1230 lines
33 KiB
Plaintext
1230 lines
33 KiB
Plaintext
/***********************************************************************
|
|
*
|
|
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; version 2.1
|
|
* of the License.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Library Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, Novell, Inc.
|
|
*
|
|
* To contact Novell about this file by physical or electronic mail,
|
|
* you may find current contact information at www.novell.com.
|
|
*
|
|
***********************************************************************/
|
|
|
|
/**
|
|
* File: include/casa-ats/dialogs.ycp
|
|
* Package: Configuration of casa-ats
|
|
* Summary: Dialogs definitions
|
|
* Authors: Juan Carlos Luciani <jluciani@novell.com>
|
|
* Ryan Partridge <rpartridge@novell.com>
|
|
*
|
|
* $Id: dialogs.ycp 27914 2006-02-13 14:32:08Z locilka $
|
|
*/
|
|
|
|
{
|
|
|
|
textdomain "casa-ats";
|
|
|
|
import "Label";
|
|
import "Popup";
|
|
import "Wizard";
|
|
import "Confirm";
|
|
import "CasaAts";
|
|
import "Report";
|
|
import "Address";
|
|
import "URL";
|
|
|
|
include "casa-ats/helps.ycp";
|
|
include "casa-ats/complex.ycp";
|
|
|
|
/**
|
|
* Current authentication realm lists.
|
|
*
|
|
*/
|
|
list<string> realmLdapUrlList = [];
|
|
list<string> realmSearchRootList = [];
|
|
|
|
|
|
/**
|
|
* Search Root edit dialog
|
|
* @param id id of the edited context
|
|
* @param entry edited entry
|
|
* @return context or nil, if canceled
|
|
*/
|
|
define term SearchRootEditDialog(integer id, term currVal) {
|
|
|
|
y2milestone("SearchRootEditDialog Executing");
|
|
|
|
term context = nil;
|
|
context = `item(`id(id));
|
|
|
|
UI::OpenDialog(`opt(`decorated),
|
|
`VBox(
|
|
`HSpacing(1),
|
|
`VBox(
|
|
`TextEntry(`id(`context), _("&Search Root Context (i.e. cn=users,o=novell)"), currVal[1]:"")
|
|
),
|
|
`HSpacing(1),
|
|
`HBox(
|
|
`PushButton(`id(`ok), `opt(`default), Label::OKButton()),
|
|
`PushButton(`id(`cancel), Label::CancelButton())
|
|
)
|
|
)
|
|
);
|
|
|
|
UI::SetFocus(`id(`context));
|
|
|
|
any ret = nil;
|
|
while (true) {
|
|
ret = UI::UserInput();
|
|
if (ret != `ok) break;
|
|
|
|
string value = (string) UI::QueryWidget(`id(`context), `Value);
|
|
context = add(context, value);
|
|
break;
|
|
}
|
|
|
|
UI::CloseDialog();
|
|
|
|
y2milestone("SearchRootEditDialog Exiting");
|
|
|
|
if (ret != `ok) return nil;
|
|
y2debug("context=%1", context);
|
|
return context;
|
|
}
|
|
|
|
|
|
/**
|
|
* Authentication Realm Edit Search Roots dialog
|
|
* @return dialog result
|
|
*/
|
|
any AuthRealmEditSearchRootsDialog() {
|
|
|
|
y2milestone("AuthRealmEditSearchRootsDialog Executing");
|
|
|
|
string caption = _("CASA Authentication Realm Search Roots Configuration");
|
|
|
|
/* dialog help 1/2*/
|
|
string help = _("<p>Configure the search roots for the authentication
|
|
realm in this dialog.</p>
|
|
") +
|
|
|
|
/* dialog help 2/2*/
|
|
_("<br><p>The <b>Search Roots</b> list the LDAP contexts containing
|
|
entities that may be authenticated by the Authentication Token Server. The order
|
|
shown in the list matches the order utilized by the server when performing
|
|
searches while trying to authenticate an entity.</p>
|
|
");
|
|
|
|
integer max = 0;
|
|
integer items = 0;
|
|
list<term> table_items = [];
|
|
list<string> searchRootList = realmSearchRootList;
|
|
|
|
// Read list of search roots already configured for this realm
|
|
foreach (string value, searchRootList, {
|
|
term context = `item(`id(items));
|
|
context = add(context, value);
|
|
table_items = add(table_items, context);
|
|
items = items + 1;
|
|
max = max + 1;
|
|
});
|
|
|
|
/* Dialog contents */
|
|
term contents = `HBox(
|
|
`HSpacing(5),
|
|
`VBox(
|
|
`VStretch(),
|
|
`Frame(_("Search Roots"),
|
|
`VBox(
|
|
`Table(`id(`table), `opt(`notify), `header(_("Context")), []),
|
|
`HBox(`PushButton(`id(`add), _("Ad&d")),
|
|
`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
|
|
`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))))),
|
|
`VStretch()
|
|
),
|
|
`HSpacing(5)
|
|
);
|
|
|
|
|
|
Wizard::SetContentsButtons(caption, contents, help,
|
|
Label::BackButton(), Label::OKButton());
|
|
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::SetFocus(`id(`table));
|
|
|
|
any ret = nil;
|
|
while (true) {
|
|
|
|
UI::ChangeWidget(`id(`edit), `Enabled, items > 0);
|
|
UI::ChangeWidget(`id(`delete), `Enabled, items > 0);
|
|
|
|
y2milestone("AuthRealmEditSearchRootsDialog waiting for user input");
|
|
ret = UI::UserInput();
|
|
|
|
/* abort? */
|
|
