Hello community,
here is the log from the commit of package yast2-kerberos-server
checked in at Wed Nov 21 03:26:41 CET 2007.
--------
--- yast2-kerberos-server/yast2-kerberos-server.changes 2007-08-27 14:53:05.000000000 +0200
+++ /mounts/work_src_done/NOARCH/yast2-kerberos-server/yast2-kerberos-server.changes 2007-11-20 16:43:34.002273000 +0100
@@ -1,0 +2,15 @@
+Tue Nov 20 16:34:50 CET 2007 - mc@suse.de
+
+- version 2.16.0
+- display errors during Read and Write
+
+-------------------------------------------------------------------
+Mon Nov 19 17:30:57 CET 2007 - mc@suse.de
+
+- fixing wrong default URL [#340912]
+- do not lose values if going to advanced settings and back.
+ [#340912]
+- check if the kerberos schema is known to the ldapsever
+ if using external ldap server. [#340912]
+
+-------------------------------------------------------------------
Old:
----
yast2-kerberos-server-2.15.4.tar.bz2
New:
----
yast2-kerberos-server-2.16.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-kerberos-server.spec ++++++
--- /var/tmp/diff_new_pack.Z14013/_old 2007-11-21 03:26:37.000000000 +0100
+++ /var/tmp/diff_new_pack.Z14013/_new 2007-11-21 03:26:37.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-kerberos-server (Version 2.15.4)
+# spec file for package yast2-kerberos-server (Version 2.16.0)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,16 +11,16 @@
# norootforbuild
Name: yast2-kerberos-server
-Version: 2.15.4
+Version: 2.16.0
Release: 1
License: GPL v2 or later
Group: System/YaST
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-kerberos-server-2.15.4.tar.bz2
-prefix: /usr
+Source0: yast2-kerberos-server-2.16.0.tar.bz2
+Prefix: /usr
Requires: yast2 yast2-ldap-client yast2-kerberos-client
BuildRequires: perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-ldap-client yast2-testsuite
-BuildArchitectures: noarch
+BuildArch: noarch
Summary: YaST2 - Kerberos Server Configuration
%description
@@ -34,7 +34,7 @@
Michael Calmer
%prep
-%setup -n yast2-kerberos-server-2.15.4
+%setup -n yast2-kerberos-server-2.16.0
%build
%{prefix}/bin/y2tool y2autoconf
@@ -67,8 +67,16 @@
/usr/share/YaST2/scrconf/*.scr
/usr/lib/YaST2/servers_non_y2/*
%doc %{prefix}/share/doc/packages/yast2-kerberos-server
-
%changelog
+* Tue Nov 20 2007 - mc@suse.de
+- version 2.16.0
+- display errors during Read and Write
+* Mon Nov 19 2007 - mc@suse.de
+- fixing wrong default URL [#340912]
+- do not lose values if going to advanced settings and back.
+ [#340912]
+- check if the kerberos schema is known to the ldapsever
+ if using external ldap server. [#340912]
* Mon Aug 27 2007 - mc@suse.de
- version 2.15.4
- fix desktop file; move module in Net:Advanced Category
++++++ yast2-kerberos-server-2.15.4.tar.bz2 -> yast2-kerberos-server-2.16.0.tar.bz2 ++++++
++++ 4368 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-kerberos-server-2.15.4/configure.in new/yast2-kerberos-server-2.16.0/configure.in
--- old/yast2-kerberos-server-2.15.4/configure.in 2007-08-27 14:47:59.000000000 +0200
+++ new/yast2-kerberos-server-2.16.0/configure.in 2007-11-20 16:35:34.000000000 +0100
@@ -1,9 +1,9 @@
dnl configure.in for yast2-kerberos-server
dnl
-dnl -- This file is generated by y2autoconf 2.15.1 - DO NOT EDIT! --
+dnl -- This file is generated by y2autoconf 2.15.9 - DO NOT EDIT! --
dnl (edit configure.in.in instead)
-AC_INIT(yast2-kerberos-server, 2.15.4, http://bugs.opensuse.org/, yast2-kerberos-server)
+AC_INIT(yast2-kerberos-server, 2.16.0, http://bugs.opensuse.org/, yast2-kerberos-server)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])
@@ -17,7 +17,7 @@
AM_INIT_AUTOMAKE(tar-ustar) dnl searches for some needed programs
dnl Important YaST2 variables
-VERSION="2.15.4"
+VERSION="2.16.0"
RPMNAME="yast2-kerberos-server"
MAINTAINER="Michael Calmer "
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-kerberos-server-2.15.4/Makefile.am new/yast2-kerberos-server-2.16.0/Makefile.am
--- old/yast2-kerberos-server-2.15.4/Makefile.am 2007-08-27 14:48:00.000000000 +0200
+++ new/yast2-kerberos-server-2.16.0/Makefile.am 2007-11-20 16:35:34.000000000 +0100
@@ -30,7 +30,7 @@
