Use TDESimpleConfig

Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>

.gitmodules

@@ -1,6 +0,0 @@
-[submodule "admin"]
-	path = admin
-	url = http://system@scm.trinitydesktop.org/scm/git/tde-common-admin
-[submodule "cmake"]
-	path = cmake
-	url = http://system@scm.trinitydesktop.org/scm/git/tde-common-cmake

CMakeLists.txt

@@ -0,0 +1,90 @@
+############################################
+#                                          #
+#  Improvements and feedbacks are welcome  #
+#                                          #
+#  This file is released under GPL >= 3    #
+#                                          #
+############################################
+
+
+##### set project version ########################
+
+include( TDEVersion )
+cmake_minimum_required( VERSION ${TDE_CMAKE_MINIMUM_VERSION} )
+tde_set_project_version( )
+
+
+#### general package setup
+
+project( libtdeldap )
+
+
+#### include essential cmake modules
+
+include( FindPkgConfig          )
+include( CheckFunctionExists    )
+include( CheckSymbolExists      )
+include( CheckIncludeFile       )
+include( CheckLibraryExists     )
+include( CheckCSourceCompiles   )
+include( CheckCXXSourceCompiles )
+
+
+#### include our cmake modules
+
+include( TDEMacros )
+
+
+##### setup install paths
+
+include( TDESetupPaths )
+tde_setup_paths( )
+
+
+##### optional stuff
+
+option( WITH_ALL_OPTIONS    "Enable all optional support" OFF )
+option( WITH_GCC_VISIBILITY "Enable fvisibility and fvisibility-inlines-hidden" ${WITH_ALL_OPTIONS} )
+
+
+##### user requested modules
+
+#option( BUILD_ALL "Build all" ON                             )
+#option( BUILD_DOC "Build documentation" ${BUILD_ALL}         )
+#option( BUILD_TRANSLATIONS "Build translations" ${BUILD_ALL} )
+
+
+##### user defined options
+
+set( KDE_CONFDIR "/etc/trinity" CACHE STRING "TDE Settings Directory" )
+set( KRB5_FILE "/etc/krb5.conf" CACHE STRING "Kerberos config file"   )
+set( SYSTEM_CA_STORE_CERT_LOCATION "/usr/local/share/ca-certificates/" CACHE STRING "Location of ca-certificates" )
+set( SYSTEM_CA_STORE_REGENERATE_COMMAND "update-ca-certificates" CACHE STRING "Command to update ca-certificates" )
+set( CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND "/etc/init.d/slapd force-reload" CACHE STRING "Cron command to update openLDAP" )
+
+
+##### configure checks
+
+include( ConfigureChecks.cmake )
+
+
+###### global compiler settings
+
+add_definitions( -DHAVE_CONFIG_H ${ENABLE_PERMISSIVE_FLAG} )
+
+set( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${TQT_CXX_FLAGS}" )
+set( CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--no-undefined" )
+set( CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--no-undefined" )
+
+
+##### directories
+
+add_subdirectory( src )
+
+#tde_conditional_add_subdirectory( BUILD_DOC doc         )
+#tde_conditional_add_subdirectory( BUILD_TRANSLATIONS po ) 
+
+
+##### write configure files
+
+configure_file( config.h.cmake config.h @ONLY )