if (ret == `abort || ret == `cancel || ret == `back) {
|
|
if (Popup::ReallyAbort(true)) break;
|
|
else continue;
|
|
}
|
|
/* edit context */
|
|
else if (ret == `edit) {
|
|
y2milestone("Edit Search Root Entry Invoked");
|
|
integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem);
|
|
list<term> cur_item = filter(term e, table_items, {
|
|
return cur == e[0, 0]:nil;
|
|
});
|
|
|
|
y2debug("cur=%1", cur);
|
|
y2debug("cur_item=%1", cur_item);
|
|
|
|
term item = cur_item[0]:nil;
|
|
item = SearchRootEditDialog(cur, item);
|
|
if(item == nil) continue;
|
|
|
|
table_items = maplist(term e, table_items, {
|
|
if(cur == e[0, 0]:-1)
|
|
return item;
|
|
return e;
|
|
});
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`table), `CurrentItem, cur);
|
|
continue;
|
|
}
|
|
/* add context */
|
|
else if (ret == `add) {
|
|
y2milestone("Add Search Root Entry Invoked");
|
|
term item = SearchRootEditDialog(max, `empty());
|
|
if (item == nil) continue;
|
|
|
|
table_items = add(table_items, item);
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`table), `CurrentItem, max);
|
|
items = items + 1;
|
|
max = max + 1;
|
|
continue;
|
|
}
|
|
/* delete context */
|
|
else if (ret == `delete) {
|
|
y2milestone("Delete Search Root Entry Invoked");
|
|
items = items - 1;
|
|
integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem);
|
|
table_items = filter(term e, table_items, {
|
|
return cur != e[0, 0]:nil;
|
|
});
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
continue;
|
|
}
|
|
else if (ret == `next) {
|
|
realmSearchRootList = [];
|
|
foreach (term value, table_items,{
|
|
realmSearchRootList = add(realmSearchRootList, value[1]:"");
|
|
});
|
|
break;
|
|
}
|
|
else {
|
|
y2error("unexpected retcode: %1", ret);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
y2milestone("AuthRealmEditSearchRootsDialog Exiting");
|
|
|
|
return ret;
|
|
}
|
|
|
|
|
|
/**
|
|
* LDAP Url edit dialog
|
|
* @param id id of the edited url
|
|
* @param entry edited entry
|
|
* @return url or nil, if canceled
|
|
*/
|
|
define term LDAPUrlEditDialog(integer id, term currVal) {
|
|
|
|
y2milestone("LDAPUrlEditDialog Executing");
|
|
|
|
term url = nil;
|
|
url = `item(`id(id));
|
|
|
|
UI::OpenDialog(`opt(`decorated),
|
|
`VBox(
|
|
`HSpacing(1),
|
|
`VBox(
|
|
`TextEntry(`id(`url), _("&Url (i.e. ldaps://ats1.novell.com)"), currVal[1]:"")
|
|
),
|
|
`HSpacing(1),
|
|
`HBox(
|
|
`PushButton(`id(`ok), `opt(`default), Label::OKButton()),
|
|
`PushButton(`id(`cancel), Label::CancelButton())
|
|
)
|
|
));
|
|
|
|
UI::SetFocus(`id(`url));
|
|
|
|
any ret = nil;
|
|
while (true) {
|
|
ret = UI::UserInput();
|
|
if (ret != `ok) break;
|
|
|
|
string value = (string) UI::QueryWidget(`id(`url), `Value);
|
|
|
|
// Check the Url
|
|
if (URL::Check(value) == true) {
|
|
map urlComponents = URL::Parse(value);
|
|
string scheme = tolower(urlComponents["scheme"]:"");
|
|
if (scheme == "ldaps" || scheme == "ldap") {
|
|
if (urlComponents["host"]:"" != "") {
|
|
url = add(url, value);
|
|
|
|
// Report warning if not using SSL
|
|
if (scheme == "ldap")
|
|
Report::Warning(_("Not using LDAPS is a security risk"));
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
Report::Error(_("URL entered is not valid"));
|
|
}
|
|
|
|
UI::CloseDialog();
|
|
|
|
y2milestone("LDAPUrlEditDialog Exiting");
|
|
|
|
if (ret != `ok) return nil;
|
|
y2debug("url=%1", url);
|
|
return url;
|
|
}
|
|
|
|
|
|
/**
|
|
* Authentication Realm Edit LDAP Urls dialog
|
|
* @return dialog result
|
|
*/
|
|
any AuthRealmEditLDAPUrlsDialog() {
|
|
|
|
y2milestone("AuthRealmEditLDAPUrlsDialog Executing");
|
|
|
|
string caption = _("CASA Authentication LDAP Server URL Configuration");
|
|
|
|
/* dialog help 1/2*/
|
|
string help = _("<p>Configure the URLs of the LDAP servers in this dialog.</p>
|
|
") +
|
|
|
|
/* dialog help 2/2*/
|
|
_("<br><p>The <b>LDAP URLs</b> list the URLs of the LDAP Servers that the
|
|
Authentication Token Server should contact for realm information. Configuring
|
|
multiple LDAP Server resources improves fault tolerance.</p>
|
|
");
|
|
|
|
integer max = 0;
|
|
integer items = 0;
|
|
list<term> table_items = [];
|
|
list<string> ldapUrlList = realmLdapUrlList;
|
|
|
|
// Read list of ldap urls already configured for this realm
|
|
foreach (string value, ldapUrlList, {
|
|
term context = `item(`id(items));
|
|
context = add(context, value);
|
|
table_items = add(table_items, context);
|
|
items = items + 1;
|
|
max = max + 1;
|
|
});
|
|
|
|
/* Dialog contents */
|
|
term contents = `HBox(
|
|
