Author: rhafer
Date: Fri Jun 27 15:58:00 2008
New Revision: 48610
URL: http://svn.opensuse.org/viewcvs/yast?rev=48610&view=rev
Log:
initial work for support of TLS settings
Modified:
trunk/ldap-server/src/LdapServer.pm
trunk/ldap-server/src/agent/SlapdConfigAgent.cc
trunk/ldap-server/src/lib/backConfigTest.cpp
trunk/ldap-server/src/lib/backConfigTest.h
trunk/ldap-server/src/tree_structure.ycp
trunk/ldap-server/src/widgets.ycp
Modified: trunk/ldap-server/src/LdapServer.pm
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=48610&r1=48609&r2=48610&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapServer.pm (original)
+++ trunk/ldap-server/src/LdapServer.pm Fri Jun 27 15:58:00 2008
@@ -399,6 +399,21 @@
return 1;
}
+BEGIN { $TYPEINFO {GetTlsConfig} = ["function", [ "map", "string", "any" ] ]; }
+sub GetTlsConfig
+{
+ return SCR->Read('.ldapserver.global.tlsSettings' );
+}
+
+BEGIN { $TYPEINFO {SetTlsConfig} = ["function", "boolean", [ "map", "string", "any" ] ]; }
+sub SetTlsConfig
+{
+ my $self = shift;
+ my $tls = shift;
+ my $rc = SCR->Write('.ldapserver.global.tlsSettings', $tls );
+ return 1;
+}
+
BEGIN { $TYPEINFO {MigrateSlapdConf} = ["function", "boolean"]; }
sub MigrateSlapdConf
{
Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfigAgent.cc?rev=48610&r1=48609&r2=48610&view=diff
==============================================================================
--- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original)
+++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Fri Jun 27 15:58:00 2008
@@ -285,6 +285,11 @@
const OlcTlsSettings tls( globals->getTlsSettings() );
ymap.add(YCPString("crlCheck"), YCPInteger( tls.getCrlCheck() ) );
ymap.add(YCPString("verifyClient"), YCPInteger( tls.getVerifyClient() ) );
+ ymap.add(YCPString("caCertDir"), YCPString( tls.getCaCertDir() ) );
+ ymap.add(YCPString("caCertFile"), YCPString( tls.getCaCertFile() ) );
+ ymap.add(YCPString("certFile"), YCPString( tls.getCertFile() ) );
+ ymap.add(YCPString("certKeyFile"), YCPString( tls.getCertKeyFile() ) );
+ ymap.add(YCPString("crlFile"), YCPString( tls.getCrlFile() ) );
return ymap;
}
}
@@ -366,7 +371,8 @@
if ( path->length() == 0 ) {
return YCPNull();
} else {
- if ( path->component_str(0) == "loglevel" ) {
+ if ( path->component_str(0) == "loglevel" )
+ {
y2milestone("Write loglevel");
YCPList levels = arg->asList();
std::liststd::string levelList;
@@ -377,7 +383,8 @@
globals->setLogLevel( levelList );
return YCPBoolean(true);
}
- if ( path->component_str(0) == "allow" ) {
+ if ( path->component_str(0) == "allow" )
+ {
y2milestone("Write allow Features");
YCPList features = arg->asList();
std::liststd::string featureList;
@@ -388,8 +395,9 @@
globals->setAllowFeatures( featureList );
return YCPBoolean(true);
}
- if ( path->component_str(0) == "disallow" ) {
- y2milestone("Write allow Features");
+ if ( path->component_str(0) == "disallow" )
+ {
+ y2milestone("Write disallow Features");
YCPList features = arg->asList();
std::liststd::string featureList;
for ( int i = 0; i < features->size(); i++ )
@@ -399,6 +407,54 @@
