diff options
Diffstat (limited to 'src/ldapcontroller.cpp')
| -rw-r--r-- | src/ldapcontroller.cpp | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index 4f7ff1b..ff716aa 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -51,9 +51,11 @@ #include "sha1.h" #include "ldapcontroller.h" -#include "realmwizard.h" +#include "primaryrealmwizard/realmwizard.h" #include "processingdialog.h" +#include "ldapcontrollerconfigbase.h" + // FIXME // Connect this to CMake/Automake #define KDE_CONFDIR "/etc/trinity" @@ -76,6 +78,9 @@ #define KEY_STRENGTH 2048 +// RAJA FIXME +// Certificate manager/updater (CLI, callable from crontab) still needs to be written... + typedef KGenericFactory<LDAPController, TQWidget> ldapFactory; K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller")) @@ -345,7 +350,7 @@ void LDAPController::load() { void LDAPController::updateCertDisplay() { TQDateTime certExpiry; TQDateTime now = TQDateTime::currentDateTime(); - TQDateTime soon = now.addDays(7); + TQDateTime soon = now.addDays(7); // Keep in sync with cert-updater/main.cpp TQString kdc_certfile = KERBEROS_PKI_KDC_FILE; kdc_certfile.replace("@@@KDCSERVER@@@", m_realmconfig[m_defaultRealm].kdc); @@ -397,7 +402,7 @@ void LDAPController::updateCertDisplay() { } // LDAP - if (TQFile::exists(kdc_certfile)) { + if (TQFile::exists(ldap_certfile)) { certExpiry = LDAPManager::getCertificateExpiration(ldap_certfile); if (certExpiry >= now) { m_base->ldapExpiryString->setText("Expires " + certExpiry.toString()); @@ -435,6 +440,8 @@ void LDAPController::btncaRegenerate() { KMessageBox::error(0, i18n("<qt>Unable to upload new certificate to LDAP server!<p>%1</qt>").arg(errorstring), i18n("Internal Failure")); } + delete ldap_mgr; + load(); } @@ -1173,6 +1180,19 @@ int LDAPController::uploadKerberosCAFileToLDAP(LDAPManager* ldap_mgr, TQString* return -1; } +int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQString* errstr) { + // Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server + TQFile cafile(KERBEROS_PKI_PEMKEY_FILE); + if (cafile.open(IO_ReadOnly)) { + TQByteArray cafiledata = cafile.readAll(); + if (ldap_mgr->writeCertificateFileIntoDirectory(cafiledata, "privateRootCertificateKey", errstr) != 0) { + return -1; + } + return 0; + } + return -1; +} + // #define STRICT_SETUP 1 int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) { @@ -1201,7 +1221,6 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r KTempDir configTempDir; configTempDir.setAutoDelete(true); -configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME TQString destDir = "/etc/"; pdialog.setStatusMessage(i18n("Stopping servers...")); @@ -1486,6 +1505,15 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME return -1; } + // Upload the contents of KERBEROS_PKI_PEMKEY_FILE to the LDAP server + if (uploadKerberosCAKeyFileToLDAP(ldap_mgr, &errorstring) != 0) { + delete ldap_mgr; + delete credentials; + if (errstr) *errstr = errorstring; + pdialog.closeDialog(); + return -1; + } + // Set @@@ADMINUSER@@@ password in kadmin LDAPCredentials adminuser; adminuser.username = adminUserName; |