diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-07 02:43:11 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-07 02:43:11 -0500 |
| commit | 68d486e22476583b9a2045ecd39f589257a1bb30 (patch) | |
| tree | 3c32e1baf00709111dcd351842836403137299db /src/libtdeldap.h | |
| parent | 86e14dadc9d81d186f23ce6217ac5d17c969f003 (diff) | |
| download | libtdeldap-68d486e22476583b9a2045ecd39f589257a1bb30.tar.gz libtdeldap-68d486e22476583b9a2045ecd39f589257a1bb30.zip | |
Add routine to create certificate
Diffstat (limited to 'src/libtdeldap.h')
| -rw-r--r-- | src/libtdeldap.h | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/libtdeldap.h b/src/libtdeldap.h index b6d899e..be3c84a 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -36,6 +36,16 @@ #define KERBEROS_PKI_PRIVATEDIR "/etc/trinity/ldap/tde-ca/private/" #define KERBEROS_PKI_PUBLICDIR "/etc/trinity/ldap/tde-ca/public/" +#define KERBEROS_PKI_PEM_FILE KERBEROS_PKI_ANCHORDIR "tdeca.pem" +#define KERBEROS_PKI_PEMKEY_FILE KERBEROS_PKI_ANCHORDIR "tdeca.key.pem" +#define KERBEROS_PKI_KDC_FILE KERBEROS_PKI_PUBLICDIR "@@@KDCSERVER@@@.pki.crt" +#define KERBEROS_PKI_KDCKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@KDCSERVER@@@.pki.key" +#define KERBEROS_PKI_KDCREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@KDCSERVER@@@.pki.req" + +#define LDAP_CERT_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crt" +#define LDAP_CERTKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.key" +#define LDAP_CERTREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.req" + #define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data" // Values from hdb.asn1 @@ -100,6 +110,27 @@ class LDAPRealmConfig bool win2k_pkinit_require_binding; }; +// PRIVATE +class LDAPCertConfig +{ + public: + bool generate_certs; + TQString provided_kerberos_pem; + TQString provided_kerberos_pemkey; + TQString provided_kerberos_crt; + TQString provided_kerberos_key; + TQString provided_ldap_crt; + TQString provided_ldap_key; + + TQString countryName; + TQString stateOrProvinceName; + TQString localityName; + TQString organizationName; + TQString orgUnitName; + TQString commonName; + TQString emailAddress; +}; + typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList; class LDAPUserInfo @@ -271,6 +302,9 @@ class LDAPManager : public TQObject { static TQString getMachineFQDN(); static void writeLDAPConfFile(LDAPRealmConfig realmcfg); static void writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config); + static TQDateTime getCertificateExpiration(TQString certfile); + + static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo); private: LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry); |