ChangeLog

@@ -1 +0,0 @@
-2012-05-17 - Initial Release

ConfigureChecks.cmake

@@ -0,0 +1,129 @@
+###########################################
+#                                         #
+#  Improvements and feedback are welcome  #
+#                                         #
+#  This file is released under GPL >= 3   #
+#                                         #
+###########################################
+
+
+# required stuff
+find_package( TQt )
+find_package( TDE )
+
+tde_setup_architecture_flags( )
+
+include(TestBigEndian)
+test_big_endian(WORDS_BIGENDIAN)
+
+tde_setup_largefiles( )
+
+
+##### check for gcc visibility support
+
+if( WITH_GCC_VISIBILITY )
+  tde_setup_gcc_visibility( )
+endif( WITH_GCC_VISIBILITY )
+
+
+##### get the system's default path for libraries
+
+tde_save_and_set( CMAKE_INSTALL_PREFIX "/usr" )
+include( GNUInstallDirs OPTIONAL )
+if( CMAKE_INSTALL_LIBDIR )
+  set( SYSTEM_LIBDIR "${CMAKE_INSTALL_LIBDIR}" )
+else( )
+  set( SYSTEM_LIBDIR "lib${LIB_SUFFIX}" )
+endif( )
+tde_restore( CMAKE_INSTALL_PREFIX )
+
+
+##### check for ldap
+
+find_library( HAVE_LIBLDAP ldap )
+if( NOT HAVE_LIBLDAP )
+  tde_message_fatal( "ldap is required, but was not found on your system" )
+endif( NOT HAVE_LIBLDAP )
+
+
+##### check for krb5
+
+pkg_search_module( KRB5 heimdal-krb5 krb5 )
+if( NOT KRB5_FOUND)
+  if( NOT DEFINED KRB5_CONFIG_EXECUTABLE )
+    find_program( KRB5_CONFIG_EXECUTABLE NAMES krb5-config.heimdal krb5-config )
+    if( NOT KRB5_CONFIG_EXECUTABLE )
+      tde_message_fatal( "krb5 library is required but not found on your system" )
+    endif( )
+  endif( )
+
+  execute_process(
+    COMMAND ${KRB5_CONFIG_EXECUTABLE} --libs
+    OUTPUT_VARIABLE KRB5_LIBRARIES
+    ERROR_VARIABLE KRB5_LIBRARIES
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_STRIP_TRAILING_WHITESPACE
+  )
+  execute_process(
+    COMMAND ${KRB5_CONFIG_EXECUTABLE} --cflags
+    OUTPUT_VARIABLE KRB5_INCLUDE_DIRS
+    ERROR_VARIABLE KRB5_INCLUDE_DIRS
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    ERROR_STRIP_TRAILING_WHITESPACE
+  )
+  if( NOT "${KRB5_LIBRARIES}" STREQUAL "" )
+    set( KRB5_FOUND 1 )
+  endif( )
+endif( )
+
+find_path( HEIMDAL_INCLUDEDIR
+    NAMES krb5_asn1.h
+    HINTS ${KRB5_INCLUDE_DIRS} ${KRB5_INCLUDEDIR} /usr/include
+    PATH_SUFFIXES "heimdal"
+)
+if( NOT "${HEIMDAL_INCLUDEDIR}" STREQUAL "${KRB5_INCLUDEDIR}" )
+  # fix Heimdal include dirs
+  set( KRB5_INCLUDE_DIRS "${HEIMDAL_INCLUDEDIR}" )
+endif( )
+
+find_path( HEIMDAL_LIBDIR
+    NAMES libhdb.so
+    HINTS
+      ${KRB5_LIBRARY_DIRS} ${KRB5_LIBDIR}
+      /usr/${SYSTEM_LIBDIR} /usr/local/${SYSTEM_LIBDIR}
+    PATH_SUFFIXES "heimdal"
+)
+if( NOT "${HEIMDAL_LIBDIR}" STREQUAL "${KRB5_LIBDIR}" )
+  # fix Heimdal library dirs
+  set( KRB5_LIBRARY_DIRS "${HEIMDAL_LIBDIR}" )
+endif( )
+
+if( "${HEIMDAL_INCLUDEDIR}" STREQUAL "HEIMDAL_INCLUDEDIR-NOTFOUND" OR
+    "${HEIMDAL_LIBDIR}" STREQUAL "HEIMDAL_LIBDIR-NOTFOUND" )
+    tde_message_fatal( "Heimdal Kerberos is required, but was not found on our system" )
+endif( )
+
+
+# check compiler permissive flag
+check_cxx_compiler_flag( -fpermissive HAVE_PERMISSIVE_SUPPORT )
+if( HAVE_PERMISSIVE_SUPPORT )
+  set( ENABLE_PERMISSIVE_FLAG "-fpermissive" )
+endif( )
+
+
+##### check for tdehwlib
+
+tde_save_and_set( CMAKE_REQUIRED_INCLUDES "${TDE_INCLUDE_DIR}" )
+check_cxx_source_compiles( "
+  #include <tdemacros.h>
+    #ifndef __TDE_HAVE_TDEHWLIB
+    #error tdecore is not build with tdehwlib
+    #endif
+    int main() { return 0; } "
+  HAVE_TDEHWLIB
+)
+tde_restore( CMAKE_REQUIRED_INCLUDES )
+if( NOT HAVE_TDEHWLIB )
+  tde_message_fatal( "tdehwlib is required, but not built in tdecore" )
+endif( NOT HAVE_TDEHWLIB )
+set( TDEHW_LIBRARIES "tdehw-shared" )

INSTALL

@@ -1,167 +1,32 @@
 Basic Installation
 ==================
 
-   These are generic installation instructions.
+libtdeldap relies on cmake to build.
 
-   The `configure' shell script attempts to guess correct values for
+Here are suggested default options:
-various system-dependent variables used during compilation.  It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions.  Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, a file
-`config.cache' that saves the results of its tests to speed up
-reconfiguring, and a file `config.log' containing compiler output
-(useful mainly for debugging `configure').
 
-   If you need to do unusual things to compile the package, please try
+ -DCMAKE_INSTALL_PREFIX="/opt/trinity" \
-to figure out how `configure' could check whether to do them, and mail
+ -DCONFIG_INSTALL_DIR="/etc/trinity" \
-diffs or instructions to the address given in the `README' so they can
+ -DSYSCONF_INSTALL_DIR="/etc/trinity" \
-be considered for the next release.  If at some point `config.cache'
+ -DXDG_MENU_INSTALL_DIR="/etc/xdg/menus" \
-contains results you don't want to keep, you may remove or edit it.
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+ -DCMAKE_VERBOSE_MAKEFILE="ON" \
+ -DCMAKE_SKIP_RPATH="OFF" \
+ -DWITH_ALL_OPTIONS="ON"
 
-   The file `configure.in' is used to create `configure' by a program
-called `autoconf'.  You only need `configure.in' if you want to change
-it or regenerate `configure' using a newer version of `autoconf'.
 
-The simplest way to compile this package is:
+Requirements
+============
+o  Heimdal
+o  OpenLDAP
 
-  1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.  If you're
-     using `csh' on an old version of System V, you might need to type
-     `sh ./configure' instead to prevent `csh' from trying to execute
-     `configure' itself.
 