`HSpacing(5),
|
|
`VBox(
|
|
`VStretch(),
|
|
`Frame(_("LDAP Server URLs"),
|
|
`VBox(
|
|
`Table(`id(`table), `opt(`notify), `header(_("Url") + " "), []),
|
|
`HBox(`PushButton(`id(`add), _("Ad&d")),
|
|
`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
|
|
`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))
|
|
)
|
|
)),
|
|
`VStretch()
|
|
),
|
|
`HSpacing(5)
|
|
);
|
|
|
|
|
|
Wizard::SetContentsButtons(caption, contents, help,
|
|
Label::BackButton(), Label::OKButton());
|
|
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::SetFocus(`id(`table));
|
|
|
|
any ret = nil;
|
|
while (true) {
|
|
|
|
UI::ChangeWidget(`id(`edit), `Enabled, items > 0);
|
|
UI::ChangeWidget(`id(`delete), `Enabled, items > 0);
|
|
|
|
y2milestone("AuthRealmEditLDAPUrlsDialog waiting for user input");
|
|
ret = UI::UserInput();
|
|
|
|
/* abort? */
|
|
if (ret == `abort || ret == `cancel || ret == `back) {
|
|
if (Popup::ReallyAbort(true)) break;
|
|
else continue;
|
|
}
|
|
/* edit context */
|
|
else if (ret == `edit) {
|
|
y2milestone("Edit LDAP Url Entry Invoked");
|
|
integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem);
|
|
list<term> cur_item = filter(term e, table_items, {
|
|
return cur == e[0, 0]:nil;
|
|
});
|
|
|
|
y2debug("cur=%1", cur);
|
|
y2debug("cur_item=%1", cur_item);
|
|
|
|
term item = cur_item[0]:nil;
|
|
item = LDAPUrlEditDialog(cur, item);
|
|
if(item == nil) continue;
|
|
|
|
table_items = maplist(term e, table_items, {
|
|
if(cur == e[0, 0]:-1)
|
|
return item;
|
|
return e;
|
|
});
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`table), `CurrentItem, cur);
|
|
|
|
continue;
|
|
}
|
|
else if (ret == `add) {
|
|
y2milestone("Add LDAP Url Entry Invoked");
|
|
term item = LDAPUrlEditDialog(max, `empty());
|
|
if (item == nil) continue;
|
|
|
|
table_items = add(table_items, item);
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`table), `CurrentItem, max);
|
|
items = items + 1;
|
|
max = max + 1;
|
|
|
|
continue;
|
|
}
|
|
else if (ret == `delete) {
|
|
y2milestone("Delete LDAP Url Entry Invoked");
|
|
items = items - 1;
|
|
integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem);
|
|
table_items = filter(term e, table_items, {
|
|
return cur != e[0, 0]:nil;
|
|
});
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
|
|
continue;
|
|
}
|
|
else if (ret == `next) {
|
|
realmLdapUrlList = [];
|
|
foreach (term value, table_items,{
|
|
realmLdapUrlList = add(realmLdapUrlList, value[1]:"");
|
|
});
|
|
break;
|
|
}
|
|
else {
|
|
y2error("unexpected retcode: %1", ret);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
y2milestone("AuthRealmEditLDAPUrlsDialog Exiting");
|
|
|
|
return ret;
|
|
}
|
|
|
|
|
|
/**
|
|
* Authentication Realm edit dialog
|
|
* @param currVal current value
|
|
* @return realm or nil, if canceled
|
|
*/
|
|
define map AuthRealmEditDialog(map currVal) {
|
|
|
|
y2milestone("AuthRealmEditDialog Executing");
|
|
|
|
map realm = $[];
|
|
|
|
string caption = _("CASA Authentication Realm Setup");
|
|
|
|
/* dialog help 1/7*/
|
|
string help = _("<p>This dialog configures an Authentication Realm.</p>
|
|
") +
|
|
|
|
/* dialog help 2/7*/
|
|
_("<br><p>The <b>LDAP URLs</b> list the URLs of the LDAP Servers that the
|
|
Authentication Token Server should contact for realm information. Configuring
|
|
multiple LDAP Server resources improves fault tolerance.</p>
|
|
") +
|
|
|
|
/* dialog help 3/7*/
|
|
_("<br><p>The <b>Directory Type</b> specifies the type of directory utilized
|
|
in the realm. This is used to resolve issues related to schema differences.</p>
|
|
") +
|
|
|
|
/* dialog help 4/7*/
|
|
_("<br><p>The <b>Authentication Mechanisms</b> box allows you to configure the
|
|
mechanisms that can be utilized to authenticate an entity to the realm.</p>
|
|
") +
|
|
|
|
/* dialog help 5/7*/
|
|
_("<br><p>The <b>Proxy User Credentials</b> specify the credentials that the
|
|
Authentication Token Service should utilize to authenticate to the realm for the
|
|
purpose of performing searches and obtaining information about authenticated
|
|
entities.
|
|
") +
|
|
|
|
/* dialog help 6/7*/
|
|
_("<br><p>The <b>LDAP Server Urls</b> button allows you to configure the
|
|
URLs of the LDAP Servers associated with the realm.</p>
|
|
") +
|
|
|
|
/* dialog help 7/7*/
|
|
_("<br><p>The <b>Search Roots</b> button allows you to configure the
|
|
LDAP contexts containing entities that can be authenticated.</p>
|
|
");
|
|
|
|
// Setup realm parameters with default values in variables that
|
|
// can be easily used.
