[yast-commit] r59635 - in /trunk/ca-management: package/yast2-ca-management.changes src/CaMgm.ycp src/ca_mgm_proposal.ycp src/util.ycp
![](https://seccdn.libravatar.org/avatar/aad221099a4a6229c4881494c921128a.jpg?s=120&d=mm&r=g)
Author: mcalmer Date: Thu Nov 19 17:09:48 2009 New Revision: 59635 URL: http://svn.opensuse.org/viewcvs/yast?rev=59635&view=rev Log: - write only global ip addresses into subjectAltName of the server certificate (bnc#556596) - reduce proposal creation time in case of not configured DNS server (bnc#556596) - fix delete CA (bnc#556908) - ask for deleting the CA only one time (bnc#556906) Modified: trunk/ca-management/package/yast2-ca-management.changes trunk/ca-management/src/CaMgm.ycp trunk/ca-management/src/ca_mgm_proposal.ycp trunk/ca-management/src/util.ycp Modified: trunk/ca-management/package/yast2-ca-management.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/package/yast2-ca-management.changes?rev=59635&r1=59634&r2=59635&view=diff ============================================================================== --- trunk/ca-management/package/yast2-ca-management.changes (original) +++ trunk/ca-management/package/yast2-ca-management.changes Thu Nov 19 17:09:48 2009 @@ -3,6 +3,12 @@ - fix close dialog while importing certificates (bnc#554677) - translate long named EKUs to the short name (bnc#546154) +- write only global ip addresses into subjectAltName of the + server certificate (bnc#556596) +- reduce proposal creation time in case of not configured + DNS server (bnc#556596) +- fix delete CA (bnc#556908) +- ask for deleting the CA only one time (bnc#556906) ------------------------------------------------------------------- Tue Sep 15 15:10:38 CEST 2009 - mc@suse.de Modified: trunk/ca-management/src/CaMgm.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/CaMgm.ycp?rev=59635&r1=59634&r2=59635&view=diff ============================================================================== --- trunk/ca-management/src/CaMgm.ycp (original) +++ trunk/ca-management/src/CaMgm.ycp Thu Nov 19 17:09:48 2009 @@ -139,6 +139,8 @@ global boolean adv_subject_alt_name_show_email = false; +global boolean prop_keep_ca = false; + /** * variables for new CA/Certificate/Request */ Modified: trunk/ca-management/src/ca_mgm_proposal.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/ca_mgm_proposal.ycp?rev=59635&r1=59634&r2=59635&view=diff ============================================================================== --- trunk/ca-management/src/ca_mgm_proposal.ycp (original) +++ trunk/ca-management/src/ca_mgm_proposal.ycp Thu Nov 19 17:09:48 2009 @@ -36,6 +36,14 @@ map param = (map)WFM::Args(1); map ret = $[]; + if (!CaMgm::prop_CANameChanged || CaMgm::prop_CAName == "") + { + CaMgm::prop_CAName = "YaST_Default_CA"; + } + if (!CaMgm::prop_passwordChanged || size(CaMgm::prop_password) < 0 ) + { + CaMgm::prop_password = Users::GetRootPassword(); + } if (func == "MakeProposal") { @@ -110,18 +118,10 @@ { CaMgm::prop_server_commonName = longhostname; } - if (!CaMgm::prop_CANameChanged) - { - CaMgm::prop_CAName = "YaST_Default_CA"; - } if (!CaMgm::prop_countryChanged) { CaMgm::prop_country = Timezone::GetCountryForTimezone(""); } - if (!CaMgm::prop_passwordChanged) - { - CaMgm::prop_password = Users::GetRootPassword(); - } if (!CaMgm::prop_emailChanged) { CaMgm::prop_email = "postmaster@" + domain; @@ -137,20 +137,31 @@ if (force_reset) { y2milestone("FORCE RESET"); + CaMgm::prop_keep_ca = false; if (CaMgm::prop_settingsWritten) { if( !Popup::YesNo(_("CA Management") + "\n" + _("Settings have already been written.") + "\n" + _("Delete the old settings?"))) { + CaMgm::prop_keep_ca = true; ret = $[ "workflow_sequence" : `auto ]; } else { - YaPI::CaManagement::DeleteCA ($[ "caName":CaMgm::currentCA, - "caPasswd":getPassword(CaMgm::currentCA), - "force": true]); - CaMgm::prop_settingsWritten = false; + string password = getPassword(CaMgm::prop_CAName); + if(password == nil || password == "") + { + CaMgm::prop_keep_ca = true; + ret = $[ "workflow_sequence" : `auto ]; + } + else + { + YaPI::CaManagement::DeleteCA ($["caName" : CaMgm::prop_CAName, + "caPasswd": password, + "force" : true]); + CaMgm::prop_settingsWritten = false; + } } } else @@ -159,7 +170,6 @@ CaMgm::prop_ca_commonName = "YaST Default CA (" + hostname + ")"; CaMgm::prop_CAName = "YaST_Default_CA"; CaMgm::prop_country = Timezone::GetCountryForTimezone(""); - CaMgm::prop_password = Users::GetRootPassword(); CaMgm::prop_email = "postmaster@" + domain; CaMgm::prop_server_commonName = longhostname; } @@ -177,10 +187,11 @@ if (CaMgm::prop_settingsWritten) { - if( !Popup::YesNo(_("CA Management") + "\n" + + if( CaMgm::prop_keep_ca || !Popup::YesNo(_("CA Management") + "\n" + _("Settings have already been written.") + "\n" + _("Delete the old settings?"))) { + CaMgm::prop_keep_ca = true; // read the details directly from the server certificate map defaultServerCert = (map) YaPI::CaManagement::ReadFile( $[ "inFile":"/etc/ssl/servercerts/servercert.pem", @@ -194,9 +205,7 @@ CaMgm::prop_country = ((list)defaultServerCertIssuer["C"]:[])[0]:""; CaMgm::prop_email = ((list)defaultServerCertIssuer["emailAddress"]:[])[0]:""; CaMgm::prop_CAName = CaMgm::prop_CAName; - CaMgm::prop_password = Users::GetRootPassword(); - - + map defaultSCmap = defaultServerCert["DN_HASH"]:$[]; CaMgm::prop_server_commonName = ((list)defaultSCmap["CN"]:[])[0]:""; @@ -205,9 +214,20 @@ ret = $[ "workflow_sequence" : `auto ]; } else - { // delete the default Root CA manually because the root PW may be different in a repeated run of second-Stage - SCR::Execute(.target.bash, sformat(" rm -rf /var/lib/CAM/%1 ", CaMgm::prop_CAName )); - CaMgm::prop_settingsWritten = false; + { + string password = getPassword(CaMgm::prop_CAName); + if(password == nil || password == "") + { + CaMgm::prop_keep_ca = true; + ret = $[ "workflow_sequence" : `auto ]; + } + else + { + YaPI::CaManagement::DeleteCA ($["caName" : CaMgm::prop_CAName, + "caPasswd": password, + "force" : true]); + CaMgm::prop_settingsWritten = false; + } } } } @@ -220,7 +240,7 @@ ret = add( ret, "warning_level", `blocker ); } - if ( Users::GetRootPassword() == "" && size(CaMgm::prop_password) == 0) + if ( !CaMgm::prop_keep_ca && size(CaMgm::prop_password) < 4) { UI::OpenDialog (`opt(`decorated ), @@ -273,8 +293,12 @@ UI::CloseDialog (); } - - if (!CaMgm::prop_passwordChanged) + if (CaMgm::prop_keep_ca) + { + proposal = HTML::Para(_("Current default CA and certificate.") + + HTML::Newline()); + } + else if (!CaMgm::prop_passwordChanged) { proposal = HTML::Para(_("Creating