-     Running `configure' takes a while.  While running, it prints some
+Few settings have default file or directory locations, such as:
-     messages telling which features it is checking for.
 
-  2. Type `make' to compile the package.
+- KDE_CONFDIR	"/etc/trinity"
-
+- KRB5_FILE		"/etc/krb5.conf"
-  3. Type `make install' to install the programs and any data files and
+- SYSTEM_CA_STORE_CERT_LOCATION		"/usr/local/share/ca-certificates/"
-     documentation.
+- SYSTEM_CA_STORE_REGENERATE_COMMAND	"update-ca-certificates"
-
+- CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND	"/etc/init.d/slapd force-reload"
-  4. You can remove the program binaries and object files from the
-     source code directory by typing `make clean'.  
-
-Compilers and Options
-=====================
-
-   Some systems require unusual options for compilation or linking that
-the `configure' script does not know about.  You can give `configure'
-initial values for variables by setting them in the environment.  Using
-a Bourne-compatible shell, you can do that on the command line like
-this:
-     CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
-
-Or on systems that have the `env' program, you can do it like this:
-     env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
-
-Compiling For Multiple Architectures
-====================================
-
-   You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory.  To do this, you must use a version of `make' that
-supports the `VPATH' variable, such as GNU `make'.  `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
-
-   If you have to use a `make' that does not supports the `VPATH'
-variable, you have to compile the package for one architecture at a time
-in the source code directory.  After you have installed the package for
-one architecture, use `make distclean' before reconfiguring for another
-architecture.
-
-Installation Names
-==================
-
-   By default, `make install' will install the package's files in
-`/usr/local/bin', `/usr/local/man', etc.  You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
-
-   You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files.  If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
-
-   If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-Optional Features
-=================
-
-   Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System).  The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
-   For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-Specifying the System Type
-==========================
-
-   There may be some features `configure' can not figure out
-automatically, but needs to determine by the type of host the package
-will run on.  Usually `configure' can figure that out, but if it prints
-a message saying it can not guess the host type, give it the
-`--host=TYPE' option.  TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name with three fields:
-     CPU-COMPANY-SYSTEM
-
-See the file `config.sub' for the possible values of each field.  If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the host type.
-
-   If you are building compiler tools for cross-compiling, you can also
-use the `--target=TYPE' option to select the type of system they will
-produce code for and the `--build=TYPE' option to select the type of
-system on which you are compiling the package.
-
-Sharing Defaults
-================
-
-   If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists.  Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Operation Controls
-==================
-
-   `configure' recognizes the following options to control how it
-operates.
-
-`--cache-file=FILE'
-     Use and save the results of the tests in FILE instead of
-     `./config.cache'.  Set FILE to `/dev/null' to disable caching, for
-     debugging `configure'.
-
-`--help'
-     Print a summary of the options to `configure', and exit.
-
-`--quiet'
-`--silent'
-`-q'
-     Do not print messages saying which checks are being made.
-
-`--srcdir=DIR'
-     Look for the package's source code in directory DIR.  Usually
-     `configure' can determine that directory automatically.
-
-`--version'
-     Print the version of Autoconf used to generate the `configure'
-     script, and exit.
-
-`configure' also accepts some other, not widely useful, options.
 
+They can be adjusted for your needs.

Makefile.am

@@ -1,22 +0,0 @@
-SUBDIRS = $(TOPSUBDIRS)
-
-$(top_srcdir)/configure.in: configure.in.in $(top_srcdir)/subdirs
-	cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common configure.in ;
-
-$(top_srcdir)/subdirs:
-	cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common subdirs
-
-$(top_srcdir)/acinclude.m4: $(top_srcdir)/admin/acinclude.m4.in $(top_srcdir)/admin/libtool.m4.in
-	@cd $(top_srcdir) && cat admin/acinclude.m4.in admin/libtool.m4.in > acinclude.m4
-
-MAINTAINERCLEANFILES = subdirs configure.in acinclude.m4 configure.files 
-
-package-messages:
-	cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common package-messages
-	$(MAKE) -C po merge
-
-EXTRA_DIST = admin COPYING configure.in.in
-
-dist-hook:
-	cd $(top_distdir) && perl admin/am_edit -padmin
-	cd $(top_distdir) && $(MAKE) -f admin/Makefile.common subdirs

Makefile.cvs

@@ -1,10 +0,0 @@
-all: 
-	@echo "This Makefile is only for the CVS repository"
-	@echo "This will be deleted before making the distribution"
-	@echo ""
-	$(MAKE) -f admin/Makefile.common cvs
-
-dist:
-	$(MAKE) -f admin/Makefile.common dist
-
-.SILENT:

