/***************************************************************************
* Copyright ( C ) 2012 by Timothy Pearson *
* kb9vqf @ pearsoncomputing . net *
* *
* This program is free software ; you can redistribute it and / or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation ; either version 2 of the License , or *
* ( at your option ) any later version . *
* *
* This program is distributed in the hope that it will be useful , *
* but WITHOUT ANY WARRANTY ; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the *
* GNU General Public License for more details . *
* *
* You should have received a copy of the GNU General Public License *
* along with this program ; if not , write to the *
* Free Software Foundation , Inc . , *
* 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA . *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
# include <tqlayout.h>
# include <klocale.h>
# include <kglobal.h>
# include <kcombobox.h>
# include <kparts/genericfactory.h>
# include <ksimpleconfig.h>
# include <kglobalsettings.h>
# include <kstandarddirs.h>
# include <kurlrequester.h>
# include <klistview.h>
# include <kopenwith.h>
# include <kpropertiesdialog.h>
# include <kio/job.h>
# include <tqdir.h>
# include <tqheader.h>
# include <knuminput.h>
# include <kpassdlg.h>
# include <klineedit.h>
# include <kmessagebox.h>
# include <tdesu/process.h>
# include "ldapbonding.h"
# include "bondwizard.h"
# include "ldappasswddlg.h"
# include "realmpropertiesdialog.h"
// FIXME
// Connect this to CMake/Automake
# define KDE_CONFDIR " / etc / trinity"
# define KRB5_FILE " / etc / krb5.conf"
# define NSSWITCH_FILE " / etc / nsswitch.conf"
# define PAMD_DIRECTORY " / etc / pam.d / "
# define PAMD_COMMON_ACCOUNT "common-account"
# define PAMD_COMMON_AUTH "common-auth"
typedef KGenericFactory < LDAPConfig , TQWidget > ldapFactory ;
K_EXPORT_COMPONENT_FACTORY ( kcm_ldap , ldapFactory ( " kcmldap " ) )
KSimpleConfig * systemconfig = 0 ;
LDAPConfig : : LDAPConfig ( TQWidget * parent , const char * name , const TQStringList & )
: KCModule ( parent , name ) , myAboutData ( 0 )
{
TQVBoxLayout * layout = new TQVBoxLayout ( this , KDialog : : marginHint ( ) , KDialog : : spacingHint ( ) ) ;
systemconfig = new KSimpleConfig ( TQString : : fromLatin1 ( KDE_CONFDIR " /ldap/ldapconfigrc " ) ) ;
systemconfig - > setFileWriteMode ( S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH ) ;
KAboutData * about = new KAboutData ( " ldap " , I18N_NOOP ( " TDE LDAP Manager " ) , " 0.1 " ,
I18N_NOOP ( " TDE LDAP Manager Control Panel Module " ) ,
KAboutData : : License_GPL ,
I18N_NOOP ( " (c) 2012 Timothy Pearson " ) , 0 , 0 ) ;
about - > addAuthor ( " Timothy Pearson " , 0 , " kb9vqf@pearsoncomputing.net " ) ;
setAboutData ( about ) ;
base = new LDAPConfigBase ( this ) ;
layout - > add ( base ) ;
base - > ldapRealmList - > setAllColumnsShowFocus ( true ) ;
base - > ldapRealmList - > setFullWidth ( true ) ;
setRootOnlyMsg ( i18n ( " <b>Bonded LDAP realms take effect system wide, and require administrator access to modify</b><br>To alter the system's bonded LDAP realms, click on the \" Administrator Mode \" button below. " ) ) ;
setUseRootOnlyMsg ( true ) ;
connect ( base - > systemEnableSupport , TQT_SIGNAL ( clicked ( ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
connect ( base - > defaultRealm , TQT_SIGNAL ( activated ( int ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
connect ( base - > ticketLifetime , TQT_SIGNAL ( valueChanged ( int ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
