|
|
@ -2658,7 +2658,6 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at
|
|
|
|
|
|
|
|
|
|
|
|
TQString LDAPManager::getRealmCAMaster(TQString* errstr) {
|
|
|
|
TQString LDAPManager::getRealmCAMaster(TQString* errstr) {
|
|
|
|
int retcode;
|
|
|
|
int retcode;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
TQString realmCAMaster;
|
|
|
|
TQString realmCAMaster;
|
|
|
|
|
|
|
|
|
|
|
|
TQString dn = TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc);
|
|
|
|
TQString dn = TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc);
|
|
|
@ -3743,6 +3742,8 @@ LDAPRealmConfigList LDAPManager::readTDERealmList(KSimpleConfig* config, bool di
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int LDAPManager::writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config, TQString *errstr) {
|
|
|
|
int LDAPManager::writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config, TQString *errstr) {
|
|
|
|
|
|
|
|
Q_UNUSED(errstr)
|
|
|
|
|
|
|
|
|
|
|
|
LDAPRealmConfigList::Iterator it;
|
|
|
|
LDAPRealmConfigList::Iterator it;
|
|
|
|
for (it = realms.begin(); it != realms.end(); ++it) {
|
|
|
|
for (it = realms.begin(); it != realms.end(); ++it) {
|
|
|
|
LDAPRealmConfig realmcfg = it.data();
|
|
|
|
LDAPRealmConfig realmcfg = it.data();
|
|
|
@ -3805,8 +3806,9 @@ TQDateTime LDAPManager::getCertificateExpiration(TQString certfile) {
|
|
|
|
int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
|
|
|
|
int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
|
|
|
|
TQString command;
|
|
|
|
TQString command;
|
|
|
|
TQString subject;
|
|
|
|
TQString subject;
|
|
|
|
|
|
|
|
|
|
|
|
subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
|
|
|
|
subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
|
|
|
|
command = TQString("openssl req -days %1 -key %2 -new -x509 -out %3 -subj %4").arg(KERBEROS_PKI_PEMKEY_EXPIRY_DAYS).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(subject);
|
|
|
|
command = TQString("openssl req -days %1 -key %2 -new -x509 -out %3 -subj %4").arg(certinfo.caExpiryDays).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(subject);
|
|
|
|
if (system(command) < 0) {
|
|
|
|
if (system(command) < 0) {
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
return -1;
|
|
|
|
return -1;
|
|
|
@ -3825,6 +3827,7 @@ int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
|
|
|
|
|
|
|
|
|
|
|
|
int LDAPManager::generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg) {
|
|
|
|
int LDAPManager::generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg) {
|
|
|
|
TQString command;
|
|
|
|
TQString command;
|
|
|
|
|
|
|
|
TQString subject;
|
|
|
|
|
|
|
|
|
|
|
|
TQString kdc_certfile = KERBEROS_PKI_KDC_FILE;
|
|
|
|
TQString kdc_certfile = KERBEROS_PKI_KDC_FILE;
|
|
|
|
TQString kdc_keyfile = KERBEROS_PKI_KDCKEY_FILE;
|
|
|
|
TQString kdc_keyfile = KERBEROS_PKI_KDCKEY_FILE;
|
|
|
@ -3833,7 +3836,8 @@ int LDAPManager::generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAP
|
|
|
|
kdc_keyfile.replace("@@@KDCSERVER@@@", realmcfg.name.lower());
|
|
|
|
kdc_keyfile.replace("@@@KDCSERVER@@@", realmcfg.name.lower());
|
|
|
|
kdc_reqfile.replace("@@@KDCSERVER@@@", realmcfg.name.lower());
|
|
|
|
kdc_reqfile.replace("@@@KDCSERVER@@@", realmcfg.name.lower());
|
|
|
|
|
|
|
|
|
|
|
|
command = TQString("openssl req -new -out %1 -key %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(kdc_reqfile).arg(kdc_keyfile).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
|
|
|
|
subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
|
|
|
|
|
|
|
|
command = TQString("openssl req -days %1 -new -out %2 -key %3 -subj %4").arg(certinfo.kerberosExpiryDays).arg(kdc_reqfile).arg(kdc_keyfile).arg(subject);
|
|
|
|
if (system(command) < 0) {
|
|
|
|
if (system(command) < 0) {
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
return -1;
|
|
|
|
return -1;
|
|
|
@ -3863,6 +3867,7 @@ int LDAPManager::generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAP
|
|
|
|
|
|
|
|
|
|
|
|
int LDAPManager::generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg, uid_t ldap_uid, gid_t ldap_gid) {
|
|
|
|
int LDAPManager::generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg, uid_t ldap_uid, gid_t ldap_gid) {
|
|
|
|
TQString command;
|
|
|
|
