Use TDE cmake macro to set version

Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
(cherry picked from commit 5e4a41a6a5)

.gitmodules

@@ -1,6 +0,0 @@
-[submodule "admin"]
-	path = admin
-	url = http://system@scm.trinitydesktop.org/scm/git/tde-common-admin
-[submodule "cmake"]
-	path = cmake
-	url = http://system@scm.trinitydesktop.org/scm/git/tde-common-cmake

CMakeLists.txt

@@ -0,0 +1,89 @@
+############################################
+#                                          #
+#  Improvements and feedbacks are welcome  #
+#                                          #
+#  This file is released under GPL >= 3    #
+#                                          #
+############################################
+
+
+cmake_minimum_required( VERSION 3.1 )
+
+
+#### general package setup
+
+project( libtdeldap )
+
+
+#### include essential cmake modules
+
+include( FindPkgConfig          )
+include( CheckFunctionExists    )
+include( CheckSymbolExists      )
+include( CheckIncludeFile       )
+include( CheckLibraryExists     )
+include( CheckCSourceCompiles   )
+include( CheckCXXSourceCompiles )
+
+
+#### include our cmake modules
+
+include( TDEMacros )
+
+
+##### set version number ########################
+
+tde_set_project_version( )
+
+
+##### setup install paths
+
+include( TDESetupPaths )
+tde_setup_paths( )
+
+
+##### optional stuff
+
+option( WITH_ALL_OPTIONS    "Enable all optional support" OFF )
+option( WITH_GCC_VISIBILITY "Enable fvisibility and fvisibility-inlines-hidden" ${WITH_ALL_OPTIONS} )
+
+
+##### user requested modules
+
+#option( BUILD_ALL "Build all" ON                             )
+#option( BUILD_DOC "Build documentation" ${BUILD_ALL}         )
+#option( BUILD_TRANSLATIONS "Build translations" ${BUILD_ALL} )
+
+
+##### user defined options
+
+set( KDE_CONFDIR "/etc/trinity" CACHE STRING "TDE Settings Directory" )
+set( KRB5_FILE "/etc/krb5.conf" CACHE STRING "Kerberos config file"   )
+set( CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND "/etc/init.d/slapd force-reload" CACHE STRING "Cron command to update openLDAP" )
+
+
+##### configure checks
+
+include( ConfigureChecks.cmake )
+
+
+###### global compiler settings
+
+add_definitions( -DHAVE_CONFIG_H )
+
+set( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${TQT_CXX_FLAGS}" )
+set( CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--no-undefined" )
+set( CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--no-undefined" )
+
+
+##### directories
+
+add_subdirectory( src )
+
+#tde_conditional_add_subdirectory( BUILD_DOC doc         )
+#tde_conditional_add_subdirectory( BUILD_TRANSLATIONS po ) 
+
+
+##### write configure files
+
+configure_file( config.h.cmake config.h @ONLY )

ChangeLog

@@ -1 +0,0 @@
-2012-05-17 - Initial Release

ConfigureChecks.cmake

@@ -0,0 +1,34 @@
+###########################################
+#                                         #
+#  Improvements and feedback are welcome  #
+#                                         #
+#  This file is released under GPL >= 3   #
+#                                         #
+###########################################
+
+
+# required stuff
+find_package( TQt )
+find_package( TDE )
+
+tde_setup_architecture_flags( )
+
+include(TestBigEndian)
+test_big_endian(WORDS_BIGENDIAN)
+
+tde_setup_largefiles( )
+
+
+##### check for gcc visibility support
+
+if( WITH_GCC_VISIBILITY )
+  tde_setup_gcc_visibility( )
+endif( WITH_GCC_VISIBILITY )
+
+
+##### check for ldap
+
+find_library( HAVE_LIBLDAP ldap )
+if( NOT HAVE_LIBLDAP )
+  tde_message_fatal( "ldap is required, but was not found on your system" )
+endif( NOT HAVE_LIBLDAP )

INSTALL

@@ -1,167 +1,32 @@
 Basic Installation
 ==================
 
-   These are generic installation instructions.
+libtdeldap relies on cmake to build.
 
-   The `configure' shell script attempts to guess correct values for
-various system-dependent variables used during compilation.  It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions.  Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, a file
-`config.cache' that saves the results of its tests to speed up
-reconfiguring, and a file `config.log' containing compiler output
-(useful mainly for debugging `configure').
+Here are suggested default options:
 
-   If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
-be considered for the next release.  If at some point `config.cache'
-contains results you don't want to keep, you may remove or edit it.
+ -DCMAKE_INSTALL_PREFIX="/opt/trinity" \
+ -DCONFIG_INSTALL_DIR="/etc/trinity" \
+ -DSYSCONF_INSTALL_DIR="/etc/trinity" \
+ -DXDG_MENU_INSTALL_DIR="/etc/xdg/menus" \
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+ -DCMAKE_VERBOSE_MAKEFILE="ON" \
+ -DCMAKE_SKIP_RPATH="OFF" \
+ -DWITH_ALL_OPTIONS="ON"
 
-   The file `configure.in' is used to create `configure' by a program
-called `autoconf'.  You only need `configure.in' if you want to change
-it or regenerate `configure' using a newer version of `autoconf'.
 
-The simplest way to compile this package is:
+Requirements
+============
+o  Heimdal
+o  OpenLDAP
 
-  1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.  If you're
-     using `csh' on an old version of System V, you might need to type
-     `sh ./configure' instead to prevent `csh' from trying to execute
-     `configure' itself.
 