README.md

@@ -0,0 +1,16 @@
+
+
+  libtdeldap - an LDAP interface library for TDE management modules.
+
+.
+
+Contributing
+--------------
+
+If you wish to contribute libtdeldap, you might do so:
+
+- TDE Gitea Workspace (TGW) collaboration tool.
+  https://mirror.git.trinitydesktop.org/gitea
+
+- TDE Weblate Translation Workspace (TWTW) collaboration tool.
+  https://mirror.git.trinitydesktop.org/weblate

admin

@@ -1 +0,0 @@
-Subproject commit 04db460623e1f235e7239f08fdcc2d0ef72636af

cmake

@@ -1 +0,0 @@
-Subproject commit 1994b808819fd74446cb8f1a0491b3e10244f463

config.h.cmake

@@ -0,0 +1,23 @@
+#define VERSION "@VERSION@"
+
+// Defined if you have fvisibility and fvisibility-inlines-hidden support.
+#cmakedefine __TDE_HAVE_GCC_VISIBILITY 1
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#cmakedefine WORDS_BIGENDIAN @WORDS_BIGENDIAN@
+
+/* Define TDE Settings Directory */
+#cmakedefine KDE_CONFDIR "@KDE_CONFDIR@"
+
+/* Define Kerberos config file */
+#cmakedefine KRB5_FILE "@KRB5_FILE@"
+
+/* Define Location of ca-certificates */
+#cmakedefine SYSTEM_CA_STORE_CERT_LOCATION "@SYSTEM_CA_STORE_CERT_LOCATION@"
+
+/* Define Command to update ca-certificats */
+#cmakedefine SYSTEM_CA_STORE_REGENERATE_COMMAND "@SYSTEM_CA_STORE_REGENERATE_COMMAND@"
+
+/* Define Cron command to update openLDAP certificats */
+#cmakedefine CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND "@CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_OPENLDAP_RELOAD_COMMAND@"

configure.files

@@ -1,2 +0,0 @@
-./admin/configure.in.min
-configure.in.in

configure.in.in

@@ -1,15 +0,0 @@
-#MIN_CONFIG(3.2.0)
-
-AM_INIT_AUTOMAKE(autostart, 0.1)
-AC_C_BIGENDIAN
-AC_CHECK_KDEMAXPATHLEN
-
-# These numbers should be tweaked on every release. Read carefully:
-# http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-# http://sourceware.org/autobook/autobook/autobook_91.html
-lt_current="1"
-lt_revision="0"
-lt_age="0"
-AC_SUBST(lt_current)
-AC_SUBST(lt_revision)
-AC_SUBST(lt_age)

doc/Makefile.am

@@ -1,6 +0,0 @@
-# the SUBDIRS is filled automatically by am_edit. If files are 
-# in this directory they are installed into the english dir
-
-KDE_LANG = en
-KDE_DOCS = autostart
-SUBDIRS = $(AUTODIRS)  

doc/en/Makefile.am

@@ -1,2 +0,0 @@
-KDE_DOCS = ldap
-KDE_LANG = en

po/Makefile.am

@@ -1,2 +0,0 @@
-POFILES = AUTO
-# noinst_HEADERS = ldap.pot

src/CMakeLists.txt

@@ -0,0 +1,46 @@
+include_directories(
+  ${CMAKE_BINARY_DIR}
+  ${CMAKE_CURRENT_BINARY_DIR}
+  ${CMAKE_CURRENT_SOURCE_DIR}
+  ${TDE_INCLUDE_DIR}/tde
+  ${TDE_INCLUDE_DIR}
+  ${TQT_INCLUDE_DIRS}
+  ${KRB5_INCLUDE_DIRS}
+)
+
+link_directories(
+  ${TQT_LIBRARY_DIRS}
+  ${TDE_LIB_DIR}
+  ${KRB5_LIBRARY_DIRS}
+)
+
+
+##### tdeldap (shared)
+
+tde_add_library( tdeldap SHARED AUTOMOC
+
+  SOURCES
+        libtdeldap.cpp
+        ldaplogindlgbase.ui
+        ldaplogindlg.cpp
+        ldappasswddlg.cpp
+  LINK
+     tdeui-shared
+     tdecore-shared
+     tdeio-shared
+     ${TDEHW_LIBRARIES}
+     tdesu
+     krb5 kadm5clnt kadm5srv hdb lber 
+     ldap
+
+  VERSION 1.0.0
+  DESTINATION ${LIB_INSTALL_DIR}
+)
+
+
+##### headers
+
+install(
+    FILES ldappasswddlg.h libtdeldap.h
+    DESTINATION ${INCLUDE_INSTALL_DIR}
+)

src/Makefile.am

@@ -1,13 +0,0 @@
-INCLUDES    = $(all_includes)
-METASOURCES = AUTO
-
-# Create a shared library file
-lib_LTLIBRARIES = libtdeldap.la
-
-include_HEADERS = libtdeldap.h ldappasswddlg.h
-
-libtdeldap_la_SOURCES = libtdeldap.cpp ldaplogindlgbase.ui ldaplogindlg.cpp ldappasswddlg.cpp
-libtdeldap_la_LIBADD = -ltdeio $(LIB_TDEUI) -lldap $(LIB_QT) $(LIB_TDECORE) -ltdesu -llber
-libtdeldap_la_LDFLAGS = -version-info $(lt_current):$(lt_revision):$(lt_age) -no-undefined \
-	$(all_libraries)
-

src/ldaplogindlg.cpp

@@ -23,13 +23,13 @@
 #include <tqmap.h>
 
 #include <tdeapplication.h>
-#include <ksimpleconfig.h>
+#include <tdesimpleconfig.h>
 #include <tdelocale.h>
 #include <kdebug.h>
-#include <kstandarddirs.h>
+#include <tdestandarddirs.h>
 #include <kiconloader.h>
 #include <dcopclient.h>
-#include <kprocess.h>
+#include <tdeprocess.h>
 #include <kcombobox.h>
 