|
|
string realm_id = "";
|
|
boolean edir_type = true;
|
|
boolean ad_type = false;
|
|
boolean passwd_mech = true;
|
|
boolean krb_mech = false;
|
|
string proxy_username = "";
|
|
string proxy_passwd = "";
|
|
string reentered_passwd = "";
|
|
realmLdapUrlList = [];
|
|
realmSearchRootList = [];
|
|
|
|
// Update the variables with the parameters passed-in
|
|
if (currVal != nil) {
|
|
realm_id = currVal["REALM_ID"]:"";
|
|
edir_type = currVal["EDIR_TYPE"]:true;
|
|
ad_type = currVal["AD_TYPE"]:false;
|
|
passwd_mech = currVal["PASSWD_MECH"]:true;
|
|
krb_mech = currVal["KRB_MECH"]:true;
|
|
proxy_username = currVal["PROXY_USERNAME"]:"";
|
|
proxy_passwd = currVal["PROXY_PASSWD"]:"";
|
|
reentered_passwd = proxy_passwd;
|
|
realmLdapUrlList = currVal["LDAP_URL_LIST"]:[];
|
|
realmSearchRootList = currVal["SEARCH_ROOT_LIST"]:[];
|
|
}
|
|
|
|
/* Dialog contents */
|
|
term contents = `HBox(
|
|
`HSpacing(3),
|
|
`VBox(
|
|
`VStretch(),
|
|
`TextEntry(`id(`realmid), _("Real&m Id"), realm_id),
|
|
`VSpacing(1),
|
|
`HBox(
|
|
`RadioButtonGroup(`id(`rb),
|
|
`VBox(
|
|
`Left(`Label("Directory Type?")),
|
|
`Left(`RadioButton(`id(`edir), "eDirector&y")),
|
|
`Left(`RadioButton(`id(`ad), "Acti&ve Directory" ))
|
|
)
|
|
),
|
|
`VBox(
|
|
`VStretch(),
|
|
`Frame(_("Authentication Mechanisms"),
|
|
`VBox(
|
|
`Left(`CheckBox(`id(`passwdmech), _("U&sername/Password"))),
|
|
`Left(`CheckBox(`id(`krbmech), _("&Kerberos V")))
|
|
)
|
|
),
|
|
`VStretch()
|
|
)
|
|
),
|
|
`VSpacing(1),
|
|
`VBox(
|
|
`Frame(_("Proxy User Credentials"),
|
|
`VBox(
|
|
`Left(`TextEntry(`id(`username), _("&Username (i.e. cn=admin,o=novell)"))),
|
|
`Left(`Password(`id(`passwd), (_("&Password") + " "))),
|
|
`Left(`Password(`id(`repasswd), (_("&Confirm Password") + " ")))
|
|
)
|
|
),
|
|
`VStretch()
|
|
),
|
|
`VSpacing(1),
|
|
`PushButton(`id(`urls), _("LDAP Server URLs")),
|
|
`VSpacing(1),
|
|
`PushButton(`id(`ctxs), _("Search Roots")),
|
|
`VStretch()
|
|
),
|
|
`HSpacing(3)
|
|
);
|
|
|
|
|
|
boolean set_initial_focus = true;
|
|
any ret = nil;
|
|
while (true) {
|
|
|
|
Wizard::SetContentsButtons(caption, contents, help,
|
|
Label::BackButton(), Label::OKButton());
|
|
|
|
UI::ChangeWidget(`id(`realmid), `Value, realm_id);
|
|
UI::ChangeWidget(`id(`edir), `Value, edir_type);
|
|
UI::ChangeWidget(`id(`ad), `Value, ad_type);
|
|
UI::ChangeWidget(`id(`krbmech), `Value, krb_mech);
|
|
UI::ChangeWidget(`id(`passwdmech), `Value, passwd_mech);
|
|
UI::ChangeWidget(`id(`username), `Value, proxy_username);
|
|
UI::ChangeWidget(`id(`passwd), `Value, proxy_passwd);
|
|
UI::ChangeWidget(`id(`repasswd), `Value, reentered_passwd);
|
|
|
|
if (set_initial_focus == true) {
|
|
UI::SetFocus(`id(`realmid));
|
|
set_initial_focus = false;
|
|
}
|
|
|
|
y2milestone("AuthRealmEditDialog waiting for user input");
|
|
ret = UI::UserInput();
|
|
|
|
// Refresh the local variables with the information in the widgets
|
|
realm_id = (string) UI::QueryWidget(`id(`realmid), `Value);
|
|
edir_type = (boolean) UI::QueryWidget(`id(`edir), `Value);
|
|
ad_type = (boolean) UI::QueryWidget(`id(`ad), `Value);
|
|
passwd_mech = (boolean) UI::QueryWidget(`id(`passwdmech), `Value);
|
|
krb_mech = (boolean) UI::QueryWidget(`id(`krbmech), `Value);
|
|
proxy_username = (string) UI::QueryWidget(`id(`username), `Value);
|
|
proxy_passwd = (string) UI::QueryWidget(`id(`passwd), `Value);
|
|
reentered_passwd = (string) UI::QueryWidget(`id(`repasswd), `Value);
|
|
|
|
/* abort? */
|
|
if (ret == `abort || ret == `cancel || ret == `back) {
|
|
// Update the local variables with
|
|
if (Popup::ReallyAbort(true)) break;
|
|
else
|
|
continue;
|
|
}
|
|
else if (ret == `next) {
|
|
y2milestone("Next entered");
|
|
|
|
// Do some parameter checking
|
|
if (realm_id == "") {
|
|
Report::Error(_("You must specify an Id for the realm."));
|
|
continue;
|
|
}
|
|
if (size(realmLdapUrlList) == 0) {
|
|
Report::Error(_("You must at least configure one LDAP URL."));
|
|
continue;
|
|
}
|
|
if (passwd_mech == false && krb_mech == false) {
|
|
Report::Error(_("You must specify at least one authentication mechanism."));
|
|
continue;
|
|
}
|
|
if (proxy_username == "") {
|
|
