18 files changed, 46 insertions, 9 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index da959c7..518370c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,13 +1,13 @@
 INCLUDES    = $(all_includes) $(KDE_INCLUDES)/tde
 METASOURCES = AUTO
+SUBDIRS     = primaryrealmwizard
 
 # Install this plugin in the KDE modules directory
 kde_module_LTLIBRARIES = kcm_ldapcontroller.la
 
-kcm_ldapcontroller_la_SOURCES = ldapcontroller.cpp ldapcontrollerconfigbase.ui realmwizard.cpp realmintropagedlg.ui certconfigpagedlg.ui certconfigpage.cpp realmintropage.cpp realmconfigpagedlg.ui realmconfigpage.cpp realmfinishpagedlg.ui realmfinishpage.cpp processingdialog.cpp sha1.cc
-kcm_ldapcontroller_la_LIBADD = -lkio $(LIB_TDEUI) -ltdeldap
-kcm_ldapcontroller_la_LDFLAGS = -avoid-version -module -no-undefined \
-	$(all_libraries)
+kcm_ldapcontroller_la_SOURCES = ldapcontroller.cpp ldapcontrollerconfigbase.ui processingdialog.cpp sha1.cc
+kcm_ldapcontroller_la_LIBADD = primaryrealmwizard/libprimaryrealmwizard.la -lkio $(LIB_TDEUI) -ltdeldap
+kcm_ldapcontroller_la_LDFLAGS = -avoid-version -module -no-undefined $(all_libraries)
 
 
 xdg_apps_DATA = ldapcontroller.desktop
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 4f7ff1b..ff716aa 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -51,9 +51,11 @@
 #include "sha1.h"
 
 #include "ldapcontroller.h"
-#include "realmwizard.h"
+#include "primaryrealmwizard/realmwizard.h"
 #include "processingdialog.h"
 
+#include "ldapcontrollerconfigbase.h"
+
 // FIXME
 // Connect this to CMake/Automake
 #define KDE_CONFDIR "/etc/trinity"
@@ -76,6 +78,9 @@
 
 #define KEY_STRENGTH 2048
 
+// RAJA FIXME
+// Certificate manager/updater (CLI, callable from crontab) still needs to be written...
+
 typedef KGenericFactory<LDAPController, TQWidget> ldapFactory;
 
 K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller"))
@@ -345,7 +350,7 @@ void LDAPController::load() {
 void LDAPController::updateCertDisplay() {
 	TQDateTime certExpiry;
 	TQDateTime now = TQDateTime::currentDateTime();
-	TQDateTime soon = now.addDays(7);
+	TQDateTime soon = now.addDays(7);	// Keep in sync with cert-updater/main.cpp
 
 	TQString kdc_certfile = KERBEROS_PKI_KDC_FILE;
 	kdc_certfile.replace("@@@KDCSERVER@@@", m_realmconfig[m_defaultRealm].kdc);
@@ -397,7 +402,7 @@ void LDAPController::updateCertDisplay() {
 	}
 
 	// LDAP
-	if (TQFile::exists(kdc_certfile)) {
+	if (TQFile::exists(ldap_certfile)) {
 		certExpiry = LDAPManager::getCertificateExpiration(ldap_certfile);
 		if (certExpiry >= now) {
 			m_base->ldapExpiryString->setText("Expires " + certExpiry.toString());
@@ -435,6 +440,8 @@ void LDAPController::btncaRegenerate() {
 		KMessageBox::error(0, i18n("<qt>Unable to upload new certificate to LDAP server!<p>%1</qt>").arg(errorstring), i18n("Internal Failure"));
 	}
 
+	delete ldap_mgr;
+
 	load();
 }
 
@@ -1173,6 +1180,19 @@ int LDAPController::uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString*
 	return -1;
 }
 
+int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr) {
+	// Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server
+	TQFile cafile(KERBEROS_PKI_PEMKEY_FILE);
+	if (cafile.open(IO_ReadOnly)) {
+		TQByteArray cafiledata = cafile.readAll();
+		if (ldap_mgr->writeCertificateFileIntoDirectory(cafiledata, "privateRootCertificateKey", errstr) != 0) {
+			return -1;
+		}
+		return 0;
+	}
+	return -1;
+}
+
 // #define STRICT_SETUP 1
 
 int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) {
@@ -1201,7 +1221,6 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 
 	KTempDir configTempDir;
 	configTempDir.setAutoDelete(true);
-configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 	TQString destDir = "/etc/";
 
 	pdialog.setStatusMessage(i18n("Stopping servers..."));
@@ -1486,6 +1505,15 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 		return -1;
 	}
 
+	// Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server
+	if (uploadKerberosCAKeyFileToLDAP(ldap_mgr, &errorstring) != 0) {
+		delete ldap_mgr;
+		delete credentials;
+		if (errstr) *errstr = errorstring;
+		pdialog.closeDialog();
+		return -1;
+	}
+
 	// Set @@@ADMINUSER@@@ password in kadmin
 	LDAPCredentials adminuser;
 	adminuser.username = adminUserName;
diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h
index da41004..9f5e504 100644
--- a/src/ldapcontroller.h
+++ b/src/ldapcontroller.h
@@ -34,7 +34,7 @@
 
