summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libtdeldap.cpp39
1 files changed, 20 insertions, 19 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 661e3e6..8a14cc3 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -4117,7 +4117,22 @@ int LDAPManager::getTDECertificate(TQString certificateName, TQFile *fileHandle,
TQByteArray ba;
returncode = getTDECertificate(certificateName, &ba, errstr);
if (returncode == 0) {
- fileHandle->writeBlock(ba);
+ if (fileHandle->open(IO_WriteOnly)) {
+ fileHandle->writeBlock(ba);
+ fileHandle->close();
+
+ if (chmod(TQFile::encodeName(fileHandle->name()).data(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
+ if (errstr) *errstr = i18n("Unable to change permissions of \"%1\"").arg(TQFile::encodeName(fileHandle->name()).data());
+ return -1;
+ }
+ else {
+ return 0;
+ }
+ }
+ else {
+ if (errstr) *errstr = i18n("Unable to open file \"%1\" for writing").arg(TQFile::encodeName(fileHandle->name()).data());
+ return -1;
+ }
}
return returncode;
@@ -4125,21 +4140,7 @@ int LDAPManager::getTDECertificate(TQString certificateName, TQFile *fileHandle,
int LDAPManager::getTDECertificate(TQString certificateName, TQString fileName, TQString *errstr) {
TQFile file(fileName);
- if (file.open(IO_WriteOnly)) {
- getTDECertificate(certificateName, &file, errstr);
- file.close();
- if (chmod(fileName.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
- if (errstr) *errstr = i18n("Unable to change permissions of \"%1\"").arg(fileName.ascii());
- return -1;
- }
- else {
- return 0;
- }
- }
- else {
- if (errstr) *errstr = i18n("Unable to open file \"%1\" for writing").arg(fileName.ascii());
- return -1;
- }
+ return getTDECertificate(certificateName, &file, errstr);
}
int LDAPManager::writeSudoersConfFile(TQString *errstr) {
@@ -5069,7 +5070,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
stream << "# All changes will be lost!\n";
stream << "\n";
stream << "auth [default=ignore success=ignore] pam_mount.so" << "\n";
- stream << "auth [success=done new_authtok_reqd=done default=ignore] pam_unix.so nullok try_first_pass" << "\n";
+ stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_unix.so nullok try_first_pass" << "\n";
if (pamConfig.enable_cached_credentials) {
stream << "auth [default=ignore success=1 service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n";
stream << "auth [default=1 success=done] pam_ccreds.so action=validate use_first_pass" << "\n";
@@ -5079,8 +5080,8 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n";
}
if (pamConfig.enable_pkcs11_login) {
- stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so" << "\n";
- // stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_krb5.so force_first_pass no_prompt try_pkinit" << "\n";
+ stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so use_first_pass first_pass_is_pin no_prompt try_pkinit" << "\n";
+ stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so use_first_pass" << "\n";
}
stream << "auth required pam_deny.so" << "\n";