diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-11 14:38:41 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-11 14:38:41 -0500 |
| commit | a74f58160a68cc658f32037cb4e9a06391759bd6 (patch) | |
| tree | 34053d81b8c88a64429bca2729990274e4ae88e7 /src | |
| parent | ec23f4b717dc7e47e9000d2d135ac4914cc2180b (diff) | |
| download | kcmldapcontroller-a74f58160a68cc658f32037cb4e9a06391759bd6.tar.gz kcmldapcontroller-a74f58160a68cc658f32037cb4e9a06391759bd6.zip | |
Write primary realm cert updater cron file
Fix return values
Read information from provided primary certificate
Diffstat (limited to 'src')
| -rw-r--r-- | src/ldapcontroller.cpp | 12 | ||||
| -rw-r--r-- | src/primaryrealmwizard/realmwizard.cpp | 64 |
2 files changed, 62 insertions, 14 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index ff716aa..2e93f11 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -78,9 +78,6 @@ #define KEY_STRENGTH 2048 -// RAJA FIXME -// Certificate manager/updater (CLI, callable from crontab) still needs to be written... - typedef KGenericFactory<LDAPController, TQWidget> ldapFactory; K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller")) @@ -224,6 +221,7 @@ void LDAPController::systemRoleChanged() { pdialog.setStatusMessage(i18n("Purging local configuration...")); tqApp->processEvents(); + system(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE)); system(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR)); // Write the TDE realm configuration file @@ -751,6 +749,7 @@ int LDAPController::controlKAdminDaemon(sc_command command) { // This assumes Debian! return system("/etc/init.d/openbsd-inetd restart"); } + return -2; } int LDAPController::controlSASLServer(sc_command command) { @@ -769,6 +768,7 @@ int LDAPController::controlSASLServer(sc_command command) { // This assumes Debian! return system("/etc/init.d/saslauthd restart"); } + return -2; } int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t groupid) { @@ -803,6 +803,7 @@ int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t chmod(LDAP_KEYTAB_FILE, S_IRUSR|S_IWUSR|S_IRGRP); } } + return -2; } int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t groupid) { @@ -1548,6 +1549,8 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r return -1; } + LDAPManager::writePrimaryRealmCertificateUpdateCronFile(); + delete ldap_mgr; delete credentials; @@ -1583,8 +1586,9 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r // Write the NSS update crontab file and update NSS database LDAPManager::writeCronFiles(); - // RAJA FIXME pdialog.closeDialog(); + + return 0; } int LDAPController::buttons() { diff --git a/src/primaryrealmwizard/realmwizard.cpp b/src/primaryrealmwizard/realmwizard.cpp index 2b10dc5..68c19c3 100644 --- a/src/primaryrealmwizard/realmwizard.cpp +++ b/src/primaryrealmwizard/realmwizard.cpp @@ -46,6 +46,7 @@ #include <ktextedit.h> #include <kpassdlg.h> #include <kurlrequester.h> +#include <ksslcertificate.h> #include <stdlib.h> @@ -152,9 +153,6 @@ void RealmWizard::next() { } else if (currentPage()==certpage) { // Save certificate information - // RAJA FIXME - // If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate! - // If this is not done, the automatic certificate updater will fail!!! m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn(); m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url(); m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url(); @@ -162,13 +160,59 @@ void RealmWizard::next() { m_certconfig.provided_kerberos_key = certpage->kerberosKEY->url(); m_certconfig.provided_ldap_crt = certpage->ldapCRT->url(); m_certconfig.provided_ldap_key = certpage->ldapKEY->url(); - m_certconfig.organizationName = certpage->organizationName->text(); - m_certconfig.orgUnitName = certpage->orgUnitName->text(); - m_certconfig.commonName = certpage->commonName->text(); - m_certconfig.localityName = certpage->localityName->text(); - m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text(); - m_certconfig.countryName = certpage->countryName->text(); - m_certconfig.emailAddress = certpage->emailAddress->text(); + if (m_certconfig.generate_certs) { + m_certconfig.organizationName = certpage->organizationName->text(); + m_certconfig.orgUnitName = certpage->orgUnitName->text(); + m_certconfig.commonName = certpage->commonName->text(); + m_certconfig.localityName = certpage->localityName->text(); + m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text(); + m_certconfig.countryName = certpage->countryName->text(); + m_certconfig.emailAddress = certpage->emailAddress->text(); + } + else { + // If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate + // If this is not done, the automatic certificate updater will fail! + TQFile file(m_certconfig.provided_kerberos_pem); + if (file.open(IO_ReadOnly)) { + TQByteArray ba = file.readAll(); + file.close(); + + TQCString ssldata(ba); + ssldata.replace("-----BEGIN CERTIFICATE-----", ""); + ssldata.replace("-----END CERTIFICATE-----", ""); + ssldata.replace("\n", ""); + KSSLCertificate* cert = KSSLCertificate::fromString(ssldata); + if (cert) { + TQString subj = cert->getSubject(); + TQStringList subjList = TQStringList::split("/", subj, false); + for (TQStringList::Iterator it = subjList.begin(); it != subjList.end(); ++it) { + TQStringList kvPair = TQStringList::split("=", *it, false); + if (kvPair[0] == "O") { + m_certconfig.organizationName = kvPair[1]; + } + else if (kvPair[0] == "OU") { + m_certconfig.orgUnitName = kvPair[1]; + } + else if (kvPair[0] == "CN") { + m_certconfig.commonName = kvPair[1]; + } + else if (kvPair[0] == "L") { + m_certconfig.localityName = kvPair[1]; + } + else if (kvPair[0] == "ST") { + m_certconfig.stateOrProvinceName = kvPair[1]; + } + else if (kvPair[0] == "C") { + m_certconfig.countryName = kvPair[1]; + } + else if (kvPair[0] == "emailAddress") { + m_certconfig.emailAddress = kvPair[1]; + } + } + delete cert; + } + } + } TQWizard::next(); finishpage->validateEntries(); |