summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/ldapconfigbase.ui8
-rw-r--r--src/ldapmgr.cpp140
-rw-r--r--src/ldapmgr.h1
-rw-r--r--src/libtdeldap.cpp13
-rw-r--r--src/libtdeldap.h2
5 files changed, 158 insertions, 6 deletions
diff --git a/src/ldapconfigbase.ui b/src/ldapconfigbase.ui
index aa3af07..9c0be29 100644
--- a/src/ldapconfigbase.ui
+++ b/src/ldapconfigbase.ui
@@ -573,7 +573,7 @@
</property>
<widget class="TQLayoutWidget" row="0" column="0">
<property name="name">
- <cstring>userControls</cstring>
+ <cstring>machineControls</cstring>
</property>
<grid>
<property name="name">
@@ -581,7 +581,7 @@
</property>
<widget class="TQPushButton" row="0" column="1" colspan="0">
<property name="name">
- <cstring>user_buttonModify</cstring>
+ <cstring>machine_buttonModify</cstring>
</property>
<property name="text">
<string>Modify</string>
@@ -589,7 +589,7 @@
</widget>
<widget class="TQPushButton" row="0" column="0" colspan="0">
<property name="name">
- <cstring>user_buttonAdd</cstring>
+ <cstring>machine_buttonAdd</cstring>
</property>
<property name="text">
<string>New</string>
@@ -597,7 +597,7 @@
</widget>
<widget class="TQPushButton" row="0" column="2" colspan="0">
<property name="name">
- <cstring>user_buttonDelete</cstring>
+ <cstring>machine_buttonDelete</cstring>
</property>
<property name="text">
<string>Delete</string>
diff --git a/src/ldapmgr.cpp b/src/ldapmgr.cpp
index 6d94a0c..5481b2e 100644
--- a/src/ldapmgr.cpp
+++ b/src/ldapmgr.cpp
@@ -19,6 +19,7 @@
***************************************************************************/
#include <tqlayout.h>
+#include <tqapplication.h>
#include <klocale.h>
#include <kglobal.h>
@@ -38,6 +39,8 @@
#include <kmessagebox.h>
#include <klineedit.h>
+#include <tdesu/process.h>
+
#include "ldapmgr.h"
#include "libtdeldap.h"
@@ -148,7 +151,6 @@ void LDAPConfig::save() {
}
void LDAPConfig::processLockouts() {
- // RAJA FIXME
TQListViewItem* lvi = base->user_list->selectedItem();
if (lvi) {
base->user_buttonModify->setEnabled(true);
@@ -170,6 +172,19 @@ void LDAPConfig::processLockouts() {
base->group_buttonDelete->setEnabled(false);
}
base->group_buttonAdd->setEnabled(true);
+
+ lvi = base->machine_list->selectedItem();
+ if (lvi) {
+ base->machine_buttonDelete->setEnabled(true);
+ }
+ else {
+ base->machine_buttonDelete->setEnabled(false);
+ }
+ // FIXME
+ // Disable machine add/modify as they are not implemented
+ // In fact, I don't know if I CAN implement them!
+ base->machine_buttonAdd->setEnabled(true);
+ base->machine_buttonModify->setEnabled(true);
}
void LDAPConfig::connectToRealm(const TQString& realm) {
@@ -431,7 +446,36 @@ void LDAPConfig::addNewUser() {
else {
user.distinguishedName = "uid=" + user.name + "," + m_ldapmanager->basedn();
}
- m_ldapmanager->addUserInfo(user);
+ if (m_ldapmanager->addUserInfo(user) == 0) {
+ if (user.new_password != "") {
+ // If a new password was set, use Kerberos to set it on the server
+ TQString errorString;
+ if (setPasswordForUser(user, &errorString) != 0) {
+ KMessageBox::error(0, i18n("<qt>Unable to set password for user!<p>%1</qt>").arg(errorString), i18n("Kerberos Failure"));
+ }
+ }
+
+ // Modify group(s) as needed
+ populateGroups();
+ LDAPGroupInfoList::Iterator it;
+ for (it = m_groupInfoList.begin(); it != m_groupInfoList.end(); ++it) {
+ LDAPGroupInfo group = *it;
+ if (userconfigdlg.selectedGroups.contains(group.name)) {
+ // Make sure that we are in this group!
