Add initial configuration file skeletons

12 years ago · 7d85a856d0
parent 2894137130
commit 7d85a856d0
9 changed files with 186 additions and 37 deletions
--- a/confskel/heimdal/heimdal.defaults
+++ b/confskel/heimdal/heimdal.defaults
@ -0,0 +1,11 @@
+# Zivios Heimdal Configuration file.
+START="yes"
+
+KDC_ENABLED="yes"
+KDC_PARAMS=""
+
+KPASSWDD_ENABLED="yes"
+KPASSWDD_PARAMS=""
+
+KADMIND_ENABLED="yes"
+KADMIND_PARAMS=""
--- a/confskel/heimdal/kadmind.acl
+++ b/confskel/heimdal/kadmind.acl
@ -0,0 +1,2 @@
+kadmin/@@@ROOTUSER@@@@@@@REALM_UCNAME@@@    all
+@@@ADMINUSER@@@@@@@REALM_UCNAME@@@          all
--- a/confskel/heimdal/kdc.conf
+++ b/confskel/heimdal/kdc.conf
@ -0,0 +1,8 @@
+[kdc]
+logging = FILE:/var/log/heimdal-kdc.log
+enable-pkinit = yes
+pki-identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key
+pki-anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
+pki-allow-proxy-certificate = false
+acl_file = /etc/kadmind.acl
+
--- a/confskel/heimdal/krb5.conf
+++ b/confskel/heimdal/krb5.conf
@ -0,0 +1,40 @@
+[libdefaults]
+    ticket_lifetime = 86400
+    default_realm = @@@REALM_UCNAME@@@
+    default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+    default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+
+[appdefaults]
+    pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
+
+[realms]
+    @@@REALM_UCNAME@@@ = {
+        kdc = @@@KDCSERVER@@@:@@@KDCPORT@@@
+        admin_server = @@@ADMINSERVER@@@:@@@ADMINPORT@@@
+        pkinit_require_eku = @@@PKINIT_REQUIRE_EKU@@@
+        pkinit_require_krbtgt_otherName = @@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@
+        win2k_pkinit = @@@WIN2K_PKINIT@@@
+        win2k_pkinit_require_binding = @@@WIN2K_PKINIT_REQUIRE_BINDING@@@
+   }
+
+[domain_realm]
+    @@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
+    .@@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
+
+[kdc]
+    enable-pkinit = yes
+    pkinit_identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key
+    pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
+    pkinit_allow-proxy-certificate = false
+
+    database = {
+        dbname = ldap:@@@REALM_DCNAME@@@
+        acl_file = /etc/kadmind.acl
+    }
+
+[logging]
+    kdc = FILE:/var/log/krb5kdc.log
+    admin_server = FILE:/var/log/kadmin.log
+    default = FILE:/var/log/krb5lib.log
+
+
--- a/confskel/openldap/ldap/slapd.conf
+++ b/confskel/openldap/ldap/slapd.conf
@ -0,0 +1,95 @@
+#
+# TDE slapd.conf template
+#
+include /etc/ldap/schema/core.schema
+include /etc/ldap/schema/cosine.schema
+include /etc/ldap/schema/inetorgperson.schema
+include /etc/ldap/schema/rfc2307bis.schema
+include /etc/ldap/schema/rfc2739.schema
+include /etc/ldap/schema/samba.schema
+include /etc/ldap/schema/qmail.schema
+include /etc/ldap/schema/hdb.schema
+include /etc/ldap/schema/dlz.schema
+include /etc/ldap/schema/dhcp.schema
+include /etc/ldap/schema/amavis.schema
+include /etc/ldap/schema/ppolicy.schema
+
+pidfile /opt/zivios/openldap/var/run/slapd.pid
+argsfile /opt/zivios/openldap/var/run/slapd.args
+
+allow bind_v2
+loglevel 256
+
+modulepath /usr/lib/ldap
+moduleload back_hdb
+moduleload syncprov
+moduleload back_monitor
+moduleload auditlog
+moduleload smbk5pwd
+moduleload unique
+moduleload ppolicy
+
+sizelimit 500
+tool-threads 1
+
+backend hdb
+
+database monitor
+database config
+rootdn cn=config
+rootpw {SHA}@@@ROOTPW_SHA@@@
+
+database hdb
+overlay syncprov
+overlay auditlog
+overlay smbk5pwd
+overlay unique
+overlay ppolicy
+
+auditlog "/var/log/realmauditlog.txt"
+suffix "@@@REALM_DCNAME@@@"
+rootdn "cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@"
+rootpw {SHA}@@@ROOTPW_SHA@@@
+
+checkpoint 512 30
+directory "/var/ldap-realm-database"
+
+dbconfig set_cachesize 0 2097152 0
+dbconfig set_lk_max_objects 1500
+dbconfig set_lk_max_locks 1500
+dbconfig set_lk_max_lockers 1500
+
+index accountStatus eq
+index mailHost eq
+index cn eq,pres,subinitial
+index mail eq,pres
+index mailAlternateAddress eq,pres
+index objectClass eq
+index uid pres,eq
+index uidNumber eq
+index gidNumber eq
+
+lastmod on
+unique_attributes mail uid uidNumber
+
+TLSCertificateFile /etc/trinity/ldap/tde-ca/public/@@@ADMINSERVER@@@.crt
+TLSCertificateKeyFile /etc/trinity/ldap/tde-ca/private/@@@ADMINSERVER@@@.key
+
+sasl-realm @@@REALM_UCNAME@@@
+sasl-host @@@ADMINSERVER@@@
+sasl-secprops minssf=0
+
+authz-regexp uid=(.*),cn=@@@REALM_LCNAME@@@,cn=gssapi,cn=auth ldap:///@@@REALM_DCNAME@@@??sub?(&(uid=$1)(objectClass=posixAccount))
+authz-regexp "gidNumber=.*+uidNumber=0,cn=peercred,cn=external,cn=auth" "uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@"
+
+#
+# ACL Section
+#
+access to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags
+ by dn="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+ by sockurl.regex="^ldapi:///$" write
+ by anonymous auth
+ by self write
+ by * none
+
+access to dn="" by * read
--- a/confskel/openldap/ldap/slapd.defaults
+++ b/confskel/openldap/ldap/slapd.defaults
@ -0,0 +1,25 @@
+###
+# Enable the daemon.
+###
+START="yes"
+
+###
+# Keytab
+###
+export KRB5_KTNAME=/etc/ldap/ldap.keytab
+
+###
+# Services
+###
+SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
+
+###
+# Additional Options
+# @todo: pass user & group for service.
+###
+SLAPD_OPTIONS=""
+
+###
+# SLAPD Configuration
+###
+SLAPD_CONF="/etc/ldap/slapd.d"
--- a/debian/control
+++ b/debian/control
@ -2,11 +2,11 @@ Source: kcontrol-ldap-controller-trinity
 Section: tde
 Priority: optional
 Maintainer: Timothy Pearson <kb9vqf@pearsoncomputing.net>
-Build-Depends: debhelper (>= 5), cdbs, tdelibs4-trinity-dev, libldap2-dev, automake, autoconf, libtool, libltdl-dev
+Build-Depends: debhelper (>= 5), cdbs, tdelibs4-trinity-dev, libldap2-dev, libtdeldap, automake, autoconf, libtool, libltdl-dev
 Standards-Version: 3.8.4

