Write primary realm cert updater cron file

Fix return values Read information from provided primary certificate
13 years ago · a74f58160a
parent ec23f4b717
commit a74f58160a
2 changed files with 62 additions and 14 deletions
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@ -78,9 +78,6 @@

 #define KEY_STRENGTH 2048

-// RAJA FIXME
-// Certificate manager/updater (CLI, callable from crontab) still needs to be written...
-
 typedef KGenericFactory<LDAPController, TQWidget> ldapFactory;

 K_EXPORT_COMPONENT_FACTORY( kcm_ldapcontroller, ldapFactory("kcmldapcontroller"))
@ -224,6 +221,7 @@ void LDAPController::systemRoleChanged() {
 				pdialog.setStatusMessage(i18n("Purging local configuration..."));
 				tqApp->processEvents();

+				system(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE));
 				system(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR));

 				// Write the TDE realm configuration file
@ -751,6 +749,7 @@ int LDAPController::controlKAdminDaemon(sc_command command) {
 		// This assumes Debian!
 		return system("/etc/init.d/openbsd-inetd restart");
 	}
+	return -2;
 }

 int LDAPController::controlSASLServer(sc_command command) {
@ -769,6 +768,7 @@ int LDAPController::controlSASLServer(sc_command command) {
 		// This assumes Debian!
 		return system("/etc/init.d/saslauthd restart");
 	}
+	return -2;
 }

 int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t groupid) {
@ -803,6 +803,7 @@ int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t
 			chmod(LDAP_KEYTAB_FILE, S_IRUSR|S_IWUSR|S_IRGRP);
 		}
 	}
+	return -2;
 }

 int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t groupid) {
@ -1548,6 +1549,8 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 		return -1;
 	}

+	LDAPManager::writePrimaryRealmCertificateUpdateCronFile();
+
 	delete ldap_mgr;
 	delete credentials;

@ -1583,8 +1586,9 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	// Write the NSS update crontab file and update NSS database
 	LDAPManager::writeCronFiles();

-	// RAJA FIXME
 	pdialog.closeDialog();
+
+	return 0;
 }

 int LDAPController::buttons() {
--- a/src/primaryrealmwizard/realmwizard.cpp
+++ b/src/primaryrealmwizard/realmwizard.cpp
@ -46,6 +46,7 @@
 #include <ktextedit.h>
 #include <kpassdlg.h>
 #include <kurlrequester.h>
+#include <ksslcertificate.h>

 #include <stdlib.h>

@ -152,9 +153,6 @@ void RealmWizard::next() {
 	}
 	else if (currentPage()==certpage) {
 		// Save certificate information
-		// RAJA FIXME
-		// If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate!
-		// If this is not done, the automatic certificate updater will fail!!!
 		m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn();
 		m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url();
 		m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url();
@ -162,13 +160,59 @@ void RealmWizard::next() {
 		m_certconfig.provided_kerberos_key = certpage->kerberosKEY->url();
 		m_certconfig.provided_ldap_crt = certpage->ldapCRT->url();
 		m_certconfig.provided_ldap_key = certpage->ldapKEY->url();
-		m_certconfig.organizationName = certpage->organizationName->text();
-		m_certconfig.orgUnitName = certpage->orgUnitName->text();
-		m_certconfig.commonName = certpage->commonName->text();
-		m_certconfig.localityName = certpage->localityName->text();
-		m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text();
-		m_certconfig.countryName = certpage->countryName->text();
-		m_certconfig.emailAddress = certpage->emailAddress->text();
+		if (m_certconfig.generate_certs) {
+			m_certconfig.organizationName = certpage->organizationName->text();
+			m_certconfig.orgUnitName = certpage->orgUnitName->text();
+			m_certconfig.commonName = certpage->commonName->text();
+			m_certconfig.localityName = certpage->localityName->text();
+			m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text();
+			m_certconfig.countryName = certpage->countryName->text();
+			m_certconfig.emailAddress = certpage->emailAddress->text();
+		}
+		else {
+			// If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate
+			// If this is not done, the automatic certificate updater will fail!
+			TQFile file(m_certconfig.provided_kerberos_pem);
+			if (file.open(IO_ReadOnly)) {
+				TQByteArray ba = file.readAll();
+				file.close();
+		
+				TQCString ssldata(ba);
+				ssldata.replace("-----BEGIN CERTIFICATE-----", "");
+				ssldata.replace("-----END CERTIFICATE-----", "");
+				ssldata.replace("\n", "");
+				KSSLCertificate* cert = KSSLCertificate::fromString(ssldata);
+				if (cert) {
+					TQString subj = cert->getSubject();
+					TQStringList subjList = TQStringList::split("/", subj, false);
+					for (TQStringList::Iterator it = subjList.begin(); it != subjList.end(); ++it) {
+						TQStringList kvPair = TQStringList::split("=", *it, false);
+						if (kvPair[0] == "O") {
+							m_certconfig.organizationName = kvPair[1];
+						}
+						else if (kvPair[0] == "OU") {
+							m_certconfig.orgUnitName = kvPair[1];
+						}
+						else if (kvPair[0] == "CN") {
+							m_certconfig.commonName = kvPair[1];
+						}
+						else if (kvPair[0] == "L") {
+							m_certconfig.localityName = kvPair[1];
+						}
+						else if (kvPair[0] == "ST") {
+							m_certconfig.stateOrProvinceName = kvPair[1];
+						}
+						else if (kvPair[0] == "C") {
+							m_certconfig.countryName = kvPair[1];
+						}
+						else if (kvPair[0] == "emailAddress") {
+							m_certconfig.emailAddress = kvPair[1];
+						}
+					}
+					delete cert;
+				}
+			}
+		}

 		TQWizard::next();
 		finishpage->validateEntries();