportAll} = ["function", "void", "boolean"];} sub SetExportAll { my $self = shift; @@ -6314,7 +5746,6 @@ sub SetGUI { my $self = shift; $use_gui = $_[0]; UsersCache->SetGUI ($use_gui); - UsersLDAP->SetGUI ($use_gui); Report->DisplayErrors ($use_gui, 0); } diff --git a/src/modules/UsersCache.pm b/src/modules/UsersCache.pm index f844f096d..f6c311555 100644 --- a/src/modules/UsersCache.pm +++ b/src/modules/UsersCache.pm @@ -57,25 +57,21 @@ my %removed_usernames = (); my %min_uid = ( "local" => 1000, "system" => 100, - "ldap" => 1000 ); my %min_gid = ( "local" => 1000, "system" => 100, - "ldap" => 1000 ); my %max_uid = ( "local" => 60000, "system" => 499, - "ldap" => 60000 ); my %max_gid = ( "local" => 60000, "system" => 499, - "ldap" => 60000 ); # the highest ID in use @@ -87,7 +83,6 @@ my %last_uid = ( my %last_gid = ( "local" => 1000, "system" => 100, - "ldap" => 1000 ); my $max_length_groupname = 32; @@ -124,7 +119,6 @@ my $the_answer = 42; ##------------------------------------ ##------------------- global imports -YaST::YCP::Import ("Ldap"); YaST::YCP::Import ("Mode"); YaST::YCP::Import ("SCR"); YaST::YCP::Import ("UsersPasswd"); @@ -264,12 +258,6 @@ sub UIDExists { if ($ret) { # check if uid wasn't just deleted... my @sets_to_check = ("local", "system"); - # LDAP: do not allow change uid of one user and use old one by - # another user - because users are saved by calling extern tool - # and colisions can be hardly avoided - if ($user_type ne "ldap") { - push @sets_to_check, "ldap"; - } foreach my $type (@sets_to_check) { if (defined $removed_uids{$type}{$uid} && $removed_uids{$type}{$uid} > 0) { $ret = 0; @@ -308,9 +296,6 @@ sub UsernameExists { $ret = UsernameConflicts ($username); if ($ret) { my @sets_to_check = ("local", "system"); - if ($user_type ne "ldap") { - push @sets_to_check, "ldap"; - } foreach my $type (@sets_to_check) { if (defined $removed_usernames{$type}{$username}) { $ret = 0; @@ -329,12 +314,8 @@ sub GIDExists { my $gid = $_[0]; my $ret = 0; - if ($group_type eq "ldap") { - $ret = ($gids{$group_type}{$gid} || 0) > 0; - } - else { $ret = (($gids{"local"}{$gid} || 0) > 0 || ($gids{"system"}{$gid} || 0) > 0); - } + return $ret; } @@ -346,13 +327,7 @@ sub GroupnameExists { my $groupname = $_[0]; my $ret = 0; - if ($group_type eq "ldap") { - $ret = defined $groupnames{$group_type}{$groupname}; - } - else { - $ret = (defined $groupnames{"local"}{$groupname} || - defined $groupnames{"system"}{$groupname}); - } + $ret = (defined $groupnames{"local"}{$groupname} || defined $groupnames{"system"}{$groupname}); return $ret; } @@ -369,13 +344,6 @@ sub HomeExists { my $ret = 0; my @sets_to_check = ("local", "system"); - if (Ldap->file_server ()) { - push @sets_to_check, "ldap"; - } - elsif ($user_type eq "ldap") { #ldap client only - @sets_to_check = ("ldap"); - } - foreach my $type (@sets_to_check) { if (defined $homes{$type}{$home}) { $ret = 1; @@ -835,15 +803,6 @@ sub BuildGroupItem { if (defined ($group{"more_users"})) { %more_users = %{$group{"more_users"}}; } - # which attribute have groups for list of members - my $ldap_member_attribute = Ldap->member_attribute (); - - if ($group{"type"} eq "ldap" && defined ($group{$ldap_member_attribute})) { - foreach my $dn (keys %{$group{$ldap_member_attribute}}) { - my $user = $self->get_first ($dn); - $userlist{$user} = 1; - } - } my @all_users = (); my @userlist = sort keys %userlist; @@ -923,9 +882,6 @@ sub CommitUser { if ($what eq "add_user") { - if ($type eq "ldap") { - $userdns{$dn} = 1; - } if (defined $removed_uids{$type}{$uid} && $removed_uids{$type}{$uid} > 0) { $removed_uids{$type}{$uid} = $removed_uids{$type}{$uid} -1; y2debug ("uid $uid previously defined in removed_uids{$type}"); @@ -964,10 +920,6 @@ sub CommitUser { delete $removed_usernames{$type}{$username}; } $removed_usernames{$org_type}{$org_username} = 1; - if ($type eq "ldap") { - delete $userdns{$org_dn}; - $userdns{$dn} = 1; - } } if ($use_gui) { delete $user_items{$org_type}{$org_username}; @@ -982,9 +934,6 @@ sub CommitUser { } } elsif ($what eq "delete_user") { - if ($type eq "ldap") { - delete $userdns{$org_dn}; - } if (($uids{$type}{$uid} || 0) > 0) { $uids{$type}{$uid} = $uids{$type}{$uid} - 1; } @@ -1156,10 +1105,7 @@ sub ReadUsers { my $self = shift; my $type = $_[0]; - if ($type eq "ldap") { - %userdns = %{SCR->Read (".ldap.users.userdns")}; - } - elsif ($type ne "nis") { # only local/system + if ($type ne "nis") { # only local/system $self->SetLastUID (UsersPasswd->GetLastUID ($type), $type); $homes{$type} = UsersPasswd->GetHomes ($type); $usernames{$type} = UsersPasswd->GetUsernames ($type); @@ -1222,7 +1168,7 @@ sub BuildAdditional { my $true = YaST::YCP::Boolean (1); my $false = YaST::YCP::Boolean (0); - # when LDAP/NIS users were not yet read, they are not in %usernames -> + # when NIS users were not yet read, they are not in %usernames -> # check for userlist before going through %usernames foreach my $user (keys %{$group->{"userlist"}}) { my $id = YaST::YCP::Term ("id", $user); @@ -1231,21 +1177,6 @@ sub BuildAdditional { foreach my $type (keys %usernames) { - # LDAP groups can contain only LDAP users... - if ($group_type eq "ldap") { - if ($type ne "ldap") { next; } - foreach my $dn (keys %userdns) { - - my $id = YaST::YCP::Term ("id", $dn); - if (defined $group->{Ldap->member_attribute ()}{$dn}) { - $additional{$dn} = YaST::YCP::Term("item", $id, $dn, $true); - } - elsif (!defined $group->{"more_users"}{$dn}) { - $additional{$dn} = YaST::YCP::Term("item", $id, $dn,$false); - } - } - next; - } foreach my $user (keys %{$usernames{$type}}) { my $id = YaST::YCP::Term ("id", $user); diff --git a/src/modules/UsersLDAP.pm b/src/modules/UsersLDAP.pm deleted file mode 100644 index 71e14e5f1..000000000 --- a/src/modules/UsersLDAP.pm +++ /dev/null @@ -1,1836 +0,0 @@ -#! /usr/bin/perl -w -# ------------------------------------------------------------------------------ -# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ -# - -# -# UsersLDAP module: -# -- routines for handling LDAP users and groups -# - -package UsersLDAP; - -use strict; - -use YaST::YCP qw(:LOGGING); -use YaPI; -use Data::Dumper; - -textdomain ("users"); - -our %TYPEINFO; - -# If YaST UI (Qt,ncurses) should be used -my $use_gui = 1; - -# if LDAP user/group management is initialized -my $initialized = 0; - -# if settings from Ldap module were already read -my $ldap_read = 0; - -# DN saying where the user (group) configuration (defaults etc.) is stored -my $user_config_dn = ""; -my $group_config_dn = ""; - -# configuration maps (stored on LDAP server) -my %user_config = (); -my %group_config = (); -my %user_template = (); -my %group_template = (); -my %user_defaults = (); -my %group_defaults = (); - -# DN saying where are users (groups) located -my $user_base = ""; -my $group_base = ""; - -# default filters for searching -my $default_user_filter = "objectClass=posixAccount"; -my $default_group_filter = "objectClass=posixGroup"; - -# which attribute have groups for list of members -my $member_attribute = "member"; - -# current filters (must be empty on start): -my $user_filter = ""; -my $group_filter = ""; - -# if filters were read (could be read without reading users and groups) -my $filters_read = 0; - -# default shadow settings for LDAP users -my %shadow = (); - -# other default settings (home, shell, etc.) for LDAP users. -# This has the same basic structure as Users::useradd_defaults, but it can contain extra keys that -# have been dropped from the former (eg. "groups" or "skel") -my %useradd_defaults = (); - -# some default values for LDAP users -my $default_groupname = ""; -my $default_grouplist = ""; - -# password encryption for LDAP users -my $encryption = "crypt"; - -# default object classes of LDAP users (read from Ldap module) -my @user_class = - ("top","posixAccount","shadowAccount", "inetOrgPerson"); - -# default object classes of LDAP groups (read from Ldap module) -my @group_class = - ( "top", "posixGroup", "groupOfNames"); - -# attributes for LDAP search; if empty, all non-empty attrs will be returned -my @user_attributes = (); -my @group_attributes = (); - -# plugin used as defaults for LDAP users -my @default_user_plugins = ( "UsersPluginLDAPAll" ); - -# plugin used as defaults for LDAP groups -my @default_group_plugins = ( "UsersPluginLDAPAll" ); - -# naming attrributes (to be used when creating DN) -my $user_naming_attr = "uid"; -my $group_naming_attr = "cn"; - -# last uid/gid used -my $last_uid = 0; -my $last_gid = 0; - -# max uid/gid allowed -my $max_uid = 60000; -my $max_gid = 60000; - -# min uid/gid allowed -my $min_uid = 1000; -my $min_gid = 1000; - -# user password lengt -my $min_pass_length = 5; -my $max_pass_length = 8; - - -# keys in user's map which are not saved anywhere, they are used for internal -# purposes only -my @user_internal_keys = - ("create_home", "grouplist", "groupname", "modified", "org_username", - "org_uid", "plugins", "text_userpassword", "current_text_userpassword", - "plugins_to_remove", "plugin_modified", - "org_uidNumber", "org_homeDirectory","org_user", "type", "org_groupname", - "org_type", "what", "encrypted", "no_skeleton", "disabled", "enabled", - "dn", "org_dn", "removed_grouplist", "delete_home", "addit_data", - "warning_message", "warning_message_ID", "confirmed_warnings", "home_mode", - "crypted_home_size","chown_home"); - -my @group_internal_keys = - ("modified", "type", "more_users", "s_userlist", "encrypted", "org_type", - "dn", "org_dn", "org_groupname", "org_gidNumber", "removed_userlist", - "what", "org_cn", "plugins", "plugins_to_remove", "org_group", - "warning_message", "warning_message_ID", "confirmed_warnings", - "plugin_modified"); - - -# defualt scope for searching, set it by SetUserScope -my $user_scope = YaST::YCP::Integer (2); -my $group_scope = YaST::YCP::Integer (2); - -# store the 'usage' flag of LDAP attribute -my $attribute_usage = {}; - -##------------------------------------ -##------------------- global imports - -YaST::YCP::Import ("Ldap"); -YaST::YCP::Import ("Mode"); -YaST::YCP::Import ("Popup"); -YaST::YCP::Import ("SCR"); -YaST::YCP::Import ("Stage"); -YaST::YCP::Import ("UsersCache"); -YaST::YCP::Import ("UsersPlugins"); -YaST::YCP::Import ("UsersRoutines"); -YaST::YCP::Import ("UsersUI"); -YaST::YCP::Import ("Y2UsersLinux"); - -##------------------------------------ - -sub contains { - my ( $list, $key, $ignorecase ) = @_; - if ( $ignorecase ) { - if ( grep /^$key$/i, @{$list} ) { - return 1; - } - } else { - if ( grep /^$key$/, @{$list} ) { - return 1; - } - } - return 0; -} -##------------------------------------ -# Checks if set of LDAP users is available -BEGIN { $TYPEINFO{ReadAvailable} = ["function", "boolean"];} -sub ReadAvailable { - - my $self = shift; - my $compat = 0; - my $binddn = SCR->Read (".ldap_conf.v.binddn"); - - if (defined $binddn) { - return 1; - } - return 0; -} - -# read all necessary settings from Ldap module -BEGIN { $TYPEINFO{ReadLdap} = ["function", "boolean"];} -sub ReadLdap { - - $ldap_read = Ldap->Read(); - return $ldap_read; -} - -##------------------------------------ -# Initializes LDAP connection and reads users and groups configuration -# return value is error message -sub Initialize { - - if (!$ldap_read) { - ReadLdap (); - } - Ldap->SetGUI ($use_gui); - my $ldap_mesg = Ldap->LDAPInitWithTLSCheck ({}); - if ($ldap_mesg ne "") { - Ldap->LDAPErrorMessage ("init", $ldap_mesg); - return $ldap_mesg; - } - if (!Ldap->anonymous () && !defined (Ldap->bind_pass ())) { - y2error ("no password to LDAP - cannot bind!"); - # error message - return __("No password for LDAP was entered."); - } - - $ldap_mesg = Ldap->LDAPBind (Ldap->bind_pass ()); - if ($ldap_mesg ne "") { - Ldap->LDAPErrorMessage ("init", $ldap_mesg); - Ldap->SetBindPassword (undef); - return $ldap_mesg; - } - $ldap_mesg = Ldap->InitSchema (); - if ($ldap_mesg ne "") { - Ldap->LDAPErrorMessage ("schema", $ldap_mesg); - return $ldap_mesg; - } - - $ldap_mesg = Ldap->ReadConfigModules (); - if ($ldap_mesg ne "") { - Ldap->LDAPErrorMessage ("read", $ldap_mesg); - return $ldap_mesg; - } - - my %modules = %{Ldap->GetConfigModules ()}; - while ( my ($dn, $config_module) = each %modules) { - - if (!defined $config_module->{"objectClass"}) { - next; - } - my $oc = $config_module->{"objectClass"}; - if (contains ($oc, "suseUserConfiguration", 1) ) { - $user_config_dn = $dn; - %user_config = %{$config_module}; - } - if (contains ($oc, "suseGroupConfiguration", 1) ) { - $group_config_dn = $dn; - %group_config = %{$config_module}; - } - }; - - my @user_templates = (); - if (defined $user_config{"suseDefaultTemplate"}) { - @user_templates = @{$user_config{"suseDefaultTemplate"}}; - } - my @group_templates = (); - if (defined $group_config{"suseDefaultTemplate"}) { - @group_templates = @{$group_config{"suseDefaultTemplate"}}; - } - my $user_template_dn = $user_templates[0] || ""; - my $group_template_dn = $group_templates[0] || ""; - - # read only one default template - if ((@user_templates > 1 || @group_templates > 1) && $use_gui) { - my %templ = - %{UsersUI->ChooseTemplates (\@user_templates, \@group_templates)}; - if (%templ) { - $user_template_dn = $templ{"user"} || $user_template_dn; - $group_template_dn = $templ{"group"} || $group_template_dn; - } - } - %user_template = %{Ldap->ConvertDefaultValues ( - Ldap->GetLDAPEntry ($user_template_dn))}; - %group_template = %{Ldap->ConvertDefaultValues ( - Ldap->GetLDAPEntry ($group_template_dn))}; - - $initialized = 1; - return ""; -} - - -##------------------------------------ -# Read user and group filter needed LDAP search -# Fiters are read from config modules stored in LDAP directory -BEGIN { $TYPEINFO{ReadFilters} = ["function", "string"];} -sub ReadFilters { - - my $self = shift; - my $init = ""; - - if (!$initialized) { - $init = Initialize (); - } - - if ($init ne "") { return $init; } - - # get the default filters from config modules (already read) - if (defined $user_config{"suseSearchFilter"}[0]) { - $default_user_filter = @{$user_config{"suseSearchFilter"}}[0]; - } - if (defined $group_config{"suseSearchFilter"}[0]) { - $default_group_filter = @{$group_config{"suseSearchFilter"}}[0]; - } - - $filters_read = 1; - return $init; -} - -##------------------------------------ -# Read settings from LDAP users and groups configuration -# ("config modules", configurable by ldap-client) -BEGIN { $TYPEINFO{ReadSettings} = ["function", "string"];} -sub ReadSettings { - - my $self = shift; - my $init = ""; - - if (!$filters_read) { - $init = $self->ReadFilters(); - } - if ($init ne "") { return $init; } - - my %tmp_user_config = %user_config; - my %tmp_user_template = %user_template; - my %tmp_group_config = %group_config; - my %tmp_group_template = %group_template; - - # every time take the first value from the list... - if (defined $user_config{"suseDefaultBase"}[0]) { - $user_base = $user_config{"suseDefaultBase"}[0]; - # ask to create if not present - my $base_map = Ldap->GetLDAPEntry ($user_base); - if (ref ($base_map) eq "HASH" && !%$base_map) { - - my $dn = $user_base; - $user_base = Ldap->GetBaseDN (); - if (!