Move primary realm wizard sources to separate directory

Add cert-updater

1 files changed, 32 insertions, 4 deletions

diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 4f7ff1b..ff716aa 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -51,9 +51,11 @@
 #include "sha1.h"
 
 #include "ldapcontroller.h"
-#include "realmwizard.h"
+#include "primaryrealmwizard/realmwizard.h"
 #include "processingdialog.h"
 
+#include "ldapcontrollerconfigbase.h"
+
 // FIXME
 // Connect this to CMake/Automake
 #define KDE_CONFDIR "/etc/trinity"
@@ -76,6 +78,9 @@
 
 #define KEY_STRENGTH 2048
 
+// RAJA FIXME
+// Certificate manager/updater (CLI, callable from crontab) still needs to be written...
+
 typedef KGenericFactory<LDAPController, TQWidget> ldapFactory;
 
 K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller"))
@@ -345,7 +350,7 @@ void LDAPController::load() {
 void LDAPController::updateCertDisplay() {
 	TQDateTime certExpiry;
 	TQDateTime now = TQDateTime::currentDateTime();
-	TQDateTime soon = now.addDays(7);
+	TQDateTime soon = now.addDays(7);	// Keep in sync with cert-updater/main.cpp
 
 	TQString kdc_certfile = KERBEROS_PKI_KDC_FILE;
 	kdc_certfile.replace("@@@KDCSERVER@@@", m_realmconfig[m_defaultRealm].kdc);
@@ -397,7 +402,7 @@ void LDAPController::updateCertDisplay() {
 	}
 
 	// LDAP
-	if (TQFile::exists(kdc_certfile)) {
+	if (TQFile::exists(ldap_certfile)) {
 		certExpiry = LDAPManager::getCertificateExpiration(ldap_certfile);
 		if (certExpiry >= now) {
 			m_base->ldapExpiryString->setText("Expires " + certExpiry.toString());
@@ -435,6 +440,8 @@ void LDAPController::btncaRegenerate() {
 		KMessageBox::error(0, i18n("<qt>Unable to upload new certificate to LDAP server!<p>%1</qt>").arg(errorstring), i18n("Internal Failure"));
 	}
 
+	delete ldap_mgr;
+
 	load();
 }
 
@@ -1173,6 +1180,19 @@ int LDAPController::uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString*
 	return -1;
 }
 
+int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr) {
+	// Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server
+	TQFile cafile(KERBEROS_PKI_PEMKEY_FILE);
+	if (cafile.open(IO_ReadOnly)) {
+		TQByteArray cafiledata = cafile.readAll();
+		if (ldap_mgr->writeCertificateFileIntoDirectory(cafiledata, "privateRootCertificateKey", errstr) != 0) {
+			return -1;
+		}
+		return 0;
+	}
+	return -1;
+}
+
 // #define STRICT_SETUP 1
 
 int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) {
@@ -1201,7 +1221,6 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 
 	KTempDir configTempDir;
 	configTempDir.setAutoDelete(true);
-configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 	TQString destDir = "/etc/";
 
 	pdialog.setStatusMessage(i18n("Stopping servers..."));
@@ -1486,6 +1505,15 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 		return -1;
 	}
 
+	// Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server
+	if (uploadKerberosCAKeyFileToLDAP(ldap_mgr, &errorstring) != 0) {
+		delete ldap_mgr;
+		delete credentials;
+		if (errstr) *errstr = errorstring;
+		pdialog.closeDialog();
+		return -1;
+	}
+
 	// Set @@@ADMINUSER@@@ password in kadmin
 	LDAPCredentials adminuser;
 	adminuser.username = adminUserName;