/***************************************************************************
 *   Copyright (C) 2012 by Timothy Pearson                                 *
 *   kb9vqf@pearsoncomputing.net                                           *
 *                                                                         *
 *   This program is free software; you can redistribute it and/or modify  *
 *   it under the terms of the GNU General Public License as published by  *
 *   the Free Software Foundation; either version 2 of the License, or     *
 *   (at your option) any later version.                                   *
 *                                                                         *
 *   This program is distributed in the hope that it will be useful,       *
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
 *   GNU General Public License for more details.                          *
 *                                                                         *
 *   You should have received a copy of the GNU General Public License     *
 *   along with this program; if not, write to the                         *
 *   Free Software Foundation, Inc.,                                       *
 *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
 ***************************************************************************/

#include <tqlayout.h>

#include <klocale.h>
#include <kglobal.h>
#include <kcombobox.h>
#include <kparts/genericfactory.h>
#include <ksimpleconfig.h>
#include <kglobalsettings.h>
#include <kstandarddirs.h>
#include <kurlrequester.h>
#include <klistview.h>
#include <kopenwith.h>
#include <kpropertiesdialog.h>
#include <kio/job.h>
#include <tqdir.h>
#include <tqheader.h>

#include "ldap.h"
#include "bondwizard.h"
#include "realmpropertiesdialog.h"

// FIXME
// Connect this to CMake/Automake
#define KDE_CONFDIR "/etc/trinity"

typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;

K_EXPORT_COMPONENT_FACTORY( kcm_ldap, ldapFactory("kcmldap"))

KSimpleConfig *systemconfig = 0;

LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
    : KCModule(parent, name), myAboutData(0)
{
	TQVBoxLayout *layout = new TQVBoxLayout(this, KDialog::marginHint(), KDialog::spacingHint());
	systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));

	KAboutData* about = new KAboutData("ldap", I18N_NOOP("TDE LDAP Manager"), "0.1",
		I18N_NOOP("TDE LDAP Manager Control Panel Module"),
		KAboutData::License_GPL,
		I18N_NOOP("(c) 2012 Timothy Pearson"), 0, 0);
	
	about->addAuthor("Timothy Pearson", 0, "kb9vqf@pearsoncomputing.net");
	setAboutData( about );

	base = new LDAPConfigBase(this);
	layout->add(base);
	base->ldapRealmList->setAllColumnsShowFocus(true);
	base->ldapRealmList->setFullWidth(true);
	
	setRootOnlyMsg(i18n("<b>Bonded LDAP realms take effect system wide, and require administrator access to modify</b><br>To alter the system's bonded LDAP realms, click on the \"Administrator Mode\" button below."));
	setUseRootOnlyMsg(true);

	connect(base->systemEnableSupport, TQT_SIGNAL(clicked()), this, TQT_SLOT(changed()));
	connect(base->systemEnableSupport, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts()));
	connect(base->ldapRealmList, TQT_SIGNAL(selectionChanged()), this, TQT_SLOT(processLockouts()));

	connect(base->btnBondRealm, TQT_SIGNAL(clicked()), TQT_SLOT(bondToNewRealm()));
	connect(base->btnRemoveRealm, TQT_SIGNAL(clicked()), TQT_SLOT(removeRealm()));
	connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), TQT_SLOT(realmProperties()));

	load();

	if (getuid() != 0 || !systemconfig->checkConfigFilesWritable( true )) {
		base->systemEnableSupport->setEnabled(false);
	}

	processLockouts();
};

LDAPConfig::~LDAPConfig() {
	delete systemconfig;
}

void LDAPConfig::load() {
	kgs = new KGlobalSettings();
	KStandardDirs *ksd = new KStandardDirs();

	load(false);
}

void LDAPConfig::load(bool useDefaults )
{
	//Update the toggle buttons with the current configuration
	systemconfig->setReadDefaults( useDefaults );
	
	systemconfig->setGroup(NULL);
	base->systemEnableSupport->setChecked(systemconfig->readBoolEntry("EnableLDAP", false));
	
	// Load realms
	m_realms.clear();
	TQStringList cfgRealms = systemconfig->groupList();
	for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
		if ((*it).startsWith("LDAPRealm-")) {
			systemconfig->setGroup(*it);
			TQString realmName=*it;
			realmName.remove(0,strlen("LDAPRealm-"));
			if (!m_realms.contains(realmName)) {
				// Read in realm data
				LDAPRealmConfig realmcfg;
				realmcfg.name = realmName;
				realmcfg.bonded = systemconfig->readBoolEntry("bonded");
				realmcfg.uid_offset = systemconfig->readNumEntry("uid_offset");
				realmcfg.gid_offset = systemconfig->readNumEntry("gid_offset");
				realmcfg.domain_mappings = systemconfig->readListEntry("domain_mappings");
				realmcfg.kdc = systemconfig->readEntry("kdc");
				realmcfg.kdc_port = systemconfig->readNumEntry("kdc_port");
				realmcfg.admin_server = systemconfig->readEntry("admin_server");
				realmcfg.admin_server_port = systemconfig->readNumEntry("admin_server_port");
				realmcfg.pkinit_require_eku = systemconfig->readBoolEntry("pkinit_require_eku");
				realmcfg.pkinit_require_krbtgt_otherName = systemconfig->readBoolEntry("pkinit_require_krbtgt_otherName");
				realmcfg.win2k_pkinit = systemconfig->readBoolEntry("win2k_pkinit");
				realmcfg.win2k_pkinit_require_binding = systemconfig->readBoolEntry("win2k_pkinit_require_binding");
				// Add realm to list
				m_realms.insert(realmName, realmcfg);
			}
		}
	}