connect ( base - > systemEnableSupport , TQT_SIGNAL ( clicked ( ) ) , this , TQT_SLOT ( processLockouts ( ) ) ) ;
connect ( base - > ldapRealmList , TQT_SIGNAL ( selectionChanged ( ) ) , this , TQT_SLOT ( processLockouts ( ) ) ) ;
connect ( base - > btnBondRealm , TQT_SIGNAL ( clicked ( ) ) , this , TQT_SLOT ( bondToNewRealm ( ) ) ) ;
connect ( base - > btnReBondRealm , TQT_SIGNAL ( clicked ( ) ) , this , TQT_SLOT ( reBondToRealm ( ) ) ) ;
connect ( base - > btnRemoveRealm , TQT_SIGNAL ( clicked ( ) ) , this , TQT_SLOT ( removeRealm ( ) ) ) ;
connect ( base - > btnDeactivateRealm , TQT_SIGNAL ( clicked ( ) ) , this , TQT_SLOT ( deactivateRealm ( ) ) ) ;
connect ( base - > btnRealmProperties , TQT_SIGNAL ( clicked ( ) ) , this , TQT_SLOT ( realmProperties ( ) ) ) ;
connect ( base - > ldapVersion , TQT_SIGNAL ( valueChanged ( int ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
connect ( base - > ldapTimeout , TQT_SIGNAL ( valueChanged ( int ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
connect ( base - > bindPolicy , TQT_SIGNAL ( activated ( int ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
connect ( base - > ldapBindTimeout , TQT_SIGNAL ( valueChanged ( int ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
connect ( base - > passwordHash , TQT_SIGNAL ( activated ( int ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
connect ( base - > ignoredUsers , TQT_SIGNAL ( textChanged ( const TQString & ) ) , this , TQT_SLOT ( changed ( ) ) ) ;
m_fqdn = LDAPManager : : getMachineFQDN ( ) ;
base - > hostFQDN - > setEnabled ( false ) ;
base - > hostFQDN - > clear ( ) ;
base - > hostFQDN - > insertItem ( m_fqdn ) ;
load ( ) ;
systemconfig - > setGroup ( NULL ) ;
TQString ldapRole = systemconfig - > readEntry ( " LDAPRole " , " Workstation " ) ;
if ( ( getuid ( ) ! = 0 ) | | ( ! systemconfig - > checkConfigFilesWritable ( true ) ) | | ( ldapRole ! = " Workstation " ) ) {
base - > systemEnableSupport - > setEnabled ( false ) ;
}
processLockouts ( ) ;
} ;
LDAPConfig : : ~ LDAPConfig ( ) {
delete systemconfig ;
}
void LDAPConfig : : load ( ) {
kgs = new KGlobalSettings ( ) ;
load ( false ) ;
}
void LDAPConfig : : load ( bool useDefaults )
{
int i ;
bool thisIsMyMachine ;
//Update the toggle buttons with the current configuration
systemconfig - > setReadDefaults ( useDefaults ) ;
systemconfig - > setGroup ( NULL ) ;
base - > systemEnableSupport - > setChecked ( systemconfig - > readBoolEntry ( " EnableLDAP " , false ) ) ;
m_defaultRealm = systemconfig - > readEntry ( " DefaultRealm " , TQString : : null ) ;
m_ticketLifetime = systemconfig - > readNumEntry ( " TicketLifetime " , 86400 ) ;
if ( m_fqdn = = systemconfig - > readEntry ( " HostFQDN " , " " ) ) {
thisIsMyMachine = true ;
}
else {
thisIsMyMachine = false ;
}
m_ldapVersion = systemconfig - > readNumEntry ( " ConnectionLDAPVersion " , 3 ) ;
m_ldapTimeout = systemconfig - > readNumEntry ( " ConnectionLDAPTimeout " , 2 ) ;
m_bindPolicy = systemconfig - > readEntry ( " ConnectionBindPolicy " , " soft " ) ;
m_ldapBindTimeout = systemconfig - > readNumEntry ( " ConnectionBindTimeout " , 2 ) ;
m_passwordHash = systemconfig - > readEntry ( " ConnectionPasswordHash " , " exop " ) ;
m_ignoredUsers = systemconfig - > readEntry ( " ConnectionIgnoredUsers " , DEFAULT_IGNORED_USERS_LIST ) ;
// Load realms
m_realms . clear ( ) ;
m_realms = LDAPManager : : readTDERealmList ( systemconfig , ! thisIsMyMachine ) ;
base - > ticketLifetime - > setValue ( m_ticketLifetime ) ;
base - > ldapVersion - > setValue ( m_ldapVersion ) ;
base - > ldapTimeout - > setValue ( m_ldapTimeout ) ;
for ( i = 0 ; i < base - > bindPolicy - > count ( ) ; i + + ) {
