summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/Makefile.am4
-rw-r--r--src/groupconfigbase.ui2
-rw-r--r--src/ldap.cpp98
-rw-r--r--src/ldapconfigbase.ui9
-rw-r--r--src/ldaplogindlg.cpp2
-rw-r--r--src/ldapmgr.cpp222
-rw-r--r--src/ldapmgr.h (renamed from src/ldap.h)21
-rw-r--r--src/libtdeldap.cpp408
-rw-r--r--src/libtdeldap.h133
-rw-r--r--src/userconfigbase.ui2
-rw-r--r--src/userconfigdlg.cpp49
-rw-r--r--src/userconfigdlg.h47
12 files changed, 880 insertions, 117 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index b38ecd8..c49b9de 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -4,8 +4,8 @@ METASOURCES = AUTO
# Install this plugin in the KDE modules directory
kde_module_LTLIBRARIES = kcm_ldapmanager.la
-kcm_ldapmanager_la_SOURCES = ldap.cpp ldapconfigbase.ui userconfigbase.ui groupconfigbase.ui libtdeldap.cpp ldaplogindlgbase.ui ldaplogindlg.cpp ldappasswddlg.cpp
-kcm_ldapmanager_la_LIBADD = -lkio $(LIB_TDEUI)
+kcm_ldapmanager_la_SOURCES = ldapmgr.cpp ldapconfigbase.ui userconfigbase.ui groupconfigbase.ui libtdeldap.cpp ldaplogindlgbase.ui ldaplogindlg.cpp ldappasswddlg.cpp userconfigdlg.cpp
+kcm_ldapmanager_la_LIBADD = -lkio $(LIB_TDEUI) -lldap
kcm_ldapmanager_la_LDFLAGS = -avoid-version -module -no-undefined \
$(all_libraries)
diff --git a/src/groupconfigbase.ui b/src/groupconfigbase.ui
index 721338a..2f7f8db 100644
--- a/src/groupconfigbase.ui
+++ b/src/groupconfigbase.ui
@@ -28,7 +28,7 @@
<cstring>detailsTab</cstring>
</property>
<attribute name="title">
- <string>Details</string>
+ <string>POSIX</string>
</attribute>
<grid>
<property name="name">
diff --git a/src/ldap.cpp b/src/ldap.cpp
deleted file mode 100644
index 61351d1..0000000
--- a/src/ldap.cpp
+++ /dev/null
@@ -1,98 +0,0 @@
-/***************************************************************************
- * Copyright (C) 2012 by Timothy Pearson *
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the *
- * Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
- ***************************************************************************/
-
-#include <tqlayout.h>
-
-#include <klocale.h>
-#include <kglobal.h>
-#include <kparts/genericfactory.h>
-#include <ksimpleconfig.h>
-#include <kglobalsettings.h>
-#include <kstandarddirs.h>
-#include <kurlrequester.h>
-#include <klistview.h>
-#include <kopenwith.h>
-#include <kpropertiesdialog.h>
-#include <kio/job.h>
-#include <tqdir.h>
-#include <tqheader.h>
-
-#include "ldap.h"
-
-typedef KGenericFactory<LDAPConfig, TQWidget> LDAPConfigFactory;
-
-K_EXPORT_COMPONENT_FACTORY( kcm_ldapmanager, LDAPConfigFactory("kcmldapmanager"))
-
-LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
- : KCModule(parent, name), myAboutData(0)
-{
- TQVBoxLayout *layout = new TQVBoxLayout(this, KDialog::marginHint(), KDialog::spacingHint());
- base = new LDAPConfigBase(this);
- layout->add(base);
-
- base->user_list->setAllColumnsShowFocus(true);
- base->user_list->setFullWidth(true);
- base->group_list->setAllColumnsShowFocus(true);
- base->group_list->setFullWidth(true);
- base->group_memberList->setAllColumnsShowFocus(true);
- base->group_memberList->setFullWidth(true);
- base->machine_list->setAllColumnsShowFocus(true);
- base->machine_list->setFullWidth(true);
-
- load();
-
- KAboutData* about = new KAboutData("ldap", I18N_NOOP("TDE LDAP Realm Manager"), "0.1",
- I18N_NOOP("TDE LDAP Realm Manager Control Panel Module"),
- KAboutData::License_GPL,
- I18N_NOOP("(c) 2012 Timothy Pearson"), 0, 0);
-
- about->addAuthor("Timothy Pearson", 0, "[email protected]");
- setAboutData( about );
-
- processLockouts();
-};
-
-LDAPConfig::~LDAPConfig() {
-}
-
-void LDAPConfig::load() {
- kgs = new KGlobalSettings();
-}
-
-void LDAPConfig::defaults() {
-
-}
-
-void LDAPConfig::save() {
-
-}
-
-void LDAPConfig::processLockouts() {
- //
-}
-
-int LDAPConfig::buttons() {
- return KCModule::Apply|KCModule::Help;
-}
-
-TQString LDAPConfig::quickHelp() const
-{
- return i18n("This module manages users, groups, and machines in LDAP realms.");
-}
