summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2012-06-11 14:09:06 -0500
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2012-06-11 14:09:06 -0500
commitec23f4b717dc7e47e9000d2d135ac4914cc2180b (patch)
tree11f0f93fba577d68433fa8a5d0d177997eab0ac2
parent02cfa8d8afb2c84b0683e4071f4482a54d2e459e (diff)
downloadkcmldapcontroller-ec23f4b717dc7e47e9000d2d135ac4914cc2180b.tar.gz
kcmldapcontroller-ec23f4b717dc7e47e9000d2d135ac4914cc2180b.zip
Move primary realm wizard sources to separate directory
Add cert-updater
-rw-r--r--cert-updater/Makefile.am10
-rw-r--r--cert-updater/main.cpp184
-rw-r--r--confskel/openldap/ldif/olcDatabase.ldif2
-rw-r--r--confskel/openldap/ldif/tde-core.ldif12
-rw-r--r--confskel/openldap/skel.ldif2
-rw-r--r--debian/control2
-rw-r--r--src/Makefile.am8
-rw-r--r--src/ldapcontroller.cpp36
-rw-r--r--src/ldapcontroller.h3
-rw-r--r--src/primaryrealmwizard/Makefile.am5
-rw-r--r--src/primaryrealmwizard/certconfigpage.cpp (renamed from src/certconfigpage.cpp)0
-rw-r--r--src/primaryrealmwizard/certconfigpage.h (renamed from src/certconfigpage.h)0
-rw-r--r--src/primaryrealmwizard/certconfigpagedlg.ui (renamed from src/certconfigpagedlg.ui)0
-rw-r--r--src/primaryrealmwizard/realmconfigpage.cpp (renamed from src/realmconfigpage.cpp)0
-rw-r--r--src/primaryrealmwizard/realmconfigpage.h (renamed from src/realmconfigpage.h)0
-rw-r--r--src/primaryrealmwizard/realmconfigpagedlg.ui (renamed from src/realmconfigpagedlg.ui)0
-rw-r--r--src/primaryrealmwizard/realmfinishpage.cpp (renamed from src/realmfinishpage.cpp)0
-rw-r--r--src/primaryrealmwizard/realmfinishpage.h (renamed from src/realmfinishpage.h)0
-rw-r--r--src/primaryrealmwizard/realmfinishpagedlg.ui (renamed from src/realmfinishpagedlg.ui)0
-rw-r--r--src/primaryrealmwizard/realmintropage.cpp (renamed from src/realmintropage.cpp)0
-rw-r--r--src/primaryrealmwizard/realmintropage.h (renamed from src/realmintropage.h)0
-rw-r--r--src/primaryrealmwizard/realmintropagedlg.ui (renamed from src/realmintropagedlg.ui)0
-rw-r--r--src/primaryrealmwizard/realmwizard.cpp (renamed from src/realmwizard.cpp)3
-rw-r--r--src/primaryrealmwizard/realmwizard.h (renamed from src/realmwizard.h)0
-rw-r--r--subdirs1
25 files changed, 251 insertions, 17 deletions
diff --git a/cert-updater/Makefile.am b/cert-updater/Makefile.am
new file mode 100644
index 0000000..f1e8bae
--- /dev/null
+++ b/cert-updater/Makefile.am
@@ -0,0 +1,10 @@
+INCLUDES= $(all_includes) $(KDE_INCLUDES)/tde
+
+bin_PROGRAMS = primaryrccertupdater
+
+primaryrccertupdater_SOURCES = main.cpp
+
+primaryrccertupdater_METASOURCES = AUTO
+primaryrccertupdater_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -ltdeldap
+
+KDE_OPTIONS = nofinal \ No newline at end of file
diff --git a/cert-updater/main.cpp b/cert-updater/main.cpp
new file mode 100644
index 0000000..4c4f018
--- /dev/null
+++ b/cert-updater/main.cpp
@@ -0,0 +1,184 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * kb9vqf@pearsoncomputing.net *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <pwd.h>
+
+#include <kapplication.h>
+#include <kstartupinfo.h>
+#include <kcmdlineargs.h>
+#include <kaboutdata.h>
+
+#include <ksimpleconfig.h>
+
+#include <tqdatetime.h>
+#include <tqfile.h>
+
+#include <libtdeldap.h>
+
+// FIXME
+// Connect this to CMake/Automake
+#define KDE_CONFDIR "/etc/trinity"
+
+static const char description[] =
+ I18N_NOOP("TDE utility for updating realm certificates");
+
+static const char version[] = "v0.0.1";
+
+int uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr) {
+ // Upload the contents of KERBEROS_PKI_PEM_FILE to the LDAP server
+ TQFile cafile(KERBEROS_PKI_PEM_FILE);
+ if (cafile.open(IO_ReadOnly)) {
+ TQByteArray cafiledata = cafile.readAll();
+ if (ldap_mgr->writeCertificateFileIntoDirectory(cafiledata, "publicRootCertificate", errstr) != 0) {
