2007-02-12 19:07:49 +01:00
|
|
|
/***********************************************************************
|
|
|
|
*
|
|
|
|
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
2006-11-14 11:48:37 +01:00
|
|
|
*
|
2007-02-12 19:07:49 +01:00
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; version 2.1
|
|
|
|
* of the License.
|
2006-11-14 11:48:37 +01:00
|
|
|
*
|
2007-02-12 19:07:49 +01:00
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Library Lesser General Public License for more details.
|
2006-11-14 11:48:37 +01:00
|
|
|
*
|
2007-02-12 19:07:49 +01:00
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, Novell, Inc.
|
|
|
|
*
|
|
|
|
* To contact Novell about this file by physical or electronic mail,
|
|
|
|
* you may find current contact information at www.novell.com.
|
|
|
|
*
|
|
|
|
***********************************************************************/
|
2006-11-14 11:48:37 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* File: modules/CasaAts.ycp
|
|
|
|
* Package: Configuration of casa-ats
|
|
|
|
* Summary: CasaAts settings, input and output functions
|
2007-05-09 17:05:13 +02:00
|
|
|
* Authors: Juan Carlos Luciani <jluciani@novell.com>
|
|
|
|
* Ryan Partridge <rpartridge@novell.com>
|
2006-11-14 11:48:37 +01:00
|
|
|
*
|
|
|
|
* $Id: CasaAts.ycp 27914 2006-02-13 14:32:08Z locilka $
|
|
|
|
*
|
|
|
|
* Representation of the configuration of casa-ats.
|
|
|
|
* Input and output routines.
|
|
|
|
*/
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
module "CasaAts";
|
|
|
|
textdomain "casa-ats";
|
|
|
|
|
|
|
|
import "Progress";
|
|
|
|
import "Report";
|
|
|
|
import "Summary";
|
|
|
|
import "Message";
|
|
|
|
import "SuSEFirewall";
|
|
|
|
import "FileUtils";
|
|
|
|
import "Service";
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
/**
|
|
|
|
* Configuration File and Command Paths.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
string trustedServerConfigFile = "/tmp/trusted_ats.conf";
|
|
|
|
string svcSettingsFile = "/etc/CASA/authtoken/svc/svc.settings";
|
|
|
|
string svcSettingsEditor = "/usr/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh";
|
|
|
|
string authPolicyFile = "/etc/CASA/authtoken/svc/auth.policy";
|
|
|
|
string authPolicyEditor = "/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh";
|
|
|
|
string iaRealmsFile = "/etc/CASA/authtoken/svc/iaRealms.xml";
|
|
|
|
string iaRealmsEditor = "/usr/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.sh";
|
2007-06-01 17:41:46 +02:00
|
|
|
string trustedServerCertsFolder = "/etc/CASA/authtoken/keys/trustedATSCerts";
|
2007-05-09 17:05:13 +02:00
|
|
|
|
2006-11-14 11:48:37 +01:00
|
|
|
/**
|
|
|
|
* Settings Map
|
|
|
|
*/
|
|
|
|
global map Settings = $[];
|
|
|
|
|
|
|
|
string port = "2645";
|
|
|
|
string service_name = "casa_atsd";
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
|
|
|
|
|
2006-11-14 11:48:37 +01:00
|
|
|
/**
|
|
|
|
* Prototypes
|
|
|
|
*/
|
|
|
|
global boolean Modified();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Data was modified?
|
|
|
|
*/
|
|
|
|
global boolean modified = false;
|
|
|
|
|
|
|
|
/**
|
|
|
|
*/
|
|
|
|
global boolean proposal_valid = false;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Write only, used during autoinstallation.
|
|
|
|
* Don't run services and SuSEconfig, it's all done at one place.
|
|
|
|
*/
|
|
|
|
global boolean write_only = false;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Abort function
|
|
|
|
* return boolean return true if abort
|
|
|
|
*/
|
|
|
|
global boolean() AbortFunction = Modified;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Abort function
|
|
|
|
* @return boolean return true if abort
|
|
|
|
*/
|
|
|
|
global define boolean Abort() ``{
|
|
|
|
if(AbortFunction != nil)
|
|
|
|
{
|
|
|
|
return AbortFunction () == true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Data was modified?
