![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a7a2f3)
raw | patch | inline | side by side (parent: 1a7a2f3)
| author | janw <janw@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Wed, 11 Jun 2008 13:57:09 +0000 (13:57 +0000) | ||
| committer | janw <janw@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Wed, 11 Jun 2008 13:57:09 +0000 (13:57 +0000) |
Added Event get_dak_keyring.
Added LDAP Verbosity on connect errors.
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11289 594d385d-05f5-0310-b6e9-bd551577e9d8
Added LDAP Verbosity on connect errors.
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11289 594d385d-05f5-0310-b6e9-bd551577e9d8
diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server
index e40768d456d1abd2ecfe3d11b44d15d4250aef96..40f666d1a48dbfad2ba4cd7e854755765547b168 100755 (executable)
--- a/gosa-si/gosa-si-server
+++ b/gosa-si/gosa-si-server
our $cfg_file;
our ($ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password, $ldap_server_dn);
+# dak variables
+our $dak_base_directory;
+our $dak_signing_keys_directory;
+our $dak_user;
# specifies the verbosity of the daemon_log
$verbose = 0 ;
"job-queue-loop-delay" => [\$job_queue_loop_delay, 3],
"messaging-db-loop-delay" => [\$messaging_db_loop_delay, 3],
"key" => [\$GosaPackages_key, "none"],
+ "dak-base" => [\$dak_base_directory, "/srv/archive"],
+ "dak-keyring" => [\$dak_signing_keys_directory, "/srv/archive/s3kr1t"],
+ "dak-user" => [\$dak_user, "deb-dak"],
},
"ClientPackages" => {
"key" => [\$ClientPackages_key, "none"],
if ($session_id == 0) {
daemon_log("$session_id DEBUG: get_ldap_handle invoked without a session_id, create a new ldap_handle", 7);
$ldap_handle = Net::LDAP->new( $ldap_uri );
- $ldap_handle->bind($ldap_admin_dn, password => $ldap_admin_password);
+ $ldap_handle->bind($ldap_admin_dn, password => $ldap_admin_password) or daemon_log("$session_id ERROR: Bind to LDAP $ldap_uri as $ldap_admin_dn failed!");
} else {
my $session_reference = $global_kernel->ID_id_to_session($session_id);
# used handle is still valid - or if we've to reconnect...
#if (not exists $heap->{ldap_handle}) {
$ldap_handle = Net::LDAP->new( $ldap_uri );
- $ldap_handle->bind($ldap_admin_dn, password => $ldap_admin_password);
+ $ldap_handle->bind($ldap_admin_dn, password => $ldap_admin_password) or daemon_log("$session_id ERROR: Bind to LDAP $ldap_uri as $ldap_admin_dn failed!");
$heap->{ldap_handle} = $ldap_handle;
#}
}
close( $PACKAGES );
unlink( "$path.in" );
- &main::daemon_log("$session_id DEBUG: unlink '$path.in'", 1);
}
index 3b49240d348e8495843f23bfff60bb12fc102755..8c05daf395394b85763d7f5c73adce232245d010 100644 (file)
return @out_msg_l;
}
+# vim:ts=4:shiftwidth:expandtab
1;
-
-
-
-
-
-
-
-
-
-
index 769c03b28439e9168da1af8599268743187d0bed..af23971bf83b37251d40503052f451ede444569d 100644 (file)
"get_ip",
"get_interface_for_ip",
"get_interfaces",
+ "run_as",
);
@EXPORT = @functions;
use strict;
}
+#=== FUNCTION ================================================================
+# NAME: run_as
+# PARAMETERS: uid, command
+# RETURNS: result of command
+# DESCRIPTION: Runs command as uid using the sudo utility.