 #include "ldaplogindlg.h"
@@ -43,4 +43,4 @@ LDAPLogin::~LDAPLogin(){
 	// 
 }
 
-// #include "ldaplogindlg.moc"
+#include "ldaplogindlg.moc"

src/ldaplogindlg.h

@@ -30,7 +30,7 @@ class TQStringList;
   */
 
 class LDAPLogin : public LDAPLoginDlg  {
-	Q_OBJECT
+	TQ_OBJECT
 public:
 	LDAPLogin(TQWidget *parent=0, const char *name=0);
 	~LDAPLogin();

src/ldaplogindlgbase.ui

@@ -111,4 +111,9 @@
 </widget>
 <layoutdefaults spacing="3" margin="6"/>
 <layoutfunctions spacing="KDialog::spacingHint" margin="KDialog::marginHint"/>
+<includes>
+    <include location="global" impldecl="in implementation">kcombobox.h</include>
+    <include location="global" impldecl="in implementation">klineedit.h</include>
+    <include location="global" impldecl="in implementation">kpassdlg.h</include>
+</includes>
 </UI>

src/ldappasswddlg.cpp

@@ -32,8 +32,8 @@
 #include "ldaplogindlg.h"
 #include "ldappasswddlg.h"
 
-LDAPPasswordDialog::LDAPPasswordDialog(TQWidget* parent, const char* name, bool allowGSSAPI)
+LDAPPasswordDialog::LDAPPasswordDialog(TQWidget* parent, const char* name, bool allowGSSAPI, bool allowSmartCard)
-	: KDialogBase(parent, name, true, i18n("LDAP Authentication"), (allowGSSAPI)?Ok|Cancel|User1:Ok|Cancel, Ok, true, i18n("Authenticate with SASL/GSSAPI"))
+	: KDialogBase(parent, name, true, i18n("LDAP Authentication"), Ok|Cancel|((allowGSSAPI)?User1:0)|((allowSmartCard)?User2:0), Ok, true, i18n("Authenticate with SASL/GSSAPI"), i18n("Authenticate with cryptographic card"))
 {
 	m_base = new LDAPLogin(this);
 
@@ -42,11 +42,19 @@ LDAPPasswordDialog::LDAPPasswordDialog(TQWidget* parent, const char* name, bool
 
 void LDAPPasswordDialog::slotOk() {
 	use_gssapi = false;
+	use_smartcard = false;
 	accept();
 }
 
 void LDAPPasswordDialog::slotUser1() {
 	use_gssapi = true;
+	use_smartcard = false;
+	accept();
+}
+
+void LDAPPasswordDialog::slotUser2() {
+	use_gssapi = false;
+	use_smartcard = true;
 	accept();
 }
 

src/ldappasswddlg.h

@@ -26,20 +26,22 @@
 
 class LDAPLogin;
 
-class LDAPPasswordDialog : public KDialogBase
+class TDE_EXPORT LDAPPasswordDialog : public KDialogBase
 {
-	Q_OBJECT
+	TQ_OBJECT
 
 public:
-	LDAPPasswordDialog(TQWidget* parent = 0, const char* name = 0, bool allowGSSAPI = true);
+	LDAPPasswordDialog(TQWidget* parent = 0, const char* name = 0, bool allowGSSAPI = true, bool allowSmartCard = false);
 
 public slots:
 	void slotOk();
 	void slotUser1();
+	void slotUser2();
 
 public:
 	LDAPLogin *m_base;
 	bool use_gssapi;
+	bool use_smartcard;
 };
 
 #endif

src/libtdeldap.h

@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2012-2013 by Timothy Pearson                            *
+ *   Copyright (C) 2012-2015 by Timothy Pearson                            *
  *   kb9vqf@pearsoncomputing.net                                           *
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
@@ -21,16 +21,19 @@
 #ifndef _LIBTDELDAP_H_
 #define _LIBTDELDAP_H_
 
+#include <stdint.h>
 #include <unistd.h>
 #include <sys/stat.h>
 #include <ldap.h>
+#include <kadm5/admin.h>
 
 #include <tqobject.h>
 #include <tqstring.h>
 #include <tqdatetime.h>
 #include <tqvaluelist.h>
+#include <tqfile.h>
 
-#include <ksimpleconfig.h>
+#include <tdesimpleconfig.h>
 
 // FIXME
 // Connect this to CMake/Automake
@@ -47,6 +50,8 @@
 
 #define KERBEROS_PKI_PEM_FILE KERBEROS_PKI_ANCHORDIR "tdeca.pem"
 #define KERBEROS_PKI_PEMKEY_FILE KERBEROS_PKI_ANCHORDIR "tdeca.key.pem"
+#define KERBEROS_PKI_CRL_FILE KERBEROS_PKI_ANCHORDIR "tdecrl.pem"
+#define KERBEROS_PKI_CRLDB_FILE KERBEROS_PKI_ANCHORDIR "tdecrl.db"
 #define KERBEROS_PKI_KDC_FILE KERBEROS_PKI_PUBLICDIR "@@@KDCSERVER@@@.pki.crt"
 #define KERBEROS_PKI_KDCKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@KDCSERVER@@@.pki.key"
 #define KERBEROS_PKI_KDCREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@KDCSERVER@@@.pki.req"
@@ -54,14 +59,23 @@
 #define LDAP_CERT_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crt"
 #define LDAP_CERTKEY_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.key"
 #define LDAP_CERTREQ_FILE KERBEROS_PKI_PRIVATEDIR "@@@ADMINSERVER@@@.ldap.req"
+#define LDAP_CERTREVOC_FILE KERBEROS_PKI_PUBLICDIR "@@@ADMINSERVER@@@.ldap.crl"
 
