diff --git a/package/yast2-users.changes b/package/yast2-users.changes index 7be488d75..01c63c4df 100644 --- a/package/yast2-users.changes +++ b/package/yast2-users.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Mar 12 16:15:56 UTC 2014 - varkoly@suse.com + +- Add plugin for kreating kerberos accounts +- Modify check for aviability of LDAP +- 3.1.15 + ------------------------------------------------------------------- Mon Mar 3 10:31:26 UTC 2014 - ckornacker@suse.com diff --git a/package/yast2-users.spec b/package/yast2-users.spec index e81d61e78..e93096f96 100644 --- a/package/yast2-users.spec +++ b/package/yast2-users.spec @@ -17,7 +17,7 @@ Name: yast2-users -Version: 3.1.14 +Version: 3.1.15 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff --git a/src/Makefile.am b/src/Makefile.am index d4c126bd5..404270b72 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -12,6 +12,7 @@ module_DATA = \ modules/UsersCache.pm \ modules/UsersPluginLDAPAll.pm \ modules/UsersPluginLDAPPasswordPolicy.pm \ + modules/UsersPluginKerberos.pm \ modules/UsersPasswd.pm module1dir = @moduledir@/YaPI @@ -64,4 +65,4 @@ desktop_DATA = \ EXTRA_DIST = $(module_DATA) $(module1_DATA) $(client_DATA) $(ynclude_DATA) $(scrconf_DATA) $(agent_SCRIPTS) $(schemafiles_DATA) $(desktop_DATA) -include $(top_srcdir)/Makefile.am.common \ No newline at end of file +include $(top_srcdir)/Makefile.am.common diff --git a/src/modules/UsersLDAP.pm b/src/modules/UsersLDAP.pm index fe3714798..61c96f982 100644 --- a/src/modules/UsersLDAP.pm +++ b/src/modules/UsersLDAP.pm @@ -190,20 +190,10 @@ sub ReadAvailable { my $self = shift; my $compat = 0; - my $passwd_source = SCR->Read (".etc.nsswitch_conf.passwd"); - if (defined $passwd_source) { - foreach my $source (split (/ /, $passwd_source)) { - if ($source eq "ldap" || $source eq "sss") { return 1; } - if ($source eq "compat") { $compat = 1; } - } - } - if ($compat) { - $passwd_source = SCR->Read (".etc.nsswitch_conf.passwd_compat"); - if (defined $passwd_source) { - foreach my $source (split (/ /, $passwd_source)) { - if ($source eq "ldap") { return 1; } - } - } + my $binddn = SCR->Read (".ldap_conf.v.binddn"); + + if (defined $binddn) { + return 1; } return 0; } @@ -225,7 +215,6 @@ sub Initialize { ReadLdap (); } Ldap->SetGUI ($use_gui); - my $ldap_mesg = Ldap->LDAPInitWithTLSCheck ({}); if ($ldap_mesg ne "") { Ldap->LDAPErrorMessage ("init", $ldap_mesg); diff --git a/src/modules/UsersPluginKerberos.pm b/src/modules/UsersPluginKerberos.pm new file mode 100644 index 000000000..b885f26fb --- /dev/null +++ b/src/modules/UsersPluginKerberos.pm @@ -0,0 +1,255 @@ +#! /usr/bin/perl -w +# ------------------------------------------------------------------------------ +# Copyright (c) 2006-2012 Novell, Inc. All Rights Reserved. +# +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of version 2 of the GNU General Public License as published by the +# Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, contact Novell, Inc. +# +# To contact Novell about this file by physical or electronic mail, you may find +# current contact information at www.novell.com. +# ------------------------------------------------------------------------------ +# + +# +# This is the API part of UsersPluginKerberos plugin: +# Creates the Kerberos principials +# +# For documentation and examples of function arguments and return values, see +# UsersPluginLDAPAll.pm + +package UsersPluginKerberos; + +use strict; + +use YaST::YCP qw(:LOGGING sformat); +use YaPI; +use Data::Dumper; + +textdomain("users"); + +our %TYPEINFO; + +##-------------------------------------- +##--------------------- global imports + +YaST::YCP::Import ("SCR"); + +##-------------------------------------- +##--------------------- global variables + +# error message, returned when some plugin function fails +my $error = ""; + +# internal name +my $name = "UsersPluginKerberos"; + +##---------------------------------------- +##--------------------- internal functions + +# internal function: +# check if given key (second parameter) is contained in a list (1st parameter) +# if 3rd parameter is true (>0), ignore case +sub contains { + my ($list, $key, $ignorecase) = @_; + if (!defined $list || ref ($list) ne "ARRAY" || @{$list} == 0) { + return 0; + } + if ($ignorecase) { + if ( grep /^\Q$key\E$/i, @{$list} ) { + return 1; + } + } else { + if ( grep /^\Q$key\E$/, @{$list} ) { + return 1; + } + } + return 0; +} + +##------------------------------------------ +##--------------------- global API functions + +# All functions have 2 "any" parameters: these mean: +# 1st: configuration map (hash) - e.g. saying if we work with user or group +# 2nd: data map (hash) of user/group to work with +# for details, see UsersPluginLDAPAll.pm + +# Return the names of provided functions +BEGIN { $TYPEINFO{Interface} = ["function", ["list", "string"], "any", "any"];} +sub Interface { + + my $self = shift; + my @interface = ( + "Name", + "Summary", + "Restriction", + "Write", + "Add", + "AddBefore", + "Edit", + "EditBefore", + "Interface", + "PluginPresent", + "PluginRemovable", + "Error", + ); + return \@interface; +} + +# return error message, generated by plugin +BEGIN { $TYPEINFO{Error} = ["function", "string", "any", "any"];} +sub Error { + + return $error; +} + + +# return plugin name, used for GUI (translated) +BEGIN { $TYPEINFO{Name} = ["function", "string", "any", "any"];} +sub Name { + + # plugin name + return __("Kerberos Configuration"); +} + +##------------------------------------ +# Return plugin summary (to be shown in table with all plugins) +BEGIN { $TYPEINFO{Summary} = ["function", "string", "any", "any"];} +sub Summary { + + my ($self, $config, $data) = @_; + + # user plugin summary (table item) + return __("No Kerberos Management for Groups") if ($config->{"what"} eq "group"); + + # user plugin summary (table item) + return __("Manage Kerberos Principials"); +} + +##------------------------------------ +# Checks the current data map of user/group (2nd parameter) and returns +# true if given user/group has this plugin enabled +BEGIN { $TYPEINFO{PluginPresent} = ["function", "boolean", "any", "any"];} +sub PluginPresent { + my ($self, $config, $data) = @_; + + if ($config->{"what"} eq "group") { + y2debug ("Kerberos plugin not present"); + return 0; + } + my $out = SCR->Execute (".target.bash_output", '/usr/lib/mit/sbin/kadmin.local -nq "list_principals '.$data->{uid}.'*" | grep '.$data->{uid}.'*'); + if ($out->{"stdout"} =~ /^$data->{uid}/ ) { + y2milestone ("Kerberos plugin present"); + return 1; + } else { + y2milestone ("Kerberos plugin not present"); + return 0; + } +} + +##------------------------------------ +# Is it possible to remove this plugin from user/group: setting all quota +# values to 0. +BEGIN { $TYPEINFO{PluginRemovable} = ["function", "boolean", "any", "any"];} +sub PluginRemovable { + + return YaST::YCP::Boolean (0); +} + + +##------------------------------------ +# Type of objects this plugin is restricted to. +# Plugin is restricted to local users +BEGIN { $TYPEINFO{Restriction} = ["function", + ["map", "string", "any"], "any", "any"];} +sub Restriction { + + return { + "ldap" => 1, + "group" => 0, + "user" => 1 + }; +} + + +# this will be called at the beggining of Users::AddUser/AddGroup +# Check if it is possible to add this plugin here. +# (Could be called multiple times for one user/group) +BEGIN { $TYPEINFO{AddBefore} = ["function", + ["map", "string", "any"], + "any", "any"]; +} +sub AddBefore { + + my ($self, $config, $data) = @_; + + return $data; +} + +# This will be called at the end of Users::Add* : modify the object map +# with quota data +BEGIN { $TYPEINFO{Add} = ["function", ["map", "string", "any"], "any", "any"];} +sub Add { + + my ($self, $config, $data) = @_; + y2debug ("Add Kerveros called"); + return $data; +} + +# This will be called at the beggining of Users::EditUser/EditGroup +# Check if it is possible to add this plugin here. +# (Could be called multiple times for one user/group) +BEGIN { $TYPEINFO{EditBefore} = ["function", + ["map", "string", "any"], + "any", "any"]; +} +sub EditBefore { + + my ($self, $config, $data) = @_; + + return $data; +} + +# This will be called at the end of Users::Edit* : modify the object map +# with quota data +BEGIN { $TYPEINFO{Edit} = ["function", + ["map", "string", "any"], + "any", "any"]; +} +sub Edit { + my ($self, $config, $data) = @_; + y2debug ("Edit Kerberos called"); + return $data; +} + +# What should be done after user is finally written (this is called only once) +BEGIN { $TYPEINFO{Write} = ["function", "boolean", "any", "any"];} +sub Write { + + my ($self, $config, $data) = @_; + +#y2milestone(Dumper($data)); + if( $data->{what} eq 'add_user' ) { + my $out = SCR->Execute (".target.bash_output", '/usr/lib/mit/sbin/kadmin.local -q "addprinc -pw '.$data->{text_userpassword}.' '.$data->{uid}.'"'); + } + elsif( $data->{what} eq 'del_user' ) { + my $out = SCR->Execute (".target.bash_output", '/usr/lib/mit/sbin/kadmin.local -q "delprinc '.$data->{uid}.'"'); + } + elsif( $data->{what} eq 'edit_user' ) { + if( defined $data->{text_userpassword} ) { + my $out = SCR->Execute (".target.bash_output", '/usr/lib/mit/sbin/kadmin.local -q "change_password -pw '.$data->{text_userpassword}.' '.$data->{uid}.'"'); + } + } + return YaST::YCP::Boolean (1); +} +42 +# EOF