-     Running `configure' takes a while.  While running, it prints some
-     messages telling which features it is checking for.
+Few settings have default file or directory locations, such as:
 
-  2. Type `make' to compile the package.
-
-  3. Type `make install' to install the programs and any data files and
-     documentation.
-
-  4. You can remove the program binaries and object files from the
-     source code directory by typing `make clean'.  
-
-Compilers and Options
-=====================
-
-   Some systems require unusual options for compilation or linking that
-the `configure' script does not know about.  You can give `configure'
-initial values for variables by setting them in the environment.  Using
-a Bourne-compatible shell, you can do that on the command line like
-this:
-     CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
-
-Or on systems that have the `env' program, you can do it like this:
-     env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
-
-Compiling For Multiple Architectures
-====================================
-
-   You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory.  To do this, you must use a version of `make' that
-supports the `VPATH' variable, such as GNU `make'.  `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
-
-   If you have to use a `make' that does not supports the `VPATH'
-variable, you have to compile the package for one architecture at a time
-in the source code directory.  After you have installed the package for
-one architecture, use `make distclean' before reconfiguring for another
-architecture.
-
-Installation Names
-==================
-
-   By default, `make install' will install the package's files in
-`/usr/local/bin', `/usr/local/man', etc.  You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
-
-   You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files.  If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
-
-   If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-Optional Features
-=================
-
-   Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System).  The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
-   For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-Specifying the System Type
-==========================
-
-   There may be some features `configure' can not figure out
-automatically, but needs to determine by the type of host the package
-will run on.  Usually `configure' can figure that out, but if it prints
-a message saying it can not guess the host type, give it the
-`--host=TYPE' option.  TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name with three fields:
-     CPU-COMPANY-SYSTEM
-
-See the file `config.sub' for the possible values of each field.  If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the host type.
-
-   If you are building compiler tools for cross-compiling, you can also
-use the `--target=TYPE' option to select the type of system they will
-produce code for and the `--build=TYPE' option to select the type of
-system on which you are compiling the package.
-
-Sharing Defaults
-================
-
-   If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists.  Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Operation Controls
-==================
-
-   `configure' recognizes the following options to control how it
-operates.
-
-`--cache-file=FILE'
-     Use and save the results of the tests in FILE instead of
-     `./config.cache'.  Set FILE to `/dev/null' to disable caching, for
-     debugging `configure'.
-
-`--help'
-     Print a summary of the options to `configure', and exit.
-
-`--quiet'
-`--silent'
-`-q'
-     Do not print messages saying which checks are being made.
-
-`--srcdir=DIR'
-     Look for the package's source code in directory DIR.  Usually
-     `configure' can determine that directory automatically.
-
-`--version'
-     Print the version of Autoconf used to generate the `configure'
-     script, and exit.
-
-`configure' also accepts some other, not widely useful, options.
+- KDE_CONFDIR	"/etc/trinity"
+- KRB5_FILE		"/etc/krb5.conf"
+- SYSTEM_CA_STORE_CERT_LOCATION		"/usr/local/share/ca-certificates/"
+- SYSTEM_CA_STORE_REGENERATE_COMMAND	"update-ca-certificates"
+- CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND	"/etc/init.d/slapd force-reload"
 
+They can be adjusted for your needs.

Makefile.am

@@ -1,22 +0,0 @@
-SUBDIRS = $(TOPSUBDIRS)
-
-$(top_srcdir)/configure.in: configure.in.in $(top_srcdir)/subdirs
-	cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common configure.in ;
-
-$(top_srcdir)/subdirs:
-	cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common subdirs
-
-$(top_srcdir)/acinclude.m4: $(top_srcdir)/admin/acinclude.m4.in $(top_srcdir)/admin/libtool.m4.in
-	@cd $(top_srcdir) && cat admin/acinclude.m4.in admin/libtool.m4.in > acinclude.m4
-
-MAINTAINERCLEANFILES = subdirs configure.in acinclude.m4 configure.files 
-
-package-messages:
-	cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common package-messages
-	$(MAKE) -C po merge
-
-EXTRA_DIST = admin COPYING configure.in.in
-
-dist-hook:
-	cd $(top_distdir) && perl admin/am_edit -padmin
-	cd $(top_distdir) && $(MAKE) -f admin/Makefile.common subdirs

Makefile.cvs

@@ -1,10 +0,0 @@
-all: 
-	@echo "This Makefile is only for the CVS repository"
-	@echo "This will be deleted before making the distribution"
-	@echo ""
-	$(MAKE) -f admin/Makefile.common cvs
-
-dist:
-	$(MAKE) -f admin/Makefile.common dist
-
-.SILENT:

README.md

@@ -0,0 +1,16 @@
+
+
+  libtdeldap - an LDAP interface library for TDE management modules.
+
+.
+
+Contributing
+--------------
+
+If you wish to contribute libtdeldap, you might do so:
+
+- TDE Gitea Workspace (TGW) collaboration tool.
+  https://mirror.git.trinitydesktop.org/gitea
+
+- TDE Weblate Translation Workspace (TWTW) collaboration tool.
+  https://mirror.git.trinitydesktop.org/weblate

admin

@@ -1 +0,0 @@
-Subproject commit 04db460623e1f235e7239f08fdcc2d0ef72636af

cmake

@@ -1 +0,0 @@
-Subproject commit 1994b808819fd74446cb8f1a0491b3e10244f463

config.h.cmake

@@ -0,0 +1,17 @@
+#define VERSION "@VERSION@"
+
+// Defined if you have fvisibility and fvisibility-inlines-hidden support.
+#cmakedefine __KDE_HAVE_GCC_VISIBILITY 1
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#cmakedefine WORDS_BIGENDIAN @WORDS_BIGENDIAN@
+
+/* Define TDE Settings Directory */
+#cmakedefine KDE_CONFDIR "@KDE_CONFDIR@"
+
+/* Define Kerberos config file */
+#cmakedefine KRB5_FILE "@KRB5_FILE@"
+
+/* Define Cron command to update openLDAP certificats */
+#cmakedefine CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND "@CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND@"

configure.files

@@ -1,2 +0,0 @@
-./admin/configure.in.min
-configure.in.in

configure.in.in

@@ -1,15 +0,0 @@
-#MIN_CONFIG(3.2.0)
-
-AM_INIT_AUTOMAKE(autostart, 0.1)
-AC_C_BIGENDIAN
-AC_CHECK_KDEMAXPATHLEN
-
-# These numbers should be tweaked on every release. Read carefully:
-# http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-# http://sourceware.org/autobook/autobook/autobook_91.html
-lt_current="1"
-lt_revision="0"
-lt_age="0"
-AC_SUBST(lt_current)
-AC_SUBST(lt_revision)
-AC_SUBST(lt_age)

