|
|
|
@ -314,8 +314,8 @@ void LDAPController::systemRoleChanged() {
|
|
|
|
|
pdialog.setStatusMessage(i18n("Purging local configuration..."));
|
|
|
|
|
tqApp->processEvents();
|
|
|
|
|
|
|
|
|
|
system_safe(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE));
|
|
|
|
|
system_safe(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR));
|
|
|
|
|
system_safe(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE).local8Bit());
|
|
|
|
|
system_safe(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR).local8Bit());
|
|
|
|
|
|
|
|
|
|
// Write the TDE realm configuration file
|
|
|
|
|
LDAPRealmConfigList realms;
|
|
|
|
@ -682,7 +682,7 @@ void LDAPController::btnldapRegenerate() {
|
|
|
|
|
|
|
|
|
|
// Get LDAP user uid/gid
|
|
|
|
|
struct passwd *pwd;
|
|
|
|
|
pwd = getpwnam(m_ldapUserName);
|
|
|
|
|
pwd = getpwnam(m_ldapUserName.local8Bit());
|
|
|
|
|
slapd_uid = pwd->pw_uid;
|
|
|
|
|
slapd_gid = pwd->pw_gid;
|
|
|
|
|
|
|
|
|
@ -758,7 +758,7 @@ void LDAPController::btnChangeLDAPRootPassword() {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ifile.close();
|
|
|
|
|
unlink(oldconfigfilename);
|
|
|
|
|
unlink(oldconfigfilename.local8Bit());
|
|
|
|
|
ofile.close();
|
|
|
|
|
if (controlLDAPServer(SC_START) == 0) {
|
|
|
|
|
ret = true;
|
|
|
|
@ -1145,7 +1145,7 @@ int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t
|
|
|
|
|
}
|
|
|
|
|
if (command == SC_PURGE) {
|
|
|
|
|
controlHeimdalServer(SC_STOP);
|
|
|
|
|
system_safe("rm -f " + TQString(LDAP_KEYTAB_FILE));
|
|
|
|
|
system_safe(TQString("rm -f %1").arg(LDAP_KEYTAB_FILE).local8Bit());
|
|
|
|
|
// FIXME
|
|
|
|
|
// This assumes Debian
|
|
|
|
|
system_safe("rm -f /etc/krb5.keytab");
|
|
|
|
@ -1215,7 +1215,7 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
|
|
|
|
|
prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
command = TQCString("init "+realmName);
|
|
|
|
|
command = TQCString("init ")+realmName.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1285,7 +1285,7 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
|
|
|
|
|
prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
command = TQCString("ext "+hoststring);
|
|
|
|
|
command = TQCString("ext ")+hoststring.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1308,7 +1308,7 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
command = TQCString("ank --random-key "+hoststring);
|
|
|
|
|
command = TQCString("ank --random-key ")+hoststring.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1333,7 +1333,7 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
|
|
|
|
|
leftbracket++;
|
|
|
|
|
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
|
|
|
|
|
}
|
|
|
|
|
command = TQCString(defaultParam);
|
|
|
|
|
command = defaultParam.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1343,7 +1343,7 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
command = TQCString("ext "+hoststring);
|
|
|
|
|
command = TQCString("ext ")+hoststring.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1394,7 +1394,7 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
|
|
|
|
|
prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
|
|
|
|
|
command = TQCString("ext --keytab=")+LDAP_KEYTAB_FILE+" "+hoststring.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1417,7 +1417,7 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
command = TQCString("ank --random-key "+hoststring);
|
|
|
|
|
command = TQCString("ank --random-key ")+hoststring.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1442,7 +1442,7 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
|
|
|
|
|
leftbracket++;
|
|
|
|
|
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
|
|
|
|
|
}
|
|
|
|
|
command = TQCString(defaultParam);
