Author: rhafer
Date: Fri Aug 1 14:20:12 2008
New Revision: 49573
URL: http://svn.opensuse.org/viewcvs/yast?rev=49573&view=rev
Log:
- Moved validation of TLS Parameters from the GUI into main module
- Made SSL listener checkbox working in TLS dialog
Modified:
trunk/ldap-server/src/LdapServer.pm
trunk/ldap-server/src/tree_structure.ycp
Modified: trunk/ldap-server/src/LdapServer.pm
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=49573&r1=49572&r2=49573&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapServer.pm (original)
+++ trunk/ldap-server/src/LdapServer.pm Fri Aug 1 14:20:12 2008
@@ -755,13 +755,32 @@
{
my $self = shift;
my $tls = shift;
- my $ret = SCR->Execute(".target.bash",
- "/usr/bin/setfacl -m u:ldap:r ".$tls->{'certKeyFile'});
- if($ret != 0) {
- return $self->SetError(_("Can not set a filesystem acl on the private key"),
- "setfacl -m u:ldap:r "./etc/ssl/servercerts/serverkey.pem." failed.\n".
- "Do you have filesystem acl support disabled?" );
- return 0;
+ if ( YaST::YCP::Boolean($tls->{'tls_active'}) )
+ {
+ if ( SCR->Read(".target.size", $tls->{"caCertFile"}) <= 0)
+ {
+ $self->SetError( _("CA Certificate File does not exist"), "");
+ return 0;
+ }
+ if ( SCR->Read(".target.size", $tls->{"certFile"}) <= 0)
+ {
+ $self->SetError( _("Certificate File does not exist"), "" );
+ return 0;
+ }
+ if ( SCR->Read(".target.size", $tls->{"certKeyFile"}) <= 0)
+ {
+ $self->SetError( _("Certificate Key File does not exist"), "");
+ return 0;
+ }
+
+ if ( SCR->Execute(".target.bash",
+ "/usr/bin/setfacl -m u:ldap:r ".$tls->{'certKeyFile'}) )
+ {
+ $self->SetError(_("Can not set a filesystem acl on the private key"),
+ "setfacl -m u:ldap:r ".$tls->{'certKeyFile'}." failed.\n".
+ "Do you have filesystem acl support disabled?" );
+ return 0;
+ }
}
my $rc = SCR->Write('.ldapserver.global.tlsSettings', $tls );
return 1;
@@ -774,7 +793,7 @@
my $ret = SCR->Execute(".target.bash",
"/usr/bin/setfacl -m u:ldap:r /etc/ssl/servercerts/serverkey.pem");
if($ret != 0) {
- return $self->SetError(_("Can not set a filesystem acl on the private key"),
+ $self->SetError(_("Can not set a filesystem acl on the private key"),
"setfacl -m u:ldap:r /etc/ssl/servercerts/serverkey.pem failed.\n".
"Do you have filesystem acl support disabled?" );
return 0;
@@ -1273,7 +1292,7 @@
sub GetProtocolListenerEnabled
{
my ( $self, $protocol ) = @_;
- y2milestone("GetProtocolListenerEnabled $protocol (ldapi $use_ldapi_listener, ldaps $use_ldaps_listener, ldap $use_ldap_listener");
+ y2milestone("GetProtocolListenerEnabled $protocol (ldapi $use_ldapi_listener, ldaps $use_ldaps_listener, ldap $use_ldap_listener)");
if ( $protocol eq "ldap" )
{
return $use_ldap_listener;
Modified: trunk/ldap-server/src/tree_structure.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/tree_structure.ycp?rev=49573&r1=49572&r2=49573&view=diff
==============================================================================
--- trunk/ldap-server/src/tree_structure.ycp (original)
+++ trunk/ldap-server/src/tree_structure.ycp Fri Aug 1 14:20:12 2008
@@ -362,6 +362,7 @@
UI::ChangeWidget( `cb_use_common_cert, `Enabled, false );
UI::ChangeWidget( `fr_import_cert, `Enabled, false );
}
+ UI::ChangeWidget( `cb_ssl_listener_enabled, `Value, LdapServer::GetProtocolListenerEnabled("ldaps") );
UI::ChangeWidget( `te_ca_file, `Value, tls["caCertFile"]:"" );
UI::ChangeWidget( `te_cert_file, `Value, tls["certFile"]:"" );
UI::ChangeWidget( `te_key_file, `Value, tls["certKeyFile"]:"" );
@@ -386,29 +387,18 @@
"crlCheck" : 0,
"verifyClient" : 0
];
- if ( SCR::Read(.target.size, tlsSettings["caCertFile"]:"") <= 0)
+ if ( ! LdapServer::SetTlsConfig( tlsSettings ) )
{
- callback_error = _("CA Certificate File does not exist");
- return false;
- }
- if ( SCR::Read(.target.size, tlsSettings["certFile"]:"") <= 0)
- {
- callback_error = _("Certificate File does not exist");
- return false;
- }
- if ( SCR::Read(.target.size, tlsSettings["certKeyFile"]:"") <= 0)
- {
- callback_error = _("Certificate Key File does not exist");
+ map