diff options
Diffstat (limited to 'src/ldapmgr.cpp')
-rw-r--r-- | src/ldapmgr.cpp | 140 |
1 files changed, 138 insertions, 2 deletions
diff --git a/src/ldapmgr.cpp b/src/ldapmgr.cpp index 6d94a0c..5481b2e 100644 --- a/src/ldapmgr.cpp +++ b/src/ldapmgr.cpp @@ -19,6 +19,7 @@ ***************************************************************************/ #include <tqlayout.h> +#include <tqapplication.h> #include <klocale.h> #include <kglobal.h> @@ -38,6 +39,8 @@ #include <kmessagebox.h> #include <klineedit.h> +#include <tdesu/process.h> + #include "ldapmgr.h" #include "libtdeldap.h" @@ -148,7 +151,6 @@ void LDAPConfig::save() { } void LDAPConfig::processLockouts() { - // RAJA FIXME TQListViewItem* lvi = base->user_list->selectedItem(); if (lvi) { base->user_buttonModify->setEnabled(true); @@ -170,6 +172,19 @@ void LDAPConfig::processLockouts() { base->group_buttonDelete->setEnabled(false); } base->group_buttonAdd->setEnabled(true); + + lvi = base->machine_list->selectedItem(); + if (lvi) { + base->machine_buttonDelete->setEnabled(true); + } + else { + base->machine_buttonDelete->setEnabled(false); + } + // FIXME + // Disable machine add/modify as they are not implemented + // In fact, I don't know if I CAN implement them! + base->machine_buttonAdd->setEnabled(true); + base->machine_buttonModify->setEnabled(true); } void LDAPConfig::connectToRealm(const TQString& realm) { @@ -431,7 +446,36 @@ void LDAPConfig::addNewUser() { else { user.distinguishedName = "uid=" + user.name + "," + m_ldapmanager->basedn(); } - m_ldapmanager->addUserInfo(user); + if (m_ldapmanager->addUserInfo(user) == 0) { + if (user.new_password != "") { + // If a new password was set, use Kerberos to set it on the server + TQString errorString; + if (setPasswordForUser(user, &errorString) != 0) { + KMessageBox::error(0, i18n("<qt>Unable to set password for user!<p>%1</qt>").arg(errorString), i18n("Kerberos Failure")); + } + } + + // Modify group(s) as needed + populateGroups(); + LDAPGroupInfoList::Iterator it; + for (it = m_groupInfoList.begin(); it != m_groupInfoList.end(); ++it) { + LDAPGroupInfo group = *it; + if (userconfigdlg.selectedGroups.contains(group.name)) { + // Make sure that we are in this group! + if (!group.userlist.contains(user.distinguishedName)) { + group.userlist.append(user.distinguishedName); + m_ldapmanager->updateGroupInfo(group); + } + } + else { + // Make sure that we are NOT in this group! + if (group.userlist.contains(user.distinguishedName)) { + group.userlist.remove(user.distinguishedName); + m_ldapmanager->updateGroupInfo(group); + } + } + } + } } else { // PEBKAC @@ -492,6 +536,14 @@ void LDAPConfig::modifySelectedUser() { if (userconfigdlg.exec() == TQDialog::Accepted) { user = userconfigdlg.m_user; if (m_ldapmanager->updateUserInfo(user) == 0) { + if (user.new_password != "") { + // If a new password was set, use Kerberos to set it on the server + TQString errorString; + if (setPasswordForUser(user, &errorString) != 0) { + KMessageBox::error(0, i18n("<qt>Unable to set password for user!<p>%1</qt>").arg(errorString), i18n("Kerberos Failure")); + } + } + // Modify group(s) as needed populateGroups(); LDAPGroupInfoList::Iterator it; @@ -551,6 +603,90 @@ void LDAPConfig::removeSelectedGroup() { updateAllInformation(); } +TQString readFullLineFromPtyProcess(PtyProcess* proc) { + TQString result = ""; + while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) { + result = result + TQString(proc->readLine(false)); + tqApp->processEvents(); + } + return result; +} + +int LDAPConfig::setPasswordForUser(LDAPUserInfo user, TQString *errstr) { + if (user.new_password == "") { + return 0; + } + + LDAPCredentials admincreds = m_ldapmanager->currentLDAPCredentials(); + + TQCString command = "kadmin"; + QCStringList args; + args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper()); + + TQString prompt; + PtyProcess kadminProc; + kadminProc.exec(command, args); + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + if (prompt == "kadmin>") { + kadminProc.writeLine(TQCString("passwd "+user.name), true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = prompt.stripWhiteSpace(); + if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) { + kadminProc.writeLine(admincreds.password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + } + if (prompt.contains("authentication failed")) { + if (errstr) *errstr = prompt; + kadminProc.writeLine("quit", true); + return 1; + } + else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.name + "@")))) { + kadminProc.writeLine(user.new_password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) { + kadminProc.writeLine(user.new_password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + } + if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) { + kadminProc.writeLine(admincreds.password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + } + if (prompt != "kadmin>") { + if (errstr) *errstr = prompt; + kadminProc.writeLine("quit", true); + return 1; + } + + // Success! + kadminProc.writeLine("quit", true); + return 0; + } + else if (prompt == "kadmin>") { + // Success! + kadminProc.writeLine("quit", true); + return 0; + } + + // Failure + if (errstr) *errstr = prompt; + kadminProc.writeLine("quit", true); + return 1; + } + + if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed."; + return 1; // Failure +} + int LDAPConfig::buttons() { return KCModule::Apply|KCModule::Help; } |