+ return -1;
+ }
+ return 0;
+ }
+ return -1;
+}
+
+int main(int argc, char *argv[])
+{
+ KAboutData aboutData( "primaryrccertupdater", I18N_NOOP("Real Certificate Updater"),
+ version, description, KAboutData::License_GPL,
+ "(c) 2012, Timothy Pearson");
+ aboutData.addAuthor("Timothy Pearson",0, "kb9vqf@pearsoncomputing.net");
+ KCmdLineArgs::init( argc, argv, &aboutData );
+ KApplication::disableAutoDcopRegistration();
+
+ KApplication app(false, false);
+
+ KStartupInfo::appStarted();
+
+ //======================================================================================================================================================
+ //
+ // Updater code follows
+ //
+ //======================================================================================================================================================
+
+ // FIXME
+ // This assumes Debian!
+ TQString m_ldapUserName = "openldap";
+ TQString m_ldapGroupName = "openldap";
+
+ KSimpleConfig* m_systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
+ LDAPRealmConfigList m_realmconfig = LDAPManager::readTDERealmList(m_systemconfig, false);
+ // Load cert config
+ m_systemconfig->setGroup("Certificates");
+ LDAPCertConfig m_certconfig;
+ m_certconfig.countryName = m_systemconfig->readEntry("countryName");
+ m_certconfig.stateOrProvinceName = m_systemconfig->readEntry("stateOrProvinceName");
+ m_certconfig.localityName = m_systemconfig->readEntry("localityName");
+ m_certconfig.organizationName = m_systemconfig->readEntry("organizationName");
+ m_certconfig.orgUnitName = m_systemconfig->readEntry("orgUnitName");
+ m_certconfig.commonName = m_systemconfig->readEntry("commonName");
+ m_certconfig.emailAddress = m_systemconfig->readEntry("emailAddress");
+ // Load other defaults
+ m_systemconfig->setGroup(NULL);
+ TQString m_defaultRealm = m_systemconfig->readEntry("DefaultRealm");
+
+ TQDateTime certExpiry;
+ TQDateTime now = TQDateTime::currentDateTime();
+ TQDateTime soon = now.addDays(7); // Keep in sync with src/ldapcontroller.cpp
+
+ TQString kdc_certfile = KERBEROS_PKI_KDC_FILE;
+ kdc_certfile.replace("@@@KDCSERVER@@@", m_realmconfig[m_defaultRealm].kdc);
+ TQString ldap_certfile = LDAP_CERT_FILE;
+ ldap_certfile.replace("@@@ADMINSERVER@@@", m_realmconfig[m_defaultRealm].admin_server);
+
+ // Certificate Authority
+ if (TQFile::exists(KERBEROS_PKI_PEM_FILE)) {
+ certExpiry = LDAPManager::getCertificateExpiration(KERBEROS_PKI_PEM_FILE);
+ if (certExpiry >= now) {
+ printf("Certificate %s expires %s\n\r", TQString(KERBEROS_PKI_PEM_FILE).ascii(), certExpiry.toString().ascii()); fflush(stdout);
+ }
+ if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) {
+ printf("Regenerating certificate %s...\n\r", TQString(KERBEROS_PKI_PEM_FILE).ascii()); fflush(stdout);
+ // RAJA FIXME FIXME FIXME
+ LDAPManager::generatePublicKerberosCACertificate(m_certconfig);
+
+ TQString realmname = m_defaultRealm.upper();
+ LDAPCredentials* credentials = new LDAPCredentials;
+ credentials->username = "";
+ credentials->password = "";
+ credentials->realm = realmname;
+ LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials);
+
+ // Upload the contents of KERBEROS_PKI_PEM_FILE to the LDAP server
+ TQString errorstring;
+ if (uploadKerberosCAFileToLDAP(ldap_mgr, &errorstring) != 0) {
+ printf("[ERROR] Unable to upload new certificate to LDAP server!\n\r%s\n\r", errorstring.ascii()); fflush(stdout);
+ }
+
+ delete ldap_mgr;
+ }
+ }
+ else {
+ printf("[WARNING] Certificate file %s not found!\n\r", TQString(KERBEROS_PKI_PEM_FILE).ascii()); fflush(stdout);
+ }
+
+ // Kerberos
+ if (TQFile::exists(kdc_certfile)) {
+ certExpiry = LDAPManager::getCertificateExpiration(kdc_certfile);
+ if (certExpiry >= now) {
+ printf("Certificate %s expires %s\n\r", kdc_certfile.ascii(), certExpiry.toString().ascii()); fflush(stdout);
