Mailinglist Archive: yast-commit (953 mails)

< Previous Next >
[yast-commit] r49573 - in /trunk/ldap-server/src: LdapServer.pm tree_structure.ycp
  • From: rhafer@xxxxxxxxxxxxxxxx
  • Date: Fri, 01 Aug 2008 12:20:12 -0000
  • Message-id: <20080801122012.E804D272BD@xxxxxxxxxxxxxxxx>
Author: rhafer
Date: Fri Aug 1 14:20:12 2008
New Revision: 49573

URL: http://svn.opensuse.org/viewcvs/yast?rev=49573&view=rev
Log:
- Moved validation of TLS Parameters from the GUI into main module
- Made SSL listener checkbox working in TLS dialog

Modified:
trunk/ldap-server/src/LdapServer.pm
trunk/ldap-server/src/tree_structure.ycp

Modified: trunk/ldap-server/src/LdapServer.pm
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=49573&r1=49572&r2=49573&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapServer.pm (original)
+++ trunk/ldap-server/src/LdapServer.pm Fri Aug 1 14:20:12 2008
@@ -755,13 +755,32 @@
{
my $self = shift;
my $tls = shift;
- my $ret = SCR->Execute(".target.bash",
- "/usr/bin/setfacl -m u:ldap:r
".$tls->{'certKeyFile'});
- if($ret != 0) {
- return $self->SetError(_("Can not set a filesystem acl on the private
key"),
- "setfacl -m u:ldap:r
"./etc/ssl/servercerts/serverkey.pem." failed.\n".
- "Do you have filesystem acl support disabled?"
);
- return 0;
+ if ( YaST::YCP::Boolean($tls->{'tls_active'}) )
+ {
+ if ( SCR->Read(".target.size", $tls->{"caCertFile"}) <= 0)
+ {
+ $self->SetError( _("CA Certificate File does not exist"), "");
+ return 0;
+ }
+ if ( SCR->Read(".target.size", $tls->{"certFile"}) <= 0)
+ {
+ $self->SetError( _("Certificate File does not exist"), "" );
+ return 0;
+ }
+ if ( SCR->Read(".target.size", $tls->{"certKeyFile"}) <= 0)
+ {
+ $self->SetError( _("Certificate Key File does not exist"), "");
+ return 0;
+ }
+
+ if ( SCR->Execute(".target.bash",
+ "/usr/bin/setfacl -m u:ldap:r
".$tls->{'certKeyFile'}) )
+ {
+ $self->SetError(_("Can not set a filesystem acl on the private
key"),
+ "setfacl -m u:ldap:r
".$tls->{'certKeyFile'}." failed.\n".
+ "Do you have filesystem acl support
disabled?" );
+ return 0;
+ }
}
my $rc = SCR->Write('.ldapserver.global.tlsSettings', $tls );
return 1;
@@ -774,7 +793,7 @@
my $ret = SCR->Execute(".target.bash",
"/usr/bin/setfacl -m u:ldap:r
/etc/ssl/servercerts/serverkey.pem");
if($ret != 0) {
- return $self->SetError(_("Can not set a filesystem acl on the private
key"),
+ $self->SetError(_("Can not set a filesystem acl on the private key"),
"setfacl -m u:ldap:r
/etc/ssl/servercerts/serverkey.pem failed.\n".
"Do you have filesystem acl support disabled?"
);
return 0;
@@ -1273,7 +1292,7 @@
sub GetProtocolListenerEnabled
{
my ( $self, $protocol ) = @_;
- y2milestone("GetProtocolListenerEnabled $protocol (ldapi
$use_ldapi_listener, ldaps $use_ldaps_listener, ldap $use_ldap_listener");
+ y2milestone("GetProtocolListenerEnabled $protocol (ldapi
$use_ldapi_listener, ldaps $use_ldaps_listener, ldap $use_ldap_listener)");
if ( $protocol eq "ldap" )
{
return $use_ldap_listener;

Modified: trunk/ldap-server/src/tree_structure.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/tree_structure.ycp?rev=49573&r1=49572&r2=49573&view=diff
==============================================================================
--- trunk/ldap-server/src/tree_structure.ycp (original)
+++ trunk/ldap-server/src/tree_structure.ycp Fri Aug 1 14:20:12 2008
@@ -362,6 +362,7 @@
UI::ChangeWidget( `cb_use_common_cert, `Enabled, false );
UI::ChangeWidget( `fr_import_cert, `Enabled, false );
}
+ UI::ChangeWidget( `cb_ssl_listener_enabled, `Value,
LdapServer::GetProtocolListenerEnabled("ldaps") );
UI::ChangeWidget( `te_ca_file, `Value, tls["caCertFile"]:"" );
UI::ChangeWidget( `te_cert_file, `Value, tls["certFile"]:"" );
UI::ChangeWidget( `te_key_file, `Value, tls["certKeyFile"]:"" );
@@ -386,29 +387,18 @@
"crlCheck" : 0,
"verifyClient" : 0
];
- if ( SCR::Read(.target.size, tlsSettings["caCertFile"]:"") <= 0)
+ if ( ! LdapServer::SetTlsConfig( tlsSettings ) )
{
- callback_error = _("CA Certificate File does not exist");
- return false;
- }
- if ( SCR::Read(.target.size, tlsSettings["certFile"]:"") <= 0)
- {
- callback_error = _("Certificate File does not exist");
- return false;
- }
- if ( SCR::Read(.target.size, tlsSettings["certKeyFile"]:"") <= 0)
- {
- callback_error = _("Certificate Key File does not exist");
+ map<string, string> err = LdapServer::GetError();
+ callback_error = err["msg"]:"" + err["details"]:"";
return false;
}
-
- LdapServer::SetTlsConfig( tlsSettings );
+ LdapServer::SetProtocolListenerEnabled( "ldaps", (boolean)
UI::QueryWidget( `id( `cb_ssl_listener_enabled ), `Value ) );
}
else
{
-// LdapServer::WriteConfigureCommonServerCertificate( false );
-// LdapServer::WriteImportCertificates( $[] );
map<string,any> tlsSettings = $[
+ "tls_active" : false,
"certKeyFile" : "",
"certFile" : "",
"caCertFile" : "",
@@ -419,6 +409,7 @@
];

LdapServer::SetTlsConfig( tlsSettings );
+ LdapServer::SetProtocolListenerEnabled( "ldaps", false );
}
return true;
}
@@ -435,6 +426,7 @@
if ( tls_enabled_cb )
{
UI::ChangeWidget( `cb_ssl_listener_enabled, `Enabled, true );
+ UI::ChangeWidget( `cb_ssl_listener_enabled, `Value, true );
if ( common_cert_available )
{
UI::ChangeWidget( `cb_use_common_cert, `Enabled, true );

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages