summaryrefslogtreecommitdiffstats
path: root/src/ldap.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/ldap.cpp')
-rw-r--r--src/ldap.cpp159
1 files changed, 153 insertions, 6 deletions
diff --git a/src/ldap.cpp b/src/ldap.cpp
index 2b230ba..306d8c6 100644
--- a/src/ldap.cpp
+++ b/src/ldap.cpp
@@ -34,14 +34,20 @@
#include <kio/job.h>
#include <tqdir.h>
#include <tqheader.h>
+#include <knuminput.h>
+#include <kpassdlg.h>
+#include <klineedit.h>
+#include <kmessagebox.h>
#include "ldap.h"
#include "bondwizard.h"
+#include "ldappasswddlg.h"
#include "realmpropertiesdialog.h"
// FIXME
// Connect this to CMake/Automake
#define KDE_CONFDIR "/etc/trinity"
+#define KRB5_FILE "/etc/krb5.conf"
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
@@ -72,12 +78,16 @@ LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
setUseRootOnlyMsg(true);
connect(base->systemEnableSupport, TQT_SIGNAL(clicked()), this, TQT_SLOT(changed()));
+ connect(base->defaultRealm, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
+ connect(base->ticketLifetime, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
connect(base->systemEnableSupport, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts()));
connect(base->ldapRealmList, TQT_SIGNAL(selectionChanged()), this, TQT_SLOT(processLockouts()));
- connect(base->btnBondRealm, TQT_SIGNAL(clicked()), TQT_SLOT(bondToNewRealm()));
- connect(base->btnRemoveRealm, TQT_SIGNAL(clicked()), TQT_SLOT(removeRealm()));
- connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), TQT_SLOT(realmProperties()));
+ connect(base->btnBondRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(bondToNewRealm()));
+ connect(base->btnReBondRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(reBondToRealm()));
+ connect(base->btnRemoveRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(removeRealm()));
+ connect(base->btnDeactivateRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(deactivateRealm()));
+ connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), this, TQT_SLOT(realmProperties()));
load();
@@ -94,7 +104,6 @@ LDAPConfig::~LDAPConfig() {
void LDAPConfig::load() {
kgs = new KGlobalSettings();
- KStandardDirs *ksd = new KStandardDirs();
load(false);
}
@@ -106,6 +115,8 @@ void LDAPConfig::load(bool useDefaults )
systemconfig->setGroup(NULL);
base->systemEnableSupport->setChecked(systemconfig->readBoolEntry("EnableLDAP", false));
+ m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
+ m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
// Load realms
m_realms.clear();
@@ -137,6 +148,7 @@ void LDAPConfig::load(bool useDefaults )
}
}
+ base->ticketLifetime->setValue(m_ticketLifetime);
updateRealmList();
processLockouts();
@@ -146,11 +158,22 @@ void LDAPConfig::load(bool useDefaults )
void LDAPConfig::updateRealmList() {
base->ldapRealmList->clear();
+ base->defaultRealm->clear();
LDAPRealmConfigList::Iterator it;
for (it = m_realms.begin(); it != m_realms.end(); ++it) {
LDAPRealmConfig realmcfg = it.data();
(void)new TQListViewItem(base->ldapRealmList, ((realmcfg.bonded)?i18n("Bonded"):i18n("Deactivated")), realmcfg.name);
+ base->defaultRealm->insertItem(realmcfg.name);
}
+ if (m_defaultRealm != "") {
+ for (int i=0; i<base->defaultRealm->count(); i++) {
+ if (base->defaultRealm->text(i) == m_defaultRealm) {
+ base->defaultRealm->setCurrentItem(i);
+ break;
+ }
+ }
+ }
+ processLockouts();
}
void LDAPConfig::defaults() {
@@ -161,6 +184,15 @@ void LDAPConfig::save() {
// Write system configuration
systemconfig->setGroup(NULL);
systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
+ m_defaultRealm = base->defaultRealm->currentText();
+ m_ticketLifetime = base->ticketLifetime->value();
+ if (m_defaultRealm != "") {
+ systemconfig->writeEntry("DefaultRealm", m_defaultRealm);
+ }
+ else {
+ systemconfig->deleteEntry("DefaultRealm");
+ }
+ systemconfig->writeEntry("TicketLifetime", m_ticketLifetime);
LDAPRealmConfigList::Iterator it;
for (it = m_realms.begin(); it != m_realms.end(); ++it) {
@@ -198,8 +230,8 @@ void LDAPConfig::save() {
systemconfig->sync();
- // RAJA FIXME
- // Write the appropriate /etc/krb5.conf file here!
+ // Write the Kerberos5 configuration file
+ writeKrb5ConfFile();
load();
}
@@ -247,6 +279,32 @@ void LDAPConfig::bondToNewRealm() {
load();
}
+void LDAPConfig::reBondToRealm() {
+ TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
+ if (selrealm) {
+ TQString realmName = selrealm->text(1);
+ LDAPRealmConfig realmcfg = m_realms[realmName];
+ if (realmcfg.bonded == false) {
+ // Password prompt...
