From 372cfda98cce196428a250ef9a60df64c0f7296e Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Wed, 6 Jun 2012 17:38:31 -0500 Subject: Write cert and sudoers files --- src/ldapbonding.cpp | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'src/ldapbonding.cpp') diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp index d0d5346..4d939b3 100644 --- a/src/ldapbonding.cpp +++ b/src/ldapbonding.cpp @@ -54,7 +54,6 @@ #define PAMD_DIRECTORY "/etc/pam.d/" #define PAMD_COMMON_ACCOUNT "common-account" #define PAMD_COMMON_AUTH "common-auth" -#define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db" typedef KGenericFactory ldapFactory; @@ -243,6 +242,8 @@ void LDAPConfig::defaults() { } void LDAPConfig::save() { + TQString errorstring; + // Write system configuration systemconfig->setGroup(NULL); systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked()); @@ -285,9 +286,24 @@ void LDAPConfig::save() { // Write the PAM configuration files writePAMFiles(); // Write the cron files - writeCronFiles(); - // RAJA FIXME - // Update the SUDOERS file with the domain-wide computer local admin group! + LDAPManager::writeCronFiles(); + + // Bind anonymously to LDAP + LDAPCredentials* credentials = new LDAPCredentials; + credentials->username = ""; + credentials->password = ""; + credentials->realm = m_defaultRealm.upper(); + LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials); + + // Add the domain-wide computer local admin group to local sudoers + ldap_mgr->writeSudoersConfFile(&errorstring); + // Get and install the CA root certificate from LDAP + mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring); + + delete ldap_mgr; + delete credentials; } load(); @@ -664,21 +680,6 @@ void LDAPConfig::writePAMFiles() { } } -void LDAPConfig::writeCronFiles() { - TQFile file(CRON_UPDATE_NSS_FILE); - if (file.open(IO_WriteOnly)) { - TQTextStream stream( &file ); - - stream << "# This file was automatically generated by TDE\n"; - stream << "# All changes will be lost!\n"; - stream << "\n"; - stream << "#!/bin/sh" << "\n"; - stream << "/usr/sbin/nss_updatedb ldap" << "\n"; - - file.close(); - } -} - int LDAPConfig::buttons() { return KCModule::Apply|KCModule::Help; } -- cgit v1.2.1