+#===============================================================================
+sub run_as {
+ my ($uid, $command) = @_;
+ my $sudo_cmd = `which sudo`;
+ chomp($sudo_cmd);
+ if(! -x $sudo_cmd) {
+ &main::daemon_log("ERROR: The sudo utility is not available! Please fix this!");
+ }
+ open(PIPE, "$sudo_cmd su - $uid -c '$command' |");
+ my @result=<PIPE>;
+ return @result;
+}
+
+
1;
index 964ffdf6f2c976bfb6290d8b48b907611b22af1c..c88051fbbcb8c643ed7b5a863a6169b27e1d3d11 100644 (file)
"send_user_msg",
"get_available_kernel",
"trigger_activate_new",
+ "get_dak_keyring",
);
@EXPORT = @events;
}
+sub get_dak_keyring {
+ my ($msg, $msg_hash, $session_id) = @_;
+ my $source = @{$msg_hash->{'source'}}[0];
+ my $target = @{$msg_hash->{'target'}}[0];
+ my $header= @{$msg_hash->{'header'}}[0];
+
+ my @keys;
+ my %data;
+
+ my $pubring = $main::dak_signing_keys_directory."/dot-gnupg/pubring.gpg";
+ my $secring = $main::dak_signing_keys_directory."/dot-gnupg/secring.gpg";
+
+ my $gpg_cmd = `which gpg`; chomp $gpg_cmd;
+ my $gpg = "$gpg_cmd --no-default-keyring --no-random-seed --keyring $pubring --secret-keyring $secring";
+
+ # Check if the keyrings are in place and readable
+ if(
+ &run_as($main::dak_user, "test -r $pubring") != 0 ||
+ &run_as($main::dak_user, "test -r $secring") != 0
+ ) {
+ &main::daemon_log("ERROR: Dak Keyrings are unreadable!");
+ } else {
+ my $command = "$gpg --list-keys";
+ my @output = &run_as($main::dak_user, $command);
+
+ my $i=0;
+ foreach (@output) {
+ if ($_ =~ m/^pub\s.*$/) {
+ ($keys[$i]->{'pub'}->{'length'}, $keys[$i]->{'pub'}->{'uid'}, $keys[$i]->{'pub'}->{'valid'}) = ($1, $2, $3)
+ if $_ =~ m/^pub\s*?(\w*?)\/(\w*?)\s(\d{4}-\d{2}-\d{2})$/;
+ } elsif ($_ =~ m/^sub\s.*$/) {
+ ($keys[$i]->{'sub'}->{'length'}, $keys[$i]->{'sub'}->{'uid'}, $keys[$i]->{'sub'}->{'valid'}) = ($1, $2, $3)
+ if $_ =~ m/^sub\s*?(\w*?)\/(\w*?)\s(\d{4}-\d{2}-\d{2})$/;
+ } elsif ($_ =~ m/^uid\s.*$/) {
+ push @{$keys[$i]->{'uid'}}, $1 if $_ =~ m/^uid\s*?([^\s].*?)$/;
+ } elsif ($_ =~ m/^$/) {
+ $i++;
+ }
+ }
+ }
+
+ my $i=0;
+ foreach my $key (@keys) {
+ $data{"answer".$i++}= $key;
+ }
+
+ my $out_msg = &build_msg("get_dak_keyring", $target, $source, \%data);
+ my @out_msg_l = ($out_msg);
+ return @out_msg_l;
+}
+
+
+# vim:ts=4:shiftwidth:expandtab
1;
index 42c5fece1b5975b0a29af9ff372edcf35a50aee6..25582abf8efff17527896f416cf137529425ae96 100644 (file)
return;
}
# Build LDAP connection
- my $ldap_handle = &main::get_ldap_handle($session_id);
+ my $ldap_handle = &main::get_ldap_handle($session_id);
if( not defined $ldap_handle ) {
&main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1);
return;
index dd6b3c059f5bbc3db2ee18585d608cc324655ab4..22826fd9e51988df168c37e18eb219f6998620f6 100755 (executable)
--- a/gosa-si/tests/client.php
+++ b/gosa-si/tests/client.php
#$data = "<xml><header>gosa_query_fai_server</header><source>GOSA</source> <target>10.89.1.131:20081</target></xml>";
#$data = "<xml> <header>gosa_ping</header> <target>00:01:6c:9d:aa:16</target> <source>GOSA</source> </xml>";
- $data = "<xml> <header>gosa_ping</header> <target>00:01:6c:9d:b9:fb</target> <source>GOSA</source> </xml>";
+ #$data = "<xml> <header>gosa_ping</header> <target>00:01:6c:9d:b9:fb</target> <source>GOSA</source> </xml>";
+ $data = "<xml> <header>gosa_get_dak_keyring</header> <target>GOSA</target> <source>GOSA</source> </xml>";
#$data = "<xml> <header>job_ping</header> <source>GOSA</source> <target>00:0c:29:02:e5:4d</target> <macaddress>00:0c:29:02:e5:4d</macaddress><timestamp>29700101000000</timestamp> </xml>";
$sock->write($data);