extra_COPYRIGHT_files = $(if $(HAS_YAST_LICENSE), $(COPYRIGHT_files_yast), $(COPYRIGHT_files_gpl))
-AUTOMAKE_OPTIONS = foreign dist-bzip2
+AUTOMAKE_OPTIONS = foreign dist-bzip2 no-dist-gzip
# where devtools instal m4 snippets
# argh, executed literally
#ACLOCAL_AMFLAGS = -I $(Y2DEVTOOLS_PREFIX)/share/aclocal
@@ -210,8 +210,7 @@
# For po/ modules
checkpo:
- test ! -d $(srcdir)/po || $(MAKE) -C po checkpo
-# test ! -d $(srcdir)/po \
-# || { $(MAKE) -C po checkpo && $(MAKE) -C po make-pox; }
+ test ! -f $(srcdir)/po/Makefile || $(MAKE) -C po checkpo
+# test ! -f $(srcdir)/po/Makefile || $(MAKE) -C po checkpo make-pox
# No ./SUBDIRS file found - assuming default: All direct subdirs with Makefile.am
SUBDIRS = agents doc src testsuite
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-kerberos-server-2.15.4/missing new/yast2-kerberos-server-2.16.0/missing
--- old/yast2-kerberos-server-2.15.4/missing 2007-08-27 14:48:07.000000000 +0200
+++ new/yast2-kerberos-server-2.16.0/missing 2007-11-20 16:35:42.000000000 +0100
@@ -1,9 +1,9 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
-scriptversion=2005-06-08.21
+scriptversion=2006-05-10.23
-# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006
# Free Software Foundation, Inc.
# Originally by Fran,cois Pinard , 1996.
@@ -33,6 +33,8 @@
fi
run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
# In the cases where this matters, `missing' is being run in the
# srcdir already.
@@ -44,7 +46,7 @@
msg="missing on your system"
-case "$1" in
+case $1 in
--run)
# Try to run requested program, and just exit if it succeeds.
run=
@@ -77,6 +79,7 @@
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
+ autom4te touch the output file, or create a stub one
automake touch all \`Makefile.in' files
bison create \`y.tab.[ch]', if possible, from existing .[ch]
flex create \`lex.yy.c', if possible, from existing .c
@@ -106,7 +109,7 @@
# Now exit if we have it, but it failed. Also exit now if we
# don't have it and --version was passed (most likely to detect
# the program).
-case "$1" in
+case $1 in
lex|yacc)
# Not GNU programs, they don't have --version.
;;
@@ -135,7 +138,7 @@
# If it does not exist, or fails to run (possibly an outdated version),
# try to emulate it.
-case "$1" in
+case $1 in
aclocal*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
@@ -164,7 +167,7 @@
test -z "$files" && files="config.h"
touch_files=
for f in $files; do
- case "$f" in
+ case $f in
*:*) touch_files="$touch_files "`echo "$f" |
sed -e 's/^[^:]*://' -e 's/:.*//'`;;
*) touch_files="$touch_files $f.in";;
@@ -192,8 +195,8 @@
You can get \`$1' as part of \`Autoconf' from any GNU
archive site."
- file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
- test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -f "$file"; then
touch $file
else
@@ -214,25 +217,25 @@
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
- if [ $# -ne 1 ]; then
+ if test $# -ne 1; then
eval LASTARG="\${$#}"
- case "$LASTARG" in
+ case $LASTARG in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
- if [ -f "$SRCFILE" ]; then
+ if test -f "$SRCFILE"; then
cp "$SRCFILE" y.tab.c
fi
SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
- if [ -f "$SRCFILE" ]; then
+ if test -f "$SRCFILE"; then
cp "$SRCFILE" y.tab.h
fi
;;
esac
fi
- if [ ! -f y.tab.h ]; then
+ if test ! -f y.tab.h; then
echo >y.tab.h
fi
- if [ ! -f y.tab.c ]; then
+ if test ! -f y.tab.c; then
echo 'main() { return 0; }' >y.tab.c
fi
;;
@@ -244,18 +247,18 @@
in order for those modifications to take effect. You can get
\`Flex' from any GNU archive site."
rm -f lex.yy.c
- if [ $# -ne 1 ]; then
+ if test $# -ne 1; then
eval LASTARG="\${$#}"
- case "$LASTARG" in
+ case $LASTARG in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
- if [ -f "$SRCFILE" ]; then
+ if test -f "$SRCFILE"; then
cp "$SRCFILE" lex.yy.c
fi
;;
esac
fi
- if [ ! -f lex.yy.c ]; then
+ if test ! -f lex.yy.c; then
echo 'main() { return 0; }' >lex.yy.c
fi
;;
@@ -267,11 +270,9 @@
\`Help2man' package in order for those modifications to take
effect. You can get \`Help2man' from any GNU archive site."
