From 15bd70c0525399236fb944e8e4acf0cef919d907 Mon Sep 17 00:00:00 2001 From: janw Date: Thu, 12 Jun 2008 16:38:34 +0000 Subject: [PATCH] Changed function run_as. Added Events remove_dak_key and import_dak_key git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11308 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-si/modules/GosaSupportDaemon.pm | 8 ++- gosa-si/server/events/gosaTriggered.pm | 88 ++++++++++++++++++++++++-- 2 files changed, 89 insertions(+), 7 deletions(-) diff --git a/gosa-si/modules/GosaSupportDaemon.pm b/gosa-si/modules/GosaSupportDaemon.pm index af23971bf..d4c7ee495 100644 --- a/gosa-si/modules/GosaSupportDaemon.pm +++ b/gosa-si/modules/GosaSupportDaemon.pm @@ -623,7 +623,8 @@ sub get_interfaces { #=== FUNCTION ================================================================ # NAME: run_as # PARAMETERS: uid, command -# RETURNS: result of command +# RETURNS: hash with keys 'resultCode' = resultCode of command and +# 'output' = program output # DESCRIPTION: Runs command as uid using the sudo utility. #=============================================================================== sub run_as { @@ -634,8 +635,9 @@ sub run_as { &main::daemon_log("ERROR: The sudo utility is not available! Please fix this!"); } open(PIPE, "$sudo_cmd su - $uid -c '$command' |"); - my @result=; - return @result; + my $result = {'resultCode' => $?}; + push @{$result->{'output'}}, ; + return $result; } diff --git a/gosa-si/server/events/gosaTriggered.pm b/gosa-si/server/events/gosaTriggered.pm index c88051fbb..e692aaa75 100644 --- a/gosa-si/server/events/gosaTriggered.pm +++ b/gosa-si/server/events/gosaTriggered.pm @@ -34,6 +34,8 @@ my @events = ( "get_available_kernel", "trigger_activate_new", "get_dak_keyring", + "import_dak_key", + "remove_dak_key", ); @EXPORT = @events; @@ -46,6 +48,7 @@ use Net::ARP; use Net::Ping; use Socket; use Time::HiRes qw( usleep); +use MIME::Base64; BEGIN {} @@ -872,16 +875,16 @@ sub get_dak_keyring { # Check if the keyrings are in place and readable if( - &run_as($main::dak_user, "test -r $pubring") != 0 || - &run_as($main::dak_user, "test -r $secring") != 0 + &run_as($main::dak_user, "test -r $pubring")->{'resultCode'} != 0 || + &run_as($main::dak_user, "test -r $secring")->{'resultCode'} != 0 ) { &main::daemon_log("ERROR: Dak Keyrings are unreadable!"); } else { my $command = "$gpg --list-keys"; - my @output = &run_as($main::dak_user, $command); + my $output = &run_as($main::dak_user, $command); my $i=0; - foreach (@output) { + foreach (@{$output->{'output'}}) { if ($_ =~ m/^pub\s.*$/) { ($keys[$i]->{'pub'}->{'length'}, $keys[$i]->{'pub'}->{'uid'}, $keys[$i]->{'pub'}->{'valid'}) = ($1, $2, $3) if $_ =~ m/^pub\s*?(\w*?)\/(\w*?)\s(\d{4}-\d{2}-\d{2})$/; @@ -907,5 +910,82 @@ sub get_dak_keyring { } +sub import_dak_key { + my ($msg, $msg_hash, $session_id) = @_; + my $source = @{$msg_hash->{'source'}}[0]; + my $target = @{$msg_hash->{'target'}}[0]; + my $header= @{$msg_hash->{'header'}}[0]; + my $key = &decode_base64(@{$msg_hash->{'key'}}[0]); + + my %data; + + my $pubring = $main::dak_signing_keys_directory."/dot-gnupg/pubring.gpg"; + my $secring = $main::dak_signing_keys_directory."/dot-gnupg/secring.gpg"; + + my $gpg_cmd = `which gpg`; chomp $gpg_cmd; + my $gpg = "$gpg_cmd --no-default-keyring --no-random-seed --keyring $pubring --secret-keyring $secring"; + + # Check if the keyrings are in place and writable + if( + &run_as($main::dak_user, "test -w $pubring")->{'resultCode'} != 0 || + &run_as($main::dak_user, "test -w $secring")->{'resultCode'} != 0 + ) { + &main::daemon_log("ERROR: Dak Keyrings are not writable!"); + } else { + open(keyfile, ">/tmp/gosa_si_tmp_dak_key"); + print keyfile $key; + close(keyfile); + my $command = "$gpg --import /tmp/gosa_si_tmp_dak_key"; + my $output = &run_as($main::dak_user, $command); + unlink("/tmp/gosa_si_tmp_dak_key"); + + if($output->{'resultCode'} != 0) { + &main::daemon_log("ERROR: Import of dak key failed! Output was: '".$output->{'output'}."'", 1); + } + } + + my $out_msg = &build_msg("import_dak_key", $target, $source, \%data); + my @out_msg_l = ($out_msg); + return @out_msg_l; +} + + +sub remove_dak_key { + my ($msg, $msg_hash, $session_id) = @_; + my $source = @{$msg_hash->{'source'}}[0]; + my $target = @{$msg_hash->{'target'}}[0]; + my $header= @{$msg_hash->{'header'}}[0]; + my $key = @{$msg_hash->{'keyid'}}[0]; + + my %data; + + my $pubring = $main::dak_signing_keys_directory."/dot-gnupg/pubring.gpg"; + my $secring = $main::dak_signing_keys_directory."/dot-gnupg/secring.gpg"; + + my $gpg_cmd = `which gpg`; chomp $gpg_cmd; + my $gpg = "$gpg_cmd --no-default-keyring --no-random-seed --keyring $pubring --secret-keyring $secring"; + + # Check if the keyrings are in place and writable + if( + &run_as($main::dak_user, "test -w $pubring")->{'resultCode'} != 0 || + &run_as($main::dak_user, "test -w $secring")->{'resultCode'} != 0 + ) { + &main::daemon_log("ERROR: Dak Keyrings are not writable!"); + } else { + # Check if the key is present in the keyring + if(&run_as($main::dak_user, "$gpg --list-keys $key")->{'resultCode'} == 0) { + my $command = "$gpg --batch --yes --delete-key $key"; + my $output = &run_as($main::dak_user, $command); + } else { + &main::daemon_log("WARNING: Dak key with id '$key' was not found in keyring!", 4); + } + } + + my $out_msg = &build_msg("remove_dak_key", $target, $source, \%data); + my @out_msg_l = ($out_msg); + return @out_msg_l; +} + + # vim:ts=4:shiftwidth:expandtab 1; -- 2.30.2