diff options
-rw-r--r-- | src/libtdeldap.cpp | 93 | ||||
-rw-r--r-- | src/libtdeldap.h | 26 |
2 files changed, 119 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 680a81f..39dc65c 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -18,10 +18,13 @@ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * ***************************************************************************/ +#include <tqfile.h> + #include <klocale.h> #include <kmessagebox.h> #include <klineedit.h> #include <kpassdlg.h> +#include <ksimpleconfig.h> #include <ldap.h> #include <stdlib.h> @@ -34,6 +37,11 @@ #define LDAP_INSECURE_PORT 389 #define LDAP_SECURE_PORT 636 +// FIXME +// Connect this to CMake/Automake +#define KDE_CONFDIR "/etc/trinity" +#define LDAP_FILE "/etc/ldap.conf" + int requested_ldap_version = LDAP_VERSION3; int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection? char* ldap_user_and_operational_attributes[2] = {"*", "+"}; @@ -1207,6 +1215,91 @@ printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.as return -1; } +void LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg) { + KSimpleConfig* systemconfig; + TQString m_defaultRealm; + int m_ticketLifetime; + int m_ldapVersion; + int m_ldapTimeout; + TQString m_bindPolicy; + int m_ldapBindTimeout; + TQString m_passwordHash; + TQString m_ignoredUsers; + + systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" )); + systemconfig->setGroup(NULL); + m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null); + m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400); + + m_ldapVersion = systemconfig->readNumEntry("ConnectionLDAPVersion", 3); + m_ldapTimeout = systemconfig->readNumEntry("ConnectionLDAPTimeout", 2); + m_bindPolicy = systemconfig->readEntry("ConnectionBindPolicy", "soft"); + m_ldapBindTimeout = systemconfig->readNumEntry("ConnectionBindTimeout", 2); + m_passwordHash = systemconfig->readEntry("ConnectionPasswordHash", "exop"); + m_ignoredUsers = systemconfig->readEntry("ConnectionIgnoredUsers", DEFAULT_IGNORED_USERS_LIST); + + TQFile file(LDAP_FILE); + if (file.open(IO_WriteOnly)) { + TQTextStream stream( &file ); + + stream << "# This file was automatically generated by TDE\n"; + stream << "# All changes will be lost!\n"; + stream << "\n"; + + if (realmcfg.bonded) { + stream << "host " << realmcfg.admin_server << "\n"; + TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower()); + stream << "base dc=" << domainChunks.join(",dc=") << "\n"; + stream << "ldap_version " << m_ldapVersion << "\n"; + stream << "timelimit " << m_ldapTimeout << "\n"; + stream << "bind_timelimit " << m_ldapBindTimeout << "\n"; + stream << "bind_policy " << m_bindPolicy.lower() << "\n"; + stream << "pam_password " << m_passwordHash.lower() << "\n"; + stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n"; + } + + file.close(); + } + + delete systemconfig; +} + +void LDAPManager::writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config) { + LDAPRealmConfigList::Iterator it; + for (it = realms.begin(); it != realms.end(); ++it) { + LDAPRealmConfig realmcfg = it.data(); + TQString configRealmName = realmcfg.name; + configRealmName.prepend("LDAPRealm-"); + config->setGroup(configRealmName); + // Save realm settings + config->writeEntry("bonded", realmcfg.bonded); + config->writeEntry("uid_offset", realmcfg.uid_offset); + config->writeEntry("gid_offset", realmcfg.gid_offset); + config->writeEntry("domain_mappings", realmcfg.domain_mappings); + config->writeEntry("kdc", realmcfg.kdc); + config->writeEntry("kdc_port", realmcfg.kdc_port); + config->writeEntry("admin_server", realmcfg.admin_server); + config->writeEntry("admin_server_port", realmcfg.admin_server_port); + config->writeEntry("pkinit_require_eku", realmcfg.pkinit_require_eku); + config->writeEntry("pkinit_require_krbtgt_otherName", realmcfg.pkinit_require_krbtgt_otherName); + config->writeEntry("win2k_pkinit", realmcfg.win2k_pkinit); + config->writeEntry("win2k_pkinit_require_binding", realmcfg.win2k_pkinit_require_binding); + } + + // Delete any realms that do not exist in the realms database + TQStringList cfgRealms = config->groupList(); + for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) { + if ((*it).startsWith("LDAPRealm-")) { + config->setGroup(*it); + TQString realmName=*it; + realmName.remove(0,strlen("LDAPRealm-")); + if (!realms.contains(realmName)) { + config->deleteGroup(*it); + } + } + } +} + // =============================================================================================================== // // DATA CLASS CONSTRUCTORS AND DESTRUCTORS diff --git a/src/libtdeldap.h b/src/libtdeldap.h index 208a43e..f501f29 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -29,6 +29,8 @@ #include <tqdatetime.h> #include <tqvaluelist.h> +#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data" + // Values from hdb.asn1 enum LDAPKRB5Flags { KRB5_INITIAL = 0x00000001, @@ -67,6 +69,27 @@ class LDAPCredentials TQString realm; }; +// PRIVATE +class LDAPRealmConfig +{ + public: + TQString name; + bool bonded; + long uid_offset; + long gid_offset; + TQStringList domain_mappings; + TQString kdc; + int kdc_port; + TQString admin_server; + int admin_server_port; + bool pkinit_require_eku; + bool pkinit_require_krbtgt_otherName; + bool win2k_pkinit; + bool win2k_pkinit_require_binding; +}; + +typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList; + class LDAPUserInfo { public: @@ -210,6 +233,9 @@ class LDAPManager : public TQObject { int moveKerberosEntries(TQString newSuffix, TQString* errstr=0); + static void writeLDAPConfFile(LDAPRealmConfig realmcfg); + static void writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config); + private: LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry); LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry); |