- file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
- if test -z "$file"; then
- file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
- fi
- if [ -f "$file" ]; then
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
touch $file
else
test -z "$file" || exec >$file
@@ -289,11 +290,17 @@
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
# The file to touch is that specified with -o ...
- file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -z "$file"; then
# ... or it is the one specified with @setfilename ...
infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
- file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile`
+ file=`sed -n '
+ /^@setfilename/{
+ s/.* \([^ ]*\) *$/\1/
+ p
+ q
+ }' $infile`
# ... or it is derived from the source name (dir/f.texi becomes f.info)
test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
fi
@@ -317,13 +324,13 @@
fi
firstarg="$1"
if shift; then
- case "$firstarg" in
+ case $firstarg in
*o*)
firstarg=`echo "$firstarg" | sed s/o//`
tar "$firstarg" "$@" && exit 0
;;
esac
- case "$firstarg" in
+ case $firstarg in
*h*)
firstarg=`echo "$firstarg" | sed s/h//`
tar "$firstarg" "$@" && exit 0
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-kerberos-server-2.15.4/src/KerberosServer.pm new/yast2-kerberos-server-2.16.0/src/KerberosServer.pm
--- old/yast2-kerberos-server-2.15.4/src/KerberosServer.pm 2007-07-12 17:18:13.000000000 +0200
+++ new/yast2-kerberos-server-2.16.0/src/KerberosServer.pm 2007-11-20 16:18:11.000000000 +0100
@@ -55,6 +55,7 @@
YaST::YCP::Import ("Service");
YaST::YCP::Import ("Package");
YaST::YCP::Import ("Progress");
+YaST::YCP::Import ("Popup");
YaST::YCP::Import ("Report");
YaST::YCP::Import ("Summary");
YaST::YCP::Import ("Message");
@@ -100,6 +101,25 @@
################################################################
+my $requiredObjectClasses = {
+ krbContainer => "2.16.840.1.113719.1.301.6.1.1",
+ krbRealmContainer => "2.16.840.1.113719.1.301.6.2.1",
+ krbPrincipalAux => "2.16.840.1.113719.1.301.6.8.1",
+ krbPrincipal => "2.16.840.1.113719.1.301.6.9.1",
+ krbPrincRefAux => "2.16.840.1.113719.1.301.6.11.1",
+ krbPwdPolicy => "2.16.840.1.113719.1.301.6.14.1",
+ krbTicketPolicyAux => "2.16.840.1.113719.1.301.6.16.1",
+ krbTicketPolicy => "2.16.840.1.113719.1.301.6.17.1"
+ };
+
+################################################################
+
+my $errorMsg = undef;
+
+my $errorDetails = "";
+
+################################################################
+
my $foundDB = 0;
# Was a database found during Read() ?
@@ -495,6 +515,22 @@
#################################################################
+sub showError
+{
+ my $class = shift;
+
+ if(defined $errorMsg && $errorMsg ne "" && $errorDetails ne "")
+ {
+ Popup->ErrorDetails($errorMsg, $errorDetails);
+ }
+ elsif(defined $errorMsg && $errorMsg ne "")
+ {
+ Popup->Error($errorMsg);
+ }
+ return 1;
+}
+
+
BEGIN { $TYPEINFO{splitTime} = ["function", ["list", "any"], "string"]; }
sub splitTime
@@ -544,6 +580,52 @@
}
+BEGIN { $TYPEINFO{CheckSchema} = ["function", "boolean", "void"]; }
+sub CheckSchema
+{
+ my $class = shift;
+
+ my $ret = $class->initLDAP();
+ if(not $ret)
+ {
+ return $ret;
+ }
+
+ if(! SCR->Execute(".ldap.schema", {"schema_dn" => "cn=Subschema"}))
+ {
+ my $ldapERR = SCR->Read(".ldap.error");
+ y2error("LDAP schema init failed:".$ldapERR->{'code'}." : ".$ldapERR->{'msg'});
+ $errorMsg = _("Initialize LDAP schema failed.");
+ $errorDetails = "LDAP message:".$ldapERR->{'code'}." : ".$ldapERR->{'msg'};
+ return 0;
+ }
+
+ foreach my $key (keys %{$requiredObjectClasses})
+ {
+ my $schemaMap = SCR->Read(".ldap.schema.object_class", { "name" => $key });
