diff --git a/confskel/heimdal/heimdal.defaults b/confskel/heimdal/heimdal.defaults new file mode 100644 index 0000000..4916c5f --- /dev/null +++ b/confskel/heimdal/heimdal.defaults @@ -0,0 +1,11 @@ +# Zivios Heimdal Configuration file. +START="yes" + +KDC_ENABLED="yes" +KDC_PARAMS="" + +KPASSWDD_ENABLED="yes" +KPASSWDD_PARAMS="" + +KADMIND_ENABLED="yes" +KADMIND_PARAMS="" diff --git a/confskel/heimdal/kadmind.acl b/confskel/heimdal/kadmind.acl new file mode 100644 index 0000000..27fe007 --- /dev/null +++ b/confskel/heimdal/kadmind.acl @@ -0,0 +1,2 @@ +kadmin/@@@ROOTUSER@@@@@@@REALM_UCNAME@@@ all +@@@ADMINUSER@@@@@@@REALM_UCNAME@@@ all diff --git a/confskel/heimdal/kdc.conf b/confskel/heimdal/kdc.conf new file mode 100644 index 0000000..67aa0e0 --- /dev/null +++ b/confskel/heimdal/kdc.conf @@ -0,0 +1,8 @@ +[kdc] +logging = FILE:/var/log/heimdal-kdc.log +enable-pkinit = yes +pki-identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key +pki-anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem +pki-allow-proxy-certificate = false +acl_file = /etc/kadmind.acl + diff --git a/confskel/heimdal/krb5.conf b/confskel/heimdal/krb5.conf new file mode 100644 index 0000000..adf55df --- /dev/null +++ b/confskel/heimdal/krb5.conf @@ -0,0 +1,40 @@ +[libdefaults] + ticket_lifetime = 86400 + default_realm = @@@REALM_UCNAME@@@ + default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 + default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5 + +[appdefaults] + pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem + +[realms] + @@@REALM_UCNAME@@@ = { + kdc = @@@KDCSERVER@@@:@@@KDCPORT@@@ + admin_server = @@@ADMINSERVER@@@:@@@ADMINPORT@@@ + pkinit_require_eku = @@@PKINIT_REQUIRE_EKU@@@ + pkinit_require_krbtgt_otherName = @@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@ + win2k_pkinit = @@@WIN2K_PKINIT@@@ + win2k_pkinit_require_binding = @@@WIN2K_PKINIT_REQUIRE_BINDING@@@ + } + +[domain_realm] + @@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@ + .@@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@ + +[kdc] + enable-pkinit = yes + pkinit_identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key + pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem + pkinit_allow-proxy-certificate = false + + database = { + dbname = ldap:@@@REALM_DCNAME@@@ + acl_file = /etc/kadmind.acl + } + +[logging] + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmin.log + default = FILE:/var/log/krb5lib.log + + diff --git a/confskel/openldap/ldap/slapd.conf b/confskel/openldap/ldap/slapd.conf new file mode 100644 index 0000000..35e8bf2 --- /dev/null +++ b/confskel/openldap/ldap/slapd.conf @@ -0,0 +1,95 @@ +# +# TDE slapd.conf template +# +include /etc/ldap/schema/core.schema +include /etc/ldap/schema/cosine.schema +include /etc/ldap/schema/inetorgperson.schema +include /etc/ldap/schema/rfc2307bis.schema +include /etc/ldap/schema/rfc2739.schema +include /etc/ldap/schema/samba.schema +include /etc/ldap/schema/qmail.schema +include /etc/ldap/schema/hdb.schema +include /etc/ldap/schema/dlz.schema +include /etc/ldap/schema/dhcp.schema +include /etc/ldap/schema/amavis.schema +include /etc/ldap/schema/ppolicy.schema + +pidfile /opt/zivios/openldap/var/run/slapd.pid +argsfile /opt/zivios/openldap/var/run/slapd.args + +allow bind_v2 +loglevel 256 + +modulepath /usr/lib/ldap +moduleload back_hdb +moduleload syncprov +moduleload back_monitor +moduleload auditlog +moduleload smbk5pwd +moduleload unique +moduleload ppolicy + +sizelimit 500 +tool-threads 1 + +backend hdb + +database monitor +database config +rootdn cn=config +rootpw {SHA}@@@ROOTPW_SHA@@@ + +database hdb +overlay syncprov +overlay auditlog +overlay smbk5pwd +overlay unique +overlay ppolicy + +auditlog "/var/log/realmauditlog.txt" +suffix "@@@REALM_DCNAME@@@" +rootdn "cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" +rootpw {SHA}@@@ROOTPW_SHA@@@ + +checkpoint 512 30 +directory "/var/ldap-realm-database" + +dbconfig set_cachesize 0 2097152 0 +dbconfig set_lk_max_objects 1500 +dbconfig set_lk_max_locks 1500 +dbconfig set_lk_max_lockers 1500 + +index accountStatus eq +index mailHost eq +index cn eq,pres,subinitial +index mail eq,pres +index mailAlternateAddress eq,pres +index objectClass eq +index uid pres,eq +index uidNumber eq +index gidNumber eq + +lastmod on +unique_attributes mail uid uidNumber + +TLSCertificateFile /etc/trinity/ldap/tde-ca/public/@@@ADMINSERVER@@@.crt +TLSCertificateKeyFile /etc/trinity/ldap/tde-ca/private/@@@ADMINSERVER@@@.key + +sasl-realm @@@REALM_UCNAME@@@ +sasl-host @@@ADMINSERVER@@@ +sasl-secprops minssf=0 + +authz-regexp uid=(.*),cn=@@@REALM_LCNAME@@@,cn=gssapi,cn=auth ldap:///@@@REALM_DCNAME@@@??sub?