$use_gui || Stage->cont() || - # popup question, %s is string argument - Popup->YesNo (sprintf (__("No entry with DN '%s' -exists on the LDAP server. Create it now?"), $dn))) - { - if (Ldap->ParentExists ($dn) && Ldap->WriteLDAP ( { - $dn => { - "objectClass" => [ "top", "organizationalUnit"], - "modified" => "added", - "ou" => UsersCache->get_first ($dn) - }})) { - $user_base = $dn; - } - } - } - } - if ($user_base eq "") { - $user_base = Ldap->GetBaseDN (); - } - - if (defined $group_config{"suseDefaultBase"}[0]) { - $group_base = $group_config{"suseDefaultBase"}[0]; - my $base_map = Ldap->GetLDAPEntry ($group_base); - if (ref ($base_map) eq "HASH" && !%$base_map) { - my $dn = $group_base; - $group_base = Ldap->GetBaseDN (); - if (!$use_gui || Stage->cont() || - # popup question, %s is string argument - Popup->YesNo (sprintf (__("No entry with DN '%s' -exists on the LDAP server. Create it now?"), $dn))) - { - if (Ldap->ParentExists ($dn) && Ldap->WriteLDAP ( { - $dn => { - "objectClass" => [ "top", "organizationalUnit"], - "modified" => "added", - "ou" => UsersCache->get_first ($dn) - }})) { - $group_base = $dn; - } - } - } - } - if ($group_base eq "") { - $group_base = $user_base; - } - - $member_attribute = Ldap->member_attribute (); - if (defined $user_template{"susePlugin"}) { - @default_user_plugins = @{$user_template{"susePlugin"}}; - } - - if (defined $group_template{"susePlugin"}) { - @default_group_plugins = @{$group_template{"susePlugin"}}; - } - - # change the case-insensitive keys back to sensitive ones - my %translated = ( - "homedirectory" => "homeDirectory", - "uidnumber" => "uidNumber", - "loginshell" => "loginShell", - "gidnumber" => "gidNumber", - ); - - if (defined $user_template{"default_values"}) { - my %user_defs = %{$user_template{"default_values"}}; - # update possible wrong (lowercased) names to the correct ones - foreach my $key (keys %user_defs) { - my $new_key = $translated{$key} || $key; - $user_defaults{$new_key} = $user_defs{$key}; - } - } - - if (defined $group_template{"default_values"}) { - my %group_defs = %{$group_template{"default_values"}}; - foreach my $key (keys %group_defs) { - my $new_key = $translated{$key} || $key; - $group_defaults{$new_key} = $group_defs{$key}; - } - } - - # default shadow for new LDAP users - foreach my $key ("shadowWarning", "shadowInactive", "shadowExpire", "shadowMin", "shadowMax", "shadowFlag") { - if (defined $user_defaults{$key}) { - $shadow{$key} = $user_defaults{$key}; - } - } - - if (defined $user_defaults{"homeDirectory"}) { - $useradd_defaults{"home"} = $user_defaults{"homeDirectory"}; - } - if (defined $user_defaults{"gidNumber"}) { - $useradd_defaults{"group"} = $user_defaults{"gidNumber"}; - } - if (defined $user_defaults{"loginShell"}) { - $useradd_defaults{"shell"} = $user_defaults{"loginShell"}; - } - if (defined $user_config{"suseSkelDir"}[0]) { - $useradd_defaults{"skel"} = $user_config{"suseSkelDir"}[0]; - } else { - $useradd_defaults{"skel"} = ${Y2UsersLinux->read_useradd_config()}{"skel"}; - } - - # set default secondary groups - # Warning: there are DN's, but we want (?) only names... - if (defined ($user_template{"suseSecondaryGroup"})) { - my @grouplist = (); - foreach my $dn (@{$user_template{"suseSecondaryGroup"}}) { - push @grouplist, UsersCache->get_first ($dn); - } - $useradd_defaults{"groups"} = join (",", @grouplist); - } else { - $useradd_defaults{"groups"} = ""; - }; - - # password length (there is no check if it is correct for current hash) - if (defined ($user_config{"suseMinPasswordLength"}[0])) { - $min_pass_length = $user_config{"suseMinPasswordLength"}[0]; - } - if (defined ($user_config{"suseMaxPasswordLength"}[0])) { - $max_pass_length = $user_config{"suseMaxPasswordLength"}[0]; - } - - # last used Id - if (defined ($user_config{"suseNextUniqueId"}[0])) { - $last_uid = $user_config{"suseNextUniqueId"}[0]; - } - else { - $last_uid = UsersCache->GetLastUID ("local"); - } - UsersCache->SetLastUID ($last_uid, "ldap"); - - if (defined ($group_config{"suseNextUniqueId"}[0])) { - $last_gid = $group_config{"suseNextUniqueId"}[0]; - } - else { - $last_gid = UsersCache->GetLastGID ("local"); - } - UsersCache->SetLastGID ($last_gid, "ldap"); - - # naming attributes - if (defined ($user_template{"suseNamingAttribute"}[0])) { - $user_naming_attr = $user_template{"suseNamingAttribute"}[0]; - } - if (defined ($group_template{"suseNamingAttribute"}[0])) { - $group_naming_attr = $group_template{"suseNamingAttribute"}[0]; - } - - # max id - if (defined ($user_config{"suseMaxUniqueId"}[0])) { - $max_uid = $user_config{"suseMaxUniqueId"}[0]; - } - if (defined ($group_config{"suseMaxUniqueId"}[0])) { - $max_gid = $group_config{"suseMaxUniqueId"}[0]; - } - UsersCache->SetMaxUID ($max_uid, "ldap"); - UsersCache->SetMaxGID ($max_gid, "ldap"); - - # min id - if (defined ($user_config{"suseMinUniqueId"}[0])) { - $min_uid = $user_config{"suseMinUniqueId"}[0]; - } - if (defined ($group_config{"suseMinUniqueId"}[0])) { - $min_gid = $group_config{"suseMinUniqueId"}[0]; - } - UsersCache->SetMinUID ($min_uid, "ldap"); - UsersCache->SetMinGID ($min_gid, "ldap"); - - if (defined ($user_config{"susePasswordHash"}[0])) { - $encryption = $user_config{"susePasswordHash"}[0]; - } - else { - $encryption = Ldap->pam_password (); - } - if ($encryption eq "") { - $encryption = "crypt"; # same as "des" - } - return $init; -} - - -##------------------------------------ -# do the LDAP search command for users and groups; -# check the search filters before -BEGIN { $TYPEINFO{Read} = ["function", "string"];} -sub Read { - - my $self = shift; - my $ret = ""; - - my $user_filter = $user_filter ne "" ? $user_filter: $default_user_filter; - my $group_filter = $group_filter ne ""? $group_filter:$default_group_filter; - - my $user_attrs = \@user_attributes; - if (@$user_attrs < 1) { - $user_attrs = [ "uid", "uidNumber", "gidNumber", "gecos", "cn", - "homeDirectory", "userPassword", "objectClass" ]; - y2milestone ("minimal set of user attrs to read: ", @$user_attrs); - } - my $group_attrs = \@group_attributes; - - my %args = ( - "user_base" => $user_base, - "group_base" => $group_base, - "user_filter" => $user_filter, - "group_filter" => $group_filter, - "user_scope" => $user_scope, - "group_scope" => $group_scope, - "user_attrs" => $user_attrs, - "group_attrs" => $group_attrs, - "member_attribute" => $member_attribute - ); - if (!SCR->Execute (".ldap.users.search", \%args)) { - $ret = Ldap->LDAPError(); - } - return $ret; -} - -##------------------------------------ -# initialize constants with the values from Users -BEGIN { $TYPEINFO{InitConstants} = ["function", - "void", - ["map", "string", "string" ]]; -} -sub InitConstants { - my $self = shift; - my $local_defaults = shift; - if ($local_defaults && ref ($local_defaults) eq "HASH") { - foreach my $key (keys %$local_defaults) { - $useradd_defaults{$key} = $local_defaults->{$key}; - } - } -} - - -##------------------------------------ -BEGIN { $TYPEINFO{GetDefaultGrouplist} = ["function", "string"];} -sub GetDefaultGrouplist { - return $useradd_defaults{"groups"}; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetDefaultGID} = ["function", "integer"];} -sub GetDefaultGID { - return $useradd_defaults{"group"}; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetDefaultShell} = ["function", "string"]; } -sub GetDefaultShell { - return $useradd_defaults{"shell"}; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetDefaultHome} = ["function", "string"]; } -sub GetDefaultHome { - return $useradd_defaults{"home"}; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetMinPasswordLength} = ["function", "integer"]; } -sub GetMinPasswordLength { - return $min_pass_length; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetMaxPasswordLength} = ["function", "integer"]; } -sub GetMaxPasswordLength { - return $max_pass_length; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetDefaultShadow} = ["function", "void", - [ "map", "string", "string"]]; -} -sub SetDefaultShadow { - my $self = shift; - my $shadow_map = shift; - - if (ref ($shadow_map) ne "HASH") { - return; - } - foreach my $k (keys %$shadow_map) { - if (defined ($shadow_map->{$k}) && $shadow_map->{$k} ne "") { - $shadow{$k} = $shadow_map->{$k}; - } - } -} - - -##------------------------------------ -BEGIN { $TYPEINFO{GetDefaultShadow} = ["function", - [ "map", "string", "string"]]; -} -sub GetDefaultShadow { - return \%shadow; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetUserPlugins} = ["function", ["list", "string"]];} -sub GetUserPlugins { - return \@default_user_plugins; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetUserPlugins} = ["function", "void", ["list", "string"]];} -sub SetUserPlugins { - my $self = shift; - if (ref ($_[0]) eq "ARRAY") { - @default_user_plugins = @{$_[0]}; - } -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetUserAttributes} = ["function", ["list", "string"]];} -sub GetUserAttributes { - return \@user_attributes; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetUserAttributes} = ["function", "void",["list", "string"]];} -sub SetUserAttributes { - my $self = shift; - if (ref ($_[0]) eq "ARRAY") { - @user_attributes = @{$_[0]}; - } -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetGroupAttributes} = ["function", ["list", "string"]];} -sub GetGroupAttributes { - return \@group_attributes; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetGroupAttributes} = ["function", "void",["list","string"]];} -sub SetGroupAttributes { - my $self = shift; - if (ref ($_[0]) eq "ARRAY") { - @group_attributes = @{$_[0]}; - } -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetUserDefaults} = ["function", ["map", "string","string"]];} -sub GetUserDefaults { - return \%user_defaults; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetUserNamingAttr} = ["function", "string"];} -sub GetUserNamingAttr { - return $user_naming_attr; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetUserBase} = ["function", "string"];} -sub GetUserBase { - return $user_base; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetUserBase} = ["function", "void", "string"];} -sub SetUserBase { - my $self = shift; - $user_base = $_[0]; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetUserInternal} = ["function", ["list", "string"]];} -sub GetUserInternal { - return \@user_internal_keys; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetUserInternal} = ["function", "void", ["list", "string"]];} -sub SetUserInternal { - my $self = shift; - if (ref ($_[0]) eq "ARRAY") { - @user_internal_keys = @{$_[0]}; - } -} - - -##------------------------------------ -BEGIN { $TYPEINFO{GetDefaultUserFilter} = ["function", "string"];} -sub GetDefaultUserFilter { - return $default_user_filter; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetCurrentUserFilter} = ["function", "string"];} -sub GetCurrentUserFilter { - return $user_filter; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetCurrentUserFilter} = ["function", "void", "string"];} -sub SetCurrentUserFilter { - my $self = shift; - $user_filter = $_[0]; -} - -##------------------------------------ -# add new condition to current user filter -BEGIN { $TYPEINFO{AddToCurrentUserFilter} = ["function", "void", "string"];} -sub AddToCurrentUserFilter { - my $self = shift; - my $new_filter = shift; - - if (!defined $user_filter || $user_filter eq "") { - $user_filter = $default_user_filter - } - if ($user_filter eq "" || $new_filter eq "") { - return; - } - - if (substr ($user_filter, 0, 1) ne "(") { - $user_filter = "($user_filter)"; - } - if (substr ($new_filter, 0, 1) ne "(") { - $new_filter = "($new_filter)"; - } - $user_filter = "(&$user_filter$new_filter)"; -} - - -##------------------------------------ -# add new condition to given filter -BEGIN { $TYPEINFO{AddToFilter} = ["function", "string", # filter to return - "string", # filter - "string", # what to add - "string" # connective: and/or -];} -sub AddToFilter { - - my $self = shift; - my $filter = shift; - my $new = shift; - my $conn = shift; - - if ($filter eq "") { - return $new; - } - if ($new eq "") { - return $filter; - } - - if (substr ($filter, 0, 1) ne "(") { - $filter = "($filter)"; - } - if (substr ($new, 0, 1) ne "(") { - $new = "($new)"; - } - $conn = (lc ($conn) eq "or") ? "|" : "&"; - return "($conn$filter$new)"; -} - - -##------------------------------------ -BEGIN { $TYPEINFO{SetUserScope} = ["function", "void", "integer"];} -sub SetUserScope { - my $self = shift; - $user_scope = $_[0]; - if (ref ($user_scope) ne "YaST::YCP::Integer") { - $user_scope = YaST::YCP::Integer ($user_scope); - } -} - - -##------------------------------------ -BEGIN { $TYPEINFO{GetGroupPlugins} = ["function", ["list", "string"]];} -sub GetGroupPlugins { - return \@default_group_plugins; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetGroupPlugins} = ["function", "void", ["list", "string"]];} -sub SetGroupPlugins { - my $self = shift; - if (ref ($_[0]) eq "ARRAY") { - @default_group_plugins = @{$_[0]}; - } -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetGroupDefaults} = ["function", ["map", "string","string"]];} -sub GetGroupDefaults { - return \%group_defaults; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetGroupNamingAttr} = ["function", "string"];} -sub GetGroupNamingAttr { - return $group_naming_attr; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetGroupBase} = ["function", "string"];} -sub GetGroupBase { - return $group_base; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetGroupBase} = ["function", "void", "string"];} -sub SetGroupBase { - my $self = shift; - $group_base = $_[0]; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetGroupInternal} = ["function", ["list", "string"]];} -sub GetGroupInternal { - return \@group_internal_keys; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetGroupInternal} = ["function", "void", ["list", "string"]];} -sub SetGroupInternal { - my $self = shift; - if (ref ($_[0]) eq "ARRAY") { - @group_internal_keys = @{$_[0]}; - } -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetDefaultGroupFilter} = ["function", "string"];} -sub GetDefaultGroupFilter { - return $default_group_filter; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetCurrentGroupFilter} = ["function", "string"];} -sub GetCurrentGroupFilter { - return $group_filter; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetCurrentGroupFilter} = ["function", "void", "string"];} -sub SetCurrentGroupFilter { - my $self = shift; - $group_filter = $_[0]; -} - -##------------------------------------ -# add new condition to current group filter -BEGIN { $TYPEINFO{AddToCurrentGroupFilter} = ["function", "void", "string"];} -sub AddToCurrentGroupFilter { - my $self = shift; - if (!defined $group_filter || $group_filter eq "") { - $group_filter = $default_group_filter - } - my $new_filter = shift; - if (substr ($group_filter, 0, 1) ne "(") { - $group_filter = "($group_filter)"; - } - if (substr ($new_filter, 0, 1) ne "(") { - $new_filter = "($new_filter)"; - } - $group_filter = "(&$group_filter$new_filter)"; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetGroupScope} = ["function", "void", "integer"];} -sub SetGroupScope { - my $self = shift; - $group_scope = $_[0]; - if (ref ($group_scope) ne "YaST::YCP::Integer") { - $group_scope = YaST::YCP::Integer ($group_scope); - } -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetFiltersRead} = ["function", "void", "boolean"];} -sub SetFiltersRead { - my $self = shift; - $filters_read = $_[0]; -} - -##------------------------------------ -BEGIN { $TYPEINFO{SetInitialized} = ["function", "void", "boolean"];} -sub SetInitialized { - my $self = shift; - $initialized = $_[0]; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetMemberAttribute} = ["function", "string"];} -sub GetMemberAttribute { - return $member_attribute; -} - -##------------------------------------ -BEGIN { $TYPEINFO{GetEncryption} = ["function", "string"];} -sub GetEncryption { - return $encryption; -} - -# Creates DN of user -BEGIN { $TYPEINFO{CreateUserDN} = ["function", - "string", - ["map", "string", "any"]]; -} -sub CreateUserDN { - - my $self = shift; - my $user = $_[0]; - my $dn_attr = $user_naming_attr; - my $user_attr = $dn_attr; - if (!defined $user->{$user_attr} || $user->{$user_attr} eq "") { - return undef; - } - my $base = $user_base; - $base = get_base ($user->{"dn"}) if ($user->{"dn"}); - my $ret = sprintf ("%s=%s,%s", $dn_attr, $user->{$user_attr}, $base); - y2milestone ("new user DN: $ret"); - return $ret; -} - -##------------------------------------ -BEGIN { $TYPEINFO{CreateGroupDN} = ["function", - "string", - ["map", "string", "any"]]; -} -sub CreateGroupDN { - - my $self = shift; - my $group = $_[0]; - my $dn_attr = $group_naming_attr; - my $group_attr = $dn_attr; - if (!defined $group->{$group_attr} || $group->{$group_attr} eq "") { - return undef; - } - my $base = $group_base; - $base = get_base ($group->{"dn"}) if ($group->{"dn"}); - my $ret = sprintf ("%s=%s,%s", $dn_attr, $group->{$group_attr}, $base); - y2milestone ("new group DN: $ret"); - return $ret; -} - -##------------------------------------ -# Take the object (user or group) and substitute the values of arguments with -# default values (marked in object template). Translates attribute names from -# LDAP types to internal yast-names. -# @param what "user" or "group" -# @param data map of already gathered keys and values -# @example map of default values contains pair "homeDirectory": "/home/%uid" -# -> value of "home" is set to "/home/" + username -# @return new data map with substituted values -BEGIN { $TYPEINFO{SubstituteValues} = ["function", - ["map", "string", "any" ], - "string", ["map", "string", "any" ]]; -} -sub SubstituteValues { - - my $self = shift; - my $what = $_[0]; - my $data = $_[1]; - my %ret = %{$data}; - - my @internal = ($what eq "user") ? - @user_internal_keys : @group_internal_keys; - - my %defaults = ($what eq "user") ? %user_defaults : %group_defaults; - - if (Mode->test ()) { - %defaults = ( - "homeDirectory" => "/home/\%uid", - "cn" => "\%uid", - ) - } - - # 'value' of 'attr' should be changed - foreach my $attr (keys %{$data}) { - - my $value = $data->{$attr}; - my $svalue = ""; - - if (!defined $value || ref ($value) eq "HASH") { - next; - } - if (ref ($value) eq "ARRAY") { - $svalue = $value->[0]; - } - else { - $svalue = $value; - } - # substitute only when current value is empty or contains "%" -# FIXME homedirectory already defined -> what now? - if (!defined $svalue || - contains (\@internal, $attr, 1) || - ($svalue ne "" && !($svalue =~ m/%/))) { - next; - } - # translate attribute names from LDAP to yast-type - my $val = $defaults{$attr}; - - if (defined ($val) && $val =~ m/%/) { - my @parts = split (/%/, $val); - my $result = $parts[0]; - my $i = 1; - while ($i < @parts) { - my $part = $parts[$i]; - my $replaced = 0; - # find a contens of substitution (filled in current user/group) - foreach my $at (sort keys %{$data}) { - my $v = $data->{$at}; - if (!defined $v || contains (\@internal, $at, 1) || - $replaced) { - next; - } - if (ref ($v) eq "HASH") { - next; - } - my $sv = $v; - if (ref ($v) eq "ARRAY") { - $sv = $v->[0]; - } - if (substr ($part, 0, length ($at)) eq $at) { - $result = $result.$sv.substr ($part, length ($at)); - $replaced = 1; - } - } - if (!$replaced) { - $result = $result."%".$part; - } - $i ++; - } - if ($result ne $svalue) { - y2milestone ("attribute '$attr' changed from '$svalue' to '$result'"); - $ret{$attr} = $result; - } - } - } - return \%ret; -} - -# compares 2 arrays; return 1 if they are equal -# (from perlfaq) -sub same_arrays { - - my ($first, $second) = @_; - return 0 unless @$first == @$second; - for (my $i = 0; $i < @$first; $i++) { - return 0 if $first->[$i] ne $second->[$i]; - } - return 1; -} - - -##------------------------------------ -# Convert internal map describing user or group to map that could be passed to -# ldap-agent (remove internal keys, rename attributes etc.) -# @param map of user or group -# @return converted map -BEGIN { $TYPEINFO{ConvertMap} = ["function", - ["map", "string", "any" ], - ["map", "string", "any" ]]; -} -sub ConvertMap { - - my $self = shift; - my $data = shift; - my $org_object = undef; - my $org_ocs = undef; - - if (defined $data->{"org_user"} && $data->{"modified"} eq "edited") { - $org_object = $data->{"org_user"}; - } - if (defined $data->{"org_group"} && $data->{"modified"} eq "edited") { - $org_object = $data->{"org_group"}; - } - if (defined $org_object->{"objectClass"}) { - $org_ocs = $org_object->{"objectClass"}; - } - - my %ret = (); - my @attributes = (); - my $attributes = Ldap->GetObjectAttributes ($data->{"objectClass"}); - if (defined $attributes && ref ($attributes) eq "ARRAY") { - @attributes = @{$attributes}; - } - my $old_attributes = []; - if (defined $org_ocs) { - my @ocs = (); - foreach my $oc (@$org_ocs) { - # object class was deleted - if (!contains ($data->{"objectClass"}, $oc, 1)) { - push @ocs, $oc; - } - } - if (@ocs > 0) { - $old_attributes = Ldap->GetObjectAttributes (\@ocs); - } - } - - my @internal = @user_internal_keys; - if (!defined $data->{"uidNumber"}) { - @internal = @group_internal_keys; - } - foreach my $key (sort keys %{$data}) { - my $val = $data->{$key}; - if (contains (\@internal, $key, 1)) { - next; - } - if ($key eq "userPassword") { - if (!defined $val) { - next; - } - my $enc = lc ($encryption); - # check for unchanged password before prepending the hash (#213574) - if (defined $org_object && defined $org_object->{$key}) { - next if $val eq $org_object->{$key}; - } - if ($enc ne "clear" && !($val =~ m/{$enc}/i)) { - $val = sprintf ("{%s}%s", $enc, $val); - } - } - # now remove the keys with the unchanged values... - if (defined $org_object && defined $org_object->{$key}) { - - if (ref ($val) eq "ARRAY" && ref ($org_object->{$key}) eq "ARRAY" - && same_arrays ($val, $org_object->{$key})) { - y2debug ("---- unchanged array key: $key, value: ", @$val); - next; - } - elsif ($org_object->{$key} eq $val) { - y2debug ("---------- unchanged key: $key, value: $val"); - next; - } - } - - # check if the attributes are allowed by objectClass - if (!contains (\@attributes, $key, 1)) { - if (contains ($old_attributes, $key, 1)) { - # remove the old attribute - y2milestone ("Attribute '$key' is not supported now."); - $val = ""; - } - else { - if (not defined ($attribute_usage->{$key})) { - my $at = SCR->Read (".ldap.schema.at", {"name" => $key}); - $attribute_usage->{$key} = $at->{'usage'}; - $attribute_usage->{$key} = 0 if not defined $at->{'usage'}; - } - # 1, 2 and 3 are operational attributes, they do not require - # object class: - # 0=userApplications, 1=directoryOperation, - # 2=distributedOperation, 3=dSAOperation - if ($attribute_usage->{$key} < 1) { - y2warning ("Attribute '$key' is not allowed by schema."); - next; - } - } - } - if ($key eq $member_attribute && ref ($val) eq "HASH") { - my @lval = (); - foreach my $u (keys %{$val}) { - push @lval, $u; - } - $val = \@lval; - } - y2debug ("-------------------- key: $key, value: $val"); - - $ret{$key} = $val; - } - return \%ret; -} - -# check the boolean value -sub bool { - - my $param = $_[0]; - if (!defined $param) { - return 0; - } - if (ref ($param) eq "YaST::YCP::Boolean") { - return $param->value(); - } - return $param; -} - -# gets base from the DN -sub get_base { - - my $dn = $_[0]; - if (!defined $dn) { - return ""; - } - my @dn_list = split (",", $dn); - shift @dn_list; - return join (',', @dn_list); -} - - -# read the error message generated by plugin -# first parameter is plugin name, 2nd one is configuration map -sub GetPluginError { - - my $plugin = shift; - my $config = shift; - - my $result = UsersPlugins->Apply ("Error", $config, {}); - if (defined $result->{$plugin} && $result->{$plugin} ne "") { - return $result->{$plugin}; - } - return ""; -} - -##------------------------------------ -# Writing modified LDAP users with -# @param ldap_users map of all ldap users -# @param server true if this machine is file for LDAP -# @return empty map on success, map with error message and code otherwise -BEGIN { $TYPEINFO{WriteUsers} = ["function", - "string", - ["map", "string", "any"]]; -} -sub WriteUsers { - - my $self = shift; - my %ret = (); - my $dn_attr = $user_naming_attr; - my $last_id = $last_uid; - my $users = $_[0]; - my $umask = $useradd_defaults{"umask"}; - $umask = "022" unless $umask; - - # if ldap home directiories are on this machine - my $server = Ldap->file_server (); - - foreach my $username (keys %{$users}) { - - my $user = $users->{$username}; - - my $action = $user->{"modified"}; - if (!defined ($action) || defined ($ret{"msg"})) { - next; - } - my $uid = $user->{"uidNumber"}; - if (! defined $uid) { $uid = GetDefaultUID (); } - my $home = $user->{"homeDirectory"} || ""; - my $org_home = $user->{"org_user"}{"homeDirectory"} || $home; - my $gid = $user->{"gidNumber"}; - if (!defined $gid) { $gid = GetDefaultGID (); } - my $create_home = bool ($user->{"create_home"}); - my $chown_home = $user->{"chown_home"}; - $chown_home = 1 if (!defined $chown_home); - my $delete_home = bool ($user->{"delete_home"}); - my $enabled = bool ($user->{"enabled"}); - my $disabled = bool ($user->{"disabled"}); - my $plugins = $user->{"plugins"}; - my $plugins_to_remove = $user->{"plugins_to_remove"}; - my $plugin_error = ""; - - my $org_username= $user->{"org_user"}{"uid"} || $username; - # old DN stored from ldap-search (removed in Convert) - my $dn = $user->{"dn"} || ""; - my $org_dn = $user->{"org_user"}{"dn"} || $dn; - my @obj_classes = @user_class; - if (defined $user->{"objectClass"} && - ref ($user->{"objectClass"}) eq "ARRAY") { - @obj_classes= @{$user->{"objectClass"}}; - } - # check allowed object classes - my @ocs = (); - if ($action ne "deleted") { - foreach my $oc (@obj_classes) { - if (Ldap->ObjectClassExists ($oc)) { - push @ocs, $oc; - } - } - $user->{"objectClass"} = \@ocs; - } - my $mode = 777 - String->CutZeros ($umask); - if (defined ($user->{"home_mode"})) { - $mode = $user->{"home_mode"}; - } - # ----------- now call the WriteBefore plugin function for this user - - if (!defined $plugins) { - $plugins = \@default_user_plugins; - } - my $config = { - "what" => "user", - "type" => "ldap", - "modified" => $action - }; - if ($disabled) { - $config->{"disabled"} = $disabled; - } - if ($enabled) { - $config->{"enabled"} = $disabled; - } - if (defined $plugins_to_remove) { - $config->{"plugins_to_remove"} = $plugins_to_remove; - } - # ---------- for deleted users, get the list of all plugins using the - # PluginPresent call (in add/edit cases, plugins were already read in - # Users->Edit/Add functions) - if ($action eq "deleted") { - my $res = UsersPlugins->Apply ("PluginPresent", $config, $user); - if (defined ($res) && ref ($res) eq "HASH") { - $plugins = []; - foreach my $plugin (keys %{$res}) { - if (bool ($res->{$plugin}) && - !contains ($plugins, $plugin, 1)) { - push @{$plugins}, $plugin; - } - } - } - } - - foreach my $plugin (sort @{$plugins}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("WriteBefore", $config, $user); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - # now call WriteBefore on plugins which should be removed: - # (such call could e.g. remove mail account) - if (defined $plugins_to_remove && $plugin_error eq "") { - foreach my $plugin (sort @{$plugins_to_remove}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("WriteBefore", $config, $user); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - } - if ($plugin_error) { - $ret{"msg"} = $plugin_error; - last; # stop processing LDAP write... - } - # -------------------------------------------------------------------- - # -------------------------------------------------------------------- - my $rdn = "$dn_attr=".$user->{$dn_attr}; - my $new_dn = "$rdn,$user_base"; - my %arg_map = ( - "dn" => $org_dn ne "" ? $org_dn : $new_dn - ); - - if ($action eq "added") { - if ($org_dn ne "") { - $arg_map{"dn"} = $new_dn; - } - if (!SCR->Write (".ldap.add",\%arg_map,$self->ConvertMap ($user))) { - %ret = %{Ldap->LDAPErrorMap ()}; - } - # on server, we can modify homes - else { - if ($uid > $last_id) { - $last_id = $uid; - } - if ($server) { - if ($create_home) { - UsersRoutines->CreateHome ( - $useradd_defaults{"skel"}, $home, "", "yes"); - } - if ($home ne "/var/lib/nobody" && $chown_home) { - if (UsersRoutines->ChownHome ($uid, $gid, $home)) { - UsersRoutines->ChmodHome($home, $mode); - } - } - } - y2usernote ("LDAP user '$username' was created."); - } - } - elsif ($action eq "deleted") { - if (! SCR->Write (".ldap.delete", \%arg_map)) { - %ret = %{Ldap->LDAPErrorMap ()}; - } - else { - if ($server && $delete_home) { - UsersRoutines->DeleteHome ($home); - } - y2usernote ("LDAP user '$username' was deleted."); - } - } - elsif ($action eq "edited") { - # if there are some attributes with empty values, agent should - # care of them - it will either: - # 1. delete the attribute (if there was a value before) or - # 2. ignore given attribute (when it doesn't exist) - $arg_map{"check_attrs"} = YaST::YCP::Boolean (1); - - if (lc ($dn) ne lc ($org_dn)) { - $arg_map{"rdn"} = $rdn; - $arg_map{"new_dn"} = $dn; - my $new_base = get_base ($dn); - if ($new_base ne get_base ($arg_map{"dn"})) { - $arg_map{"newParentDN"} = $new_base; - y2milestone ("new_base $new_base, org_dn $org_dn, dn $dn"); - } - } - if (!SCR->Write (".ldap.modify", \%arg_map, $self->ConvertMap ($user))) { - %ret = %{Ldap->LDAPErrorMap ()}; - } - else { - if ($uid > $last_id) { - $last_id = $uid; - } - if ($server && $home ne $org_home && $home ne "/var/lib/nobody") { - if ($create_home) { - UsersRoutines->MoveHome ($org_home, $home); - } - if ($chown_home) - { - UsersRoutines->ChownHome ($uid, $gid, $home); - } - } - y2usernote ("LDAP user '$username' was modified."); - } - } - if (defined $ret{"msg"}) { - last; # error on write - } - # ----------- now call the "write" plugin function for this user - foreach my $plugin (sort @{$plugins}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("Write", $config, $user); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - if (defined $plugins_to_remove && $plugin_error eq "") { - foreach my $plugin (sort @{$plugins_to_remove}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("Write", $config, $user); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - } - if ($plugin_error) { - $ret{"msg"} = $plugin_error; - last; - } - # -------------------------------------------------------------------- - } - if ($last_id != $last_uid && $user_config_dn ne "") { - # set nextuniqueid in user config module - $user_config{"suseNextUniqueId"} = [ $last_id ]; - my %modules = ( - $user_config_dn => { - "modified" => "edited" - } - ); - $modules{$user_config_dn}{"suseNextUniqueId"} = - $user_config{"suseNextUniqueId"}; - my %new_ret = %{Ldap->WriteToLDAP (\%modules)}; - %ret = %new_ret if not defined $ret{"msg"}; - } - if (defined $ret{"msg"}) { - my $msg = $ret{"msg"}; - if (defined $ret{"server_msg"} && $ret{"server_msg"} ne "") { - $msg = "$msg\n".