|
|
|
|
* @return true if modified
|
|
|
|
*/
|
|
|
|
global boolean Modified() {
|
|
|
|
y2debug("modified=%1",modified);
|
|
|
|
return modified;
|
|
|
|
}
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
global boolean IsPortOpen()
|
|
|
|
{
|
|
|
|
return contains(SuSEFirewall::GetAdditionalServices("TCP", "EXT"), port);
|
|
|
|
}
|
|
|
|
|
|
|
|
boolean ModifyFirewallPort()
|
|
|
|
{
|
|
|
|
boolean retVal = false;
|
|
|
|
list<string> services = SuSEFirewall::GetAdditionalServices("TCP", "EXT");
|
|
|
|
if (!contains(services, port) && Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false)
|
|
|
|
{
|
|
|
|
services = add(services, port);
|
|
|
|
retVal = true;
|
|
|
|
}
|
|
|
|
else if (contains(services, port) && !Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false)
|
|
|
|
{
|
|
|
|
services = filter(string service, services,
|
|
|
|
{
|
|
|
|
return (service != port);
|
|
|
|
}
|
|
|
|
);
|
|
|
|
retVal = true;
|
|
|
|
}
|
|
|
|
if (retVal)
|
|
|
|
{
|
|
|
|
SuSEFirewall::SetAdditionalServices("TCP", "EXT", services);
|
|
|
|
}
|
|
|
|
return retVal;
|
|
|
|
}
|
|
|
|
|
2006-11-14 11:48:37 +01:00
|
|
|
/**
|
|
|
|
* Read all casa-ats settings
|
|
|
|
* @return true on success
|
|
|
|
*/
|
|
|
|
global boolean Read() {
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
y2milestone("Read Executing");
|
|
|
|
|
|
|
|
string cmd = "";
|
|
|
|
map ret = $[];
|
|
|
|
integer exit = -1;
|
|
|
|
|
2006-11-14 11:48:37 +01:00
|
|
|
/* CasaAts read dialog caption */
|
|
|
|
string caption = _("Initializing CASA ATS Configuration");
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
// Read stages
|
2006-11-14 11:48:37 +01:00
|
|
|
integer steps = 2;
|
|
|
|
|
|
|
|
integer sl = 500;
|
|
|
|
sleep(sl);
|
|
|
|
|
|
|
|
// We do not set help text here, because it was set outside
|
|
|
|
Progress::New( caption, " ", steps, [
|
|
|
|
/* Progress stage 1/2 */
|
|
|
|
_("Read the previous settings"),
|
|
|
|
/* Progress stage 2/2 */
|
|
|
|
_("Read the firewall status")
|
|
|
|
], [
|
|
|
|
/* Progress step 1/2 */
|
|
|
|
_("Reading the settings file..."),
|
|
|
|
/* Progress step 2/2 */
|
|
|
|
_("Reading the firewall status..."),
|
|
|
|
/* Progress finished */
|
|
|
|
_("Finished")
|
|
|
|
],
|
|
|
|
""
|
|
|
|
);
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
// Read settings
|
|
|
|
if (Abort()) return false;
|
2006-11-14 11:48:37 +01:00
|
|
|
Progress::NextStage();
|
2007-05-09 17:05:13 +02:00
|
|
|
|
|
|
|
// Set defaults
|
|
|
|
Settings["CONFIG_CASAATS_ENABLE"] = false;
|
|
|
|
Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = true;
|
|
|
|
Settings["CONFIG_CASAATS_WEB_ACCESS"] = false;
|
|
|
|
Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = 60;
|
|
|
|
|
|
|
|
if (FileUtils::Exists("/etc/sysconfig/casa-ats")) {
|
2006-11-14 11:48:37 +01:00
|
|
|
Settings["CONFIG_CASAATS_ENABLE"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE)) == "yes";
|
2007-05-09 17:05:13 +02:00
|
|
|
if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) {
|
|
|
|
Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_DIRECT_ACCESS)) == "yes";
|
|
|
|
Settings["CONFIG_CASAATS_WEB_ACCESS"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_WEB_ACCESS)) == "yes";
|
|
|
|
|
|
|
|
cmd = svcSettingsEditor + " -get ReconfigureInterval -file " + svcSettingsFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
integer exit = ret["exit"]:-1;
|
|
|
|
if (exit == 0) {
|
|
|
|
string cmd_output = ret["stdout"]:"";
|
|
|
|
list<string> output_lines = splitstring(cmd_output, "\n");
|
|
|
|
list<string> reconfigIntervalLineComponents = splitstring(output_lines[0]:"ReconfigureInterval=60", "=");
|
|
|
|
Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = tointeger(reconfigIntervalLineComponents[1]:"60");
