|
|
@ -36,6 +36,16 @@
|
|
|
|
#define KERBEROS_PKI_PRIVATEDIR "/etc/trinity/ldap/tde-ca/private/"
|
|
|
|
#define KERBEROS_PKI_PRIVATEDIR "/etc/trinity/ldap/tde-ca/private/"
|
|
|
|
#define KERBEROS_PKI_PUBLICDIR "/etc/trinity/ldap/tde-ca/public/"
|
|
|
|
#define KERBEROS_PKI_PUBLICDIR "/etc/trinity/ldap/tde-ca/public/"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#define KERBEROS_PKI_PEM_FILE KERBEROS_PKI_ANCHORDIR "tdeca.pem"
|
|
|
|
|
|
|
|
#define KERBEROS_PKI_PEMKEY_FILE KERBEROS_PKI_ANCHORDIR "tdeca.key.pem"
|
|
|
|
|
|
|
|
#define KERBEROS_PKI_KDC_FILE KERBEROS_PKI_PUBLICDIR "@@@KDCSERVER@@@.pki.crt"
|
|
|
|
|
|
|
|
#define KERBEROS_PKI_KDCKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@KDCSERVER@@@.pki.key"
|
|
|
|
|
|
|
|
#define KERBEROS_PKI_KDCREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@KDCSERVER@@@.pki.req"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#define LDAP_CERT_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crt"
|
|
|
|
|
|
|
|
#define LDAP_CERTKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.key"
|
|
|
|
|
|
|
|
#define LDAP_CERTREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.req"
|
|
|
|
|
|
|
|
|
|
|
|
#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
|
|
|
|
#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
|
|
|
|
|
|
|
|
|
|
|
|
// Values from hdb.asn1
|
|
|
|
// Values from hdb.asn1
|
|
|
@ -100,6 +110,27 @@ class LDAPRealmConfig
|
|
|
|
bool win2k_pkinit_require_binding;
|
|
|
|
bool win2k_pkinit_require_binding;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// PRIVATE
|
|
|
|
|
|
|
|
class LDAPCertConfig
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
bool generate_certs;
|
|
|
|
|
|
|
|
TQString provided_kerberos_pem;
|
|
|
|
|
|
|
|
TQString provided_kerberos_pemkey;
|
|
|
|
|
|
|
|
TQString provided_kerberos_crt;
|
|
|
|
|
|
|
|
TQString provided_kerberos_key;
|
|
|
|
|
|
|
|
TQString provided_ldap_crt;
|
|
|
|
|
|
|
|
TQString provided_ldap_key;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TQString countryName;
|
|
|
|
|
|
|
|
TQString stateOrProvinceName;
|
|
|
|
|
|
|
|
TQString localityName;
|
|
|
|
|
|
|
|
TQString organizationName;
|
|
|
|
|
|
|
|
TQString orgUnitName;
|
|
|
|
|
|
|
|
TQString commonName;
|
|
|
|
|
|
|
|
TQString emailAddress;
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList;
|
|
|
|
typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList;
|
|
|
|
|
|
|
|
|
|
|
|
class LDAPUserInfo
|
|
|
|
class LDAPUserInfo
|
|
|
@ -271,6 +302,9 @@ class LDAPManager : public TQObject {
|
|
|
|
static TQString getMachineFQDN();
|
|
|
|
static TQString getMachineFQDN();
|
|
|
|
static void writeLDAPConfFile(LDAPRealmConfig realmcfg);
|
|
|
|
static void writeLDAPConfFile(LDAPRealmConfig realmcfg);
|
|
|
|
static void writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config);
|
|
|
|
static void writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config);
|
|
|
|
|
|
|
|
static TQDateTime getCertificateExpiration(TQString certfile);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo);
|
|
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
private:
|
|
|
|
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
|
|
|
|
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
|
|
|
|