diff --git a/src/ldapconfigbase.ui b/src/ldapconfigbase.ui
index 768c3c6..a95763a 100644
--- a/src/ldapconfigbase.ui
+++ b/src/ldapconfigbase.ui
@@ -122,6 +122,9 @@
<cstring>unnamed_layoutwidget1</cstring>
</property>
<grid>
+ <property name="margin">
+ <number>0</number>
+ </property>
<widget class="TQLayoutWidget" row="0" column="0">
<property name="name">
<cstring>userControls</cstring>
@@ -375,6 +378,9 @@
<cstring>unnamed_layoutwidget2</cstring>
</property>
<grid>
+ <property name="margin">
+ <number>0</number>
+ </property>
<widget class="TQLayoutWidget" row="0" column="0">
<property name="name">
<cstring>groupControls</cstring>
@@ -562,6 +568,9 @@
<cstring>unnamed_layoutwidget3</cstring>
</property>
<grid>
+ <property name="margin">
+ <number>0</number>
+ </property>
<widget class="TQLayoutWidget" row="0" column="0">
<property name="name">
<cstring>userControls</cstring>
diff --git a/src/ldaplogindlg.cpp b/src/ldaplogindlg.cpp
index 2a3b835..f9ca3b5 100644
--- a/src/ldaplogindlg.cpp
+++ b/src/ldaplogindlg.cpp
@@ -42,4 +42,4 @@ LDAPLogin::~LDAPLogin(){
//
}
-#include "ldaplogindlg.moc"
+// #include "ldaplogindlg.moc"
diff --git a/src/ldapmgr.cpp b/src/ldapmgr.cpp
new file mode 100644
index 0000000..b853684
--- /dev/null
+++ b/src/ldapmgr.cpp
@@ -0,0 +1,222 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#include <tqlayout.h>
+
+#include <klocale.h>
+#include <kglobal.h>
+#include <kparts/genericfactory.h>
+#include <ksimpleconfig.h>
+#include <kglobalsettings.h>
+#include <kstandarddirs.h>
+#include <kurlrequester.h>
+#include <klistview.h>
+#include <kopenwith.h>
+#include <kpropertiesdialog.h>
+#include <kio/job.h>
+#include <tqdir.h>
+#include <tqheader.h>
+#include <ksimpleconfig.h>
+#include <kcombobox.h>
+#include <kmessagebox.h>
+#include <klineedit.h>
+
+#include "ldapmgr.h"
+
+#include "libtdeldap.h"
+#include "ldappasswddlg.h"
+#include "userconfigdlg.h"
+
+// FIXME
+// Connect this to CMake/Automake
+#define KDE_CONFDIR "/etc/trinity"
+
+typedef KGenericFactory<LDAPConfig, TQWidget> LDAPConfigFactory;
+
+K_EXPORT_COMPONENT_FACTORY( kcm_ldapmanager, LDAPConfigFactory("kcmldapmanager"))
+
+LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
+ : KCModule(parent, name), myAboutData(0), m_ldapmanager(0)
+{
+ m_systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
+
+ TQVBoxLayout *layout = new TQVBoxLayout(this, KDialog::marginHint(), KDialog::spacingHint());
+ base = new LDAPConfigBase(this);
+ layout->add(base);
+
+ base->user_list->setAllColumnsShowFocus(true);
+ base->user_list->setFullWidth(true);
+ base->group_list->setAllColumnsShowFocus(true);
+ base->group_list->setFullWidth(true);
+ base->group_memberList->setAllColumnsShowFocus(true);
+ base->group_memberList->setFullWidth(true);
+ base->machine_list->setAllColumnsShowFocus(true);
+ base->machine_list->setFullWidth(true);
+
+ base->user_loginName->setEnabled(false);
+ base->user_uid->setEnabled(false);
+ base->user_primaryGroup->setEnabled(false);
+ base->user_realName->setEnabled(false);
+ base->user_status->setEnabled(false);
+ base->user_secondaryGroups->setEnabled(false);
+
+ connect(base->user_ldapRealm, TQT_SIGNAL(highlighted(const TQString&)), this, TQT_SLOT(connectToRealm(const TQString&)));
+ connect(base->user_list, TQT_SIGNAL(selectionChanged()), this, TQT_SLOT(userHighlighted()));
+
+ connect(base->user_buttonModify, TQT_SIGNAL(clicked()), this, TQT_SLOT(modifySelectedUser()));
+
+ load();
+
+ KAboutData* about = new KAboutData("ldap", I18N_NOOP("TDE LDAP Realm Manager"), "0.1",
+ I18N_NOOP("TDE LDAP Realm Manager Control Panel Module"),
+ KAboutData::License_GPL,
+ I18N_NOOP("(c) 2012 Timothy Pearson"), 0, 0);
+
+ about->addAuthor("Timothy Pearson", 0, "[email protected]");
+ setAboutData( about );
+
+ processLockouts();
+};
+
+LDAPConfig::~LDAPConfig() {
+ delete m_systemconfig;
+}
+
+void LDAPConfig::load() {
+ // Load realms
+ int i;
+ base->user_ldapRealm->clear();
+ TQStringList cfgRealms = m_systemconfig->groupList();
+ for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