TQString command;
|
|
|
|
|
|
|
|
TQString subject;
|
|
|
|
|
|
|
|
|
|
|
|
TQString ldap_certfile = LDAP_CERT_FILE;
|
|
|
|
TQString ldap_certfile = LDAP_CERT_FILE;
|
|
|
|
TQString ldap_keyfile = LDAP_CERTKEY_FILE;
|
|
|
|
TQString ldap_keyfile = LDAP_CERTKEY_FILE;
|
|
|
@ -3871,7 +3876,8 @@ int LDAPManager::generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPReal
|
|
|
|
ldap_keyfile.replace("@@@ADMINSERVER@@@", realmcfg.name.lower());
|
|
|
|
ldap_keyfile.replace("@@@ADMINSERVER@@@", realmcfg.name.lower());
|
|
|
|
ldap_reqfile.replace("@@@ADMINSERVER@@@", realmcfg.name.lower());
|
|
|
|
ldap_reqfile.replace("@@@ADMINSERVER@@@", realmcfg.name.lower());
|
|
|
|
|
|
|
|
|
|
|
|
command = TQString("openssl req -new -out %1 -key %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(ldap_reqfile).arg(ldap_keyfile).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(realmcfg.admin_server).arg(certinfo.emailAddress);
|
|
|
|
subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
|
|
|
|
|
|
|
|
command = TQString("openssl req -days %1 -new -out %2 -key %3 -subj %4").arg(certinfo.ldapExpiryDays).arg(ldap_reqfile).arg(ldap_keyfile).arg(subject);
|
|
|
|
if (system(command) < 0) {
|
|
|
|
if (system(command) < 0) {
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
return -1;
|
|
|
|
return -1;
|
|
|
@ -3957,6 +3963,8 @@ LDAPClientRealmConfig LDAPManager::loadClientRealmConfig(KSimpleConfig* config,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int LDAPManager::saveClientRealmConfig(LDAPClientRealmConfig clientRealmConfig, KSimpleConfig* config, TQString *errstr) {
|
|
|
|
int LDAPManager::saveClientRealmConfig(LDAPClientRealmConfig clientRealmConfig, KSimpleConfig* config, TQString *errstr) {
|
|
|
|
|
|
|
|
Q_UNUSED(errstr)
|
|
|
|
|
|
|
|
|
|
|
|
config->setGroup(NULL);
|
|
|
|
config->setGroup(NULL);
|
|
|
|
config->writeEntry("EnableLDAP", clientRealmConfig.enable_bonding);
|
|
|
|
config->writeEntry("EnableLDAP", clientRealmConfig.enable_bonding);
|
|
|
|
config->writeEntry("HostFQDN", clientRealmConfig.hostFQDN);
|
|
|
|
config->writeEntry("HostFQDN", clientRealmConfig.hostFQDN);
|
|
|
@ -4030,6 +4038,11 @@ int LDAPManager::writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig
|
|
|
|
|
|
|
|
|
|
|
|
file.close();
|
|
|
|
file.close();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
if (errstr) {
|
|
|
|
|
|
|
|
*errstr = i18n("Could not open file '%1' for writing").arg(file.name());
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -4058,6 +4071,11 @@ int LDAPManager::writeNSSwitchFile(TQString *errstr) {
|
|
|
|
|
|
|
|
|
|
|
|
file.close();
|
|
|
|
file.close();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
if (errstr) {
|
|
|
|
|
|
|
|
*errstr = i18n("Could not open file '%1' for writing").arg(file.name());
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -4076,6 +4094,11 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
|
|
|
|
|
|
|
|
|
|
|
|
file.close();
|
|
|
|
file.close();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
if (errstr) {
|
|
|
|
|
|
|
|
*errstr = i18n("Could not open file '%1' for writing").arg(file.name());
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
TQFile file2(PAMD_DIRECTORY PAMD_COMMON_AUTH);
|
|
|
|
TQFile file2(PAMD_DIRECTORY PAMD_COMMON_AUTH);
|
|
|
|
if (file2.open(IO_WriteOnly)) {
|
|
|
|
if (file2.open(IO_WriteOnly)) {
|
|
|
@ -4095,6 +4118,11 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
|
|
|
|
|
|
|
|
|
|
|
|
file2.close();
|
|
|
|
file2.close();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
if (errstr) {
|
|
|
|
|
|
|
|
*errstr = i18n("Could not open file '%1' for writing").arg(file2.name());
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
TQFile file3(PAMD_DIRECTORY PAMD_COMMON_SESSION);
|
|
|
|
TQFile file3(PAMD_DIRECTORY PAMD_COMMON_SESSION);
|
|
|
|
if (file3.open(IO_WriteOnly)) {
|
|
|
|
if (file3.open(IO_WriteOnly)) {
|
|
|
@ -4126,6 +4154,11 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
|
|
|
|
|
|
|
|
|
|
|
|
file3.close();
|
|
|
|
file3.close();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
if (errstr) {
|
|
|
|
|
|
|
|
*errstr = i18n("Could not open file '%1' for writing").arg(file3.name());
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|