Author: rhafer Date: Fri Jun 27 15:58:00 2008 New Revision: 48610 URL: http://svn.opensuse.org/viewcvs/yast?rev=48610&view=rev Log: initial work for support of TLS settings Modified: trunk/ldap-server/src/LdapServer.pm trunk/ldap-server/src/agent/SlapdConfigAgent.cc trunk/ldap-server/src/lib/backConfigTest.cpp trunk/ldap-server/src/lib/backConfigTest.h trunk/ldap-server/src/tree_structure.ycp trunk/ldap-server/src/widgets.ycp Modified: trunk/ldap-server/src/LdapServer.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=48610&r1=48609&r2=48610&view=diff ============================================================================== --- trunk/ldap-server/src/LdapServer.pm (original) +++ trunk/ldap-server/src/LdapServer.pm Fri Jun 27 15:58:00 2008 @@ -399,6 +399,21 @@ return 1; } +BEGIN { $TYPEINFO {GetTlsConfig} = ["function", [ "map", "string", "any" ] ]; } +sub GetTlsConfig +{ + return SCR->Read('.ldapserver.global.tlsSettings' ); +} + +BEGIN { $TYPEINFO {SetTlsConfig} = ["function", "boolean", [ "map", "string", "any" ] ]; } +sub SetTlsConfig +{ + my $self = shift; + my $tls = shift; + my $rc = SCR->Write('.ldapserver.global.tlsSettings', $tls ); + return 1; +} + BEGIN { $TYPEINFO {MigrateSlapdConf} = ["function", "boolean"]; } sub MigrateSlapdConf { Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfigAgent.cc?rev=48610&r1=48609&r2=48610&view=diff ============================================================================== --- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original) +++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Fri Jun 27 15:58:00 2008 @@ -285,6 +285,11 @@ const OlcTlsSettings tls( globals->getTlsSettings() ); ymap.add(YCPString("crlCheck"), YCPInteger( tls.getCrlCheck() ) ); ymap.add(YCPString("verifyClient"), YCPInteger( tls.getVerifyClient() ) ); + ymap.add(YCPString("caCertDir"), YCPString( tls.getCaCertDir() ) ); + ymap.add(YCPString("caCertFile"), YCPString( tls.getCaCertFile() ) ); + ymap.add(YCPString("certFile"), YCPString( tls.getCertFile() ) ); + ymap.add(YCPString("certKeyFile"), YCPString( tls.getCertKeyFile() ) ); + ymap.add(YCPString("crlFile"), YCPString( tls.getCrlFile() ) ); return ymap; } } @@ -366,7 +371,8 @@ if ( path->length() == 0 ) { return YCPNull(); } else { - if ( path->component_str(0) == "loglevel" ) { + if ( path->component_str(0) == "loglevel" ) + { y2milestone("Write loglevel"); YCPList levels = arg->asList(); std::list<std::string> levelList; @@ -377,7 +383,8 @@ globals->setLogLevel( levelList ); return YCPBoolean(true); } - if ( path->component_str(0) == "allow" ) { + if ( path->component_str(0) == "allow" ) + { y2milestone("Write allow Features"); YCPList features = arg->asList(); std::list<std::string> featureList; @@ -388,8 +395,9 @@ globals->setAllowFeatures( featureList ); return YCPBoolean(true); } - if ( path->component_str(0) == "disallow" ) { - y2milestone("Write allow Features"); + if ( path->component_str(0) == "disallow" ) + { + y2milestone("Write disallow Features"); YCPList features = arg->asList(); std::list<std::string> featureList; for ( int i = 0; i < features->size(); i++ ) @@ -399,6 +407,54 @@ globals->setDisallowFeatures( featureList ); return YCPBoolean(true); } + if ( path->component_str(0) == "tlsSettings" ) + { + y2milestone("Write TLS Settings"); + YCPMap tlsMap = arg->asMap(); + OlcTlsSettings tls( globals->getTlsSettings() ); + YCPMapIterator i= tlsMap.begin(); + for ( ; i != tlsMap.end(); i++ ) + { + std::string key(i.key()->asString()->value_cstr() ); + y2milestone("tlsMap Key: %s", key.c_str() ); + if ( key == "caCertDir" ) + { + if ( ! i.value().isNull() ) + tls.setCaCertDir(i.value()->asString()->value_cstr() ); + } + else if ( key == "caCertFile" ) + { + if ( ! i.value().isNull() ) + tls.setCaCertFile(i.value()->asString()->value_cstr() ); + } + else if ( key == "certFile" ) + { + if ( ! i.value().isNull() ) + tls.setCertFile(i.value()->asString()->value_cstr() ); + } + else