+ if (!group.userlist.contains(user.distinguishedName)) {
+ group.userlist.append(user.distinguishedName);
+ m_ldapmanager->updateGroupInfo(group);
+ }
+ }
+ else {
+ // Make sure that we are NOT in this group!
+ if (group.userlist.contains(user.distinguishedName)) {
+ group.userlist.remove(user.distinguishedName);
+ m_ldapmanager->updateGroupInfo(group);
+ }
+ }
+ }
+ }
}
else {
// PEBKAC
@@ -492,6 +536,14 @@ void LDAPConfig::modifySelectedUser() {
if (userconfigdlg.exec() == TQDialog::Accepted) {
user = userconfigdlg.m_user;
if (m_ldapmanager->updateUserInfo(user) == 0) {
+ if (user.new_password != "") {
+ // If a new password was set, use Kerberos to set it on the server
+ TQString errorString;
+ if (setPasswordForUser(user, &errorString) != 0) {
+ KMessageBox::error(0, i18n("<qt>Unable to set password for user!<p>%1</qt>").arg(errorString), i18n("Kerberos Failure"));
+ }
+ }
+
// Modify group(s) as needed
populateGroups();
LDAPGroupInfoList::Iterator it;
@@ -551,6 +603,90 @@ void LDAPConfig::removeSelectedGroup() {
updateAllInformation();
}
+TQString readFullLineFromPtyProcess(PtyProcess* proc) {
+ TQString result = "";
+ while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) {
+ result = result + TQString(proc->readLine(false));
+ tqApp->processEvents();
+ }
+ return result;
+}
+
+int LDAPConfig::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
+ if (user.new_password == "") {
+ return 0;
+ }
+
+ LDAPCredentials admincreds = m_ldapmanager->currentLDAPCredentials();
+
+ TQCString command = "kadmin";
+ QCStringList args;
+ args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+
+ TQString prompt;
+ PtyProcess kadminProc;
+ kadminProc.exec(command, args);
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ if (prompt == "kadmin>") {
+ kadminProc.writeLine(TQCString("passwd "+user.name), true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = prompt.stripWhiteSpace();
+ if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) {
+ kadminProc.writeLine(admincreds.password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ }
+ if (prompt.contains("authentication failed")) {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+ else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.name + "@")))) {
+ kadminProc.writeLine(user.new_password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) {
+ kadminProc.writeLine(user.new_password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ }
+ if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) {
+ kadminProc.writeLine(admincreds.password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ }
+ if (prompt != "kadmin>") {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ // Success!
+ kadminProc.writeLine("quit", true);
+ return 0;
+ }
+ else if (prompt == "kadmin>") {
+ // Success!
+ kadminProc.writeLine("quit", true);
+ return 0;
+ }
+
+ // Failure
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
+ return 1; // Failure
+}
+
int LDAPConfig::buttons() {
return KCModule::Apply|KCModule::Help;
}
diff --git a/src/ldapmgr.h b/src/ldapmgr.h
index a007b87..4ba458e 100644
--- a/src/ldapmgr.h
+++ b/src/ldapmgr.h
@@ -81,6 +81,7 @@ class LDAPConfig: public KCModule
private:
LDAPUserInfo selectedUser();
LDAPGroupInfo selectedGroup();
+ int setPasswordForUser(LDAPUserInfo user, TQString *errstr);
private:
KAboutData *myAboutData;
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 2f834e9..1bb149c 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -55,6 +55,15 @@ TQString LDAPManager::realm() {
return m_realm;
}
+LDAPCredentials LDAPManager::currentLDAPCredentials() {
+ if (m_creds) {
+ return *m_creds;
+ }
+ else {
+ return LDAPCredentials();
+ }
+}
+
int LDAPManager::bind() {
printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
if (m_ldap) {
@@ -93,6 +102,10 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
struct berval cred;
TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text();
TQCString pass = passdlg.m_base->ldapAdminPassword->password();
+ if (!m_creds) m_creds = new LDAPCredentials();
+ m_creds->username = passdlg.m_base->ldapAdminUsername->text();
+ m_creds->password = passdlg.m_base->ldapAdminPassword->password();
+ m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
cred.bv_val = pass.data();
cred.bv_len = pass.length();
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index eaba974..b0c8c08 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -184,6 +184,8 @@ class LDAPManager : public TQObject {
int deleteUserInfo(LDAPUserInfo user);
int deleteGroupInfo(LDAPGroupInfo group);
+ LDAPCredentials currentLDAPCredentials();
+
private:
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);