$ret{"server_msg"}; - } - return $msg; - } - return ""; -} - -##------------------------------------ -# Writing modified LDAP groups -# @param ldap_groups map of all ldap groups -# @return empty map on success, map with error message and code otherwise -BEGIN { $TYPEINFO{WriteGroups} = ["function", - "string", - ["map", "string", "any"]]; -} -sub WriteGroups { - - my $self = shift; - my %ret = (); - my $dn_attr = $group_naming_attr; - my $last_id = $last_gid; - my $groups = $_[0]; - - foreach my $groupname (keys %{$groups}) { - - my $group = $groups->{$groupname}; - - my $action = $group->{"modified"}; - if (!defined ($action) || defined ($ret{"msg"})) { - next; - } - my $gid = $group->{"gidNumber"}; - if (!defined $gid) { $gid = GetDefaultGID (); } - my %new_group = (); - my $dn = $group->{"dn"} || ""; - my $org_dn = $group->{"org_dn"} || $dn; - my $plugins = $group->{"plugins"}; - my $plugins_to_remove = $group->{"plugins_to_remove"}; - my $plugin_error = ""; - - my @obj_classes = @group_class; - if (defined $group->{"objectClass"} && - ref ($group->{"objectClass"}) eq "ARRAY") { - @obj_classes= @{$group->{"objectClass"}}; - } - my %o_classes = (); - foreach my $oc (@obj_classes) { - $o_classes{$oc} = 1; - } - my $group_oc = "groupOfNames"; - my $other_oc = "groupOfUniqueNames"; - if (lc($member_attribute) eq "uniquemember") { - $group_oc = "groupOfUniqueNames"; - $other_oc = "groupOfNames"; - } - # if there is no member of the group, group must be changed - # to namedObject - if ((!defined $group->{$member_attribute} || - !%{$group->{$member_attribute}}) - && defined $o_classes{$group_oc}) - { - if ($action eq "added" || $action eq "edited") { - delete $o_classes{$group_oc}; - $o_classes{"namedObject"} = 1; - } - if ($action eq "edited") { - # delete old group and create new with altered objectClass - %new_group = %{$group}; - $action = "deleted"; - } - } - # we are adding users to empty group (=namedObject): - # group must be changed to groupOfUniqueNames/groupOfNames - elsif (%{$group->{$member_attribute}} && $action eq "edited" && - !defined $o_classes{$group_oc}) - { - # delete old group... - $action = "deleted"; - # ... and create new one with altered objectClass - delete $o_classes{"namedObject"}; - $o_classes{$group_oc} = 1; - if (defined $o_classes{$other_oc}) { - delete $o_classes{$other_oc}; - } - %new_group = %{$group}; - } - my @ocs = (); - foreach my $oc (keys %o_classes) { - if (Ldap->ObjectClassExists ($oc)) { - push @ocs, $oc; - } - } - $group->{"objectClass"} = \@ocs; - # ----------- now call the WriteBefore plugin function for this group - - if (!defined $plugins) { - $plugins = \@default_group_plugins; - } - my $config = { - "what" => "group", - "type" => "ldap", - "modified" => $action - }; - if (defined $plugins_to_remove) { - $config->{"plugins_to_remove"} = $plugins_to_remove; - } - # ---------- for deleted groups, get the list of all plugins using the - # PluginPresent call (in add/edit cases, plugins were already read in - # Users->Edit/Add functions) - if (($group->{"modified"} || $action) eq "deleted") { - my $res = UsersPlugins->Apply ("PluginPresent", $config, $group); - if (defined ($res) && ref ($res) eq "HASH") { - $plugins = []; - foreach my $plugin (keys %{$res}) { - if (bool ($res->{$plugin}) && - !contains ($plugins, $plugin, 1)) { - push @{$plugins}, $plugin; - } - } - } - } - foreach my $plugin (sort @{$plugins}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("WriteBefore", $config, $group); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - if (defined $plugins_to_remove && $plugin_error eq "") { - foreach my $plugin (sort @{$plugins_to_remove}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("WriteBefore", $config, $group); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - } - if ($plugin_error) { - $ret{"msg"} = $plugin_error; - last; # stop processing LDAP write... - } - # ------------------------------------------------------------------- - my $rdn = "$dn_attr=".$group->{$dn_attr}; - my $new_dn = "$rdn,$group_base"; - my %arg_map = ( - "dn" => $org_dn ne "" ? $org_dn : $new_dn - ); - - if ($action eq "added") { - if ($org_dn ne "") { - $arg_map{"dn"} = $new_dn; - } - if (!SCR->Write (".ldap.add",\%arg_map,$self->ConvertMap($group))) { - %ret = %{Ldap->LDAPErrorMap ()}; - } - else { - if ($gid > $last_id) { - $last_id = $gid; - } - y2usernote ("LDAP group '$groupname' was created."); - } - } - elsif ($action eq "deleted") { - if (!SCR->Write (".ldap.delete", \%arg_map)) { - %ret = %{Ldap->LDAPErrorMap ()}; - } - else { - y2usernote ("LDAP group '$groupname' was deleted."); - } - } - elsif ($action eq "edited") { - - $arg_map{"check_attrs"} = YaST::YCP::Boolean (1); - - if (lc ($dn) ne lc ($org_dn)) { - $arg_map{"rdn"} = $rdn; - $arg_map{"new_dn"} = $dn; - } - - if (!SCR->Write (".ldap.modify", \%arg_map, $self->ConvertMap($group))) { - %ret = %{Ldap->LDAPErrorMap ()}; - } - else { - if ($gid > $last_id) { - $last_id = $gid; - } - y2usernote ("LDAP group '$groupname' was modified."); - } - } - if (defined $ret{"msg"}) { - last; # error on write - } - # ----------- now call the Write plugin function for this group - foreach my $plugin (sort @{$plugins}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("Write", $config, $group); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - if (defined $plugins_to_remove && $plugin_error eq "") { - foreach my $plugin (sort @{$plugins_to_remove}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("Write", $config, $group); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - } - if ($plugin_error) { - $ret{"msg"} = $plugin_error; - last; # stop processing LDAP write... - } - # -------------------------------------------------------------------- - - # now add a group whose object class was changed: - if (%new_group) { - $config->{"modified"} = "added"; - foreach my $plugin (sort @{$plugins}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("WriteBefore", $config, \%new_group); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - if (defined $plugins_to_remove && $plugin_error eq "") { - foreach my $plugin (sort @{$plugins_to_remove}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("WriteBefore", $config, \%new_group); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - } - if ($plugin_error) { - $ret{"msg"} = $plugin_error; - last; # stop processing LDAP write... - } - # now add new group with modified objectClass - if (lc ($dn) ne lc ($org_dn)) { - $arg_map{"dn"} = $dn; - } - $new_group{"objectClass"} = \@ocs; - # remove the org_group submap, we are adding new group: - delete $new_group{"org_group"}; - if (!SCR->Write (".ldap.add", \%arg_map, - $self->ConvertMap (\%new_group))) - { - %ret = %{Ldap->LDAPErrorMap ()}; - } - elsif ($gid > $last_id) { - $last_id = $gid; - } - if (defined $ret{"msg"}) { - last; # error on write - } - - foreach my $plugin (sort @{$plugins}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("Write", $config, \%new_group); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - if (defined $plugins_to_remove && $plugin_error eq "") { - foreach my $plugin (sort @{$plugins_to_remove}) { - $config->{"plugins"} = [ $plugin ]; - my $res = UsersPlugins->Apply ("Write", $config, \%new_group); - if (!bool ($res->{$plugin})) { - $plugin_error = GetPluginError ($plugin, $config); - if ($plugin_error) { last; } - } - } - } - if ($plugin_error) { - $ret{"msg"} = $plugin_error; - last; # stop processing LDAP write... - } - } - } - if ($last_id != $last_gid && $group_config_dn ne "") { - # set nextuniqueid in group config module - $group_config{"suseNextUniqueId"} = [ $last_id ]; - my %modules = ( - $group_config_dn => { - "modified" => "edited" - } - ); - $modules{$group_config_dn}{"suseNextUniqueId"} = - $group_config{"suseNextUniqueId"}; - my %new_ret = %{Ldap->WriteToLDAP (\%modules)}; - %ret = %new_ret if not defined $ret{"msg"}; - } - - if (defined $ret{"msg"}) { - my $msg = $ret{"msg"}; - if (defined $ret{"server_msg"} && $ret{"server_msg"} ne "") { - $msg = "$msg\n".$ret{"server_msg"}; - } - return $msg; - } - return ""; -} - -BEGIN { $TYPEINFO{SetGUI} = ["function", "void", "boolean"];} -sub SetGUI { - my $self = shift; - $use_gui = $_[0]; -} - -BEGIN { $TYPEINFO{SetLdapRead} = ["function", "void", "boolean"];} -sub SetLdapRead { - my $self = shift; - $ldap_read = $_[0]; -} - - -1 -# EOF diff --git a/src/modules/UsersPluginKerberos.pm b/src/modules/UsersPluginKerberos.pm deleted file mode 100644 index c2e73df56..000000000 --- a/src/modules/UsersPluginKerberos.pm +++ /dev/null @@ -1,289 +0,0 @@ -#! /usr/bin/perl -w -# ------------------------------------------------------------------------------ -# Copyright (c) 2014 SUSE LINUX Products All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ -# - -# -# This is the API part of UsersPluginKerberos plugin: -# Creates the Kerberos principials -# -# For documentation and examples of function arguments and return values, see -# UsersPluginLDAPAll.pm - -# TODO: move to auth_server module which use it - -package UsersPluginKerberos; - -use strict; - -use YaST::YCP qw(:LOGGING sformat); -use YaPI; -use Data::Dumper; -use IPC::Open3; - -textdomain("users"); - -our %TYPEINFO; - -##-------------------------------------- -##--------------------- global imports - -YaST::YCP::Import ("SCR"); -YaST::YCP::Import ("String"); - -##-------------------------------------- -##--------------------- global variables - -# error message, returned when some plugin function fails -my $error = ""; - -# internal name -my $name = "UsersPluginKerberos"; - -##---------------------------------------- -##--------------------- internal functions - -# internal function: -# check if given key (second parameter) is contained in a list (1st parameter) -# if 3rd parameter is true (>0), ignore case -sub contains { - my ($list, $key, $ignorecase) = @_; - if (!defined $list || ref ($list) ne "ARRAY" || @{$list} == 0) { - return 0; - } - if ($ignorecase) { - if ( grep /^\Q$key\E$/i, @{$list} ) { - return 1; - } - } else { - if ( grep /^\Q$key\E$/, @{$list} ) { - return 1; - } - } - return 0; -} - -# internal function: -# check the path of kadmin.local binary -# -# Note that the lastest kbr5 package provides the kadmin.local binary at /usr/sbin, -# but older kbr5 uses /usr/lib/mit/sbin path. -sub kadmin_path { - my $path = "/usr/sbin/kadmin.local"; - my $old_path = "/usr/lib/mit/sbin/kadmin.local"; - - return -x $path ? $path : $old_path; -} - -##------------------------------------------ -##--------------------- global API functions - -# All functions have 2 "any" parameters: these mean: -# 1st: configuration map (hash) - e.g. saying if we work with user or group -# 2nd: data map (hash) of user/group to work with -# for details, see UsersPluginLDAPAll.pm - -# Return the names of provided functions -BEGIN { $TYPEINFO{Interface} = ["function", ["list", "string"], "any", "any"];} -sub Interface { - - my $self = shift; - my @interface = ( - "Name", - "Summary", - "Restriction", - "Write", - "Add", - "AddBefore", - "Edit", - "EditBefore", - "Interface", - "PluginPresent", - "PluginRemovable", - "Error", - ); - return \@interface; -} - -# return error message, generated by plugin -BEGIN { $TYPEINFO{Error} = ["function", "string", "any", "any"];} -sub Error { - - return $error; -} - - -# return plugin name, used for GUI (translated) -BEGIN { $TYPEINFO{Name} = ["function", "string", "any", "any"];} -sub Name { - - # plugin name - return __("Kerberos Configuration"); -} - -##------------------------------------ -# Return plugin summary (to be shown in table with all plugins) -BEGIN { $TYPEINFO{Summary} = ["function", "string", "any", "any"];} -sub Summary { - - my ($self, $config, $data) = @_; - - # user plugin summary (table item) - return __("No Kerberos Management for Groups") if ($config->{"what"} eq "group"); - - # user plugin summary (table item) - return __("Manage Kerberos Principials"); -} - -##------------------------------------ -# Checks the current data map of user/group (2nd parameter) and returns -# true if given user/group has this plugin enabled -BEGIN { $TYPEINFO{PluginPresent} = ["function", "boolean", "any", "any"];} -sub PluginPresent { - my ($self, $config, $data) = @_; - - if ($config->{"what"} eq "group") { - y2debug ("Kerberos plugin not present"); - return 0; - } - my $out = SCR->Execute (".target.bash_output", "${\kadmin_path()} -nq 'list_principals ".String->Quote("".$data->{uid})."*' | /usr/bin/grep '".String->Quote("".$data->{uid})."*'"); - if ($out->{"stdout"} =~ /^$data->{uid}/ ) { - y2milestone ("Kerberos plugin present"); - return 1; - } else { - y2milestone ("Kerberos plugin not present"); - return 0; - } -} - -##------------------------------------ -# Is it possible to remove this plugin from user/group: setting all quota -# values to 0. -BEGIN { $TYPEINFO{PluginRemovable} = ["function", "boolean", "any", "any"];} -sub PluginRemovable { - - return YaST::YCP::Boolean (0); -} - - -##------------------------------------ -# Type of objects this plugin is restricted to. -# Plugin is restricted to local users -BEGIN { $TYPEINFO{Restriction} = ["function", - ["map", "string", "any"], "any", "any"];} -sub Restriction { - - return { - "ldap" => 1, - "group" => 0, - "user" => 1 - }; -} - - -# this will be called at the beggining of Users::AddUser/AddGroup -# Check if it is possible to add this plugin here. -# (Could be called multiple times for one user/group) -BEGIN { $TYPEINFO{AddBefore} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub AddBefore { - - my ($self, $config, $data) = @_; - - return $data; -} - -# This will be called at the end of Users::Add* : modify the object map -# with quota data -BEGIN { $TYPEINFO{Add} = ["function", ["map", "string", "any"], "any", "any"];} -sub Add { - - my ($self, $config, $data) = @_; - y2debug ("Add Kerveros called"); - return $data; -} - -# This will be called at the beggining of Users::EditUser/EditGroup -# Check if it is possible to add this plugin here. -# (Could be called multiple times for one user/group) -BEGIN { $TYPEINFO{EditBefore} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub EditBefore { - - my ($self, $config, $data) = @_; - - return $data; -} - -# This will be called at the end of Users::Edit* : modify the object map -# with quota data -BEGIN { $TYPEINFO{Edit} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Edit { - my ($self, $config, $data) = @_; - y2debug ("Edit Kerberos called"); - return $data; -} - -# What should be done after user is finally written (this is called only once) -BEGIN { $TYPEINFO{Write} = ["function", "boolean", "any", "any"];} -sub Write { - - my ($self, $config, $data) = @_; - my $command = kadmin_path(); - my $input = ""; - - #y2milestone(Dumper($data)); - - if( $data->{what} eq 'add_user' ) { - $input = "addprinc -pw \"$data->{text_userpassword}\" $data->{uid}"; - } - elsif( $data->{what} eq 'delete_user' ) { - $input = "delprinc -force $data->{uid}"; - } - elsif( $data->{what} eq 'edit_user' ) { - if( defined $data->{text_userpassword} ) { - $input = "change_password -pw \"$data->{text_userpassword}\" $data->{uid}"; - } - } - - if ( defined $input ) { - my $pid = open3(\*IN, \*OUT, \*ERR, "$command") - or do { - $error = __("Cannot execute