diff --git a/cert-updater/main.cpp b/cert-updater/main.cpp
index 2933ba3..dc338df 100644
--- a/cert-updater/main.cpp
+++ b/cert-updater/main.cpp
@@ -171,7 +171,7 @@
if (force_update || (certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) {
printf("Regenerating certificate %s...\n", TQString(KERBEROS_PKI_PEM_FILE).ascii()); fflush(stdout);
LDAPManager::generatePublicKerberosCACertificate(m_certconfig, m_realmconfig[m_defaultRealm]);
-
+
// Upload the contents of KERBEROS_PKI_PEM_FILE to the LDAP server
TQString errorstring;
if (uploadKerberosCAFileToLDAP(ldap_mgr, &errorstring) != 0) {
@@ -180,7 +180,7 @@
ca_modified = true;
}
-
+
// Set permissions
chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR);
chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
@@ -215,7 +215,7 @@
}
else {
printf("This server is a realm CA slave\n"); fflush(stdout);
-
+
// Connect to LDAP
TQString realmname = defaultRealm.upper();
LDAPCredentials* credentials = new LDAPCredentials;
@@ -226,22 +226,22 @@
credentials->realm = realmname;
LDAPManager* ldap_mgr = new LDAPManager(realmname, TQString("ldaps://%1/").arg(realmCAMaster), credentials);
TQString errorstring;
-
+
if (ldap_mgr->getTDECertificate("privateRootCertificateKey", KERBEROS_PKI_PEMKEY_FILE ".tmp", &errorstring) != 0) {
printf("[ERROR] Unable to get private CA certificate key from LDAP server!\n%s\n", errorstring.ascii()); fflush(stdout);
}
if (ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PEM_FILE ".tmp", &errorstring) != 0) {
printf("[ERROR] Unable to get public CA certificate from LDAP server!\n%s\n", errorstring.ascii()); fflush(stdout);
}
-
+
delete ldap_mgr;
delete credentials;
-
+
TQByteArray originalPemKeyFile;
TQByteArray originalPemFile;
TQByteArray newPemKeyFile;
TQByteArray newPemFile;
-
+
TQFile* cafile;
cafile = new TQFile(KERBEROS_PKI_PEMKEY_FILE);
if (cafile->open(IO_ReadOnly)) {
@@ -263,7 +263,7 @@
newPemFile = cafile->readAll();
}
delete cafile;
-
+
if ((originalPemKeyFile == newPemKeyFile) && (originalPemFile == newPemFile)) {
unlink(KERBEROS_PKI_PEMKEY_FILE ".tmp");
unlink(KERBEROS_PKI_PEM_FILE ".tmp");
@@ -277,7 +277,7 @@
force_update = true;
printf("Certificates have changed, forcing certificate regeneration\n");
}
-
+
// Set permissions
chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR);
chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
@@ -315,13 +315,13 @@
printf("Regenerating certificate %s...\n", ldap_certfile.ascii()); fflush(stdout);
uid_t slapd_uid = 0;
gid_t slapd_gid = 0;
-
+
// Get LDAP user uid/gid
struct passwd *pwd;
pwd = getpwnam(m_ldapUserName);
slapd_uid = pwd->pw_uid;
slapd_gid = pwd->pw_gid;
-
+
LDAPManager::generatePublicLDAPCertificate(m_certconfig, m_realmconfig[m_defaultRealm], slapd_uid, slapd_gid);
}
}
|