|
|
|
|
}
|
|
|
|
}
|
2006-11-14 11:48:37 +01:00
|
|
|
}
|
2007-05-09 17:05:13 +02:00
|
|
|
if (false) Report::Error(_("Cannot read settings file."));
|
2006-11-14 11:48:37 +01:00
|
|
|
sleep(sl);
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
// Read the trusted server config
|
|
|
|
y2milestone("Reading trusted server config");
|
|
|
|
list<string> trustedServerList = [];
|
|
|
|
if (SCR::Read(.target.size, trustedServerConfigFile) > 0) {
|
|
|
|
string trustedServerListString = (string) SCR::Read(.target.string, trustedServerConfigFile);
|
|
|
|
if (trustedServerListString != nil) {
|
|
|
|
trustedServerList = splitstring(trustedServerListString, "\n");
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
y2error("Failed to read from " + trustedServerConfigFile);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Settings["CONFIG_CASAATS_TRUSTED"] = trustedServerList;
|
|
|
|
|
|
|
|
// Check if we need to read the server configuration
|
|
|
|
if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) {
|
|
|
|
|
|
|
|
// Read the auth.policy information
|
|
|
|
cmd = sformat("%1 -list -file %2", authPolicyEditor, authPolicyFile);
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
map<string, map> authPolicy = $[];
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to read realm info from " + iaRealmsFile);
|
|
|
|
else {
|
|
|
|
string cmd_output = ret["stdout"]:"";
|
|
|
|
list<string> authPolicyLines = splitstring(cmd_output, "\n");
|
|
|
|
string realmId = "";
|
|
|
|
string mechanism = "";
|
|
|
|
foreach(string line, authPolicyLines, {
|
|
|
|
if (tolower(line) == "auth_source:") {
|
|
|
|
realmId = "";
|
|
|
|
mechanism = "";
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
list<string> lineComponents = splitstring(line, "\t");
|
|
|
|
foreach(string component, lineComponents, {
|
|
|
|
if (component != "") {
|
|
|
|
list<string> settingValue = splitstring(component, ":");
|
|
|
|
if (tolower(settingValue[0]:"") == "identity source") {
|
|
|
|
realmId = settingValue[1]:"";
|
|
|
|
}
|
|
|
|
else if (tolower(settingValue[0]:"") == "authentication mechanism") {
|
|
|
|
mechanism = settingValue[1]:"";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
if (realmId != "" && mechanism != "") {
|
|
|
|
map<string, boolean> authMechs = (map<string, boolean>) authPolicy[realmId]:$[];
|
|
|
|
authMechs[mechanism] = true;
|
|
|
|
authPolicy[realmId] = authMechs;
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get a list of the configured realms in the iaRealms.xml file
|
|
|
|
cmd = iaRealmsEditor + " -list -file " + iaRealmsFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to read configured realms from " + iaRealmsFile);
|
|
|
|
else {
|
|
|
|
string cmd_output = ret["stdout"]:"";
|
|
|
|
list<string> realmIdList = splitstring(cmd_output, "\n");
|
|
|
|
map<string, map> realms = $[];
|
|
|
|
|
|
|
|
// Read the information about each realm
|
|
|
|
foreach(string realmId, realmIdList, {
|
|
|
|
// Make sure that it is a valid id
|
|
|
|
if (realmId != "") {
|
|
|
|
// Read the realm info from the iaRealms.xml file
|
|
|
|
cmd = sformat("%1 -get %2 -file %3", iaRealmsEditor, realmId, iaRealmsFile);
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to read realm info from " + iaRealmsFile);
|
|
|
|
else {
|
|
|
|
cmd_output = ret["stdout"]:"";
|
|
|
|
list<string> realmIdComponents = splitstring(cmd_output, "\n");
|
|
|
|
map realm = $[];
|
|
|
|
list<string> ldapUrls = [];
|
|
|
|
list<string> searchRoots = [];
|
|
|
|
string stage = "";
|
|
|
|
|
|
|
|
realm["REALM_ID"] = realmId;
|
|
|
|
|
|
|
|
foreach(string component, realmIdComponents, {
|
|
|
|
if (tolower(component) == "dirtype") {