-#define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "pki_extensions"
+#define OPENSSL_EXTENSIONS_FILE TDE_CERTIFICATE_DIR "openssl.cfg"
 
 #define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
 
 #define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE "/etc/cron.daily/tde-upd-pri-rlm-certs"
 #define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND TDE_BINDIR "/primaryrccertupdater"
 
+// 1 year
+#define KERBEROS_PKI_PEMKEY_EXPIRY_DAYS 365
+
+// 1 month
+#define KERBEROS_PKI_CRL_EXPIRY_DAYS 30
+#define KERBEROS_PKI_KRB_EXPIRY_DAYS 30
+#define KERBEROS_PKI_LDAP_EXPIRY_DAYS 30
+
 // Values from hdb.asn1
 enum LDAPKRB5Flags {
 	KRB5_INITIAL			= 0x00000001,
@@ -141,7 +155,20 @@ inline KRB5TicketFlags operator&(KRB5TicketFlags a, KRB5TicketFlags b)
 typedef TQValueList<uid_t> UserList;
 typedef TQValueList<gid_t> GroupList;
 
-class LDAPCredentials
+namespace PKICertificateStatus {
+	enum PKICertificateStatusEnum {
+		Invalid		= 0,
+		Valid		= 1,
+		Revoked		= 2
+	};
+}
+
+typedef TQValueList<TQByteArray> TQByteArrayList;
+
+typedef TQPair<uint32_t, TQByteArray> PKICertificateEntry;
+typedef TQValueList<PKICertificateEntry> PKICertificateEntryList;
+
+class TDE_EXPORT LDAPCredentials
 {
 	public:
 		LDAPCredentials();
@@ -149,15 +176,16 @@ class LDAPCredentials
 
 	public:
 		TQString username;
-		TQCString password;
+		TQString password;
 		TQString realm;
 		bool use_tls;
 		bool use_gssapi;
+		bool use_smartcard;
 		TQString service;
 };
 
 // PRIVATE
-class LDAPRealmConfig
+class TDE_EXPORT LDAPRealmConfig
 {
 	public:
 		TQString name;
@@ -173,11 +201,16 @@ class LDAPRealmConfig
 		bool pkinit_require_krbtgt_otherName;
 		bool win2k_pkinit;
 		bool win2k_pkinit_require_binding;
+		TQString certificate_revocation_list_url;
 };
 
 // PRIVATE
-class LDAPCertConfig
+class TDE_EXPORT LDAPCertConfig
 {
+	public:
+		LDAPCertConfig();
+		~LDAPCertConfig();
+
 	public:
 		bool generate_certs;
 		TQString provided_kerberos_pem;
@@ -187,6 +220,11 @@ class LDAPCertConfig
 		TQString provided_ldap_crt;
 		TQString provided_ldap_key;
 
+		int caExpiryDays;
+		int caCrlExpiryDays;
+		int kerberosExpiryDays;
+		int ldapExpiryDays;
+
 		TQString countryName;
 		TQString stateOrProvinceName;
 		TQString localityName;
@@ -197,13 +235,15 @@ class LDAPCertConfig
 };
 
 // PRIVATE
-class LDAPPamConfig
+class TDE_EXPORT LDAPPamConfig
 {
 	public:
 		LDAPPamConfig();
 		~LDAPPamConfig();
 
 	public:
+		bool enable_pkcs11_login;
+		int pkcs11_login_card_slot;
 		bool enable_cached_credentials;
 		bool autocreate_user_directories_enable;
 		mode_t autocreate_user_directories_umask;
@@ -211,7 +251,7 @@ class LDAPPamConfig
 };
 
 // PRIVATE
-class LDAPClientRealmConfig
+class TDE_EXPORT LDAPClientRealmConfig
 {
 	public:
 		bool enable_bonding;
@@ -234,7 +274,7 @@ class LDAPClientRealmConfig
 
 typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList;
 
-class LDAPUserInfo
+class TDE_EXPORT LDAPUserInfo
 {
 	public:
 		LDAPUserInfo();
@@ -252,7 +292,7 @@ class LDAPUserInfo
 		gid_t primary_gid;
 		bool tde_builtin_account;
 		LDAPKRB5Flags status;			// Default active user is 586 [KRB5_ACTIVE_DEFAULT] and locked out user is 7586 [KRB5_DISABLED_ACCOUNT]
-		TQCString new_password;
+		TQString new_password;
 		TQDateTime account_created;
 		TQDateTime account_modified;
 		TQDateTime password_last_changed;
@@ -312,9 +352,12 @@ class LDAPUserInfo
 		TQString businessCategory;
 		TQString carLicense;
 		TQString notes;
+
+		// PKI
+		PKICertificateEntryList pkiCertificates;
 };
 
