Author: rhafer
Date: Wed Aug 6 18:25:51 2008
New Revision: 49795
URL: http://svn.opensuse.org/viewcvs/yast?rev=49795&view=rev
Log:
- Add some very basic ACLs to new databases
- calculate {index} of database correctly
Modified:
trunk/ldap-server/src/LdapServer.pm
trunk/ldap-server/src/agent/SlapdConfigAgent.cc
trunk/ldap-server/src/lib/slapd-config.cpp
trunk/ldap-server/src/lib/slapd-config.h
Modified: trunk/ldap-server/src/LdapServer.pm
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=49795&r1=49794&r2=49795&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapServer.pm (original)
+++ trunk/ldap-server/src/LdapServer.pm Wed Aug 6 18:25:51 2008
@@ -1223,20 +1223,31 @@
}
my $rc;
$db->{'rootpw'} = $self->HashPassword($db->{'pwenctype'}, $db->{'rootpw_clear'} );
- if ( $index > 0 )
+ if ( $index == 0 )
{
- $rc = SCR->Write(".ldapserver.database.new.{".$index."}", $db);
- }
- else
- {
- $rc = SCR->Write(".ldapserver.database.new.", $db);
+ # calculate new database index
+ $index = (scalar(@{$self->GetDatabaseList()} )) - 1;
}
+ $rc = SCR->Write(".ldapserver.database.new.{$index}", $db);
if(! $rc ) {
my $err = SCR->Error(".ldapserver");
y2error("Adding Database failed: ".$err->{'summary'}." ".$err->{'description'});
$self->SetError( $err->{'summary'}, $err->{'description'} );
return 0;
}
+ my @acls = ('to dn.subtree="'. $db->{'suffix'} .'" attrs=userPassword by self write by * auth',
+ # 'to attrs=shadowLastChange by self write by * read',
+ 'to dn.subtree="'. $db->{'suffix'} .'" by * read');
+ foreach my $acl (@acls )
+ {
+ $rc = SCR->Write(".ldapserver.database.{$index}.access", $acl );
+ if(! $rc ) {
+ my $err = SCR->Error(".ldapserver");
+ y2error("Adding default ACLs failed: ".$err->{'summary'}." ".$err->{'description'});
+ $self->SetError( $err->{'summary'}, $err->{'description'} );
+ return 0;
+ }
+ }
return 1;
}
Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfigAgent.cc?rev=49795&r1=49794&r2=49795&view=diff
==============================================================================
--- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original)
+++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Wed Aug 6 18:25:51 2008
@@ -115,15 +115,26 @@
y2milestone("Path %s Length %ld ", path->toString().c_str(),
path->length());
- if ( path->component_str(0) == "global" ) {
+ if ( path->component_str(0) == "global" )
+ {
y2milestone("Global Write");
return WriteGlobal(path->at(1), arg, arg2);
- } else if ( (path->component_str(0) == "database") && (path->length() > 1) ) {
+ }
+ else if ( (path->component_str(0) == "database") && (path->length() > 1) )
+ {
y2milestone("Database Write");
return WriteDatabase(path->at(1), arg, arg2);
- } else if ( path->component_str(0) == "schema" ) {
+ }
+ else if ( path->component_str(0) == "schema" )
+ {
y2milestone("Schema Write");
return WriteSchema(path->at(1), arg, arg2);
+ }
+ else if ( path->component_str(0) == "sambaACLHack" )
+ {
+ // FIXME: remove this, when ACL support in WriteDatabase() is implemented
+ y2error("Warning: sambaACL is currently not implemented");
+ return YCPBoolean(true);
} else {
lastError->add(YCPString("summary"), YCPString("Write Failed") );
std::string msg = "Unsupported SCR path: `.ldapserver.";
@@ -167,7 +178,7 @@
olc = OlcConfig(lc);
}
}
- if ( path->component_str(0) == "initFromLdif" )
+ else if ( path->component_str(0) == "initFromLdif" )
{
std::istringstream ldifstream(arg->asString()->value_cstr());
LdifReader ldif(ldifstream);
@@ -811,7 +822,6 @@
dbIndexStr = "";
}
}
- YCPMap dbMap= arg->asMap();
int dbIndex = -2;
if ( dbIndexStr[0] == '{' )
{
@@ -834,12 +844,13 @@
bool ret = false;
if ( databaseAdd )
{
+ YCPMap dbMap= arg->asMap();
y2milestone("creating new Database");
if ( dbIndex == -2 )
{
dbIndex = databases.size()-1; //Database indexes start counting from -1
}
- else if ( (dbIndex <=0) || (dbIndex > (int)databases.size()-2) )
+ else if ( (dbIndex <=0) || (dbIndex > (int)databases.size()-1) )
{
lastError->add(YCPString("summary"), YCPString("Adding Database Failed") );
std::string msg = "Invalid Index for new Database";
@@ -925,6 +936,7 @@
{
if ( path->length() == 1 )
{
+ YCPMap dbMap= arg->asMap();
YCPValue val = dbMap.value( YCPString("rootdn") );
if ( ! val.isNull() && val->isString() )
{
@@ -1031,6 +1043,12 @@
}
ret = true;
}
+ else if ( dbComponent == "access" )
+ {
+ y2milestone("adding ACL rule: %s", arg->asString()->value_cstr() );
+ (*i)->addAccessControl(arg->asString()->value_cstr());
+ ret = true;
+ }
else
{
lastError->add(YCPString("summary"), YCPString("Write Failed") );
Modified: trunk/ldap-server/src/lib/slapd-config.cpp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.cpp?rev=49795&r1=49794&r2=49795&view=diff
==============================================================================
--- trunk/ldap-server/src/lib/slapd-config.cpp (original)
+++ trunk/ldap-server/src/lib/slapd-config.cpp Wed Aug 6 18:25:51 2008
@@ -653,6 +653,16 @@
return this->m_type;
}
+void OlcDatabase::addAccessControl(const std::string& acl, int index )
+{
+ if ( index < 0 )
+ {
+ StringList sl = this->getStringValues( "olcAccess" );
+ index = sl.size();
+ }
+ this->addIndexedStringValue( "olcAccess", acl, index );
+}
+
void OlcDatabase::addOverlay(boost::shared_ptr<OlcOverlay> overlay)
{
m_overlays.push_back(overlay);
@@ -749,6 +759,14 @@
}
}
+void OlcConfigEntry::addIndexedStringValue(const std::string &type,
+ const std::string &value, int index)
+{
+ std::ostringstream oStr;
+ oStr << "{" << index << "}" << value;
+ this->addStringValue( type, oStr.str() );
+}
+
int OlcConfigEntry::getIntValue( const std::string &type ) const
{
StringList sl = this->getStringValues(type);
Modified: trunk/ldap-server/src/lib/slapd-config.h
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.h?rev=49795&r1=49794&r2=49795&view=diff
==============================================================================
--- trunk/ldap-server/src/lib/slapd-config.h (original)
+++ trunk/ldap-server/src/lib/slapd-config.h Wed Aug 6 18:25:51 2008
@@ -65,6 +65,9 @@
void setStringValue(const std::string &type, const std::string &value);
void addStringValue(const std::string &type, const std::string &value);
+ void addIndexedStringValue( const std::string &type,
+ const std::string &value, int index );
+
int getIntValue( const std::string &type ) const;
void setIntValue( const std::string &type, int value );
@@ -72,7 +75,6 @@
int getEntryIndex() const;
-// virtual std::map