+ if ((*it).startsWith("LDAPRealm-")) {
+ m_systemconfig->setGroup(*it);
+ TQString realmName=*it;
+ realmName.remove(0,strlen("LDAPRealm-"));
+ base->user_ldapRealm->insertItem(realmName);
+ }
+ }
+ TQString defaultRealm = m_systemconfig->readEntry("DefaultRealm", TQString::null);
+ if (defaultRealm != "") {
+ for (i=0; i<base->user_ldapRealm->count(); i++) {
+ if (base->user_ldapRealm->text(i).lower() == defaultRealm.lower()) {
+ base->user_ldapRealm->setCurrentItem(i);
+ break;
+ }
+ }
+ }
+ connectToRealm(base->user_ldapRealm->currentText().upper());
+}
+
+void LDAPConfig::defaults() {
+
+}
+
+void LDAPConfig::save() {
+
+}
+
+void LDAPConfig::processLockouts() {
+ //
+}
+
+void LDAPConfig::connectToRealm(const TQString& realm) {
+ if (m_ldapmanager) {
+ if (m_ldapmanager->realm() == realm) {
+ return;
+ }
+ delete m_ldapmanager;
+ }
+
+ m_systemconfig->setGroup("LDAPRealm-" + realm);
+ TQString host = m_systemconfig->readEntry("admin_server");
+ m_ldapmanager = new LDAPManager(realm, host);
+
+ populateUsers();
+ // RAJA FIXME
+ // Groups?? Machines??
+}
+
+void LDAPConfig::populateUsers() {
+ m_userInfoList = m_ldapmanager->users();
+ updateUsersList();
+}
+
+void LDAPConfig::updateUsersList() {
+ base->user_list->clear();
+ LDAPUserInfoList::Iterator it;
+ for (it = m_userInfoList.begin(); it != m_userInfoList.end(); ++it) {
+ LDAPUserInfo user = *it;
+ (void)new TQListViewItem(base->user_list, user.name, user.commonName, TQString("%1").arg(user.uid));
+ }
+ processLockouts();
+}
+
+LDAPUserInfo LDAPConfig::findUserInfoByNameAndUID(TQString name, TQString uid) {
+ // Figure out which user is selected
+ LDAPUserInfoList::Iterator it;
+ for (it = m_userInfoList.begin(); it != m_userInfoList.end(); ++it) {
+ LDAPUserInfo user = *it;
+ if ((user.name == name) && (TQString("%1").arg(user.uid) == uid)) {
+ return user;
+ }
+ }
+ return LDAPUserInfo();
+}
+
+LDAPUserInfo LDAPConfig::selectedUser() {
+ TQListViewItem* lvi = base->user_list->currentItem();
+ if (!lvi) {
+ return LDAPUserInfo();
+ }
+ return findUserInfoByNameAndUID(lvi->text(0), lvi->text(2));
+}
+
+void LDAPConfig::userHighlighted() {
+ // Show information in the quick view area
+ LDAPUserInfo user = selectedUser();
+
+ base->user_loginName->setText(user.name);
+ base->user_uid->setText(TQString("%1").arg(user.uid));
+ base->user_primaryGroup->setText(TQString("%1").arg(user.primary_gid));
+ base->user_realName->setText(user.commonName);
+ base->user_status->setText((user.status == KRB5_DISABLED_ACCOUNT)?"Disabled":"Enabled");
+ base->user_secondaryGroups->setText("RAJA FIXME");
+
+ processLockouts();
+}
+
+void LDAPConfig::modifySelectedUser() {
+ // Launch a dialog to edit the user
+ LDAPUserInfo user = selectedUser();
+
+ // RAJA FIXME
+ UserConfigDialog userconfigdlg(user, this);
+ if (userconfigdlg.exec() == TQDialog::Accepted) {
+ }
+}
+
+int LDAPConfig::buttons() {
+ return KCModule::Apply|KCModule::Help;
+}
+
+TQString LDAPConfig::quickHelp() const
+{
+ return i18n("This module manages users, groups, and machines in LDAP realms.");
+}
diff --git a/src/ldap.h b/src/ldapmgr.h
index a6bf485..46b69de 100644
--- a/src/ldap.h
+++ b/src/ldapmgr.h
@@ -18,8 +18,8 @@
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
-#ifndef _LDAP_H_
-#define _LDAP_H_
+#ifndef _LDAPMGR_H_
+#define _LDAPMGR_H_
#include <kcmodule.h>
#include <kaboutdata.h>
@@ -30,8 +30,11 @@
#include <tqpushbutton.h>
#include <tqcombobox.h>
+#include "libtdeldap.h"
#include "ldapconfigbase.h"
+class KSimpleConfig;
+
class LDAPConfig: public KCModule
{
Q_OBJECT
@@ -49,12 +52,24 @@ class LDAPConfig: public KCModule
private slots:
void processLockouts();
+ void connectToRealm(const TQString&);
+ void populateUsers();
+ void updateUsersList();
+ void userHighlighted();
+ void modifySelectedUser();
+
+ private:
+ LDAPUserInfo findUserInfoByNameAndUID(TQString name, TQString uid);
+ LDAPUserInfo selectedUser();
private:
KAboutData *myAboutData;
- KGlobalSettings *kgs;
LDAPConfigBase *base;