|
|
|
|
stage = "DirType";
|
|
|
|
}
|
|
|
|
else if (tolower(component) == "searchroots") {
|
|
|
|
stage = "SearchRoots";
|
|
|
|
}
|
|
|
|
else if (tolower(component) == "ldapurls") {
|
|
|
|
stage = "LdapUrls";
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
if (stage == "DirType") {
|
|
|
|
if (component == "\teDir") {
|
|
|
|
y2milestone("%1 is eDir", realmId);
|
|
|
|
realm["EDIR_TYPE"] = true;
|
|
|
|
realm["AD_TYPE"] = false;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
y2milestone("%1 is %2", realmId, component);
|
|
|
|
realm["EDIR_TYPE"] = false;
|
|
|
|
realm["AD_TYPE"] = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (stage == "SearchRoots") {
|
|
|
|
list<string> ctxList = splitstring(component, "\t");
|
|
|
|
foreach(string value, ctxList, {
|
|
|
|
if (value != "") {
|
|
|
|
y2milestone("%1 ctx added", value);
|
|
|
|
searchRoots = add(searchRoots, value);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
else if (stage == "LdapUrls") {
|
|
|
|
list<string> urlList = splitstring(component, "\t");
|
|
|
|
foreach(string value, urlList, {
|
|
|
|
if (value != "") {
|
|
|
|
y2milestone("%1 url added", value);
|
|
|
|
ldapUrls = add(ldapUrls, value);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
y2error("Error reading realm information");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
realm["LDAP_URL_LIST"] = ldapUrls;
|
|
|
|
realm["SEARCH_ROOT_LIST"] = searchRoots;
|
|
|
|
|
|
|
|
// Set the authentication mechanism information for the realm
|
|
|
|
map<string, boolean> authMechs = (map<string, boolean>) authPolicy[realmId]:$[];
|
|
|
|
if (authMechs != nil) {
|
|
|
|
if (authMechs["PwdAuthenticate"]:false == true)
|
|
|
|
realm["PASSWD_MECH"] = true;
|
|
|
|
else
|
|
|
|
realm["PASSWD_MECH"] = false;
|
|
|
|
|
|
|
|
if (authMechs["Krb5Authenticate"]:false == true)
|
|
|
|
realm["KRB_MECH"] = true;
|
|
|
|
else
|
|
|
|
realm["KRB_MECH"] = false;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
y2error("Missing auth.policy info for " + realmId);
|
|
|
|
}
|
|
|
|
|
|
|
|
realms[realmId] = realm;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
Settings["CONFIG_CASAATS_REALMS"] = realms;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-11-14 11:48:37 +01:00
|
|
|
// read firewall settings
|
2007-05-09 17:05:13 +02:00
|
|
|
if (Abort()) return false;
|
2006-11-14 11:48:37 +01:00
|
|
|
Progress::NextStage();
|
|
|
|
Progress::set(false);
|
|
|
|
SuSEFirewall::Read();
|
|
|
|
Progress::set(true);
|
2007-05-09 17:05:13 +02:00
|
|
|
|
2006-11-14 11:48:37 +01:00
|
|
|
/* Error message */
|
2007-05-09 17:05:13 +02:00
|
|
|
if (false) Report::Error(_("Cannot read firewall status."));
|
2006-11-14 11:48:37 +01:00
|
|
|
sleep(sl);
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
if (Abort()) return false;
|
|
|
|
|
2006-11-14 11:48:37 +01:00
|
|
|
/* Progress finished */
|
|
|
|
Progress::NextStage();
|
|
|
|
Progress::Finish();
|
|
|
|
sleep(sl);
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
if (Abort()) return false;
|
2006-11-14 11:48:37 +01:00
|
|
|
modified = false;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Write all casa-ats settings
|
|
|
|
* @return true on success
|
|
|
|
*/
|
|
|
|
global boolean Write() {
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
y2milestone("Write Executing");
|
2006-11-14 11:48:37 +01:00
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
/* CasaAts read dialog caption */
|
|
|
|
string caption = _("Saving casa-ats Configuration");
|
2006-11-14 11:48:37 +01:00
|
|
|
|
|
|
|
integer sl = 500;
|
|
|
|
sleep(sl);
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
// Set the stages depending on whether we are configuring the
|
|
|
|
// server or not.
