Author: rhafer Date: Wed Feb 16 12:00:19 2011 New Revision: 63430 URL: http://svn.opensuse.org/viewcvs/yast?rev=63430&view=rev Log: Warn user, when creating a database with a non-standard base DN and disable base-object creation in such case (bnc#669213) Modified: trunk/ldap-server/src/LdapDatabase.ycp trunk/ldap-server/src/LdapServer.pm trunk/ldap-server/src/ldap-server.ycp trunk/ldap-server/src/tree_structure.ycp Modified: trunk/ldap-server/src/LdapDatabase.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapDatabase.ycp?... ============================================================================== --- trunk/ldap-server/src/LdapDatabase.ycp (original) +++ trunk/ldap-server/src/LdapDatabase.ycp Wed Feb 16 12:00:19 2011 @@ -19,6 +19,7 @@ string ldapconf_basedn = ""; boolean createDbDir = false; + boolean createBase = true; term editPolicy = @@ -75,6 +76,17 @@ ) ); + global define boolean GetCreateBase() + { + return createBase; + } + + global define boolean ResetCreateBase() + { + createBase = true; + return true; + } + global define symbol AddDbBasic( boolean createDefaults ) { boolean user_changed_dbdir = false; @@ -297,6 +309,29 @@ Popup::Error( err["msg"]:"" + "\n" + err["details"]:"" ); continue; } + integer rc = LdapServer::CheckSuffixAutoCreate( db["suffix"]:"" ); + if ( rc < 0 ) + { + map<string, string> err = LdapServer::ReadError(); + Popup::Error( err["msg"]:"" + "\n" + err["details"]:"" ); + continue; + } + else if ( rc > 0 ) + { + map<string, string> err = LdapServer::ReadError(); + boolean res = Popup::AnyQuestion(Label::WarningMsg(), + _("The Base Object: \"") + db["suffix"]:"" + + _("\" can not be auto created by YaST.\n") + + err["msg"]:"", + Label::OKButton(), Label::CancelButton(), `focus); + if ( res == false ) { + continue; + } else { + y2debug( "Will not create base objects" ); + createBase = false; + } + + } if( db["directory"]:"" == "" ) { Popup::Error( _("A directory must be specified.") ); @@ -445,7 +480,9 @@ UI::ChangeWidget( `cb_ppolicy_uselockout, `Enabled , true ); UI::ChangeWidget( `te_ppolicy_defaultpolicy, `Enabled , true ); UI::ChangeWidget( `cb_pp_append_basedn, `Enabled, true ); - UI::ChangeWidget( `pb_define_policy, `Enabled , true ); + if (LdapDatabase::GetCreateBase() ) { + UI::ChangeWidget( `pb_define_policy, `Enabled , true ); + } } else { UI::ChangeWidget( `cb_ppolicy_hashcleartext, `Enabled , false ); UI::ChangeWidget( `cb_ppolicy_uselockout, `Enabled , false ); Modified: trunk/ldap-server/src/LdapServer.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev... ============================================================================== --- trunk/ldap-server/src/LdapServer.pm (original) +++ trunk/ldap-server/src/LdapServer.pm Wed Feb 16 12:00:19 2011 @@ -2420,6 +2420,42 @@ return 1; } +## + # Check whether the object named be the supplied LDAP DN can be auto-created. + # @returns 0 in case of success, + # <0 if the supplied DN is invalid + # >0 if autocreation is not possible + # +BEGIN { $TYPEINFO {CheckSuffixAutoCreate} = ["function", "integer", "string" ]; } +sub CheckSuffixAutoCreate +{ + my ($self, $suffix) = @_; + my $object = X500::DN->ParseRFC2253($suffix); + my @attr = $object->getRDN($object->getRDNs()-1)->getAttributeTypes(); + my $val = $object->getRDN($object->getRDNs()-1)->getAttributeValue($attr[0]); + if(!defined $attr[0] || !defined $val) + { + y2error("Error while extracting RDN values"); + $self->SetError( _("Invalid LDAP DN: \""). $suffix. _("\", can't extract RDN values")); + return -1; + } + if( (lc($attr[0]) eq "ou") || ( lc($attr[0]) eq "o") || ( lc($attr[0]) eq "l") || + ( lc($attr[0]) eq "st") || ( lc($attr[0]) eq "dc") ) { + return 0; + } elsif( lc($attr[0]) eq "c") { + if($val !~ /^\w{2}$/) { + $self->SetError( _("The value of the \"c\" Attribute must contain a valid ISO-3166 country 2-letter code."), ""); + y2error("The countryName must be an ISO-3166 country 2-letter code."); + return -1; + } + return 0; + } else { + y2error("First part of suffix must be c=, st=, l=, o=, ou= or dc=."); + $self->SetError( _("First part of suffix must be c=, st=, l=, o=, ou= or dc=."), ""); + return 1; + } +} + BEGIN { $TYPEINFO {CheckDatabase} = ["function", "boolean", [ "map" , "string", "any"] ]; } sub CheckDatabase { @@ -2462,10 +2498,10 @@ } -BEGIN { $TYPEINFO {AddDatabase} = ["function", "boolean", "integer", [ "map" , "string", "any"], "boolean" ]; } +BEGIN { $TYPEINFO {AddDatabase} = ["function", "boolean", "integer", [ "map" , "string", "any"], "boolean", "boolean" ]; } sub AddDatabase { - my ($self, $index, $db, $createDir) = @_; + my ($self, $index, $db, $createDir, $createBase) = @_; if ( ! $self->CheckDatabase($db) ) { return 0; @@ -2577,10 +2613,13 @@ $self->SetError( $err->{'summary'}, $err->{'description'} ); return 0; } - push @added_databases, $db->{'suffix'}; - $self->WriteAuthInfo( $db->{'suffix'}, + + if ( $createBase ) { + push @added_databases, $db->{'suffix'}; + $self->WriteAuthInfo( $db->{'suffix'}, { bind_dn => $db->{'rootdn'}, bind_pw => $db->{'rootpw_clear'} } ); + } return 1; } Modified: trunk/ldap-server/src/ldap-server.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/ldap-server.ycp?r... ============================================================================== --- trunk/ldap-server/src/ldap-server.ycp (original) +++ trunk/ldap-server/src/ldap-server.ycp Wed Feb 16 12:00:19 2011 @@ -96,7 +96,7 @@ // y2milestone("db-options : %1", db); // - ret = LdapServer::AddDatabase(0,db, true); + ret = LdapServer::AddDatabase(0,db, true, true); if(!ret) { Modified: trunk/ldap-server/src/tree_structure.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/tree_structure.yc... ============================================================================== --- trunk/ldap-server/src/tree_structure.ycp (original) +++ trunk/ldap-server/src/tree_structure.ycp Wed Feb 16 12:00:19 2011 @@ -550,12 +550,13 @@ { rebuild_widget_tree = true; map <string,any> newDb = LdapDatabase::GetDatabase(); - if ( ! LdapServer::AddDatabase(0, newDb, LdapDatabase::GetCreateDir() ) ) + if ( ! LdapServer::AddDatabase(0, newDb, LdapDatabase::GetCreateDir(), LdapDatabase::GetCreateBase() ) ) { map<string, string> err = LdapServer::ReadError(); callback_error = err["msg"]:"" + "\n" + err["details"]:""; return false; } + LdapDatabase::ResetCreateBase(); map <string,any> syncrepl = LdapDatabase::GetSyncRepl(); if ( size(syncrepl) > 0 ) { -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org