diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-10-02 16:06:13 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-10-02 16:06:13 -0500 |
| commit | ca4c872008ca065066398629f76818e1c4286adf (patch) | |
| tree | 6340ca03e79374731c7847f7cf4254d1d5e87ff5 | |
| parent | f1b7b0381a9ef285092a4043eaeb81e12913bb71 (diff) | |
| download | libtdeldap-ca4c872008ca065066398629f76818e1c4286adf.tar.gz libtdeldap-ca4c872008ca065066398629f76818e1c4286adf.zip | |
Properly report certificate retrieval failures to calling application
| -rw-r--r-- | src/libtdeldap.cpp | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 661e3e6..8a14cc3 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -4117,7 +4117,22 @@ int LDAPManager::getTDECertificate(TQString certificateName, TQFile *fileHandle, TQByteArray ba; returncode = getTDECertificate(certificateName, &ba, errstr); if (returncode == 0) { - fileHandle->writeBlock(ba); + if (fileHandle->open(IO_WriteOnly)) { + fileHandle->writeBlock(ba); + fileHandle->close(); + + if (chmod(TQFile::encodeName(fileHandle->name()).data(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) { + if (errstr) *errstr = i18n("Unable to change permissions of \"%1\"").arg(TQFile::encodeName(fileHandle->name()).data()); + return -1; + } + else { + return 0; + } + } + else { + if (errstr) *errstr = i18n("Unable to open file \"%1\" for writing").arg(TQFile::encodeName(fileHandle->name()).data()); + return -1; + } } return returncode; @@ -4125,21 +4140,7 @@ int LDAPManager::getTDECertificate(TQString certificateName, TQFile *fileHandle, int LDAPManager::getTDECertificate(TQString certificateName, TQString fileName, TQString *errstr) { TQFile file(fileName); - if (file.open(IO_WriteOnly)) { - getTDECertificate(certificateName, &file, errstr); - file.close(); - if (chmod(fileName.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) { - if (errstr) *errstr = i18n("Unable to change permissions of \"%1\"").arg(fileName.ascii()); - return -1; - } - else { - return 0; - } - } - else { - if (errstr) *errstr = i18n("Unable to open file \"%1\" for writing").arg(fileName.ascii()); - return -1; - } + return getTDECertificate(certificateName, &file, errstr); } int LDAPManager::writeSudoersConfFile(TQString *errstr) { @@ -5069,7 +5070,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) { stream << "# All changes will be lost!\n"; stream << "\n"; stream << "auth [default=ignore success=ignore] pam_mount.so" << "\n"; - stream << "auth [success=done new_authtok_reqd=done default=ignore] pam_unix.so nullok try_first_pass" << "\n"; + stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_unix.so nullok try_first_pass" << "\n"; if (pamConfig.enable_cached_credentials) { stream << "auth [default=ignore success=1 service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n"; stream << "auth [default=1 success=done] pam_ccreds.so action=validate use_first_pass" << "\n"; @@ -5079,8 +5080,8 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) { stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n"; } if (pamConfig.enable_pkcs11_login) { - stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so" << "\n"; - // stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_krb5.so force_first_pass no_prompt try_pkinit" << "\n"; + stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so use_first_pass first_pass_is_pin no_prompt try_pkinit" << "\n"; + stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so use_first_pass" << "\n"; } stream << "auth required pam_deny.so" << "\n"; |