	updateRealmList();

	processLockouts();
	
	emit changed(useDefaults);
}

void LDAPConfig::updateRealmList() {
	base->ldapRealmList->clear();
	LDAPRealmConfigList::Iterator it;
	for (it = m_realms.begin(); it != m_realms.end(); ++it) {
		LDAPRealmConfig realmcfg = it.data();
		(void)new TQListViewItem(base->ldapRealmList, ((realmcfg.bonded)?i18n("Bonded"):i18n("Deactivated")), realmcfg.name);
	}
}

void LDAPConfig::defaults() {
	
}

void LDAPConfig::save() {
	// Write system configuration
	systemconfig->setGroup(NULL);
	systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());

	LDAPRealmConfigList::Iterator it;
	for (it = m_realms.begin(); it != m_realms.end(); ++it) {
		LDAPRealmConfig realmcfg = it.data();
		TQString configRealmName = realmcfg.name;
		configRealmName.prepend("LDAPRealm-");
		systemconfig->setGroup(configRealmName);
		// Save realm settings
		systemconfig->writeEntry("bonded", realmcfg.bonded);
		systemconfig->writeEntry("uid_offset", realmcfg.uid_offset);
		systemconfig->writeEntry("gid_offset", realmcfg.gid_offset);
		systemconfig->writeEntry("domain_mappings", realmcfg.domain_mappings);
		systemconfig->writeEntry("kdc", realmcfg.kdc);
		systemconfig->writeEntry("kdc_port", realmcfg.kdc_port);
		systemconfig->writeEntry("admin_server", realmcfg.admin_server);
		systemconfig->writeEntry("admin_server_port", realmcfg.admin_server_port);
		systemconfig->writeEntry("pkinit_require_eku", realmcfg.pkinit_require_eku);
		systemconfig->writeEntry("pkinit_require_krbtgt_otherName", realmcfg.pkinit_require_krbtgt_otherName);
		systemconfig->writeEntry("win2k_pkinit", realmcfg.win2k_pkinit);
		systemconfig->writeEntry("win2k_pkinit_require_binding", realmcfg.win2k_pkinit_require_binding);
	}

	// Delete any realms that do not exist in the m_realms database
	TQStringList cfgRealms = systemconfig->groupList();
	for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
		if ((*it).startsWith("LDAPRealm-")) {
			systemconfig->setGroup(*it);
			TQString realmName=*it;
			realmName.remove(0,strlen("LDAPRealm-"));
			if (!m_realms.contains(realmName)) {
				systemconfig->deleteGroup(*it);
			}
		}
	}

	systemconfig->sync();

	// RAJA FIXME
	// Write the appropriate /etc/krb5.conf file here!

	load();
}

void LDAPConfig::processLockouts() {
	bool panelIsEnabled = base->systemEnableSupport->isChecked();

	base->groupRealms->setEnabled(panelIsEnabled);

	TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
	if (selrealm) {
		LDAPRealmConfig realmcfg = m_realms[selrealm->text(1)];
		base->btnBondRealm->setEnabled(true);
		base->btnReBondRealm->setEnabled(true);
		if (realmcfg.bonded) {
			base->btnDeactivateRealm->setEnabled(true);
			base->btnRemoveRealm->setEnabled(false);
			base->btnRealmProperties->setEnabled(false);
		}
		else {
			base->btnDeactivateRealm->setEnabled(false);
			base->btnRemoveRealm->setEnabled(true);
			base->btnRealmProperties->setEnabled(true);
		}
	}
	else {
		base->btnBondRealm->setEnabled(true);
		base->btnReBondRealm->setEnabled(false);
		base->btnDeactivateRealm->setEnabled(false);
		base->btnRemoveRealm->setEnabled(false);
		base->btnRealmProperties->setEnabled(false);
	}
}

void LDAPConfig::bondToNewRealm() {
	// RAJA FIXME

	// Something will probably change
	save();

	BondWizard bondwizard(&m_realms, this, this);
	bondwizard.exec();

	// Something probably changed
	load();
}

void LDAPConfig::removeRealm() {
	TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
	if (selrealm) {
		m_realms.remove(selrealm->text(1));
		updateRealmList();
		changed();
	}
}

void LDAPConfig::realmProperties() {
	TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
	if (selrealm) {
		RealmPropertiesDialog rpdialog(&m_realms, selrealm->text(1), this);
		if (rpdialog.exec() == TQDialog::Accepted) {
			updateRealmList();
			changed();
		}
	}
}

int LDAPConfig::buttons() {
	return KCModule::Apply|KCModule::Help;
}

TQString LDAPConfig::quickHelp() const
{
	return i18n("This module configures which LDAP realms TDE uses for authentication.");
}