diff --git a/CASA-auth-token/yast2-casa-ats/MAINTAINER b/CASA-auth-token/yast2-casa-ats/MAINTAINER index 4bca6a1e..3458af2a 100644 --- a/CASA-auth-token/yast2-casa-ats/MAINTAINER +++ b/CASA-auth-token/yast2-casa-ats/MAINTAINER @@ -1 +1 @@ -Ryan Partridge +Juan Carlos Luciani diff --git a/CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp b/CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp index 1cc90b1f..4f4ba33c 100644 --- a/CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp +++ b/CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp @@ -24,7 +24,8 @@ * File: modules/CasaAts.ycp * Package: Configuration of casa-ats * Summary: CasaAts settings, input and output functions - * Authors: Ryan Partridge + * Authors: Juan Carlos Luciani + * Ryan Partridge * * $Id: CasaAts.ycp 27914 2006-02-13 14:32:08Z locilka $ * @@ -45,6 +46,18 @@ import "SuSEFirewall"; import "FileUtils"; import "Service"; +/** + * Configuration File and Command Paths. + * + */ +string trustedServerConfigFile = "/tmp/trusted_ats.conf"; +string svcSettingsFile = "/etc/CASA/authtoken/svc/svc.settings"; +string svcSettingsEditor = "/usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh"; +string authPolicyFile = "/etc/CASA/authtoken/svc/auth.policy"; +string authPolicyEditor = "/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh"; +string iaRealmsFile = "/etc/CASA/authtoken/svc/iaRealms.xml"; +string iaRealmsEditor = "/usr/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.sh"; + /** * Settings Map */ @@ -53,13 +66,13 @@ global map Settings = $[]; string port = "2645"; string service_name = "casa_atsd"; + + /** * Prototypes */ global boolean Modified(); -boolean ModifyFirewallPort(); - /** * Data was modified? */ @@ -102,22 +115,57 @@ global boolean Modified() { return modified; } +global boolean IsPortOpen() +{ + return contains(SuSEFirewall::GetAdditionalServices("TCP", "EXT"), port); +} + +boolean ModifyFirewallPort() +{ + boolean retVal = false; + list services = SuSEFirewall::GetAdditionalServices("TCP", "EXT"); + if (!contains(services, port) && Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false) + { + services = add(services, port); + retVal = true; + } + else if (contains(services, port) && !Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false) + { + services = filter(string service, services, + { + return (service != port); + } + ); + retVal = true; + } + if (retVal) + { + SuSEFirewall::SetAdditionalServices("TCP", "EXT", services); + } + return retVal; +} + /** * Read all casa-ats settings * @return true on success */ global boolean Read() { + y2milestone("Read Executing"); + + string cmd = ""; + map ret = $[]; + integer exit = -1; + /* CasaAts read dialog caption */ string caption = _("Initializing CASA ATS Configuration"); - // TODO FIXME Set the right number of stages + // Read stages integer steps = 2; integer sl = 500; sleep(sl); - // TODO FIXME Names of real stages // We do not set help text here, because it was set outside Progress::New( caption, " ", steps, [ /* Progress stage 1/2 */ @@ -135,46 +183,220 @@ global boolean Read() { "" ); - // read settings file - if(Abort()) return false; + // Read settings + if (Abort()) return false; Progress::NextStage(); - if (FileUtils::Exists("/etc/sysconfig/casa-ats")) - { + + // Set defaults + Settings["CONFIG_CASAATS_ENABLE"] = false; + Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = true; + Settings["CONFIG_CASAATS_WEB_ACCESS"] = false; + Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = 60; + + if (FileUtils::Exists("/etc/sysconfig/casa-ats")) { Settings["CONFIG_CASAATS_ENABLE"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE)) == "yes"; - Settings["CONFIG_CASAATS_REALM"] = (string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_REALM); - Settings["CONFIG_CASAATS_HOST"] = (string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_HOST); - Settings["CONFIG_CASAATS_PROXY_USERNAME"] = (string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_PROXY_USERNAME); - string open_port = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_OPEN_PORT)); - if (open_port != nil && open_port != "") - { - Settings["CONFIG_CASAATS_OPEN_PORT"] = open_port == "yes"; - } - else - { - Settings["CONFIG_CASAATS_OPEN_PORT"] = true; - } + if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) { + Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_DIRECT_ACCESS)) == "yes"; + Settings["CONFIG_CASAATS_WEB_ACCESS"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_WEB_ACCESS)) == "yes"; + + cmd = svcSettingsEditor + " -get ReconfigureInterval -file " + svcSettingsFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + integer exit = ret["exit"]:-1; + if (exit == 0) { + string cmd_output = ret["stdout"]:""; + list output_lines = splitstring(cmd_output, "\n"); + list reconfigIntervalLineComponents = splitstring(output_lines[0]:"ReconfigureInterval=60", "="); + Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = tointeger(reconfigIntervalLineComponents[1]:"60"); + } + } } - /* Error message */ - if(false) Report::Error(_("Cannot read settings file.")); + if (false) Report::Error(_("Cannot read settings file.")); sleep(sl); + // Read the trusted server config + y2milestone("Reading trusted server config"); + list trustedServerList = []; + if (SCR::Read(.target.size, trustedServerConfigFile) > 0) { + string trustedServerListString = (string) SCR::Read(.target.string, trustedServerConfigFile); + if (trustedServerListString != nil) { + trustedServerList = splitstring(trustedServerListString, "\n"); + } + else { + y2error("Failed to read from " + trustedServerConfigFile); + } + } + Settings["CONFIG_CASAATS_TRUSTED"] = trustedServerList; + + // Check if we need to read the server configuration + if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) { + + // Read the auth.policy information + cmd = sformat("%1 -list -file %2", authPolicyEditor, authPolicyFile); + ret = (map) SCR::Execute(.target.bash_output, cmd); + map authPolicy = $[]; + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to read realm info from " + iaRealmsFile); + else { + string cmd_output = ret["stdout"]:""; + list authPolicyLines = splitstring(cmd_output, "\n"); + string realmId = ""; + string mechanism = ""; + foreach(string line, authPolicyLines, { + if (tolower(line) == "auth_source:") { + realmId = ""; + mechanism = ""; + } + else + { + list lineComponents = splitstring(line, "\t"); + foreach(string component, lineComponents, { + if (component != "") { + list settingValue = splitstring(component, ":"); + if (tolower(settingValue[0]:"") == "identity source") { + realmId = settingValue[1]:""; + } + else if (tolower(settingValue[0]:"") == "authentication mechanism") { + mechanism = settingValue[1]:""; + } + } + }); + } + + if (realmId != "" && mechanism != "") { + map authMechs = (map) authPolicy[realmId]:$[]; + authMechs[mechanism] = true; + authPolicy[realmId] = authMechs; + } + }); + } + + // Get a list of the configured realms in the iaRealms.xml file + cmd = iaRealmsEditor + " -list -file " + iaRealmsFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to read configured realms from " + iaRealmsFile); + else { + string cmd_output = ret["stdout"]:""; + list realmIdList = splitstring(cmd_output, "\n"); + map realms = $[]; + + // Read the information about each realm + foreach(string realmId, realmIdList, { + // Make sure that it is a valid id + if (realmId != "") { + // Read the realm info from the iaRealms.xml file + cmd = sformat("%1 -get %2 -file %3", iaRealmsEditor, realmId, iaRealmsFile); + ret = (map) SCR::Execute(.target.bash_output, cmd); + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to read realm info from " + iaRealmsFile); + else { + cmd_output = ret["stdout"]:""; + list realmIdComponents = splitstring(cmd_output, "\n"); + map realm = $[]; + list ldapUrls = []; + list searchRoots = []; + string stage = ""; + + realm["REALM_ID"] = realmId; + + foreach(string component, realmIdComponents, { + if (tolower(component) == "dirtype") { + stage = "DirType"; + } + else if (tolower(component) == "searchroots") { + stage = "SearchRoots"; + } + else if (tolower(component) == "ldapurls") { + stage = "LdapUrls"; + } + else { + if (stage == "DirType") { + if (component == "\teDir") { + y2milestone("%1 is eDir", realmId); + realm["EDIR_TYPE"] = true; + realm["AD_TYPE"] = false; + } + else { + y2milestone("%1 is %2", realmId, component); + realm["EDIR_TYPE"] = false; + realm["AD_TYPE"] = true; + } + } + else if (stage == "SearchRoots") { + list ctxList = splitstring(component, "\t"); + foreach(string value, ctxList, { + if (value != "") { + y2milestone("%1 ctx added", value); + searchRoots = add(searchRoots, value); + } + }); + } + else if (stage == "LdapUrls") { + list urlList = splitstring(component, "\t"); + foreach(string value, urlList, { + if (value != "") { + y2milestone("%1 url added", value); + ldapUrls = add(ldapUrls, value); + } + }); + } + else { + y2error("Error reading realm information"); + } + } + }); + realm["LDAP_URL_LIST"] = ldapUrls; + realm["SEARCH_ROOT_LIST"] = searchRoots; + + // Set the authentication mechanism information for the realm + map authMechs = (map) authPolicy[realmId]:$[]; + if (authMechs != nil) { + if (authMechs["PwdAuthenticate"]:false == true) + realm["PASSWD_MECH"] = true; + else + realm["PASSWD_MECH"] = false; + + if (authMechs["Krb5Authenticate"]:false == true) + realm["KRB_MECH"] = true; + else + realm["KRB_MECH"] = false; + } + else + { + y2error("Missing auth.policy info for " + realmId); + } + + realms[realmId] = realm; + } + } + }); + + Settings["CONFIG_CASAATS_REALMS"] = realms; + } + } + // read firewall settings - if(Abort()) return false; + if (Abort()) return false; Progress::NextStage(); Progress::set(false); SuSEFirewall::Read(); Progress::set(true); + /* Error message */ - if(false) Report::Error(_("Cannot read firewall status.")); + if (false) Report::Error(_("Cannot read firewall status.")); sleep(sl); - if(Abort()) return false; + if (Abort()) return false; + /* Progress finished */ Progress::NextStage(); Progress::Finish(); sleep(sl); - if(Abort()) return false; + if (Abort()) return false; modified = false; return true; } @@ -185,71 +407,209 @@ global boolean Read() { */ global boolean Write() { - /* CasaAts read dialog caption */ - string caption = _("Saving CASA ATS Configuration"); + y2milestone("Write Executing"); - // TODO FIXME And set the right number of stages - integer steps = 4; + /* CasaAts read dialog caption */ + string caption = _("Saving casa-ats Configuration"); integer sl = 500; sleep(sl); - // TODO FIXME Names of real stages - // We do not set help text here, because it was set outside - Progress::New(caption, " ", steps, [ - /* Progress stage 1/4 */ - _("Write the settings"), - /* Progress stage 2/4 */ - _("Execute configuration script"), - /* Progress stage 3/4 */ - _("Update runlevel settings"), - /* Progress stage 4/4 */ - _("Adjust firewall") - ], [ - /* Progress step 1/4 */ - _("Writing the settings..."), - /* Progress step 2/4 */ - _("Executing configuration script..."), - /* Progress step 3/4 */ - _("Updating runlevel settings..."), - /* Progress step 4/4 */ - _("Adjusting firewall..."), - /* Progress finished */ - _("Finished") - ], - "" - ); + // Set the stages depending on whether we are configuring the + // server or not. + integer steps = 0; + if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == false) { + steps = 3; + Progress::New(caption, " ", steps, [ + /* Progress stage 1/3 */ + _("Write the trusted server settings"), + /* Progress stage 2/3 */ + _("Write the sysconfig settings"), + /* Progress stage 3/3 */ + _("Update runlevel settings"), + ], [ + /* Progress step 1/3 */ + _("Writing the trusted server settings..."), + /* Progress step 2/3 */ + _("Writing the sysconfig settings..."), + /* Progress step 3/3 */ + _("Updating runlevel settings..."), + /* Progress finished */ + _("Finished") + ], + "" + ); + } + else + { + steps = 4; + Progress::New(caption, " ", steps, [ + /* Progress stage 1/3 */ + _("Write the trusted server settings"), + /* Progress stage 2/3 */ + _("Write the sysconfig settings"), + /* Progress stage 4/4 */ + _("Adjust firewall"), + /* Progress stage 3/3 */ + _("Update runlevel settings") + ], [ + /* Progress step 1/3 */ + _("Writing the trusted server settings..."), + /* Progress step 2/3 */ + _("Writing the sysconfig settings..."), + /* Progress step 4/4 */ + _("Adjusting firewall..."), + /* Progress step 3/3 */ + _("Updating runlevel settings..."), + /* Progress finished */ + _("Finished") + ], + "" + ); + } - // write the settings in /etc/sysconfig/casa-ats + // Write the trusted server list + if (Abort()) return false; + Progress::NextStage(); + + // Create trusted server config file if it does not exists, + // otherwise backup. + y2milestone("Writing trusted server config"); + if (SCR::Read(.target.size, trustedServerConfigFile) < 0) + SCR::Write(.target.string, trustedServerConfigFile, ""); + else + SCR::Execute(.target.bash, "/bin/cp "+trustedServerConfigFile+" "+trustedServerConfigFile+".YaST2save"); + + // Update the trusted server config + any ret = false; + list trustedServerList = Settings["CONFIG_CASAATS_TRUSTED"]:[]; + string trustedServerListString = ""; + if (trustedServerList != []) { + // Merge all of the addresses onto the string + trustedServerListString = mergestring(trustedServerList, "\n"); + } + ret = SCR::Write(.target.string, trustedServerConfigFile, trustedServerListString); + if (ret != true) + y2error("Failed to write to " + trustedServerConfigFile); + + // Write the /etc/sysconfig/casa-ats settings if(Abort()) return false; Progress::NextStage(); SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE, Settings["CONFIG_CASAATS_ENABLE"]:false ? "yes" : "no"); - SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_REALM, Settings["CONFIG_CASAATS_REALM"]:""); - SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_HOST, Settings["CONFIG_CASAATS_HOST"]:""); - SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_PROXY_USERNAME, Settings["CONFIG_CASAATS_PROXY_USERNAME"]:""); - SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_OPEN_PORT, Settings["CONFIG_CASAATS_OPEN_PORT"]:true ? "yes" : "no"); - /* Error message */ - if(false) Report::Error (_("Cannot write settings.")); + SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_DIRECT_ACCESS, Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:true ? "yes" : "no"); + SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_WEB_ACCESS, Settings["CONFIG_CASAATS_WEB_ACCESS"]:false ? "yes" : "no"); + if (false) Report::Error (_("Cannot sysconfig settings.")); sleep(sl); - // run the configure script - if(Abort()) return false; - Progress::NextStage(); - string cmd = "/usr/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh"; - cmd = "PROXY_USER_PW=\"%1\" " + cmd; - cmd = "PROXY_USER_NAME=\"" + Settings["CONFIG_CASAATS_PROXY_USERNAME"]:"" + "\" " + cmd; - cmd = "LDAP_HOST_NAME=\"" + Settings["CONFIG_CASAATS_HOST"]:"" + "\" " + cmd; - cmd = "REALM=\"" + Settings["CONFIG_CASAATS_REALM"]:"" + "\" " + cmd; - y2milestone("Running CASA-ATS configuration script:"); - y2milestone(cmd, "******"); - map retval = (map)SCR::Execute(.target.bash_output, sformat(cmd, Settings["CONFIG_CASAATS_PROXY_PASSWORD"]:"")); - y2milestone("Return code: %1", retval["exit"]:0); - /* Error message */ - if(false) Report::Error (_("Error executing script.")); - sleep(sl); + // Check if we need to save the server configuration + if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) { - // enable/disable and start/stop service as needed - if(Abort()) return false; + // Create svc.settings file + string cmd = "rm -f " + svcSettingsFile; + map ret = (map) SCR::Execute(.target.bash_output, cmd); + cmd = svcSettingsEditor + " -create -file " + svcSettingsFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + integer exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to create " + svcSettingsFile); + + // Write the reconfigure interval value + cmd = sformat("%1 -set ReconfigureInterval %2 -file %3", + svcSettingsEditor, + tostring(Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60), + svcSettingsFile); + ret = (map) SCR::Execute(.target.bash_output, cmd); + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to set reconfigure interval"); + + // Create the auth.policy file + cmd = "rm -f " + authPolicyFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + cmd = authPolicyEditor + " -create -file " + authPolicyFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to create " + authPolicyFile); + + // Create the iaRealms.xml file + cmd = "rm -f " + iaRealmsFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + cmd = iaRealmsEditor + " -create -file " + iaRealmsFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to create " + iaRealmsFile); + + // Add the real information to auth.policy and iaRealms.xml files + map realms = (map) CasaAts::Settings["CONFIG_CASAATS_REALMS"]:$[]; + foreach (string key, map realm, realms, { + // Pull the realm parameters into local variables + string realmId = realm["REALM_ID"]:""; + boolean eDirType = realm["EDIR_TYPE"]:true; + boolean adType = realm["AD_TYPE"]:false; + boolean passwd_mech = realm["PASSWD_MECH"]:true; + boolean krb_mech = realm["KRB_MECH"]:false; + string proxy_username = realm["PROXY_USERNAME"]:""; + string proxy_password = realm["PROXY_PASSWD"]:""; + list ldapUrls = realm["LDAP_URL_LIST"]:[]; + list searchRoots = realm["SEARCH_ROOT_LIST"]:[]; + + // Update the auth.policy + if (krb_mech == true) { + cmd = authPolicyEditor + " -append -entry " + realmId + ":Krb5Authenticate -file " + authPolicyFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to add entry to " + authPolicyFile); + } + + if (passwd_mech == true) { + cmd = authPolicyEditor + " -append -entry " + realmId + ":PwdAuthenticate -file " + authPolicyFile; + ret = (map) SCR::Execute(.target.bash_output, cmd); + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to add entry to " + authPolicyFile); + } + + // Update the iaRealms.xml file + if (eDirType) + cmd = sformat("%1 -set %2 -type eDir ", iaRealmsEditor, realmId); + else + cmd = sformat("%1 -set %2 -type ActiveDirectory ", iaRealmsEditor, realmId); + foreach (string url, ldapUrls, { + cmd = sformat("%1 -url %2", cmd, url); + }); + foreach (string ctx, searchRoots, { + cmd = sformat("%1 -sr %2", cmd, ctx); + }); + cmd = sformat("%1 -file %2", cmd, iaRealmsFile); + ret = (map) SCR::Execute(.target.bash_output, cmd); + exit = ret["exit"]:-1; + if (exit != 0) + y2error("Failed to set realm " + realmId); + }); + + // Adjust firewall as needed + if (Abort()) return false; + Progress::NextStage(); + if (ModifyFirewallPort()) + { + // write settings + Progress::set(false); + SuSEFirewall::WriteOnly(); + if (!write_only) + { + SuSEFirewall::ActivateConfiguration(); + } + Progress::set(true); + } + if (false) Report::Error (_("Error adjusting firewall.")); + sleep(sl); + } + + // Enable/disable and start/stop service as needed + if (Abort()) return false; Progress::NextStage(); if (Settings["CONFIG_CASAATS_ENABLE"]:false) { @@ -277,35 +637,16 @@ global boolean Write() { Service::Stop(service_name); } } - /* Error message */ - if(false) Report::Error (_("Error updating runlevels.")); + if (false) Report::Error (_("Error updating runlevels.")); sleep(sl); - // adjust firewall as needed - if(Abort()) return false; - Progress::NextStage(); - if (ModifyFirewallPort()) - { - // write settings - Progress::set(false); - SuSEFirewall::WriteOnly(); - if (!write_only) - { - SuSEFirewall::ActivateConfiguration(); - } - Progress::set(true); - } - /* Error message */ - if(false) Report::Error (_("Error adjusting firewall.")); - sleep(sl); - - if(Abort()) return false; + if (Abort()) return false; /* Progress finished */ Progress::NextStage(); Progress::Finish(); sleep(sl); - if(Abort()) return false; + if (Abort()) return false; return true; } @@ -360,35 +701,5 @@ global map AutoPackages() { return $[ "install":[], "remove":[] ]; } -global boolean IsPortOpen() -{ - return contains(SuSEFirewall::GetAdditionalServices("TCP", "EXT"), port); -} - -boolean ModifyFirewallPort() -{ - boolean retVal = false; - list services = SuSEFirewall::GetAdditionalServices("TCP", "EXT"); - if (!contains(services, port) && Settings["CONFIG_CASAATS_OPEN_PORT"]:false) - { - services = add(services, port); - retVal = true; - } - else if (contains(services, port) && !Settings["CONFIG_CASAATS_OPEN_PORT"]:false) - { - services = filter(string service, services, - { - return (service != port); - } - ); - retVal = true; - } - if (retVal) - { - SuSEFirewall::SetAdditionalServices("TCP", "EXT", services); - } - return retVal; -} - /* EOF */ } diff --git a/CASA-auth-token/yast2-casa-ats/src/Makefile.am b/CASA-auth-token/yast2-casa-ats/src/Makefile.am index 3b7182cc..99f91b04 100644 --- a/CASA-auth-token/yast2-casa-ats/src/Makefile.am +++ b/CASA-auth-token/yast2-casa-ats/src/Makefile.am @@ -2,6 +2,10 @@ yncludedir = @yncludedir@/casa-ats +theme22dir = @themedir@/NLD/icons/22x22/apps +theme32dir = @themedir@/NLD/icons/32x32/apps +theme48dir = @themedir@/NLD/icons/48x48/apps + client_DATA = \ casa-ats.ycp @@ -14,6 +18,13 @@ ynclude_DATA = \ desktop_DATA = \ casa-ats.desktop +theme22_DATA = \ + icon/22x22/yast-casa-ats.png +theme32_DATA = \ + icon/32x32/yast-casa-ats.png +theme48_DATA = \ + icon/48x48/yast-casa-ats.png + module_DATA = \ CasaAts.ycp @@ -22,6 +33,6 @@ casa-ats: ln -sf . $@ ycpchook = casa-ats -EXTRA_DIST = $(client_DATA) $(ynclude_DATA) $(module_DATA) $(desktop_DATA) +EXTRA_DIST = $(client_DATA) $(ynclude_DATA) $(module_DATA) $(desktop_DATA) $(theme48_DATA) $(theme32_DATA) $(theme22_DATA) include $(top_srcdir)/Makefile.am.common diff --git a/CASA-auth-token/yast2-casa-ats/src/dialogs.ycp b/CASA-auth-token/yast2-casa-ats/src/dialogs.ycp index 21eedd1e..88f6656b 100644 --- a/CASA-auth-token/yast2-casa-ats/src/dialogs.ycp +++ b/CASA-auth-token/yast2-casa-ats/src/dialogs.ycp @@ -24,7 +24,8 @@ * File: include/casa-ats/dialogs.ycp * Package: Configuration of casa-ats * Summary: Dialogs definitions - * Authors: Ryan Partridge + * Authors: Juan Carlos Luciani + * Ryan Partridge * * $Id: dialogs.ycp 27914 2006-02-13 14:32:08Z locilka $ */ @@ -34,134 +35,1165 @@ textdomain "casa-ats"; import "Label"; -import "Wizard"; import "Popup"; -import "Address"; +import "Wizard"; +import "Confirm"; import "CasaAts"; +import "Report"; +import "Address"; +import "URL"; include "casa-ats/helps.ycp"; +include "casa-ats/complex.ycp"; /** - * Authentication Token Service dialog + * Current authentication realm lists. + * + */ +list realmLdapUrlList = []; +list realmSearchRootList = []; + + +/** + * Search Root edit dialog + * @param id id of the edited context + * @param entry edited entry + * @return context or nil, if canceled + */ +define term SearchRootEditDialog(integer id, term currVal) { + + y2milestone("SearchRootEditDialog Executing"); + + term context = nil; + context = `item(`id(id)); + + UI::OpenDialog(`opt(`decorated), + `VBox( + `HSpacing(1), + `VBox( + `TextEntry(`id(`context), _("&Search Root Context (i.e. cn=users,o=novell)"), currVal[1]:"") + ), + `HSpacing(1), + `HBox( + `PushButton(`id(`ok), `opt(`default), Label::OKButton()), + `PushButton(`id(`cancel), Label::CancelButton()) + ) + ) + ); + + UI::SetFocus(`id(`context)); + + any ret = nil; + while (true) { + ret = UI::UserInput(); + if (ret != `ok) break; + + string value = (string) UI::QueryWidget(`id(`context), `Value); + context = add(context, value); + break; + } + + UI::CloseDialog(); + + y2milestone("SearchRootEditDialog Exiting"); + + if (ret != `ok) return nil; + y2debug("context=%1", context); + return context; +} + + +/** + * Authentication Realm Edit Search Roots dialog * @return dialog result */ -any ATSInfoDialog () { +any AuthRealmEditSearchRootsDialog() { + + y2milestone("AuthRealmEditSearchRootsDialog Executing"); + + string caption = _("CASA Authentication Realm Search Roots Configuration"); + + /* dialog help 1/2*/ + string help = _("