|
|
|
|
integer steps = 0;
|
|
|
|
if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == false) {
|
|
|
|
steps = 3;
|
|
|
|
Progress::New(caption, " ", steps, [
|
|
|
|
/* Progress stage 1/3 */
|
|
|
|
_("Write the trusted server settings"),
|
|
|
|
/* Progress stage 2/3 */
|
|
|
|
_("Write the sysconfig settings"),
|
|
|
|
/* Progress stage 3/3 */
|
|
|
|
_("Update runlevel settings"),
|
|
|
|
], [
|
|
|
|
/* Progress step 1/3 */
|
|
|
|
_("Writing the trusted server settings..."),
|
|
|
|
/* Progress step 2/3 */
|
|
|
|
_("Writing the sysconfig settings..."),
|
|
|
|
/* Progress step 3/3 */
|
|
|
|
_("Updating runlevel settings..."),
|
|
|
|
/* Progress finished */
|
|
|
|
_("Finished")
|
|
|
|
],
|
|
|
|
""
|
|
|
|
);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
steps = 4;
|
|
|
|
Progress::New(caption, " ", steps, [
|
|
|
|
/* Progress stage 1/3 */
|
|
|
|
_("Write the trusted server settings"),
|
|
|
|
/* Progress stage 2/3 */
|
|
|
|
_("Write the sysconfig settings"),
|
|
|
|
/* Progress stage 4/4 */
|
|
|
|
_("Adjust firewall"),
|
|
|
|
/* Progress stage 3/3 */
|
|
|
|
_("Update runlevel settings")
|
|
|
|
], [
|
|
|
|
/* Progress step 1/3 */
|
|
|
|
_("Writing the trusted server settings..."),
|
|
|
|
/* Progress step 2/3 */
|
|
|
|
_("Writing the sysconfig settings..."),
|
|
|
|
/* Progress step 4/4 */
|
|
|
|
_("Adjusting firewall..."),
|
|
|
|
/* Progress step 3/3 */
|
|
|
|
_("Updating runlevel settings..."),
|
|
|
|
/* Progress finished */
|
|
|
|
_("Finished")
|
|
|
|
],
|
|
|
|
""
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Write the trusted server list
|
|
|
|
if (Abort()) return false;
|
2006-11-14 11:48:37 +01:00
|
|
|
Progress::NextStage();
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
// Create trusted server config file if it does not exists,
|
|
|
|
// otherwise backup.
|
|
|
|
y2milestone("Writing trusted server config");
|
|
|
|
if (SCR::Read(.target.size, trustedServerConfigFile) < 0)
|
|
|
|
SCR::Write(.target.string, trustedServerConfigFile, "");
|
|
|
|
else
|
|
|
|
SCR::Execute(.target.bash, "/bin/cp "+trustedServerConfigFile+" "+trustedServerConfigFile+".YaST2save");
|
|
|
|
|
2007-06-01 17:41:46 +02:00
|
|
|
// Create a fresh folder to hold the Signing Certs of the trusted ATSs
|
|
|
|
SCR::Execute(.target.bash, "/bin/rm -fr " + trustedServerCertsFolder);
|
|
|
|
SCR::Execute(.target.bash, "/bin/mkdir " + trustedServerCertsFolder);
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
// Update the trusted server config
|
2007-05-19 00:13:32 +02:00
|
|
|
any anyRet = false;
|
2007-05-09 17:05:13 +02:00
|
|
|
list<string> trustedServerList = Settings["CONFIG_CASAATS_TRUSTED"]:[];
|
|
|
|
string trustedServerListString = "";
|
|
|
|
if (trustedServerList != []) {
|
|
|
|
// Merge all of the addresses onto the string
|
|
|
|
trustedServerListString = mergestring(trustedServerList, "\n");
|
2007-06-01 17:41:46 +02:00
|
|
|
|
|
|
|
// Import the Signing Certs from the trusted ATSs
|
|
|
|
foreach(string trustedATS, trustedServerList, {
|
|
|
|
if (trustedATS != "")
|
|
|
|
{
|
|
|
|
string cmd = sformat("curl -f --capath /etc/ssl/certs -o %1/%2 https://%3:443/CasaAuthTokenSvc/SigningCert", trustedServerCertsFolder, trustedATS, trustedATS);
|
|
|
|
integer exit = (integer) SCR::Execute(.target.bash, cmd);
|
|
|
|
if (exit != 0)
|
|
|
|
{
|
|
|
|
y2error("SigningCert import from " + trustedATS + "using port 443 failed with Curl error" + tostring(exit) + " trying port 2645");
|
|
|
|
