diff options
| author | Timothy Pearson <[email protected]> | 2015-09-03 05:03:15 +0000 |
|---|---|---|
| committer | Timothy Pearson <[email protected]> | 2015-09-03 05:03:15 +0000 |
| commit | efb81441defd8685d0db0cc143137e8a4e7a35b1 (patch) | |
| tree | 63654daf6aee66b347b1235a7ec8c2144f93fca9 /src/libtdeldap.h | |
| parent | a97c0c3d5446361d30fd5ede922d81560c763e0c (diff) | |
| download | libtdeldap-efb81441defd8685d0db0cc143137e8a4e7a35b1.tar.gz libtdeldap-efb81441defd8685d0db0cc143137e8a4e7a35b1.zip | |
Add CRL generation
Diffstat (limited to 'src/libtdeldap.h')
| -rw-r--r-- | src/libtdeldap.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/libtdeldap.h b/src/libtdeldap.h index 90b44af..d4c759f 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -49,6 +49,8 @@ #define KERBEROS_PKI_PEM_FILE KERBEROS_PKI_ANCHORDIR "tdeca.pem" #define KERBEROS_PKI_PEMKEY_FILE KERBEROS_PKI_ANCHORDIR "tdeca.key.pem" +#define KERBEROS_PKI_CRL_FILE KERBEROS_PKI_ANCHORDIR "tdecrl.pem" +#define KERBEROS_PKI_CRLDB_FILE KERBEROS_PKI_ANCHORDIR "tdecrl.db" #define KERBEROS_PKI_KDC_FILE KERBEROS_PKI_PUBLICDIR "@@@KDCSERVER@@@.pki.crt" #define KERBEROS_PKI_KDCKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@KDCSERVER@@@.pki.key" #define KERBEROS_PKI_KDCREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@KDCSERVER@@@.pki.req" @@ -68,6 +70,7 @@ #define KERBEROS_PKI_PEMKEY_EXPIRY_DAYS 365 // 1 month +#define KERBEROS_PKI_CRL_EXPIRY_DAYS 30 #define KERBEROS_PKI_KRB_EXPIRY_DAYS 30 #define KERBEROS_PKI_LDAP_EXPIRY_DAYS 30 @@ -215,6 +218,7 @@ class LDAPCertConfig TQString provided_ldap_key; int caExpiryDays; + int caCrlExpiryDays; int kerberosExpiryDays; int ldapExpiryDays; @@ -529,6 +533,7 @@ class LDAPManager : public TQObject { int writeSudoersConfFile(TQString *errstr=0); int getTDECertificate(TQString certificateName, TQFile *fileHandle, TQString *errstr=0); int getTDECertificate(TQString certificateName, TQString fileName, TQString *errstr=0); + int getTDECertificate(TQString certificateName, TQByteArray *certificate, TQString *errstr=0); int setPasswordForUser(LDAPUserInfo user, TQString *errstr); static int writePrimaryRealmCertificateUpdateCronFile(TQString *errstr=0); @@ -537,6 +542,7 @@ class LDAPManager : public TQObject { static LDAPRealmConfigList fetchAndReadTDERealmList(TQString *defaultRealm=0); static LDAPRealmConfigList readTDERealmList(KSimpleConfig* config, bool disableAllBonds=false); static TQDateTime getCertificateExpiration(TQString certfile); + static TQDateTime getCertificateExpiration(TQByteArray certfileContents); static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg); static int generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg); @@ -546,6 +552,8 @@ class LDAPManager : public TQObject { static int generateClientCertificatePrivateKey(LDAPUserInfo user, LDAPRealmConfig realmcfg, TQString privateKeyFile, TQString *errstr=0); static int generateClientCertificatePublicCertificate(int expirydays, LDAPUserInfo user, LDAPRealmConfig realmcfg, TQString signingPrivateKeyFile, TQString privateKeyFile, TQString publicCertFile, TQString *errstr=0); + int generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQString signingPrivateKeyFile, TQString revocationDatabaseFile, TQString *errstr=0); + static TQString ldapdnForRealm(TQString realm); static TQString openssldcForRealm(TQString realm); static TQString cnFromDn(TQString dn); @@ -565,7 +573,7 @@ class LDAPManager : public TQObject { static int writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr=0); static int writeNSSwitchFile(TQString *errstr=0); static int writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQString *errstr=0); - static int writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUserInfo user, TQString opensslConfigFile, TQString *errstr=0); + static int writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUserInfo user, TQString opensslConfigFile, TQString caRootKeyFile=TQString::null, TQString caRootCertFile=TQString::null, TQString caRootDatabaseFile=TQString::null, TQString *errstr=0); static int writeClientCronFiles(TQString *errstr=0); static int writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr=0); |