if ( base - > bindPolicy - > text ( i ) . lower ( ) = = m_defaultRealm . lower ( ) ) {
base - > bindPolicy - > setCurrentItem ( i ) ;
break ;
}
}
base - > ldapBindTimeout - > setValue ( m_ldapBindTimeout ) ;
for ( i = 0 ; i < base - > passwordHash - > count ( ) ; i + + ) {
if ( base - > passwordHash - > text ( i ) . lower ( ) = = m_passwordHash . lower ( ) ) {
base - > passwordHash - > setCurrentItem ( i ) ;
break ;
}
}
base - > ignoredUsers - > setText ( m_ignoredUsers ) ;
updateRealmList ( ) ;
processLockouts ( ) ;
emit changed ( useDefaults ) ;
}
void LDAPConfig : : updateRealmList ( ) {
base - > ldapRealmList - > clear ( ) ;
base - > defaultRealm - > clear ( ) ;
LDAPRealmConfigList : : Iterator it ;
for ( it = m_realms . begin ( ) ; it ! = m_realms . end ( ) ; + + it ) {
LDAPRealmConfig realmcfg = it . data ( ) ;
( void ) new TQListViewItem ( base - > ldapRealmList , ( ( realmcfg . bonded ) ? i18n ( " Bonded " ) : i18n ( " Deactivated " ) ) , realmcfg . name ) ;
base - > defaultRealm - > insertItem ( realmcfg . name ) ;
}
if ( m_defaultRealm ! = " " ) {
for ( int i = 0 ; i < base - > defaultRealm - > count ( ) ; i + + ) {
if ( base - > defaultRealm - > text ( i ) = = m_defaultRealm ) {
base - > defaultRealm - > setCurrentItem ( i ) ;
break ;
}
}
}
processLockouts ( ) ;
}
void LDAPConfig : : defaults ( ) {
}
void LDAPConfig : : save ( ) {
TQString errorstring ;
// Write system configuration
systemconfig - > setGroup ( NULL ) ;
systemconfig - > writeEntry ( " EnableLDAP " , base - > systemEnableSupport - > isChecked ( ) ) ;
systemconfig - > writeEntry ( " HostFQDN " , m_fqdn ) ;
m_defaultRealm = base - > defaultRealm - > currentText ( ) ;
m_ticketLifetime = base - > ticketLifetime - > value ( ) ;
m_ldapVersion = base - > ldapVersion - > value ( ) ;
m_ldapTimeout = base - > ldapTimeout - > value ( ) ;
m_bindPolicy = base - > bindPolicy - > currentText ( ) ;
m_ldapBindTimeout = base - > ldapBindTimeout - > value ( ) ;
m_passwordHash = base - > passwordHash - > currentText ( ) ;
m_ignoredUsers = base - > ignoredUsers - > text ( ) ;
if ( m_defaultRealm ! = " " ) {
systemconfig - > writeEntry ( " DefaultRealm " , m_defaultRealm ) ;
}
else {
systemconfig - > deleteEntry ( " DefaultRealm " ) ;
}
systemconfig - > writeEntry ( " TicketLifetime " , m_ticketLifetime ) ;
systemconfig - > writeEntry ( " ConnectionLDAPVersion " , m_ldapVersion ) ;
systemconfig - > writeEntry ( " ConnectionLDAPTimeout " , m_ldapTimeout ) ;
systemconfig - > writeEntry ( " ConnectionBindPolicy " , m_bindPolicy ) ;
systemconfig - > writeEntry ( " ConnectionBindTimeout " , m_ldapBindTimeout ) ;
systemconfig - > writeEntry ( " ConnectionPasswordHash " , m_passwordHash ) ;
systemconfig - > writeEntry ( " ConnectionIgnoredUsers " , m_ignoredUsers ) ;
LDAPManager : : writeTDERealmList ( m_realms , systemconfig ) ;
systemconfig - > sync ( ) ;
if ( base - > systemEnableSupport - > isChecked ( ) ) {
// Write the Kerberos5 configuration file
writeKrb5ConfFile ( ) ;
// Write the LDAP configuration file
writeLDAPConfFile ( ) ;
// Write the NSSwitch configuration file
writeNSSwitchFile ( ) ;
// Write the PAM configuration files
writePAMFiles ( ) ;
// Write the cron files
LDAPManager : : writeCronFiles ( ) ;
// Bind anonymously to LDAP
LDAPCredentials * credentials = new LDAPCredentials ;
credentials - > username = " " ;
credentials - > password = " " ;
credentials - > realm = m_defaultRealm . upper ( ) ;
LDAPManager * ldap_mgr = new LDAPManager ( m_defaultRealm . upper ( ) , " ldap:// " , credentials ) ;
// Add the domain-wide computer local admin group to local sudoers