cmd = sformat("curl -f --capath /etc/ssl/certs -o %1/%2 https://%3:2645/CasaAuthTokenSvc/SigningCert", trustedServerCertsFolder, trustedATS, trustedATS);
|
|
|
|
exit = (integer) SCR::Execute(.target.bash, cmd);
|
|
|
|
if (exit != 0)
|
|
|
|
{
|
|
|
|
y2error("SigningCert import from " + trustedATS + "using port 2645 failed with Curl error" + tostring(exit));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
2007-05-09 17:05:13 +02:00
|
|
|
}
|
2007-05-19 00:13:32 +02:00
|
|
|
anyRet = SCR::Write(.target.string, trustedServerConfigFile, trustedServerListString);
|
|
|
|
if (anyRet != true)
|
2007-06-01 17:41:46 +02:00
|
|
|
y2error("Failed to write to " + trustedServerConfigFile);
|
|
|
|
|
|
|
|
// Refresh the trusted ATS Keystore
|
|
|
|
SCR::Execute(.target.bash, "/usr/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh");
|
2007-05-09 17:05:13 +02:00
|
|
|
|
|
|
|
// Write the /etc/sysconfig/casa-ats settings
|
2006-11-14 11:48:37 +01:00
|
|
|
if(Abort()) return false;
|
|
|
|
Progress::NextStage();
|
2007-05-09 17:05:13 +02:00
|
|
|
SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE, Settings["CONFIG_CASAATS_ENABLE"]:false ? "yes" : "no");
|
|
|
|
SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_DIRECT_ACCESS, Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:true ? "yes" : "no");
|
|
|
|
SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_WEB_ACCESS, Settings["CONFIG_CASAATS_WEB_ACCESS"]:false ? "yes" : "no");
|
|
|
|
if (false) Report::Error (_("Cannot sysconfig settings."));
|
2006-11-14 11:48:37 +01:00
|
|
|
sleep(sl);
|
|
|
|
|
2007-05-19 00:13:32 +02:00
|
|
|
// Try to obtain the uid of casaatsd
|
|
|
|
string uid = "";
|
|
|
|
map ret = (map) SCR::Execute(.target.bash_output, "id -u casaatsd");
|
|
|
|
integer exit = ret["exit"]:-1;
|
|
|
|
if (exit == 0)
|
|
|
|
{
|
|
|
|
string cmd_output = ret["stdout"]:"";
|
|
|
|
list<string> uidComponents = splitstring(cmd_output, "\n");
|
|
|
|
uid = uidComponents[0]:"";
|
|
|
|
y2milestone("casaatsd uid = " + uid);
|
|
|
|
|
|
|
|
// Clear out the credentials that may have been saved in miCASA
|
|
|
|
// for this user.
|
|
|
|
string cmd = sformat("CASAcli -r -u %1", uid);
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to remove casaatsd credentials");
|
|
|
|
}
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
// Check if we need to save the server configuration
|
|
|
|
if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) {
|
|
|
|
|
|
|
|
// Create svc.settings file
|
|
|
|
string cmd = "rm -f " + svcSettingsFile;
|
2007-05-19 00:13:32 +02:00
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
2007-05-09 17:05:13 +02:00
|
|
|
cmd = svcSettingsEditor + " -create -file " + svcSettingsFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
2007-05-19 00:13:32 +02:00
|
|
|
exit = ret["exit"]:-1;
|
2007-05-09 17:05:13 +02:00
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to create " + svcSettingsFile);
|
|
|
|
|
|
|
|
// Write the reconfigure interval value
|
|
|
|
cmd = sformat("%1 -set ReconfigureInterval %2 -file %3",
|
|
|
|
svcSettingsEditor,
|
|
|
|
tostring(Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60),
|
|
|
|
svcSettingsFile);
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to set reconfigure interval");
|
|
|
|
|
|
|
|
// Create the auth.policy file
|
|
|
|
cmd = "rm -f " + authPolicyFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
cmd = authPolicyEditor + " -create -file " + authPolicyFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to create " + authPolicyFile);
|
|
|
|
|
|
|
|
// Create the iaRealms.xml file
|
|
|
|
