Moved realm conffile writing to this library

src/libtdeldap.cpp

@@ -18,10 +18,13 @@
  *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
  ***************************************************************************/
 
+#include <tqfile.h>
+
 #include <klocale.h>
 #include <kmessagebox.h>
 #include <klineedit.h>
 #include <kpassdlg.h>
+#include <ksimpleconfig.h>
 
 #include <ldap.h>
 #include <stdlib.h>
@@ -34,6 +37,11 @@
 #define LDAP_INSECURE_PORT 389
 #define LDAP_SECURE_PORT 636
 
+// FIXME
+// Connect this to CMake/Automake
+#define KDE_CONFDIR "/etc/trinity"
+#define LDAP_FILE "/etc/ldap.conf"
+
 int requested_ldap_version = LDAP_VERSION3;
 int requested_ldap_auth_method = LDAP_AUTH_SIMPLE;	// Is this safe and secure over an untrusted connection?
 char* ldap_user_and_operational_attributes[2] = {"*", "+"};
@@ -1207,6 +1215,91 @@ printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.as
 	return -1;
 }
 
+void LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg) {
+	KSimpleConfig* systemconfig;
+	TQString m_defaultRealm;
+	int m_ticketLifetime;
+	int m_ldapVersion;
+	int m_ldapTimeout;
+	TQString m_bindPolicy;
+	int m_ldapBindTimeout;
+	TQString m_passwordHash;
+	TQString m_ignoredUsers;
+
+	systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
+	systemconfig->setGroup(NULL);
+	m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
+	m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
+
+	m_ldapVersion = systemconfig->readNumEntry("ConnectionLDAPVersion", 3);
+	m_ldapTimeout = systemconfig->readNumEntry("ConnectionLDAPTimeout", 2);
+	m_bindPolicy = systemconfig->readEntry("ConnectionBindPolicy", "soft");
+	m_ldapBindTimeout = systemconfig->readNumEntry("ConnectionBindTimeout", 2);
+	m_passwordHash = systemconfig->readEntry("ConnectionPasswordHash", "exop");
+	m_ignoredUsers = systemconfig->readEntry("ConnectionIgnoredUsers", DEFAULT_IGNORED_USERS_LIST);
+
+	TQFile file(LDAP_FILE);
+	if (file.open(IO_WriteOnly)) {
+		TQTextStream stream( &file );
+
+		stream << "# This file was automatically generated by TDE\n";
+		stream << "# All changes will be lost!\n";
+		stream << "\n";
+
+		if (realmcfg.bonded) {
+			stream << "host " << realmcfg.admin_server << "\n";
+			TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
+			stream << "base dc=" << domainChunks.join(",dc=") << "\n";
+			stream << "ldap_version " << m_ldapVersion << "\n";
+			stream << "timelimit " << m_ldapTimeout << "\n";
+			stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
+			stream << "bind_policy " << m_bindPolicy.lower() << "\n";
+			stream << "pam_password " << m_passwordHash.lower() << "\n";
+			stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
+		}
+
+		file.close();
+	}
+
+	delete systemconfig;
+}
+
+void LDAPManager::writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config) {
+	LDAPRealmConfigList::Iterator it;
+	for (it = realms.begin(); it != realms.end(); ++it) {
+		LDAPRealmConfig realmcfg = it.data();
+		TQString configRealmName = realmcfg.name;
+		configRealmName.prepend("LDAPRealm-");
+		config->setGroup(configRealmName);
+		// Save realm settings
+		config->writeEntry("bonded", realmcfg.bonded);
+		config->writeEntry("uid_offset", realmcfg.uid_offset);
+		config->writeEntry("gid_offset", realmcfg.gid_offset);
+		config->writeEntry("domain_mappings", realmcfg.domain_mappings);
+		config->writeEntry("kdc", realmcfg.kdc);
+		config->writeEntry("kdc_port", realmcfg.kdc_port);
+		config->writeEntry("admin_server", realmcfg.admin_server);
+		config->writeEntry("admin_server_port", realmcfg.admin_server_port);
+		config->writeEntry("pkinit_require_eku", realmcfg.pkinit_require_eku);
+		config->writeEntry("pkinit_require_krbtgt_otherName", realmcfg.pkinit_require_krbtgt_otherName);
+		config->writeEntry("win2k_pkinit", realmcfg.win2k_pkinit);
+		config->writeEntry("win2k_pkinit_require_binding", realmcfg.win2k_pkinit_require_binding);
+	}
+
+	// Delete any realms that do not exist in the realms database
+	TQStringList cfgRealms = config->groupList();
+	for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
+		if ((*it).startsWith("LDAPRealm-")) {
+			config->setGroup(*it);
+			TQString realmName=*it;
+			realmName.remove(0,strlen("LDAPRealm-"));
+			if (!realms.contains(realmName)) {
+				config->deleteGroup(*it);
+			}
+		}
+	}
+}
+
 // ===============================================================================================================
 //
 // DATA CLASS CONSTRUCTORS AND DESTRUCTORS

src/libtdeldap.h

@@ -29,6 +29,8 @@
 #include <tqdatetime.h>
 #include <tqvaluelist.h>
 
+#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
+
 // Values from hdb.asn1
 enum LDAPKRB5Flags {
 	KRB5_INITIAL			= 0x00000001,
@@ -67,6 +69,27 @@ class LDAPCredentials
 		TQString realm;
 };
 
+// PRIVATE
+class LDAPRealmConfig
+{
+	public:
+		TQString name;
+		bool bonded;
+		long uid_offset;
+		long gid_offset;
+		TQStringList domain_mappings;
+		TQString kdc;
+		int kdc_port;
+		TQString admin_server;
+		int admin_server_port;
+		bool pkinit_require_eku;
+		bool pkinit_require_krbtgt_otherName;
+		bool win2k_pkinit;
+		bool win2k_pkinit_require_binding;
+};
+
+typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList;
+
 class LDAPUserInfo
 {
 	public:
@@ -210,6 +233,9 @@ class LDAPManager : public TQObject {
 
 		int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
 
+		static void writeLDAPConfFile(LDAPRealmConfig realmcfg);
+		static void writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config);
+
 	private:
 		LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
 		LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);