diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-02-04 23:34:51 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-02-04 23:34:51 +0000 |
commit | 7c2ccc731f1b6ea5b3a44718ebc2816bba6d59bc (patch) | |
tree | cee451ba0a8af07ee24729fb75ab1b6fd7abf40f /pki/base/ra | |
parent | 21aa7c44dfa68059ba3f4dc38da91f51fedb7f8b (diff) | |
download | pki-7c2ccc731f1b6ea5b3a44718ebc2816bba6d59bc.tar.gz pki-7c2ccc731f1b6ea5b3a44718ebc2816bba6d59bc.tar.xz pki-7c2ccc731f1b6ea5b3a44718ebc2816bba6d59bc.zip |
Bugzilla Bug #606943 - Convert RA to use ldap utilities from
OpenLDAP instead of the Mozldap
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1823 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ra')
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm | 41 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/AuthDBPanel.pm | 167 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/Login.pm | 1 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/wizard.pm | 1 | ||||
-rw-r--r-- | pki/base/ra/setup/registry_instance | 5 |
5 files changed, 2 insertions, 213 deletions
diff --git a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm index ebf2a0cd9..a5538ef54 100755 --- a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm @@ -157,38 +157,6 @@ sub update my $admincert = $response->{Requests}->{Request}->{b64}; &PKI::RA::Wizard::debug_log("AdminPanel: admincert " . $admincert); - my $ldap_host = $::config->get("preop.database.host"); - my $ldap_port = $::config->get("preop.database.port"); - my $basedn = $::config->get("preop.database.basedn"); - my $binddn = $::config->get("preop.database.binddn"); -# my $bindpwd = $::config->get("tokendb.bindPass"); - my $bindpwd = `grep \"tokendbBindPass:\" \"$instanceDir/conf/password.conf\" | cut -c17-`; - $bindpwd =~ s/\n$//g; - - my $tmp = "/tmp/addAgents-$$.ldif"; - - my $flavor = "pki"; - $flavor =~ s/\n//g; - - my $mozldap_path = "/usr/lib/mozldap"; - my $arch = ""; - if ($^O eq "linux") { - $arch = `uname -i`; - $arch =~ s/\n//g; - if ($arch eq "x86_64") { - $mozldap_path = "/usr/lib64/mozldap"; - } - } elsif ($^O eq "solaris") { - $arch=`uname -p`; - $arch =~ s/\n//g; - if( ( $arch eq "sparc" ) && - ( -d "/usr/lib/sparcv9/" ) ) { - $mozldap_path = "/usr/lib/sparcv9/mozldap6"; - } - } - -# $admincert =~ s/\//\\\//g; - # create local database my $dbh = DBI->connect( "dbi:SQLite:dbname=$instanceDir/conf/dbfile","",""); @@ -224,15 +192,6 @@ sub update $dbh->do($insert); $dbh->disconnect(); - -# system("sed -e 's/\$TOKENDB_ROOT/$basedn/' " . -# "-e 's/\$TOKENDB_AGENT_CERT/$admincert/' " . -# "/usr/share/$flavor/ra/scripts/addAgents.ldif > $tmp"); -# system("$mozldap_path/ldapmodify -h '$ldap_host' -p '$ldap_port' -D '$binddn' " . -# "-w '$bindpwd' -a " . -# "-f '$tmp'"); - system("rm $tmp"); - my $reqid = $response->{Requests}->{Request}->{Id}; $::config->put("preop.admincert.requestId.0", $reqid); my $sn = $response->{Requests}->{Request}->{serialno}; diff --git a/pki/base/ra/lib/perl/PKI/RA/AuthDBPanel.pm b/pki/base/ra/lib/perl/PKI/RA/AuthDBPanel.pm deleted file mode 100755 index 0be17a388..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/AuthDBPanel.pm +++ /dev/null @@ -1,167 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::AuthDBPanel; -$PKI::RA::AuthDBPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(7); - $self->{"getName"} = &PKI::RA::Common::r("Authentication Directory"); - $self->{"vmfile"} = "authdbpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AuthDBPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AuthDBPanel: update"); - - my $host = $q->param('host'); - my $port = $q->param('port'); - my $basedn = $q->param('basedn'); - - &PKI::RA::Wizard::debug_log("AuthDBPanel: host=" . $host); - &PKI::RA::Wizard::debug_log("AuthDBPanel: port=" . $port); - &PKI::RA::Wizard::debug_log("AuthDBPanel: basedn=" . $basedn); - - if (!