|
|
|
|
@ -68,7 +68,7 @@ void signalHandler(int signum)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int get_certificate_from_server(TQString certificateName, LDAPRealmConfig realmcfg)
|
|
|
|
|
int get_certificate_from_server(TQString certificateName, TQString certificateFileName, LDAPRealmConfig realmcfg)
|
|
|
|
|
{
|
|
|
|
|
int retcode = 0;
|
|
|
|
|
TQString errorstring;
|
|
|
|
|
@ -85,8 +85,8 @@ int get_certificate_from_server(TQString certificateName, LDAPRealmConfig realmc
|
|
|
|
|
ldap_mgr->writeSudoersConfFile(&errorstring);
|
|
|
|
|
|
|
|
|
|
// Get and install the CA root certificate from LDAP
|
|
|
|
|
printf("[INFO] Updating certificate %s from LDAP\n", certificateName.ascii());
|
|
|
|
|
if (ldap_mgr->getTDECertificate("publicRootCertificate", certificateName, &errorstring) != 0) {
|
|
|
|
|
printf("[INFO] Updating certificate %s from LDAP\n", certificateFileName.ascii());
|
|
|
|
|
if (ldap_mgr->getTDECertificate(certificateName, certificateFileName, &errorstring) != 0) {
|
|
|
|
|
printf("[ERROR] Unable to obtain root certificate for realm %s: %s", realmcfg.name.upper().ascii(), errorstring.ascii());
|
|
|
|
|
retcode = 1;
|
|
|
|
|
}
|
|
|
|
|
@ -154,18 +154,18 @@ int main(int argc, char *argv[])
|
|
|
|
|
LDAPRealmConfigList::Iterator it;
|
|
|
|
|
for (it = realms.begin(); it != realms.end(); ++it) {
|
|
|
|
|
LDAPRealmConfig realmcfg = it.data();
|
|
|
|
|
TQString certificateName = KERBEROS_PKI_PUBLICDIR + realmcfg.admin_server + ".ldap.crt";
|
|
|
|
|
TQString certificateFileName = KERBEROS_PKI_PUBLICDIR + realmcfg.admin_server + ".ldap.crt";
|
|
|
|
|
|
|
|
|
|
TQDateTime certExpiry;
|
|
|
|
|
TQDateTime soon = now.addDays(7); // Keep in sync with src/ldapcontroller.cpp
|
|
|
|
|
|
|
|
|
|
if (TQFile::exists(certificateName)) {
|
|
|
|
|
certExpiry = LDAPManager::getCertificateExpiration(certificateName);
|
|
|
|
|
if (TQFile::exists(certificateFileName)) {
|
|
|
|
|
certExpiry = LDAPManager::getCertificateExpiration(certificateFileName);
|
|
|
|
|
if (certExpiry >= now) {
|
|
|
|
|
printf("[INFO] Certificate %s expires %s\n", certificateName.ascii(), certExpiry.toString().ascii()); fflush(stdout);
|
|
|
|
|
printf("[INFO] Certificate %s expires %s\n", certificateFileName.ascii(), certExpiry.toString().ascii()); fflush(stdout);
|
|
|
|
|
}
|
|
|
|
|
if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) {
|
|
|
|
|
if (get_certificate_from_server(certificateName, realmcfg) != 0) {
|
|
|
|
|
if (get_certificate_from_server("publicRootCertificate", certificateFileName, realmcfg) != 0) {
|
|
|
|
|
allDownloadsOK = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
@ -176,7 +176,7 @@ int main(int argc, char *argv[])
|
|
|
|
|
else {
|
|
|
|
|
mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
|
|
|
|
|
mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
|
|
|
|
|
if (get_certificate_from_server(certificateName, realmcfg) != 0) {
|
|
|
|
|
if (get_certificate_from_server("publicRootCertificate", certificateFileName, realmcfg) != 0) {
|
|
|
|
|
allDownloadsOK = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Timothy Pearson
9 years ago