summaryrefslogtreecommitdiffstats
path: root/src/ldapcontroller.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/ldapcontroller.cpp')
-rw-r--r--src/ldapcontroller.cpp71
1 files changed, 71 insertions, 0 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 092fe71..ceb4c52 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -130,6 +130,8 @@ LDAPController::LDAPController(TQWidget *parent, const char *name, const TQStrin
connect(m_base->ldapExportKey, TQT_SIGNAL(clicked()), this, TQT_SLOT(btnldapExportKey()));
connect(m_base->ldapExportCert, TQT_SIGNAL(clicked()), this, TQT_SLOT(btnldapExportCert()));
+ connect(m_base->crlRegenerate, TQT_SIGNAL(clicked()), this, TQT_SLOT(btncrlRegenerate()));
+
connect(m_base->btnChangeLDAPRootPassword, TQT_SIGNAL(clicked()), this, TQT_SLOT(btnChangeLDAPRootPassword()));
connect(m_base->btnChangeRealmAdminPassword, TQT_SIGNAL(clicked()), this, TQT_SLOT(btnChangeRealmAdminPassword()));
@@ -145,6 +147,7 @@ LDAPController::LDAPController(TQWidget *parent, const char *name, const TQStrin
connect(m_base->multiMasterReplicationMappings, TQT_SIGNAL(executed(TQListViewItem*)), this, TQT_SLOT(modifySelectedMultiMasterReplication()));
connect(m_base->advancedCaCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(caCertExpiryChanged()));
+ connect(m_base->advancedCaCrlExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(caCrlCertExpiryChanged()));
connect(m_base->advancedKerberosCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(kerberosCertExpiryChanged()));
connect(m_base->advancedLdapCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(ldapCertExpiryChanged()));
@@ -384,6 +387,7 @@ void LDAPController::load() {
// Load cert config
m_systemconfig->setGroup("Certificates");
m_certconfig.caExpiryDays = m_systemconfig->readNumEntry("caExpiryDays", KERBEROS_PKI_PEMKEY_EXPIRY_DAYS);
+ m_certconfig.caCrlExpiryDays = m_systemconfig->readNumEntry("caCrlExpiryDays", KERBEROS_PKI_CRL_EXPIRY_DAYS);
m_certconfig.kerberosExpiryDays = m_systemconfig->readNumEntry("kerberosExpiryDays", KERBEROS_PKI_KRB_EXPIRY_DAYS);
m_certconfig.ldapExpiryDays = m_systemconfig->readNumEntry("ldapExpiryDays", KERBEROS_PKI_LDAP_EXPIRY_DAYS);
m_certconfig.countryName = m_systemconfig->readEntry("countryName");
@@ -470,6 +474,7 @@ void LDAPController::load() {
}
m_base->advancedCaCertExpiry->setValue(m_certconfig.caExpiryDays);
+ m_base->advancedCaCrlExpiry->setValue(m_certconfig.caCrlExpiryDays);
m_base->advancedKerberosCertExpiry->setValue(m_certconfig.kerberosExpiryDays);
m_base->advancedLdapCertExpiry->setValue(m_certconfig.ldapExpiryDays);
@@ -505,6 +510,13 @@ void LDAPController::updateCertDisplay() {
TQString ldap_certfile = LDAP_CERT_FILE;
ldap_certfile.replace("@@@ADMINSERVER@@@", m_realmconfig[m_defaultRealm].name.lower());
+ TQString realmname = m_defaultRealm.upper();
+ LDAPCredentials* credentials = new LDAPCredentials;
+ credentials->username = "";
+ credentials->password = "";
+ credentials->realm = realmname;
+ LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials);
+
// Certificate Authority
if (TQFile::exists(KERBEROS_PKI_PEM_FILE)) {