+ KSimpleConfig *m_systemconfig;
+ LDAPManager *m_ldapmanager;
+
+ LDAPUserInfoList m_userInfoList;
};
#endif
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index e69de29..f6f7466 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -0,0 +1,408 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#include <klocale.h>
+#include <kmessagebox.h>
+#include <klineedit.h>
+#include <kpassdlg.h>
+
+#include <ldap.h>
+#include <stdlib.h>
+#include <sys/time.h>
+
+#include "libtdeldap.h"
+#include "ldappasswddlg.h"
+
+#define LDAP_INSECURE_PORT 389
+#define LDAP_SECURE_PORT 636
+
+int requested_ldap_version = LDAP_VERSION3;
+int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection?
+char* ldap_user_and_operational_attributes[2] = {"*", "+"};
+
+LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(0), m_ldap(0)
+{
+ TQStringList domainChunks = TQStringList::split(".", realm.lower());
+ m_basedc = "dc=" + domainChunks.join(",dc=");
+}
+
+LDAPManager::~LDAPManager() {
+ unbind(true);
+}
+
+TQString LDAPManager::realm() {
+ return m_realm;
+}
+
+int LDAPManager::bind() {
+ if (m_ldap) {
+ return 0;
+ }
+
+ int use_secure_connection = 0;
+
+ TQString uri;
+ if (use_secure_connection == 1) {
+ m_port = LDAP_SECURE_PORT;
+ uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
+ }
+ else {
+ m_port = LDAP_INSECURE_PORT;
+ uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port);
+ }
+
+ int retcode = ldap_initialize(&m_ldap, uri.ascii());
+ if (retcode < 0) {
+ KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ return -1;
+ }
+ retcode = ldap_set_option(m_ldap, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version);
+ if (retcode != LDAP_OPT_SUCCESS) {
+ KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ return -1;
+ }
+
+ TQString errorString;
+ LDAPPasswordDialog passdlg(0);
+ passdlg.m_base->ldapAdminRealm->setEnabled(false);
+ passdlg.m_base->ldapAdminRealm->setText(m_realm);
+ if (passdlg.exec() == TQDialog::Accepted) {
+ char* mechanism = NULL;
+ struct berval cred;
+ TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text();
+ TQCString pass = passdlg.m_base->ldapAdminPassword->password();
+ cred.bv_val = pass.data();
+ cred.bv_len = pass.length();
+
+ if (!ldap_dn.contains(",")) {
+ // Look for a POSIX account with anonymous bind and the specified account name
+ TQString uri;
+ LDAP* ldapconn;
+ if (use_secure_connection == 1) {
+ m_port = LDAP_SECURE_PORT;
+ uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
+ }
+ else {
+ m_port = LDAP_INSECURE_PORT;
+ uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port);
+ }
+ int retcode = ldap_initialize(&ldapconn, uri.ascii());
+ if (retcode < 0) {
+ KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ return -1;
+ }
+ retcode = ldap_set_option(ldapconn, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version);
+ if (retcode != LDAP_OPT_SUCCESS) {
+ KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ return -1;
+ }
+ struct berval anoncred;
+ anoncred.bv_val = "";
+ anoncred.bv_len = strlen("");
+ retcode = ldap_sasl_bind_s(ldapconn, "", mechanism, &anoncred, NULL, NULL, NULL);
+ if (retcode == LDAP_SUCCESS ) {
+ // Look for the DN for the specified user
+ LDAPMessage* msg;
+ TQString ldap_base_dn = m_basedc;
+ TQString ldap_filter = TQString("(&(objectclass=posixAccount)(uid=%1))").arg(passdlg.m_base->ldapAdminUsername->text());
+ struct timeval timeout;
+ timeout.tv_sec = 10; // 10 second timeout
+ retcode = ldap_search_ext_s(ldapconn, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), NULL, 0, NULL, NULL, &timeout, 0, &msg);
+ if (retcode != LDAP_SUCCESS) {
+ KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+ }
+ else {
+ // Iterate through the returned entries
+ char* dn = NULL;
+ LDAPMessage* entry;
+ for(entry = ldap_first_entry(ldapconn, msg); entry != NULL; entry = ldap_next_entry(ldapconn, entry)) {
+ if((dn = ldap_get_dn(ldapconn, entry)) != NULL) {
+ ldap_dn = dn;
+ ldap_memfree(dn);
+ }
+ }
+ }
+ // clean up
+ ldap_msgfree(msg);
+
+ // All done!