Configure the search roots for the authentication +realm in this dialog.

+") + + + /* dialog help 2/2*/ +_("

The Search Roots list the LDAP contexts containing +entities that may be authenticated by the Authentication Token Server. The order +shown in the list matches the order utilized by the server when performing +searches while trying to authenticate an entity.

+"); + + integer max = 0; + integer items = 0; + list table_items = []; + list searchRootList = realmSearchRootList; + + // Read list of search roots already configured for this realm + foreach (string value, searchRootList, { + term context = `item(`id(items)); + context = add(context, value); + table_items = add(table_items, context); + items = items + 1; + max = max + 1; + }); + + /* Dialog contents */ + term contents = `HBox( + `HSpacing(5), + `VBox( + `VStretch(), + `Frame(_("Search Roots"), + `VBox( + `Table(`id(`table), `opt(`notify), `header(_("Context")), []), + `HBox(`PushButton(`id(`add), _("Ad&d")), + `PushButton(`id(`edit), `opt(`disabled), _("&Edit")), + `PushButton(`id(`delete), `opt(`disabled), _("De&lete"))))), + `VStretch() + ), + `HSpacing(5) + ); + + + Wizard::SetContentsButtons(caption, contents, help, + Label::BackButton(), Label::OKButton()); + + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::SetFocus(`id(`table)); + + any ret = nil; + while (true) { + + UI::ChangeWidget(`id(`edit), `Enabled, items > 0); + UI::ChangeWidget(`id(`delete), `Enabled, items > 0); + + y2milestone("AuthRealmEditSearchRootsDialog waiting for user input"); + ret = UI::UserInput(); + + /* abort? */ + if (ret == `abort || ret == `cancel || ret == `back) { + if (Popup::ReallyAbort(true)) break; + else continue; + } + /* edit context */ + else if (ret == `edit) { + y2milestone("Edit Search Root Entry Invoked"); + integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem); + list cur_item = filter(term e, table_items, { + return cur == e[0, 0]:nil; + }); + + y2debug("cur=%1", cur); + y2debug("cur_item=%1", cur_item); + + term item = cur_item[0]:nil; + item = SearchRootEditDialog(cur, item); + if(item == nil) continue; + + table_items = maplist(term e, table_items, { + if(cur == e[0, 0]:-1) + return item; + return e; + }); + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`table), `CurrentItem, cur); + continue; + } + /* add context */ + else if (ret == `add) { + y2milestone("Add Search Root Entry Invoked"); + term item = SearchRootEditDialog(max, `empty()); + if (item == nil) continue; + + table_items = add(table_items, item); + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`table), `CurrentItem, max); + items = items + 1; + max = max + 1; + continue; + } + /* delete context */ + else if (ret == `delete) { + y2milestone("Delete Search Root Entry Invoked"); + items = items - 1; + integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem); + table_items = filter(term e, table_items, { + return cur != e[0, 0]:nil; + }); + UI::ChangeWidget(`id(`table), `Items, table_items); + continue; + } + else if (ret == `next) { + realmSearchRootList = []; + foreach (term value, table_items,{ + realmSearchRootList = add(realmSearchRootList, value[1]:""); + }); + break; + } + else { + y2error("unexpected retcode: %1", ret); + continue; + } + } + + y2milestone("AuthRealmEditSearchRootsDialog Exiting"); + + return ret; +} + + +/** + * LDAP Url edit dialog + * @param id id of the edited url + * @param entry edited entry + * @return url or nil, if canceled + */ +define term LDAPUrlEditDialog(integer id, term currVal) { + + y2milestone("LDAPUrlEditDialog Executing"); + + term url = nil; + url = `item(`id(id)); + + UI::OpenDialog(`opt(`decorated), + `VBox( + `HSpacing(1), + `VBox( + `TextEntry(`id(`url), _("&Url (i.e. ldaps://ats1.novell.com)"), currVal[1]:"") + ), + `HSpacing(1), + `HBox( + `PushButton(`id(`ok), `opt(`default), Label::OKButton()), + `PushButton(`id(`cancel), Label::CancelButton()) + ) + )); + + UI::SetFocus(`id(`url)); + + any ret = nil; + while (true) { + ret = UI::UserInput(); + if (ret != `ok) break; + + string value = (string) UI::QueryWidget(`id(`url), `Value); + + // Check the Url + if (URL::Check(value) == true) { + map urlComponents = URL::Parse(value); + string scheme = tolower(urlComponents["scheme"]:""); + if (scheme == "ldaps" || scheme == "ldap") { + if (urlComponents["host"]:"" != "") { + url = add(url, value); + + // Report warning if not using SSL + if (scheme == "ldap") + Report::Error(_("Not using LDAPS is a security risk")); + break; + } + } + } + Report::Error(_("URL entered is not valid")); + } + + UI::CloseDialog(); + + y2milestone("LDAPUrlEditDialog Exiting"); + + if (ret != `ok) return nil; + y2debug("url=%1", url); + return url; +} + + +/** + * Authentication Realm Edit LDAP Urls dialog + * @return dialog result + */ +any AuthRealmEditLDAPUrlsDialog() { + + y2milestone("AuthRealmEditLDAPUrlsDialog Executing"); + + string caption = _("CASA Authentication LDAP Server URL Configuration"); + + /* dialog help 1/2*/ + string help = _("

Configure the URLs of the LDAP servers in this dialog.

+") + + + /* dialog help 2/2*/ +_("

The LDAP URLs list the URLs of the LDAP Servers that the +Authentication Token Server should contact for realm information. Configuring +multiple LDAP Server resources improves fault tolerance.

+"); + + integer max = 0; + integer items = 0; + list table_items = []; + list ldapUrlList = realmLdapUrlList; + + // Read list of ldap urls already configured for this realm + foreach (string value, ldapUrlList, { + term context = `item(`id(items)); + context = add(context, value); + table_items = add(table_items, context); + items = items + 1; + max = max + 1; + }); + + /* Dialog contents */ + term contents = `HBox( + `HSpacing(5), + `VBox( + `VStretch(), + `Frame(_("LDAP Server URLs"), + `VBox( + `Table(`id(`table), `opt(`notify), `header(_("Url") + " "), []), + `HBox(`PushButton(`id(`add), _("Ad&d")), + `PushButton(`id(`edit), `opt(`disabled), _("&Edit")), + `PushButton(`id(`delete), `opt(`disabled), _("De&lete")) + ) + )), + `VStretch() + ), + `HSpacing(5) + ); + + + Wizard::SetContentsButtons(caption, contents, help, + Label::BackButton(), Label::OKButton()); + + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::SetFocus(`id(`table)); + + any ret = nil; + while (true) { + + UI::ChangeWidget(`id(`edit), `Enabled, items > 0); + UI::ChangeWidget(`id(`delete), `Enabled, items > 0); + + y2milestone("AuthRealmEditLDAPUrlsDialog waiting for user input"); + ret = UI::UserInput(); + + /* abort? */ + if (ret == `abort || ret == `cancel || ret == `back) { + if (Popup::ReallyAbort(true)) break; + else continue; + } + /* edit context */ + else if (ret == `edit) { + y2milestone("Edit LDAP Url Entry Invoked"); + integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem); + list cur_item = filter(term e, table_items, { + return cur == e[0, 0]:nil; + }); + + y2debug("cur=%1", cur); + y2debug("cur_item=%1", cur_item); + + term item = cur_item[0]:nil; + item = LDAPUrlEditDialog(cur, item); + if(item == nil) continue; + + table_items = maplist(term e, table_items, { + if(cur == e[0, 0]:-1) + return item; + return e; + }); + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`table), `CurrentItem, cur); + + continue; + } + else if (ret == `add) { + y2milestone("Add LDAP Url Entry Invoked"); + term item = LDAPUrlEditDialog(max, `empty()); + if (item == nil) continue; + + table_items = add(table_items, item); + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`table), `CurrentItem, max); + items = items + 1; + max = max + 1; + + continue; + } + else if (ret == `delete) { + y2milestone("Delete LDAP Url Entry Invoked"); + items = items - 1; + integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem); + table_items = filter(term e, table_items, { + return cur != e[0, 0]:nil; + }); + UI::ChangeWidget(`id(`table), `Items, table_items); + + continue; + } + else if (ret == `next) { + realmLdapUrlList = []; + foreach (term value, table_items,{ + realmLdapUrlList = add(realmLdapUrlList, value[1]:""); + }); + break; + } + else { + y2error("unexpected retcode: %1", ret); + continue; + } + } + + y2milestone("AuthRealmEditLDAPUrlsDialog Exiting"); + + return ret; +} + + +/** + * Authentication Realm edit dialog + * @param currVal current value + * @return realm or nil, if canceled + */ +define map AuthRealmEditDialog(map currVal) { + + y2milestone("AuthRealmEditDialog Executing"); + + map realm = $[]; + + string caption = _("CASA Authentication Realm Setup"); + + /* dialog help 1/7*/ + string help = _("