+ if(!defined $schemaMap)
+ {
+ my $ldapERR = SCR->Read(".ldap.error");
+ y2error("LDAP reading schema failed:".$ldapERR->{'code'}." : ".$ldapERR->{'msg'});
+ $errorMsg = _("Reading LDAP schema failed.");
+ $errorDetails = "LDAP message:".$ldapERR->{'code'}." : ".$ldapERR->{'msg'};
+ return 0;
+ }
+
+ #y2milestone("SCHEMA MAP:".Data::Dumper->Dump([$schemaMap]));
+
+ if(!exists $schemaMap->{oid} || !defined $schemaMap->{oid} ||
+ $schemaMap->{oid} ne $requiredObjectClasses->{$key})
+ {
+ y2error("Kerberos Schema not known to the LDAP server.");
+ $errorMsg = _("Kerberos Schema not known to the LDAP server.");
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
BEGIN { $TYPEINFO{CreateDefaultCerts} = ["function", "boolean", "string"]; }
sub CreateDefaultCerts
@@ -561,6 +643,7 @@
if(! defined $passwd || $passwd eq "")
{
y2error("No password set");
+ $errorMsg = _("No password available to create the default certificate.");
return 0;
}
@@ -577,6 +660,8 @@
# error
my $Yerr = YaPI::CaManagement->Error();
y2error("Read Certificate Defaults failed: ".Data::Dumper->Dump([$Yerr]));
+ $errorMsg = $Yerr->{summary};
+ $errorDetails = $Yerr->{description};
return 0;
}
@@ -606,6 +691,8 @@
# error
my $Yerr = YaPI::CaManagement->Error();
y2error("Add Root CA failed: ".Data::Dumper->Dump([$Yerr]));
+ $errorMsg = $Yerr->{summary};
+ $errorDetails = $Yerr->{description};
return 0;
}
@@ -621,6 +708,8 @@
# error
my $Yerr = YaPI::CaManagement->Error();
y2error("Read Certificate Defaults failed: ".Data::Dumper->Dump([$Yerr]));
+ $errorMsg = $Yerr->{summary};
+ $errorDetails = $Yerr->{description};
return 0;
}
if(exists $certValueMap->{DN})
@@ -651,6 +740,8 @@
# error
my $Yerr = YaPI::CaManagement->Error();
y2error("Add Certificate failed: ".Data::Dumper->Dump([$Yerr]));
+ $errorMsg = $Yerr->{summary};
+ $errorDetails = $Yerr->{description};
return 0;
}
@@ -670,6 +761,8 @@
# error
my $Yerr = YaPI::CaManagement->Error();
y2error("Export Certificate failed: ".Data::Dumper->Dump([$Yerr]));
+ $errorMsg = $Yerr->{summary};
+ $errorDetails = $Yerr->{description};
return 0;
}
@@ -684,6 +777,8 @@
# error
my $Yerr = YaPI::CaManagement->Error();
y2error("Import Common Server Certificate failed: ".Data::Dumper->Dump([$Yerr]));
+ $errorMsg = $Yerr->{summary};
+ $errorDetails = $Yerr->{description};
unlink("/tmp/YaST-Servercert.p12");
return 0;
}
@@ -706,6 +801,7 @@
if(-e "/var/lib/ldap/__db.001")
{
y2error("Database exists. Cannot create a new one.");
+ $errorMsg = _("LDAP database exists. Cannot create a new one.");
return 0;
}
my $directory = "/var/lib/ldap";
@@ -717,6 +813,7 @@
if (!SCR->Write (".sysconfig.openldap", undef))
{
y2error ("error writing /etc/sysconfig/openldap");
+ $errorMsg = _("Cannot write /etc/sysconfig/openldap .");
return 0;
}
@@ -737,6 +834,8 @@
if(! -e "/usr/share/doc/packages/krb5/kerberos.schema")
{
y2error("Kerberos schema file not found");
+ $errorMsg = _("Kerberos schema file not found");
+ $errorDetails = "/usr/share/doc/packages/krb5/kerberos.schema not found.";
return 0;
}
@@ -795,7 +894,7 @@
if (!SCR->Write (".ldapserver.krb5ACLHack", "" ))
{
- return undef;
+ return 0;
}
YaPI::LdapServer->SwitchService(1);
@@ -837,12 +936,11 @@
# local ldap server; use hostname and domain
$data->{ldap_server} = "$hostname.$domain"; # == ldap server IP address or name
}
- elsif($uriParts->{scheme} eq "ldaps" && $uriParts->{host} ne "")
+ elsif(($uriParts->{scheme} eq "ldaps" || $uriParts->{scheme} eq "ldap") && $uriParts->{host} ne "")
{
# local ldap server; use hostname and domain
$data->{ldap_server} = $uriParts->{host}; # == ldap server IP address or name
}
- # FIXME: support scheme ldap ?
