From: janw Date: Wed, 11 Jun 2008 13:57:09 +0000 (+0000) Subject: Added Function run_as. X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=3079fbe05a15f87ecf910683d065c37d8df478d8;p=gosa.git Added Function run_as. Added Event get_dak_keyring. Added LDAP Verbosity on connect errors. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11289 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server index e40768d45..40f666d1a 100755 --- a/gosa-si/gosa-si-server +++ b/gosa-si/gosa-si-server @@ -98,6 +98,10 @@ our $forground; our $cfg_file; our ($ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password, $ldap_server_dn); +# dak variables +our $dak_base_directory; +our $dak_signing_keys_directory; +our $dak_user; # specifies the verbosity of the daemon_log $verbose = 0 ; @@ -233,6 +237,9 @@ my $max_children = 2; "job-queue-loop-delay" => [\$job_queue_loop_delay, 3], "messaging-db-loop-delay" => [\$messaging_db_loop_delay, 3], "key" => [\$GosaPackages_key, "none"], + "dak-base" => [\$dak_base_directory, "/srv/archive"], + "dak-keyring" => [\$dak_signing_keys_directory, "/srv/archive/s3kr1t"], + "dak-user" => [\$dak_user, "deb-dak"], }, "ClientPackages" => { "key" => [\$ClientPackages_key, "none"], @@ -1816,7 +1823,7 @@ sub get_ldap_handle { if ($session_id == 0) { daemon_log("$session_id DEBUG: get_ldap_handle invoked without a session_id, create a new ldap_handle", 7); $ldap_handle = Net::LDAP->new( $ldap_uri ); - $ldap_handle->bind($ldap_admin_dn, password => $ldap_admin_password); + $ldap_handle->bind($ldap_admin_dn, password => $ldap_admin_password) or daemon_log("$session_id ERROR: Bind to LDAP $ldap_uri as $ldap_admin_dn failed!"); } else { my $session_reference = $global_kernel->ID_id_to_session($session_id); @@ -1833,7 +1840,7 @@ sub get_ldap_handle { # used handle is still valid - or if we've to reconnect... #if (not exists $heap->{ldap_handle}) { $ldap_handle = Net::LDAP->new( $ldap_uri ); - $ldap_handle->bind($ldap_admin_dn, password => $ldap_admin_password); + $ldap_handle->bind($ldap_admin_dn, password => $ldap_admin_password) or daemon_log("$session_id ERROR: Bind to LDAP $ldap_uri as $ldap_admin_dn failed!"); $heap->{ldap_handle} = $ldap_handle; #} } @@ -2719,7 +2726,6 @@ sub parse_package { close( $PACKAGES ); unlink( "$path.in" ); - &main::daemon_log("$session_id DEBUG: unlink '$path.in'", 1); } diff --git a/gosa-si/modules/GosaPackages.pm b/gosa-si/modules/GosaPackages.pm index 3b49240d3..8c05daf39 100644 --- a/gosa-si/modules/GosaPackages.pm +++ b/gosa-si/modules/GosaPackages.pm @@ -413,14 +413,5 @@ sub process_job_msg { return @out_msg_l; } +# vim:ts=4:shiftwidth:expandtab 1; - - - - - - - - - - diff --git a/gosa-si/modules/GosaSupportDaemon.pm b/gosa-si/modules/GosaSupportDaemon.pm index 769c03b28..af23971bf 100644 --- a/gosa-si/modules/GosaSupportDaemon.pm +++ b/gosa-si/modules/GosaSupportDaemon.pm @@ -26,6 +26,7 @@ my @functions = ( "get_ip", "get_interface_for_ip", "get_interfaces", + "run_as", ); @EXPORT = @functions; use strict; @@ -619,4 +620,23 @@ sub get_interfaces { } +#=== FUNCTION ================================================================ +# NAME: run_as +# PARAMETERS: uid, command +# RETURNS: result of command +# DESCRIPTION: Runs command as uid using the sudo utility. +#=============================================================================== +sub run_as { + my ($uid, $command) = @_; + my $sudo_cmd = `which sudo`; + chomp($sudo_cmd); + if(! -x $sudo_cmd) { + &main::daemon_log("ERROR: The sudo utility is not available! Please fix this!"); + } + open(PIPE, "$sudo_cmd su - $uid -c '$command' |"); + my @result=; + return @result; +} + + 1; diff --git a/gosa-si/server/events/gosaTriggered.pm b/gosa-si/server/events/gosaTriggered.pm index 964ffdf6f..c88051fbb 100644 --- a/gosa-si/server/events/gosaTriggered.pm +++ b/gosa-si/server/events/gosaTriggered.pm @@ -33,6 +33,7 @@ my @events = ( "send_user_msg", "get_available_kernel", "trigger_activate_new", + "get_dak_keyring", ); @EXPORT = @events; @@ -854,4 +855,57 @@ sub trigger_activate_new { } +sub get_dak_keyring { + my ($msg, $msg_hash, $session_id) = @_; + my $source = @{$msg_hash->{'source'}}[0]; + my $target = @{$msg_hash->{'target'}}[0]; + my $header= @{$msg_hash->{'header'}}[0]; + + my @keys; + my %data; + + my $pubring = $main::dak_signing_keys_directory."/dot-gnupg/pubring.gpg"; + my $secring = $main::dak_signing_keys_directory."/dot-gnupg/secring.gpg"; + + my $gpg_cmd = `which gpg`; chomp $gpg_cmd; + my $gpg = "$gpg_cmd --no-default-keyring --no-random-seed --keyring $pubring --secret-keyring $secring"; + + # Check if the keyrings are in place and readable + if( + &run_as($main::dak_user, "test -r $pubring") != 0 || + &run_as($main::dak_user, "test -r $secring") != 0 + ) { + &main::daemon_log("ERROR: Dak Keyrings are unreadable!"); + } else { + my $command = "$gpg --list-keys"; + my @output = &run_as($main::dak_user, $command); + + my $i=0; + foreach (@output) { + if ($_ =~ m/^pub\s.*$/) { + ($keys[$i]->{'pub'}->{'length'}, $keys[$i]->{'pub'}->{'uid'}, $keys[$i]->{'pub'}->{'valid'}) = ($1, $2, $3) + if $_ =~ m/^pub\s*?(\w*?)\/(\w*?)\s(\d{4}-\d{2}-\d{2})$/; + } elsif ($_ =~ m/^sub\s.*$/) { + ($keys[$i]->{'sub'}->{'length'}, $keys[$i]->{'sub'}->{'uid'}, $keys[$i]->{'sub'}->{'valid'}) = ($1, $2, $3) + if $_ =~ m/^sub\s*?(\w*?)\/(\w*?)\s(\d{4}-\d{2}-\d{2})$/; + } elsif ($_ =~ m/^uid\s.*$/) { + push @{$keys[$i]->{'uid'}}, $1 if $_ =~ m/^uid\s*?([^\s].*?)$/; + } elsif ($_ =~ m/^$/) { + $i++; + } + } + } + + my $i=0; + foreach my $key (@keys) { + $data{"answer".$i++}= $key; + } + + my $out_msg = &build_msg("get_dak_keyring", $target, $source, \%data); + my @out_msg_l = ($out_msg); + return @out_msg_l; +} + + +# vim:ts=4:shiftwidth:expandtab 1; diff --git a/gosa-si/server/events/siTriggered.pm b/gosa-si/server/events/siTriggered.pm index 42c5fece1..25582abf8 100644 --- a/gosa-si/server/events/siTriggered.pm +++ b/gosa-si/server/events/siTriggered.pm @@ -146,7 +146,7 @@ sub detected_hardware { return; } # Build LDAP connection - my $ldap_handle = &main::get_ldap_handle($session_id); + my $ldap_handle = &main::get_ldap_handle($session_id); if( not defined $ldap_handle ) { &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1); return; diff --git a/gosa-si/tests/client.php b/gosa-si/tests/client.php index dd6b3c059..22826fd9e 100755 --- a/gosa-si/tests/client.php +++ b/gosa-si/tests/client.php @@ -108,7 +108,8 @@ for($count = 1; $count <= $zahl; $count++) #$data = "
gosa_query_fai_server
GOSA 10.89.1.131:20081"; #$data = "
gosa_ping
00:01:6c:9d:aa:16 GOSA "; - $data = "
gosa_ping
00:01:6c:9d:b9:fb GOSA "; + #$data = "
gosa_ping
00:01:6c:9d:b9:fb GOSA "; + $data = "
gosa_get_dak_keyring
GOSA GOSA "; #$data = "
job_ping
GOSA 00:0c:29:02:e5:4d 00:0c:29:02:e5:4d29700101000000 "; $sock->write($data);