doc/Makefile.am

@@ -1,6 +0,0 @@
-# the SUBDIRS is filled automatically by am_edit. If files are 
-# in this directory they are installed into the english dir
-
-KDE_LANG = en
-KDE_DOCS = autostart
-SUBDIRS = $(AUTODIRS)  

doc/en/Makefile.am

@@ -1,2 +0,0 @@
-KDE_DOCS = ldap
-KDE_LANG = en

po/Makefile.am

@@ -1,2 +0,0 @@
-POFILES = AUTO
-# noinst_HEADERS = ldap.pot

src/CMakeLists.txt

@@ -0,0 +1,44 @@
+include_directories(
+  ${CMAKE_BINARY_DIR}
+  ${CMAKE_CURRENT_BINARY_DIR}
+  ${CMAKE_CURRENT_SOURCE_DIR}
+  ${TDE_INCLUDE_DIR}/tde
+  ${TDE_INCLUDE_DIR}
+  ${TQT_INCLUDE_DIRS}
+  ${KRB5_INCLUDE_DIRS}
+)
+
+link_directories(
+  ${TQT_LIBRARY_DIRS}
+  ${TDE_LIB_DIR}
+)
+
+
+##### tdeldap (shared)
+
+tde_add_library( tdeldap SHARED AUTOMOC
+
+  SOURCES
+        libtdeldap.cpp
+        ldaplogindlgbase.ui
+        ldaplogindlg.cpp
+        ldappasswddlg.cpp
+  LINK
+     tdeui-shared
+     tdecore-shared
+     tdeio-shared
+     tdesu
+     lber
+     ldap
+
+  VERSION 1.0.0
+  DESTINATION ${LIB_INSTALL_DIR}
+)
+
+
+##### headers
+
+install(
+    FILES ldappasswddlg.h libtdeldap.h
+    DESTINATION ${INCLUDE_INSTALL_DIR}
+)

src/Makefile.am

@@ -1,13 +0,0 @@
-INCLUDES    = $(all_includes)
-METASOURCES = AUTO
-
-# Create a shared library file
-lib_LTLIBRARIES = libtdeldap.la
-
-include_HEADERS = libtdeldap.h ldappasswddlg.h
-
-libtdeldap_la_SOURCES = libtdeldap.cpp ldaplogindlgbase.ui ldaplogindlg.cpp ldappasswddlg.cpp
-libtdeldap_la_LIBADD = -ltdeio $(LIB_TDEUI) -lldap $(LIB_QT) $(LIB_TDECORE) -ltdesu -llber
-libtdeldap_la_LDFLAGS = -version-info $(lt_current):$(lt_revision):$(lt_age) -no-undefined \
-	$(all_libraries)
-

src/ldaplogindlg.cpp

@@ -43,4 +43,4 @@ LDAPLogin::~LDAPLogin(){
 	// 
 }
 
-// #include "ldaplogindlg.moc"
+#include "ldaplogindlg.moc"

src/ldaplogindlgbase.ui

@@ -111,4 +111,9 @@
 </widget>
 <layoutdefaults spacing="3" margin="6"/>
 <layoutfunctions spacing="KDialog::spacingHint" margin="KDialog::marginHint"/>
+<includes>
+    <include location="global" impldecl="in implementation">kcombobox.h</include>
+    <include location="global" impldecl="in implementation">klineedit.h</include>
+    <include location="global" impldecl="in implementation">kpassdlg.h</include>
+</includes>
 </UI>

src/ldappasswddlg.h

@@ -26,7 +26,7 @@
 
 class LDAPLogin;
 
-class LDAPPasswordDialog : public KDialogBase
+class KDE_EXPORT LDAPPasswordDialog : public KDialogBase
 {
 	Q_OBJECT
 

src/libtdeldap.cpp

@@ -50,13 +50,13 @@
 #define LDAP_INSECURE_PORT 389
 #define LDAP_SECURE_PORT 636
 
-// FIXME
-// Connect this to CMake/Automake
+#ifndef KDE_CONFDIR
 #define KDE_CONFDIR "/etc/trinity"
+#endif
 
-// FIXME
-// This assumes Debian!
+#ifndef KRB5_FILE
 #define KRB5_FILE "/etc/krb5.conf"
+#endif
 
 #define NSSWITCH_FILE "/etc/nsswitch.conf"
 
@@ -74,9 +74,9 @@
 #define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db"
 #define CRON_UPDATE_NSS_COMMAND "/usr/sbin/nss_updatedb ldap"
 
-// FIXME
-// This assumes Debian!
+#ifndef CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND
 #define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND "/etc/init.d/slapd force-reload"
+#endif
 
 int requested_ldap_version = LDAP_VERSION3;
 char* ldap_user_and_operational_attributes[2] = {"*", "+"};
@@ -317,12 +317,16 @@ int LDAPManager::bind(TQString* errstr) {
 							}
 						}
 					}
-					// clean up
+					// Clean up
 					ldap_msgfree(msg);
 	
 					// All done!
 					ldap_unbind_ext_s(ldapconn, NULL, NULL);
 				}
+				else {
+					// Clean up
+					ldap_unbind_ext_s(ldapconn, NULL, NULL);
+				}
 			}
 		}
 
@@ -654,8 +658,8 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
 			for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
 				users.append(parseLDAPUserRecord(entry));
 			}
-		
-			// clean up
+
+			// Clean up
 			ldap_msgfree(msg);
 	
 			if (mretcode) *mretcode = 0;
@@ -732,8 +736,8 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
 				for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
 					users.append(parseLDAPUserRecord(entry));
 				}
-			
-				// clean up
+
+				// Clean up
 				ldap_msgfree(msg);
 			} while (morePages);
 	