else
{
y2error("Wrong LDAP URI: scheme ".$uriParts->{scheme}." not allowed");
@@ -852,6 +950,7 @@
else
{
y2error("No LDAP server URI specified");
+ $errorMsg = _("No LDAP server URI specified.");
return 0;
}
@@ -864,7 +963,7 @@
$data->{ldap_domain} = "$ldapbasedn"; # == basedn
$data->{start_ldap} = Boolean(1);
- $data->{ldap_tls} = Boolean(1);
+ #$data->{ldap_tls} = Boolean(1);
$data->{login_enabled} = Boolean(0);
$data->{bind_dn} = $ldapdb->{ldap_kadmind_dn}; # we use kadmin dn, because it needs write access
$data->{create_ldap} = Boolean(1);
@@ -900,6 +999,8 @@
# next;
#}
y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Cannot write krb5.conf.");
+ $errorDetails = $err->{summary};
return 0;
}
@@ -912,6 +1013,8 @@
# next;
#}
y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Cannot write krb5.conf.");
+ $errorDetails = $err->{summary};
return 0;
}
@@ -924,6 +1027,8 @@
# next;
#}
y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Cannot write krb5.conf.");
+ $errorDetails = $err->{summary};
return 0;
}
@@ -936,6 +1041,8 @@
# next;
#}
y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Cannot write krb5.conf.");
+ $errorDetails = $err->{summary};
return 0;
}
@@ -949,6 +1056,8 @@
# next;
#}
y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Cannot write krb5.conf.");
+ $errorDetails = $err->{summary};
return 0;
}
@@ -1003,6 +1112,8 @@
my $pid = open3(\*IN, \*OUT, \*ERR, "/usr/lib/mit/sbin/kdb5_ldap_util", @cmdArgs)
or do {
y2error("Can not execute kdb5_ldap_util: $!");
+ $errorMsg = _("Cannot execute kdb5_ldap_util .");
+ $errorDetails = "$!";
return 0;
};
@@ -1033,6 +1144,8 @@
my $code = ($?>>8);
if($code != 0)
{
+ $errorMsg = _("Creating kerberos database failed.");
+ $errorDetails = "$err";
return 0;
}
@@ -1047,6 +1160,8 @@
$pid = open3(\*IN, \*OUT, \*ERR, "/usr/lib/mit/sbin/kdb5_ldap_util", @cmdArgs)
or do {
y2error("Can not execute kdb5_ldap_util: $!");
+ $errorMsg = _("Cannot execute kdb5_ldap_util .");
+ $errorDetails = "$!";
return 0;
};
@@ -1078,6 +1193,8 @@
$code = ($?>>8);
if($code != 0)
{
+ $errorMsg = _("Writing to password file failed.");
+ $errorDetails = "$err";
return 0;
}
@@ -1092,6 +1209,8 @@
$pid = open3(\*IN, \*OUT, \*ERR, "/usr/lib/mit/sbin/kdb5_ldap_util", @cmdArgs)
or do {
y2error("Can not execute kdb5_ldap_util: $!");
+ $errorMsg = _("Cannot execute kdb5_ldap_util .");
+ $errorDetails = "$!";
return 0;
};
@@ -1122,6 +1241,8 @@
$code = ($?>>8);
if($code != 0)
{
+ $errorMsg = _("Writing to password file failed.");
+ $errorDetails = "$err";
return 0;
}
}
@@ -1154,19 +1275,57 @@
if(Ldap->Read())
{
my $ldapMap = Ldap->Export();
+
+ if(!exists $ldapdb->{ldap_server} || !defined $ldapdb->{ldap_server} || $ldapdb->{ldap_server} eq "")
+ {
+ if(defined $ldapMap->{'ldap_server'} && $ldapMap->{'ldap_server'} ne "")
+ {
+ my $dummy = $ldapMap->{'ldap_server'};
+
+ $ldapdb->{ldap_server} = "ldaps://".Ldap->GetFirstServer("$dummy");
+ }
+ }
- if(defined $ldapMap->{'ldap_server'} && $ldapMap->{'ldap_server'} ne "")
+ if($ldapbasedn eq "")
{
- my $dummy = $ldapMap->{'ldap_server'};
-
- $ldapdb->{ldap_server} = "https://".Ldap->GetFirstServer("$dummy");
- }
-
- $ldapbasedn = $ldapMap->{'ldap_domain'};
+ if($ldapMap->{'ldap_domain'} ne "")
+ {
+ $ldapbasedn = $ldapMap->{'ldap_domain'};
+ }
+ else
+ {
+ $ldapbasedn = "dc=".join(",dc=", split(/\./, $domain));
+ }
+ }
- $ldapdb->{ldap_kerberos_container_dn} = "cn=krbcontainer,".$ldapbasedn;
- $ldapdb->{ldap_kdc_dn} = $ldapMap->{'bind_dn'};
- $ldapdb->{ldap_kadmind_dn} = $ldapMap->{'bind_dn'};
+ if(!exists $ldapdb->{ldap_kerberos_container_dn})
+ {
+ $ldapdb->{ldap_kerberos_container_dn} = "cn=krbcontainer,".$ldapbasedn;
+ }
+
+ if(!exists $ldapdb->{ldap_kdc_dn})
+ {
