diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2018-07-17 14:52:03 -0500 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2018-07-17 14:52:03 -0500 |
commit | bdf74509a3bb1b9004c1f53839bbc89344df598f (patch) | |
tree | b03c8179e830e6f5242e0d32d42c99a89821a975 | |
parent | 84485fe60794570045619ab05f1304dd67ee8f9c (diff) | |
download | libtdeldap-bdf74509a3bb1b9004c1f53839bbc89344df598f.tar.gz libtdeldap-bdf74509a3bb1b9004c1f53839bbc89344df598f.zip |
OpenSSL 1.1.0 and later use a builtin OID database that conficts with our explicit OID definitions
Attempt to detect OpenSSL verisons prior to 1.1.0, and only add explicit OID definitions for those older versions
-rw-r--r-- | src/libtdeldap.cpp | 64 | ||||
-rw-r--r-- | src/libtdeldap.h | 1 |
2 files changed, 59 insertions, 6 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index e3e7fe6..9975717 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -27,6 +27,7 @@ #include <tqdir.h> #include <tqfile.h> +#include <tqprocess.h> #include <tqcheckbox.h> #include <tdeapplication.h> @@ -5196,6 +5197,47 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) { return 0; } +TQString LDAPManager::getOpenSSLVersion() { + TQString output; + int timeout = 0; + int version_end_pos = 0; + + TQProcess *opensslproc = new TQProcess; + + opensslproc->addArgument("openssl"); + opensslproc->addArgument("version"); + + if (!opensslproc->start()) { + delete opensslproc; + return TQString::null; + } + + while (opensslproc->isRunning()) { + if (timeout > 10000) { + opensslproc->kill(); + tqApp->processEvents(); + delete opensslproc; + return TQString::null; + } + tqApp->processEvents(); + usleep(10000); + timeout++; + } + + TQByteArray byteOutput = opensslproc->readStdout(); + + delete opensslproc; + + output = byteOutput.data(); + output = output.replace("OpenSSL ", ""); + version_end_pos = output.find(" "); + if (version_end_pos > 0) { + output.truncate(version_end_pos); + } + + return output; +} + int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQString *errstr) { return writeOpenSSLConfigurationFile(realmcfg, LDAPUserInfo(), TQString::fromLatin1(OPENSSL_EXTENSIONS_FILE), TQString::null, TQString::null, TQString::null, TQString::null, errstr); } @@ -5206,6 +5248,14 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse crl_url = TQString("URI:file://%1,URI:file://%2").arg(KERBEROS_PKI_CRL_FILE).arg(ca_public_crl_certfile); + TQString openssl_version = getOpenSSLVersion(); + if (openssl_version.length() < 1) { + if (errstr) { + *errstr = i18n("Could not determine OpenSSL version. Is OpenSSL installed?"); + } + return 1; + } + if (caRootKeyFile == "") { caRootKeyFile = KERBEROS_PKI_PEMKEY_FILE; } @@ -5242,12 +5292,14 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse stream << "# This file was automatically generated by TDE\n"; stream << "# All changes will be lost!\n"; stream << "\n"; - stream << "oid_section = new_oids" << "\n"; - stream << "\n"; - stream << "[new_oids]" << "\n"; - stream << "uid = 0.9.2342.19200300.100.1.1" << "\n"; - stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n"; - stream << "\n"; + if (openssl_version.startsWith("0") || openssl_version.startsWith("1.0")) { + stream << "oid_section = new_oids" << "\n"; + stream << "\n"; + stream << "[new_oids]" << "\n"; + stream << "uid = 0.9.2342.19200300.100.1.1" << "\n"; + stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n"; + stream << "\n"; + } stream << "[ca]" << "\n"; stream << "default_ca = certificate_authority" << "\n"; stream << "\n"; diff --git a/src/libtdeldap.h b/src/libtdeldap.h index e8515f2..9121c45 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -605,6 +605,7 @@ class LDAPManager : public TQObject { LDAPMasterReplicationInfo parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry); TQString parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry); bool parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval); + static TQString getOpenSSLVersion(); private: TQString m_realm; |