summaryrefslogtreecommitdiffstats
path: root/src/ldapmgr.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/ldapmgr.cpp')
-rw-r--r--src/ldapmgr.cpp140
1 files changed, 138 insertions, 2 deletions
diff --git a/src/ldapmgr.cpp b/src/ldapmgr.cpp
index 6d94a0c..5481b2e 100644
--- a/src/ldapmgr.cpp
+++ b/src/ldapmgr.cpp
@@ -19,6 +19,7 @@
***************************************************************************/
#include <tqlayout.h>
+#include <tqapplication.h>
#include <klocale.h>
#include <kglobal.h>
@@ -38,6 +39,8 @@
#include <kmessagebox.h>
#include <klineedit.h>
+#include <tdesu/process.h>
+
#include "ldapmgr.h"
#include "libtdeldap.h"
@@ -148,7 +151,6 @@ void LDAPConfig::save() {
}
void LDAPConfig::processLockouts() {
- // RAJA FIXME
TQListViewItem* lvi = base->user_list->selectedItem();
if (lvi) {
base->user_buttonModify->setEnabled(true);
@@ -170,6 +172,19 @@ void LDAPConfig::processLockouts() {
base->group_buttonDelete->setEnabled(false);
}
base->group_buttonAdd->setEnabled(true);
+
+ lvi = base->machine_list->selectedItem();
+ if (lvi) {
+ base->machine_buttonDelete->setEnabled(true);
+ }
+ else {
+ base->machine_buttonDelete->setEnabled(false);
+ }
+ // FIXME
+ // Disable machine add/modify as they are not implemented
+ // In fact, I don't know if I CAN implement them!
+ base->machine_buttonAdd->setEnabled(true);
+ base->machine_buttonModify->setEnabled(true);
}
void LDAPConfig::connectToRealm(const TQString& realm) {
@@ -431,7 +446,36 @@ void LDAPConfig::addNewUser() {
else {
user.distinguishedName = "uid=" + user.name + "," + m_ldapmanager->basedn();
}
- m_ldapmanager->addUserInfo(user);
+ if (m_ldapmanager->addUserInfo(user) == 0) {
+ if (user.new_password != "") {
+ // If a new password was set, use Kerberos to set it on the server
+ TQString errorString;
+ if (setPasswordForUser(user, &errorString) != 0) {
+ KMessageBox::error(0, i18n("<qt>Unable to set password for user!<p>%1</qt>").arg(errorString), i18n("Kerberos Failure"));
+ }
+ }
+
+ // Modify group(s) as needed
+ populateGroups();
+ LDAPGroupInfoList::Iterator it;
+ for (it = m_groupInfoList.begin(); it != m_groupInfoList.end(); ++it) {
+ LDAPGroupInfo group = *it;
+ if (userconfigdlg.selectedGroups.contains(group.name)) {
+ // Make sure that we are in this group!
+ if (!group.userlist.contains(user.distinguishedName)) {
+ group.userlist.append(user.distinguishedName);
+ m_ldapmanager->updateGroupInfo(group);
+ }
+ }
+ else {
+ // Make sure that we are NOT in this group!
+ if (group.userlist.contains(user.distinguishedName)) {
+ group.userlist.remove(user.distinguishedName);
+ m_ldapmanager->updateGroupInfo(group);
+ }
+ }
+ }
+ }
}
else {
// PEBKAC
@@ -492,6 +536,14 @@ void LDAPConfig::modifySelectedUser() {
if (userconfigdlg.exec() == TQDialog::Accepted) {
user = userconfigdlg.m_user;
if (m_ldapmanager->updateUserInfo(user) == 0) {
+ if (user.new_password != "") {
+ // If a new password was set, use Kerberos to set it on the server
+ TQString errorString;
+ if (setPasswordForUser(user, &errorString) != 0) {
+ KMessageBox::error(0, i18n("<qt>Unable to set password for user!<p>%1</qt>").arg(errorString), i18n("Kerberos Failure"));
+ }
+ }
+
// Modify group(s) as needed
populateGroups();
LDAPGroupInfoList::Iterator it;
@@ -551,6 +603,90 @@ void LDAPConfig::removeSelectedGroup() {
updateAllInformation();
}
+TQString readFullLineFromPtyProcess(PtyProcess* proc) {
+ TQString result = "";
+ while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) {
+ result = result + TQString(proc->readLine(false));
+ tqApp->processEvents();
+ }
+ return result;
+}
+
+int LDAPConfig::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
+ if (user.new_password == "") {
+ return 0;
+ }
+
+ LDAPCredentials admincreds = m_ldapmanager->currentLDAPCredentials();
+
+ TQCString command = "kadmin";
+ QCStringList args;
+ args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+
+ TQString prompt;
+ PtyProcess kadminProc;
+ kadminProc.exec(command, args);
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ if (prompt == "kadmin>") {
+ kadminProc.writeLine(TQCString("passwd "+user.name), true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = prompt.stripWhiteSpace();
+ if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) {
+ kadminProc.writeLine(admincreds.password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ }
+ if (prompt.contains("authentication failed")) {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+ else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.name + "@")))) {
+ kadminProc.writeLine(user.new_password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) {
+ kadminProc.writeLine(user.new_password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ }
+ if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) {
+ kadminProc.writeLine(admincreds.password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ }
+ if (prompt != "kadmin>") {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ // Success!
+ kadminProc.writeLine("quit", true);
+ return 0;
+ }
+ else if (prompt == "kadmin>") {
+ // Success!
+ kadminProc.writeLine("quit", true);
+ return 0;
+ }
+
+ // Failure
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
+ return 1; // Failure
+}
+
int LDAPConfig::buttons() {
return KCModule::Apply|KCModule::Help;
}