+ }
+ if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) {
+ printf("Regenerating certificate %s...\n\r", kdc_certfile.ascii()); fflush(stdout);
+ LDAPManager::generatePublicKerberosCertificate(m_certconfig, m_realmconfig[m_defaultRealm]);
+ }
+ }
+ else {
+ printf("[WARNING] Certificate file %s not found!\n\r", kdc_certfile.ascii()); fflush(stdout);
+ }
+
+ // LDAP
+ if (TQFile::exists(ldap_certfile)) {
+ certExpiry = LDAPManager::getCertificateExpiration(ldap_certfile);
+ if (certExpiry >= now) {
+ printf("Certificate %s expires %s\n\r", ldap_certfile.ascii(), certExpiry.toString().ascii()); fflush(stdout);
+ }
+ if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) {
+ printf("Regenerating certificate %s...\n\r", ldap_certfile.ascii()); fflush(stdout);
+ uid_t slapd_uid = 0;
+ gid_t slapd_gid = 0;
+
+ // Get LDAP user uid/gid
+ struct passwd *pwd;
+ pwd = getpwnam(m_ldapUserName);
+ slapd_uid = pwd->pw_uid;
+ slapd_gid = pwd->pw_gid;
+
+ LDAPManager::generatePublicLDAPCertificate(m_certconfig, m_realmconfig[m_defaultRealm], slapd_uid, slapd_gid);
+ }
+ }
+ else {
+ printf("[WARNING] Certificate file %s not found!\n\r", ldap_certfile.ascii()); fflush(stdout);
+ }
+
+ delete m_systemconfig;
+
+ //======================================================================================================================================================
+
+ return 0;
+}
diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif
index 945ccce..e45e186 100644
--- a/confskel/openldap/ldif/olcDatabase.ldif
+++ b/confskel/openldap/ldif/olcDatabase.ldif
@@ -4,7 +4,7 @@ objectClass: olcHdbConfig
olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: @@@REALM_DCNAME@@@
-olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags
+olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,privateRootCertificateKey
by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@"
by sockurl.regex="^ldapi:///$" write
diff --git a/confskel/openldap/ldif/tde-core.ldif b/confskel/openldap/ldif/tde-core.ldif
index f87b6b2..ca68eb2 100644
--- a/confskel/openldap/ldif/tde-core.ldif
+++ b/confskel/openldap/ldif/tde-core.ldif
@@ -17,13 +17,15 @@ olcAttributeTypes: {11} ( 1.3.6.1.4.1.99999.1.1.12 NAME 'lastLogon' DESC 'Timest
olcAttributeTypes: {12} ( 1.3.6.1.4.1.99999.1.1.13 NAME 'lastLogoff' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# Used for storing sharable certificates and keys
olcAttributeTypes: {13} ( 1.3.6.1.4.1.99999.1.1.14 NAME 'publicRootCertificate' DESC 'Certificate authority root certificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )
+# Used for storing private certificates and keys
+olcAttributeTypes: {14} ( 1.3.6.1.4.1.99999.1.1.15 NAME 'privateRootCertificateKey' DESC 'Certificate authority root private key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )
# Used for storing builtin user/group names
-olcAttributeTypes: {14} ( 1.3.6.1.4.1.99999.1.1.15 NAME 'builtinRealmAdminAccount' DESC 'Built-in realm administrative account distinguished name' SUP name )
-olcAttributeTypes: {15} ( 1.3.6.1.4.1.99999.1.1.16 NAME 'builtinRealmAdminGroup' DESC 'Built-in realm administrative group distinguished name' SUP name )
-olcAttributeTypes: {16} ( 1.3.6.1.4.1.99999.1.1.17 NAME 'builtinMachineAdminGroup' DESC 'Built-in local machine administrative group distinguished name' SUP name )
-olcAttributeTypes: {17} ( 1.3.6.1.4.1.99999.1.1.18 NAME 'builtinStandardUserGroup' DESC 'Built-in standard user group distinguished name' SUP name )
+olcAttributeTypes: {15} ( 1.3.6.1.4.1.99999.1.1.16 NAME 'builtinRealmAdminAccount' DESC 'Built-in realm administrative account distinguished name' SUP name )
+olcAttributeTypes: {16} ( 1.3.6.1.4.1.99999.1.1.17 NAME 'builtinRealmAdminGroup' DESC 'Built-in realm administrative group distinguished name' SUP name )