Report::Error(_("You must specify a Proxy Username for the realm."));
|
|
continue;
|
|
}
|
|
if (proxy_passwd == "") {
|
|
Report::Error(_("You must specify a Proxy Password for the realm."));
|
|
continue;
|
|
}
|
|
if (proxy_passwd != reentered_passwd) {
|
|
Report::Error(_("The specified Proxy Passwords do not match."));
|
|
proxy_passwd = "";
|
|
reentered_passwd = "";
|
|
continue;
|
|
}
|
|
if (ad_type == true && size(realmSearchRootList) == 0) {
|
|
Report::Error(_("You must specify a base search root for the realm."));
|
|
continue;
|
|
}
|
|
|
|
break;
|
|
}
|
|
else if (ret == `urls) {
|
|
y2milestone("Edit LDAP Urls Invoked");
|
|
|
|
/* Invoke the edit ldap urls dialog */
|
|
ret = AuthRealmEditLDAPUrlsDialog();
|
|
if (ret == `abort || ret == `cancel)
|
|
break;
|
|
|
|
continue;;
|
|
}
|
|
else if (ret == `ctxs) {
|
|
y2milestone("Edit Search Roots Invoked");
|
|
|
|
/* Invoke the edit search roots dialog */
|
|
ret = AuthRealmEditSearchRootsDialog();
|
|
if (ret == `abort || ret == `cancel)
|
|
break;
|
|
|
|
continue;;
|
|
}
|
|
else {
|
|
y2error("unexpected retcode: %1", ret);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
y2milestone("AuthRealmEditDialog Exiting");
|
|
|
|
if (ret != `next) {
|
|
realm = nil;
|
|
}
|
|
else {
|
|
realm["REALM_ID"] = realm_id;
|
|
realm["EDIR_TYPE"] = edir_type;
|
|
realm["AD_TYPE"] = ad_type;
|
|
realm["PASSWD_MECH"] = passwd_mech;
|
|
realm["KRB_MECH"] = krb_mech;
|
|
realm["PROXY_USERNAME"] = proxy_username;
|
|
realm["PROXY_PASSWD"] = proxy_passwd;
|
|
realm["LDAP_URL_LIST"] = realmLdapUrlList;
|
|
realm["SEARCH_ROOT_LIST"] = realmSearchRootList;
|
|
}
|
|
|
|
return realm;
|
|
}
|
|
|
|
|
|
/**
|
|
* ServerConfig dialog
|
|
*
|
|
*/
|
|
define void ServerConfigDialog() {
|
|
|
|
string caption = _("Casa Authentication Token Server Configuration");
|
|
|
|
/* dialog help 1/5 */
|
|
string help = _("<p>The CASA Authentication Token Server can be set
|
|
up in this dialog.</p>
|
|
") +
|
|
|
|
/* dialog help 2/5 */
|
|
_("<br><p>The <b>Authentication Realms</b> list the sources that can be used for
|
|
authenticating users.</p>
|
|
") +
|
|
|
|
/* dialog help 3/5 */
|
|
_("<br><p>Enable <b>Direct Access</b> to allow clients to contact the server
|
|
via port 2645. This opens the port through the Firewall. Direct Access requires
|
|
that you setup the Common Server Certificate. Please note that CASA Authentication
|
|
Token Clients expect that the Common Server Certificate be issued by a trusted
|
|
Certificate Authority.</p>
|
|
") +
|
|
|
|
/* dialog help 4/5 */
|
|
_("<br><p>Enable <b>Web Server Access</b> to allow clients to contact the server
|
|
via the Web Server (port 2645). The Apache Web Server should be installed and
|
|
enabled for this to work.</p>
|
|
") +
|
|
|
|
/* dialog help 5/5 */
|
|
_("<br><p>The <b>Reconfigure Interval</b> specifies the interval in seconds
|
|
between attempts by the server to re-read its configuration. A value of
|
|
zero means that the server only reads its configuration during start up.</p>
|
|
");
|
|
|
|
integer max = 0;
|
|
integer items = 0;
|
|
map<string, map> realms = (map<string, map>) CasaAts::Settings["CONFIG_CASAATS_REALMS"]:$[];
|
|
list<term> table_items = [];
|
|
boolean direct_access = CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false;
|
|
boolean web_access = CasaAts::Settings["CONFIG_CASAATS_WEB_ACCESS"]:false;
|
|
integer reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60;
|
|
|
|
// Read list of search roots already configured for this realm
|
|
foreach (string key, map realm, realms, {
|
|
term item = `item(`id(max));
|
|
item = add(item, realm["REALM_ID"]:"");
|
|
table_items = add(table_items, item);
|
|
items = items + 1;
|
|
max = max + 1;
|
|
});
|
|
|
|
/* Dialog contents */
|
|
term contents = nil;
|
|
if (CasaAts::Settings["WEB_SERVER_AVAILABLE"]:false == true)
|
|
{
|
|
contents = `HBox(
|
|
`HSpacing(5),
|
|
`VBox(
|
|
`VStretch(),
|
|
`Frame(_("Authentication Realms"),
|
|
`VBox(
|
|
`Table(`id(`table), `opt(`notify), `header(_("Realm")), []),
|
|
`HBox(`PushButton(`id(`add), _("Ad&d")),
|
|
`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
|
|
`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))