|
|
|
|
|
command = defaultParam.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1452,7 +1452,7 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
|
|
|
|
|
command = TQCString("ext --keytab=")+LDAP_KEYTAB_FILE+" "+hoststring.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1497,7 +1497,7 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
|
|
|
|
|
|
|
|
|
|
TQCString command = "kadmin";
|
|
|
|
|
QCStringList args;
|
|
|
|
|
args << TQCString("-l") << TQCString("-r") << TQCString(user.realm.upper());
|
|
|
|
|
args << TQCString("-l") << TQCString("-r") << user.realm.upper().local8Bit();
|
|
|
|
|
|
|
|
|
|
TQString prompt;
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
@ -1505,7 +1505,7 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
|
|
|
|
|
prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
command = TQCString("passwd "+user.username);
|
|
|
|
|
command = TQCString("passwd ")+user.username.local8Bit();
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
@ -1570,7 +1570,7 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
|
|
|
|
|
// Certificate authority certificate
|
|
|
|
|
TQString command;
|
|
|
|
|
command = TQString("openssl genrsa -out %1 %2").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KEY_STRENGTH);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR);
|
|
|
|
|
chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
|
|
|
|
|
|
|
|
|
@ -1584,7 +1584,7 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
|
|
|
|
|
kdc_keyfile.replace("@@@KDCSERVER@@@", realmconfig.name.lower());
|
|
|
|
|
kdc_reqfile.replace("@@@KDCSERVER@@@", realmconfig.name.lower());
|
|
|
|
|
command = TQString("openssl genrsa -out %1 %2").arg(kdc_keyfile).arg(KEY_STRENGTH);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
chmod(kdc_keyfile.ascii(), S_IRUSR|S_IWUSR);
|
|
|
|
|
chown_safe(kdc_keyfile.ascii(), 0, 0);
|
|
|
|
|
|
|
|
|
@ -1598,7 +1598,7 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
|
|
|
|
|
ldap_keyfile.replace("@@@ADMINSERVER@@@", realmconfig.name.lower());
|
|
|
|
|
ldap_reqfile.replace("@@@ADMINSERVER@@@", realmconfig.name.lower());
|
|
|
|
|
command = TQString("openssl genrsa -out %1 %2").arg(ldap_keyfile).arg(KEY_STRENGTH);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
chmod(ldap_keyfile.ascii(), S_IRUSR|S_IWUSR);
|
|
|
|
|
chown_safe(ldap_keyfile.ascii(), ldap_uid, ldap_gid);
|
|
|
|
|
|
|
|
|
@ -1808,7 +1808,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
|
|
|
|
|
|
|
|
|
|
// Get LDAP user uid/gid
|
|
|
|
|
struct passwd *pwd;
|
|
|
|
|
pwd = getpwnam(m_ldapUserName);
|
|
|
|
|
pwd = getpwnam(m_ldapUserName.local8Bit());
|
|
|
|
|
slapd_uid = pwd->pw_uid;
|
|
|
|
|
slapd_gid = pwd->pw_gid;
|
|
|
|
|
|
|
|
|
@ -1893,17 +1893,17 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
|
|
|
|
|
// There has GOT to be a better way to do this than system()!!!
|
|
|
|
|
TQString command;
|
|
|
|
|
command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_pem).arg(KERBEROS_PKI_PEMKEY_FILE);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_pemkey).arg(KERBEROS_PKI_PEM_FILE);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_crt).arg(kdc_certfile);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_key).arg(kdc_keyfile);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
command = TQString("cp %1 %2").arg(certinfo.provided_ldap_crt).arg(ldap_certfile);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
command = TQString("cp %1 %2").arg(certinfo.provided_ldap_key).arg(ldap_keyfile);
|
|
|
|
|
system_safe(command);
|
|
|
|
|
system_safe(command.local8Bit());
|
|
|
|
|
|
|
|
|
|
// Set permissions
|
|
|
|
|
chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR);
|
|
|
|
|