(&(uid=$1)(objectClass=posixAccount)) +authz-regexp "gidNumber=.*+uidNumber=0,cn=peercred,cn=external,cn=auth" "uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" + +# +# ACL Section +# +access to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags + by dn="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write + by sockurl.regex="^ldapi:///$" write + by anonymous auth + by self write + by * none + +access to dn="" by * read diff --git a/confskel/openldap/ldap/slapd.defaults b/confskel/openldap/ldap/slapd.defaults new file mode 100644 index 0000000..91ddb31 --- /dev/null +++ b/confskel/openldap/ldap/slapd.defaults @@ -0,0 +1,25 @@ +### +# Enable the daemon. +### +START="yes" + +### +# Keytab +### +export KRB5_KTNAME=/etc/ldap/ldap.keytab + +### +# Services +### +SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///" + +### +# Additional Options +# @todo: pass user & group for service. +### +SLAPD_OPTIONS="" + +### +# SLAPD Configuration +### +SLAPD_CONF="/etc/ldap/slapd.d" diff --git a/debian/control b/debian/control index be8466a..c8eca75 100644 --- a/debian/control +++ b/debian/control @@ -2,11 +2,11 @@ Source: kcontrol-ldap-controller-trinity Section: tde Priority: optional Maintainer: Timothy Pearson -Build-Depends: debhelper (>= 5), cdbs, tdelibs4-trinity-dev, libldap2-dev, automake, autoconf, libtool, libltdl-dev +Build-Depends: debhelper (>= 5), cdbs, tdelibs4-trinity-dev, libldap2-dev, libtdeldap, automake, autoconf, libtool, libltdl-dev Standards-Version: 3.8.4 Package: kcontrol-ldap-controller-trinity Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients +Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, heimdal-kdc, slapd Description: LDAP realm controller module for the TDE control center LDAP Controller is a TDE control center module to configure an LDAP Realm Controller diff --git a/src/Makefile.am b/src/Makefile.am index 50e7e52..5ad0fd3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,4 +1,4 @@ -INCLUDES = $(all_includes) +INCLUDES = $(all_includes) $(KDE_INCLUDES)/tde METASOURCES = AUTO # Install this plugin in the KDE modules directory diff --git a/src/processingdialog.cpp b/src/processingdialog.cpp index a545a39..b241190 100644 --- a/src/processingdialog.cpp +++ b/src/processingdialog.cpp @@ -50,7 +50,7 @@ ProcessingDialogHeader::ProcessingDialogHeader(TQWidget* parent) frame->setFrameStyle( TQFrame::NoFrame ); frame->setLineWidth( 0 ); // we need to set the minimum size for the window - frame->setMinimumWidth(400); + frame->setMinimumWidth(300); vbox->addWidget( frame ); TQGridLayout* gbox = new TQGridLayout( frame, 1, 1, 0, KDialog::spacingHint() ); TQHBoxLayout* centerbox = new TQHBoxLayout( KDialog::spacingHint() ); @@ -58,46 +58,14 @@ ProcessingDialogHeader::ProcessingDialogHeader(TQWidget* parent) centerbox->setMargin(0); seperatorbox->setMargin(0); - TQWidget* ticon = new TQWidget( frame ); - KIconLoader * ldr = KGlobal::iconLoader(); - TQPixmap trinityPixmap = ldr->loadIcon("kmenu", KIcon::Panel, KIcon::SizeLarge, KIcon::DefaultState, 0L, true); - - // Manually draw the alpha portions of the icon onto the widget background color... - TQRgb backgroundRgb = ticon->paletteBackgroundColor().rgb(); - TQImage correctedImage = trinityPixmap.convertToImage(); - correctedImage = correctedImage.convertDepth(32); - correctedImage.setAlphaBuffer(true); - int w = correctedImage.width(); - int h = correctedImage.height(); - for (int y = 0; y < h; ++y) { - TQRgb *ls = (TQRgb *)correctedImage.scanLine( y ); - for (int x = 0; x < w; ++x) { - TQRgb l = ls[x]; - float alpha_adjust = tqAlpha( l )/255.0; - int r = int( (tqRed( l ) * alpha_adjust) + (tqRed( backgroundRgb ) * (1.0-alpha_adjust)) ); - int g = int( (tqGreen( l ) * alpha_adjust) + (tqGreen( backgroundRgb ) * (1.0-alpha_adjust)) ); - int b = int( (tqBlue( l ) * alpha_adjust) + (tqBlue( backgroundRgb ) * (1.0-alpha_adjust)) ); - int a = int( 255 ); - ls[x] = tqRgba( r, g, b, a ); - } - } - trinityPixmap.convertFromImage(correctedImage); - - ticon->setBackgroundPixmap(trinityPixmap); - ticon->setMinimumSize(trinityPixmap.size()); - ticon->setMaximumSize(trinityPixmap.size()); - ticon->resize(trinityPixmap.size()); - centerbox->addWidget( ticon, AlignCenter ); - TQWidget* swidget = new TQWidget( frame ); swidget->resize(2, frame->sizeHint().width()); swidget->setBackgroundColor(Qt::black); seperatorbox->addWidget( swidget, AlignCenter ); - TQLabel* label = new TQLabel( i18n("Trinity Desktop Environment"), frame ); + TQLabel* label = new TQLabel( i18n("LDAP/Kerberos Realm Configuration"), frame ); TQFont fnt = label->font(); fnt.setBold( true ); - fnt.setPointSize( fnt.pointSize() * 3 / 2 ); label->setFont( fnt ); centerbox->addWidget( label, AlignCenter );