ldap_mgr - > writeSudoersConfFile ( & errorstring ) ;
// Get and install the CA root certificate from LDAP
mkdir ( TDE_CERTIFICATE_DIR , S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH ) ;
mkdir ( KERBEROS_PKI_PUBLICDIR , S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH ) ;
ldap_mgr - > getTDECertificate ( " publicRootCertificate " , KERBEROS_PKI_PUBLICDIR + m_realms [ m_defaultRealm ] . admin_server + " .ldap.crt " , & errorstring ) ;
delete ldap_mgr ;
delete credentials ;
}
load ( ) ;
}
void LDAPConfig : : processLockouts ( ) {
bool panelIsEnabled = ( base - > systemEnableSupport - > isEnabled ( ) & & base - > systemEnableSupport - > isChecked ( ) ) ;
base - > groupRealms - > setEnabled ( panelIsEnabled ) ;
base - > groupKrbDefaults - > setEnabled ( panelIsEnabled ) ;
base - > groupConnectionParameters - > setEnabled ( panelIsEnabled ) ;
TQListViewItem * selrealm = base - > ldapRealmList - > selectedItem ( ) ;
if ( selrealm ) {
LDAPRealmConfig realmcfg = m_realms [ selrealm - > text ( 1 ) ] ;
base - > btnBondRealm - > setEnabled ( true ) ;
base - > btnReBondRealm - > setEnabled ( true ) ;
if ( realmcfg . bonded ) {
base - > btnDeactivateRealm - > setEnabled ( true ) ;
base - > btnRemoveRealm - > setEnabled ( false ) ;
base - > btnRealmProperties - > setEnabled ( false ) ;
}
else {
base - > btnDeactivateRealm - > setEnabled ( false ) ;
base - > btnRemoveRealm - > setEnabled ( true ) ;
base - > btnRealmProperties - > setEnabled ( true ) ;
}
}
else {
base - > btnBondRealm - > setEnabled ( true ) ;
base - > btnReBondRealm - > setEnabled ( false ) ;
base - > btnDeactivateRealm - > setEnabled ( false ) ;
base - > btnRemoveRealm - > setEnabled ( false ) ;
base - > btnRealmProperties - > setEnabled ( false ) ;
}
}
void LDAPConfig : : bondToNewRealm ( ) {
// Something will probably change
save ( ) ;
BondWizard bondwizard ( & m_realms , this , this ) ;
bondwizard . exec ( ) ;
// Something probably changed
load ( ) ;
}
void LDAPConfig : : reBondToRealm ( ) {
TQListViewItem * selrealm = base - > ldapRealmList - > selectedItem ( ) ;
if ( selrealm ) {
TQString realmName = selrealm - > text ( 1 ) ;
LDAPRealmConfig realmcfg = m_realms [ realmName ] ;
// Password prompt...
TQString errorString ;
LDAPPasswordDialog passdlg ( this ) ;
passdlg . m_base - > ldapAdminRealm - > setEnabled ( false ) ;
passdlg . m_base - > ldapAdminRealm - > setText ( realmName ) ;
if ( passdlg . exec ( ) = = TQDialog : : Accepted ) {
setEnabled ( false ) ;
if ( bondRealm ( m_realms [ realmName ] , passdlg . m_base - > ldapAdminUsername - > text ( ) , passdlg . m_base - > ldapAdminPassword - > password ( ) , passdlg . m_base - > ldapAdminRealm - > text ( ) , & errorString ) = = 0 ) {
// Success!
realmcfg . bonded = true ;
m_realms . remove ( realmName ) ;
m_realms . insert ( realmName , realmcfg ) ;
save ( ) ;
}
else {
KMessageBox : : error ( this , i18n ( " <qt><b>Unable to bond to realm!</b><p>Details: %1</qt> " ) . arg ( errorString ) , i18n ( " Unable to Bond to Realm " ) ) ;
}
setEnabled ( true ) ;
}
}
updateRealmList ( ) ;
}
void LDAPConfig : : removeRealm ( ) {
TQListViewItem * selrealm = base - > ldapRealmList - > selectedItem ( ) ;
if ( selrealm ) {
m_realms . remove ( selrealm - > text ( 1 ) ) ;
updateRealmList ( ) ;
changed ( ) ;
}
}
void LDAPConfig : : deactivateRealm ( ) {
TQListViewItem * selrealm = base - > ldapRealmList - > selectedItem ( ) ;
if ( selrealm ) {
TQString realmName = selrealm - > text ( 1 ) ;
LDAPRealmConfig realmcfg = m_realms [ realmName ] ;
if ( realmcfg . bonded = = true ) {
// Password prompt...
