Write cert and sudoers files

pull/1/head
Timothy Pearson 13 years ago
parent 0792d54085
commit 372cfda98c

@ -5,7 +5,7 @@ METASOURCES = AUTO
kde_module_LTLIBRARIES = kcm_ldap.la kde_module_LTLIBRARIES = kcm_ldap.la
kcm_ldap_la_SOURCES = ldapbonding.cpp ldapconfigbase.ui realmpropertiesdialog.cpp bondintropage.cpp bondintropagedlg.ui bondrealmpage.cpp bondrealmpagedlg.ui bondfinishpage.cpp bondfinishpagedlg.ui bondwizard.cpp ldappasswddlg.cpp kcm_ldap_la_SOURCES = ldapbonding.cpp ldapconfigbase.ui realmpropertiesdialog.cpp bondintropage.cpp bondintropagedlg.ui bondrealmpage.cpp bondrealmpagedlg.ui bondfinishpage.cpp bondfinishpagedlg.ui bondwizard.cpp ldappasswddlg.cpp
kcm_ldap_la_LIBADD = -lkio $(LIB_TDEUI) kcm_ldap_la_LIBADD = -lkio $(LIB_TDEUI) -ltdeldap
kcm_ldap_la_LDFLAGS = -avoid-version -module -no-undefined \ kcm_ldap_la_LDFLAGS = -avoid-version -module -no-undefined \
$(all_libraries) $(all_libraries)

@ -54,7 +54,6 @@
#define PAMD_DIRECTORY "/etc/pam.d/" #define PAMD_DIRECTORY "/etc/pam.d/"
#define PAMD_COMMON_ACCOUNT "common-account" #define PAMD_COMMON_ACCOUNT "common-account"
#define PAMD_COMMON_AUTH "common-auth" #define PAMD_COMMON_AUTH "common-auth"
#define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db"
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory; typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
@ -243,6 +242,8 @@ void LDAPConfig::defaults() {
} }
void LDAPConfig::save() { void LDAPConfig::save() {
TQString errorstring;
// Write system configuration // Write system configuration
systemconfig->setGroup(NULL); systemconfig->setGroup(NULL);
systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked()); systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
@ -285,9 +286,24 @@ void LDAPConfig::save() {
// Write the PAM configuration files // Write the PAM configuration files
writePAMFiles(); writePAMFiles();
// Write the cron files // Write the cron files
writeCronFiles(); LDAPManager::writeCronFiles();
// RAJA FIXME
// Update the SUDOERS file with the domain-wide computer local admin group! // Bind anonymously to LDAP
LDAPCredentials* credentials = new LDAPCredentials;
credentials->username = "";
credentials->password = "";
credentials->realm = m_defaultRealm.upper();
LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials);
// Add the domain-wide computer local admin group to local sudoers
ldap_mgr->writeSudoersConfFile(&errorstring);
// Get and install the CA root certificate from LDAP
mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring);
delete ldap_mgr;
delete credentials;
} }
load(); load();
@ -664,21 +680,6 @@ void LDAPConfig::writePAMFiles() {
} }
} }
void LDAPConfig::writeCronFiles() {
TQFile file(CRON_UPDATE_NSS_FILE);
if (file.open(IO_WriteOnly)) {
TQTextStream stream( &file );
stream << "# This file was automatically generated by TDE\n";
stream << "# All changes will be lost!\n";
stream << "\n";
stream << "#!/bin/sh" << "\n";
stream << "/usr/sbin/nss_updatedb ldap" << "\n";
file.close();
}
}
int LDAPConfig::buttons() { int LDAPConfig::buttons() {
return KCModule::Apply|KCModule::Help; return KCModule::Apply|KCModule::Help;
} }

@ -72,7 +72,6 @@ class LDAPConfig: public KCModule
void writeLDAPConfFile(); void writeLDAPConfFile();
void writeNSSwitchFile(); void writeNSSwitchFile();
void writePAMFiles(); void writePAMFiles();
void writeCronFiles();
private: private:
KAboutData *myAboutData; KAboutData *myAboutData;

Loading…
Cancel
Save