+ ldap_unbind_ext_s(ldapconn, NULL, NULL);
+ }
+ }
+
+ retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
+
+ if (retcode != LDAP_SUCCESS ) {
+ KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ return -1;
+ }
+
+ return 0;
+ }
+ else {
+ return -2;
+ }
+
+ return -3;
+}
+
+int LDAPManager::unbind(bool force) {
+ if (!m_ldap) {
+ return 0;
+ }
+
+ int retcode = ldap_unbind_ext_s(m_ldap, NULL, NULL);
+ if ((retcode < 0) && (force == false)) {
+ KMessageBox::error(0, i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!"));
+ return retcode;
+ }
+ else {
+ m_ldap = 0;
+ }
+ return retcode;
+}
+
+LDAPUserInfoList LDAPManager::users() {
+ int retcode;
+ LDAPUserInfoList users;
+printf("[RAJA DEBUG 100.0] In LDAPManager::users()\n\r"); fflush(stdout);
+
+ if (bind() < 0) {
+ return LDAPUserInfoList();
+ }
+ else {
+printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(stdout);
+ LDAPMessage* msg;
+ TQString ldap_base_dn = m_basedc;
+ TQString ldap_filter = "(objectClass=posixAccount)";
+ struct timeval timeout;
+ timeout.tv_sec = 10; // 10 second timeout
+ retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, &timeout, 0, &msg);
+ if (retcode != LDAP_SUCCESS) {
+ KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+ return LDAPUserInfoList();
+ }
+
+printf("[RAJA DEBUG 100.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
+
+ // Iterate through the returned entries
+ char* dn = NULL;
+ char* attr;
+ struct berval **vals;
+ BerElement* ber;
+ LDAPMessage* entry;
+ int i;
+ for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
+ if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
+ printf("Returned dn: %s\n", dn);
+ ldap_memfree(dn);
+ }
+
+ LDAPUserInfo userinfo;
+ for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
+ if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
+printf("%s: %s\n\r", attr, vals[i]->bv_val);
+ userinfo.informationValid = true;
+ TQString ldap_field = attr;
+ i=0;
+ if (ldap_field == "uid") {
+ userinfo.name = vals[i]->bv_val;
+ }
+ else if (ldap_field == "uidNumber") {
+ userinfo.uid = atoi(vals[i]->bv_val);
+ }
+ else if (ldap_field == "loginShell") {
+ userinfo.shell = vals[i]->bv_val;
+ }
+ else if (ldap_field == "homeDirectory") {
+ userinfo.homedir = vals[i]->bv_val;
+ }
+ else if (ldap_field == "gidNumber") {
+ userinfo.primary_gid = atoi(vals[i]->bv_val);
+ }
+ else if (ldap_field == "krb5KDCFlags") {
+ userinfo.status = (LDAPKRB5Flags)(atoi(vals[i]->bv_val));
+ }
+ else if (ldap_field == "createTimestamp") { // YYYYMMDD000000Z
+ userinfo.account_created = TQDateTime::fromString(vals[i]->bv_val);
+ }
+ else if (ldap_field == "modifyTimestamp") { // YYYYMMDD000000Z
+ userinfo.account_modified = TQDateTime::fromString(vals[i]->bv_val);
+ }
+ // FIXME
+ // These two attributes do not seem to be available with a Heimdal KDC
+ // userinfo.password_last_changed = vals[i]->bv_val;
+ // userinfo.password_expires = vals[i]->bv_val;
+ else if (ldap_field == "krb5PasswordEnd") { // YYYYMMDD000000Z
+ userinfo.password_expiration = TQDateTime::fromString(vals[i]->bv_val);
+ }
+ // FIXME
+ // These six(!) attributes do not seem to be available with a Heimdal KDC
+ // userinfo.password_ages = vals[i]->bv_val;
+ // userinfo.new_password_interval = vals[i]->bv_val;
+ // userinfo.new_password_warn_interval = vals[i]->bv_val;
+ // userinfo.new_password_lockout_delay = vals[i]->bv_val;