if ( key == "certKeyFile" ) + { + if ( ! i.value().isNull() ) + tls.setCertKeyFile(i.value()->asString()->value_cstr() ); + } + else if ( key == "crlCheck" ) + { + } + else if ( key == "crlFile" ) + { + if ( ! i.value().isNull() ) + tls.setCrlFile (i.value()->asString()->value_cstr() ); + } + else if ( key == "verifyClient" ) + { + } + else + { + } + } + globals->setTlsSettings(tls); + return YCPBoolean(true); + } } return YCPBoolean(false); } Modified: trunk/ldap-server/src/lib/backConfigTest.cpp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/backConfigTest.cpp?rev=48610&r1=48609&r2=48610&view=diff ============================================================================== --- trunk/ldap-server/src/lib/backConfigTest.cpp (original) +++ trunk/ldap-server/src/lib/backConfigTest.cpp Fri Jun 27 15:58:00 2008 @@ -130,6 +130,12 @@ m_dbEntryChanged.addAttribute(LDAPAttribute("cn", "config")); } +OlcGlobalConfig::OlcGlobalConfig( const LDAPEntry &le) : OlcConfigEntry(le) +{ + std::cout << "OlcGlobalConfig::OlcGlobalConfig( const LDAPEntry &le) : OlcConfigEntry(le)" << std::endl; + +} + const std::vector<std::string> OlcGlobalConfig::getLogLevelString() const { StringList lvalues = this->getStringValues("olcLogLevel"); @@ -248,8 +254,15 @@ m_dbEntryChanged.addAttribute(LDAPAttribute("cn", "schema")); } -OlcTlsSettings OlcGlobalConfig::getTlsSettings() const { - return OlcTlsSettings( m_dbEntryChanged ); +OlcTlsSettings OlcGlobalConfig::getTlsSettings() const +{ + std::cout << "OlcTlsSettings OlcGlobalConfig::getTlsSettings() const " << std::endl; + return OlcTlsSettings( *this ); +} + +void OlcGlobalConfig::setTlsSettings( const OlcTlsSettings& tls ) +{ + tls.applySettings( *this ); } std::map<std::string, std::list<std::string> > OlcGlobalConfig::toMap() const @@ -697,7 +710,9 @@ } OlcTlsSettings::OlcTlsSettings( const OlcGlobalConfig &ogc ) + : m_crlCheck(0), m_verifyCient(0) { + std::cout << "OlcTlsSettings::OlcTlsSettings( const OlcGlobalConfig &ogc )" << std::endl; std::string value = ogc.getStringValue("olcTLSCRLCheck"); if ( value == "none" ) { @@ -731,6 +746,19 @@ m_caCertDir = ogc.getStringValue("olcTlsCaCertificatePath"); m_caCertFile = ogc.getStringValue("olcTlsCaCertificateFile"); + m_certFile = ogc.getStringValue("olcTlsCertificateFile"); + m_certKeyFile = ogc.getStringValue("olcTlsCertificateKeyFile"); + m_crlFile = ogc.getStringValue("olcTlsCrlFile"); +} + +void OlcTlsSettings::applySettings( OlcGlobalConfig &ogc ) const +{ + std::cout << "OlcTlsSettings::applySettings( OlcGlobalConfig &ogc )" << std::endl; + ogc.setStringValue("olcTlsCaCertificatePath", m_caCertDir); + ogc.setStringValue("olcTlsCaCertificateFile", m_caCertFile); + ogc.setStringValue("olcTlsCertificateFile", m_certFile); + ogc.setStringValue("olcTlsCertificateKeyFile", m_certKeyFile); + ogc.setStringValue("olcTlsCrlFile", m_crlFile); } int OlcTlsSettings::getCrlCheck() const @@ -761,6 +789,44 @@ return m_caCertFile; } +const std::string& OlcTlsSettings::getCertFile() const +{ + return m_certFile; +} +const std::string& OlcTlsSettings::getCertKeyFile() const +{ + return m_certKeyFile; +} +const std::string& OlcTlsSettings::getCrlFile() const +{ + return m_crlFile; +} + +void OlcTlsSettings::setCaCertDir(const std::string& dir) +{ + m_caCertDir = dir; +} + +void OlcTlsSettings::setCaCertFile(const std::string& file) +{ + m_caCertFile = file; +} + +void OlcTlsSettings::setCertFile(const std::string& file) +{ + m_certFile = file; +} + +void OlcTlsSettings::setCertKeyFile(const std::string& file) +{ + m_certKeyFile = file; +} + +void OlcTlsSettings::setCrlFile(const std::string& file) +{ + m_crlFile = file; +} + /* int main(char** argv, int argc) { Modified: trunk/ldap-server/src/lib/backConfigTest.h URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/backConfigTest.h?rev=48610&r1=48609&r2=48610&view=diff ============================================================================== --- trunk/ldap-server/src/lib/backConfigTest.h (original) +++ trunk/ldap-server/src/lib/backConfigTest.h Fri Jun 27 15:58:00 2008 @@ -105,7 +105,7 @@ { public: OlcGlobalConfig(); - inline OlcGlobalConfig( const LDAPEntry &le) : OlcConfigEntry(le) {} + explicit OlcGlobalConfig( const LDAPEntry &le); const std::vector<std::string> getLogLevelString() const; void setLogLevel(const std::list<std::string> &level); @@ -117,6 +117,7 @@ void setDisallowFeatures( const std::list<std::string> &features ); OlcTlsSettings getTlsSettings() const; + void setTlsSettings( const OlcTlsSettings& tls); virtual std::map<std::string, std::list<std::string> > toMap() const; }; @@ -140,19 +141,34 @@ class OlcTlsSettings { public : - OlcTlsSettings( const OlcGlobalConfig &le ); + OlcTlsSettings( const OlcGlobalConfig &ogc ); + + void applySettings( OlcGlobalConfig &ogc ) const; + int getCrlCheck() const; - void setCrlCheck(); int getVerifyClient() const; - void setVerifyClient(); const std::string& getCaCertDir() const; const std::string& getCaCertFile() const; + const std::string& getCertFile() const; + const std::string& getCertKeyFile() const; + const std::string& getCrlFile() const; + + void setCrlCheck(); + void setVerifyClient(); + void setCaCertDir(const std::string& dir); + void setCaCertFile(const std::string& file); + void setCertFile(const std::string& file); + void setCertKeyFile(const std::string& file); + void setCrlFile(const std::string& file); private: int m_crlCheck; int m_verifyCient; std::string m_caCertDir; std::string m_caCertFile; + std::string m_certFile; + std::string m_certKeyFile; + std::string m_crlFile; }; #endif /* BACK_CONFIG_TEST_H */ Modified: trunk/ldap-server/src/tree_structure.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/tree_structure.ycp?rev=48610&r1=48609&r2=48610&view=diff ============================================================================== --- trunk/ldap-server/src/tree_structure.ycp (original) +++ trunk/ldap-server/src/tree_structure.ycp Fri Jun 27 15:58:00 2008 @@ -311,6 +311,7 @@ define boolean cb_read_tls() ``{ y2milestone( "calling tls read handler" ); + LdapServer::GetTlsConfig(); // map<string,string> importPaths = LdapServer::ReadImportCertificates(); // boolean use_common_ca = LdapServer::ReadConfigureCommonServerCertificate(); // map<string,string> tlsSettings = (map<string,string>)LdapServer::ReadTlsSettings(); @@ -361,19 +362,37 @@ define boolean cb_write_tls() ``{ y2milestone( "calling tls write handler" ); - symbol tls_active = (symbol)UI::QueryWidget( `rbg_tls, `CurrentButton ); - if( tls_active == `rb_no ) + boolean tls_active = (boolean)UI::QueryWidget( `cb_tls_enabled, `Value ); + if( tls_active == true ) + { + string cafile = (string)UI::QueryWidget( `te_ca_file, `Value ); + + map<string,any> tlsSettings = $[ + "certKeyFile" : (string)UI::QueryWidget( `te_key_file, `Value ), + "certFile" : (string)UI::QueryWidget( `te_cert_file, `Value ), + "caCertFile" : (string)UI::QueryWidget( `te_ca_file, `Value ), + "caCertDir" : "", + "crlFile" : "", + "crlCheck" : 0, + "verifyClient" : 0 + ]; + LdapServer::SetTlsConfig( tlsSettings ); + } + else { - y2milestone( "calling tls write handler" ); // LdapServer::WriteConfigureCommonServerCertificate( false ); // LdapServer::WriteImportCertificates( $[] ); -// map<string,string> tlsSettings = $[ -// "TLSCertificateKeyFile" : nil, -// "TLSCertificateFile" : nil, -// "TLSCACertificateFile" : nil, -// "TLSCACertificatePath" : nil ]; -// -// LdapServer::WriteTlsSettings( tlsSettings ); + map<string,any> tlsSettings = $[ + "certKeyFIle" : "", + "certFile" : "", + "caCertFile" : "", + "caCertDir" : "", + "crlFile" : "", + "crlCheck" : 0, + "verifyClient" : 0 + ]; + + LdapServer::SetTlsConfig( tlsSettings ); } return true; } @@ -423,10 +442,28 @@ UI::ChangeWidget( `fr_import_cert, `Enabled, true ); } } + else