@@ -765,8 +769,8 @@ LDAPUserInfo LDAPManager::getUserByDistinguishedName(TQString dn) {
 		for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
 			userinfo = parseLDAPUserRecord(entry);
 		}
-		
-		// clean up
+
+		// Clean up
 		ldap_msgfree(msg);
 
 		return userinfo;
@@ -796,8 +800,8 @@ LDAPGroupInfo LDAPManager::getGroupByDistinguishedName(TQString dn, TQString *er
 		for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
 			groupinfo = parseLDAPGroupRecord(entry);
 		}
-		
-		// clean up
+
+		// Clean up
 		ldap_msgfree(msg);
 
 		return groupinfo;
@@ -1054,14 +1058,14 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
 	TQCString command = "kadmin";
 	QCStringList args;
 	if (m_host.startsWith("ldapi://")) {
-		args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
+		args << TQCString("-l") << TQCString("-r") << admincreds.realm.upper().local8Bit();
 	}
 	else {
 		if (admincreds.username == "") {
-			args << TQCString("-r") << TQCString(admincreds.realm.upper());
+			args << TQCString("-r") << admincreds.realm.upper().local8Bit();
 		}
 		else {
-			args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+			args << TQCString("-p") << TQString("%1@%2").arg(admincreds.username.lower()).arg(admincreds.realm.upper()).local8Bit() << TQCString("-r") << admincreds.realm.upper().local8Bit();
 		}
 	}
 
@@ -1071,7 +1075,7 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
 	prompt = readFullLineFromPtyProcess(&kadminProc);
 	prompt = prompt.stripWhiteSpace();
 	if (prompt == "kadmin>") {
-		command = TQCString("passwd "+user.name);
+		command = TQCString("passwd ")+user.name.local8Bit();
 		kadminProc.enableLocalEcho(false);
 		kadminProc.writeLine(command, true);
 		do { // Discard our own input
@@ -1109,7 +1113,7 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
 						TQFile file;
 						file.open(IO_ReadOnly, stdin);
 						TQTextStream qtin(&file);
-						admincreds.password = qtin.readLine();
+						admincreds.password = qtin.readLine().local8Bit();
 					}
 				}
 				if (admincreds.password != "") {
@@ -1156,8 +1160,8 @@ TQString klistDateTimeToRFCDateTime(TQString datetime) {
 	// HACK HACK HACK
 	// FIXME
 	TQString ret;
-	TQString command = TQString("date -R -d \"%1\"").arg(datetime);
-	FILE *output = popen(command.ascii(), "r");
+	TQCString command = TQString("date -R -d \"%1\"").arg(datetime).local8Bit();
+	FILE *output = popen(command, "r");
 	TQFile f;
 	f.open(IO_ReadOnly, output);
 	TQTextStream stream(&f);
@@ -1422,10 +1426,10 @@ int LDAPManager::obtainKerberosTicket(LDAPCredentials creds, TQString principal,
 	TQCString command = "kinit";
 	QCStringList args;
 	if (principal == "") {
-		args << TQCString(creds.username + "@" + creds.realm.upper());
+		args << TQString("%1@%2").arg(creds.username).arg(creds.realm.upper()).local8Bit();
 	}
 	else {
-		args << TQCString("-S") << TQCString(principal) << TQCString(creds.username + "@" + creds.realm.upper());
+		args << TQCString("-S") << principal.local8Bit() << TQString("%1@%2").arg(creds.username).arg(creds.realm.upper()).local8Bit();
 	}
 
 	TQString prompt;
@@ -1453,8 +1457,8 @@ int LDAPManager::obtainKerberosTicket(LDAPCredentials creds, TQString principal,
 
 int LDAPManager::obtainKerberosServiceTicket(TQString principal, TQString *errstr) {
 	TQString ret;
-	TQString command = TQString("kgetcred \"%1\"").arg(principal);
-	FILE *output = popen(command.ascii(), "r");
+	TQCString command = TQString("kgetcred \"%1\"").arg(principal).local8Bit();
+	FILE *output = popen(command, "r");
 	TQFile f;
 	f.open(IO_ReadOnly, output);
 	TQTextStream stream(&f);
@@ -1471,8 +1475,8 @@ int LDAPManager::obtainKerberosServiceTicket(TQString principal, TQString *errst
 
 int LDAPManager::destroyKerberosTicket(TQString principal, TQString *errstr) {
 	TQString ret;
-	TQString command = TQString("kdestroy --credential=\"%1\"").arg(principal);
-	FILE *output = popen(command.ascii(), "r");
+	TQCString command = TQString("kdestroy --credential=\"%1\"").arg(principal).local8Bit();
+	FILE *output = popen(command, "r");
 	TQFile f;
 	f.open(IO_ReadOnly, output);
 	TQTextStream stream(&f);
@@ -1683,14 +1687,14 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
 		TQCString command = "kadmin";
 		QCStringList args;
 		if (m_host.startsWith("ldapi://")) {
-			args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
+			args << TQCString("-l") << TQCString("-r") << admincreds.realm.upper().local8Bit();
 		}
 		else {
 			if (admincreds.username == "") {
-				args << TQCString("-r") << TQCString(admincreds.realm.upper());
+				args << TQCString("-r") << admincreds.realm.upper().local8Bit();
 			}
 			else {
-				args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+				args << TQCString("-p") << TQString("%1@%2").arg(admincreds.username.lower()).arg(admincreds.realm.upper()).local8Bit() << TQCString("-r") << admincreds.realm.upper().local8Bit();
 			}
 		}
 