+ // userinfo.password_has_minimum_age = vals[i]->bv_val;
+ // userinfo.password_minimum_age = vals[i]->bv_val;
+ else if (ldap_field == "krb5MaxLife") { // units: hours
+ userinfo.maximum_ticket_lifetime = atoi(vals[i]->bv_val);
+ }
+ else if (ldap_field == "cn") {
+ userinfo.commonName = vals[i]->bv_val;
+ }
+ else if (ldap_field == "givenName") {
+ userinfo.givenName = vals[i]->bv_val;
+ }
+ else if (ldap_field == "sn") {
+ userinfo.surName = vals[i]->bv_val;
+ }
+ else if (ldap_field == "initials") {
+ userinfo.initials = vals[i]->bv_val;
+ }
+ else if (ldap_field == "title") {
+ userinfo.title = vals[i]->bv_val;
+ }
+ else if (ldap_field == "mail") {
+ userinfo.email = vals[i]->bv_val;
+ }
+ else if (ldap_field == "description") {
+ userinfo.description = vals[i]->bv_val;
+ }
+ else if (ldap_field == "l") {
+ userinfo.locality = vals[i]->bv_val;
+ }
+ else if (ldap_field == "telephoneNumber") {
+ userinfo.telephoneNumber = vals[i]->bv_val;
+ }
+ else if (ldap_field == "facsimileTelephoneNumber") {
+ userinfo.faxNumber = vals[i]->bv_val;
+ }
+ else if (ldap_field == "homePhone") {
+ userinfo.homePhone = vals[i]->bv_val;
+ }
+ else if (ldap_field == "mobile") {
+ userinfo.mobilePhone = vals[i]->bv_val;
+ }
+ else if (ldap_field == "pager") {
+ userinfo.pagerNumber = vals[i]->bv_val;
+ }
+ // FIXME
+ // This attribute is not present in my current LDAP schema
+ // userinfo.website = vals[i]->bv_val;
+
+ // RAJA FIXME
+ // Populate these fields!
+// userinfo.poBox = vals[i]->bv_val;
+// userinfo.street = vals[i]->bv_val;
+// userinfo.address = vals[i]->bv_val;
+// userinfo.state = vals[i]->bv_val;
+// userinfo.postcode = vals[i]->bv_val;
+// userinfo.registeredAddress = vals[i]->bv_val;
+// userinfo.homeAddress = vals[i]->bv_val;
+// userinfo.seeAlso = vals[i]->bv_val;
+// userinfo.deliveryOffice = vals[i]->bv_val;
+// userinfo.department = vals[i]->bv_val;
+// userinfo.roomNumber = vals[i]->bv_val;
+// userinfo.employeeType = vals[i]->bv_val;
+// userinfo.employeeNumber = vals[i]->bv_val;
+// userinfo.manager = vals[i]->bv_val;
+// userinfo.secretary = vals[i]->bv_val;
+// userinfo.isdnNumber = vals[i]->bv_val;
+// userinfo.teletexID = vals[i]->bv_val;
+// userinfo.telexNumber = vals[i]->bv_val;
+// userinfo.preferredDelivery = vals[i]->bv_val;
+// userinfo.destinationIndicator = vals[i]->bv_val;
+// userinfo.x121Address = vals[i]->bv_val;
+// userinfo.displayName = vals[i]->bv_val;
+// userinfo.preferredLanguage = vals[i]->bv_val;
+// userinfo.uniqueIdentifier = vals[i]->bv_val;
+// userinfo.businessCategory = vals[i]->bv_val;
+// userinfo.carLicense = vals[i]->bv_val;
+// userinfo.notes = vals[i]->bv_val;
+
+// for(i = 0; vals[i] != NULL; i++) {
+// printf("%s: %s\n", attr, vals[i]->bv_val);
+// }
+ ldap_value_free_len(vals);
+ }
+ ldap_memfree(attr);
+ }
+ users.append(userinfo);
+
+ if (ber != NULL) {
+ ber_free(ber, 0);
+ }
+
+ printf("\n\r");
+ }
+
+ // clean up
+ ldap_msgfree(msg);
+
+ // RAJA FIXME
+ return users;
+ }
+
+ return LDAPUserInfoList();
+}
+
+// ===============================================================================================================
+//
+// DATA CLASS CONSTRUCTORS AND DESTRUCTORS
+//
+// ===============================================================================================================
+
+LDAPUserInfo::LDAPUserInfo() {
+ // TQStrings are always initialized to TQString::null, so they don't need initialization here...
