TDE
/
libtdeldap
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/libtdeldap
0
0
Fork 0
Code Issues Releases Wiki Activity

Properly report certificate retrieval failures to calling application

Browse Source
pull/1/head
Timothy Pearson 9 years ago
parent f1b7b0381a
commit ca4c872008
1 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File

39
src/libtdeldap.cpp
Unescape View File

@ -4117,7 +4117,22 @@ int LDAPManager::getTDECertificate(TQString certificateName, TQFile *fileHandle,
TQByteArray ba;
returncode = getTDECertificate(certificateName, &ba, errstr);
if (returncode == 0) {
fileHandle->writeBlock(ba);
if (fileHandle->open(IO_WriteOnly)) {
fileHandle->writeBlock(ba);
fileHandle->close();
if (chmod(TQFile::encodeName(fileHandle->name()).data(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
if (errstr) *errstr = i18n("Unable to change permissions of \"%1\"").arg(TQFile::encodeName(fileHandle->name()).data());
return -1;
}
else {
return 0;
}
}
else {
if (errstr) *errstr = i18n("Unable to open file \"%1\" for writing").arg(TQFile::encodeName(fileHandle->name()).data());
return -1;
}
}
return returncode;
@ -4125,21 +4140,7 @@ int LDAPManager::getTDECertificate(TQString certificateName, TQFile *fileHandle,
int LDAPManager::getTDECertificate(TQString certificateName, TQString fileName, TQString *errstr) {
TQFile file(fileName);
if (file.open(IO_WriteOnly)) {
getTDECertificate(certificateName, &file, errstr);
file.close();
if (chmod(fileName.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
if (errstr) *errstr = i18n("Unable to change permissions of \"%1\"").arg(fileName.ascii());
return -1;
}
else {
return 0;
}
}
else {
if (errstr) *errstr = i18n("Unable to open file \"%1\" for writing").arg(fileName.ascii());
return -1;
}
return getTDECertificate(certificateName, &file, errstr);
}
int LDAPManager::writeSudoersConfFile(TQString *errstr) {
@ -5069,7 +5070,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
stream << "# All changes will be lost!\n";
stream << "\n";
stream << "auth [default=ignore success=ignore] pam_mount.so" << "\n";
stream << "auth [success=done new_authtok_reqd=done default=ignore] pam_unix.so nullok try_first_pass" << "\n";
stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_unix.so nullok try_first_pass" << "\n";
if (pamConfig.enable_cached_credentials) {
stream << "auth [default=ignore success=1 service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n";
stream << "auth [default=1 success=done] pam_ccreds.so action=validate use_first_pass" << "\n";
@ -5079,8 +5080,8 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n";
}
if (pamConfig.enable_pkcs11_login) {
stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so" << "\n";
// stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_krb5.so force_first_pass no_prompt try_pkinit" << "\n";
stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so use_first_pass first_pass_is_pin no_prompt try_pkinit" << "\n";
stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so use_first_pass" << "\n";
}
stream << "auth required pam_deny.so" << "\n";

Write Preview
Loading…
Cancel
Save