diff options
author | Timothy Pearson <[email protected]> | 2012-06-04 04:00:01 -0500 |
---|---|---|
committer | Timothy Pearson <[email protected]> | 2012-06-04 04:00:01 -0500 |
commit | 085abd94d86b16825501b4215bd852fa546b31a9 (patch) | |
tree | b3dec80f5784d3e88b8c6405668a1de7e120a2f7 /src/ldapcontroller.cpp | |
parent | ffa65c885b78a8d783f9e8cd51cf7c0b751207f9 (diff) | |
download | kcmldapcontroller-085abd94d86b16825501b4215bd852fa546b31a9.tar.gz kcmldapcontroller-085abd94d86b16825501b4215bd852fa546b31a9.zip |
Fix kadmind
Diffstat (limited to 'src/ldapcontroller.cpp')
-rw-r--r-- | src/ldapcontroller.cpp | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index 3d679a0..67fde9a 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -325,6 +325,14 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi tqApp->processEvents(); } +int LDAPController::controlKAdminDaemon(sc_command command) { + if (command == SC_RESTART) { + // FIXME + // This assumes Debian! + return system("/etc/init.d/openbsd-inetd restart"); + } +} + int LDAPController::controlSASLServer(sc_command command) { if (command == SC_START) { // FIXME @@ -802,10 +810,11 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME slapd_uid = pwd->pw_uid; slapd_gid = pwd->pw_gid; -// RAJA FIXME -// SECURITY -// The ldapi:/// socket in /var/run/ldap is world readable/writable -// This means anyone with access to the server running LDAP can dump the KRB5 keys!!!! + // SECURITY + // Make sure that the ldapi:/// socket in /var/run/slapd/ldapi is NOT world readable/writable (technically the permissions are for the directory containing the ldapi socket) + // This would mean that anyone with access to the server running LDAP can dump the KRB5 keys! + // FIXME + // Can we do anything about this now? // Base database configuration replacePlaceholdersInFile(templateDir + "openldap/ldif/config.ldif", destDir + "ldap/slapd.d/" + TQString("cn=config.ldif"), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, -1, slapd_uid, slapd_gid); @@ -966,6 +975,12 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME pdialog.closeDialog(); return -1; } + // Restart kadmind + if (controlKAdminDaemon(SC_RESTART) != 0) { + if (errstr) *errstr = i18n("Unable to restart Kerberos Administration Service"); + pdialog.closeDialog(); + return -1; + } // Start SASL if (controlSASLServer(SC_START) != 0) { |