TQString errorString ;
LDAPPasswordDialog passdlg ( this ) ;
passdlg . m_base - > ldapAdminRealm - > setEnabled ( false ) ;
passdlg . m_base - > ldapAdminRealm - > setText ( realmName ) ;
passdlg . m_base - > passprompt - > setText ( i18n ( " Please provide LDAP realm administrator credentials below to complete the unbonding process " ) ) ;
if ( passdlg . exec ( ) = = TQDialog : : Accepted ) {
setEnabled ( false ) ;
if ( unbondRealm ( m_realms [ realmName ] , passdlg . m_base - > ldapAdminUsername - > text ( ) , passdlg . m_base - > ldapAdminPassword - > password ( ) , passdlg . m_base - > ldapAdminRealm - > text ( ) , & errorString ) = = 0 ) {
// Success!
realmcfg . bonded = false ;
m_realms . remove ( realmName ) ;
m_realms . insert ( realmName , realmcfg ) ;
save ( ) ;
}
else {
KMessageBox : : error ( this , i18n ( " <qt><b>Unable to unbond from realm!</b><p>%1</qt> " ) . arg ( errorString ) , i18n ( " Unable to Unbond from Realm " ) ) ;
}
setEnabled ( true ) ;
}
}
}
updateRealmList ( ) ;
}
TQString readFullLineFromPtyProcess ( PtyProcess * proc ) {
TQString result = " " ;
while ( ( ! result . contains ( " \n " ) ) & & ( ! result . contains ( " : " ) ) & & ( ! result . contains ( " > " ) ) ) {
result = result + TQString ( proc - > readLine ( false ) ) ;
tqApp - > processEvents ( ) ;
}
return result ;
}
int LDAPConfig : : bondRealm ( LDAPRealmConfig realmcfg , TQString adminUserName , const char * adminPassword , TQString adminRealm , TQString * errstr ) {
TQCString command = " kadmin " ;
QCStringList args ;
args < < TQCString ( " -p " ) < < TQCString ( adminUserName + " @ " + ( adminRealm . upper ( ) ) ) < < TQCString ( " -r " ) < < TQCString ( adminRealm . upper ( ) ) ;
TQString hoststring = " host/ " + m_fqdn ;
TQString prompt ;
PtyProcess kadminProc ;
kadminProc . exec ( command , args ) ;
prompt = kadminProc . readLine ( true ) ;
prompt = prompt . stripWhiteSpace ( ) ;
if ( prompt = = " kadmin> " ) {
kadminProc . writeLine ( TQCString ( " ext " + hoststring ) , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = readFullLineFromPtyProcess ( & kadminProc ) ;
prompt = prompt . stripWhiteSpace ( ) ;
if ( prompt . endsWith ( " Password: " ) ) {
kadminProc . writeLine ( adminPassword , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = kadminProc . readLine ( true ) ;
prompt = prompt . stripWhiteSpace ( ) ;
}
if ( prompt . contains ( " authentication failed " ) ) {
if ( errstr ) * errstr = prompt ;
kadminProc . writeLine ( " quit " , true ) ;
return 1 ;
}
else if ( prompt . endsWith ( " Principal does not exist " ) ) {
kadminProc . writeLine ( TQCString ( " ank --random-key " + hoststring ) , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = readFullLineFromPtyProcess ( & kadminProc ) ;
prompt = prompt . stripWhiteSpace ( ) ;
// Use all defaults
while ( prompt ! = " kadmin> " ) {
if ( prompt . endsWith ( " Password: " ) ) {
kadminProc . writeLine ( adminPassword , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = kadminProc . readLine ( true ) ;
prompt = prompt . stripWhiteSpace ( ) ;
}
if ( prompt . contains ( " authentication failed " ) ) {
if ( errstr ) * errstr = prompt ;
kadminProc . writeLine ( " quit " , true ) ;
return 1 ;
}
else {
// Extract whatever default is in the [brackets] and feed it back to kadmin
TQString defaultParam ;
int leftbracket = prompt . find ( " [ " ) ;
int rightbracket = prompt . find ( " ] " ) ;
if ( ( leftbracket > = 0 ) & & ( rightbracket > = 0 ) ) {
leftbracket + + ;
defaultParam = prompt . mid ( leftbracket , rightbracket - leftbracket ) ;
}
kadminProc . writeLine ( TQCString ( defaultParam ) , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = kadminProc . readLine ( true ) ;
prompt = prompt . stripWhiteSpace ( ) ;
}
}
kadminProc . writeLine ( TQCString ( " ext " + hoststring ) , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = readFullLineFromPtyProcess ( & kadminProc ) ;
prompt = prompt . stripWhiteSpace ( ) ;
if ( prompt ! = " kadmin> " ) {
if ( errstr ) * errstr = prompt ;
kadminProc . writeLine ( " quit " , true ) ;
return 1 ;
}
// Success!
