From 6df22c8ca2210f5d59edb5e77f5541bdbd8f3e6f Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Mon, 31 Aug 2015 21:29:22 +0000
Subject: Fix up Kerberos PKI certificate generation

---
 src/libtdeldap.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/libtdeldap.h')

diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index 09db75d..9c356a5 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -55,7 +55,7 @@
 #define LDAP_CERTKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.key"
 #define LDAP_CERTREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.req"
 
-#define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "pki_extensions"
+#define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "openssl.cfg"
 
 #define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
 
@@ -180,6 +180,7 @@ class LDAPRealmConfig
 		bool pkinit_require_krbtgt_otherName;
 		bool win2k_pkinit;
 		bool win2k_pkinit_require_binding;
+		TQString certificate_revocation_list_url;
 };
 
 // PRIVATE
@@ -512,11 +513,12 @@ class LDAPManager : public TQObject {
 		static LDAPRealmConfigList readTDERealmList(KSimpleConfig* config, bool disableAllBonds=false);
 		static TQDateTime getCertificateExpiration(TQString certfile);
 
-		static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo);
+		static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg);
 		static int generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg);
 		static int generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg, uid_t ldap_uid, gid_t ldap_gid);
 
 		static TQString ldapdnForRealm(TQString realm);
+		static TQString openssldcForRealm(TQString realm);
 		static TQString cnFromDn(TQString dn);
 
 		static KerberosTicketInfoList getKerberosTicketList(TQString cache=TQString::null, TQString *cacheFileName=0);
@@ -533,6 +535,7 @@ class LDAPManager : public TQObject {
 		static int writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig, LDAPRealmConfigList realmList, TQString *errstr=0);
 		static int writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr=0);
 		static int writeNSSwitchFile(TQString *errstr=0);
+		static int writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQString *errstr=0);
 		static int writeClientCronFiles(TQString *errstr=0);
 		static int writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr=0);
 
-- 
cgit v1.2.1