+olcAttributeTypes: {17} ( 1.3.6.1.4.1.99999.1.1.18 NAME 'builtinMachineAdminGroup' DESC 'Built-in local machine administrative group distinguished name' SUP name )
+olcAttributeTypes: {18} ( 1.3.6.1.4.1.99999.1.1.19 NAME 'builtinStandardUserGroup' DESC 'Built-in standard user group distinguished name' SUP name )
olcObjectClasses: {0} ( 1.3.6.1.4.1.99999.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website
URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes $ pwdLastSet $ badPwdCount $ badPasswordTime $ lastLogon $ lastLogoff ) )
olcObjectClasses: {1} ( 1.3.6.1.4.1.99999.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY tdeBuiltinAccount )
-olcObjectClasses: {2} ( 1.3.6.1.4.1.99999.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate ) )
+olcObjectClasses: {2} ( 1.3.6.1.4.1.99999.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey ) )
olcObjectClasses: {3} ( 1.3.6.1.4.1.99999.1.2.4 NAME 'tdeBuiltinStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ builtinRealmAdminAccount $ builtinRealmAdminGroup $ builtinMachineAdminGroup $ builtinStandardUserGroup ) ) \ No newline at end of file
diff --git a/confskel/openldap/skel.ldif b/confskel/openldap/skel.ldif
index 7d3f2fa..a5ace18 100644
--- a/confskel/openldap/skel.ldif
+++ b/confskel/openldap/skel.ldif
@@ -205,7 +205,7 @@ emsdescription: Group
emsplugins: PosixGroup
emsplugins: KerberosGroup
emstype: GroupEntry
-gidNumber: 901
+gidNumber: 902
objectClass: groupOfNames
objectClass: emsGroup
objectClass: posixGroup
diff --git a/debian/control b/debian/control
index f597450..8805fae 100644
--- a/debian/control
+++ b/debian/control
@@ -7,6 +7,6 @@ Standards-Version: 3.8.4
Package: kcontrol-ldap-controller-trinity
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, heimdal-kdc, slapd, libsasl2-modules-gssapi-heimdal, sasl2-bin
+Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, heimdal-kdc, slapd, libsasl2-modules-gssapi-heimdal, sasl2-bin, openssl
Description: LDAP realm controller module for the TDE control center
LDAP Controller is a TDE control center module to configure an LDAP Realm Controller
diff --git a/src/Makefile.am b/src/Makefile.am
index da959c7..518370c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,13 +1,13 @@
INCLUDES = $(all_includes) $(KDE_INCLUDES)/tde
METASOURCES = AUTO
+SUBDIRS = primaryrealmwizard
# Install this plugin in the KDE modules directory
kde_module_LTLIBRARIES = kcm_ldapcontroller.la
-kcm_ldapcontroller_la_SOURCES = ldapcontroller.cpp ldapcontrollerconfigbase.ui realmwizard.cpp realmintropagedlg.ui certconfigpagedlg.ui certconfigpage.cpp realmintropage.cpp realmconfigpagedlg.ui realmconfigpage.cpp realmfinishpagedlg.ui realmfinishpage.cpp processingdialog.cpp sha1.cc
-kcm_ldapcontroller_la_LIBADD = -lkio $(LIB_TDEUI) -ltdeldap
-kcm_ldapcontroller_la_LDFLAGS = -avoid-version -module -no-undefined \
- $(all_libraries)
+kcm_ldapcontroller_la_SOURCES = ldapcontroller.cpp ldapcontrollerconfigbase.ui processingdialog.cpp sha1.cc
+kcm_ldapcontroller_la_LIBADD = primaryrealmwizard/libprimaryrealmwizard.la -lkio $(LIB_TDEUI) -ltdeldap
+kcm_ldapcontroller_la_LDFLAGS = -avoid-version -module -no-undefined $(all_libraries)
xdg_apps_DATA = ldapcontroller.desktop
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 4f7ff1b..ff716aa 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -51,9 +51,11 @@
#include "sha1.h"
#include "ldapcontroller.h"
-#include "realmwizard.h"
+#include "primaryrealmwizard/realmwizard.h"
#include "processingdialog.h"
+#include "ldapcontrollerconfigbase.h"
+
// FIXME
// Connect this to CMake/Automake
#define KDE_CONFDIR "/etc/trinity"
@@ -76,6 +78,9 @@
#define KEY_STRENGTH 2048
+// RAJA FIXME
+// Certificate manager/updater (CLI, callable from crontab) still needs to be written...
