diff options
| -rw-r--r-- | cert-updater/main.cpp | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/cert-updater/main.cpp b/cert-updater/main.cpp index 2933ba3..dc338df 100644 --- a/cert-updater/main.cpp +++ b/cert-updater/main.cpp @@ -171,7 +171,7 @@ int main(int argc, char *argv[]) if (force_update || (certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) { printf("Regenerating certificate %s...\n", TQString(KERBEROS_PKI_PEM_FILE).ascii()); fflush(stdout); LDAPManager::generatePublicKerberosCACertificate(m_certconfig, m_realmconfig[m_defaultRealm]); - + // Upload the contents of KERBEROS_PKI_PEM_FILE to the LDAP server TQString errorstring; if (uploadKerberosCAFileToLDAP(ldap_mgr, &errorstring) != 0) { @@ -180,7 +180,7 @@ int main(int argc, char *argv[]) ca_modified = true; } - + // Set permissions chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR); chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0); @@ -215,7 +215,7 @@ int main(int argc, char *argv[]) } else { printf("This server is a realm CA slave\n"); fflush(stdout); - + // Connect to LDAP TQString realmname = defaultRealm.upper(); LDAPCredentials* credentials = new LDAPCredentials; @@ -226,22 +226,22 @@ int main(int argc, char *argv[]) credentials->realm = realmname; LDAPManager* ldap_mgr = new LDAPManager(realmname, TQString("ldaps://%1/").arg(realmCAMaster), credentials); TQString errorstring; - + if (ldap_mgr->getTDECertificate("privateRootCertificateKey", KERBEROS_PKI_PEMKEY_FILE ".tmp", &errorstring) != 0) { printf("[ERROR] Unable to get private CA certificate key from LDAP server!\n%s\n", errorstring.ascii()); fflush(stdout); } if (ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PEM_FILE ".tmp", &errorstring) != 0) { printf("[ERROR] Unable to get public CA certificate from LDAP server!\n%s\n", errorstring.ascii()); fflush(stdout); } - + delete ldap_mgr; delete credentials; - + TQByteArray originalPemKeyFile; TQByteArray originalPemFile; TQByteArray newPemKeyFile; TQByteArray newPemFile; - + TQFile* cafile; cafile = new TQFile(KERBEROS_PKI_PEMKEY_FILE); if (cafile->open(IO_ReadOnly)) { @@ -263,7 +263,7 @@ int main(int argc, char *argv[]) newPemFile = cafile->readAll(); } delete cafile; - + if ((originalPemKeyFile == newPemKeyFile) && (originalPemFile == newPemFile)) { unlink(KERBEROS_PKI_PEMKEY_FILE ".tmp"); unlink(KERBEROS_PKI_PEM_FILE ".tmp"); @@ -277,7 +277,7 @@ int main(int argc, char *argv[]) force_update = true; printf("Certificates have changed, forcing certificate regeneration\n"); } - + // Set permissions chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR); chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0); @@ -315,13 +315,13 @@ int main(int argc, char *argv[]) printf("Regenerating certificate %s...\n", ldap_certfile.ascii()); fflush(stdout); uid_t slapd_uid = 0; gid_t slapd_gid = 0; - + // Get LDAP user uid/gid struct passwd *pwd; pwd = getpwnam(m_ldapUserName); slapd_uid = pwd->pw_uid; slapd_gid = pwd->pw_gid; - + LDAPManager::generatePublicLDAPCertificate(m_certconfig, m_realmconfig[m_defaultRealm], slapd_uid, slapd_gid); } } |