kadmin.local."); - return YaST::YCP::Boolean (0); - }; - print IN "$input\n"; - - close IN; - close OUT; - close ERR; - waitpid $pid, 0; - } - - return YaST::YCP::Boolean (1); -} -1 -# EOF diff --git a/src/modules/UsersPluginLDAPAll.pm b/src/modules/UsersPluginLDAPAll.pm deleted file mode 100644 index d1e412a76..000000000 --- a/src/modules/UsersPluginLDAPAll.pm +++ /dev/null @@ -1,474 +0,0 @@ -#! /usr/bin/perl -w -# ------------------------------------------------------------------------------ -# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ -# - -# -# Example of plugin module -# This is the API part of UsersPluginLDAPAll plugin - configuration of -# all user/group LDAP attributes -# - -package UsersPluginLDAPAll; - -use strict; - -use YaST::YCP qw(:LOGGING); -use YaPI; -use Data::Dumper; - -textdomain("users"); - -our %TYPEINFO; - -##-------------------------------------- -##--------------------- global imports - -YaST::YCP::Import ("SCR"); -YaST::YCP::Import ("Ldap"); - -##-------------------------------------- -##--------------------- global variables - -# default object classes of LDAP users -my @user_object_class = - ("top","posixAccount", "inetOrgPerson"); - -# default object classes of LDAP groups -my @group_object_class = - ( "top", "posixGroup", "groupOfNames"); - -# object classes of LDAP groups using uniqmember attribute -my @unique_group_object_class = - ( "top", "posixGroup", "groupOfUniqueNames"); - -# error message, returned when some plugin function fails -my $error = ""; - -##-------------------------------------- - -# All functions have 2 "any" parameters: this will probably mean -# 1st: configuration map (hash) - e.g. saying if we work with user or group -# 2nd: data map (hash) of user (group) to work with - -# in 'config' map there is a info of this type: -# "what" => "user" / "group" -# "modified" => "added"/"edited"/"deleted" -# "enabled" => 1/ key not present -# "disabled" => 1/ key not present -# "plugins_to_remove" => list of plugins which has to be removed - -# 'data' map contains the atrtributes of the user. It could also contain -# some keys, which Users module uses internaly (like 'groupname' for name of -# user's default group). Just ignore these values - -# -- Warning messages -- -# There is a special way, when you want to give user additional information -# (warning) about some issues appeared during the function. -# -# These keys can be saved by plugin to the result structure of AddBefore, -# Add, EditBefore, Edit, Enable, Disable calls: -# "warning_message" => STRING -# Translated message that should be shown to user (probably as a popup) -# "warning_message_ID" => STRING -# The ID of the message (optional). -# -# This key can be present in user/group $data hash: -# "confirmed_warnings" => HASH (in the form { message_ID_1 => 1 }) -# (This has sense only if plugin uses optional "warning_message_ID" key) -# Indicates which messages were already shown to this user/group. -# Plugin function may check for existence of the message_ID_1 in this -# hash before generating "warning_message", to realize if this message -# was alredy shown before (in the same situation). -# See example in AddBefore function. - -##------------------------------------ - - -# return names of provided functions -BEGIN { $TYPEINFO{Interface} = ["function", ["list", "string"], "any", "any"];} -sub Interface { - - my $self = shift; - my @interface = ( - "GUIClient", - "Check", - "Name", - "Summary", - "Restriction", - "WriteBefore", - "Write", - "AddBefore", - "Add", - "EditBefore", - "Edit", - "Interface", - "Disable", - "Enable", - "PluginPresent", - "PluginRemovable", -# "InternalAttributes", - "Error", - ); - return \@interface; -} - -# return error message, generated by plugin -BEGIN { $TYPEINFO{Error} = ["function", "string", "any", "any"];} -sub Error { - - my $self = shift; - return $error; -} - - -# return plugin name, used for GUI (translated) -BEGIN { $TYPEINFO{Name} = ["function", "string", "any", "any"];} -sub Name { - - my $self = shift; - # plugin name - return __("LDAP Attributes"); -} - -##------------------------------------ -# return plugin summary (to be shown in table with all plugins) -BEGIN { $TYPEINFO{Summary} = ["function", "string", "any", "any"];} -sub Summary { - - my $self = shift; - my $what = "user"; - # plugin summary (table item) - my $ret = __("Edit Remaining LDAP Attributes"); - - if (defined $_[0]->{"what"} && $_[0]->{"what"} eq "group") { - # plugin summary (table item) - $ret = __("Edit Remaining LDAP Attributes"); - } - return $ret; -} - -##------------------------------------ -# return plugin internal attributes (which shouldn't be shown to user) -BEGIN { $TYPEINFO{InternalAttributes} = ["function", - [ "list", "string" ], "any", "any"]; -} -sub InternalAttributes { - - my $self = shift; - my @ret = (); - - if (defined $_[0]->{"what"} && $_[0]->{"what"} eq "group") { - @ret = (); - } - return \@ret; -} - -##------------------------------------ -# checks the current data map of user/group (2nd parameter) and returns -# true if given user (group) has our plugin -BEGIN { $TYPEINFO{PluginPresent} = ["function", "boolean", "any", "any"];} -sub PluginPresent { - - my $self = shift; - - # Yes, all LDAP users/groups have this plugin as default - # (and this plugin is used only for LDAP objects, see Restriction function) - return YaST::YCP::Boolean (1); -} - -##------------------------------------ -# Is it possible to remove this plugin from user/group? -BEGIN { $TYPEINFO{PluginRemovable} = ["function", "boolean", "any", "any"];} -sub PluginRemovable { - # No, this plugin must be present for all LDAP objects - return YaST::YCP::Boolean (0); -} - - -##------------------------------------ -# return name of YCP client defining YCP GUI -BEGIN { $TYPEINFO{GUIClient} = ["function", "string", "any", "any"];} -sub GUIClient { - - my $self = shift; - return "users_plugin_ldap_all"; -} - -##------------------------------------ -# Type of objects this plugin is restricted to. -# It defines: -# 1. type of objects which it should be applied to (ldap/nis/local/system) -# 2. type of objects at all (user/group) -# If this function doesn't exist, plugin is applied for all users of all types -BEGIN { $TYPEINFO{Restriction} = ["function", - ["map", "string", "any"], "any", "any"];} -sub Restriction { - - my $self = shift; - return { - # This plugin applies only for LDAP entries, - "ldap" => 1, - # both for users and groups: - "user" => 1, - "group" => 1 - }; -} - - -##------------------------------------ -# check if all required atributes of LDAP entry are present -# parameter is (whole) map of entry (user/group) -# return error message -BEGIN { $TYPEINFO{Check} = ["function", - "string", - "any", - "any"]; -} -sub Check { - - my $self = shift; - my $config = $_[0]; - my $data = $_[1]; - - # attribute conversion - my @required_attrs = (); - my @object_classes = (); - if (defined $data->{"objectClass"} && ref ($data->{"objectClass"}) eq "ARRAY") { - @object_classes = @{$data->{"objectClass"}}; - } - - # get the attributes required for entry's object classes - foreach my $class (@object_classes) { - my $req = Ldap->GetRequiredAttributes ($class); - if (defined $req && ref ($req) eq "ARRAY") { - foreach my $r (@{$req}) { - if (!contains (\@required_attrs, $r, 1)) { - push @required_attrs, $r; - } - } - } - } - my $action = $data->{"what"} || ""; - # check the presence of required attributes - foreach my $req (@required_attrs) { - my $val = $data->{$req}; - if (substr ($action, 0, 5) eq "edit_" && !defined $val) { - # when editing using YaPI, attribute dosn't have to be loaded - next; - } - if (!defined $val || $val eq "" || - (ref ($val) eq "ARRAY" && - ((@{$val} == 0) || (@{$val} == 1 && $val->[0] eq "")))) { - # error popup (user forgot to fill in some attributes) - return sprintf (__("The attribute '%s' is required for this object according -to its LDAP configuration, but it is currently empty."), $req); - } - } - return ""; -} - -# this will be called from Users::EnableUser -BEGIN { $TYPEINFO{Enable} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Enable { - - my ($self, $config, $data) = @_; - y2debug ("Enable LDAPAll called"); - return $data; -} - -# this will be called from Users::DisableUser -BEGIN { $TYPEINFO{Disable} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Disable { - - my ($self, $config, $data) = @_; - y2debug ("Disable LDAPAll called"); - return $data; -} - - -# internal function: -# check if given key (second parameter) is contained in a list (1st parameter) -# if 3rd parameter is true (>0), ignore case -sub contains { - my ( $list, $key, $ignorecase ) = @_; - if ( $ignorecase ) { - if ( grep /^$key$/i, @{$list} ) { - return 1; - } - } else { - if ( grep /^$key$/, @{$list} ) { - return 1; - } - } - return 0; -} - -# update the list of current object classes -sub update_object_classes { - - my $config = $_[0]; - my $data = $_[1]; - - # define the object class for new user/groupa - my @orig_object_class = (); - if (defined $data->{"objectClass"} && ref $data->{"objectClass"} eq "ARRAY") - { - @orig_object_class = @{$data->{"objectClass"}}; - } - my @ocs = @user_object_class; - if (($config->{"what"} || "") eq "group") { - if (lc (Ldap->member_attribute ()) eq "uniquemember") { - @ocs = @unique_group_object_class; - } - else { - @ocs = @group_object_class; - } - } - foreach my $oc (@ocs) { - if (!contains (\@orig_object_class, $oc, 1)) { - push @orig_object_class, $oc; - } - } - - $data->{"objectClass"} = \@orig_object_class; - - return $data; -} - -# this will be called at the beggining of Users::Add -# Could be called multiple times for one user/group! -BEGIN { $TYPEINFO{AddBefore} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub AddBefore { - - my $self = shift; - my $config = $_[0]; - my $data = $_[1]; # only new data that will be copied to current user map - - $data = update_object_classes ($config, $data); - - y2debug ("AddBefore LDAPAll called"); - - my $warning_id = "something_wrong"; - my $warning = __("An error occurred."); - - if (ref ($data->{"confirmed_warnings"}) eq "HASH" && - defined $data->{"confirmed_warnings"}{$warning_id}) { - y2debug ("warning already shown"); - } - elsif (0) { - $data->{"warning_message"} = $warning; - $data->{"warning_message_ID"} = $warning_id; - } - return $data; -} - - -# This will be called just after Users::Add - the data map probably contains -# the values which we could use to create new ones -# Could be called multiple times for one user/group! -BEGIN { $TYPEINFO{Add} = ["function", ["map", "string", "any"], "any", "any"];} -sub Add { - - my $self = shift; - my $config = $_[0]; - my $data = $_[1]; # the whole map of current user/group after Users::Edit - y2debug("Add LDAPAll called"); - return $data; -} - -# this will be called at the beggining of Users::Edit -BEGIN { $TYPEINFO{EditBefore} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub EditBefore { - - my $self = shift; - my $config = $_[0]; - my $data = $_[1]; # only new data that will be copied to current user map - # data of original user/group are saved as a submap of $config - # data with key "org_data" - - # in $data hash, there could be "plugins_to_remove": list of plugins which - # has to be removed from the user - - y2debug ("EditBefore LDAPAll called"); - return $data; -} - -# this will be called just after Users::Edit -BEGIN { $TYPEINFO{Edit} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Edit { - - my $self = shift; - my $config = $_[0]; - my $data = $_[1]; # the whole map of current user/group after Users::Edit - - # in $data hash, there could be "plugins_to_remove": list of plugins which - # has to be removed from the user - - y2debug ("Edit LDAPAll called"); - return $data; -} - - - -# what should be done before user is finally written to LDAP -BEGIN { $TYPEINFO{WriteBefore} = ["function", "boolean", "any", "any"];} -sub WriteBefore { - - my $self = shift; - my $config = $_[0]; - my $data = $_[1]; - - # this means what was done with a user/group: added/edited/deleted - my $action = $config->{"modified"} || ""; - - y2debug ("WriteBefore LDAPAll called"); - return YaST::YCP::Boolean (1); -} - -# what should be done after user is finally written to LDAP -BEGIN { $TYPEINFO{Write} = ["function", "boolean", "any", "any"];} -sub Write { - - my $self = shift; - my $config = $_[0]; - my $data = $_[1]; - - # this means what was done with a user: added/edited/deleted - my $action = $config->{"modified"} || ""; - y2debug ("Write LDAPAll called"); - return YaST::YCP::Boolean (1); -} -1 -# EOF diff --git a/src/modules/UsersPluginLDAPPasswordPolicy.pm b/src/modules/UsersPluginLDAPPasswordPolicy.pm deleted file mode 100644 index ba397cfea..000000000 --- a/src/modules/UsersPluginLDAPPasswordPolicy.pm +++ /dev/null @@ -1,399 +0,0 @@ -#! /usr/bin/perl -w -# ------------------------------------------------------------------------------ -# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ -# - -# -# Example of plugin module -# This is the API part of UsersPluginLDAPPasswordPolicy plugin -# - configuration of Password Policy of LDAP user (feature 301179) -# -# For documentation and examples of function arguments and return values, see -# UsersPluginLDAPAll.pm - -package UsersPluginLDAPPasswordPolicy; - -use strict; - -use YaST::YCP qw(:LOGGING); -use YaPI; -use Data::Dumper; -use X500::DN; - -textdomain("users"); - -our %TYPEINFO; - -##-------------------------------------- -##--------------------- global imports - -YaST::YCP::Import ("SCR"); -YaST::YCP::Import ("Ldap"); - -##-------------------------------------- -##--------------------- global variables - -# name of conflicting plugin -my $shadow_plugin = "UsersPluginLDAPShadowAccount"; - -# error message, returned when some plugin function fails -my $error = ""; - -# internal name -my $name = "UsersPluginLDAPPasswordPolicy"; - -# if Password Policy is enabled on the server -my $ppolicy_enabled = undef; - - -# value to write into pwdaccountlockedtime if user should be disabled -# see slapo-ppolicy man-page -my $disabled_user = "000001010000Z"; - -##---------------------------------------- -##--------------------- internal functions - -# internal function: -# check if given key (second parameter) is contained in a list (1st parameter) -# if 3rd parameter is true (>0), ignore case -sub contains { - my ($list, $key, $ignorecase) = @_; - if (!defined $list || ref ($list) ne "ARRAY" || @{$list} == 0) { - return 0; - } - if ($ignorecase) { - if ( grep /^\Q$key\E$/i, @{$list} ) { - return 1; - } - } else { - if ( grep /^\Q$key\E$/, @{$list} ) { - return 1; - } - } - return 0; -} - -# update the object data when removing plugin -# TODO is it possible when plugin is not removable? -sub remove_plugin_data { - - my ($config, $data) = @_; - my @updated_oc; - if (defined $data->{'pwdPolicySubentry'}) { - $data->{'pwdPolicySubentry'} = ""; - } - return $data; -} - -##------------------------------------------ -##--------------------- global API functions - -# return names of provided functions -BEGIN { $TYPEINFO{Interface} = ["function", ["list", "string"], "any", "any"];} -sub Interface { - - my $self = shift; - my @interface = ( - "GUIClient", - "Check", - "Name", - "Summary", - "Restriction", - "WriteBefore", - "Write", - "AddBefore", - "Add", - "EditBefore", - "Edit", - "Interface", - "Disable", - "Enable", - "PluginPresent", - "PluginRemovable", - "Error", - ); - return \@interface; -} - -# return error message, generated by plugin -BEGIN { $TYPEINFO{Error} = ["function", "string", "any", "any"];} -sub Error { - - return $error; -} - - -# return plugin name, used for GUI (translated) -BEGIN { $TYPEINFO{Name} = ["function", "string", "any", "any"];} -sub Name { - - # plugin name - return __("LDAP Password Policy"); -} - -##------------------------------------ -# return plugin summary (to be shown in table with all plugins) -BEGIN { $TYPEINFO{Summary} = ["function", "string", "any", "any"];} -sub Summary { - - # user plugin summary (table item) - return __("Edit Password Policy"); -} - -##------------------------------------ -# checks the current data map of user (2nd parameter) and returns -# true if given user has this plugin -BEGIN { $TYPEINFO{PluginPresent} = ["function", "boolean", "any", "any"];} -sub PluginPresent { - - my ($self, $config, $data) = @_; - - # check for PasswordPolicy at server - if (not defined $ppolicy_enabled) { - $ppolicy_enabled = SCR->Execute (".ldap.ppolicy", { - "hostname" => Ldap->GetFirstServer (Ldap->server ()), - "bind_dn" => Ldap->GetBaseDN () - }); - y2milestone ("Password Policy enabled globaly: $ppolicy_enabled"); - } - if (contains ($data->{'plugins'}, $name, 1) || - # already checked, still no data - contains ((keys %$data), "pwdPolicySubentry", 1)) # checking for data - { - y2milestone ("LDAPPasswordPolicy plugin present"); - return 1; - } elsif ($ppolicy_enabled) { - y2debug ("Password Policy enabled globaly"); - return 1; - } else { - y2debug ("LDAPPasswordPolicy plugin not present"); - return 0; - } -} - -##------------------------------------ -# Is it possible to remove this plugin from user? -BEGIN { $TYPEINFO{PluginRemovable} = ["function", "boolean", "any", "any"];} -sub PluginRemovable { - - return YaST::YCP::Boolean (0); -} - - -##------------------------------------ -# return name of YCP client defining YCP GUI -BEGIN { $TYPEINFO{GUIClient} = ["function", "string", "any", "any"];} -sub GUIClient { - - return "users_plugin_ldap_passwordpolicy"; -} - -##------------------------------------ -# Type of objects this plugin is restricted to. -# Plugin is restricted to LDAP users -BEGIN { $TYPEINFO{Restriction} = ["function", - ["map", "string", "any"], "any", "any"];} -sub Restriction { - - return { - "ldap" => 1, - "user" => 1 - }; -} - - -##------------------------------------ -# check if required atributes of LDAP entry are present and have correct form -# parameter is (whole) map of entry (user) -# return error message -BEGIN { $TYPEINFO{Check} = ["function", - "string", - "any", - "any"]; -} -sub Check { - - my ($self, $config, $data) = @_; - my $pwdpolicysubentry = $data->{'pwdPolicySubentry'}; - if (defined $pwdpolicysubentry && $pwdpolicysubentry ne "") { - - # validate DN - if (not defined X500::DN->ParseRFC2253 ($pwdpolicysubentry)) { - # error popup, %s is object DN - return sprintf (__("Invalid DN syntax of \"%s\"."), $pwdpolicysubentry); - } - - # ldap.init has been done before - my $search = SCR->Read (".ldap.search", { - "base_dn" => $pwdpolicysubentry, - "attrs" => [ "objectClass" ], - "map" => 1 - }); - if (not defined $search) { - my $error = SCR->Read (".ldap.error"); - # error popup, first %s is object DN, second is additional error message - return sprintf (__("Error while searching for \"%s\": -%s"), $pwdpolicysubentry, $error->{'msg'}); - } - my $oc = $search->{$pwdpolicysubentry}{'objectClass'}; - if (defined $oc && ref ($oc) eq "ARRAY") { - if (not contains ($oc, "pwdPolicy", 1)) { - # error popup, %s is object DN - return sprintf (__("The object \"%s\" -is not a Password Policy object"), $pwdpolicysubentry); - } - } - } - return ""; -} - -# this will be called from Users::EnableUser -BEGIN { $TYPEINFO{Enable} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Enable { - - my ($self, $config, $data) = @_; - y2debug ("Enable LDAPAll called"); - - $data->{'pwdAccountLockedTime'} = ""; - return $data; -} - -# this will be called from Users::DisableUser -BEGIN { $TYPEINFO{Disable} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Disable { - - my ($self, $config, $data) = @_; - y2debug ("Disable LDAPAll called"); - - $data->{'pwdAccountLockedTime'} = $disabled_user; - return $data; -} - - -# this will be called at the beggining of Users::Add -# Could be called multiple times for one user -BEGIN { $TYPEINFO{AddBefore} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub AddBefore { - - my ($self, $config, $data) = @_; - - if (!contains ($data->{'plugins_to_remove'}, $name, 1) && - contains ($data->{'plugins'}, $shadow_plugin, 1)) { - # error popup - $error = __("It is not possible to add this plug-in when -the plugin for Shadow Account attributes is in use. -"); - return undef; - } - return $data; -} - - -# This will be called just after Users::Add - the data map probably contains -# the values which we could use to create new ones -# Could be called multiple times for one user! -BEGIN { $TYPEINFO{Add} = ["function", ["map", "string", "any"], "any", "any"];} -sub Add { - - my ($self, $config, $data) = @_; - if (contains ($data->{'plugins_to_remove'}, $name, 1)) { - y2milestone ("removing plugin $name..."); - $data = remove_plugin_data ($config, $data); - } - y2debug("Add LDAPAll called"); - return $data; -} - -# this will be called at the beggining of Users::Edit -BEGIN { $TYPEINFO{EditBefore} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub EditBefore { - - my ($self, $config, $data) = @_; - # $data: only new data that will be copied to current user map - # data of original user are saved as a submap of $config - # data with key "org_data" - - # in $data hash, there could be "plugins_to_remove": list of plugins which - # has to be removed from the user - if (!contains ($data->{'plugins_to_remove'}, $name, 1) && - contains ($data->{'plugins'}, $shadow_plugin, 1)) { - # error popup - $error = __("It is not possible to add this plug-in when -the plugin for Shadow Account attributes is in use. -"); - return undef; - } - if (!defined $config->{"org_data"}{"enabled"}) { - $data->{"enabled"} = YaST::YCP::Boolean (1); - if (($config->{"org_data"}{"pwdAccountLockedTime"} || "") eq $disabled_user) - { - $data->{"enabled"} = YaST::YCP::Boolean (0); - y2milestone ("user is disabled"); - } - } - return $data; -} - -# this will be called just after Users::Edit -BEGIN { $TYPEINFO{Edit} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Edit { - - my ($self, $config, $data) = @_; - if (contains ($data->{'plugins_to_remove'}, $name, 1)) { - y2milestone ("removing plugin $name..."); - $data = remove_plugin_data ($config, $data); - } - y2debug ("Edit LDAPAll called"); - return $data; -} - - - -# what should be done before user is finally written to LDAP -BEGIN { $TYPEINFO{WriteBefore} = ["function", "boolean", "any", "any"];} -sub WriteBefore { - - y2debug ("WriteBefore LDAPAll called"); - return YaST::YCP::Boolean (1); -} - -# what should be done after user is finally written to LDAP -BEGIN { $TYPEINFO{Write} = ["function", "boolean", "any", "any"];} -sub Write { - - y2debug ("Write LDAPAll called"); - return YaST::YCP::Boolean (1); -} -1 -# EOF diff --git a/src/modules/UsersPluginLDAPShadowAccount.pm b/src/modules/UsersPluginLDAPShadowAccount.pm deleted file mode 100644 index 8082eb0c2..000000000 --- a/src/modules/UsersPluginLDAPShadowAccount.pm +++ /dev/null @@ -1,442 +0,0 @@ -#! /usr/bin/perl -w -# ------------------------------------------------------------------------------ -# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact Novell, Inc. -# -# To contact Novell about this file by physical or electronic mail, you may find -# current contact information at www.novell.com. -# ------------------------------------------------------------------------------ -# - -# -# Example of plugin module -# This is the API part of UsersPluginLDAPShadowAccount plugin -# - configuration of ShadowAccount object class of LDAP users -# -# For documentation and examples of function arguments and return values, see -# UsersPluginLDAPAll.pm - -package UsersPluginLDAPShadowAccount; - -use strict; - -use YaST::YCP qw(:LOGGING); -use YaPI; -use Data::Dumper; - -textdomain("users"); - -our %TYPEINFO; - -##-------------------------------------- -##--------------------- global imports - -YaST::YCP::Import ("Ldap"); -YaST::YCP::Import ("SCR"); -YaST::YCP::Import ("UsersLDAP"); - -##-------------------------------------- -##--------------------- global variables - -# object classes handled by this plugin -my $user_object_class = "shadowAccount"; - -# conflicting plugin name -my $pwdpolicy_plugin = "UsersPluginLDAPPasswordPolicy"; - -# error message, returned when some plugin function fails -my $error = ""; - -# internal name -my $name = "UsersPluginLDAPShadowAccount"; - -##---------------------------------------- -##--------------------- internal functions - -# check if given key (second parameter) is contained in a list (1st parameter) -# if 3rd parameter is true (>0), ignore case -sub contains { - my ($list, $key, $ignorecase) = @_; - if (!defined $list || ref ($list) ne "ARRAY" || @{$list} == 0) { - return 0; - } - if ($ignorecase) { - if ( grep /^\Q$key\E$/i, @{$list} ) { - return 1; - } - } else { - if ( grep /^\Q$key\E$/, @{$list} ) { - return 1; - } - } - return 0; -} - -# provide current value for shadowlastchange attribute -sub last_change_is_now { - - my %out = %{SCR->Execute (".target.bash_output", "/usr/bin/date +%s")}; - my $seconds = $out{"stdout"} || "0"; - chomp $seconds; - return sprintf ("%u", $seconds / (60*60*24)); -} - -# update the list of current object classes when adding plugin -sub update_object_classes { - - my ($config, $data) = @_; - - if (defined $data->{"objectClass"} && ref $data->{"objectClass"} eq "ARRAY") - { - my @orig_object_class = @{$data->{"objectClass"}}; - if (!contains (\@orig_object_class, $user_object_class, 1)) { - push @orig_object_class, $user_object_class; - $data->{"objectClass"} = \@orig_object_class; - } - # set default values for new variables - my $shadow = UsersLDAP->GetDefaultShadow (); - foreach my $attr (keys %$shadow) { - if (!defined $data->{$attr} || $data->{$attr} eq "") { - $data->{$attr} = $shadow->{$attr}; - } - } - if (!defined $data->{"shadowLastChange"}) { - $data->{"shadowLastChange"} = last_change_is_now (); - } - } - return $data; -} - -# update the object data when removing plugin -sub remove_plugin_data { - - my ($config, $data) = @_; - my @updated_oc; - foreach my $oc (@{$data->{"objectClass"}}) { - if (lc($oc) ne lc ($user_object_class)) { - push @updated_oc, $oc; - } - } - $data->{"objectClass"} = \@updated_oc; - foreach my $attr ("shadowInactive", "shadowExpire", "shadowLastChange", - "shadowMin", "shadowMax", "shadowWarning", "shadowFlag") - { - $data->{$attr} = ""; - } - return $data; -} - -##------------------------------------------ -##--------------------- global API functions - -# return names of provided functions -BEGIN { $TYPEINFO{Interface} = ["function", ["list", "string"], "any", "any"];} -sub Interface { - - my $self = shift; - my @interface = ( - "GUIClient", - "Check", - "Name", - "Summary", - "Restriction", - "WriteBefore", - "Write", - "AddBefore", - "Add", - "EditBefore", - "Edit", - "Interface", - "Disable", - "Enable", - "PluginPresent", - "PluginRemovable", - "Error", - ); - return \@interface; -} - -# return error message, generated by plugin -BEGIN { $TYPEINFO{Error} = ["function", "string", "any", "any"];} -sub Error { - - return $error; -} - - -# return plugin name, used for GUI (translated) -BEGIN { $TYPEINFO{Name} = ["function", "string", "any", "any"];} -sub Name { - - # plugin name - return __("Shadow Account Configuration"); -} - -##------------------------------------ -# return plugin summary (to be shown in table with all plugins) -BEGIN { $TYPEINFO{Summary} = ["function", "string", "any", "any"];} -sub Summary { - - # user plugin summary (table item) - return __("Edit Shadow Account attributes"); -} - -##------------------------------------ -# checks the current data map of user (2nd parameter) and returns -# true if given user has our plugin -BEGIN { $TYPEINFO{PluginPresent} = ["function", "boolean", "any", "any"];} -sub PluginPresent { - - my ($self, $config, $data) = @_; - - if (contains ($data->{"objectClass"}, $user_object_class, 1)) { - y2milestone ("LDAPShadowAccount plugin present"); - return 1; - } else { - y2debug ("LDAPShadowAccount plugin not present"); - return 0; - } -} - -##------------------------------------ -# Is it possible to remove this plugin from user? -BEGIN { $TYPEINFO{PluginRemovable} = ["function", "boolean", "any", "any"];} -sub PluginRemovable { - - return YaST::YCP::Boolean (1); -} - - -##------------------------------------ -# return name of YCP client defining YCP GUI -BEGIN { $TYPEINFO{GUIClient} = ["function", "string", "any", "any"];} -sub GUIClient { - - return "users_plugin_ldap_shadowaccount"; -} - -##------------------------------------ -# Type of objects this plugin is restricted to. -# Plugin is restricted to LDAP users -BEGIN { $TYPEINFO{Restriction} = ["function", - ["map", "string", "any"], "any", "any"];} -sub Restriction { - - return { - "ldap" => 1, - "user" => 1 - }; -} - - -##------------------------------------ -# check if all required atributes of LDAP entry are present -# parameter is (whole) map of user -# return error message -BEGIN { $TYPEINFO{Check} = ["function", - "string", - "any", - "any"]; -} -sub Check { - - my ($self, $config, $data) = @_; - - # attribute conversion - my @required_attrs = (); - my @object_classes = (); - if (defined $data->{"objectClass"} && ref $data->{"objectClass"} eq "ARRAY") - { - @object_classes = @{$data->{"objectClass"}}; - } - - # get the attributes required for entry's object classes - foreach my $class (@object_classes) { - my $req = Ldap->GetRequiredAttributes ($class); - if (defined $req && ref ($req) eq "ARRAY") { - foreach my $r (@{$req}) { - if (!contains (\@required_attrs, $r, 1)) { - push @required_attrs, $r; - } - } - } - } - my $action = $data->{"what"} || ""; - # check the presence of required attributes - foreach my $req (@required_attrs) { - my $val = $data->{$req}; - if (substr ($action, 0, 5) eq "edit_" && !defined $val) { - # when editing using YaPI, attribute dosn't have to be loaded - next; - } - if (!defined $val || $val eq "" || - (ref ($val) eq "ARRAY" && - ((@{$val} == 0) || (@{$val} == 1 && $val->[0] eq "")))) { - # error popup (user forgot to fill in some attributes) - return sprintf (__("The attribute '%s' is required for this object according -to its LDAP configuration, but it is currently empty."), $req); - } - } - return ""; -} - -# this will be called from Users::EnableUser -BEGIN { $TYPEINFO{Enable} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Enable { - - my ($self, $config, $data) = @_; - my $pw = $data->{"userPassword"}; - - if ((defined $pw) && $pw =~ m/^\!/) { - $pw =~ s/^\!//; - $data->{"userPassword"} = $pw; - } - $data->{"shadowExpire"} = ""; - y2debug ("Enable LDAPAll called"); - return $data; -} - -# this will be called from Users::DisableUser -# set "shadowExpire" to "0", -# set a "!" before the hash-value in the "userPassword" -BEGIN { $TYPEINFO{Disable} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Disable { - - my ($self, $config, $data) = @_; - - my $pw = $data->{"userPassword"}; - - if ((defined $pw) && $pw !