This dialog configures an Authentication Realm.

+") + + + /* dialog help 2/7*/ +_("

The LDAP URLs list the URLs of the LDAP Servers that the +Authentication Token Server should contact for realm information. Configuring +multiple LDAP Server resources improves fault tolerance.

+") + + + /* dialog help 3/7*/ +_("

The Directory Type specifies the type of directory utilized +in the realm. This is used to resolve issues related to schema differences.

+") + + + /* dialog help 4/7*/ +_("

The Authentication Mechanisms box allows you to configure the +mechanisms that can be utilized to authenticate an entity to the realm.

+") + + + /* dialog help 5/7*/ +_("

The Proxy User Credentials specify the credentials that the +Authentication Token Service should utilize to authenticate to the realm for the +purpose of performing searches and obtaining information about authenticated +entities. +") + + + /* dialog help 6/7*/ +_("

The LDAP Server Urls button allows you to configure the +URLs of the LDAP Servers associated with the realm.

+") + + + /* dialog help 7/7*/ +_("

The Search Roots button allows you to configure the +LDAP contexts containing entities that can be authenticated.

+"); + + // Setup realm parameters with default values in variables that + // can be easily used. + string realm_id = ""; + boolean edir_type = true; + boolean ad_type = false; + boolean passwd_mech = true; + boolean krb_mech = false; + string proxy_username = ""; + string proxy_passwd = ""; + string reentered_passwd = ""; + realmLdapUrlList = []; + realmSearchRootList = []; + + // Update the variables with the parameters passed-in + if (currVal != nil) { + realm_id = currVal["REALM_ID"]:""; + edir_type = currVal["EDIR_TYPE"]:true; + ad_type = currVal["AD_TYPE"]:false; + passwd_mech = currVal["PASSWD_MECH"]:true; + krb_mech = currVal["KRB_MECH"]:true; + proxy_username = currVal["PROXY_USERNAME"]:""; + proxy_passwd = currVal["PROXY_PASSWD"]:""; + reentered_passwd = proxy_passwd; + realmLdapUrlList = currVal["LDAP_URL_LIST"]:[]; + realmSearchRootList = currVal["SEARCH_ROOT_LIST"]:[]; + } + + /* Dialog contents */ + term contents = `HBox( + `HSpacing(3), + `VBox( + `VStretch(), + `TextEntry(`id(`realmid), _("Real&m Id"), realm_id), + `VSpacing(1), + `HBox( + `RadioButtonGroup(`id(`rb), + `VBox( + `Left(`Label("Directory Type?")), + `Left(`RadioButton(`id(`edir), "eDirector&y")), + `Left(`RadioButton(`id(`ad), "Acti&ve Directory" )) + ) + ), + `VBox( + `VStretch(), + `Frame(_("Authentication Mechanisms"), + `VBox( + `Left(`CheckBox(`id(`passwdmech), _("U&sername/Password"))), + `Left(`CheckBox(`id(`krbmech), _("&Kerberos V"))) + ) + ), + `VStretch() + ) + ), + `VSpacing(1), + `VBox( + `Frame(_("Proxy User Credentials"), + `VBox( + `Left(`TextEntry(`id(`username), _("&Username (i.e. cn=admin,o=novell)"))), + `Left(`Password(`id(`passwd), _("&Password"))), + `Left(`Password(`id(`repasswd), _("&Re-enter Password"))) + ) + ), + `VStretch() + ), + `VSpacing(1), + `PushButton(`id(`urls), _("LDAP Server URLs")), + `VSpacing(1), + `PushButton(`id(`ctxs), _("Search Roots")), + `VStretch() + ), + `HSpacing(3) + ); + + + boolean set_initial_focus = true; + any ret = nil; + while (true) { + + Wizard::SetContentsButtons(caption, contents, help, + Label::BackButton(), Label::OKButton()); + + UI::ChangeWidget(`id(`realmid), `Value, realm_id); + UI::ChangeWidget(`id(`edir), `Value, edir_type); + UI::ChangeWidget(`id(`ad), `Value, ad_type); + UI::ChangeWidget(`id(`krbmech), `Value, krb_mech); + UI::ChangeWidget(`id(`passwdmech), `Value, passwd_mech); + UI::ChangeWidget(`id(`username), `Value, proxy_username); + UI::ChangeWidget(`id(`passwd), `Value, proxy_passwd); + UI::ChangeWidget(`id(`repasswd), `Value, reentered_passwd); + + if (set_initial_focus == true) { + UI::SetFocus(`id(`realmid)); + set_initial_focus = false; + } + + y2milestone("AuthRealmEditDialog waiting for user input"); + ret = UI::UserInput(); + + // Refresh the local variables with the information in the widgets + realm_id = (string) UI::QueryWidget(`id(`realmid), `Value); + edir_type = (boolean) UI::QueryWidget(`id(`edir), `Value); + ad_type = (boolean) UI::QueryWidget(`id(`ad), `Value); + passwd_mech = (boolean) UI::QueryWidget(`id(`passwdmech), `Value); + krb_mech = (boolean) UI::QueryWidget(`id(`krbmech), `Value); + proxy_username = (string) UI::QueryWidget(`id(`username), `Value); + proxy_passwd = (string) UI::QueryWidget(`id(`passwd), `Value); + reentered_passwd = (string) UI::QueryWidget(`id(`repasswd), `Value); + + /* abort? */ + if (ret == `abort || ret == `cancel || ret == `back) { + // Update the local variables with + if (Popup::ReallyAbort(true)) break; + else + continue; + } + else if (ret == `next) { + y2milestone("Next entered"); + + // Do some parameter checking + if (realm_id == "") { + Report::Error(_("You must specify an Id for the realm.")); + continue; + } + if (size(realmLdapUrlList) == 0) { + Report::Error(_("You must at least configure one LDAP URL.")); + continue; + } + if (passwd_mech == false && krb_mech == false) { + Report::Error(_("You must specify at least one authentication mechanism.")); + continue; + } + if (proxy_username == "") { + Report::Error(_("You must specify a Proxy Username for the realm.")); + continue; + } + if (proxy_passwd == "") { + Report::Error(_("You must specify a Proxy Password for the realm.")); + continue; + } + if (proxy_passwd != reentered_passwd) { + Report::Error(_("The specified Proxy Passwords do not match.")); + proxy_passwd = ""; + reentered_passwd = ""; + continue; + } + if (ad_type == true && size(realmSearchRootList) == 0) { + Report::Error(_("You must specify a base search root for the realm.")); + continue; + } + + break; + } + else if (ret == `urls) { + y2milestone("Edit LDAP Urls Invoked"); + + /* Invoke the edit ldap urls dialog */ + ret = AuthRealmEditLDAPUrlsDialog(); + if (ret == `abort || ret == `cancel) + break; + + continue;; + } + else if (ret == `ctxs) { + y2milestone("Edit Search Roots Invoked"); + + /* Invoke the edit search roots dialog */ + ret = AuthRealmEditSearchRootsDialog(); + if (ret == `abort || ret == `cancel) + break; + + continue;; + } + else { + y2error("unexpected retcode: %1", ret); + continue; + } + } + + y2milestone("AuthRealmEditDialog Exiting"); + + if (ret != `next) { + realm = nil; + } + else { + realm["REALM_ID"] = realm_id; + realm["EDIR_TYPE"] = edir_type; + realm["AD_TYPE"] = ad_type; + realm["PASSWD_MECH"] = passwd_mech; + realm["KRB_MECH"] = krb_mech; + realm["PROXY_USERNAME"] = proxy_username; + realm["PROXY_PASSWD"] = proxy_passwd; + realm["LDAP_URL_LIST"] = realmLdapUrlList; + realm["SEARCH_ROOT_LIST"] = realmSearchRootList; + } + + return realm; +} + + +/** + * ServerConfig dialog + * + */ +define void ServerConfigDialog() { + + string caption = _("Casa Authentication Token Server Configuration"); + + /* dialog help 1/5 */ + string help = _("

The CASA Authentication Token Server can be set +up in this dialog.

