Add utility to manage kadmind ACL list based on group membership

1 files changed, 12 insertions, 4 deletions

diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 67fde9a..03cd5a4 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -55,6 +55,7 @@
 // FIXME
 // Connect this to CMake/Automake
 #define KDE_CONFDIR "/etc/trinity"
+#define TDE_LIBDIR "/opt/trinity/lib"
 #define LDAP_KEYTAB_FILE "/etc/ldap/ldap.keytab"
 
 // FIXME
@@ -62,6 +63,7 @@
 // RedHat would be "/etc/sysconfig/ldap"
 #define LDAP_DEFAULT_FILE "/etc/default/slapd"
 #define HEIMDAL_DEFAULT_FILE "/etc/default/heimdal-kdc"
+#define HEIMDAL_ACL_FILE "/etc/heimdal-kdc/kadmind.acl"
 #define SASL_DEFAULT_FILE "/etc/default/saslauthd"
 #define SASL_CONTROL_FILE "/etc/ldap/sasl2/slapd.conf"
 
@@ -298,6 +300,8 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
 				line.replace("@@@LDAP_KEYTAB_FILE@@@", LDAP_KEYTAB_FILE);
 				line.replace("@@@LDAP_USER_NAME@@@", ldapusername);
 				line.replace("@@@LDAP_GROUP_NAME@@@", ldapgroupname);
+				line.replace("@@@TDELIBDIR@@@", TDE_LIBDIR);
+				line.replace("@@@HEIMDALACLFILE@@@", HEIMDAL_ACL_FILE);
 				if (ldifSchemaNumber >= 0) {
 					line.replace("@@@LDIFSCHEMANUMBER@@@", TQString("%1").arg(ldifSchemaNumber));
 				}
@@ -769,7 +773,7 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 
 	// Heimdal
 	replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", HEIMDAL_DEFAULT_FILE, realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
-	replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "heimdal-kdc/kadmind.acl", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
+	replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", HEIMDAL_ACL_FILE, realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
 	replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "heimdal-kdc/kdc.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
 	replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
 
@@ -846,14 +850,18 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 
 	// Set permissions
-	chmod(TQString(destDir + "heimdal.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
-	chmod(TQString(destDir + "heimdal-kdc/kadmind.acl").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+	chmod(TQString(HEIMDAL_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+	chmod(TQString(HEIMDAL_ACL_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+	chown(TQString(HEIMDAL_ACL_FILE).ascii(), slapd_uid, 0);
 	chmod(TQString(destDir + "heimdal-kdc/kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
 	chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
 
 	chmod(TQString(configTempDir.name() + "skel.ldif").ascii(), S_IRUSR|S_IWUSR);
 // 	chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR);
-	chmod(TQString(destDir + "ldap/slapd.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+	chmod(TQString(LDAP_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+
+	chmod(TQString(SASL_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+	chmod(TQString(SASL_CONTROL_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
 
 	pdialog.setStatusMessage(i18n("Loading initial database into LDAP..."));
 	tqApp->processEvents();