cmd = "rm -f " + iaRealmsFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
cmd = iaRealmsEditor + " -create -file " + iaRealmsFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to create " + iaRealmsFile);
|
|
|
|
|
|
|
|
// Add the real information to auth.policy and iaRealms.xml files
|
|
|
|
map<string, map> realms = (map<string, map>) CasaAts::Settings["CONFIG_CASAATS_REALMS"]:$[];
|
|
|
|
foreach (string key, map realm, realms, {
|
|
|
|
// Pull the realm parameters into local variables
|
|
|
|
string realmId = realm["REALM_ID"]:"";
|
|
|
|
boolean eDirType = realm["EDIR_TYPE"]:true;
|
|
|
|
boolean adType = realm["AD_TYPE"]:false;
|
|
|
|
boolean passwd_mech = realm["PASSWD_MECH"]:true;
|
|
|
|
boolean krb_mech = realm["KRB_MECH"]:false;
|
|
|
|
string proxy_username = realm["PROXY_USERNAME"]:"";
|
|
|
|
string proxy_password = realm["PROXY_PASSWD"]:"";
|
|
|
|
list<string> ldapUrls = realm["LDAP_URL_LIST"]:[];
|
|
|
|
list<string> searchRoots = realm["SEARCH_ROOT_LIST"]:[];
|
|
|
|
|
|
|
|
// Update the auth.policy
|
|
|
|
if (krb_mech == true) {
|
|
|
|
cmd = authPolicyEditor + " -append -entry " + realmId + ":Krb5Authenticate -file " + authPolicyFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to add entry to " + authPolicyFile);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (passwd_mech == true) {
|
|
|
|
cmd = authPolicyEditor + " -append -entry " + realmId + ":PwdAuthenticate -file " + authPolicyFile;
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to add entry to " + authPolicyFile);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Update the iaRealms.xml file
|
|
|
|
if (eDirType)
|
2007-06-08 00:26:40 +02:00
|
|
|
cmd = sformat("%1 -set \"%2\" -type eDir ", iaRealmsEditor, realmId);
|
2007-05-09 17:05:13 +02:00
|
|
|
else
|
2007-06-08 00:26:40 +02:00
|
|
|
cmd = sformat("%1 -set \"%2\" -type ActiveDirectory ", iaRealmsEditor, realmId);
|
2007-05-09 17:05:13 +02:00
|
|
|
foreach (string url, ldapUrls, {
|
2007-06-08 00:26:40 +02:00
|
|
|
cmd = sformat("%1 -url \"%2\"", cmd, url);
|
2007-05-09 17:05:13 +02:00
|
|
|
});
|
|
|
|
foreach (string ctx, searchRoots, {
|
2007-06-08 00:26:40 +02:00
|
|
|
cmd = sformat("%1 -sr \"%2\"", cmd, ctx);
|
2007-05-09 17:05:13 +02:00
|
|
|
});
|
|
|
|
cmd = sformat("%1 -file %2", cmd, iaRealmsFile);
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to set realm " + realmId);
|
2007-05-10 18:48:46 +02:00
|
|
|
|
2007-05-19 00:01:14 +02:00
|
|
|
// Save Proxy User Credentials in miCASA if we have the uid of casaatsd
|
|
|
|
if (uid != "")
|
2007-05-17 17:42:32 +02:00
|
|
|
{
|
|
|
|
// Set the Proxy User Credentials in miCASA
|
|
|
|
cmd = sformat("KEYVALUE=\"%1\" CASAcli -s -u %2 -n %3 -k CN", proxy_username, uid, realmId);
|
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to set Proxy Username in miCASA for realm " + realmId);
|
|
|
|
|
2007-06-08 00:26:40 +02:00
|
|
|
cmd = sformat("KEYVALUE=\"%1\" CASAcli -s -u %2 -n \"%3\" -k Password", proxy_password, uid, realmId);
|
2007-05-17 17:42:32 +02:00
|
|
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
|
|
|
exit = ret["exit"]:-1;
|
|
|
|
if (exit != 0)
|
|
|
|
y2error("Failed to set Proxy Password in miCASA for realm " + realmId);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2007-05-19 00:01:14 +02:00
|
|
|
y2error("Not setting proxy credentials in miCASA due to blank uid");
|
2007-05-17 17:42:32 +02:00
|
|
|
}
|
2007-05-09 17:05:13 +02:00
|
|
|
});
|
|
|
|
|
2007-06-02 01:05:03 +02:00
|
|
|
// Refresh the server Keystore
|
|
|
|