+ if($ldapMap->{'bind_dn'} ne "")
+ {
+ $ldapdb->{ldap_kdc_dn} = $ldapMap->{'bind_dn'};
+ }
+ else
+ {
+ $ldapdb->{ldap_kdc_dn} = "cn=Administrator,".$ldapbasedn;
+ }
+ }
+
+ if(!exists $ldapdb->{ldap_kadmind_dn})
+ {
+ if($ldapMap->{'bind_dn'} ne "")
+ {
+ $ldapdb->{ldap_kadmind_dn} = $ldapMap->{'bind_dn'};
+ }
+ else
+ {
+ $ldapdb->{ldap_kadmind_dn} = "cn=Administrator,".$ldapbasedn;
+ }
+ }
}
}
@@ -1180,51 +1339,53 @@
$ldapdb->{ldap_kadmind_dn} eq "")
{
y2error("No bind DN available");
+ $errorMsg = _("No bind DN availbale.");
return 0;
}
my $use_tls = "try";
my $ldapMap = {};
-
- if(Ldap->Read())
- {
- $ldapMap = Ldap->Export();
- foreach (keys %{$ldapMap})
- {
- $ldapMap->{$_} = Boolean(1) if("$ldapMap->{$_}" eq "1");
- $ldapMap->{$_} = Boolean(0) if("$ldapMap->{$_}" eq "0");
- }
+ Ldap->Read();
- if(defined $ldapMap->{'ldap_server'} && $ldapMap->{'ldap_server'} ne "")
- {
- my $dummy = $ldapMap->{'ldap_server'};
- $ldapMap->{'ldap_server'} = Ldap->GetFirstServer("$dummy");
- $ldapMap->{'ldap_port'} = Ldap->GetFirstPort("$dummy");
- }
- else
- {
- y2error("No LDAP server configured.");
- return 0;
- }
- if(defined $ldapMap->{ldap_tls} )
+ if(exists $ldapdb->{ldap_server} && defined $ldapdb->{ldap_server} && $ldapdb->{ldap_server} ne "")
+ {
+ y2milestone("initLDAP: found ldap_server $ldapdb->{ldap_server}");
+
+ my $uriParts = URL->Parse($ldapdb->{ldap_server});
+
+ if($uriParts->{scheme} eq "ldapi")
{
- if($ldapMap->{ldap_tls} == 1)
- {
- $use_tls = "yes"
- }
- else
- {
- $use_tls = "no";
- }
+ # local ldap server; use hostname and domain
+ $ldapMap->{ldap_server} = "$hostname.$domain"; # == ldap server IP address or name
}
- }
-
+ elsif(($uriParts->{scheme} eq "ldaps" || $uriParts->{scheme} eq "ldap") && $uriParts->{host} ne "")
+ {
+ # local ldap server; use hostname and domain
+ $ldapMap->{ldap_server} = $uriParts->{host}; # == ldap server IP address or name
+ $ldapMap->{ldap_port} = $uriParts->{port};
+ }
+ else
+ {
+ y2error("Wrong LDAP URI: scheme ".$uriParts->{scheme}." not allowed");
+ $errorMsg = _("Invalid LDAP URI scheme.");
+ $errorDetails = $uriParts->{scheme}." is not allowed.";
+ return 0;
+ }
+
+ if(!exists $ldapMap->{ldap_port} || !defined $ldapMap->{ldap_port} || $ldapMap->{ldap_port} eq "")
+ {
+ # ldaps on 636 is not supported by the ldap agent
+ $ldapMap->{ldap_port} = 389;
+ }
+ }
+
if (! SCR->Execute(".ldap", {"hostname" => $ldapMap->{'ldap_server'},
"port" => $ldapMap->{'ldap_port'},
"use_tls" => $use_tls }))
{
y2error("LDAP initialization failed.");
+ $errorMsg = _("LDAP initialization failed.");
return 0;
}
@@ -1238,7 +1399,7 @@
$ldapkadmpw = Ldap->LDAPAskAndBind(Boolean(0));
- $ldapMap->{bind_dn} = $old_bind_dn;
+ $ldapMap->{bind_dn} = $old_bind_dn;
Ldap->Set($ldapMap);
}
else
@@ -1249,6 +1410,8 @@
{
my $ldapERR = SCR->Read(".ldap.error");
y2error("LDAP bind failed.(".$ldapERR->{'code'}.") : ".$ldapERR->{'msg'});
+ $errorMsg = _("LDAP bind failed.");
+ $errorDetails = $ldapERR->{'code'}.": ".$ldapERR->{'msg'};
return 0;
}
}
@@ -1285,6 +1448,8 @@
{
my $ldapERR = SCR->Read(".ldap.error");
y2error("Error while searching in LDAP.(".$ldapERR->{'code'}." : ".$ldapERR->{'msg'});
+ $errorMsg = _("LDAP search failed.");
+ $errorDetails = $ldapERR->{'code'}.": ".$ldapERR->{'msg'};
return 0;
}
@@ -1493,6 +1658,7 @@
}
}
$class->ReadAttributesFromLDAP();
+
last;
}
}
@@ -1511,25 +1677,25 @@
if(not $ret)
{
my $err = SCR->Error(".kdc_conf");
- y2error("Error on writing to kdc.conf:".Data::Dumper->Dump([$err]));
+ y2milestone("Writing to kdc.conf failed:".Data::Dumper->Dump([$err]));
}
$ret = SCR->Write(".kdc_conf", undef);
if(not $ret)
{
my $err = SCR->Error(".kdc_conf");
- y2error("Error on writing to kdc.conf:".Data::Dumper->Dump([$err]));
