Author: mcalmer Date: Mon Jun 30 17:45:21 2008 New Revision: 48681 URL: http://svn.opensuse.org/viewcvs/yast?rev=48681&view=rev Log: proposal: get all ip addresses of the system and try to resolve the hostname of them. Write IPs and Hostnames into SubjectAlternativeName. This hopefully make the created Certificate usable even if hostname --long returns the wrong hostname. Modified: trunk/ca-management/src/CaMgm.ycp trunk/ca-management/src/ca_mgm_proposal.ycp trunk/ca-management/src/new_cert_read_write.ycp trunk/ca-management/src/util.ycp Modified: trunk/ca-management/src/CaMgm.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/CaMgm.ycp?rev=48681&r1=48680&r2=48681&view=diff ============================================================================== --- trunk/ca-management/src/CaMgm.ycp (original) +++ trunk/ca-management/src/CaMgm.ycp Mon Jun 30 17:45:21 2008 @@ -135,6 +135,7 @@ global string prop_state = ""; global symbol prop_selection = `def; // `none, `disk +global list<map> prop_subject_alt_name_list = []; global boolean adv_subject_alt_name_show_email = false; Modified: trunk/ca-management/src/ca_mgm_proposal.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/ca_mgm_proposal.ycp?rev=48681&r1=48680&r2=48681&view=diff ============================================================================== --- trunk/ca-management/src/ca_mgm_proposal.ycp (original) +++ trunk/ca-management/src/ca_mgm_proposal.ycp Mon Jun 30 17:45:21 2008 @@ -29,6 +29,7 @@ import "String"; include "ca-management/new_cert_read_write.ycp"; + include "ca-management/util.ycp"; string func = (string)WFM::Args(0); map param = (map)WFM::Args(1); @@ -41,7 +42,18 @@ string proposal = ""; string warning = nil; symbol warning_level = nil; - + + list<map> host_ips = getHostIPs (); + string hostname_bak = ""; + + foreach(map elem, host_ips, { + if(elem["kind"]:"" == "DNS") + { + hostname_bak = elem["name"]:""; + } + CaMgm::prop_subject_alt_name_list = add (CaMgm::prop_subject_alt_name_list, elem); + }); + map retmap = (map) SCR::Execute (.target.bash_output, "/bin/hostname --long", $[] ); @@ -52,8 +64,15 @@ || !CaMgm::prop_emailChanged || force_reset)) { - ret = add( ret, "warning", _("Cannot evaluate the name of the local machine. Change the values of Server Name and E-Mail.")); - ret = add( ret, "warning_level", `blocker ); + if(hostname_bak == "") + { + ret = add( ret, "warning", _("Cannot evaluate the name of the local machine. Change the values of Server Name and E-Mail.")); + ret = add( ret, "warning_level", `blocker ); + } + else + { + retmap["stdout"] = hostname_bak; + } } string longhostname = strip(retmap["stdout"]:"linux.site"); Modified: trunk/ca-management/src/new_cert_read_write.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/new_cert_read_write.ycp?rev=48681&r1=48680&r2=48681&view=diff ============================================================================== --- trunk/ca-management/src/new_cert_read_write.ycp (original) +++ trunk/ca-management/src/new_cert_read_write.ycp Mon Jun 30 17:45:21 2008 @@ -757,6 +757,9 @@ param["certType"] = "server"; param["caPasswd"] = getPassword(CaMgm::currentCA); //param["notext"] = "1"; + foreach(map elem, CaMgm::prop_subject_alt_name_list, { + CaMgm::adv_subject_alt_name_list = add (CaMgm::adv_subject_alt_name_list, elem); + }); } if (kind == "Client Certificate") { Modified: trunk/ca-management/src/util.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/util.ycp?rev=48681&r1=48680&r2=48681&view=diff ============================================================================== --- trunk/ca-management/src/util.ycp (original) +++ trunk/ca-management/src/util.ycp Mon Jun 30 17:45:21 2008 @@ -1425,7 +1425,65 @@ return success; } - + + define list<map> getHostIPs () ``{ + list<map> ret = []; + + list <string> ip_addresses = splitstring( + ((map<string, any>)SCR::Execute(.target.bash_output, "ip -f inet -o addr | awk '{print $4}' | awk -F \/ '{print $1}' | tr '\n' ','"))["stdout"]:"", ",") ; + + + foreach(string ip, ip_addresses, { + // skip localhost addresses + if(ip != "127.0.0.1" && ip != "127.0.0.2" && ip != "") + { + // add the IP address + map new_entry = $[]; + new_entry["kind"] = "IP"; + new_entry["name"] = ip; + + ret = add (ret, new_entry); + + // first ask the DNS server about the name for this IP address + list<string> hostnames = splitstring( + ((map<string,any>)SCR::Execute(.target.bash_output, sformat("dig +noall +answer -x %1 | awk '{print $5}' | sed 's/\.$//'| tr '\n' '|'", ip)))["stdout"]:"", "|"); + + boolean found = false; + foreach(string hname, hostnames, { + if(hname != "") + { + // add the names + found = true; + map new_entry = $[]; + new_entry["kind"] = "DNS"; + new_entry["name"] = hname; + + ret = add (ret, new_entry); + } + }); + // If not found, ask the hosts file about the IP address + if(!found) + { + list<string> hostnames = splitstring( + ((map<string,any>)SCR::Execute(.target.bash_output, sformat("getent hosts %1 | awk '{print $2}' | sed 's/\.$//'| tr '\n' '|'", ip)))["stdout"]:"", "|"); + + foreach(string hname, hostnames, { + if(hname != "") + { + // add the names + map new_entry = $[]; + new_entry["kind"] = "DNS"; + new_entry["name"] = hname; + + ret = add (ret, new_entry); + } + }); + } + } + }); + y2milestone("getHostIPs return: %1", ret); + return ret; + } // EOF } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org