default CA and certificate.") + HTML::Newline() @@ -302,7 +326,7 @@ _("Alternative Names: ") + subAltName, ] ); - if ( size(CaMgm::prop_password) < 4) + if ( !CaMgm::prop_keep_ca && size(CaMgm::prop_password) < 4) { ret = add( ret, "warning", _("The root password is too short for use as the password for the certificates. Enter a valid password for the certificates or disable certificate creation. @@ -328,21 +352,35 @@ } else if (func == "AskUser") { + CaMgm::prop_keep_ca = false; + string current_CAName = CaMgm::prop_CAName; + any sequence = WFM::CallFunction ( "ca_select_proposal", [] ); + if (CaMgm::prop_settingsWritten) { if( !Popup::YesNo(_("CA Management") + "\n" + _("Settings have already been written.") + "\n" + _("Delete the old settings?"))) { + CaMgm::prop_keep_ca = true; ret = $[ "workflow_sequence" : `auto ]; } else { - YaPI::CaManagement::DeleteCA ($["caName":CaMgm::currentCA, - "caPasswd":getPassword(CaMgm::currentCA), - "force": true]); - CaMgm::prop_settingsWritten = false; + string password = getPassword(current_CAName); + if(password == nil || password == "") + { + CaMgm::prop_keep_ca = true; + ret = $[ "workflow_sequence" : `auto ]; + } + else + { + YaPI::CaManagement::DeleteCA ($["caName" : current_CAName, + "caPasswd": password, + "force" : true]); + CaMgm::prop_settingsWritten = false; + } } } } Modified: trunk/ca-management/src/util.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/util.ycp?rev=59635&r1=59634&r2=59635&view=diff ============================================================================== --- trunk/ca-management/src/util.ycp (original) +++ trunk/ca-management/src/util.ycp Thu Nov 19 17:09:48 2009 @@ -295,6 +295,7 @@ { showErrorCaManagement (); password = nil; + ui = (symbol) `retry; } else { @@ -1512,10 +1513,10 @@ map<string,string> ret = $[]; list <string> ip_addresses = splitstring( - ((map<string, any>)SCR::Execute(.target.bash_output, "ip -f inet -o addr | awk '{print $4}' | awk -F \/ '{print $1}' | tr '\n' ','"))["stdout"]:"", ",") ; + ((map<string, any>)SCR::Execute(.target.bash_output, "ip -f inet -o addr show scope global | awk '{print $4}' | awk -F \/ '{print $1}' | tr '\n' ','"))["stdout"]:"", ",") ; list <string> ip6_addresses = splitstring( - ((map<string, any>)SCR::Execute(.target.bash_output, "ip -f inet6 -o addr | awk '{print $4}' | awk -F \/ '{print $1}' | tr '\n' ','"))["stdout"]:"", ",") ; + ((map<string, any>)SCR::Execute(.target.bash_output, "ip -f inet6 -o addr show scope global | awk '{print $4}' | awk -F \/ '{print $1}' | tr '\n' ','"))["stdout"]:"", ",") ; foreach(string ip6, ip6_addresses, { if(ip6 != "::1" && ip6 != "") @@ -1532,7 +1533,7 @@ // first ask the DNS server about the name for this IP address list<string> hostnames = splitstring( - ((map<string,any>)SCR::Execute(.target.bash_output, sformat("dig +noall +answer -x %1 | awk '{print $5}' | sed 's/\.$//'| tr '\n' '|'", ip)))["stdout"]:"", "|"); + ((map<string,any>)SCR::Execute(.target.bash_output, sformat("dig +noall +answer +time=2 +tries=1 -x %1 | awk '{print $5}' | sed 's/\.$//'| tr '\n' '|'", ip)))["stdout"]:"", "|"); boolean found = false; foreach(string hname, hostnames, { -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org
participants (1)
-
mcalmer@svn.opensuse.org