SCR::Execute(.target.bash, "/usr/share/java/CASA/authtoken/bin/refresh_server_keystore.sh");
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
// Adjust firewall as needed
|
|
|
|
if (Abort()) return false;
|
|
|
|
Progress::NextStage();
|
|
|
|
if (ModifyFirewallPort())
|
|
|
|
{
|
|
|
|
// write settings
|
|
|
|
Progress::set(false);
|
|
|
|
SuSEFirewall::WriteOnly();
|
|
|
|
if (!write_only)
|
|
|
|
{
|
|
|
|
SuSEFirewall::ActivateConfiguration();
|
|
|
|
}
|
|
|
|
Progress::set(true);
|
|
|
|
}
|
|
|
|
if (false) Report::Error (_("Error adjusting firewall."));
|
|
|
|
sleep(sl);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Enable/disable and start/stop service as needed
|
|
|
|
if (Abort()) return false;
|
2006-11-14 11:48:37 +01:00
|
|
|
Progress::NextStage();
|
|
|
|
if (Settings["CONFIG_CASAATS_ENABLE"]:false)
|
|
|
|
{
|
|
|
|
if (!Service::Enabled(service_name))
|
|
|
|
{
|
|
|
|
Service::Enable(service_name);
|
|
|
|
}
|
|
|
|
if (Service::Status(service_name) != 0)
|
|
|
|
{
|
|
|
|
Service::Start(service_name);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
Service::Restart(service_name);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if (Service::Enabled(service_name))
|
|
|
|
{
|
|
|
|
Service::Disable(service_name);
|
|
|
|
}
|
|
|
|
if (Service::Status(service_name) == 0)
|
|
|
|
{
|
|
|
|
Service::Stop(service_name);
|
|
|
|
}
|
|
|
|
}
|
2007-05-09 17:05:13 +02:00
|
|
|
if (false) Report::Error (_("Error updating runlevels."));
|
2006-11-14 11:48:37 +01:00
|
|
|
sleep(sl);
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
if (Abort()) return false;
|
2006-11-14 11:48:37 +01:00
|
|
|
/* Progress finished */
|
|
|
|
Progress::NextStage();
|
|
|
|
Progress::Finish();
|
|
|
|
sleep(sl);
|
|
|
|
|
2007-05-09 17:05:13 +02:00
|
|
|
if (Abort()) return false;
|
2006-11-14 11:48:37 +01:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get all casa-ats settings from the first parameter
|
|
|
|
* (For use by autoinstallation.)
|
|
|
|
* @param settings The YCP structure to be imported.
|
|
|
|
* @return boolean True on success
|
|
|
|
*/
|
|
|
|
global boolean Import (map settings) {
|
|
|
|
// TODO FIXME: your code here (fill the above mentioned variables)...
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Dump the casa-ats settings to a single map
|
|
|
|
* (For use by autoinstallation.)
|
|
|
|
* @return map Dumped settings (later acceptable by Import ())
|
|
|
|
*/
|
|
|
|
global map Export () {
|
|
|
|
// TODO FIXME: your code here (return the above mentioned variables)...
|
|
|
|
return $[];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a textual summary and a list of unconfigured cards
|
|
|
|
* @return summary of the current configuration
|
|
|
|
*/
|
|
|
|
global list Summary() {
|
|
|
|
// TODO FIXME: your code here...
|
|
|
|
/* Configuration summary text for autoyast */
|
|
|
|
return [ _("Configuration summary..."), [] ];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an overview table with all configured cards
|
|
|
|
* @return table items
|
|
|
|
*/
|
|
|
|
global list Overview() {
|
|
|
|
// TODO FIXME: your code here...
|
|
|
|
return [];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return packages needed to be installed and removed during
|
|
|
|
* Autoinstallation to insure module has all needed software
|
|
|
|
* installed.
|
|
|
|
* @return map with 2 lists.
|
|
|
|
*/
|
|
|
|
global map AutoPackages() {
|
|
|
|
// TODO FIXME: your code here...
|
|
|
|
return $[ "install":[], "remove":[] ];
|
|
|
|
}
|
|
|
|
|
|
|
|
/* EOF */
|
|
|
|
}
|