|
|
)
|
|
)
|
|
),
|
|
`VSpacing(1),
|
|
`Left(`CheckBox(`id(`direct), `opt(`notify), _("Direc&t Access"))),
|
|
`VSpacing(1),
|
|
`Left(`CheckBox(`id(`web), _("&Web Server Access"))),
|
|
`VSpacing(1),
|
|
`Left(`TextEntry(`id(`interval), _("Recon&figure Interval"))),
|
|
`VStretch()
|
|
),
|
|
`HSpacing(5)
|
|
);
|
|
}
|
|
else
|
|
{
|
|
contents = `HBox(
|
|
`HSpacing(5),
|
|
`VBox(
|
|
`VStretch(),
|
|
`Frame(_("Authentication Realms"),
|
|
`VBox(
|
|
`Table(`id(`table), `opt(`notify), `header(_("Realm")), []),
|
|
`HBox(`PushButton(`id(`add), _("Ad&d")),
|
|
`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
|
|
`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))
|
|
)
|
|
)
|
|
),
|
|
`VSpacing(1),
|
|
`Left(`CheckBox(`id(`direct), `opt(`notify), _("Direc&t Access"))),
|
|
`VSpacing(1),
|
|
`Left(`CheckBox(`id(`web), `opt(`disabled), _("&Web Server Access"))),
|
|
`VSpacing(1),
|
|
`Left(`TextEntry(`id(`interval), _("Recon&figure Interval"))),
|
|
`VStretch()
|
|
),
|
|
`HSpacing(5)
|
|
);
|
|
}
|
|
|
|
boolean set_initial_focus = true;
|
|
any ret = nil;
|
|
while (true) {
|
|
|
|
Wizard::SetContentsButtons(caption, contents, help,
|
|
Label::BackButton(), Label::OKButton());
|
|
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`direct), `Value, direct_access);
|
|
UI::ChangeWidget(`id(`web), `Value, web_access);
|
|
UI::ChangeWidget(`id(`interval), `Value, tostring(reconfig_interval));
|
|
|
|
if (set_initial_focus == true) {
|
|
UI::SetFocus(`id(`table));
|
|
set_initial_focus = false;
|
|
}
|
|
|
|
UI::ChangeWidget(`id(`edit), `Enabled, items > 0);
|
|
UI::ChangeWidget(`id(`delete), `Enabled, items > 0);
|
|
UI::ChangeWidget(`id(`cert), `Enabled, direct_access);
|
|
|
|
y2milestone("ServerConfig waiting for user input");
|
|
ret = UI::UserInput();
|
|
|
|
// Refresh the local variables with the information in the widgets
|
|
direct_access = (boolean) UI::QueryWidget(`id(`direct), `Value);
|
|
web_access = (boolean) UI::QueryWidget(`id(`web), `Value);
|
|
reconfig_interval = tointeger((string) UI::QueryWidget(`id(`interval), `Value));
|
|
|
|
if (ret == `abort || ret == `cancel || ret == `back) {
|
|
y2milestone("Abort, Cancel, or Back Invoked");
|
|
|
|
if (Popup::ReallyAbort(true)) break;
|
|
else continue;
|
|
}
|
|
else if (ret == `edit) {
|
|
y2milestone("Edit Authentication Realm Entry Invoked");
|
|
|
|
integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem);
|
|
list<term> cur_item = filter(term e, table_items, {
|
|
return cur == e[0, 0]:nil;
|
|
});
|
|
|
|
y2debug("cur=%1", cur);
|
|
y2debug("cur_item=%1", cur_item);
|
|
|
|
term item = cur_item[0]:nil;
|
|
|
|
// Find the realm associated with this item
|
|
map realm = lookup(realms, item[1]:"", nil);
|
|
if (realm == nil) continue;
|
|
|
|
y2milestone("Realm id : %1", realm["REALM_ID"]:"");
|
|
|
|
map editedRealm = AuthRealmEditDialog(realm);
|
|
if (editedRealm == nil) continue;
|
|
|
|
// Update the realm map and the table
|
|
realms = remove(realms, realm["REALM_ID"]:"");
|
|
realms = add(realms, editedRealm["REALM_ID"]:"", editedRealm);
|
|
item[1] = editedRealm["REALM_ID"]:"";
|
|
|
|
table_items = maplist(term e, table_items, {
|
|
if(cur == e[0, 0]:-1)
|
|
return item;
|
|
return e;
|
|
});
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`table), `CurrentItem, cur);
|
|
continue;
|
|
}
|
|
else if (ret == `add) {
|
|
y2milestone("Add Authentication Realm Entry Invoked");
|
|
|
|
map realm = AuthRealmEditDialog(nil);
|
|
if (realm == nil) continue;
|
|
|
|
y2milestone("Realm id : %1", realm["REALM_ID"]:"");
|
|
|
|
// Add the realm to the realm map and the table
|
|
realms = add(realms, realm["REALM_ID"]:"", realm);
|
|
term item = nil;
|
|
item = `item(`id(max));
|
|
item = add(item, realm["REALM_ID"]:"");
|
|
table_items = add(table_items, item);
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`table), `CurrentItem, max);
|
|
items = items + 1;
|
|
max = max + 1;
|
|
continue;
|
|
}
|
|
else if (ret == `delete) {
|
|
y2milestone("Delete Authentication Realm Entry Invoked");
|
|
|
|
items = items - 1;
|
|
integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem);
|
|