-class LDAPGroupInfo
+class TDE_EXPORT LDAPGroupInfo
 {
 	public:
 		LDAPGroupInfo();
@@ -331,7 +374,7 @@ class LDAPGroupInfo
 		TQStringList userlist;
 };
 
-class LDAPMachineInfo
+class TDE_EXPORT LDAPMachineInfo
 {
 	public:
 		LDAPMachineInfo();
@@ -348,7 +391,7 @@ class LDAPMachineInfo
 		LDAPKRB5Flags status;		// Default is 126 [KRB5_MACHINE_ACCOUNT_DEFAULT]
 };
 
-class LDAPServiceInfo
+class TDE_EXPORT LDAPServiceInfo
 {
 	public:
 		LDAPServiceInfo();
@@ -366,7 +409,7 @@ class LDAPServiceInfo
 		LDAPKRB5Flags status;		// Default is 126 [KRB5_SERVICE_PRINCIPAL_DEFAULT]
 };
 
-class LDAPTDEBuiltinsInfo
+class TDE_EXPORT LDAPTDEBuiltinsInfo
 {
 	public:
 		LDAPTDEBuiltinsInfo();
@@ -380,7 +423,7 @@ class LDAPTDEBuiltinsInfo
 		TQString builtinStandardUserGroup;
 };
 
-class LDAPMasterReplicationMapping
+class TDE_EXPORT LDAPMasterReplicationMapping
 {
 	public:
 		LDAPMasterReplicationMapping();
@@ -393,7 +436,7 @@ class LDAPMasterReplicationMapping
 
 typedef TQValueList<LDAPMasterReplicationMapping> LDAPMasterReplicationMap;
 
-class LDAPMasterReplicationInfo
+class TDE_EXPORT LDAPMasterReplicationInfo
 {
 	public:
 		LDAPMasterReplicationInfo();
@@ -407,14 +450,14 @@ class LDAPMasterReplicationInfo
 		int timeout;
 		int syncMethod;
 		TQString syncDN;
-		TQCString syncPassword;
+		TQString syncPassword;
 		TQString certificateFile;
 		TQString caCertificateFile;
 		bool ignore_ssl_failure;
 		bool replicate_olcGlobal;
 };
 
-class KerberosTicketInfo
+class TDE_EXPORT KerberosTicketInfo
 {
 	public:
 		KerberosTicketInfo();
@@ -445,8 +488,8 @@ typedef TQValueList<KerberosTicketInfo> KerberosTicketInfoList;
 
 class PtyProcess;
 
-class LDAPManager : public TQObject {
+class TDE_EXPORT LDAPManager : public TQObject {
-	Q_OBJECT
+	TQ_OBJECT
 
 	public:
 		LDAPManager(TQString realm, TQString host, TQObject *parent=0, const char *name=0);
@@ -479,37 +522,54 @@ class LDAPManager : public TQObject {
 		int deleteServiceInfo(LDAPServiceInfo service, TQString *errstr=0);
 
 		int exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr=0);
+		int deleteKeytabEntriesForPrincipal(TQString principal, TQString fileName, TQString *errstr=0);
 
-		LDAPCredentials currentLDAPCredentials();
+		LDAPCredentials currentLDAPCredentials(bool inferGSSAPIData=false);
 
 		int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
 		int writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr=0);
+		int writePKICertificateFilesIntoDirectory(LDAPUserInfo user, TQString attr, TQString* errstr=0);
 
 		TQString getRealmCAMaster(TQString* errstr=0);
 		int setRealmCAMaster(TQString masterFQDN, TQString* errstr=0);
+		int getLdapCertificateStoreAttribute(TQString attribute, TQString* value, TQString* errstr=0);
+		int setLdapCertificateStoreAttribute(TQString attribute, TQString value, TQString* errstr=0);
 
 		LDAPTDEBuiltinsInfo getTDEBuiltinMappings(TQString *errstr=0);
 		LDAPMasterReplicationInfo getLDAPMasterReplicationSettings(TQString *errstr=0);
 		int setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo replicationinfo, TQString *errstr=0);
 		int writeSudoersConfFile(TQString *errstr=0);
+		int getTDECertificate(TQString certificateName, TQFile *fileHandle, TQString *errstr=0);
 		int getTDECertificate(TQString certificateName, TQString fileName, TQString *errstr=0);
+		int getTDECertificate(TQString certificateName, TQByteArray *certificate, TQString *errstr=0);
 		int setPasswordForUser(LDAPUserInfo user, TQString *errstr);
 
 		static int writePrimaryRealmCertificateUpdateCronFile(TQString *errstr=0);
+		static int installCACertificateInHostCAStore(TQString *errstr=0);
+		static int retrieveAndInstallCaCrl(LDAPManager* manager=0, TQString *errstr=0);
 		static TQString getMachineFQDN();
-		static int writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config, TQString *errstr=0);
+		static int writeTDERealmList(LDAPRealmConfigList realms, TDESimpleConfig* config, TQString *errstr=0);
-		static LDAPRealmConfigList readTDERealmList(KSimpleConfig* config, bool disableAllBonds=false);
+		static LDAPRealmConfigList fetchAndReadTDERealmList(TQString *defaultRealm=0);
+		static LDAPRealmConfigList readTDERealmList(TDESimpleConfig* config, bool disableAllBonds=false);
 		static TQDateTime getCertificateExpiration(TQString certfile);
+		static TQDateTime getCertificateExpiration(TQByteArray certfileContents);
 