globals->setDisallowFeatures( featureList );
return YCPBoolean(true);
}
+ if ( path->component_str(0) == "tlsSettings" )
+ {
+ y2milestone("Write TLS Settings");
+ YCPMap tlsMap = arg->asMap();
+ OlcTlsSettings tls( globals->getTlsSettings() );
+ YCPMapIterator i= tlsMap.begin();
+ for ( ; i != tlsMap.end(); i++ )
+ {
+ std::string key(i.key()->asString()->value_cstr() );
+ y2milestone("tlsMap Key: %s", key.c_str() );
+ if ( key == "caCertDir" )
+ {
+ if ( ! i.value().isNull() )
+ tls.setCaCertDir(i.value()->asString()->value_cstr() );
+ }
+ else if ( key == "caCertFile" )
+ {
+ if ( ! i.value().isNull() )
+ tls.setCaCertFile(i.value()->asString()->value_cstr() );
+ }
+ else if ( key == "certFile" )
+ {
+ if ( ! i.value().isNull() )
+ tls.setCertFile(i.value()->asString()->value_cstr() );
+ }
+ else if ( key == "certKeyFile" )
+ {
+ if ( ! i.value().isNull() )
+ tls.setCertKeyFile(i.value()->asString()->value_cstr() );
+ }
+ else if ( key == "crlCheck" )
+ {
+ }
+ else if ( key == "crlFile" )
+ {
+ if ( ! i.value().isNull() )
+ tls.setCrlFile (i.value()->asString()->value_cstr() );
+ }
+ else if ( key == "verifyClient" )
+ {
+ }
+ else
+ {
+ }
+ }
+ globals->setTlsSettings(tls);
+ return YCPBoolean(true);
+ }
}
return YCPBoolean(false);
}
Modified: trunk/ldap-server/src/lib/backConfigTest.cpp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/backConfigTest.cpp?rev=48610&r1=48609&r2=48610&view=diff
==============================================================================
--- trunk/ldap-server/src/lib/backConfigTest.cpp (original)
+++ trunk/ldap-server/src/lib/backConfigTest.cpp Fri Jun 27 15:58:00 2008
@@ -130,6 +130,12 @@
m_dbEntryChanged.addAttribute(LDAPAttribute("cn", "config"));
}
+OlcGlobalConfig::OlcGlobalConfig( const LDAPEntry &le) : OlcConfigEntry(le)
+{
+ std::cout << "OlcGlobalConfig::OlcGlobalConfig( const LDAPEntry &le) : OlcConfigEntry(le)" << std::endl;
+
+}
+
const std::vectorstd::string OlcGlobalConfig::getLogLevelString() const
{
StringList lvalues = this->getStringValues("olcLogLevel");
@@ -248,8 +254,15 @@
m_dbEntryChanged.addAttribute(LDAPAttribute("cn", "schema"));
}
-OlcTlsSettings OlcGlobalConfig::getTlsSettings() const {
- return OlcTlsSettings( m_dbEntryChanged );
+OlcTlsSettings OlcGlobalConfig::getTlsSettings() const
+{
+ std::cout << "OlcTlsSettings OlcGlobalConfig::getTlsSettings() const " << std::endl;
+ return OlcTlsSettings( *this );
+}
+
+void OlcGlobalConfig::setTlsSettings( const OlcTlsSettings& tls )
+{
+ tls.applySettings( *this );
}
std::mapstd::string > OlcGlobalConfig::toMap() const
@@ -697,7 +710,9 @@
}
OlcTlsSettings::OlcTlsSettings( const OlcGlobalConfig &ogc )
+ : m_crlCheck(0), m_verifyCient(0)
{
+ std::cout << "OlcTlsSettings::OlcTlsSettings( const OlcGlobalConfig &ogc )" << std::endl;
std::string value = ogc.getStringValue("olcTLSCRLCheck");
if ( value == "none" )
{
@@ -731,6 +746,19 @@
m_caCertDir = ogc.getStringValue("olcTlsCaCertificatePath");
m_caCertFile = ogc.getStringValue("olcTlsCaCertificateFile");
+ m_certFile = ogc.getStringValue("olcTlsCertificateFile");
+ m_certKeyFile = ogc.getStringValue("olcTlsCertificateKeyFile");