@@ -1703,10 +1707,10 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
 		prompt = prompt.stripWhiteSpace();
 		if (prompt == "kadmin>") {
 			if (machine.newPassword == "") {
-				command = TQCString("ank --random-key "+hoststring);
+				command = TQCString("ank --random-key ")+hoststring.local8Bit();
 			}
 			else {
-				command = TQCString("ank --password=\""+machine.newPassword+"\" "+hoststring);
+				command = TQCString("ank --password=\"")+machine.newPassword.local8Bit()+TQCString("\" ")+hoststring.local8Bit();
 			}
 			kadminProc.enableLocalEcho(false);
 			kadminProc.writeLine(command, true);
@@ -1730,7 +1734,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
 							TQFile file;
 							file.open(IO_ReadOnly, stdin);
 							TQTextStream qtin(&file);
-							admincreds.password = qtin.readLine();
+							admincreds.password = qtin.readLine().local8Bit();
 						}
 					}
 					if (admincreds.password != "") {
@@ -1758,7 +1762,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
 						leftbracket++;
 						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
 					}
-					command = TQCString(defaultParam);
+					command = defaultParam.local8Bit();
 					kadminProc.enableLocalEcho(false);
 					kadminProc.writeLine(command, true);
 					do { // Discard our own input
@@ -1808,14 +1812,14 @@ int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
 		TQCString command = "kadmin";
 		QCStringList args;
 		if (m_host.startsWith("ldapi://")) {
-			args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
+			args << TQCString("-l") << TQCString("-r") << admincreds.realm.upper().local8Bit();
 		}
 		else {
 			if (admincreds.username == "") {
-				args << TQCString("-r") << TQCString(admincreds.realm.upper());
+				args << TQCString("-r") << admincreds.realm.upper().local8Bit();
 			}
 			else {
-				args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+				args << TQCString("-p") << TQString("%1@%2").arg(admincreds.username.lower()).arg(admincreds.realm.upper()).local8Bit() << TQCString("-r") << admincreds.realm.upper().local8Bit();
 			}
 		}
 
@@ -1827,7 +1831,7 @@ int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
 		prompt = readFullLineFromPtyProcess(&kadminProc);
 		prompt = prompt.stripWhiteSpace();
 		if (prompt == "kadmin>") {
-			command = TQCString("ank --random-key "+hoststring);
+			command = TQCString("ank --random-key ")+hoststring.local8Bit();
 			kadminProc.enableLocalEcho(false);
 			kadminProc.writeLine(command, true);
 			do { // Discard our own input
@@ -1850,7 +1854,7 @@ int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
 							TQFile file;
 							file.open(IO_ReadOnly, stdin);
 							TQTextStream qtin(&file);
-							admincreds.password = qtin.readLine();
+							admincreds.password = qtin.readLine().local8Bit();
 						}
 					}
 					if (admincreds.password != "") {
@@ -1878,7 +1882,7 @@ int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
 						leftbracket++;
 						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
 					}
-					command = TQCString(defaultParam);
+					command = defaultParam.local8Bit();
 					kadminProc.enableLocalEcho(false);
 					kadminProc.writeLine(command, true);
 					do { // Discard our own input
@@ -2204,8 +2208,8 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
 			for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
 				groups.append(parseLDAPGroupRecord(entry));
 			}
-		
-			// clean up
+
+			// Clean up
 			ldap_msgfree(msg);
 	
 			if (mretcode) *mretcode = 0;
@@ -2282,8 +2286,8 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
 				for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
 					groups.append(parseLDAPGroupRecord(entry));
 				}
-			
-				// clean up
+
+				// Clean up
 				ldap_msgfree(msg);
 			} while (morePages);
 	
@@ -2325,8 +2329,8 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
 			for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
 				machines.append(parseLDAPMachineRecord(entry));
 			}
-		
-			// clean up
+
+			// Clean up
 			ldap_msgfree(msg);
 	
 			if (mretcode) *mretcode = 0;
@@ -2403,8 +2407,8 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
 				for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
 					machines.append(parseLDAPMachineRecord(entry));
 				}
-			
-				// clean up
+
+				// Clean up
 				ldap_msgfree(msg);
 			} while (morePages);
 	
@@ -2486,7 +2490,7 @@ LDAPServiceInfoList LDAPManager::machineServices(TQString machine_dn, int* mretc
 			}
 		}
 
-		// clean up
+		// Clean up
 		ldap_msgfree(msg);
 
 		if (mretcode) *mretcode = 0;
@@ -2515,14 +2519,14 @@ int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName,
 		TQCString command = "kadmin";
 		QCStringList args;
 		if (m_host.startsWith("ldapi://")) {
-			args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
+			args << TQCString("-l") << TQCString("-r") << admincreds.realm.upper().local8Bit();
 		}
 		else {
 			if (admincreds.username == "") {
-				args << TQCString("-r") << TQCString(admincreds.realm.upper());
+				args << TQCString("-r") << admincreds.realm.upper().local8Bit();
 			}
 			else {
-				args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+				args << TQCString("-p") << TQString("%1@%2").arg(admincreds.username.lower()).arg(admincreds.realm.upper()).local8Bit() << TQCString("-r") << admincreds.realm.upper().local8Bit();
 			}
 		}
 
@@ -2533,10 +2537,10 @@ int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName,
 		prompt = prompt.stripWhiteSpace();
 		if (prompt == "kadmin>") {
 			if (fileName == "") {
-				command = TQCString("ext_keytab "+principal);
+				command = TQCString("ext_keytab ")+principal.local8Bit();
 			}
 			else {
-				command = TQCString("ext_keytab --keytab=\""+fileName+"\" "+principal);
+				command = TQCString("ext_keytab --keytab=\"")+fileName.local8Bit()+TQCString("\" ")+principal.local8Bit();
 			}
 			kadminProc.enableLocalEcho(false);
 			kadminProc.writeLine(command, true);
@@ -2560,7 +2564,7 @@ int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName,
 							TQFile file;
 							file.open(IO_ReadOnly, stdin);
 							TQTextStream qtin(&file);
-							admincreds.password = qtin.readLine();
+							admincreds.password = qtin.readLine().local8Bit();
 						}
 					}
 					if (admincreds.password != "") {
@@ -2588,7 +2592,7 @@ int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName,
 						leftbracket++;
 						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
 					}
-					command = TQCString(defaultParam);
+					command = defaultParam.local8Bit();
 					kadminProc.enableLocalEcho(false);
 					kadminProc.writeLine(command, true);
 					do { // Discard our own input
@@ -2684,7 +2688,7 @@ TQString LDAPManager::getRealmCAMaster(TQString* errstr) {
 			}
 		}
 