~ m/^\!/) { - $data->{"userPassword"} = "!".$pw; - } - $data->{"shadowExpire"} = 0; - y2debug ("Disable LDAPAll called"); - return $data; -} - - -# this will be called at the beggining of Users::Add -# Could be called multiple times for one user! -BEGIN { $TYPEINFO{AddBefore} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub AddBefore { - - my ($self, $config, $data) = @_; - - # conflict with PasswordPolicy plugin - if (!contains ($data->{'plugins_to_remove'}, $name, 1) && - contains ($data->{'plugins'}, $pwdpolicy_plugin, 1)) - { - # error popup - $error = __("It is not possible to add this plug-in when -the plug-in for Password Policy is in use. -"); - return undef; - } - return $data; -} - - -# This will be called just after Users::Add - the data map probably contains -# the values which we could use to create new ones -# Could be called multiple times for one user! -BEGIN { $TYPEINFO{Add} = ["function", ["map", "string", "any"], "any", "any"];} -sub Add { - - my ($self, $config, $data) = @_; - if (contains ($data->{'plugins_to_remove'}, $name, 1)) { - y2milestone ("removing plugin $name ..."); - $data = remove_plugin_data ($config, $data); - } - else { - $data = update_object_classes ($config, $data); - } - return $data; -} - -# this will be called at the beggining of Users::Edit -BEGIN { $TYPEINFO{EditBefore} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub EditBefore { - - my ($self, $config, $data) = @_; - # $data: only new data that will be copied to current user map - # data of original user are saved as a submap of $config - # data with key "org_data" - - # in $data hash, there could be "plugins_to_remove": list of plugins which - # has to be removed from the user - - # conflict with PasswordPolicy plugin - if (!contains ($data->{'plugins_to_remove'}, $name, 1) && - contains ($data->{'plugins'}, $pwdpolicy_plugin, 1)) - { - # error popup - $error = __("It is not possible to add this plug-in when -the plug-in for Password Policy is in use. -"); - return undef; - } - return $data; -} - -# this will be called just after Users::Edit -BEGIN { $TYPEINFO{Edit} = ["function", - ["map", "string", "any"], - "any", "any"]; -} -sub Edit { - - my ($self, $config, $data) = @_; - - if (contains ($data->{'plugins_to_remove'}, $name, 1)) { - y2milestone ("removing plugin $name ..."); - $data = remove_plugin_data ($config, $data); - } - else { - $data = update_object_classes ($config, $data); - } - y2debug ("Edit LDAPAll called"); - return $data; -} - - - -# what should be done before user is finally written to LDAP -BEGIN { $TYPEINFO{WriteBefore} = ["function", "boolean", "any", "any"];} -sub WriteBefore { - - y2debug ("WriteBefore LDAPAll called"); - return YaST::YCP::Boolean (1); -} - -# what should be done after user is finally written to LDAP -BEGIN { $TYPEINFO{Write} = ["function", "boolean", "any", "any"];} -sub Write { - - y2debug ("Write LDAPAll called"); - return YaST::YCP::Boolean (1); -} -1 -# EOF diff --git a/src/modules/UsersUI.rb b/src/modules/UsersUI.rb index df071d120..dd5e8b631 100644 --- a/src/modules/UsersUI.rb +++ b/src/modules/UsersUI.rb @@ -108,10 +108,6 @@ def SystemUserName(name) "NTP daemon" => _( "NTP Daemon" ), - # User name for user: "ldap" - "User for OpenLDAP" => _( - "User for OpenLDAP" - ), # User name for user: "nobody" "nobody" => _( "Nobody" diff --git a/src/modules/YaPI/USERS.pm b/src/modules/YaPI/USERS.pm index 3dc6563f3..64adc85bd 100644 --- a/src/modules/YaPI/USERS.pm +++ b/src/modules/YaPI/USERS.pm @@ -129,174 +129,15 @@ textdomain ("users"); # ------------------- imported modules -YaST::YCP::Import ("Ldap"); YaST::YCP::Import ("Users"); YaST::YCP::Import ("UsersCache"); YaST::YCP::Import ("UsersPasswd"); -YaST::YCP::Import ("UsersLDAP"); # ------------------------------------- our $VERSION = '1.0.0'; our @CAPABILITIES = ('SLES9'); our %TYPEINFO; - -# ------------------------------------- -sub InitializeLdapConfiguration { - - my $config = $_[0]; - - if (defined $config->{"bind_dn"}) { - Ldap->bind_dn ($config->{"bind_dn"}); - } - - if (defined $config->{"bind_pw"}) { - Ldap->SetBindPassword ($config->{"bind_pw"}); - } - else { - Ldap->SetBindPassword (undef); - } - - if (defined $config->{"anonymous_bind"}) { - Ldap->SetAnonymous ($config->{"anonymous_bind"}); - } - else { - Ldap->SetAnonymous (0); - } - - # this could replace the settings read from Ldap::member_attribute - if (defined $config->{"member_attribute"}) { - Ldap->member_attribute ($config->{"member_attribute"}); - } -} - -# ------------------------------------- -sub InitializeUsersLdapConfiguration { - - my $config = shift; - - if (defined $config->{"user_attributes"} && - ref ($config->{"user_attributes"}) eq "ARRAY") { - UsersLDAP->SetUserAttributes ($config->{"user_attributes"}); - } - else { - UsersLDAP->SetUserAttributes ([]); - } - - if (defined $config->{"user_filter"}) { - UsersLDAP->SetCurrentUserFilter ($config->{"user_filter"}); - } - else { - UsersLDAP->SetCurrentUserFilter (UsersLDAP->GetDefaultUserFilter ()); - } - - # this could replace the settings saved in LDAP config ("suseDefaultBase") - if (defined $config->{"user_base"}) { - UsersLDAP->SetUserBase ($config->{"user_base"}); - } - - if (defined $config->{"user_scope"}) { - UsersLDAP->SetUserScope ($config->{"user_scope"}); - } - else { - UsersLDAP->SetUserScope (2); - } - - if (defined $config->{"group_attributes"} && - ref ($config->{"group_attributes"}) eq "ARRAY") { - UsersLDAP->SetGroupAttributes ($config->{"group_attributes"}); - } - else { - UsersLDAP->SetGroupAttributes ([]); - } - - if (defined $config->{"group_base"}) { - UsersLDAP->SetGroupBase ($config->{"group_base"}); - } - - if (defined $config->{"group_filter"}) { - UsersLDAP->SetCurrentGroupFilter ($config->{"group_filter"}); - } - else { - UsersLDAP->SetCurrentGroupFilter (UsersLDAP->GetDefaultGroupFilter ()); - } - - - if (defined $config->{"group_scope"}) { - UsersLDAP->SetGroupScope ($config->{"group_scope"}); - } - else { - UsersLDAP->SetGroupScope (2); - } - - if (defined $config->{"plugins"} && ref ($config->{"plugins"}) eq "ARRAY") { - UsersLDAP->SetUserPlugins ($config->{"plugins"}); - } - else { - UsersLDAP->SetUserPlugins (["UsersPluginLDAPAll"]); - } - - if (defined $config->{"user_plugins"} && - ref ($config->{"user_plugins"}) eq "ARRAY") { - UsersLDAP->SetUserPlugins ($config->{"user_plugins"}); - } - elsif (!defined $config->{"plugins"}) { - UsersLDAP->SetUserPlugins (["UsersPluginLDAPAll"]); - } - - if (defined $config->{"group_plugins"} && - ref ($config->{"group_plugins"}) eq "ARRAY") { - UsersLDAP->SetGroupPlugins ($config->{"group_plugins"}); - } - else { - UsersLDAP->SetGroupPlugins (["UsersPluginLDAPAll"]); - } -} - -# helper function -# create the minimal set of user attributes we want to read from LDAP -sub SetNecessaryUserAttributes { - - my $more = shift; - my @necessary = - ("uid", "uidNumber", "objectClass", UsersLDAP->GetUserNamingAttr ()); - my $current = UsersLDAP->GetUserAttributes (); - my %attributes = (); - foreach my $a (@$current) { - $attributes{$a} = 1; - } - foreach my $a (@necessary) { - $attributes{$a} = 1; - } - foreach my $a (@$more) { - $attributes{$a} = 1; - } - my @final = sort keys %attributes; - UsersLDAP->SetUserAttributes (\@final); -} - -# helper function -# create the minimal set of group attributes we want to read from LDAP -sub SetNecessaryGroupAttributes { - - my $more = shift; - my @necessary = - ("cn", "gidNumber", "objectClass", UsersLDAP->GetGroupNamingAttr ()); - my $current = UsersLDAP->GetGroupAttributes (); - my %attributes = (); - foreach my $a (@$current) { - $attributes{$a} = 1; - } - foreach my $a (@necessary) { - $attributes{$a} = 1; - } - foreach my $a (@$more) { - $attributes{$a} = 1; - } - my @final = sort keys %attributes; - UsersLDAP->SetGroupAttributes (\@final); -} - =item * C<$error = UserAdd ($config_hash, $data_hash)> @@ -470,31 +311,6 @@ sub UserAdd { if ($ret ne "") { return $ret; } my $type = $config->{"type"} || "local"; - if ($type eq "ldap") { - - # first, read settings from Ldap.ycp (e.g. /etc/ldap.conf) - UsersLDAP->ReadLdap (); - - # before we read LDAP, we could find here bind password, bind DN etc. - InitializeLdapConfiguration ($config); - - # this initializes the connection and reads the settings stored in LDAP - $ret = UsersLDAP->ReadSettings (); - if ($ret ne "") { return $ret; } - - # now rewrite default values (read from LDAP) with given values - InitializeUsersLdapConfiguration ($config); - - SetNecessaryUserAttributes (["homeDirectory"]); - # read only users ID's (because we need to create new one -> TODO - # update UsersCache->NextFreeUID) - if (defined $config->{"fast_ldap"}) { - UsersLDAP->SetUserAttributes (["uidNumber"]); - } - # finally read LDAP tree - $ret = Users->ReadLDAPSet (); - if ($ret ne "") { return $ret; } - } $user->{"type"} = $type; Users->ResetCurrentUser (); @@ -509,43 +325,10 @@ sub UserAdd { $ret = Users->AddUser ($user); if ($ret ne "") { return $ret; } - if ($type eq "ldap") { - Users->SubstituteUserValues (); - } - $ret = Users->CheckUser ({}); if ($ret ne "") { return $ret; } - # EXPERIMENTAL MODE: do not read LDAP users before adding, but check - # possible conflicts with multiple search calls - if ($type eq "ldap" && defined $config->{"fast_ldap"}) { - # do the searches for uid and homeDirectory - $user = Users->GetCurrentUser (); - my $res = SCR->Read (".ldap.search", { - "base_dn" => UsersLDAP->GetUserBase (), - "scope" => YaST::YCP::Integer (2), - "filter" => "uid=".$user->{"uid"}, - "attrs" => [ "uid" ] - }); - if (defined $res && ref ($res) eq "ARRAY" && @{$res} > 0) { - # error message - return __("There is a conflict between the entered -user name and an existing user name. -Try another one."); - } - $res = SCR->Read (".ldap.search", { - "base_dn" => UsersLDAP->GetUserBase (), - "scope" => YaST::YCP::Integer (2), - "filter" => "homeDirectory=".$user->{"homeDirectory"}, - "attrs" => [ "homeDirectory" ] - }); - if (defined $res && ref ($res) eq "ARRAY" && @{$res} > 0) { - # error message - return __("The home directory is used from another user. -Please try again."); - } - } if (Users->CommitUser ()) { $ret = Users->Write (); } @@ -606,7 +389,7 @@ sub UserModify { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); $error = Users->Read (); if ($error ne "") { return $error; } @@ -614,55 +397,14 @@ sub UserModify { # 1. select user my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"uid"}) { + if (defined $config->{"uid"}) { $key = "uid"; } elsif (defined $config->{"uidNumber"}) { $key = "uidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # If we want to change atributes, that should be unique - # (uid/dn/uidNumber/home we must read everything to check - # possible conflicts... - my $read_all = 0; - if (defined $data->{"uid"} || defined $data->{"uidNumber"}) { - $read_all = 1; - } - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn" && !$read_all) { - UsersLDAP->SetUserBase ($config->{$key}); - } - elsif (!defined $config->{"user_filter"} && $key ne "" && !$read_all) { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentUserFilter ($filter); - } - # Let's create the minimal list of neccessary attributes to get - if (defined $data->{"homeDirectory"}) { - # we must check possible directory conflicts... - SetNecessaryUserAttributes (["homeDirectory"]); - } - else { - SetNecessaryUserAttributes ([]); - } - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { Users->ReadNewSet ($type); } if ($key eq "uidNumber") { @@ -675,11 +417,6 @@ sub UserModify { # 'dn' has to be passed in $data map so it could be changed # FIXME it is currently not possible to move entry deeper in the tree # -> allow setting 'dn' in data map! - if ($type eq "ldap" && !defined $data->{"dn"}) { - my $user = Users->GetCurrentUser (); - $data->{"dn"} = $user->{"dn"}; - } - # if groupname was specified and not gidNumber, find the GID if (($data->{"groupname"} || "") && ! defined $data->{"gidNumber"}) { my $group = Users->GetGroupByName ($data->{"groupname"} || "", ""); @@ -746,51 +483,21 @@ sub UserFeatureAdd { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); $error = Users->Read (); if ($error ne "") { return $error; } # 1. select user my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"uid"}) { + if (defined $config->{"uid"}) { $key = "uid"; } elsif (defined $config->{"uidNumber"}) { $key = "uidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn") { - UsersLDAP->SetUserBase ($config->{$key}); - } - elsif (!defined $config->{"user_filter"} && $key ne "") { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentUserFilter ($filter); - } - # TODO it is possible that for the plugin we need some (unknown) - # user attributes... - if (!defined $config->{"user_attributes"}) { - UsersLDAP->SetUserAttributes ([]); - } - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { # error message return __("It is not possible to edit a NIS user."); } @@ -863,51 +570,21 @@ sub UserFeatureDelete { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); $error = Users->Read (); if ($error ne "") { return $error; } # 1. select user my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"uid"}) { + if (defined $config->{"uid"}) { $key = "uid"; } elsif (defined $config->{"uidNumber"}) { $key = "uidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn") { - UsersLDAP->SetUserBase ($config->{$key}); - } - elsif (!defined $config->{"user_filter"} && $key ne "") { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentUserFilter ($filter); - } - # TODO it is possible that for the plugin we need some (unknown) - # user attributes... - if (!defined $config->{"user_attributes"}) { - UsersLDAP->SetUserAttributes ([]); - } - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { # error message return __("It is not possible to edit a NIS user."); } @@ -983,44 +660,19 @@ sub UserDelete { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); $error = Users->Read (); if ($error ne "") { return $error; } my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"uid"}) { + if (defined $config->{"uid"}) { $key = "uid"; } elsif (defined $config->{"uidNumber"}) { $key = "uidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn") { - UsersLDAP->SetUserBase ($config->{$key}); - } - elsif (!defined $config->{"user_filter"} && $key ne "") { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentUserFilter ($filter); - } - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { # error message return __("It is not possible to delete a NIS user."); } @@ -1190,44 +842,19 @@ sub UserGet { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); $error = Users->Read (); if ($error ne "") { return $error; } my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"uid"}) { + if (defined $config->{"uid"}) { $key = "uid"; } elsif (defined $config->{"uidNumber"}) { $key = "uidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn") { - UsersLDAP->SetUserBase ($config->{$key}); - } - elsif (!defined $config->{"user_filter"} && $key ne "") { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentUserFilter ($filter); - } - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $ret; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { Users->ReadNewSet ($type); } @@ -1237,19 +864,7 @@ sub