+ m_crlFile = ogc.getStringValue("olcTlsCrlFile");
+}
+
+void OlcTlsSettings::applySettings( OlcGlobalConfig &ogc ) const
+{
+ std::cout << "OlcTlsSettings::applySettings( OlcGlobalConfig &ogc )" << std::endl;
+ ogc.setStringValue("olcTlsCaCertificatePath", m_caCertDir);
+ ogc.setStringValue("olcTlsCaCertificateFile", m_caCertFile);
+ ogc.setStringValue("olcTlsCertificateFile", m_certFile);
+ ogc.setStringValue("olcTlsCertificateKeyFile", m_certKeyFile);
+ ogc.setStringValue("olcTlsCrlFile", m_crlFile);
}
int OlcTlsSettings::getCrlCheck() const
@@ -761,6 +789,44 @@
return m_caCertFile;
}
+const std::string& OlcTlsSettings::getCertFile() const
+{
+ return m_certFile;
+}
+const std::string& OlcTlsSettings::getCertKeyFile() const
+{
+ return m_certKeyFile;
+}
+const std::string& OlcTlsSettings::getCrlFile() const
+{
+ return m_crlFile;
+}
+
+void OlcTlsSettings::setCaCertDir(const std::string& dir)
+{
+ m_caCertDir = dir;
+}
+
+void OlcTlsSettings::setCaCertFile(const std::string& file)
+{
+ m_caCertFile = file;
+}
+
+void OlcTlsSettings::setCertFile(const std::string& file)
+{
+ m_certFile = file;
+}
+
+void OlcTlsSettings::setCertKeyFile(const std::string& file)
+{
+ m_certKeyFile = file;
+}
+
+void OlcTlsSettings::setCrlFile(const std::string& file)
+{
+ m_crlFile = file;
+}
+
/*
int main(char** argv, int argc)
{
Modified: trunk/ldap-server/src/lib/backConfigTest.h
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/backConfigTest.h?rev=48610&r1=48609&r2=48610&view=diff
==============================================================================
--- trunk/ldap-server/src/lib/backConfigTest.h (original)
+++ trunk/ldap-server/src/lib/backConfigTest.h Fri Jun 27 15:58:00 2008
@@ -105,7 +105,7 @@
{
public:
OlcGlobalConfig();
- inline OlcGlobalConfig( const LDAPEntry &le) : OlcConfigEntry(le) {}
+ explicit OlcGlobalConfig( const LDAPEntry &le);
const std::vectorstd::string getLogLevelString() const;
void setLogLevel(const std::liststd::string &level);
@@ -117,6 +117,7 @@
void setDisallowFeatures( const std::liststd::string &features );
OlcTlsSettings getTlsSettings() const;
+ void setTlsSettings( const OlcTlsSettings& tls);
virtual std::mapstd::string > toMap() const;
};
@@ -140,19 +141,34 @@
class OlcTlsSettings {
public :
- OlcTlsSettings( const OlcGlobalConfig &le );
+ OlcTlsSettings( const OlcGlobalConfig &ogc );
+
+ void applySettings( OlcGlobalConfig &ogc ) const;
+
int getCrlCheck() const;
- void setCrlCheck();
int getVerifyClient() const;
- void setVerifyClient();
const std::string& getCaCertDir() const;
const std::string& getCaCertFile() const;
+ const std::string& getCertFile() const;
+ const std::string& getCertKeyFile() const;
+ const std::string& getCrlFile() const;
+
+ void setCrlCheck();
+ void setVerifyClient();
+ void setCaCertDir(const std::string& dir);
+ void setCaCertFile(const std::string& file);
+ void setCertFile(const std::string& file);
+ void setCertKeyFile(const std::string& file);
+ void setCrlFile(const std::string& file);
private:
int m_crlCheck;
int m_verifyCient;
std::string m_caCertDir;