+ y2milestone("Writing to kdc.conf failed:".Data::Dumper->Dump([$err]));
}
$ret = SCR->Write(".krb5_conf.realms.\"$dbrealm\"", undef);
if(not $ret)
{
my $err = SCR->Error(".krb5_conf");
- y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ y2milestone("Writing to krb5.conf failed:".Data::Dumper->Dump([$err]));
}
$ret = SCR->Write(".krb5_conf", undef);
if(not $ret)
{
my $err = SCR->Error(".krb5_conf");
- y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ y2milestone("Writing to krb5.conf failed:".Data::Dumper->Dump([$err]));
}
}
# check for if some defaults are available. If not, set them
@@ -1621,6 +1787,8 @@
# next;
#}
y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Writing to krb5.conf failed.");
+ $errorDetails = $err->{summary};
return 0;
}
}
@@ -1628,7 +1796,10 @@
$ret = SCR->Write(".krb5_conf", undef);
if(not $ret)
{
- y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([SCR->Error(".krb5_conf")]));
+ my $err = SCR->Error(".krb5_conf");
+ y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Writing to krb5.conf failed.");
+ $errorDetails = $err->{summary};
return 0;
}
return $ret;
@@ -1669,13 +1840,18 @@
next;
}
y2error("Error on writing to kdc.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Writing to kdc.conf failed.");
+ $errorDetails = $err->{summary};
return 0;
}
}
$ret = SCR->Write(".kdc_conf", undef);
if(not $ret)
{
- y2error("Error on writing to kdc.conf:".Data::Dumper->Dump([SCR->Error(".kdc_conf")]));
+ my $err = SCR->Error(".kdc_conf");
+ y2error("Error on writing to kdc.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Writing to kdc.conf failed.");
+ $errorDetails = $err->{summary};
return 0;
}
return $ret;
@@ -1698,6 +1874,7 @@
$ldapdb->{ldap_kadmind_dn} eq "")
{
y2error("No bind DN available");
+ $errorMsg = _("No bind DN availbale.");
return 0;
}
@@ -1756,7 +1933,9 @@
my $pid = open3(\*IN, \*OUT, \*ERR, "/usr/lib/mit/sbin/kdb5_ldap_util", @cmdArgs)
or do {
- y2error("Can not execute kdb5_ldap_util: $!");
+ y2error("Cannot execute kdb5_ldap_util: $!");
+ $errorMsg = _("Cannot execute kdb5_ldap_util .");
+ $errorDetails = "$!";
return 0;
};
@@ -1786,6 +1965,8 @@
my $code = ($?>>8);
if($code != 0)
{
+ $errorMsg = _("Modifing the kerberos database failed.");
+ $errorDetails = "$err";
return 0;
}
@@ -1813,6 +1994,8 @@
{
my $ldapERR = SCR->Read(".ldap.error");
y2error("Error while searching in LDAP.(".$ldapERR->{'code'}.") : ".$ldapERR->{'msg'});
+ $errorMsg = _("LDAP search failed.");
+ $errorDetails = $ldapERR->{'code'}.": ".$ldapERR->{'msg'};
return 0;
}
if(@$DNs == 1)
@@ -1825,8 +2008,14 @@
{
my $ldapERR = SCR->Read(".ldap.error");
y2error("Error while deleting attribute ($attribute) in LDAP.(".$ldapERR->{'code'}.") : ".$ldapERR->{'msg'});
+ $errorMsg = _("LDAP modify failed.");
+ $errorDetails = $ldapERR->{'code'}.": ".$ldapERR->{'msg'};
}
- }
+ }
+ }
+ if(defined $errorMsg && $errorMsg ne "")
+ {
+ return 0;
}
}
@@ -1850,6 +2039,8 @@
! defined $dbtype || $dbtype eq "")
{
y2error("No realm or dbtype set");
+ $errorMsg = _("Incomplete data.");
+ $errorDetails = "realm or dbtype not set.";
return 0;
}
@@ -1863,13 +2054,17 @@
$db->{database_name} eq "")
{
y2error("no database name set");
+ $errorMsg = _("No database name set.");
return 0;
}
$ret = SCR->Write(".kdc_conf.realms.\"$dbrealm\".database_name", [$db->{database_name}]);
if(not $ret)
{
- y2error("Error on writing to kdc.conf:".Data::Dumper->Dump([SCR->Error(".kdc_conf")]));
+ my $err = SCR->Error(".kdc_conf");
+ y2error("Error on writing to kdc.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Cannot write kdc.conf.");
+ $errorDetails = $err->{summary};
return 0;
}
@@ -1883,13 +2078,19 @@