 Package: kcontrol-ldap-controller-trinity
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients
+Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, heimdal-kdc, slapd
 Description: LDAP realm controller module for the TDE control center
 LDAP Controller is a TDE control center module to configure an LDAP Realm Controller
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -1,4 +1,4 @@
-INCLUDES    = $(all_includes)
+INCLUDES    = $(all_includes) $(KDE_INCLUDES)/tde
 METASOURCES = AUTO

 # Install this plugin in the KDE modules directory
--- a/src/processingdialog.cpp
+++ b/src/processingdialog.cpp
@ -50,7 +50,7 @@ ProcessingDialogHeader::ProcessingDialogHeader(TQWidget* parent)
 	frame->setFrameStyle( TQFrame::NoFrame );
 	frame->setLineWidth( 0 );
 	// we need to set the minimum size for the window
-	frame->setMinimumWidth(400);
+	frame->setMinimumWidth(300);
 	vbox->addWidget( frame );
 	TQGridLayout* gbox = new TQGridLayout( frame, 1, 1, 0, KDialog::spacingHint() );
 	TQHBoxLayout* centerbox = new TQHBoxLayout( KDialog::spacingHint() );
@ -58,46 +58,14 @@ ProcessingDialogHeader::ProcessingDialogHeader(TQWidget* parent)
 	centerbox->setMargin(0);
 	seperatorbox->setMargin(0);

-	TQWidget* ticon = new TQWidget( frame );
-	KIconLoader * ldr = KGlobal::iconLoader();
-	TQPixmap trinityPixmap = ldr->loadIcon("kmenu", KIcon::Panel, KIcon::SizeLarge, KIcon::DefaultState, 0L, true);
-
-	// Manually draw the alpha portions of the icon onto the widget background color...
-	TQRgb backgroundRgb = ticon->paletteBackgroundColor().rgb();
-	TQImage correctedImage = trinityPixmap.convertToImage();
-	correctedImage = correctedImage.convertDepth(32);
-	correctedImage.setAlphaBuffer(true);
-	int w = correctedImage.width();
-	int h = correctedImage.height();
-	for (int y = 0; y < h; ++y) {
-		TQRgb *ls = (TQRgb *)correctedImage.scanLine( y );
-		for (int x = 0; x < w; ++x) {
-			TQRgb l = ls[x];
-			float alpha_adjust = tqAlpha( l )/255.0;
-			int r = int( (tqRed( l ) * alpha_adjust) + (tqRed( backgroundRgb ) * (1.0-alpha_adjust)) );
-			int g = int( (tqGreen( l ) * alpha_adjust) + (tqGreen( backgroundRgb ) * (1.0-alpha_adjust)) );
-			int b = int( (tqBlue( l ) * alpha_adjust) + (tqBlue( backgroundRgb ) * (1.0-alpha_adjust)) );
-			int a = int( 255 );
-			ls[x] = tqRgba( r, g, b, a );
-		}
-	}
-	trinityPixmap.convertFromImage(correctedImage);
-
-	ticon->setBackgroundPixmap(trinityPixmap);
-	ticon->setMinimumSize(trinityPixmap.size());
-	ticon->setMaximumSize(trinityPixmap.size());
-	ticon->resize(trinityPixmap.size());
-	centerbox->addWidget( ticon, AlignCenter );
-
 	TQWidget* swidget = new TQWidget( frame );
 	swidget->resize(2, frame->sizeHint().width());
 	swidget->setBackgroundColor(Qt::black);
 	seperatorbox->addWidget( swidget, AlignCenter );

-	TQLabel* label = new TQLabel( i18n("Trinity Desktop Environment"), frame );
+	TQLabel* label = new TQLabel( i18n("LDAP/Kerberos Realm Configuration"), frame );
 	TQFont fnt = label->font();
 	fnt.setBold( true );
-	fnt.setPointSize( fnt.pointSize() * 3 / 2 );
 	label->setFont( fnt );
 	centerbox->addWidget( label, AlignCenter );