std::string m_caCertFile;
+ std::string m_certFile;
+ std::string m_certKeyFile;
+ std::string m_crlFile;
};
#endif /* BACK_CONFIG_TEST_H */
Modified: trunk/ldap-server/src/tree_structure.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/tree_structure.ycp?rev=48610&r1=48609&r2=48610&view=diff
==============================================================================
--- trunk/ldap-server/src/tree_structure.ycp (original)
+++ trunk/ldap-server/src/tree_structure.ycp Fri Jun 27 15:58:00 2008
@@ -311,6 +311,7 @@
define boolean cb_read_tls()
``{
y2milestone( "calling tls read handler" );
+ LdapServer::GetTlsConfig();
// map importPaths = LdapServer::ReadImportCertificates();
// boolean use_common_ca = LdapServer::ReadConfigureCommonServerCertificate();
// map tlsSettings = (map)LdapServer::ReadTlsSettings();
@@ -361,19 +362,37 @@
define boolean cb_write_tls()
``{
y2milestone( "calling tls write handler" );
- symbol tls_active = (symbol)UI::QueryWidget( `rbg_tls, `CurrentButton );
- if( tls_active == `rb_no )
+ boolean tls_active = (boolean)UI::QueryWidget( `cb_tls_enabled, `Value );
+ if( tls_active == true )
+ {
+ string cafile = (string)UI::QueryWidget( `te_ca_file, `Value );
+
+ map tlsSettings = $[
+ "certKeyFile" : (string)UI::QueryWidget( `te_key_file, `Value ),
+ "certFile" : (string)UI::QueryWidget( `te_cert_file, `Value ),
+ "caCertFile" : (string)UI::QueryWidget( `te_ca_file, `Value ),
+ "caCertDir" : "",
+ "crlFile" : "",
+ "crlCheck" : 0,
+ "verifyClient" : 0
+ ];
+ LdapServer::SetTlsConfig( tlsSettings );
+ }
+ else
{
- y2milestone( "calling tls write handler" );
// LdapServer::WriteConfigureCommonServerCertificate( false );
// LdapServer::WriteImportCertificates( $[] );
-// map tlsSettings = $[
-// "TLSCertificateKeyFile" : nil,
-// "TLSCertificateFile" : nil,
-// "TLSCACertificateFile" : nil,
-// "TLSCACertificatePath" : nil ];
-//
-// LdapServer::WriteTlsSettings( tlsSettings );
+ map tlsSettings = $[
+ "certKeyFIle" : "",
+ "certFile" : "",
+ "caCertFile" : "",
+ "caCertDir" : "",
+ "crlFile" : "",
+ "crlCheck" : 0,
+ "verifyClient" : 0
+ ];
+
+ LdapServer::SetTlsConfig( tlsSettings );
}
return true;
}
@@ -423,10 +442,28 @@
UI::ChangeWidget( `fr_import_cert, `Enabled, true );
}
}
+ else if( handler_cmd == `pb_ca_file )
+ {
+ /* file selection headline */
+ string name = UI::AskForExistingFile( "/etc/ssl/certs", "*.pem *.crt *", _("Select CA Certificate File") );
+ if( name != nil ) UI::ChangeWidget( `te_ca_file, `Value, name );
+ }
+ else if( handler_cmd == `pb_cert_file )
+ {
+ /* file selection headline */
+ string name = UI::AskForExistingFile( "/var/lib/CAM", "*.pem *.crt *", _("Select Certificate File") );
+ if( name != nil ) UI::ChangeWidget( `te_cert_file, `Value, name );
+ }
+ else if( handler_cmd == `pb_key_file )
+ {
+ /* file selection headline */
+ string name = UI::AskForExistingFile( "/var/lib/CAM", "*.pem *.crt *", _("Select Certificate Key File") );
+ if( name != nil ) UI::ChangeWidget( `te_key_file, `Value, name );
+ }
else if( handler_cmd == `pb_edit )
{
// //show edit popup
-// any ret = nil;
