summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/ldapcontroller.cpp12
-rw-r--r--src/primaryrealmwizard/realmwizard.cpp64
2 files changed, 62 insertions, 14 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index ff716aa..2e93f11 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -78,9 +78,6 @@
#define KEY_STRENGTH 2048
-// RAJA FIXME
-// Certificate manager/updater (CLI, callable from crontab) still needs to be written...
-
typedef KGenericFactory<LDAPController, TQWidget> ldapFactory;
K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller"))
@@ -224,6 +221,7 @@ void LDAPController::systemRoleChanged() {
pdialog.setStatusMessage(i18n("Purging local configuration..."));
tqApp->processEvents();
+ system(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE));
system(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR));
// Write the TDE realm configuration file
@@ -751,6 +749,7 @@ int LDAPController::controlKAdminDaemon(sc_command command) {
// This assumes Debian!
return system("/etc/init.d/openbsd-inetd restart");
}
+ return -2;
}
int LDAPController::controlSASLServer(sc_command command) {
@@ -769,6 +768,7 @@ int LDAPController::controlSASLServer(sc_command command) {
// This assumes Debian!
return system("/etc/init.d/saslauthd restart");
}
+ return -2;
}
int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t groupid) {
@@ -803,6 +803,7 @@ int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t
chmod(LDAP_KEYTAB_FILE, S_IRUSR|S_IWUSR|S_IRGRP);
}
}
+ return -2;
}
int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t groupid) {
@@ -1548,6 +1549,8 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
return -1;
}
+ LDAPManager::writePrimaryRealmCertificateUpdateCronFile();
+
delete ldap_mgr;
delete credentials;
@@ -1583,8 +1586,9 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
// Write the NSS update crontab file and update NSS database
LDAPManager::writeCronFiles();
- // RAJA FIXME
pdialog.closeDialog();
+
+ return 0;
}
int LDAPController::buttons() {
diff --git a/src/primaryrealmwizard/realmwizard.cpp b/src/primaryrealmwizard/realmwizard.cpp
index 2b10dc5..68c19c3 100644
--- a/src/primaryrealmwizard/realmwizard.cpp
+++ b/src/primaryrealmwizard/realmwizard.cpp
@@ -46,6 +46,7 @@
#include <ktextedit.h>
#include <kpassdlg.h>
#include <kurlrequester.h>
+#include <ksslcertificate.h>
#include <stdlib.h>
@@ -152,9 +153,6 @@ void RealmWizard::next() {
}
else if (currentPage()==certpage) {
// Save certificate information
- // RAJA FIXME
- // If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate!
- // If this is not done, the automatic certificate updater will fail!!!
m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn();
m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url();
m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url();
@@ -162,13 +160,59 @@ void RealmWizard::next() {
m_certconfig.provided_kerberos_key = certpage->kerberosKEY->url();
m_certconfig.provided_ldap_crt = certpage->ldapCRT->url();
m_certconfig.provided_ldap_key = certpage->ldapKEY->url();
- m_certconfig.organizationName = certpage->organizationName->text();
- m_certconfig.orgUnitName = certpage->orgUnitName->text();
- m_certconfig.commonName = certpage->commonName->text();
- m_certconfig.localityName = certpage->localityName->text();
- m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text();
- m_certconfig.countryName = certpage->countryName->text();
- m_certconfig.emailAddress = certpage->emailAddress->text();
+ if (m_certconfig.generate_certs) {
+ m_certconfig.organizationName = certpage->organizationName->text();
+ m_certconfig.orgUnitName = certpage->orgUnitName->text();
+ m_certconfig.commonName = certpage->commonName->text();
+ m_certconfig.localityName = certpage->localityName->text();
+ m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text();
+ m_certconfig.countryName = certpage->countryName->text();
+ m_certconfig.emailAddress = certpage->emailAddress->text();
+ }
+ else {
+ // If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate
+ // If this is not done, the automatic certificate updater will fail!
+ TQFile file(m_certconfig.provided_kerberos_pem);
+ if (file.open(IO_ReadOnly)) {
+ TQByteArray ba = file.readAll();
+ file.close();
+
+ TQCString ssldata(ba);
+ ssldata.replace("-----BEGIN CERTIFICATE-----", "");
+ ssldata.replace("-----END CERTIFICATE-----", "");
+ ssldata.replace("\n", "");
+ KSSLCertificate* cert = KSSLCertificate::fromString(ssldata);
+ if (cert) {
+ TQString subj = cert->getSubject();
+ TQStringList subjList = TQStringList::split("/", subj, false);
+ for (TQStringList::Iterator it = subjList.begin(); it != subjList.end(); ++it) {
+ TQStringList kvPair = TQStringList::split("=", *it, false);
+ if (kvPair[0] == "O") {
+ m_certconfig.organizationName = kvPair[1];
+ }
+ else if (kvPair[0] == "OU") {
+ m_certconfig.orgUnitName = kvPair[1];
+ }
+ else if (kvPair[0] == "CN") {
+ m_certconfig.commonName = kvPair[1];
+ }
+ else if (kvPair[0] == "L") {
+ m_certconfig.localityName = kvPair[1];
+ }
+ else if (kvPair[0] == "ST") {
+ m_certconfig.stateOrProvinceName = kvPair[1];
+ }
+ else if (kvPair[0] == "C") {
+ m_certconfig.countryName = kvPair[1];
+ }
+ else if (kvPair[0] == "emailAddress") {
+ m_certconfig.emailAddress = kvPair[1];
+ }
+ }
+ delete cert;
+ }
+ }
+ }
TQWizard::next();
finishpage->validateEntries();