+
typedef KGenericFactory<LDAPController, TQWidget> ldapFactory;
K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller"))
@@ -345,7 +350,7 @@ void LDAPController::load() {
void LDAPController::updateCertDisplay() {
TQDateTime certExpiry;
TQDateTime now = TQDateTime::currentDateTime();
- TQDateTime soon = now.addDays(7);
+ TQDateTime soon = now.addDays(7); // Keep in sync with cert-updater/main.cpp
TQString kdc_certfile = KERBEROS_PKI_KDC_FILE;
kdc_certfile.replace("@@@KDCSERVER@@@", m_realmconfig[m_defaultRealm].kdc);
@@ -397,7 +402,7 @@ void LDAPController::updateCertDisplay() {
}
// LDAP
- if (TQFile::exists(kdc_certfile)) {
+ if (TQFile::exists(ldap_certfile)) {
certExpiry = LDAPManager::getCertificateExpiration(ldap_certfile);
if (certExpiry >= now) {
m_base->ldapExpiryString->setText("Expires " + certExpiry.toString());
@@ -435,6 +440,8 @@ void LDAPController::btncaRegenerate() {
KMessageBox::error(0, i18n("<qt>Unable to upload new certificate to LDAP server!<p>%1</qt>").arg(errorstring), i18n("Internal Failure"));
}
+ delete ldap_mgr;
+
load();
}
@@ -1173,6 +1180,19 @@ int LDAPController::uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString*
return -1;
}
+int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr) {
+ // Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server
+ TQFile cafile(KERBEROS_PKI_PEMKEY_FILE);
+ if (cafile.open(IO_ReadOnly)) {
+ TQByteArray cafiledata = cafile.readAll();
+ if (ldap_mgr->writeCertificateFileIntoDirectory(cafiledata, "privateRootCertificateKey", errstr) != 0) {
+ return -1;
+ }
+ return 0;
+ }
+ return -1;
+}
+
// #define STRICT_SETUP 1
int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) {
@@ -1201,7 +1221,6 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
KTempDir configTempDir;
configTempDir.setAutoDelete(true);
-configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
TQString destDir = "/etc/";
pdialog.setStatusMessage(i18n("Stopping servers..."));
@@ -1486,6 +1505,15 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
return -1;
}
+ // Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server
+ if (uploadKerberosCAKeyFileToLDAP(ldap_mgr, &errorstring) != 0) {
+ delete ldap_mgr;
+ delete credentials;
+ if (errstr) *errstr = errorstring;
+ pdialog.closeDialog();
+ return -1;
+ }
+
// Set @@@ADMINUSER@@@ password in kadmin
LDAPCredentials adminuser;
adminuser.username = adminUserName;
diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h
index da41004..9f5e504 100644
--- a/src/ldapcontroller.h
+++ b/src/ldapcontroller.h
@@ -34,7 +34,7 @@
#include <libtdeldap.h>
-#include "ldapcontrollerconfigbase.h"
+class LDAPControllerConfigBase;
enum sc_command {
SC_START,
@@ -92,6 +92,7 @@ class LDAPController: public KCModule
int setKerberosPasswordForUser(LDAPCredentials user, TQString *errstr);
int createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmConfig realmconfig, uid_t ldap_uid, gid_t ldap_gid);
int uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr=0);
+ int uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr=0);
private:
KAboutData *myAboutData;
diff --git a/src/primaryrealmwizard/Makefile.am b/src/primaryrealmwizard/Makefile.am
new file mode 100644
index 0000000..fd2c48a
--- /dev/null
+++ b/src/primaryrealmwizard/Makefile.am
@@ -0,0 +1,5 @@
+INCLUDES = $(all_includes) $(KDE_INCLUDES)/tde -I$(top_srcdir)/src
+METASOURCES = AUTO
+
+noinst_LTLIBRARIES = libprimaryrealmwizard.la