+") + + + /* dialog help 2/5 */ +_("

The Authentication Realms list the sources that can be used for +authenticating users.

+") + + + /* dialog help 3/5 */ +_("

Enable Direct Access to allow clients to contact the server +via port 2645. This opens the port through the Firewall. Direct Access requires +that you setup the Common Server Certificate. Please note that CASA Authentication +Token Clients expect that the Common Server Certificate be issued by a trusted +Certificate Authority.

+") + + + /* dialog help 4/5 */ +_("

Enable Web Server Access to allow clients to contact the server +via the Web Server (port 2645). The Apache Web Server should be installed and +enabled for this to work.

+") + + + /* dialog help 5/5 */ +_("

The Reconfigure Interval specifies the interval in seconds +between attempts by the server to re-read its configuration. A value of +zero means that the server only reads its configuration during start up.

+"); + + integer max = 0; + integer items = 0; + map realms = (map) CasaAts::Settings["CONFIG_CASAATS_REALMS"]:$[]; + list table_items = []; + boolean direct_access = CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:true; + boolean web_access = false; + integer reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60; + + // Read list of search roots already configured for this realm + foreach (string key, map realm, realms, { + term item = `item(`id(max)); + item = add(item, realm["REALM_ID"]:""); + table_items = add(table_items, item); + items = items + 1; + max = max + 1; + }); + + /* Dialog contents */ + term contents = `HBox( + `HSpacing(5), + `VBox( + `VStretch(), + `Frame(_("Authentication Realms"), + `VBox( + `Table(`id(`table), `opt(`notify), `header(_("Realm")), []), + `HBox(`PushButton(`id(`add), _("Ad&d")), + `PushButton(`id(`edit), `opt(`disabled), _("&Edit")), + `PushButton(`id(`delete), `opt(`disabled), _("De&lete")) + ) + ) + ), + `VSpacing(1), + `Left(`CheckBox(`id(`direct), `opt(`notify), _("Direc&t Access"))), + `VSpacing(1), + `Left(`CheckBox(`id(`web), _("&Web Server Access"))), + `VSpacing(1), + `Left(`TextEntry(`id(`interval), _("Recon&figure Interval"))), + `VStretch() + ), + `HSpacing(5) + ); + + boolean set_initial_focus = true; + any ret = nil; + while (true) { + + Wizard::SetContentsButtons(caption, contents, help, + Label::BackButton(), Label::OKButton()); + + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`direct), `Value, direct_access); + UI::ChangeWidget(`id(`web), `Value, web_access); + UI::ChangeWidget(`id(`interval), `Value, tostring(reconfig_interval)); + + if (set_initial_focus == true) { + UI::SetFocus(`id(`table)); + set_initial_focus = false; + } + + UI::ChangeWidget(`id(`edit), `Enabled, items > 0); + UI::ChangeWidget(`id(`delete), `Enabled, items > 0); + UI::ChangeWidget(`id(`cert), `Enabled, direct_access); + + y2milestone("ServerConfig waiting for user input"); + ret = UI::UserInput(); + + // Refresh the local variables with the information in the widgets + direct_access = (boolean) UI::QueryWidget(`id(`direct), `Value); + web_access = (boolean) UI::QueryWidget(`id(`web), `Value); + reconfig_interval = tointeger((string) UI::QueryWidget(`id(`interval), `Value)); + + if (ret == `abort || ret == `cancel || ret == `back) { + y2milestone("Abort, Cancel, or Back Invoked"); + + if (Popup::ReallyAbort(true)) break; + else continue; + } + else if (ret == `edit) { + y2milestone("Edit Authentication Realm Entry Invoked"); + + integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem); + list cur_item = filter(term e, table_items, { + return cur == e[0, 0]:nil; + }); + + y2debug("cur=%1", cur); + y2debug("cur_item=%1", cur_item); + + term item = cur_item[0]:nil; + + // Find the realm associated with this item + map realm = lookup(realms, item[1]:"", nil); + if (realm == nil) continue; + + y2milestone("Realm id : %1", realm["REALM_ID"]:""); + + map editedRealm = AuthRealmEditDialog(realm); + if (editedRealm == nil) continue; + + // Update the realm map and the table + realms = remove(realms, realm["REALM_ID"]:""); + realms = add(realms, editedRealm["REALM_ID"]:"", editedRealm); + item[1] = editedRealm["REALM_ID"]:""; + + table_items = maplist(term e, table_items, { + if(cur == e[0, 0]:-1) + return item; + return e; + }); + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`table), `CurrentItem, cur); + continue; + } + else if (ret == `add) { + y2milestone("Add Authentication Realm Entry Invoked"); + + map realm = AuthRealmEditDialog(nil); + if (realm == nil) continue; + + y2milestone("Realm id : %1", realm["REALM_ID"]:""); + + // Add the realm to the realm map and the table + realms = add(realms, realm["REALM_ID"]:"", realm); + term item = nil; + item = `item(`id(max)); + item = add(item, realm["REALM_ID"]:""); + table_items = add(table_items, item); + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`table), `CurrentItem, max); + items = items + 1; + max = max + 1; + continue; + } + else if (ret == `delete) { + y2milestone("Delete Authentication Realm Entry Invoked"); + + items = items - 1; + integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem); + list cur_item = filter(term e, table_items, { + return cur == e[0, 0]:nil; + }); + table_items = filter(term e, table_items, { + return cur != e[0, 0]:nil; + }); + + term item = cur_item[0]:nil; + map realm = lookup(realms, item[1]:"", nil); + if (realm == nil) continue; + realms = remove(realms, realm["REALM_ID"]:""); + + UI::ChangeWidget(`id(`table), `Items, table_items); + continue; + } + else if (ret == `next) { + y2milestone("Next Invoked"); + + /* Verify that a valid reconfigure interval has been entered */ + reconfig_interval = tointeger(UI::QueryWidget(`id(`interval), `Value)); + if (reconfig_interval == nil || reconfig_interval < 0) { + Report::Error(_("The reconfigure interval needs to be a non-negative number.")); + reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60; + continue; + } + /* Verify that web server access has not been selected */ + if (web_access == true) { + Report::Error(_("Web server access is not yet supported.")); + web_access = false; + continue; + } + /* Verify that the server can be accessed */ + if (direct_access != true && web_access != true) { + Report::Error(_("Specify server access type.")); + continue; + } + /* Verify that at least one realm has been configured */ + if (size(table_items) == 0) { + Report::Error(_("You must at least configure one Authentication Realm.")); + continue; + } + + // Save the server variables + CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms; + CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = direct_access; + CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = reconfig_interval; + CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms; + break; + } + else { + y2error("unexpected retcode: %1", ret); + continue; + } + } +} + +/** + * Trusted ATS Address edit dialog + * @param id id of the edited address + * @param entry edited entry + * @return address or nil, if canceled + */ +define term TrustedATSEditDialog(integer id, term currVal) { + + y2milestone("TrustedATSEditDialog Executing"); + + term address = nil; + address = `item(`id(id)); + + UI::OpenDialog(`opt(`decorated),`VBox( + `HSpacing(1), + `VBox( + /* TextEntry label */ + `TextEntry(`id(`address), _("D&NS Name or Dotted IP Address"), currVal[1]:"") + ), + `HSpacing(1), + `HBox( + `PushButton(`id(`ok), `opt(`default), Label::OKButton()), + `PushButton(`id(`cancel), Label::CancelButton()) + ) + )); + + UI::SetFocus(`id(`address)); + + any ret = nil; + while (true) { + ret = UI::UserInput(); + if(ret != `ok) break; + + string value = (string) UI::QueryWidget(`id(`address), `Value); + + // Check the address + if (Address::Check4(value) == true) { + address = add(address, value); + break; + } + Report::Error(_("Address entered is not valid")); + } + + UI::CloseDialog(); + + y2milestone("TrustedATSEditDialog Exiting"); + + if (ret != `ok) return nil; + y2debug("address=%1", address); + return address; +} + + +/** + * StartConfig dialog + * @return dialog result + */ +any StartConfigDialog() { + + y2milestone("StartConfigDialog Executing"); + + string caption = _("Casa Authentication Token Service Configuration"); + + /* dialog help 1/3*/ + string help = _("

