diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-11 14:09:06 -0500 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-11 14:09:06 -0500 |
commit | ec23f4b717dc7e47e9000d2d135ac4914cc2180b (patch) | |
tree | 11f0f93fba577d68433fa8a5d0d177997eab0ac2 | |
parent | 02cfa8d8afb2c84b0683e4071f4482a54d2e459e (diff) | |
download | kcmldapcontroller-ec23f4b717dc7e47e9000d2d135ac4914cc2180b.tar.gz kcmldapcontroller-ec23f4b717dc7e47e9000d2d135ac4914cc2180b.zip |
Move primary realm wizard sources to separate directory
Add cert-updater
-rw-r--r-- | cert-updater/Makefile.am | 10 | ||||
-rw-r--r-- | cert-updater/main.cpp | 184 | ||||
-rw-r--r-- | confskel/openldap/ldif/olcDatabase.ldif | 2 | ||||
-rw-r--r-- | confskel/openldap/ldif/tde-core.ldif | 12 | ||||
-rw-r--r-- | confskel/openldap/skel.ldif | 2 | ||||
-rw-r--r-- | debian/control | 2 | ||||
-rw-r--r-- | src/Makefile.am | 8 | ||||
-rw-r--r-- | src/ldapcontroller.cpp | 36 | ||||
-rw-r--r-- | src/ldapcontroller.h | 3 | ||||
-rw-r--r-- | src/primaryrealmwizard/Makefile.am | 5 | ||||
-rw-r--r-- | src/primaryrealmwizard/certconfigpage.cpp (renamed from src/certconfigpage.cpp) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/certconfigpage.h (renamed from src/certconfigpage.h) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/certconfigpagedlg.ui (renamed from src/certconfigpagedlg.ui) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmconfigpage.cpp (renamed from src/realmconfigpage.cpp) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmconfigpage.h (renamed from src/realmconfigpage.h) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmconfigpagedlg.ui (renamed from src/realmconfigpagedlg.ui) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmfinishpage.cpp (renamed from src/realmfinishpage.cpp) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmfinishpage.h (renamed from src/realmfinishpage.h) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmfinishpagedlg.ui (renamed from src/realmfinishpagedlg.ui) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmintropage.cpp (renamed from src/realmintropage.cpp) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmintropage.h (renamed from src/realmintropage.h) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmintropagedlg.ui (renamed from src/realmintropagedlg.ui) | 0 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmwizard.cpp (renamed from src/realmwizard.cpp) | 3 | ||||
-rw-r--r-- | src/primaryrealmwizard/realmwizard.h (renamed from src/realmwizard.h) | 0 | ||||
-rw-r--r-- | subdirs | 1 |
25 files changed, 251 insertions, 17 deletions
diff --git a/cert-updater/Makefile.am b/cert-updater/Makefile.am new file mode 100644 index 0000000..f1e8bae --- /dev/null +++ b/cert-updater/Makefile.am @@ -0,0 +1,10 @@ +INCLUDES= $(all_includes) $(KDE_INCLUDES)/tde + +bin_PROGRAMS = primaryrccertupdater + +primaryrccertupdater_SOURCES = main.cpp + +primaryrccertupdater_METASOURCES = AUTO +primaryrccertupdater_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -ltdeldap + +KDE_OPTIONS = nofinal
\ No newline at end of file diff --git a/cert-updater/main.cpp b/cert-updater/main.cpp new file mode 100644 index 0000000..4c4f018 --- /dev/null +++ b/cert-updater/main.cpp @@ -0,0 +1,184 @@ +/*************************************************************************** + * Copyright (C) 2012 by Timothy Pearson * + * kb9vqf@pearsoncomputing.net * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * + ***************************************************************************/ + +#include <sys/types.h> +#include <sys/socket.h> +#include <netdb.h> +#include <pwd.h> + +#include <kapplication.h> +#include <kstartupinfo.h> +#include <kcmdlineargs.h> +#include <kaboutdata.h> + +#include <ksimpleconfig.h> + +#include <tqdatetime.h> +#include <tqfile.h> + +#include <libtdeldap.h> + +// FIXME +// Connect this to CMake/Automake +#define KDE_CONFDIR "/etc/trinity" + +static const char description[] = + I18N_NOOP("TDE utility for updating realm certificates"); + +static const char version[] = "v0.0.1"; + +int uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr) { + // Upload the contents of KERBEROS_PKI_PEM_FILE to the LDAP server + TQFile cafile(KERBEROS_PKI_PEM_FILE); + if (cafile.open(IO_ReadOnly)) { + TQByteArray cafiledata = cafile.readAll(); + if (ldap_mgr->writeCertificateFileIntoDirectory(cafiledata, "publicRootCertificate", errstr) != 0) { + return -1; + } + return 0; + } + return -1; +} + +int main(int argc, char *argv[]) +{ + KAboutData aboutData( "primaryrccertupdater", I18N_NOOP("Real Certificate Updater"), + version, description, KAboutData::License_GPL, + "(c) 2012, Timothy Pearson"); + aboutData.addAuthor("Timothy Pearson",0, "kb9vqf@pearsoncomputing.net"); + KCmdLineArgs::init( argc, argv, &aboutData ); + KApplication::disableAutoDcopRegistration(); + + KApplication app(false, false); + + KStartupInfo::appStarted(); + + //====================================================================================================================================================== + // + // Updater code follows + // + //====================================================================================================================================================== + + // FIXME + // This assumes Debian! + TQString m_ldapUserName = "openldap"; + TQString m_ldapGroupName = "openldap"; + + KSimpleConfig* m_systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" )); + LDAPRealmConfigList m_realmconfig = LDAPManager::readTDERealmList(m_systemconfig, false); + // Load cert config + m_systemconfig->setGroup("Certificates"); + LDAPCertConfig m_certconfig; + m_certconfig.countryName = m_systemconfig->readEntry("countryName"); + m_certconfig.stateOrProvinceName = m_systemconfig->readEntry("stateOrProvinceName"); + m_certconfig.localityName = m_systemconfig->readEntry("localityName"); + m_certconfig.organizationName = m_systemconfig->readEntry("organizationName"); + m_certconfig.orgUnitName = m_systemconfig->readEntry("orgUnitName"); + m_certconfig.commonName = m_systemconfig->readEntry("commonName"); + m_certconfig.emailAddress = m_systemconfig->readEntry("emailAddress"); + // Load other defaults + m_systemconfig->setGroup(NULL); + TQString m_defaultRealm = m_systemconfig->readEntry("DefaultRealm"); + + TQDateTime certExpiry; + TQDateTime now = TQDateTime::currentDateTime(); + TQDateTime soon = now.addDays(7); // Keep in sync with src/ldapcontroller.cpp + + TQString kdc_certfile = KERBEROS_PKI_KDC_FILE; + kdc_certfile.replace("@@@KDCSERVER@@@", m_realmconfig[m_defaultRealm].kdc); + TQString ldap_certfile = LDAP_CERT_FILE; + ldap_certfile.replace("@@@ADMINSERVER@@@", m_realmconfig[m_defaultRealm].admin_server); + + // Certificate Authority + if (TQFile::exists(KERBEROS_PKI_PEM_FILE)) { + certExpiry = LDAPManager::getCertificateExpiration(KERBEROS_PKI_PEM_FILE); + if (certExpiry >= now) { + printf("Certificate %s expires %s\n\r", TQString(KERBEROS_PKI_PEM_FILE).ascii(), certExpiry.toString().ascii()); fflush(stdout); + } + if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) { + printf("Regenerating certificate %s...\n\r", TQString(KERBEROS_PKI_PEM_FILE).ascii()); fflush(stdout); + // RAJA FIXME FIXME FIXME + LDAPManager::generatePublicKerberosCACertificate(m_certconfig); + + TQString realmname = m_defaultRealm.upper(); + LDAPCredentials* credentials = new LDAPCredentials; + credentials->username = ""; + credentials->password = ""; + credentials->realm = realmname; + LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials); + + // Upload the contents of KERBEROS_PKI_PEM_FILE to the LDAP server + TQString errorstring; + if (uploadKerberosCAFileToLDAP(ldap_mgr, &errorstring) != 0) { + printf("[ERROR] Unable to upload new certificate to LDAP server!