$ret = SCR->Write(".krb5_conf.libdefaults.default_realm", [$dbrealm]);
if(not $ret)
{
- y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([SCR->Error(".krb5_conf")]));
+ my $err = SCR->Error(".krb5_conf");
+ y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([$err]));
+ $errorMsg = _("Cannot write krb5.conf.");
+ $errorDetails = $err->{summary};
return 0;
}
$ret = SCR->Write(".krb5_conf", undef);
if(not $ret)
{
+ my $err = SCR->Error(".krb5_conf");
y2error("Error on writing to krb5.conf:".Data::Dumper->Dump([SCR->Error(".krb5_conf")]));
+ $errorMsg = _("Cannot write krb5.conf.");
+ $errorDetails = $err->{summary};
return 0;
}
@@ -1900,6 +2101,8 @@
my $pid = open3(\*IN, \*OUT, \*ERR, "/usr/lib/mit/sbin/kdb5_util", @cmdArgs)
or do {
y2error("Can not execute kdb5_util: $!");
+ $errorMsg = _("Cannot execute kdb5_util .");
+ $errorDetails = "$!";
return 0;
};
@@ -1930,10 +2133,11 @@
my $code = ($?>>8);
if($code != 0)
{
+ $errorMsg = _("Creating kerberos database failed.");
+ $errorDetails = "$err";
return 0;
}
-
$ret = 1;
}
elsif($dbtype eq "ldap")
@@ -1967,6 +2171,13 @@
{
return $ret;
}
+
+ y2milestone("Call SetupLdapClient");
+ $ret = $class->SetupLdapClient();
+ if(!$ret)
+ {
+ return $ret;
+ }
}
else
{
@@ -1975,14 +2186,15 @@
{
return $ret;
}
+
+ y2milestone("Call CheckSchema");
+ $ret = $class->CheckSchema();
+ if(!$ret)
+ {
+ return $ret;
+ }
}
-
- y2milestone("Call SetupLdapClient");
- $ret = $class->SetupLdapClient();
- if(!$ret)
- {
- return $ret;
- }
+
y2milestone("Call SetupLdapBackend");
$ret = $class->SetupLdapBackend();
if(!$ret)
@@ -1992,7 +2204,9 @@
}
else
{
- y2error("currently not supported");
+ y2error("Unsupported database type $dbtype .");
+ $errorMsg = _("Unsupported database type.");
+ $errorDetails = "'$dbtype' is not supported.";
return 0;
}
@@ -2076,6 +2290,10 @@
y2milestone("Read called");
+ # clean error
+ $errorMsg = undef;
+ $errorDetails = "";
+
# KerberosServer read dialog caption
my $caption = __("Initializing kerberos-server Configuration");
@@ -2126,6 +2344,8 @@
if($?)
{
y2error("Cannot read hostname");
+ $errorMsg = _("Cannot read hostname.");
+ $class->showError();
return 0;
}
chomp($hostname);
@@ -2134,6 +2354,8 @@
if($?)
{
y2error("Cannot read domain");
+ $errorMsg = _("Cannot read domain");
+ $class->showError();
return 0;
}
chomp($domain);
@@ -2145,14 +2367,10 @@
$ret = $class->ReadDatabase();
if(!$ret)
{
+ $class->showError();
return $ret;
}
- # Error message
- if(0)
- {
- Report::Error(__("Cannot read the database2."));
- }
sleep($sl);
$modified = 0;
@@ -2170,6 +2388,10 @@
y2milestone("Write called");
+ # clean error
+ $errorMsg = undef;
+ $errorDetails = "";
+
# KerberosServer read dialog caption
my $caption = __("Saving kerberos-server Configuration");
@@ -2210,8 +2432,9 @@
my $ret = $class->WriteDatabase();
# Error message
- if(not $ret)
+ if(!$ret)
{
+ $class->showError();
return $ret;
}
sleep($sl);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-kerberos-server-2.15.4/TODO new/yast2-kerberos-server-2.16.0/TODO
--- old/yast2-kerberos-server-2.15.4/TODO 2007-07-06 13:39:15.000000000 +0200
+++ new/yast2-kerberos-server-2.16.0/TODO 2007-11-20 16:32:56.000000000 +0100
@@ -1,3 +1,4 @@
- add tkt policy support
- read default user container from ldap-client and add this to subtrees
(you can only create principals at places where you also search for it)
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-kerberos-server-2.15.4/VERSION new/yast2-kerberos-server-2.16.0/VERSION
--- old/yast2-kerberos-server-2.15.4/VERSION 2007-08-27 14:46:51.000000000 +0200
+++ new/yast2-kerberos-server-2.16.0/VERSION 2007-11-20 16:33:20.000000000 +0100
@@ -1 +1 @@
-2.15.4
+2.16.0
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org