The CASA Authentication Token Service can be set +up in this dialog.

+") + + + /* dialog help 2/3*/ +_("

The Trusted Authentication Token Servers list the addresses of all +remote servers that are trusted as authentication token issuers. Configured address +names must match the names used by the SSL Certificates of the servers.

+") + + + /* dialog help 3/3*/ +_("

Enable Server to allow users to obtain Authentication Tokens +from this device. Please, Configure Server if enabled.

+"); + + integer max = 0; + integer items = 0; + list trustedServerList = CasaAts::Settings["CONFIG_CASAATS_TRUSTED"]:[]; + list table_items = []; + boolean server_enabled = CasaAts::Settings["CONFIG_CASAATS_ENABLE"]:false; + + // Ready list of Trusted ATSs already configured to be + // used with our table. + foreach (string value, trustedServerList, { + term address = `item(`id(items)); + address = add(address, value); + table_items = add(table_items, address); + items = items + 1; + max = max + 1; + }); + + /* Dialog contents */ + term contents = `HBox( + `HSpacing(5), + `VBox( + `VStretch(), + `Frame(_("Trusted Authentication Token Servers"), + `VBox( + `Table(`id(`table), `opt(`notify), `header(_("Address")), []), + `HBox( + `PushButton(`id(`add), _("Ad&d")), + `PushButton(`id(`edit), `opt(`disabled), _("&Edit")), + `PushButton(`id(`delete), `opt(`disabled), _("De&lete")) + ) + )), + `VSpacing(1), + `HBox( + `Left(`CheckBox(`id(`enablesvc),`opt(`notify), _("Enable &Server"))), + `PushButton(`id(`srvconfig), `opt(`disabled), _("Confi&gure Server")) + ), + `VStretch() + ), + `HSpacing(5) + ); + + + boolean set_initial_focus = true; + any ret = nil; + while (true) { + + Wizard::SetContentsButtons(caption, contents, help, + Label::BackButton(), Label::FinishButton()); + + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`enablesvc), `Value, server_enabled); + + if (set_initial_focus == true) { + UI::SetFocus(`id(`table)); + set_initial_focus = false; + } + + UI::ChangeWidget(`id(`edit), `Enabled, items > 0); + UI::ChangeWidget(`id(`delete), `Enabled, items > 0); + UI::ChangeWidget(`id(`srvconfig), `Enabled, server_enabled == true); + + y2milestone("StartConfigDialog waiting for user input"); + ret = UI::UserInput(); + + // Refresh the local variables with the information in the widgets + server_enabled = (boolean) UI::QueryWidget(`id(`enablesvc), `Value); + + if (ret == `abort || ret == `cancel || ret == `back) { + y2milestone("Abort, Cancel, or Back Invoked"); + + if (Popup::ReallyAbort(true)) break; + else continue; + } + else if (ret == `edit) { + y2milestone("Edit Trusted ATS Entry Invoked"); + + integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem); + list cur_item = filter(term e, table_items, { + return cur == e[0, 0]:nil; + }); + + y2debug("cur=%1", cur); + y2debug("cur_item=%1", cur_item); + + term item = cur_item[0]:nil; + item = TrustedATSEditDialog(cur, item); + if (item == nil) continue; + + table_items = maplist(term e, table_items, { + if(cur == e[0, 0]:-1) + return item; + return e; + }); + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`table), `CurrentItem, cur); + continue; + } + else if (ret == `add) { + y2milestone("Add Trusted ATS Entry Invoked"); + + term item = TrustedATSEditDialog(max, `empty()); + if (item == nil) continue; + + table_items = add(table_items, item); + UI::ChangeWidget(`id(`table), `Items, table_items); + UI::ChangeWidget(`id(`table), `CurrentItem, max); + items = items + 1; + max = max + 1; + continue; + } + else if (ret == `delete) { + y2milestone("Delete Trusted ATS Entry Invoked"); + + items = items - 1; + integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem); + table_items = filter(term e, table_items, { + return cur != e[0, 0]:nil; + }); + UI::ChangeWidget(`id(`table), `Items, table_items); + continue; + } + else if (ret == `enablesvc) { + y2milestone("Enabled Server changed"); + + continue; + } + else if (ret == `srvconfig) { + y2milestone("Config Server Invoked"); + + ServerConfigDialog(); + continue; + } + else if (ret == `next) { + y2milestone("Next Invoked"); + + // Save the variables + trustedServerList = []; + foreach (term value, table_items,{ + trustedServerList = add(trustedServerList, value[1]:""); + }); + + CasaAts::Settings["CONFIG_CASAATS_TRUSTED"] = trustedServerList; + CasaAts::Settings["CONFIG_CASAATS_ENABLE"] = server_enabled; + break; + } + else { + y2error("unexpected retcode: %1", ret); + continue; + } + } + + y2milestone("StartConfigDialog Exiting"); + + return ret; +} + + +/** + * Configure1 dialog + * @return dialog result + */ +any Configure1Dialog () { /* CasaAts configure1 dialog caption */ - string caption = _("CASA Authentication Token Service Configuration"); + string caption = _("CasaAts Configuration"); - boolean enable = CasaAts::Settings["CONFIG_CASAATS_ENABLE"]:false; - string realm = CasaAts::Settings["CONFIG_CASAATS_REALM"]:""; - string host = CasaAts::Settings["CONFIG_CASAATS_HOST"]:""; - string proxy_username = CasaAts::Settings["CONFIG_CASAATS_PROXY_USERNAME"]:""; - string proxy_password = CasaAts::Settings["CONFIG_CASAATS_PROXY_PASSWORD"]:""; - boolean open_port = CasaAts::Settings["CONFIG_CASAATS_OPEN_PORT"]:true; + /* CasaAts configure1 dialog contents */ + term contents = `Label (_("First part of configuration of casa-ats")); - /* CasaAts ATSInfo dialog contents */ - term contents = - `HVSquash - ( - `VBox - ( - `Left(`CheckBox(`id(`enable), `opt(`notify), _("&Enable CASA Authentication Token Service"), enable)), - `VSpacing(1.0), - `TextEntry(`id(`realm), _("&Realm name:"), realm), - `TextEntry(`id(`host), _("&Host server (IP address or DNS name):"), host), - `TextEntry(`id(`proxy_username), _("&Proxy username (i.e. cn=admin,o=novell):"), proxy_username), - `Password(`id(`proxy_password), _("Pa&ssword for proxy user:"), proxy_password), - `VSpacing(1.0), - `Left(`CheckBox(`id(`firewall), _("&Open service port in firewall"), open_port)) - ) - ); - Wizard::SetContentsButtons(caption, contents, HELPS["atsinfo"]:"", - Label::BackButton(), Label::FinishButton()); + Wizard::SetContentsButtons(caption, contents, HELPS["c1"]:"", + Label::BackButton(), Label::NextButton()); - UI::SetFocus(`id(`enable)); - - UI::ChangeWidget(`id(`realm), `Enabled, enable); - UI::ChangeWidget(`id(`host), `Enabled, enable); - UI::ChangeWidget(`id(`proxy_username), `Enabled, enable); - UI::ChangeWidget(`id(`proxy_password), `Enabled, enable); - UI::ChangeWidget(`id(`firewall), `Enabled, enable); - - map