-		static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo);
+		static int generatePublicKerberosCACertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg);
 		static int generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg);
 		static int generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPRealmConfig realmcfg, uid_t ldap_uid, gid_t ldap_gid);
 
+		static int generateClientCertificatePair(int expirydays, LDAPUserInfo user, LDAPRealmConfig realmcfg, TQString signingPrivateKeyFile, TQString privateKeyFile, TQString publicCertFile, int clientKeyBitLength=2048, TQString autoLoginPIN=TQString::null, TQString *errstr=0);
+		static int generateClientCertificatePrivateKey(TQString privateKeyFile, int clientKeyBitLength=2048, TQString *errstr=0);
+		static int generateClientCertificatePublicCertificate(int expirydays, LDAPUserInfo user, LDAPRealmConfig realmcfg, TQString signingPrivateKeyFile, TQString privateKeyFile, TQString publicCertFile, TQString autoLoginPIN=TQString::null, TQString *errstr=0);
+
+		int generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQString crlFile, TQString signingPrivateKeyFile, TQString revocationDatabaseFile, TQString *errstr=0);
+
 		static TQString ldapdnForRealm(TQString realm);
+		static TQString openssldcForRealm(TQString realm);
 		static TQString cnFromDn(TQString dn);
 
 		static KerberosTicketInfoList getKerberosTicketList(TQString cache=TQString::null, TQString *cacheFileName=0);
-		static int getKerberosPassword(LDAPCredentials &creds, TQString prompt, bool requestServicePrincipal=false, TQWidget* parent=0);
+		static int getKerberosPassword(LDAPCredentials &creds, TQString prompt, bool requestServicePrincipal=false, bool allowSmartCard=false, TQWidget* parent=0);
 		static int obtainKerberosTicket(LDAPCredentials creds, TQString principal, TQString *errstr=0);
 		static int obtainKerberosServiceTicket(TQString principal, TQString *errstr=0);
 		static int destroyKerberosTicket(TQString principal, TQString *errstr=0);
@@ -517,18 +577,28 @@ class LDAPManager : public TQObject {
 		static TQString detailedKAdminErrorMessage(TQString initialMessage);
 		static TQString readFullLineFromPtyProcess(PtyProcess* proc);
 
-		static LDAPClientRealmConfig loadClientRealmConfig(KSimpleConfig* config, bool useDefaults=false);
+		static LDAPClientRealmConfig loadClientRealmConfig(TDESimpleConfig* config, bool useDefaults=false);
-		static int saveClientRealmConfig(LDAPClientRealmConfig clientRealmConfig, KSimpleConfig* config, TQString *errstr=0);
+		static int saveClientRealmConfig(LDAPClientRealmConfig clientRealmConfig, TDESimpleConfig* config, TQString *errstr=0);
 		static int writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig, LDAPRealmConfigList realmList, TQString *errstr=0);
 		static int writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr=0);
 		static int writeNSSwitchFile(TQString *errstr=0);
+		static int writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQString *errstr=0);
+		static int writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUserInfo user, TQString opensslConfigFile, TQString caRootKeyFile=TQString::null, TQString caRootCertFile=TQString::null, TQString caRootDatabaseFile=TQString::null, TQString autoLoginPIN=TQString::null, TQString *errstr=0);
 		static int writeClientCronFiles(TQString *errstr=0);
+		static int rehashClientPKCSCertificates(TQString *errstr=0);
 		static int writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr=0);
+		static bool pkcsLoginEnabled();
 
-		static int bondRealm(TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0);
+		static int bondRealm(const TQString &adminUserName, const TQString &adminPassword,
-		static int unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0);
+					const TQString &adminRealm, TQString *errstr=0);
+		static int unbondRealm(LDAPRealmConfig realmcfg, const TQString &adminUserName,
+					const TQString &adminPassword, const TQString &adminRealm, TQString *errstr=0);
 
 	private:
+		int bindKAdmin(LDAPCredentials *administrativeCredentials=NULL, TQString *errstr=0);
+		int unbindKAdmin(TQString *errstr=0);
+		int kAdminAddNewPrincipal(TQString principalName, TQString newPassword, TQString *errstr=0);
+		int kAdminDeletePrincipal(TQString principalName, TQString *errstr=0);
 		LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
 		LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);
 		LDAPMachineInfo parseLDAPMachineRecord(LDAPMessage* entry);
@@ -537,6 +607,7 @@ class LDAPManager : public TQObject {
 		LDAPMasterReplicationInfo parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry);
 		TQString parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry);
 		bool parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval);
+		static TQString getOpenSSLVersion();
 
 	private:
 		TQString m_realm;
@@ -545,6 +616,12 @@ class LDAPManager : public TQObject {
 		TQString m_basedc;
 		LDAPCredentials* m_creds;
 		LDAP *m_ldap;
+
+		// kadmin interface
+		krb5_context m_krb5admContext;
+		void* m_krb5admHandle;
+		char* m_krb5admKeytabFilename;
+		char* m_krb5admRealmName;
 };
 
 #endif // _LIBTDELDAP_H_

subdirs

@@ -1,3 +0,0 @@
-doc
-po
-src