-		// clean up
+		// Clean up
 		ldap_msgfree(msg);
 
 		return realmCAMaster;
@@ -2755,7 +2759,7 @@ int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
 			if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
 				TQStringList dnParts = TQStringList::split(",", dn);
 				TQString id = dnParts[0];
-				retcode = ldap_rename_s(m_ldap, dn, id, newSuffix, 0, NULL, NULL);
+				retcode = ldap_rename_s(m_ldap, dn, id.utf8(), newSuffix.utf8(), 0, NULL, NULL);
 				if (retcode != LDAP_SUCCESS) {
 					if (errstr) *errstr = i18n("LDAP rename failure<p>Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode));
 					return -1;
@@ -2763,7 +2767,7 @@ int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
 			}
 		}
 
-		// clean up
+		// Clean up
 		ldap_msgfree(msg);
 
 		return 0;
@@ -2781,7 +2785,7 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
 	int m_ldapBindTimeout;
 	TQString m_passwordHash;
 	TQString m_ignoredUsers;
-	TQString command;
+	TQCString command;
 
 	systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
 	systemconfig->setGroup(NULL);
@@ -2835,9 +2839,9 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
 			return -1;
 		}
 	}
-	command = TQString("ln -s %1 %2").arg(LDAP_FILE).arg(LDAP_SECONDARY_FILE);
+	command = TQString("ln -s %1 %2").arg(LDAP_FILE).arg(LDAP_SECONDARY_FILE).local8Bit();
 	if (system(command) < 0) {
-		if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command.ascii());
+		if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
 		return -1;
 	}
 
@@ -2848,14 +2852,29 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
 			return -1;
 		}
 	}
-	command = TQString("ln -s %1 %2").arg(LDAP_FILE).arg(LDAP_TERTIARY_FILE);
+	command = TQString("ln -s %1 %2").arg(LDAP_FILE).arg(LDAP_TERTIARY_FILE).local8Bit();
 	if (system(command) < 0) {
-		if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command.ascii());
+		if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
 		return -1;
 	}
 
 	delete systemconfig;
 
+	if ((machineRole == ROLE_PRIMARY_REALM_CONTROLLER) || (machineRole == ROLE_SECONDARY_REALM_CONTROLLER)) {
+		// The file may contain multi-master replication secrets, therefore only root should be able to read it
+		if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
+			if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
+			return -1;
+		}
+	}
+	else {
+		// Normal users should be allowed to read realm configuration data in order to launch realm administration utilities
+		if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
+			if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
+			return -1;
+		}
+	}
+
 	return 0;
 }
 
@@ -3048,7 +3067,7 @@ LDAPTDEBuiltinsInfo LDAPManager::getTDEBuiltinMappings(TQString *errstr) {
 			builtininfo = parseLDAPTDEBuiltinsRecord(entry);
 		}
 
-		// clean up
+		// Clean up
 		ldap_msgfree(msg);
 
 		return builtininfo;
@@ -3084,7 +3103,7 @@ LDAPMasterReplicationInfo LDAPManager::getLDAPMasterReplicationSettings(TQString
 			}
 		}
 
-		// clean up
+		// Clean up
 		ldap_msgfree(msg);
 
 		// Set OpenLDAP defaults
@@ -3103,7 +3122,7 @@ LDAPMasterReplicationInfo LDAPManager::getLDAPMasterReplicationSettings(TQString
 			replicationinfo = parseLDAPMasterReplicationRecord(replicationinfo, entry);
 		}
 
-		// clean up
+		// Clean up
 		ldap_msgfree(msg);
 
 		return replicationinfo;
@@ -3428,8 +3447,8 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
 						haveOlcOverlaySyncProv = true;
 					}
 				}
-		
-				// clean up
+
+				// Clean up
 				ldap_msgfree(msg);
 
 				if (!haveOlcOverlaySyncProv) {
@@ -3478,8 +3497,8 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
 						haveOlcOverlaySyncProv = true;
 					}
 				}
-		
-				// clean up
+
+				// Clean up
 				ldap_msgfree(msg);
 
 				if (!haveOlcOverlaySyncProv) {
@@ -3591,7 +3610,7 @@ int LDAPManager::getTDECertificate(TQString certificateName, TQString fileName,
 			}
 		}
 
-		// clean up
+		// Clean up
 		ldap_msgfree(msg);
 
 		return returncode;
@@ -3803,11 +3822,11 @@ TQDateTime LDAPManager::getCertificateExpiration(TQString certfile) {
 }
 
 int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
-	TQString command;
+	TQCString command;
 
-	command = TQString("openssl req -key %1 -new -x509 -out %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
+	command = TQString("openssl req -key %1 -new -x509 -out %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress).local8Bit();
 	if (system(command) < 0) {
-		printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
+		printf("ERROR: Execution of \"%s\" failed!\n", command.data());
 		return -1;
 	}
 	if (chmod(KERBEROS_PKI_PEM_FILE, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
@@ -3823,7 +3842,7 @@ int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
 }
 
 int LDAPManager::generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg) {
-	TQString command;
+	TQCString command;
 
 	TQString kdc_certfile = KERBEROS_PKI_KDC_FILE;
 	TQString kdc_keyfile = KERBEROS_PKI_KDCKEY_FILE;
@@ -3832,14 +3851,14 @@ int LDAPManager::generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAP
 	kdc_keyfile.replace("@@@KDCSERVER@@@", realmcfg.name.lower());
 	kdc_reqfile.replace("@@@KDCSERVER@@@", realmcfg.name.lower());
 