+libprimaryrealmwizard_la_SOURCES = realmwizard.cpp realmintropagedlg.ui certconfigpagedlg.ui certconfigpage.cpp realmintropage.cpp realmconfigpagedlg.ui realmconfigpage.cpp realmfinishpagedlg.ui realmfinishpage.cpp \ No newline at end of file
diff --git a/src/certconfigpage.cpp b/src/primaryrealmwizard/certconfigpage.cpp
index 2a5b6e6..2a5b6e6 100644
--- a/src/certconfigpage.cpp
+++ b/src/primaryrealmwizard/certconfigpage.cpp
diff --git a/src/certconfigpage.h b/src/primaryrealmwizard/certconfigpage.h
index 57259fc..57259fc 100644
--- a/src/certconfigpage.h
+++ b/src/primaryrealmwizard/certconfigpage.h
diff --git a/src/certconfigpagedlg.ui b/src/primaryrealmwizard/certconfigpagedlg.ui
index 0fad03d..0fad03d 100644
--- a/src/certconfigpagedlg.ui
+++ b/src/primaryrealmwizard/certconfigpagedlg.ui
diff --git a/src/realmconfigpage.cpp b/src/primaryrealmwizard/realmconfigpage.cpp
index 03df77d..03df77d 100644
--- a/src/realmconfigpage.cpp
+++ b/src/primaryrealmwizard/realmconfigpage.cpp
diff --git a/src/realmconfigpage.h b/src/primaryrealmwizard/realmconfigpage.h
index 99ff81f..99ff81f 100644
--- a/src/realmconfigpage.h
+++ b/src/primaryrealmwizard/realmconfigpage.h
diff --git a/src/realmconfigpagedlg.ui b/src/primaryrealmwizard/realmconfigpagedlg.ui
index 1661407..1661407 100644
--- a/src/realmconfigpagedlg.ui
+++ b/src/primaryrealmwizard/realmconfigpagedlg.ui
diff --git a/src/realmfinishpage.cpp b/src/primaryrealmwizard/realmfinishpage.cpp
index ec5b8de..ec5b8de 100644
--- a/src/realmfinishpage.cpp
+++ b/src/primaryrealmwizard/realmfinishpage.cpp
diff --git a/src/realmfinishpage.h b/src/primaryrealmwizard/realmfinishpage.h
index 969d13b..969d13b 100644
--- a/src/realmfinishpage.h
+++ b/src/primaryrealmwizard/realmfinishpage.h
diff --git a/src/realmfinishpagedlg.ui b/src/primaryrealmwizard/realmfinishpagedlg.ui
index 514bbc7..514bbc7 100644
--- a/src/realmfinishpagedlg.ui
+++ b/src/primaryrealmwizard/realmfinishpagedlg.ui
diff --git a/src/realmintropage.cpp b/src/primaryrealmwizard/realmintropage.cpp
index a1f2450..a1f2450 100644
--- a/src/realmintropage.cpp
+++ b/src/primaryrealmwizard/realmintropage.cpp
diff --git a/src/realmintropage.h b/src/primaryrealmwizard/realmintropage.h
index 1c5a9e0..1c5a9e0 100644
--- a/src/realmintropage.h
+++ b/src/primaryrealmwizard/realmintropage.h
diff --git a/src/realmintropagedlg.ui b/src/primaryrealmwizard/realmintropagedlg.ui
index fabd670..fabd670 100644
--- a/src/realmintropagedlg.ui
+++ b/src/primaryrealmwizard/realmintropagedlg.ui
diff --git a/src/realmwizard.cpp b/src/primaryrealmwizard/realmwizard.cpp
index f2a7760..2b10dc5 100644
--- a/src/realmwizard.cpp
+++ b/src/primaryrealmwizard/realmwizard.cpp
@@ -152,6 +152,9 @@ void RealmWizard::next() {
}
else if (currentPage()==certpage) {
// Save certificate information
+ // RAJA FIXME
+ // If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate!
+ // If this is not done, the automatic certificate updater will fail!!!
m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn();
m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url();
m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url();
diff --git a/src/realmwizard.h b/src/primaryrealmwizard/realmwizard.h
index 34de72b..34de72b 100644
--- a/src/realmwizard.h
+++ b/src/primaryrealmwizard/realmwizard.h
diff --git a/subdirs b/subdirs
index d0a280b..b99941e 100644
--- a/subdirs
+++ b/subdirs
@@ -1,4 +1,5 @@
acl-updater
+cert-updater
confskel
doc
po