UserGet { elsif ($key ne "") { $ret = Users->GetUserByName ($config->{$key}, $type); } - elsif ($type eq "ldap") { - # only for LDAP, when filter was given, but no key... - my $users = Users->GetUsers ("dn", $type); - if (ref ($users) eq "HASH" && %{$users}) { - my @users = sort values (%{$users}); - if (@users > 1) { - y2warning ("There are more users satisfying the input conditions"); - } - if (@users > 0 && ref ($users[0]) eq "HASH") { - $ret = $users[0]; - } - } - } + # return only requested attributes... if (($type eq "local" || $type eq "system") && $config->{"user_attributes"}) { my $attrs = {}; @@ -1311,21 +926,7 @@ sub UsersGet { Users->SetReadLocal ($type ne "ldap"); if (Users->Read ()) { return $ret; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - if (UsersLDAP->ReadSettings ()) { return $ret; } - InitializeUsersLdapConfiguration ($config); - - # finally read LDAP tree contents - # -- should be also filtered by InitializeConfiguration! - if (Users->ReadLDAPSet ()) { return $ret; } - # TODO should be only 'ldapsearch', not ReadLDAPSet (it creates some - # internal keys, which shouldn't be neccessary - } - elsif ($type eq "nis") { + if ($type eq "nis") { Users->ReadNewSet ($type); } @@ -1483,10 +1084,8 @@ sub GroupAdd { my $type = $config->{"type"} || "local"; # convert 'member' from list to hash if necessary - my $member_attr = UsersLDAP->GetMemberAttribute (); - if ($type ne "ldap") { - $member_attr = "userlist"; - } + my $member_attr = "userlist"; + if (defined $data->{$member_attr} && ref($data->{$member_attr}) eq "ARRAY"){ my @userlist = @{$data->{$member_attr}}; $data->{$member_attr} = {}; @@ -1501,34 +1100,12 @@ sub GroupAdd { $error = Users->Read (); if ($error ne "") { return $error; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - SetNecessaryGroupAttributes ([]); - - # do not read users at all... - UsersLDAP->SetCurrentUserFilter ("0=1"); - - # finally read LDAP tree - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } $data->{"type"} = $type; Users->ResetCurrentGroup (); $error = Users->AddGroup ($data); if ($error ne "") { return $error; } - - if ($type eq "ldap") { - Users->SubstituteGroupValues (); - } $error = Users->CheckGroup ({}); if ($error ne "") { @@ -1612,10 +1189,7 @@ sub GroupModify { # 1. select group my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"cn"}) { + if (defined $config->{"cn"}) { $key = "cn"; } elsif (defined $config->{"gidNumber"}) { @@ -1623,10 +1197,7 @@ sub GroupModify { } # convert 'member' from list to hash if necessary - my $member_attr = UsersLDAP->GetMemberAttribute (); - if ($type ne "ldap") { - $member_attr = "userlist"; - } + my $member_attr = "userlist"; if (defined $data->{$member_attr} && ref($data->{$member_attr}) eq "ARRAY"){ my @userlist = @{$data->{$member_attr}}; $data->{$member_attr} = (); @@ -1635,51 +1206,7 @@ sub GroupModify { } } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # If we want to atributes, that should be unique - # (cn/dn/gidNumber/memebr we must read everything to check - # possible conflicts... - my $read_all = 0; - if (defined $data->{"cn"} || defined $data->{"gidNumber"} || - defined $data->{$member_attr}) { - $read_all = 1; - } - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn" && !$read_all) { - UsersLDAP->SetGroupBase ($config->{$key}); - } - elsif (!defined $config->{"group_filter"} && $key ne "" && !$read_all) { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentGroupFilter ($filter); - } - # Let's create the minimal list of neccessary attributes to get - SetNecessaryGroupAttributes ([ $member_attr ]); - # (if member_attr wouldn't be included, it will be counted as empty... - - # ----------------------------------------------------- - # let's limit also user data which we need to read - # (gidNumber is changed) <-> (user modification necessary) - if (!defined $data->{"gidNumber"}) { - # -> so we don't need to read any user now... - UsersLDAP->SetCurrentUserFilter ("0=1"); - } - SetNecessaryUserAttributes (["gidNumber"]); - # ---------- - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { # error message return __("It is not possible to modify a NIS group."); } @@ -1690,13 +1217,6 @@ sub GroupModify { elsif ($key ne "") { Users->SelectGroupByName ($config->{$key}, $type); } - # 'dn' has to be passed in $data map so it could be changed - # FIXME it is currently not possible to move entry deeper in the tree - # -> allow setting 'dn' in data map! - if ($type eq "ldap" && !defined $data->{"dn"}) { - my $group = Users->GetCurrentGroup (); - $data->{"dn"} = $group->{"dn"}; - } $error = Users->EditGroup ($data); if ($error eq "") { @@ -1768,51 +1288,14 @@ sub GroupMemberAdd { if ($error ne "") { return $error; } my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"cn"}) { + if (defined $config->{"cn"}) { $key = "cn"; } elsif (defined $config->{"gidNumber"}) { $key = "gidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn") { - UsersLDAP->SetGroupBase ($config->{$key}); - } - elsif (!defined $config->{"group_filter"} && $key ne "") { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentGroupFilter ($filter); - } - - # find the specified user if dn was not given - if (defined $user->{"dn"}) { - UsersLDAP->SetCurrentUserFilter ("0=1"); - UsersLDAP->SetUserBase ($user->{"dn"}); - } - else { - foreach my $u_key (keys %$user) { - my $filter = "$u_key=".$user->{$u_key}; - UsersLDAP->AddToCurrentUserFilter ($filter); - } - } - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { # error message return __("It is not possible to modify a NIS group."); } @@ -1833,9 +1316,8 @@ sub GroupMemberAdd { } # get the user which should be removed from the group my $user_id = $user->{"dn"}; - if ($type ne "ldap") { $user_id = $user->{"uid"}; - } + if (!defined $user_id) { my $usermap = (); if (defined $user->{"uid"}) { @@ -1844,24 +1326,14 @@ sub GroupMemberAdd { elsif (defined $user->{"uidNumber"}) { $usermap = Users->GetUser ($user->{"uidNumber"}, $type); } - if ($type eq "ldap") { - $user_id = $usermap->{"dn"}; - # TODO maybe there is ony one user loaded, but not specified by - # uid/uidNumber/dn... ->GetUserByAttribute... - } - else { - $user_id = $usermap->{"uid"}; - } + $user_id = $usermap->{"uid"}; } if (!defined $user_id) { # error message return __("User was not correctly specified."); } - my $member_attr = UsersLDAP->GetMemberAttribute (); - if ($type ne "ldap") { - $member_attr = "userlist"; - } + my $member_attr = "userlist"; my $data = { $member_attr => $group->{$member_attr} }; @@ -1926,56 +1398,19 @@ sub GroupMemberDelete { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); $error = Users->Read (); if ($error ne "") { return $error; } my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"cn"}) { + if (defined $config->{"cn"}) { $key = "cn"; } elsif (defined $config->{"gidNumber"}) { $key = "gidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn") { - UsersLDAP->SetGroupBase ($config->{$key}); - } - elsif (!defined $config->{"group_filter"} && $key ne "") { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentGroupFilter ($filter); - } - - # find the specified user if dn was not given - if (defined $user->{"dn"}) { - UsersLDAP->SetCurrentUserFilter ("0=1"); - UsersLDAP->SetUserBase ($user->{"dn"}); - } - else { - foreach my $u_key (keys %$user) { - my $filter = "$u_key=".$user->{$u_key}; - UsersLDAP->AddToCurrentUserFilter ($filter); - } - } - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { # error message return __("It is not possible to modify a NIS group."); } @@ -1996,9 +1431,7 @@ sub GroupMemberDelete { } # get the user which should be removed from the group my $user_id = $user->{"dn"}; - if ($type ne "ldap") { $user_id = $user->{"uid"}; - } if (!defined $user_id) { my $usermap = (); if (defined $user->{"uid"}) { @@ -2007,24 +1440,14 @@ sub GroupMemberDelete { elsif (defined $user->{"uidNumber"}) { $usermap = Users->GetUser ($user->{"uidNumber"}, $type); } - if ($type eq "ldap") { - $user_id = $usermap->{"dn"}; - # TODO maybe there is ony one user loaded, but not specified by - # uid/uidNumber/dn... ->GetUserByAttribute... - } - else { - $user_id = $usermap->{"uid"}; - } + $user_id = $usermap->{"uid"}; } if (!defined $user_id) { # error message return __("User was not correctly specified."); } - my $member_attr = UsersLDAP->GetMemberAttribute (); - if ($type ne "ldap") { - $member_attr = "userlist"; - } + my $member_attr = "userlist"; my $data = { $member_attr => $group->{$member_attr} }; @@ -2082,53 +1505,19 @@ sub GroupDelete { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); $error = Users->Read (); if ($error ne "") { return $error; } my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"cn"}) { + if (defined $config->{"cn"}) { $key = "cn"; } elsif (defined $config->{"gidNumber"}) { $key = "gidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn") { - UsersLDAP->SetGroupBase ($config->{$key}); - } - elsif (!defined $config->{"group_filter"} && $key ne "") { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentGroupFilter ($filter); - } - # we must read users to check if group is not default group for someone - - # read only users 'affected' by our group number - if (defined $config->{"gidNumber"}) { - my $filter = "gidNumber=".$config->{"gidNumber"}; - UsersLDAP->AddToCurrentUserFilter ($filter); - # TODO read gidNumber by ldapsearch if not given - } - SetNecessaryUserAttributes (["gidNumber"]); - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $error; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { # error message return __("It is not possible to delete a NIS group."); } @@ -2199,55 +1588,19 @@ sub GroupGet { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); $error = Users->Read (); if ($error ne "") { return $error; } my $key = ""; - if (defined $config->{"dn"} && $type eq "ldap") { - $key = "dn"; - } - elsif (defined $config->{"cn"}) { + if (defined $config->{"cn"}) { $key = "cn"; } elsif (defined $config->{"gidNumber"}) { $key = "gidNumber"; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - $error = UsersLDAP->ReadSettings (); - if ($error ne "") { return $error; } - InitializeUsersLdapConfiguration ($config); - - # search with proper filter (= one DN/uid/uidNumber) - # should be sufficient in this case... - if ($key eq "dn") { - UsersLDAP->SetGroupBase ($config->{$key}); - } - elsif (!defined $config->{"group_filter"} && $key ne "") { - my $filter = "$key=".$config->{$key}; - UsersLDAP->AddToCurrentGroupFilter ($filter); - } - # read only users 'affected' by our group number - if (defined $config->{"gidNumber"}) { - my $filter = "gidNumber=".$config->{"gidNumber"}; - UsersLDAP->AddToCurrentUserFilter ($filter); - # TODO read gidNumber by ldapsearch if not given - } - else { - # we don't need any users -> fake filter for faster searching - UsersLDAP->SetCurrentUserFilter ("0=1"); - } - SetNecessaryUserAttributes (["gidNumber"]); - - $error = Users->ReadLDAPSet (); - if ($error ne "") { return $ret; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { Users->ReadNewSet ($type); } @@ -2260,19 +1613,6 @@ sub GroupGet { elsif ($key eq "dn") { $ret = Users->GetGroupByDN ($config->{$key}, $type); } - elsif ($type eq "ldap") { - # only for LDAP, when filter was given, but no key... - my $groups = Users->GetGroups ("dn", $type); - if (ref ($groups) eq "HASH" && %{$groups}) { - my @groups = sort values (%{$groups}); - if (@groups > 1) { - y2warning ("There are more groups satisfying the input conditions"); - } - if (@groups > 0 && ref ($groups[0]) eq "HASH") { - $ret = $groups[0]; - } - } - } return $ret; } @@ -2319,30 +1659,10 @@ sub GroupsGet { my $type = $config->{"type"} || "local"; - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); if (Users->Read ()) { return $ret; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - if (UsersLDAP->ReadSettings ()) { - return $ret; - } - InitializeUsersLdapConfiguration ($config); - - if (!defined $config->{"user_filter"}) { - # we don't need any users -> fake filter for faster searching - UsersLDAP->SetCurrentUserFilter ("0=1"); - } - # finally read LDAP tree contents - # -- should be also filtered by InitializeConfiguration! - if (Users->ReadLDAPSet ()) { - return $ret; - } - } - elsif ($type eq "nis") { + if ($type eq "nis") { Users->ReadNewSet ($type); } @@ -2407,70 +1727,17 @@ sub GroupsGetByUser { my $type = $config->{"type"} || "";# no type = search local&system groups - Users->SetReadLocal ($type ne "ldap"); + Users->SetReadLocal (1); if (Users->Read ()) { return $ret; } - if ($type eq "ldap") { - - # initialize LDAP (more comments in UserAdd) - UsersLDAP->ReadLdap (); - InitializeLdapConfiguration ($config); - if (UsersLDAP->ReadSettings ()) { return $ret; } - InitializeUsersLdapConfiguration ($config); - - my $member_attr = UsersLDAP->GetMemberAttribute (); - - # search the group with user's dn as a filter - my $user_dn = ""; - if (defined $user->{"dn"}) { - $user_dn = $user->{"dn"}; - } - else { - my $filter = UsersLDAP->GetCurrentUserFilter (); - if ($filter eq "") { - $filter = UsersLDAP->GetDefaultUserFilter (); - } - UsersLDAP->SetCurrentUserFilter ($filter); - foreach my $u_key (keys %$user) { - my $filter = "$u_key=".$user->{$u_key}; - UsersLDAP->AddToCurrentUserFilter ($filter); - } - $filter = UsersLDAP->GetCurrentUserFilter (); - my $res = SCR->Read (".ldap.search", { - "base_dn" => UsersLDAP->GetUserBase (), - "scope" => YaST::YCP::Integer (2), - "filter" => $filter, - "include_dn" => 1, - "attrs" => UsersLDAP->GetUserAttributes () - }); - if (!defined $res || ref ($res) ne "ARRAY" || @{$res} == 0) { - return $ret; - } - if (@{$res} > 1) { - # error message - my $error = __("There are multiple users satisfying the input conditions."); - y2warning ($error); - return $ret; - } - if (defined $res->[0]->{"dn"}) { - $user_dn = $res->[0]->{"dn"}; - } - } - UsersLDAP->AddToCurrentGroupFilter ("$member_attr=$user_dn"); - UsersLDAP->SetCurrentUserFilter ("0=1"); - - if (Users->ReadLDAPSet ()) { return $ret; } - } - elsif ($type eq "nis") { + if ($type eq "nis") { Users->ReadNewSet ($type); } # index to search the output my $index = $config->{"index"} || "gidNumber"; - if ($type ne "ldap") { # get the specified user - if (!defined $user->{"uid"} && !defined $user->{"uidNumber"}) { # error message my $error = __("User was not correctly specified."); @@ -2501,10 +1768,7 @@ sub GroupsGetByUser { } } } - } - else { - $ret = Users->GetGroups ($index, $type); - } + return $ret; } diff --git a/test/dialogs_test.rb b/test/dialogs_test.rb index 374630162..75d647477 100755 --- a/test/dialogs_test.rb +++ b/test/dialogs_test.rb @@ -15,8 +15,6 @@ def initialize before do allow(Yast).to receive(:import).and_call_original - allow(Yast).to receive(:import).with("Ldap") - allow(Yast).to receive(:import).with("LdapPopup") end describe "#cleanpath" do diff --git a/test/lib/users/clients/auto_test.rb b/test/lib/users/clients/auto_test.rb index daac6a4b2..5c6314523 100755 --- a/test/lib/users/clients/auto_test.rb +++ b/test/lib/users/clients/auto_test.rb @@ -17,8 +17,6 @@ before do allow(Yast).to receive(:import).and_call_original - allow(Yast).to receive(:import).with("Ldap") - allow(Yast).to receive(:import).with("LdapPopup") allow(Yast::Mode).to receive(:mode).and_return(mode) allow(Yast::Stage).to receive(:initial).and_return(true) allow(Yast::WFM).to receive(:Args).and_return(args)