-	command = TQString("openssl req -new -out %1 -key %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(kdc_reqfile).arg(kdc_keyfile).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
+	command = TQString("openssl req -new -out %1 -key %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(kdc_reqfile).arg(kdc_keyfile).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress).local8Bit();
 	if (system(command) < 0) {
-		printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
+		printf("ERROR: Execution of \"%s\" failed!\n", command.data());
 		return -1;
 	}
-	command = TQString("openssl x509 -req -in %1 -CAkey %2 -CA %3 -out %4 -extfile %5 -extensions kdc_cert -CAcreateserial").arg(kdc_reqfile).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(kdc_certfile).arg(OPENSSL_EXTENSIONS_FILE);
+	command = TQString("openssl x509 -req -in %1 -CAkey %2 -CA %3 -out %4 -extfile %5 -extensions kdc_cert -CAcreateserial").arg(kdc_reqfile).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(kdc_certfile).arg(OPENSSL_EXTENSIONS_FILE).local8Bit();
 	if (system(command) < 0) {
-		printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
+		printf("ERROR: Execution of \"%s\" failed!\n", command.data());
 		return -1;
 	}
 	if (chmod(kdc_certfile.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
@@ -3861,7 +3880,7 @@ int LDAPManager::generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAP
 }
 
 int LDAPManager::generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg, uid_t ldap_uid, gid_t ldap_gid) {
-	TQString command;
+	TQCString command;
 
 	TQString ldap_certfile = LDAP_CERT_FILE;
 	TQString ldap_keyfile = LDAP_CERTKEY_FILE;
@@ -3870,14 +3889,14 @@ int LDAPManager::generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPReal
 	ldap_keyfile.replace("@@@ADMINSERVER@@@", realmcfg.name.lower());
 	ldap_reqfile.replace("@@@ADMINSERVER@@@", realmcfg.name.lower());
 
-	command = TQString("openssl req -new -out %1 -key %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(ldap_reqfile).arg(ldap_keyfile).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(realmcfg.admin_server).arg(certinfo.emailAddress);
+	command = TQString("openssl req -new -out %1 -key %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(ldap_reqfile).arg(ldap_keyfile).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(realmcfg.admin_server).arg(certinfo.emailAddress).local8Bit();
 	if (system(command) < 0) {
-		printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
+		printf("ERROR: Execution of \"%s\" failed!\n", command.data());
 		return -1;
 	}
-	command = TQString("openssl x509 -req -in %1 -CAkey %2 -CA %3 -out %4 -CAcreateserial").arg(ldap_reqfile).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(ldap_certfile);
+	command = TQString("openssl x509 -req -in %1 -CAkey %2 -CA %3 -out %4 -CAcreateserial").arg(ldap_reqfile).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(ldap_certfile).local8Bit();
 	if (system(command) < 0) {
-		printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
+		printf("ERROR: Execution of \"%s\" failed!\n", command.data());
 		return -1;
 	}
 	if (chmod(ldap_certfile.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
@@ -4087,7 +4106,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
 		stream << "auth sufficient pam_unix.so nullok try_first_pass" << "\n";
 		stream << "auth [default=ignore success=1 service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n";
 		if (pamConfig.enable_cached_credentials) {
-			stream << "auth [default=die success=done] pam_ccreds.so action=validate use_first_pass" << "\n";
+			stream << "auth [default=2 success=done] pam_ccreds.so action=validate use_first_pass" << "\n";
 			stream << "auth sufficient pam_ccreds.so action=store use_first_pass" << "\n";
 		}
 		stream << "auth required pam_deny.so" << "\n";
@@ -4099,6 +4118,9 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
 	if (file3.open(IO_WriteOnly)) {
 		TQTextStream stream( &file3 );
 
+		char modestring[8];
+		sprintf(modestring, "%04o", pamConfig.autocreate_user_directories_umask);
+
 		stream << "# This file was automatically generated by TDE\n";
 		stream << "# All changes will be lost!\n";
 		stream << "\n";
@@ -4107,9 +4129,8 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
 		stream << "session required pam_permit.so" << "\n";
 		stream << "session required pam_unix.so" << "\n";
 		stream << "session optional pam_ck_connector.so nox11" << "\n";
+		stream << "session optional pam_umask.so usergroups umask=" << modestring << "\n";
 		if (pamConfig.autocreate_user_directories_enable) {
-			char modestring[8];
-			sprintf(modestring, "%04o", pamConfig.autocreate_user_directories_umask);
 			TQString skelstring;
 			if (pamConfig.autocreate_user_directories_skel != "") {
 				skelstring = " skel=" + pamConfig.autocreate_user_directories_skel;
@@ -4132,7 +4153,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
 int LDAPManager::bondRealm(TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
 	TQCString command = "kadmin";
 	QCStringList args;
-	args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper())) << TQCString("-r") << TQCString(adminRealm.upper());
+	args << TQCString("-p") << TQString("%1@%2").arg(adminUserName).arg(adminRealm.upper()).local8Bit() << TQCString("-r") << adminRealm.upper().local8Bit();
 
 	TQString hoststring = "host/"+getMachineFQDN();
 
@@ -4142,7 +4163,7 @@ int LDAPManager::bondRealm(TQString adminUserName, const char * adminPassword, T
 	prompt = readFullLineFromPtyProcess(&kadminProc);
 	prompt = prompt.stripWhiteSpace();
 	if (prompt == "kadmin>") {
-		command = TQCString("ext "+hoststring);
+		command = TQCString("ext ")+hoststring.local8Bit();
 		kadminProc.enableLocalEcho(false);
 		kadminProc.writeLine(command, true);
 		do { // Discard our own input
@@ -4174,7 +4195,7 @@ int LDAPManager::bondRealm(TQString adminUserName, const char * adminPassword, T
 				prompt = readFullLineFromPtyProcess(&kadminProc);
 				printf("(kadmin) '%s'\n", prompt.ascii());
 			} while (prompt == "");
-			command = TQCString("ank --random-key "+hoststring);
+			command = TQCString("ank --random-key ")+hoststring.local8Bit();
 			kadminProc.enableLocalEcho(false);
 			kadminProc.writeLine(command, true);
 			do { // Discard our own input
@@ -4212,7 +4233,7 @@ int LDAPManager::bondRealm(TQString adminUserName, const char * adminPassword, T
 						leftbracket++;
 						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
 					}
-					command = TQCString(defaultParam);
+					command = defaultParam.local8Bit();
 					kadminProc.enableLocalEcho(false);
 					kadminProc.writeLine(command, true);
 					do { // Discard our own input
@@ -4222,7 +4243,7 @@ int LDAPManager::bondRealm(TQString adminUserName, const char * adminPassword, T
 					prompt = prompt.stripWhiteSpace();
 				}
 			}
-			command = TQCString("ext "+hoststring);
+			command = TQCString("ext ")+hoststring.local8Bit();
 			kadminProc.enableLocalEcho(false);
 			kadminProc.writeLine(command, true);
 			do { // Discard our own input
@@ -4275,7 +4296,7 @@ int LDAPManager::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, c
 
