[yast-commit] r51407 - in /trunk/kerberos-server: VERSION package/yast2-kerberos-server.changes src/KerberosServer.pm

23 Sep 2008

Author: mcalmer
Date: Tue Sep 23 15:59:51 2008
New Revision: 51407

URL: http://svn.opensuse.org/viewcvs/yast?rev=51407&view=rev
Log:
version 2.17.4 -- create LDAP ACL

Modified:
    trunk/kerberos-server/VERSION
    trunk/kerberos-server/package/yast2-kerberos-server.changes
    trunk/kerberos-server/src/KerberosServer.pm

Modified: trunk/kerberos-server/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-server/VERSION?rev=51407&r1=51406&r2=51407&view=diff
==============================================================================

--- trunk/kerberos-server/VERSION (original)
+++ trunk/kerberos-server/VERSION Tue Sep 23 15:59:51 2008
@@ -1 +1 @@
-2.17.3
+2.17.4

Modified: trunk/kerberos-server/package/yast2-kerberos-server.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-server/package/yast2-kerberos-server.changes?rev=51407&r1=51406&r2=51407&view=diff
==============================================================================
--- trunk/kerberos-server/package/yast2-kerberos-server.changes (original)
+++ trunk/kerberos-server/package/yast2-kerberos-server.changes Tue Sep 23 15:59:51 2008
@@ -1,4 +1,10 @@
 -------------------------------------------------------------------
+Tue Sep 23 15:56:42 CEST 2008 - mc@suse.de
+
+- version 2.17.4
+- create a LDAP ACL for krbPrincipalKey,krbExtraData (bnc#429057)
+
+-------------------------------------------------------------------
 Wed Sep 10 15:55:49 CEST 2008 - mc@suse.de
 
 - version 2.17.3

Modified: trunk/kerberos-server/src/KerberosServer.pm
URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-server/src/KerberosServer.pm?rev=51407&r1=51406&r2=51407&view=diff
==============================================================================
--- trunk/kerberos-server/src/KerberosServer.pm (original)
+++ trunk/kerberos-server/src/KerberosServer.pm Tue Sep 23 15:59:51 2008
@@ -869,6 +869,41 @@
         return 0;
     }    
 
+    my $ldapacls = LdapServer->ReadDatabaseAcl(1);
+    my $found = 0;
+    foreach my $acl (@{$ldapacls})
+    {
+        if(exists $acl->{target}->{attrs} && defined $acl->{target}->{attrs} &&
+           $acl->{target}->{attrs} =~ /krbPrincipalKey/i)
+        {
+            $found = 1;
+            last;
+        }
+    }
+    
+    if(!$found)
+    {
+        my $krb5acl = {
+                       'target' => {
+                                    'attrs'  => "krbPrincipalKey,krbExtraData"
+                                   },
+                       'access' => [
+                                    {
+                                     'level' => 'none',
+                                     'type'  => '*'
+                                    }
+                                   ]
+                      };
+        unshift @{$ldapacls}, $krb5acl;
+        
+        $ret = LdapServer->ChangeDatabaseAcl(1, $ldapacls);
+        if(! $ret)
+        {
+            y2error("LdapServer => ChangeDatabaseAcl call failed");
+            return 0;
+        }
+    }
+    
     $ret = LdapServer->Write();
     if(! $ret)
     {
@@ -876,14 +911,6 @@
         return 0;
     }
 
-    #
-    # FIXME: need some new handling for this in LdapServer
-    #
-    #if (!SCR->Write (".ldapserver.krb5ACLHack", "" ))
-    #{
-    #    return 0;
-    #}
-
     return 1;
 }
 

-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

[yast-commit] r51407 - in /trunk/kerberos-server: VERSION package/yast2-kerberos-server.changes src/KerberosServer.pm

mcalmer＠svn.opensuse.org