list<term> cur_item = filter(term e, table_items, {
|
|
return cur == e[0, 0]:nil;
|
|
});
|
|
table_items = filter(term e, table_items, {
|
|
return cur != e[0, 0]:nil;
|
|
});
|
|
|
|
term item = cur_item[0]:nil;
|
|
map realm = lookup(realms, item[1]:"", nil);
|
|
if (realm == nil) continue;
|
|
realms = remove(realms, realm["REALM_ID"]:"");
|
|
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
continue;
|
|
}
|
|
else if (ret == `next) {
|
|
y2milestone("Next Invoked");
|
|
|
|
/* Verify that a valid reconfigure interval has been entered */
|
|
reconfig_interval = tointeger(UI::QueryWidget(`id(`interval), `Value));
|
|
if (reconfig_interval == nil || reconfig_interval < 0) {
|
|
Report::Error(_("The reconfigure interval needs to be a non-negative number."));
|
|
reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60;
|
|
continue;
|
|
}
|
|
/* Verify that the server can be accessed */
|
|
if (direct_access != true && web_access != true) {
|
|
Report::Error(_("Specify server access type."));
|
|
continue;
|
|
}
|
|
/* Verify that at least one realm has been configured */
|
|
if (size(table_items) == 0) {
|
|
Report::Error(_("You must at least configure one Authentication Realm."));
|
|
continue;
|
|
}
|
|
|
|
// Save the server variables
|
|
CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms;
|
|
CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = direct_access;
|
|
CasaAts::Settings["CONFIG_CASAATS_WEB_ACCESS"] = web_access;
|
|
CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = reconfig_interval;
|
|
CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms;
|
|
break;
|
|
}
|
|
else {
|
|
y2error("unexpected retcode: %1", ret);
|
|
continue;
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Trusted ATS Address edit dialog
|
|
* @param id id of the edited address
|
|
* @param entry edited entry
|
|
* @return address or nil, if canceled
|
|
*/
|
|
define term TrustedATSEditDialog(integer id, term currVal) {
|
|
|
|
y2milestone("TrustedATSEditDialog Executing");
|
|
|
|
term address = nil;
|
|
address = `item(`id(id));
|
|
|
|
UI::OpenDialog(`opt(`decorated),`VBox(
|
|
`HSpacing(1),
|
|
`VBox(
|
|
/* TextEntry label */
|
|
`TextEntry(`id(`address), _("D&NS Name or Dotted IP Address"), currVal[1]:"")
|
|
),
|
|
`HSpacing(1),
|
|
`HBox(
|
|
`PushButton(`id(`ok), `opt(`default), Label::OKButton()),
|
|
`PushButton(`id(`cancel), Label::CancelButton())
|
|
)
|
|
));
|
|
|
|
UI::SetFocus(`id(`address));
|
|
|
|
any ret = nil;
|
|
while (true) {
|
|
ret = UI::UserInput();
|
|
if(ret != `ok) break;
|
|
|
|
string value = (string) UI::QueryWidget(`id(`address), `Value);
|
|
|
|
// Check the address
|
|
if (Address::Check4(value) == true) {
|
|
address = add(address, value);
|
|
break;
|
|
}
|
|
Report::Error(_("Address entered is not valid"));
|
|
}
|
|
|
|
UI::CloseDialog();
|
|
|
|
y2milestone("TrustedATSEditDialog Exiting");
|
|
|
|
if (ret != `ok) return nil;
|
|
y2debug("address=%1", address);
|
|
return address;
|
|
}
|
|
|
|
|
|
/**
|
|
* StartConfig dialog
|
|
* @return dialog result
|
|
*/
|
|
any StartConfigDialog() {
|
|
|
|
y2milestone("StartConfigDialog Executing");
|
|
|
|
string caption = _("Casa Authentication Token Service Configuration");
|
|
|
|
/* dialog help 1/3*/
|
|
string help = _("<br><p>The CASA Authentication Token Service can be set
|
|
up in this dialog.</p>
|
|
") +
|
|
|
|
/* dialog help 2/3*/
|
|
_("<br><p>The <b>Trusted Authentication Token Servers</b> list the addresses of all
|
|
remote servers that are trusted as authentication token issuers. Configured address
|
|
names must match the names used by the SSL Certificates of the servers.</p>
|
|
") +
|
|
|
|
/* dialog help 3/3*/
|
|
_("<br><p><b>Enable Server</b> to allow users to obtain Authentication Tokens
|
|
from this device. Please, <b>Configure Server</b> if enabled.</p>
|
|
");
|
|
|
|
integer max = 0;
|
|
integer items = 0;
|
|
list<string> trustedServerList = CasaAts::Settings["CONFIG_CASAATS_TRUSTED"]:[];
|
|
list<term> table_items = [];
|
|
boolean server_enabled = CasaAts::Settings["CONFIG_CASAATS_ENABLE"]:false;
|
|
|
|
// Ready list of Trusted ATSs already configured to be
|
|
// used with our table.