+ any ret = nil;
// string dlg_name = common_ca_available ? "type" : "import";
// term dlg = (term)widget_map["g_tls","dialogs",dlg_name]:nil;
// if( dlg == nil )
Modified: trunk/ldap-server/src/widgets.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/widgets.ycp?rev=48610&r1=48609&r2=48610&view=diff
==============================================================================
--- trunk/ldap-server/src/widgets.ycp (original)
+++ trunk/ldap-server/src/widgets.ycp Fri Jun 27 15:58:00 2008
@@ -138,62 +138,64 @@
);
term tlsWidget =
- `VBox(
- `Heading( _("TLS Settings") ),
+ `Top(
`VBox(
- `Frame(
- _("Basic Settings"),
- `VBox(
- `Left(
- `CheckBox( `id( `cb_tls_enabled ), `opt( `notify ) ,
- _("Enable TLS"), false )
- ),
- `Left(
- `CheckBox( `id( `cb_ssl_listener_enabled ),
- _("Enable LDAP over SSL (ldaps) interface"), false )
- ),
- `Left(
- `CheckBox( `id( `cb_use_common_cert ), `opt( `notify ),
- _("Use common Server Certificate"), false )
- ),
- `HStretch()
+ `Heading( _("TLS Settings") ),
+ `VBox(
+ `Frame(
+ _("Basic Settings"),
+ `VBox(
+ `Left(
+ `CheckBox( `id( `cb_tls_enabled ), `opt( `notify ) ,
+ _("Enable TLS"), false )
+ ),
+ `Left(
+ `CheckBox( `id( `cb_ssl_listener_enabled ),
+ _("Enable LDAP over SSL (ldaps) interface"), false )
+ ),
+ `Left(
+ `CheckBox( `id( `cb_use_common_cert ), `opt( `notify ),
+ _("Use common Server Certificate"), false )
+ ),
+ `HStretch()
+ )
)
- )
- ),
- `VSpacing( 0.5 ),
- `VBox(
- `Frame( `id( `fr_import_cert ),
- _("Import Certificate"),
- `VBox(
- `VSquash(
- `HBox(
- `InputField( `id( `te_ca_file ), `opt( `hstretch ),
- _("C&A Certificate File (PEM Format)") ),
- `HSpacing( 0.5 ),
- `Bottom(
- `PushButton( `id( `pb_ca_file ), _("Bro&wse...") )
+ ),
+ `VSpacing( 0.5 ),
+ `VBox(
+ `Frame( `id( `fr_import_cert ),
+ _("Import Certificate"),
+ `VBox(
+ `VSquash(
+ `HBox(
+ `InputField( `id( `te_ca_file ), `opt( `hstretch ),
+ _("C&A Certificate File (PEM Format)") ),
+ `HSpacing( 0.5 ),
+ `Bottom(
+ `PushButton( `id( `pb_ca_file ), _("Bro&wse...") )
+ )
)
- )
- ),
- `VSpacing( 0.5 ),
- `VSquash(
- `HBox(
- `InputField( `id( `te_cert_file ), `opt( `hstretch ),
- _("Certificate &File (PEM Format)") ),
- `HSpacing( 0.5 ),
- `Bottom(
- `PushButton( `id( `pb_cert_file ), _("&Browse...") )
+ ),
+ `VSpacing( 0.5 ),
+ `VSquash(
+ `HBox(
+ `InputField( `id( `te_cert_file ), `opt( `hstretch ),
+ _("Certificate &File (PEM Format)") ),
+ `HSpacing( 0.5 ),
+ `Bottom(
+ `PushButton( `id( `pb_cert_file ), _("&Browse...") )
+ )
)
- )
- ),
- `VSpacing( 0.5 ),
- `VSquash(
- `HBox(
- `InputField( `id( `te_key_file ), `opt( `hstretch ),
- _("Certificate &Key File (PEM Format -- Unencrypted)") ),
- `HSpacing( 0.5 ),
- `Bottom(
- `PushButton( `id( `pb_key_file ), _("B&rowse...") )
+ ),
+ `VSpacing( 0.5 ),
+ `VSquash(
+ `HBox(
+ `InputField( `id( `te_key_file ), `opt( `hstretch ),
+ _("Certificate &Key File (PEM Format - Unencrypted)") ),
+ `HSpacing( 0.5 ),
+ `Bottom(
+ `PushButton( `id( `pb_key_file ), _("B&rowse...") )
+ )
)
)
)
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org
rhafer@svn.opensuse.org