+ TQString errorString;
+ LDAPPasswordDialog passdlg(this);
+ if (passdlg.exec() == TQDialog::Accepted) {
+ if (bondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
+ // Success!
+ realmcfg.bonded = true;
+ m_realms.remove(realmName);
+ m_realms.insert(realmName, realmcfg);
+ save();
+ }
+ else {
+ KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>%1</qt>").arg(errorString), i18n("Unable to Bond to Realm"));
+ }
+ }
+ }
+ }
+ updateRealmList();
+}
+
void LDAPConfig::removeRealm() {
TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
if (selrealm) {
@@ -256,6 +314,43 @@ void LDAPConfig::removeRealm() {
}
}
+void LDAPConfig::deactivateRealm() {
+ TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
+ if (selrealm) {
+ TQString realmName = selrealm->text(1);
+ LDAPRealmConfig realmcfg = m_realms[realmName];
+ if (realmcfg.bonded == true) {
+ // Password prompt...
+ TQString errorString;
+ LDAPPasswordDialog passdlg(this);
+ passdlg.m_base->passprompt->setText(i18n("Please provide LDAP realm administrator credentials below to complete the unbonding process"));
+ if (passdlg.exec() == TQDialog::Accepted) {
+ if (unbondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
+ // Success!
+ realmcfg.bonded = false;
+ m_realms.remove(realmName);
+ m_realms.insert(realmName, realmcfg);
+ save();
+ }
+ else {
+ KMessageBox::error(this, i18n("<qt><b>Unable to unbond from realm!</b><p>%1</qt>").arg(errorString), i18n("Unable to Unbond from Realm"));
+ }
+ }
+ }
+ }
+ updateRealmList();
+}
+
+int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
+ // RAJA FIXME
+ return 1; // Failure
+}
+
+int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
+ // RAJA FIXME
+ return 1; // Failure
+}
+
void LDAPConfig::realmProperties() {
TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
if (selrealm) {
@@ -267,6 +362,58 @@ void LDAPConfig::realmProperties() {
}
}
+void LDAPConfig::writeKrb5ConfFile() {
+ TQFile file(KRB5_FILE);
+ if (file.open(IO_WriteOnly)) {
+ TQTextStream stream( &file );
+
+ stream << "# This file was automatically generated by TDE\n";
+ stream << "# All changes will be lost!\n";
+ stream << "\n";
+
+ // Defaults
+ // FIXME
+ // These should be configurable!
+ stream << "[libdefaults]\n";
+ stream << " ticket_lifetime = " << m_ticketLifetime << "\n";
+ if (m_defaultRealm != "") {
+ stream << " default_realm = " << m_defaultRealm << "\n";
+ }
+ stream << " default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n";
+ stream << " default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n";
+ stream << "\n";
+
+ // Realms
+ stream << "[realms]\n";
+ LDAPRealmConfigList::Iterator it;
+ for (it = m_realms.begin(); it != m_realms.end(); ++it) {
+ LDAPRealmConfig realmcfg = it.data();
+ stream << " " << realmcfg.name << " = {\n";
+ stream << " kdc = " << realmcfg.kdc << ":" << realmcfg.kdc_port << "\n";
+ stream << " admin_server = " << realmcfg.admin_server << ":" << realmcfg.admin_server_port << "\n";
+ stream << " pkinit_require_eku = " << (realmcfg.pkinit_require_eku?"true":"false") << "\n";
+ stream << " pkinit_require_krbtgt_otherName = " << (realmcfg.pkinit_require_krbtgt_otherName?"true":"false") << "\n";
+ stream << " win2k_pkinit = " << (realmcfg.win2k_pkinit?"yes":"no") << "\n";
+ stream << " win2k_pkinit_require_binding = " << (realmcfg.win2k_pkinit_require_binding?"yes":"no") << "\n";
+ stream << " }\n";
+ }
+ stream << "\n";
+
+ // Domain aliases
+ stream << "[domain_realm]\n";
+ LDAPRealmConfigList::Iterator it2;
+ for (it2 = m_realms.begin(); it2 != m_realms.end(); ++it2) {
+ LDAPRealmConfig realmcfg = it2.data();
+ TQStringList domains = realmcfg.domain_mappings;
+ for (TQStringList::Iterator it3 = domains.begin(); it3 != domains.end(); ++it3 ) {
+ stream << " " << *it3 << " = " << realmcfg.name << "\n";
+ }
+ }
+
+ file.close();
+ }
+}
+
int LDAPConfig::buttons() {
return KCModule::Apply|KCModule::Help;
}
generated by cgit v1.2.1 (git 2.18.0) at 2024-12-26 03:15:48 +0000