\n\r%s\n\r", errorstring.ascii()); fflush(stdout); + } + + delete ldap_mgr; + } + } + else { + printf("[WARNING] Certificate file %s not found!\n\r", TQString(KERBEROS_PKI_PEM_FILE).ascii()); fflush(stdout); + } + + // Kerberos + if (TQFile::exists(kdc_certfile)) { + certExpiry = LDAPManager::getCertificateExpiration(kdc_certfile); + if (certExpiry >= now) { + printf("Certificate %s expires %s\n\r", kdc_certfile.ascii(), certExpiry.toString().ascii()); fflush(stdout); + } + if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) { + printf("Regenerating certificate %s...\n\r", kdc_certfile.ascii()); fflush(stdout); + LDAPManager::generatePublicKerberosCertificate(m_certconfig, m_realmconfig[m_defaultRealm]); + } + } + else { + printf("[WARNING] Certificate file %s not found!\n\r", kdc_certfile.ascii()); fflush(stdout); + } + + // LDAP + if (TQFile::exists(ldap_certfile)) { + certExpiry = LDAPManager::getCertificateExpiration(ldap_certfile); + if (certExpiry >= now) { + printf("Certificate %s expires %s\n\r", ldap_certfile.ascii(), certExpiry.toString().ascii()); fflush(stdout); + } + if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) { + printf("Regenerating certificate %s...\n\r", ldap_certfile.ascii()); fflush(stdout); + uid_t slapd_uid = 0; + gid_t slapd_gid = 0; + + // Get LDAP user uid/gid + struct passwd *pwd; + pwd = getpwnam(m_ldapUserName); + slapd_uid = pwd->pw_uid; + slapd_gid = pwd->pw_gid; + + LDAPManager::generatePublicLDAPCertificate(m_certconfig, m_realmconfig[m_defaultRealm], slapd_uid, slapd_gid); + } + } + else { + printf("[WARNING] Certificate file %s not found!\n\r", ldap_certfile.ascii()); fflush(stdout); + } + + delete m_systemconfig; + + //====================================================================================================================================================== + + return 0; +} diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif index 945ccce..e45e186 100644 --- a/confskel/openldap/ldif/olcDatabase.ldif +++ b/confskel/openldap/ldif/olcDatabase.ldif @@ -4,7 +4,7 @@ objectClass: olcHdbConfig olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb olcDbDirectory: /var/lib/ldap olcSuffix: @@@REALM_DCNAME@@@ -olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags +olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,privateRootCertificateKey by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" by sockurl.regex="^ldapi:///$" write diff --git a/confskel/openldap/ldif/tde-core.ldif b/confskel/openldap/ldif/tde-core.ldif index f87b6b2..ca68eb2 100644 --- a/confskel/openldap/ldif/tde-core.ldif +++ b/confskel/openldap/ldif/tde-core.ldif @@ -17,13 +17,15 @@ olcAttributeTypes: {11} ( 1.3.6.1.4.1.99999.1.1.12 NAME 'lastLogon' DESC 'Timest olcAttributeTypes: {12} ( 1.3.6.1.4.1.99999.1.1.13 NAME 'lastLogoff' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # Used for storing sharable certificates and keys olcAttributeTypes: {13} ( 1.3.6.1.4.1.99999.1.1.14 NAME 'publicRootCertificate' DESC 'Certificate authority root certificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) +# Used for storing private certificates and keys +olcAttributeTypes: {14} ( 1.3.6.1.4.1.99999.1.1.15 NAME 'privateRootCertificateKey' DESC 'Certificate authority root private key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) # Used for storing builtin user/group names -olcAttributeTypes: {14} ( 1.3.6.1.4.1.99999.1.1.15 NAME 'builtinRealmAdminAccount' DESC 'Built-in realm administrative account distinguished name' SUP name ) -olcAttributeTypes: {15} ( 1.3.6.1.4.1.99999.1.1.16 NAME 'builtinRealmAdminGroup' DESC 'Built-in realm administrative group distinguished name' SUP name ) -olcAttributeTypes: {16} ( 1.3.6.1.4.1.99999.1.1.17 NAME 'builtinMachineAdminGroup' DESC 'Built-in local machine administrative group distinguished name' SUP name ) -olcAttributeTypes: {17} ( 1.3.6.1.4.1.99999.1.1.18 NAME 'builtinStandardUserGroup' DESC 'Built-in standard user group distinguished name' SUP name ) +olcAttributeTypes: {15} ( 1.3.6.1.4.1.99999.1.1.16 NAME 'builtinRealmAdminAccount' DESC 'Built-in realm administrative account distinguished name' SUP name ) +olcAttributeTypes: {16} ( 1.3.6.1.4.1.99999.1.1.17 NAME 'builtinRealmAdminGroup' DESC 'Built-in realm administrative group distinguished name' SUP name ) +olcAttributeTypes: {17} ( 1.3.6.1.4.1.99999.1.1.18 NAME 'builtinMachineAdminGroup' DESC 'Built-in local machine administrative group distinguished name' SUP name ) +olcAttributeTypes: {18} ( 1.3.6.1.4.1.99999.1.1.19 NAME 'builtinStandardUserGroup' DESC 'Built-in standard user group distinguished name' SUP name ) olcObjectClasses: {0} ( 1.3.6.1.4.1.99999.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes $ pwdLastSet $ badPwdCount $ badPasswordTime $ lastLogon $ lastLogoff ) ) olcObjectClasses: {1} ( 1.3.6.1.4.1.99999.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY tdeBuiltinAccount ) -olcObjectClasses: {2} ( 1.3.6.1.4.1.99999.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate ) ) +olcObjectClasses: {2} ( 1.3.6.1.4.1.99999.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey ) ) olcObjectClasses: {3} ( 1.3.6.1.4.1.99999.1.2.4 NAME 'tdeBuiltinStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ builtinRealmAdminAccount $ builtinRealmAdminGroup $ builtinMachineAdminGroup $ builtinStandardUserGroup ) )
\ No newline at end of file diff --git a/confskel/openldap/skel.ldif b/confskel/openldap/skel.ldif index 7d3f2fa..a5ace18 100644 --- a/confskel/openldap/skel.ldif +++ b/confskel/openldap/skel.ldif @@ -205,7 +205,7 @@ emsdescription: Group emsplugins: PosixGroup emsplugins: KerberosGroup emstype: GroupEntry -gidNumber: 901 +gidNumber: 902 objectClass: groupOfNames objectClass: emsGroup objectClass: posixGroup diff --git a/debian/control b/debian/control index f597450..8805fae 100644 --- a/debian/control +++ b/debian/control @@ -7,6 +7,6 @@ Standards-Version: 3.8.4 Package: kcontrol-ldap-controller-trinity Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, heimdal-kdc, slapd, libsasl2-modules-gssapi-heimdal, sasl2-bin +Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, heimdal-kdc, slapd, libsasl2-modules-gssapi-heimdal, sasl2-bin, openssl Description: LDAP realm controller module for the TDE control center LDAP Controller is a TDE control center module to configure an LDAP Realm Controller diff --git a/src/Makefile.am b/src/Makefile.am index da959c7..518370c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,13 +1,13 @@ INCLUDES = $(all_includes) $(KDE_INCLUDES)/tde METASOURCES = AUTO +SUBDIRS = primaryrealmwizard # Install this plugin in the KDE modules directory kde_module_LTLIBRARIES = kcm_ldapcontroller.la -kcm_ldapcontroller_la_SOURCES = ldapcontroller.cpp ldapcontrollerconfigbase.ui realmwizard.cpp realmintropagedlg.ui certconfigpagedlg.ui certconfigpage.cpp realmintropage.cpp realmconfigpagedlg.ui realmconfigpage.cpp realmfinishpagedlg.ui realmfinishpage.cpp processingdialog.cpp sha1.cc -kcm_ldapcontroller_la_LIBADD = -lkio $(LIB_TDEUI) -ltdeldap -kcm_ldapcontroller_la_LDFLAGS = -avoid-version -module -no-undefined \ - $(all_libraries) +kcm_ldapcontroller_la_SOURCES = ldapcontroller.cpp ldapcontrollerconfigbase.ui processingdialog.cpp sha1.cc +kcm_ldapcontroller_la_LIBADD = primaryrealmwizard/libprimaryrealmwizard.la -lkio $(LIB_TDEUI) -ltdeldap +kcm_ldapcontroller_la_LDFLAGS = -avoid-version -module -no-undefined $(all_libraries) xdg_apps_DATA = ldapcontroller.desktop diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index 4f7ff1b..ff716aa 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -51,9 +51,11 @@ #include "sha1.h" #include "ldapcontroller.h" -#include "realmwizard.h" +#include "primaryrealmwizard/realmwizard.h" #include "processingdialog.h" +#include "ldapcontrollerconfigbase.h" + // FIXME // Connect this to CMake/Automake #define KDE_CONFDIR "/etc/trinity" @@ -76,6 +78,9 @@ #define KEY_STRENGTH 2048 +// RAJA FIXME +// Certificate manager/updater (CLI, callable from crontab) still needs to be written... + typedef KGenericFactory<LDAPController, TQWidget> ldapFactory; K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller")) @@ -345,7 +350,7 @@ void LDAPController::load() { void LDAPController::updateCertDisplay() { TQDateTime certExpiry; TQDateTime now = TQDateTime::currentDateTime(); - TQDateTime soon = now.addDays(7); + TQDateTime soon = now.addDays(7); // Keep in sync with cert-updater/main.cpp TQString kdc_certfile = KERBEROS_PKI_KDC_FILE; kdc_certfile.replace("@@@KDCSERVER@@@", m_realmconfig[m_defaultRealm].kdc); @@ -397,7 +402,7 @@ void LDAPController::updateCertDisplay() { } // LDAP - if (TQFile::exists(kdc_certfile)) { + if (TQFile::exists(ldap_certfile)) { certExpiry = LDAPManager::getCertificateExpiration(ldap_certfile); if (certExpiry >= now) { m_base->ldapExpiryString->setText("Expires " + certExpiry.toString()); @@ -435,6 +440,8 @@ void LDAPController::btncaRegenerate() { KMessageBox::error(0, i18n("<qt>Unable to upload new certificate to LDAP server!<p>%1</qt>").arg(errorstring), i18n("Internal Failure")); } + delete ldap_mgr; + load(); } @@ -1173,6 +1180,19 @@ int LDAPController::uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString* return -1; } +int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr) { + // Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server + TQFile cafile(KERBEROS_PKI_PEMKEY_FILE); + if (cafile.open(IO_ReadOnly)) { + TQByteArray cafiledata = cafile.readAll(); + if (ldap_mgr->writeCertificateFileIntoDirectory(cafiledata, "privateRootCertificateKey", errstr) != 0) { + return -1; + } + return 0; + } + return -1; +} + // #define STRICT_SETUP 1 int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) { @@ -1201,7 +1221,6 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r KTempDir configTempDir; configTempDir.setAutoDelete(true); -configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME TQString destDir = "/etc/"; pdialog.setStatusMessage(i18n("Stopping servers...")); @@ -1486,6 +1505,15 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME return -1; } + // Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server + if (uploadKerberosCAKeyFileToLDAP(ldap_mgr, &errorstring) != 0) { + delete ldap_mgr; + delete credentials; + if (errstr) *errstr = errorstring; + pdialog.closeDialog(); + return -1; + } + // Set @@@ADMINUSER@@@ password in kadmin LDAPCredentials adminuser; adminuser.username = adminUserName; diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h index da41004..9f5e504 100644 --- a/src/ldapcontroller.h +++ b/src/ldapcontroller.h @@ -34,7 +34,7 @@ #include <libtdeldap.h> -#include "ldapcontrollerconfigbase.h" +class LDAPControllerConfigBase; enum sc_command { SC_START, @@ -92,6 +92,7 @@ class LDAPController: public KCModule int setKerberosPasswordForUser(LDAPCredentials user, TQString *errstr); int createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmConfig realmconfig, uid_t ldap_uid, gid_t ldap_gid); int uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr=0); + int uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr=0); private: KAboutData *myAboutData; diff --git a/src/primaryrealmwizard/Makefile.am b/src/primaryrealmwizard/Makefile.am new file mode 100644 index 0000000..fd2c48a --- /dev/null +++ b/src/primaryrealmwizard/Makefile.am @@ -0,0 +1,5 @@ +INCLUDES = $(all_includes) $(KDE_INCLUDES)/tde -I$(top_srcdir)/src +METASOURCES = AUTO + +noinst_LTLIBRARIES = libprimaryrealmwizard.la +libprimaryrealmwizard_la_SOURCES = realmwizard.cpp realmintropagedlg.ui certconfigpagedlg.ui certconfigpage.cpp realmintropage.cpp realmconfigpagedlg.ui realmconfigpage.cpp realmfinishpagedlg.ui realmfinishpage.cpp
\ No newline at end of file diff --git a/src/certconfigpage.cpp b/src/primaryrealmwizard/certconfigpage.cpp index 2a5b6e6..2a5b6e6 100644 --- a/src/certconfigpage.cpp +++ b/src/primaryrealmwizard/certconfigpage.cpp diff --git a/src/certconfigpage.h b/src/primaryrealmwizard/certconfigpage.h index 57259fc..57259fc 100644 --- a/src/certconfigpage.h +++ b/src/primaryrealmwizard/certconfigpage.h diff --git a/src/certconfigpagedlg.ui b/src/primaryrealmwizard/certconfigpagedlg.ui index 0fad03d..0fad03d 100644 --- a/src/certconfigpagedlg.ui +++ b/src/primaryrealmwizard/certconfigpagedlg.ui diff --git a/src/realmconfigpage.cpp b/src/primaryrealmwizard/realmconfigpage.cpp index 03df77d..03df77d 100644 --- a/src/realmconfigpage.cpp +++ b/src/primaryrealmwizard/realmconfigpage.cpp diff --git a/src/realmconfigpage.h b/src/primaryrealmwizard/realmconfigpage.h index 99ff81f..99ff81f 100644 --- a/src/realmconfigpage.h +++ b/src/primaryrealmwizard/realmconfigpage.h diff --git a/src/realmconfigpagedlg.ui b/src/primaryrealmwizard/realmconfigpagedlg.ui index 1661407..1661407 100644 --- a/src/realmconfigpagedlg.ui +++ b/src/primaryrealmwizard/realmconfigpagedlg.ui diff --git a/src/realmfinishpage.cpp b/src/primaryrealmwizard/realmfinishpage.cpp index ec5b8de..ec5b8de 100644 --- a/src/realmfinishpage.cpp +++ b/src/primaryrealmwizard/realmfinishpage.cpp diff --git a/src/realmfinishpage.h b/src/primaryrealmwizard/realmfinishpage.h index 969d13b..969d13b 100644 --- a/src/realmfinishpage.h +++ b/src/primaryrealmwizard/realmfinishpage.h diff --git a/src/realmfinishpagedlg.ui b/src/primaryrealmwizard/realmfinishpagedlg.ui index 514bbc7..514bbc7 100644 --- a/src/realmfinishpagedlg.ui +++ b/src/primaryrealmwizard/realmfinishpagedlg.ui diff --git a/src/realmintropage.cpp b/src/primaryrealmwizard/realmintropage.cpp index a1f2450..a1f2450 100644 --- a/src/realmintropage.cpp +++ b/src/primaryrealmwizard/realmintropage.cpp diff --git a/src/realmintropage.h b/src/primaryrealmwizard/realmintropage.h index 1c5a9e0..1c5a9e0 100644 --- a/src/realmintropage.h +++ b/src/primaryrealmwizard/realmintropage.h diff --git a/src/realmintropagedlg.ui b/src/primaryrealmwizard/realmintropagedlg.ui index fabd670..fabd670 100644 --- a/src/realmintropagedlg.ui +++ b/src/primaryrealmwizard/realmintropagedlg.ui diff --git a/src/realmwizard.cpp b/src/primaryrealmwizard/realmwizard.cpp index f2a7760..2b10dc5 100644 --- a/src/realmwizard.cpp +++ b/src/primaryrealmwizard/realmwizard.cpp @@ -152,6 +152,9 @@ void RealmWizard::next() { } else if (currentPage()==certpage) { // Save certificate information + // RAJA FIXME + // If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate! + // If this is not done, the automatic certificate updater will fail!!! m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn(); m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url(); m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url(); diff --git a/src/realmwizard.h b/src/primaryrealmwizard/realmwizard.h index 34de72b..34de72b 100644 --- a/src/realmwizard.h +++ b/src/primaryrealmwizard/realmwizard.h @@ -1,4 +1,5 @@ acl-updater +cert-updater confskel doc po |