Fix up Kerberos PKI certificate generation

author: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2015-08-31 21:29:22 +0000
committer: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2015-08-31 21:29:22 +0000
commit: 6df22c8ca2210f5d59edb5e77f5541bdbd8f3e6f (patch)
tree: fcc203b5c04e57e1ffcba2fc4867fee6ef46ab66 /src/libtdeldap.h
parent: d6f004658dac16c19a6e4a6109b93b5b52adddc0 (diff)
download: libtdeldap-6df22c8ca2210f5d59edb5e77f5541bdbd8f3e6f.tar.gz
libtdeldap-6df22c8ca2210f5d59edb5e77f5541bdbd8f3e6f.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index 09db75d..9c356a5 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -55,7 +55,7 @@
 #define LDAP_CERTKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.key"
 #define LDAP_CERTREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.req"
 
-#define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "pki_extensions"
+#define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "openssl.cfg"
 
 #define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
 
@@ -180,6 +180,7 @@ class LDAPRealmConfig
 		bool pkinit_require_krbtgt_otherName;
 		bool win2k_pkinit;
 		bool win2k_pkinit_require_binding;
+		TQString certificate_revocation_list_url;
 };
 
 // PRIVATE
@@ -512,11 +513,12 @@ class LDAPManager : public TQObject {
 		static LDAPRealmConfigList readTDERealmList(KSimpleConfig* config, bool disableAllBonds=false);
 		static TQDateTime getCertificateExpiration(TQString certfile);
 
-		static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo);
+		static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg);
 		static int generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg);
 		static int generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg, uid_t ldap_uid, gid_t ldap_gid);
 
 		static TQString ldapdnForRealm(TQString realm);
+		static TQString openssldcForRealm(TQString realm);
 		static TQString cnFromDn(TQString dn);
 
 		static KerberosTicketInfoList getKerberosTicketList(TQString cache=TQString::null, TQString *cacheFileName=0);
@@ -533,6 +535,7 @@ class LDAPManager : public TQObject {
 		static int writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig, LDAPRealmConfigList realmList, TQString *errstr=0);
 		static int writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr=0);
 		static int writeNSSwitchFile(TQString *errstr=0);
+		static int writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQString *errstr=0);
 		static int writeClientCronFiles(TQString *errstr=0);
 		static int writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr=0);
author	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2015-08-31 21:29:22 +0000
committer	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2015-08-31 21:29:22 +0000
commit	6df22c8ca2210f5d59edb5e77f5541bdbd8f3e6f (patch)
tree	fcc203b5c04e57e1ffcba2fc4867fee6ef46ab66 /src/libtdeldap.h
parent	d6f004658dac16c19a6e4a6109b93b5b52adddc0 (diff)
download	libtdeldap-6df22c8ca2210f5d59edb5e77f5541bdbd8f3e6f.tar.gz libtdeldap-6df22c8ca2210f5d59edb5e77f5541bdbd8f3e6f.zip