+ informationValid = false;
+
+ uid = -1;
+ primary_gid = -1;
+ status = (LDAPKRB5Flags)0;
+ account_created = TQDateTime::fromString("01-01-1970 00:00:00");
+ account_modified = TQDateTime::fromString("01-01-1970 00:00:00");
+ password_last_changed = TQDateTime::fromString("01-01-1970 00:00:00");
+ password_expires = false;
+ password_expiration = TQDateTime::fromString("01-01-1970 00:00:00");
+ password_ages = false;
+ new_password_interval = -1;
+ new_password_warn_interval = -1;
+ new_password_lockout_delay = -1;
+ password_has_minimum_age = false;
+ password_minimum_age = -1;
+ maximum_ticket_lifetime = -1;
+}
+
+LDAPUserInfo::~LDAPUserInfo() {
+ //
+}
+
+LDAPGroupInfo::LDAPGroupInfo() {
+ // TQStrings are always initialized to TQString::null, so they don't need initialization here...
+ informationValid = false;
+
+ gid = -1;
+}
+
+LDAPGroupInfo::~LDAPGroupInfo() {
+ //
+}
+
+#include "libtdeldap.moc" \ No newline at end of file
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index b0bfba2..1281ec3 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -22,51 +22,162 @@
#define _LIBTDELDAP_H_
#include <unistd.h>
+#include <ldap.h>
+#include <tqobject.h>
#include <tqstring.h>
#include <tqdatetime.h>
#include <tqvaluelist.h>
-enum LDAPUserStatus {
- USER_STATUS_ENABLED,
- USER_STATUS_DISABLED
+// Values from hdb.asn1
+enum LDAPKRB5Flags {
+ KRB5_INITIAL = 0x00000001,
+ KRB5_FORWARDABLE = 0x00000002,
+ KRB5_PROXIABLE = 0x00000004,
+ KRB5_RENEWABLE = 0x00000008,
+ KRB5_POSTDATE = 0x00000010,
+ KRB5_SERVER = 0x00000020,
+ KRB5_CLIENT = 0x00000040,
+ KRB5_INVALID = 0x00000080,
+ KRB5_REQUIRE_PREAUTH = 0x00000100,
+ KRB5_CHANGE_PW = 0x00000200,
+ KRB5_REQUIRE_HWAUTH = 0x00000400,
+ KRB5_OK_AS_DELEGATE = 0x00000800,
+ KRB5_USER_TO_USER = 0x00001000,
+ KRB5_IMMUTABLE = 0x00002000,
+ KRB5_TRUSTED_FOR_DELEGATION = 0x00004000,
+ KRB5_ALLOW_KERBEROS_4 = 0x00008000,
+ KRB5_ALLOW_DIGEST = 0x00010000,
+ KRB5_LOCKED_OUT = 0x00020000,
+
+ KRB5_ACTIVE_DEFAULT = KRB5_FORWARDABLE | KRB5_RENEWABLE | KRB5_CLIENT | KRB5_CHANGE_PW,
+ KRB5_DISABLED_ACCOUNT = KRB5_FORWARDABLE | KRB5_SERVER | KRB5_INVALID | KRB5_REQUIRE_PREAUTH | KRB5_REQUIRE_HWAUTH | KRB5_OK_AS_DELEGATE | KRB5_USER_TO_USER,
+ KRB5_FLAG_MAX = 0x80000000
};
typedef TQValueList<uid_t> UserList;
typedef TQValueList<gid_t> GroupList;
+class LDAPCredentials
+{
+ public:
+ TQString username;
+ TQCString password;
+ TQString realm;
+};
+
class LDAPUserInfo
{
public:
+ LDAPUserInfo();
+ ~LDAPUserInfo();
+
+ public:
+ bool informationValid;
+
TQString name;
uid_t uid;
TQString shell;
TQString homedir;
gid_t primary_gid;
- GroupList grouplist;
- LDAPUserStatus status;
- TQDate password_last_changed;
+ LDAPKRB5Flags status; // Default active user is 586 [KRB5_ACTIVE_DEFAULT] and locked out user is 7586 [KRB5_DISABLED_ACCOUNT]
+ TQDateTime account_created;
+ TQDateTime account_modified;
+ TQDateTime password_last_changed;
bool password_expires;
- TQDate password_expiration;
+ TQDateTime password_expiration;
bool password_ages;
int new_password_interval;
int new_password_warn_interval;
int new_password_lockout_delay;
bool password_has_minimum_age;
int password_minimum_age;
+ int maximum_ticket_lifetime;
+
+ // Page 1
+ TQString commonName;
+ TQString givenName;
+ TQString surName;
+ TQString initials;
+ TQString title;
+ TQString email;
+ TQString description;
+ TQString locality;
+ TQString telephoneNumber;
+ TQString faxNumber;
+ TQString homePhone;
+ TQString mobilePhone;