|
|
foreach (string value, trustedServerList, {
|
|
term address = `item(`id(items));
|
|
address = add(address, value);
|
|
table_items = add(table_items, address);
|
|
items = items + 1;
|
|
max = max + 1;
|
|
});
|
|
|
|
/* Dialog contents */
|
|
term contents = `HBox(
|
|
`HSpacing(5),
|
|
`VBox(
|
|
`VStretch(),
|
|
`Frame(_("Trusted Authentication Token Servers"),
|
|
`VBox(
|
|
`Table(`id(`table), `opt(`notify), `header(_("Address")), []),
|
|
`HBox(
|
|
`PushButton(`id(`add), _("Ad&d")),
|
|
`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
|
|
`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))
|
|
)
|
|
)),
|
|
`VSpacing(1),
|
|
`HBox(
|
|
`Left(`CheckBox(`id(`enablesvc),`opt(`notify), _("Enable &Server"))),
|
|
`PushButton(`id(`srvconfig), `opt(`disabled), _("Confi&gure Server"))
|
|
),
|
|
`VStretch()
|
|
),
|
|
`HSpacing(5)
|
|
);
|
|
|
|
|
|
boolean set_initial_focus = true;
|
|
any ret = nil;
|
|
while (true) {
|
|
|
|
Wizard::SetContentsButtons(caption, contents, help,
|
|
Label::BackButton(), Label::FinishButton());
|
|
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`enablesvc), `Value, server_enabled);
|
|
|
|
if (set_initial_focus == true) {
|
|
UI::SetFocus(`id(`table));
|
|
set_initial_focus = false;
|
|
}
|
|
|
|
UI::ChangeWidget(`id(`edit), `Enabled, items > 0);
|
|
UI::ChangeWidget(`id(`delete), `Enabled, items > 0);
|
|
UI::ChangeWidget(`id(`srvconfig), `Enabled, server_enabled == true);
|
|
|
|
y2milestone("StartConfigDialog waiting for user input");
|
|
ret = UI::UserInput();
|
|
|
|
// Refresh the local variables with the information in the widgets
|
|
server_enabled = (boolean) UI::QueryWidget(`id(`enablesvc), `Value);
|
|
|
|
if (ret == `abort || ret == `cancel || ret == `back) {
|
|
y2milestone("Abort, Cancel, or Back Invoked");
|
|
|
|
if (Popup::ReallyAbort(true)) break;
|
|
else continue;
|
|
}
|
|
else if (ret == `edit) {
|
|
y2milestone("Edit Trusted ATS Entry Invoked");
|
|
|
|
integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem);
|
|
list<term> cur_item = filter(term e, table_items, {
|
|
return cur == e[0, 0]:nil;
|
|
});
|
|
|
|
y2debug("cur=%1", cur);
|
|
y2debug("cur_item=%1", cur_item);
|
|
|
|
term item = cur_item[0]:nil;
|
|
item = TrustedATSEditDialog(cur, item);
|
|
if (item == nil) continue;
|
|
|
|
table_items = maplist(term e, table_items, {
|
|
if(cur == e[0, 0]:-1)
|
|
return item;
|
|
return e;
|
|
});
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`table), `CurrentItem, cur);
|
|
continue;
|
|
}
|
|
else if (ret == `add) {
|
|
y2milestone("Add Trusted ATS Entry Invoked");
|
|
|
|
term item = TrustedATSEditDialog(max, `empty());
|
|
if (item == nil) continue;
|
|
|
|
table_items = add(table_items, item);
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
UI::ChangeWidget(`id(`table), `CurrentItem, max);
|
|
items = items + 1;
|
|
max = max + 1;
|
|
continue;
|
|
}
|
|
else if (ret == `delete) {
|
|
y2milestone("Delete Trusted ATS Entry Invoked");
|
|
|
|
items = items - 1;
|
|
integer cur = (integer) UI::QueryWidget(`id(`table), `CurrentItem);
|
|
table_items = filter(term e, table_items, {
|
|
return cur != e[0, 0]:nil;
|
|
});
|
|
UI::ChangeWidget(`id(`table), `Items, table_items);
|
|
continue;
|
|
}
|
|
else if (ret == `enablesvc) {
|
|
y2milestone("Enabled Server changed");
|
|
|
|
continue;
|
|
}
|
|
else if (ret == `srvconfig) {
|
|
y2milestone("Config Server Invoked");
|
|
|
|
ServerConfigDialog();
|
|
continue;
|
|
}
|
|
else if (ret == `next) {
|
|
y2milestone("Next Invoked");
|
|
|
|
// Save the variables
|
|
trustedServerList = [];
|
|
foreach (term value, table_items,{
|
|
trustedServerList = add(trustedServerList, value[1]:"");
|
|
});
|
|
|
|
CasaAts::Settings["CONFIG_CASAATS_TRUSTED"] = trustedServerList;
|
|
CasaAts::Settings["CONFIG_CASAATS_ENABLE"] = server_enabled;
|
|
break;
|
|
}
|
|
else {
|
|
y2error("unexpected retcode: %1", ret);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
y2milestone("StartConfigDialog Exiting");
|
|
|
|
return ret;
|
|
}
|
|
|
|
|
|
/**
|
|
* Configure1 dialog
|
|
* @return dialog result
|
|
*/
|
|
any Configure1Dialog () {
|
|
|
|
/* CasaAts configure1 dialog caption */
|
|
string caption = _("CasaAts Configuration");
|
|
|
|
/* CasaAts configure1 dialog contents */
|
|
term contents = `Label (_("First part of configuration of casa-ats"));
|
|
|
|
Wizard::SetContentsButtons(caption, contents, HELPS["c1"]:"",
|
|
Label::BackButton(), Label::NextButton());
|
|
|
|
any ret = nil;
|
|
while(true) {
|
|
|
|
ret = UI::UserInput();
|
|
|
|
/* abort? */
|
|
if(ret == `abort || ret == `cancel) {
|
|
if(Popup::ReallyAbort(true)) break;
|
|
else continue;
|
|
}
|
|
else if(ret == `next || ret == `back) {
|
|
break;
|
|
}
|
|
else {
|
|
y2error("unexpected retcode: %1", ret);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* EOF */
|
|
}
|