TDE
/
kcmldapcontroller
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/kcmldapcontroller
0
0
Fork 0
Code Issues Releases Wiki Activity

Write primary realm cert updater cron file

Browse Source 
Fix return values
Read information from provided primary certificate
pull/1/head
Timothy Pearson 12 years ago
parent ec23f4b717
commit a74f58160a
2 changed files with 62 additions and 14 deletions
Show Stats Download Patch File Download Diff File

12
src/ldapcontroller.cpp
Unescape View File

@ -78,9 +78,6 @@
#define KEY_STRENGTH 2048
// RAJA FIXME
// Certificate manager/updater (CLI, callable from crontab) still needs to be written...
typedef KGenericFactory<LDAPController, TQWidget> ldapFactory;
K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller"))
@ -224,6 +221,7 @@ void LDAPController::systemRoleChanged() {
pdialog.setStatusMessage(i18n("Purging local configuration..."));
tqApp->processEvents();
system(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE));
system(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR));
// Write the TDE realm configuration file
@ -751,6 +749,7 @@ int LDAPController::controlKAdminDaemon(sc_command command) {
// This assumes Debian!
return system("/etc/init.d/openbsd-inetd restart");
}
return -2;
}
int LDAPController::controlSASLServer(sc_command command) {
@ -769,6 +768,7 @@ int LDAPController::controlSASLServer(sc_command command) {
// This assumes Debian!
return system("/etc/init.d/saslauthd restart");
}
return -2;
}
int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t groupid) {
@ -803,6 +803,7 @@ int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t
chmod(LDAP_KEYTAB_FILE, S_IRUSR|S_IWUSR|S_IRGRP);
}
}
return -2;
}
int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t groupid) {
@ -1548,6 +1549,8 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
return -1;
}
LDAPManager::writePrimaryRealmCertificateUpdateCronFile();
delete ldap_mgr;
delete credentials;
@ -1583,8 +1586,9 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
// Write the NSS update crontab file and update NSS database
LDAPManager::writeCronFiles();
// RAJA FIXME
pdialog.closeDialog();
return 0;
}
int LDAPController::buttons() {

64
src/primaryrealmwizard/realmwizard.cpp
Unescape View File

@ -46,6 +46,7 @@
#include <ktextedit.h>
#include <kpassdlg.h>
#include <kurlrequester.h>
#include <ksslcertificate.h>
#include <stdlib.h>
@ -152,9 +153,6 @@ void RealmWizard::next() {
}
else if (currentPage()==certpage) {
// Save certificate information
// RAJA FIXME
// If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate!
// If this is not done, the automatic certificate updater will fail!!!
m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn();
m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url();
m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url();
@ -162,13 +160,59 @@ void RealmWizard::next() {
m_certconfig.provided_kerberos_key = certpage->kerberosKEY->url();
m_certconfig.provided_ldap_crt = certpage->ldapCRT->url();
m_certconfig.provided_ldap_key = certpage->ldapKEY->url();
m_certconfig.organizationName = certpage->organizationName->text();
m_certconfig.orgUnitName = certpage->orgUnitName->text();
m_certconfig.commonName = certpage->commonName->text();
m_certconfig.localityName = certpage->localityName->text();
m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text();
m_certconfig.countryName = certpage->countryName->text();
m_certconfig.emailAddress = certpage->emailAddress->text();
if (m_certconfig.generate_certs) {
m_certconfig.organizationName = certpage->organizationName->text();
m_certconfig.orgUnitName = certpage->orgUnitName->text();
m_certconfig.commonName = certpage->commonName->text();
m_certconfig.localityName = certpage->localityName->text();
m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text();
m_certconfig.countryName = certpage->countryName->text();
m_certconfig.emailAddress = certpage->emailAddress->text();
}
else {
// If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate
// If this is not done, the automatic certificate updater will fail!
TQFile file(m_certconfig.provided_kerberos_pem);
if (file.open(IO_ReadOnly)) {
TQByteArray ba = file.readAll();
file.close();
TQCString ssldata(ba);
ssldata.replace("-----BEGIN CERTIFICATE-----", "");
ssldata.replace("-----END CERTIFICATE-----", "");
ssldata.replace("\n", "");
KSSLCertificate* cert = KSSLCertificate::fromString(ssldata);
if (cert) {
TQString subj = cert->getSubject();
TQStringList subjList = TQStringList::split("/", subj, false);
for (TQStringList::Iterator it = subjList.begin(); it != subjList.end(); ++it) {
TQStringList kvPair = TQStringList::split("=", *it, false);
if (kvPair[0] == "O") {
m_certconfig.organizationName = kvPair[1];
}
else if (kvPair[0] == "OU") {
m_certconfig.orgUnitName = kvPair[1];
}
else if (kvPair[0] == "CN") {
m_certconfig.commonName = kvPair[1];
}
else if (kvPair[0] == "L") {
m_certconfig.localityName = kvPair[1];
}
else if (kvPair[0] == "ST") {
m_certconfig.stateOrProvinceName = kvPair[1];
}
else if (kvPair[0] == "C") {
m_certconfig.countryName = kvPair[1];
}
else if (kvPair[0] == "emailAddress") {
m_certconfig.emailAddress = kvPair[1];
}
}
delete cert;
}
}
}
TQWizard::next();
finishpage->validateEntries();

Write Preview
Loading…
Cancel
Save