summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2012-06-04 04:00:01 -0500
committerTimothy Pearson <[email protected]>2012-06-04 04:00:01 -0500
commit085abd94d86b16825501b4215bd852fa546b31a9 (patch)
treeb3dec80f5784d3e88b8c6405668a1de7e120a2f7 /src
parentffa65c885b78a8d783f9e8cd51cf7c0b751207f9 (diff)
downloadkcmldapcontroller-085abd94d86b16825501b4215bd852fa546b31a9.tar.gz
kcmldapcontroller-085abd94d86b16825501b4215bd852fa546b31a9.zip
Fix kadmind
Diffstat (limited to 'src')
-rw-r--r--src/ldapcontroller.cpp23
-rw-r--r--src/ldapcontroller.h1
-rw-r--r--src/realmintropagedlg.ui3
3 files changed, 22 insertions, 5 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 3d679a0..67fde9a 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -325,6 +325,14 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
tqApp->processEvents();
}
+int LDAPController::controlKAdminDaemon(sc_command command) {
+ if (command == SC_RESTART) {
+ // FIXME
+ // This assumes Debian!
+ return system("/etc/init.d/openbsd-inetd restart");
+ }
+}
+
int LDAPController::controlSASLServer(sc_command command) {
if (command == SC_START) {
// FIXME
@@ -802,10 +810,11 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
slapd_uid = pwd->pw_uid;
slapd_gid = pwd->pw_gid;
-// RAJA FIXME
-// SECURITY
-// The ldapi:/// socket in /var/run/ldap is world readable/writable
-// This means anyone with access to the server running LDAP can dump the KRB5 keys!!!!
+ // SECURITY
+ // Make sure that the ldapi:/// socket in /var/run/slapd/ldapi is NOT world readable/writable (technically the permissions are for the directory containing the ldapi socket)
+ // This would mean that anyone with access to the server running LDAP can dump the KRB5 keys!
+ // FIXME
+ // Can we do anything about this now?
// Base database configuration
replacePlaceholdersInFile(templateDir + "openldap/ldif/config.ldif", destDir + "ldap/slapd.d/" + TQString("cn=config.ldif"), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, -1, slapd_uid, slapd_gid);
@@ -966,6 +975,12 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
pdialog.closeDialog();
return -1;
}
+ // Restart kadmind
+ if (controlKAdminDaemon(SC_RESTART) != 0) {
+ if (errstr) *errstr = i18n("Unable to restart Kerberos Administration Service");
+ pdialog.closeDialog();
+ return -1;
+ }
// Start SASL
if (controlSASLServer(SC_START) != 0) {
diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h
index 1fad5f8..cdf999f 100644
--- a/src/ldapcontroller.h
+++ b/src/ldapcontroller.h
@@ -69,6 +69,7 @@ class LDAPController: public KCModule
void processLockouts();
private:
+ int controlKAdminDaemon(sc_command command);
int controlSASLServer(sc_command command);
int controlHeimdalServer(sc_command command, uid_t userid=-1, gid_t groupid=-1);
int controlLDAPServer(sc_command command, uid_t userid=-1, gid_t groupid=-1);
diff --git a/src/realmintropagedlg.ui b/src/realmintropagedlg.ui
index 402df3e..3b4c649 100644
--- a/src/realmintropagedlg.ui
+++ b/src/realmintropagedlg.ui
@@ -70,7 +70,8 @@
<property name="text">
<string>&lt;p&gt;This Wizard will help you create a new LDAP realm in three quick, easy steps.&lt;/p&gt;
&lt;p&gt;Please note that this Wizard will overwrite any existing LDAP realms and data.&lt;/p&gt;
- &lt;p&gt;If you wish to quit the Wizard, click &lt;b&gt;Cancel&lt;/b&gt; at any time.&lt;/p&gt;</string>
+ &lt;p&gt;If you wish to quit the Wizard, click &lt;b&gt;Cancel&lt;/b&gt; at any time.&lt;/p&gt;
+ &lt;p&gt;&lt;b&gt;NOTE:&lt;/b&gt; Kerberos and LDAP rely heavily on proper DNS resolution in order to function correctly. Therefore, you must have functional forward and reverse DNS entries for this system in order to complete this Wizard.&lt;/p&gt;</string>
</property>
<property name="textFormat">
<enum>RichText</enum>