+ TQString pagerNumber;
+ TQString website;
+
+ // Page 2
+ TQString poBox;
+ TQString street;
+ TQString address;
+ TQString state;
+ TQString postcode;
+ TQString registeredAddress;
+ TQString homeAddress;
- TQString realName;
- TQString organization;
- // FIXME
- // Add other attributes (cubicle, phone number, etc)
+ // Page 3
+ TQString seeAlso;
+ TQString deliveryOffice;
+ TQString department;
+ TQString roomNumber;
+ TQString employeeType;
+ TQString employeeNumber;
+ TQString manager;
+ TQString secretary;
+ TQString isdnNumber;
+ TQString teletexID;
+ TQString telexNumber;
+ TQString preferredDelivery;
+ TQString destinationIndicator;
+ TQString x121Address;
+ TQString displayName;
+ TQString preferredLanguage;
+ TQString uniqueIdentifier;
+ TQString businessCategory;
+ TQString carLicense;
+ TQString notes;
};
class LDAPGroupInfo
{
public:
+ LDAPGroupInfo();
+ ~LDAPGroupInfo();
+
+ public:
+ bool informationValid;
+
TQString name;
gid_t gid;
UserList userlist;
};
+typedef TQValueList<LDAPUserInfo> LDAPUserInfoList;
+typedef TQValueList<LDAPGroupInfo> LDAPGroupInfoList;
+
+class LDAPManager : public TQObject {
+ Q_OBJECT
+
+ public:
+ LDAPManager(TQString realm, TQString host, TQObject *parent=0, const char *name=0);
+ ~LDAPManager();
+
+ TQString realm();
+ int bind();
+ int unbind(bool force);
+ LDAPUserInfoList users();
+
+ private:
+ TQString m_realm;
+ TQString m_host;
+ int m_port;
+ TQString m_basedc;
+ LDAPCredentials* m_creds;
+ LDAP *m_ldap;
+};
+
#endif // _LIBTDELDAP_H_ \ No newline at end of file
diff --git a/src/userconfigbase.ui b/src/userconfigbase.ui
index b568067..03c2690 100644
--- a/src/userconfigbase.ui
+++ b/src/userconfigbase.ui
@@ -28,7 +28,7 @@
<cstring>detailsTab</cstring>
</property>
<attribute name="title">
- <string>Details</string>
+ <string>POSIX</string>
</attribute>
<grid>
<property name="name">
diff --git a/src/userconfigdlg.cpp b/src/userconfigdlg.cpp
new file mode 100644
index 0000000..477585d
--- /dev/null
+++ b/src/userconfigdlg.cpp
@@ -0,0 +1,49 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#include <klocale.h>
+#include <klineedit.h>
+#include <ktextedit.h>
+#include <knuminput.h>
+#include <kactionselector.h>
+#include <tqlistbox.h>
+#include <kpushbutton.h>
+#include <tqpixmap.h>
+#include <tqiconset.h>
+#include <tqlabel.h>
+
+#include "userconfigdlg.h"
+
+UserConfigDialog::UserConfigDialog(LDAPUserInfo user, TQWidget* parent, const char* name)
+ : KDialogBase(parent, name, true, i18n("LDAP User Properties"), Ok|Cancel, Ok, true), m_user(user)
+{
+ m_base = new LDAPUserConfigBase(this);
+ setMainWidget(m_base);
+}
+
+void UserConfigDialog::slotOk() {
+ accept();
+}
+
+LDAPUserInfo UserConfigDialog::userProperties() {
+ return m_user;
+}
+
+#include "userconfigdlg.moc"
diff --git a/src/userconfigdlg.h b/src/userconfigdlg.h
new file mode 100644
index 0000000..6ab3033
--- /dev/null
+++ b/src/userconfigdlg.h
@@ -0,0 +1,47 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#ifndef _USERCONFIGDIALOG_H_
+#define _USERCONFIGDIALOG_H_
+
+#include <kdialogbase.h>
+
+#include "libtdeldap.h"
+#include "userconfigbase.h"
+
+class UserConfigDialog : public KDialogBase
+{
+ Q_OBJECT
+
+public:
+ UserConfigDialog(LDAPUserInfo user, TQWidget* parent = 0, const char* name = 0);
+ LDAPUserInfo userProperties();
+
+public slots:
+ void slotOk();
+
+public:
+ LDAPUserConfigBase *m_base;
+
+private:
+ LDAPUserInfo m_user;
+};
+
+#endif // _USERCONFIGDIALOG_H_