if( handler_cmd == `pb_ca_file ) + { + /* file selection headline */ + string name = UI::AskForExistingFile( "/etc/ssl/certs", "*.pem *.crt *", _("Select CA Certificate File") ); + if( name != nil ) UI::ChangeWidget( `te_ca_file, `Value, name ); + } + else if( handler_cmd == `pb_cert_file ) + { + /* file selection headline */ + string name = UI::AskForExistingFile( "/var/lib/CAM", "*.pem *.crt *", _("Select Certificate File") ); + if( name != nil ) UI::ChangeWidget( `te_cert_file, `Value, name ); + } + else if( handler_cmd == `pb_key_file ) + { + /* file selection headline */ + string name = UI::AskForExistingFile( "/var/lib/CAM", "*.pem *.crt *", _("Select Certificate Key File") ); + if( name != nil ) UI::ChangeWidget( `te_key_file, `Value, name ); + } else if( handler_cmd == `pb_edit ) { // //show edit popup -// any ret = nil; + any ret = nil; // string dlg_name = common_ca_available ? "type" : "import"; // term dlg = (term)widget_map["g_tls","dialogs",dlg_name]:nil; // if( dlg == nil ) Modified: trunk/ldap-server/src/widgets.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/widgets.ycp?rev=48610&r1=48609&r2=48610&view=diff ============================================================================== --- trunk/ldap-server/src/widgets.ycp (original) +++ trunk/ldap-server/src/widgets.ycp Fri Jun 27 15:58:00 2008 @@ -138,62 +138,64 @@ ); term tlsWidget = - `VBox( - `Heading( _("TLS Settings") ), + `Top( `VBox( - `Frame( - _("Basic Settings"), - `VBox( - `Left( - `CheckBox( `id( `cb_tls_enabled ), `opt( `notify ) , - _("Enable TLS"), false ) - ), - `Left( - `CheckBox( `id( `cb_ssl_listener_enabled ), - _("Enable LDAP over SSL (ldaps) interface"), false ) - ), - `Left( - `CheckBox( `id( `cb_use_common_cert ), `opt( `notify ), - _("Use common Server Certificate"), false ) - ), - `HStretch() + `Heading( _("TLS Settings") ), + `VBox( + `Frame( + _("Basic Settings"), + `VBox( + `Left( + `CheckBox( `id( `cb_tls_enabled ), `opt( `notify ) , + _("Enable TLS"), false ) + ), + `Left( + `CheckBox( `id( `cb_ssl_listener_enabled ), + _("Enable LDAP over SSL (ldaps) interface"), false ) + ), + `Left( + `CheckBox( `id( `cb_use_common_cert ), `opt( `notify ), + _("Use common Server Certificate"), false ) + ), + `HStretch() + ) ) - ) - ), - `VSpacing( 0.5 ), - `VBox( - `Frame( `id( `fr_import_cert ), - _("Import Certificate"), - `VBox( - `VSquash( - `HBox( - `InputField( `id( `te_ca_file ), `opt( `hstretch ), - _("C&A Certificate File (PEM Format)") ), - `HSpacing( 0.5 ), - `Bottom( - `PushButton( `id( `pb_ca_file ), _("Bro&wse...") ) + ), + `VSpacing( 0.5 ), + `VBox( + `Frame( `id( `fr_import_cert ), + _("Import Certificate"), + `VBox( + `VSquash( + `HBox( + `InputField( `id( `te_ca_file ), `opt( `hstretch ), + _("C&A Certificate File (PEM Format)") ), + `HSpacing( 0.5 ), + `Bottom( + `PushButton( `id( `pb_ca_file ), _("Bro&wse...") ) + ) ) - ) - ), - `VSpacing( 0.5 ), - `VSquash( - `HBox( - `InputField( `id( `te_cert_file ), `opt( `hstretch ), - _("Certificate &File (PEM Format)") ), - `HSpacing( 0.5 ), - `Bottom( - `PushButton( `id( `pb_cert_file ), _("&Browse...") ) + ), + `VSpacing( 0.5 ), + `VSquash( + `HBox( + `InputField( `id( `te_cert_file ), `opt( `hstretch ), + _("Certificate &File (PEM Format)") ), + `HSpacing( 0.5 ), + `Bottom( + `PushButton( `id( `pb_cert_file ), _("&Browse...") ) + ) ) - ) - ), - `VSpacing( 0.5 ), - `VSquash( - `HBox( - `InputField( `id( `te_key_file ), `opt( `hstretch ), - _("Certificate &Key File (PEM Format -- Unencrypted)") ), - `HSpacing( 0.5 ), - `Bottom( - `PushButton( `id( `pb_key_file ), _("B&rowse...") ) + ), + `VSpacing( 0.5 ), + `VSquash( + `HBox( + `InputField( `id( `te_key_file ), `opt( `hstretch ), + _("Certificate &Key File (PEM Format - Unencrypted)") ), + `HSpacing( 0.5 ), + `Bottom( + `PushButton( `id( `pb_key_file ), _("B&rowse...") ) + ) ) ) ) -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org