 #include <libtdeldap.h>
 
-#include "ldapcontrollerconfigbase.h"
+class LDAPControllerConfigBase;
 
 enum sc_command {
 	SC_START,
@@ -92,6 +92,7 @@ class LDAPController: public KCModule
 		int setKerberosPasswordForUser(LDAPCredentials user, TQString *errstr);
 		int createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmConfig realmconfig, uid_t ldap_uid, gid_t ldap_gid);
 		int uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr=0);
+		int uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr=0);
 
 	private:
 		KAboutData *myAboutData;
diff --git a/src/primaryrealmwizard/Makefile.am b/src/primaryrealmwizard/Makefile.am
new file mode 100644
index 0000000..fd2c48a
--- /dev/null
+++ b/src/primaryrealmwizard/Makefile.am
@@ -0,0 +1,5 @@
+INCLUDES    = $(all_includes) $(KDE_INCLUDES)/tde -I$(top_srcdir)/src
+METASOURCES = AUTO
+
+noinst_LTLIBRARIES = libprimaryrealmwizard.la
+libprimaryrealmwizard_la_SOURCES = realmwizard.cpp realmintropagedlg.ui certconfigpagedlg.ui certconfigpage.cpp realmintropage.cpp realmconfigpagedlg.ui realmconfigpage.cpp realmfinishpagedlg.ui realmfinishpage.cpp
\ No newline at end of file
diff --git a/src/certconfigpage.cpp b/src/primaryrealmwizard/certconfigpage.cpp
index 2a5b6e6..2a5b6e6 100644
--- a/src/certconfigpage.cpp
+++ b/src/primaryrealmwizard/certconfigpage.cpp
diff --git a/src/certconfigpage.h b/src/primaryrealmwizard/certconfigpage.h
index 57259fc..57259fc 100644
--- a/src/certconfigpage.h
+++ b/src/primaryrealmwizard/certconfigpage.h
diff --git a/src/certconfigpagedlg.ui b/src/primaryrealmwizard/certconfigpagedlg.ui
index 0fad03d..0fad03d 100644
--- a/src/certconfigpagedlg.ui
+++ b/src/primaryrealmwizard/certconfigpagedlg.ui
diff --git a/src/realmconfigpage.cpp b/src/primaryrealmwizard/realmconfigpage.cpp
index 03df77d..03df77d 100644
--- a/src/realmconfigpage.cpp
+++ b/src/primaryrealmwizard/realmconfigpage.cpp
diff --git a/src/realmconfigpage.h b/src/primaryrealmwizard/realmconfigpage.h
index 99ff81f..99ff81f 100644
--- a/src/realmconfigpage.h
+++ b/src/primaryrealmwizard/realmconfigpage.h
diff --git a/src/realmconfigpagedlg.ui b/src/primaryrealmwizard/realmconfigpagedlg.ui
index 1661407..1661407 100644
--- a/src/realmconfigpagedlg.ui
+++ b/src/primaryrealmwizard/realmconfigpagedlg.ui
diff --git a/src/realmfinishpage.cpp b/src/primaryrealmwizard/realmfinishpage.cpp
index ec5b8de..ec5b8de 100644
--- a/src/realmfinishpage.cpp
+++ b/src/primaryrealmwizard/realmfinishpage.cpp
diff --git a/src/realmfinishpage.h b/src/primaryrealmwizard/realmfinishpage.h
index 969d13b..969d13b 100644
--- a/src/realmfinishpage.h
+++ b/src/primaryrealmwizard/realmfinishpage.h
diff --git a/src/realmfinishpagedlg.ui b/src/primaryrealmwizard/realmfinishpagedlg.ui
index 514bbc7..514bbc7 100644
--- a/src/realmfinishpagedlg.ui
+++ b/src/primaryrealmwizard/realmfinishpagedlg.ui
diff --git a/src/realmintropage.cpp b/src/primaryrealmwizard/realmintropage.cpp
index a1f2450..a1f2450 100644
--- a/src/realmintropage.cpp
+++ b/src/primaryrealmwizard/realmintropage.cpp
diff --git a/src/realmintropage.h b/src/primaryrealmwizard/realmintropage.h
index 1c5a9e0..1c5a9e0 100644
--- a/src/realmintropage.h
+++ b/src/primaryrealmwizard/realmintropage.h
diff --git a/src/realmintropagedlg.ui b/src/primaryrealmwizard/realmintropagedlg.ui
index fabd670..fabd670 100644
--- a/src/realmintropagedlg.ui
+++ b/src/primaryrealmwizard/realmintropagedlg.ui
diff --git a/src/realmwizard.cpp b/src/primaryrealmwizard/realmwizard.cpp
index f2a7760..2b10dc5 100644
--- a/src/realmwizard.cpp
+++ b/src/primaryrealmwizard/realmwizard.cpp
@@ -152,6 +152,9 @@ void RealmWizard::next() {
 	}
 	else if (currentPage()==certpage) {
 		// Save certificate information
+		// RAJA FIXME
+		// If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate!
+		// If this is not done, the automatic certificate updater will fail!!!
 		m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn();
 		m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url();
 		m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url();
diff --git a/src/realmwizard.h b/src/primaryrealmwizard/realmwizard.h
index 34de72b..34de72b 100644
--- a/src/realmwizard.h
+++ b/src/primaryrealmwizard/realmwizard.h