($port =~ /^[0-9]+$/)) { - &PKI::RA::Wizard::debug_log("AuthDBPanel: bad port " . $port); - $::symbol{errorString} = "Bad Port"; - return 0; - } - - # try to do a ldapsearch - my $tmp = "/tmp/file$$"; - my $mozldap_path = "/usr/lib/mozldap"; - my $arch = ""; - if ($^O eq "linux") { - $arch = `uname -i`; - $arch =~ s/\n//g; - if ($arch eq "x86_64") { - $mozldap_path = "/usr/lib64/mozldap"; - } - } elsif ($^O eq "solaris") { - $arch=`uname -p`; - $arch =~ s/\n//g; - if( ( $arch eq "sparc" ) && - ( -d "/usr/lib/sparcv9/" ) ) { - $mozldap_path = "/usr/lib/sparcv9/mozldap6"; - } - } - &PKI::RA::Wizard::debug_log("AuthDBPanel: invoking $mozldap_path/ldapsearch"); - my $status = system("$mozldap_path/ldapsearch -h '$host' " . - "-p '$port' -b '$basedn' -s base 'objectclass=*' > $tmp 2>&1"); - if ($status eq "0") { - &PKI::RA::Wizard::debug_log("AuthDBPanel: auth database looks ok"); - } else { - my $reason = `cat $tmp`; - &PKI::RA::Wizard::debug_log("AuthDBPanel: failed to connect " . $reason); - $::symbol{errorString} = "Failed to Connect"; - return 0; - } - system("rm $tmp"); - - # save values to CS.cfg - $::config->put("auth.instance.0.baseDN", $basedn); - $::config->put("auth.instance.0.hostport", $host . ":" . $port); - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AuthDBPanel: display"); - - my $machineName = $::config->get("service.machineName"); - my $instanceId = $::config->get("service.instanceID"); - - my $basedn = $::config->get("auth.instance.0.baseDN"); - if ($basedn =~ /\[/) { - $basedn = $machineName; - $basedn =~ s/^[^.]+\.//; - if ($basedn eq "") { - $basedn = "dc=" . $machineName; - } else { - $basedn =~ s/\./,dc=/g; - $basedn = "dc=" . $basedn; - } - } - my $host = ""; - my $port = ""; - my $hostport = $::config->get("auth.instance.0.hostport"); - if ($hostport =~ /\[/) { - $host = "localhost"; - $port = "389"; - } else { - my ($hostx, $portx) = split(/:/, $hostport); - $host = $hostx; - $port = $portx; - } - - $::symbol{hostname} = $host; - $::symbol{portStr} = $port; - $::symbol{basedn} = $basedn; - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/Login.pm b/pki/base/ra/lib/perl/PKI/RA/Login.pm index 875df1a31..d248e5481 100755 --- a/pki/base/ra/lib/perl/PKI/RA/Login.pm +++ b/pki/base/ra/lib/perl/PKI/RA/Login.pm @@ -73,7 +73,6 @@ use PKI::RA::DRMInfoPanel; use PKI::RA::DisplayCertChain2Panel; use PKI::RA::AdminAuthPanel; use PKI::RA::AgentAuthPanel; -use PKI::RA::AuthDBPanel; use PKI::RA::DatabasePanel; use PKI::RA::ModulePanel; use PKI::RA::SizePanel; diff --git a/pki/base/ra/lib/perl/PKI/RA/wizard.pm b/pki/base/ra/lib/perl/PKI/RA/wizard.pm index f7b43e80d..5fe1e7536 100755 --- a/pki/base/ra/lib/perl/PKI/RA/wizard.pm +++ b/pki/base/ra/lib/perl/PKI/RA/wizard.pm @@ -71,7 +71,6 @@ use PKI::RA::CAInfoPanel; use PKI::RA::DisplayCertChain2Panel; use PKI::RA::AdminAuthPanel; use PKI::RA::AgentAuthPanel; -use PKI::RA::AuthDBPanel; use PKI::RA::DatabasePanel; use PKI::RA::ModulePanel; use PKI::RA::SizePanel; diff --git a/pki/base/ra/setup/registry_instance b/pki/base/ra/setup/registry_instance index 09ec620cb..64a73197f 100644 --- a/pki/base/ra/setup/registry_instance +++ b/pki/base/ra/setup/registry_instance @@ -99,19 +99,18 @@ export httpd pki_logs_directory=${PKI_SERVER_ROOT}/logs export pki_logs_directory -# see if httpd is linked with the openldap libraries - we need to override them +# see if httpd is linked with the openldap libraries - we need to override +# their use of OpenSSL if [ ${OS} = "Linux" ]; then hasopenldap=0 /usr/bin/ldd ${httpd} 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1 if [ ${hasopenldap} -eq 1 ] ; then - LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libldap60.so" LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libssl3.so:${LD_PRELOAD}" export LD_PRELOAD fi elif [ ${OS} = "SunOS" ]; then - LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/libldap60.so" LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/dirsec/libssl3.so:${LD_PRELOAD_64}" export LD_PRELOAD_64 fi |