event = nil; any ret = nil; - while(true) - { - event = UI::WaitForEvent (); - ret = event["ID"]:nil; + while(true) { + + ret = UI::UserInput(); /* abort? */ - if(ret == `abort || ret == `cancel) - { - if(ReallyAbort()) break; + if(ret == `abort || ret == `cancel) { + if(Popup::ReallyAbort(true)) break; else continue; } - else if (ret == `enable) - { - y2milestone("Changing enable/diable state"); - boolean enableFields = (boolean)UI::QueryWidget(`enable, `Value); - UI::ChangeWidget(`id(`realm), `Enabled, enableFields); - UI::ChangeWidget(`id(`host), `Enabled, enableFields); - UI::ChangeWidget(`id(`proxy_username), `Enabled, enableFields); - UI::ChangeWidget(`id(`proxy_password), `Enabled, enableFields); - UI::ChangeWidget(`id(`firewall), `Enabled, enableFields); - } - else if(ret == `next) - { - enable = (boolean)UI::QueryWidget(`enable, `Value); - CasaAts::Settings["CONFIG_CASAATS_ENABLE"] = enable; - if (enable) - { - realm = (string)UI::QueryWidget(`realm, `Value); - if (realm == nil || realm == "") - { - Popup::Error(_("The Realm cannot be blank")); - continue; - } - CasaAts::Settings["CONFIG_CASAATS_REALM"] = realm; - - host = (string)UI::QueryWidget(`host, `Value); - if (host == nil || host == "") - { - Popup::Error(_("The Host cannot be blank")); - continue; - } - else if (!Address::Check4(host)) - { - Popup::Error(_("The Host must be a valid IP address or DNS name")); - continue; - } - CasaAts::Settings["CONFIG_CASAATS_HOST"] = host; - - proxy_username = (string)UI::QueryWidget(`proxy_username, `Value); - if (proxy_username == nil || proxy_username == "") - { - Popup::Error(_("The Proxy username cannot be blank")); - continue; - } - CasaAts::Settings["CONFIG_CASAATS_PROXY_USERNAME"] = proxy_username; - - proxy_password = (string)UI::QueryWidget(`proxy_password, `Value); - if (proxy_password == nil || proxy_password == "") - { - Popup::Error(_("The Proxy user password cannot be blank")); - continue; - } - CasaAts::Settings["CONFIG_CASAATS_PROXY_PASSWORD"] = proxy_password; - - open_port = (boolean)UI::QueryWidget(`firewall, `Value); - CasaAts::Settings["CONFIG_CASAATS_OPEN_PORT"] = open_port; - } - else - { - CasaAts::Settings["CONFIG_CASAATS_OPEN_PORT"] = false; - } + else if(ret == `next || ret == `back) { break; } - else if(ret == `back) - { - break; + else { + y2error("unexpected retcode: %1", ret); + continue; } } diff --git a/CASA-auth-token/yast2-casa-ats/src/icon/22x22/authToken_22.png b/CASA-auth-token/yast2-casa-ats/src/icon/22x22/authToken_22.png new file mode 100644 index 00000000..eefac106 Binary files /dev/null and b/CASA-auth-token/yast2-casa-ats/src/icon/22x22/authToken_22.png differ diff --git a/CASA-auth-token/yast2-casa-ats/src/icon/32x32/authToken_32.png b/CASA-auth-token/yast2-casa-ats/src/icon/32x32/authToken_32.png new file mode 100644 index 00000000..bb8f5109 Binary files /dev/null and b/CASA-auth-token/yast2-casa-ats/src/icon/32x32/authToken_32.png differ diff --git a/CASA-auth-token/yast2-casa-ats/src/icon/48x48/authToken_48.png b/CASA-auth-token/yast2-casa-ats/src/icon/48x48/authToken_48.png new file mode 100644 index 00000000..99d8fc54 Binary files /dev/null and b/CASA-auth-token/yast2-casa-ats/src/icon/48x48/authToken_48.png differ diff --git a/CASA-auth-token/yast2-casa-ats/src/wizards.ycp b/CASA-auth-token/yast2-casa-ats/src/wizards.ycp index 898b6b94..6d864641 100644 --- a/CASA-auth-token/yast2-casa-ats/src/wizards.ycp +++ b/CASA-auth-token/yast2-casa-ats/src/wizards.ycp @@ -24,7 +24,8 @@ * File: include/casa-ats/wizards.ycp * Package: Configuration of casa-ats * Summary: Wizards definitions - * Authors: Ryan Partridge + * Authors: Juan Carlos Luciani + * Ryan Partridge * * $Id: wizards.ycp 27914 2006-02-13 14:32:08Z locilka $ */ @@ -45,17 +46,15 @@ include "casa-ats/dialogs.ycp"; */ any AddSequence() { - /* FIXME: adapt to your needs */ map aliases = $[ - "atsinfo" : ``(ATSInfoDialog()), + "config1" : ``(Configure1Dialog()), ]; - /* FIXME: adapt to your needs */ map sequence = $[ "ws_start" : "config1", - "atsinfo" : $[ + "config1" : $[ `abort : `abort, - `next : `next + `next : "config2" ] ]; @@ -68,18 +67,16 @@ any AddSequence() { */ any MainSequence() { - /* FIXME: adapt to your needs */ map aliases = $[ - "atsinfo" : ``( ATSInfoDialog() ) + "config1" : ``( StartConfigDialog() ) ]; - /* FIXME: adapt to your needs */ map sequence = $[ - "ws_start" : "atsinfo", - "atsinfo" : $[ - `abort : `abort, - `next : `next - ] + "ws_start" : "config1", + "config1" : $[ + `abort : `abort, + `next : `next + ] ]; any ret = Sequencer::Run(aliases, sequence); diff --git a/CASA-auth-token/yast2-casa-ats/testsuite/Makefile.am b/CASA-auth-token/yast2-casa-ats/testsuite/Makefile.am deleted file mode 100644 index d9b12b09..00000000 --- a/CASA-auth-token/yast2-casa-ats/testsuite/Makefile.am +++ /dev/null @@ -1,21 +0,0 @@ -# -# Makefile.am for .../testsuite -# -# Do not edit this file (Makefile.am) as it will be overwritten! -# - -AUTOMAKE_OPTIONS = dejagnu -EXTRA_DIST = $(wildcard tests/*.out) $(wildcard tests/*.err) $(wildcard tests/*.ycp) $(wildcard tests/*.yh) - -testsuite_prepare = @ydatadir@/testsuite/Makefile.testsuite - -all-local: $(testsuite_prepare) - make -f $(testsuite_prepare) RPMNAME=$(RPMNAME) srcdir=$(srcdir) - -clean-local: $(testsuite_prepare) - make -f $(testsuite_prepare) RPMNAME=$(RPMNAME) srcdir=$(srcdir) clean - -check-local: $(testsuite_prepare) - make -f $(testsuite_prepare) RPMNAME=$(RPMNAME) srcdir=$(srcdir) check - -# EOF diff --git a/CASA-auth-token/yast2-casa-ats/yast2-casa-ats.spec.in b/CASA-auth-token/yast2-casa-ats/yast2-casa-ats.spec.in index 98495afd..20475537 100644 --- a/CASA-auth-token/yast2-casa-ats/yast2-casa-ats.spec.in +++ b/CASA-auth-token/yast2-casa-ats/yast2-casa-ats.spec.in @@ -1,8 +1,8 @@ @HEADER-COMMENT@ @HEADER@ -Requires: yast2 -BuildRequires: perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-testsuite +Requires: yast2 CASA_auth_token_svc +BuildRequires: perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-testsuite CASA_auth_token_svc yast2-themes-NLD BuildArchitectures: noarch @@ -28,4 +28,7 @@ Summary: Configuration of casa-ats @clientdir@/*.ycp @moduledir@/CasaAts.* @desktopdir@/casa-ats.desktop +@themedir@/NLD/icons/22x22/apps/*.png +@themedir@/NLD/icons/32x32/apps/*.png +@themedir@/NLD/icons/48x48/apps/*.png %doc @docdir@