 	TQCString command = "kadmin";
 	QCStringList args;
-	args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper()));
+	args << TQCString("-p") << TQString("%1@%2").arg(adminUserName).arg(adminRealm.upper()).local8Bit();
 
 	TQString hoststring = "host/"+getMachineFQDN();
 
@@ -4288,7 +4309,7 @@ int LDAPManager::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, c
 	prompt = readFullLineFromPtyProcess(&kadminProc);
 	prompt = prompt.stripWhiteSpace();
 	if (prompt == "kadmin>") {
-		command = TQCString("delete "+hoststring);
+		command = TQCString("delete ")+hoststring.local8Bit();
 		kadminProc.enableLocalEcho(false);
 		kadminProc.writeLine(command, true);
 		do { // Discard our own input
@@ -4321,7 +4342,7 @@ int LDAPManager::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, c
 		kadminProc.writeLine("quit", true);
 
 		// Delete keys from keytab
-		command = TQString("ktutil remove -p %1").arg(hoststring+"@"+adminRealm.upper());
+		command = TQString("ktutil remove -p %1").arg(hoststring+"@"+adminRealm.upper()).local8Bit();
 		if (system(command) < 0) {
 			printf("ERROR: Execution of \"%s\" failed!\n", command.data());
 			return 1;	// Failure

src/libtdeldap.h

@@ -141,7 +141,7 @@ inline KRB5TicketFlags operator&(KRB5TicketFlags a, KRB5TicketFlags b)
 typedef TQValueList<uid_t> UserList;
 typedef TQValueList<gid_t> GroupList;
 
-class LDAPCredentials
+class KDE_EXPORT LDAPCredentials
 {
 	public:
 		LDAPCredentials();
@@ -157,7 +157,7 @@ class LDAPCredentials
 };
 
 // PRIVATE
-class LDAPRealmConfig
+class KDE_EXPORT LDAPRealmConfig
 {
 	public:
 		TQString name;
@@ -176,7 +176,7 @@ class LDAPRealmConfig
 };
 
 // PRIVATE
-class LDAPCertConfig
+class KDE_EXPORT LDAPCertConfig
 {
 	public:
 		bool generate_certs;
@@ -197,7 +197,7 @@ class LDAPCertConfig
 };
 
 // PRIVATE
-class LDAPPamConfig
+class KDE_EXPORT LDAPPamConfig
 {
 	public:
 		LDAPPamConfig();
@@ -211,7 +211,7 @@ class LDAPPamConfig
 };
 
 // PRIVATE
-class LDAPClientRealmConfig
+class KDE_EXPORT LDAPClientRealmConfig
 {
 	public:
 		bool enable_bonding;
@@ -234,7 +234,7 @@ class LDAPClientRealmConfig
 
 typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList;
 
-class LDAPUserInfo
+class KDE_EXPORT LDAPUserInfo
 {
 	public:
 		LDAPUserInfo();
@@ -314,7 +314,7 @@ class LDAPUserInfo
 		TQString notes;
 };
 
-class LDAPGroupInfo
+class KDE_EXPORT LDAPGroupInfo
 {
 	public:
 		LDAPGroupInfo();
@@ -331,7 +331,7 @@ class LDAPGroupInfo
 		TQStringList userlist;
 };
 
-class LDAPMachineInfo
+class KDE_EXPORT LDAPMachineInfo
 {
 	public:
 		LDAPMachineInfo();
@@ -348,7 +348,7 @@ class LDAPMachineInfo
 		LDAPKRB5Flags status;		// Default is 126 [KRB5_MACHINE_ACCOUNT_DEFAULT]
 };
 
-class LDAPServiceInfo
+class KDE_EXPORT LDAPServiceInfo
 {
 	public:
 		LDAPServiceInfo();
@@ -366,7 +366,7 @@ class LDAPServiceInfo
 		LDAPKRB5Flags status;		// Default is 126 [KRB5_SERVICE_PRINCIPAL_DEFAULT]
 };
 
-class LDAPTDEBuiltinsInfo
+class KDE_EXPORT LDAPTDEBuiltinsInfo
 {
 	public:
 		LDAPTDEBuiltinsInfo();
@@ -380,7 +380,7 @@ class LDAPTDEBuiltinsInfo
 		TQString builtinStandardUserGroup;
 };
 
-class LDAPMasterReplicationMapping
+class KDE_EXPORT LDAPMasterReplicationMapping
 {
 	public:
 		LDAPMasterReplicationMapping();
@@ -393,7 +393,7 @@ class LDAPMasterReplicationMapping
 
 typedef TQValueList<LDAPMasterReplicationMapping> LDAPMasterReplicationMap;
 
-class LDAPMasterReplicationInfo
+class KDE_EXPORT LDAPMasterReplicationInfo
 {
 	public:
 		LDAPMasterReplicationInfo();
@@ -414,7 +414,7 @@ class LDAPMasterReplicationInfo
 		bool replicate_olcGlobal;
 };
 
-class KerberosTicketInfo
+class KDE_EXPORT KerberosTicketInfo
 {
 	public:
 		KerberosTicketInfo();
@@ -445,7 +445,7 @@ typedef TQValueList<KerberosTicketInfo> KerberosTicketInfoList;
 
 class PtyProcess;
 
-class LDAPManager : public TQObject {
+class KDE_EXPORT LDAPManager : public TQObject {
 	Q_OBJECT
 
 	public:

subdirs

@@ -1,3 +0,0 @@
-doc
-po
-src