summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/libtdeldap.cpp93
-rw-r--r--src/libtdeldap.h26
2 files changed, 119 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 680a81f..39dc65c 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -18,10 +18,13 @@
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
+#include <tqfile.h>
+
#include <klocale.h>
#include <kmessagebox.h>
#include <klineedit.h>
#include <kpassdlg.h>
+#include <ksimpleconfig.h>
#include <ldap.h>
#include <stdlib.h>
@@ -34,6 +37,11 @@
#define LDAP_INSECURE_PORT 389
#define LDAP_SECURE_PORT 636
+// FIXME
+// Connect this to CMake/Automake
+#define KDE_CONFDIR "/etc/trinity"
+#define LDAP_FILE "/etc/ldap.conf"
+
int requested_ldap_version = LDAP_VERSION3;
int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection?
char* ldap_user_and_operational_attributes[2] = {"*", "+"};
@@ -1207,6 +1215,91 @@ printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.as
return -1;
}
+void LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg) {
+ KSimpleConfig* systemconfig;
+ TQString m_defaultRealm;
+ int m_ticketLifetime;
+ int m_ldapVersion;
+ int m_ldapTimeout;
+ TQString m_bindPolicy;
+ int m_ldapBindTimeout;
+ TQString m_passwordHash;
+ TQString m_ignoredUsers;
+
+ systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
+ systemconfig->setGroup(NULL);
+ m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
+ m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
+
+ m_ldapVersion = systemconfig->readNumEntry("ConnectionLDAPVersion", 3);
+ m_ldapTimeout = systemconfig->readNumEntry("ConnectionLDAPTimeout", 2);
+ m_bindPolicy = systemconfig->readEntry("ConnectionBindPolicy", "soft");
+ m_ldapBindTimeout = systemconfig->readNumEntry("ConnectionBindTimeout", 2);
+ m_passwordHash = systemconfig->readEntry("ConnectionPasswordHash", "exop");
+ m_ignoredUsers = systemconfig->readEntry("ConnectionIgnoredUsers", DEFAULT_IGNORED_USERS_LIST);
+
+ TQFile file(LDAP_FILE);
+ if (file.open(IO_WriteOnly)) {
+ TQTextStream stream( &file );
+
+ stream << "# This file was automatically generated by TDE\n";
+ stream << "# All changes will be lost!\n";
+ stream << "\n";
+
+ if (realmcfg.bonded) {
+ stream << "host " << realmcfg.admin_server << "\n";
+ TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
+ stream << "base dc=" << domainChunks.join(",dc=") << "\n";
+ stream << "ldap_version " << m_ldapVersion << "\n";
+ stream << "timelimit " << m_ldapTimeout << "\n";
+ stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
+ stream << "bind_policy " << m_bindPolicy.lower() << "\n";
+ stream << "pam_password " << m_passwordHash.lower() << "\n";
+ stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
+ }
+
+ file.close();
+ }
+
+ delete systemconfig;
+}
+
+void LDAPManager::writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config) {
+ LDAPRealmConfigList::Iterator it;
+ for (it = realms.begin(); it != realms.end(); ++it) {
+ LDAPRealmConfig realmcfg = it.data();
+ TQString configRealmName = realmcfg.name;
+ configRealmName.prepend("LDAPRealm-");
+ config->setGroup(configRealmName);
+ // Save realm settings
+ config->writeEntry("bonded", realmcfg.bonded);
+ config->writeEntry("uid_offset", realmcfg.uid_offset);
+ config->writeEntry("gid_offset", realmcfg.gid_offset);
+ config->writeEntry("domain_mappings", realmcfg.domain_mappings);
+ config->writeEntry("kdc", realmcfg.kdc);
+ config->writeEntry("kdc_port", realmcfg.kdc_port);
+ config->writeEntry("admin_server", realmcfg.admin_server);
+ config->writeEntry("admin_server_port", realmcfg.admin_server_port);
+ config->writeEntry("pkinit_require_eku", realmcfg.pkinit_require_eku);
+ config->writeEntry("pkinit_require_krbtgt_otherName", realmcfg.pkinit_require_krbtgt_otherName);
+ config->writeEntry("win2k_pkinit", realmcfg.win2k_pkinit);
+ config->writeEntry("win2k_pkinit_require_binding", realmcfg.win2k_pkinit_require_binding);
+ }
+
+ // Delete any realms that do not exist in the realms database
+ TQStringList cfgRealms = config->groupList();
+ for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
+ if ((*it).startsWith("LDAPRealm-")) {
+ config->setGroup(*it);
+ TQString realmName=*it;
+ realmName.remove(0,strlen("LDAPRealm-"));
+ if (!realms.contains(realmName)) {
+ config->deleteGroup(*it);
+ }
+ }
+ }
+}
+
// ===============================================================================================================
//
// DATA CLASS CONSTRUCTORS AND DESTRUCTORS
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index 208a43e..f501f29 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -29,6 +29,8 @@
#include <tqdatetime.h>
#include <tqvaluelist.h>
+#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
+
// Values from hdb.asn1
enum LDAPKRB5Flags {
KRB5_INITIAL = 0x00000001,
@@ -67,6 +69,27 @@ class LDAPCredentials
TQString realm;
};
+// PRIVATE
+class LDAPRealmConfig
+{
+ public:
+ TQString name;
+ bool bonded;
+ long uid_offset;
+ long gid_offset;
+ TQStringList domain_mappings;
+ TQString kdc;
+ int kdc_port;
+ TQString admin_server;
+ int admin_server_port;
+ bool pkinit_require_eku;
+ bool pkinit_require_krbtgt_otherName;
+ bool win2k_pkinit;
+ bool win2k_pkinit_require_binding;
+};
+
+typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList;
+
class LDAPUserInfo
{
public:
@@ -210,6 +233,9 @@ class LDAPManager : public TQObject {
int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
+ static void writeLDAPConfFile(LDAPRealmConfig realmcfg);
+ static void writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config);
+
private:
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);