certExpiry = LDAPManager::getCertificateExpiration(KERBEROS_PKI_PEM_FILE);
@@ -570,6 +582,38 @@ void LDAPController::updateCertDisplay() {
m_base->ldapExpiryString->setText("File not found");
m_base->ldapExpiryString->setPaletteForegroundColor(CERT_STATUS_COLOR_NOTFOUND);
}
+
+ // Certificate Revocation List
+// FIXME
+// KSSLCertificate does not appear to understand the CRL format
+// Debug and reactivate this code
+#if 0
+ TQByteArray certificateContents;
+ if (ldap_mgr->getTDECertificate("publicRootCertificateRevocationList", &certificateContents, NULL) == 0) {
+ certExpiry = LDAPManager::getCertificateExpiration(certificateContents);
+ if (certExpiry >= now) {
+ m_base->crlExpiryString->setText("Expires " + certExpiry.toString());
+ if (certExpiry >= soon) {
+ m_base->crlExpiryString->setPaletteForegroundColor(CERT_STATUS_COLOR_ACTIVE);
+ }
+ else {
+ m_base->crlExpiryString->setPaletteForegroundColor(CERT_STATUS_COLOR_STALE);
+ }
+ }
+ else {
+ m_base->crlExpiryString->setText("Expired " + certExpiry.toString());
+ m_base->crlExpiryString->setPaletteForegroundColor(CERT_STATUS_COLOR_EXPIRED);
+ }
+ }
+ else {
+ m_base->crlExpiryString->setText("File not found");
+ m_base->crlExpiryString->setPaletteForegroundColor(CERT_STATUS_COLOR_NOTFOUND);
+ }
+#else
+ m_base->crlExpiryString->setText("Unknown");
+#endif
+
+ delete ldap_mgr;
}
void LDAPController::btncaSetMaster() {
@@ -712,6 +756,26 @@ void LDAPController::btnldapExportCert() {
}
}
+void LDAPController::btncrlRegenerate() {
+ TQString errstr;
+
+ // Bind to realm
+ TQString realmname = m_defaultRealm.upper();
+ LDAPCredentials* credentials = new LDAPCredentials;
+ credentials->username = "";
+ credentials->password = "";
+ credentials->realm = realmname;
+ LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials);
+
+ if (ldap_mgr->generatePKICRL(m_certconfig.caCrlExpiryDays, m_realmconfig[m_defaultRealm], KERBEROS_PKI_PEMKEY_FILE, KERBEROS_PKI_CRLDB_FILE, &errstr) != 0) {
+ KMessageBox::error(this, i18n("<qt><b>Unable to regenerate CRL</b><p>Details: %1</qt>").arg(errstr), i18n("Unable to Regenerate CRL"));
+ }
+
+ delete ldap_mgr;
+
+ load();
+}
+
void LDAPController::slotCertCopyResult(TDEIO::Job* job) {
if (job->error()) {
job->showErrorDialog(this);
@@ -927,6 +991,12 @@ void LDAPController::caCertExpiryChanged() {
emit(changed());
}
+void LDAPController::caCrlExpiryChanged() {
+ m_certconfig.caCrlExpiryDays = m_base->advancedCaCrlExpiry->value();
+
+ emit(changed());
+}
+
void LDAPController::kerberosCertExpiryChanged() {
m_certconfig.kerberosExpiryDays = m_base->advancedKerberosCertExpiry->value();
@@ -954,6 +1024,7 @@ void LDAPController::save() {
// Write cert config
m_systemconfig->setGroup("Certificates");
m_systemconfig->writeEntry("caExpiryDays", m_certconfig.caExpiryDays);
+ m_systemconfig->writeEntry("caCrlExpiryDays", m_certconfig.caCrlExpiryDays);
m_systemconfig->writeEntry("kerberosExpiryDays", m_certconfig.kerberosExpiryDays);
m_systemconfig->writeEntry("ldapExpiryDays", m_certconfig.ldapExpiryDays);
m_systemconfig->writeEntry("countryName", m_certconfig.countryName);
generated by cgit v1.2.1 (git 2.18.0) at 2024-12-30 08:24:26 +0000