summaryrefslogtreecommitdiffstats
path: root/src/ldapcontroller.cpp
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2012-06-04 04:00:01 -0500
committerTimothy Pearson <[email protected]>2012-06-04 04:00:01 -0500
commit085abd94d86b16825501b4215bd852fa546b31a9 (patch)
treeb3dec80f5784d3e88b8c6405668a1de7e120a2f7 /src/ldapcontroller.cpp
parentffa65c885b78a8d783f9e8cd51cf7c0b751207f9 (diff)
downloadkcmldapcontroller-085abd94d86b16825501b4215bd852fa546b31a9.tar.gz
kcmldapcontroller-085abd94d86b16825501b4215bd852fa546b31a9.zip
Fix kadmind
Diffstat (limited to 'src/ldapcontroller.cpp')
-rw-r--r--src/ldapcontroller.cpp23
1 files changed, 19 insertions, 4 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 3d679a0..67fde9a 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -325,6 +325,14 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
tqApp->processEvents();
}
+int LDAPController::controlKAdminDaemon(sc_command command) {
+ if (command == SC_RESTART) {
+ // FIXME
+ // This assumes Debian!
+ return system("/etc/init.d/openbsd-inetd restart");
+ }
+}
+
int LDAPController::controlSASLServer(sc_command command) {
if (command == SC_START) {
// FIXME
@@ -802,10 +810,11 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
slapd_uid = pwd->pw_uid;
slapd_gid = pwd->pw_gid;
-// RAJA FIXME
-// SECURITY
-// The ldapi:/// socket in /var/run/ldap is world readable/writable
-// This means anyone with access to the server running LDAP can dump the KRB5 keys!!!!
+ // SECURITY
+ // Make sure that the ldapi:/// socket in /var/run/slapd/ldapi is NOT world readable/writable (technically the permissions are for the directory containing the ldapi socket)
+ // This would mean that anyone with access to the server running LDAP can dump the KRB5 keys!
+ // FIXME
+ // Can we do anything about this now?
// Base database configuration
replacePlaceholdersInFile(templateDir + "openldap/ldif/config.ldif", destDir + "ldap/slapd.d/" + TQString("cn=config.ldif"), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, -1, slapd_uid, slapd_gid);
@@ -966,6 +975,12 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
pdialog.closeDialog();
return -1;
}
+ // Restart kadmind
+ if (controlKAdminDaemon(SC_RESTART) != 0) {
+ if (errstr) *errstr = i18n("Unable to restart Kerberos Administration Service");
+ pdialog.closeDialog();
+ return -1;
+ }
// Start SASL
if (controlSASLServer(SC_START) != 0) {