Changed function run_as.

Added Events remove_dak_key and import_dak_key

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11308 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-si/modules/GosaSupportDaemon.pm b/gosa-si/modules/GosaSupportDaemon.pm
index af23971bf83b37251d40503052f451ede444569d..d4c7ee49559296c98a65c4b062ba7fc70ec1a365 100644 (file)
--- a/gosa-si/modules/GosaSupportDaemon.pm
+++ b/gosa-si/modules/GosaSupportDaemon.pm
@@ -623,7 +623,8 @@ sub get_interfaces {
 #===  FUNCTION  ================================================================
 #         NAME:  run_as
 #   PARAMETERS:  uid, command
-#      RETURNS:  result of command
+#      RETURNS:  hash with keys 'resultCode' = resultCode of command and 
+#                'output' = program output
 #  DESCRIPTION:  Runs command as uid using the sudo utility.
 #===============================================================================
 sub run_as {
@@ -634,8 +635,9 @@ sub run_as {
                &main::daemon_log("ERROR: The sudo utility is not available! Please fix this!");
        }
        open(PIPE, "$sudo_cmd su - $uid -c '$command' |");
-       my @result=<PIPE>;
-       return @result;
+       my $result = {'resultCode' => $?};
+       push @{$result->{'output'}}, <PIPE>;
+       return $result;
 }
 
 

diff --git a/gosa-si/server/events/gosaTriggered.pm b/gosa-si/server/events/gosaTriggered.pm
index c88051fbbcb8c643ed7b5a863a6169b27e1d3d11..e692aaa75a870964c9bdba04218d2bec94ff63ff 100644 (file)
--- a/gosa-si/server/events/gosaTriggered.pm
+++ b/gosa-si/server/events/gosaTriggered.pm
@@ -34,6 +34,8 @@ my @events = (
     "get_available_kernel",
        "trigger_activate_new",
        "get_dak_keyring",
+       "import_dak_key",
+       "remove_dak_key",
     );
 @EXPORT = @events;
 
@@ -46,6 +48,7 @@ use Net::ARP;
 use Net::Ping;
 use Socket;
 use Time::HiRes qw( usleep);
+use MIME::Base64;
 
 BEGIN {}
 
@@ -872,16 +875,16 @@ sub get_dak_keyring {
     
     # Check if the keyrings are in place and readable
     if(
-         &run_as($main::dak_user, "test -r $pubring") != 0 ||
-         &run_as($main::dak_user, "test -r $secring") != 0
+         &run_as($main::dak_user, "test -r $pubring")->{'resultCode'} != 0 ||
+         &run_as($main::dak_user, "test -r $secring")->{'resultCode'} != 0
      ) {
          &main::daemon_log("ERROR: Dak Keyrings are unreadable!");
      } else {
          my $command = "$gpg --list-keys";
-         my @output = &run_as($main::dak_user, $command);
+         my $output = &run_as($main::dak_user, $command);
 
          my $i=0;
-         foreach (@output) {
+         foreach (@{$output->{'output'}}) {
              if ($_ =~ m/^pub\s.*$/) {
                  ($keys[$i]->{'pub'}->{'length'}, $keys[$i]->{'pub'}->{'uid'}, $keys[$i]->{'pub'}->{'valid'}) = ($1, $2, $3) 
                  if $_ =~ m/^pub\s*?(\w*?)\/(\w*?)\s(\d{4}-\d{2}-\d{2})$/;
@@ -907,5 +910,82 @@ sub get_dak_keyring {
 }
 
 
+sub import_dak_key {
+       my ($msg, $msg_hash, $session_id) = @_;
+       my $source = @{$msg_hash->{'source'}}[0];
+       my $target = @{$msg_hash->{'target'}}[0];
+       my $header= @{$msg_hash->{'header'}}[0];
+    my $key = &decode_base64(@{$msg_hash->{'key'}}[0]);
+    
+    my %data;
+
+    my $pubring = $main::dak_signing_keys_directory."/dot-gnupg/pubring.gpg";
+    my $secring = $main::dak_signing_keys_directory."/dot-gnupg/secring.gpg";
+
+    my $gpg_cmd = `which gpg`; chomp $gpg_cmd;
+    my $gpg     = "$gpg_cmd --no-default-keyring --no-random-seed --keyring $pubring --secret-keyring $secring";
+    
+    # Check if the keyrings are in place and writable
+    if(
+         &run_as($main::dak_user, "test -w $pubring")->{'resultCode'} != 0 ||
+         &run_as($main::dak_user, "test -w $secring")->{'resultCode'} != 0
+     ) {
+         &main::daemon_log("ERROR: Dak Keyrings are not writable!");
+     } else {
+         open(keyfile, ">/tmp/gosa_si_tmp_dak_key");
+         print keyfile $key;
+         close(keyfile);
+         my $command = "$gpg --import /tmp/gosa_si_tmp_dak_key";
+         my $output = &run_as($main::dak_user, $command);
+         unlink("/tmp/gosa_si_tmp_dak_key");
+        
+         if($output->{'resultCode'} != 0) {
+             &main::daemon_log("ERROR: Import of dak key failed! Output was: '".$output->{'output'}."'", 1);
+         }
+     }
+
+     my $out_msg = &build_msg("import_dak_key", $target, $source, \%data);
+     my @out_msg_l = ($out_msg);
+     return @out_msg_l;
+}
+
+
+sub remove_dak_key {
+       my ($msg, $msg_hash, $session_id) = @_;
+       my $source = @{$msg_hash->{'source'}}[0];
+       my $target = @{$msg_hash->{'target'}}[0];
+       my $header= @{$msg_hash->{'header'}}[0];
+    my $key = @{$msg_hash->{'keyid'}}[0];
+
+    my %data;
+
+    my $pubring = $main::dak_signing_keys_directory."/dot-gnupg/pubring.gpg";
+    my $secring = $main::dak_signing_keys_directory."/dot-gnupg/secring.gpg";
+
+    my $gpg_cmd = `which gpg`; chomp $gpg_cmd;
+    my $gpg     = "$gpg_cmd --no-default-keyring --no-random-seed --keyring $pubring --secret-keyring $secring";
+    
+    # Check if the keyrings are in place and writable
+    if(
+         &run_as($main::dak_user, "test -w $pubring")->{'resultCode'} != 0 ||
+         &run_as($main::dak_user, "test -w $secring")->{'resultCode'} != 0
+     ) {
+         &main::daemon_log("ERROR: Dak Keyrings are not writable!");
+     } else {
+         # Check if the key is present in the keyring
+         if(&run_as($main::dak_user, "$gpg --list-keys $key")->{'resultCode'} == 0) {
+             my $command = "$gpg --batch --yes --delete-key $key";
+             my $output = &run_as($main::dak_user, $command);
+         } else {
+             &main::daemon_log("WARNING: Dak key with id '$key' was not found in keyring!", 4);
+         }
+     }
+         
+     my $out_msg = &build_msg("remove_dak_key", $target, $source, \%data);
+     my @out_msg_l = ($out_msg);
+     return @out_msg_l;
+}
+
+
 # vim:ts=4:shiftwidth:expandtab
 1;