kadminProc . writeLine ( " quit " , true ) ;
return 0 ;
}
else if ( prompt = = " kadmin> " ) {
// Success!
kadminProc . writeLine ( " quit " , true ) ;
return 0 ;
}
// Failure
if ( errstr ) * errstr = prompt ;
kadminProc . writeLine ( " quit " , true ) ;
return 1 ;
}
if ( errstr ) * errstr = " Internal error. Verify that kadmin exists and can be executed. " ;
return 1 ; // Failure
}
int LDAPConfig : : unbondRealm ( LDAPRealmConfig realmcfg , TQString adminUserName , const char * adminPassword , TQString adminRealm , TQString * errstr ) {
TQCString command = " kadmin " ;
QCStringList args ;
args < < TQCString ( " -p " ) < < TQCString ( adminUserName + " @ " + ( adminRealm . upper ( ) ) ) ;
TQString hoststring = " host/ " + m_fqdn ;
TQString prompt ;
PtyProcess kadminProc ;
kadminProc . exec ( command , args ) ;
prompt = kadminProc . readLine ( true ) ;
prompt = prompt . stripWhiteSpace ( ) ;
if ( prompt = = " kadmin> " ) {
kadminProc . writeLine ( TQCString ( " delete " + hoststring ) , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = readFullLineFromPtyProcess ( & kadminProc ) ;
prompt = prompt . stripWhiteSpace ( ) ;
if ( prompt . endsWith ( " Password: " ) ) {
kadminProc . writeLine ( adminPassword , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = kadminProc . readLine ( true ) ;
prompt = prompt . stripWhiteSpace ( ) ;
}
if ( prompt ! = " kadmin> " ) {
if ( errstr ) * errstr = prompt ;
kadminProc . writeLine ( " quit " , true ) ;
return 1 ;
}
// Success!
kadminProc . writeLine ( " quit " , true ) ;
return 0 ;
}
return 1 ; // Failure
}
void LDAPConfig : : realmProperties ( ) {
TQListViewItem * selrealm = base - > ldapRealmList - > selectedItem ( ) ;
if ( selrealm ) {
RealmPropertiesDialog rpdialog ( & m_realms , selrealm - > text ( 1 ) , this ) ;
if ( rpdialog . exec ( ) = = TQDialog : : Accepted ) {
updateRealmList ( ) ;
changed ( ) ;
}
}
}
void LDAPConfig : : writeKrb5ConfFile ( ) {
TQFile file ( KRB5_FILE ) ;
if ( file . open ( IO_WriteOnly ) ) {
TQTextStream stream ( & file ) ;
stream < < " # This file was automatically generated by TDE \n " ;
stream < < " # All changes will be lost! \n " ;
stream < < " \n " ;
// Defaults
stream < < " [libdefaults] \n " ;
stream < < " ticket_lifetime = " < < m_ticketLifetime < < " \n " ;
if ( m_defaultRealm ! = " " ) {
stream < < " default_realm = " < < m_defaultRealm < < " \n " ;
}
stream < < " \n " ;
// Realms
stream < < " [realms] \n " ;
LDAPRealmConfigList : : Iterator it ;
for ( it = m_realms . begin ( ) ; it ! = m_realms . end ( ) ; + + it ) {
LDAPRealmConfig realmcfg = it . data ( ) ;
stream < < " " < < realmcfg . name < < " = { \n " ;
stream < < " kdc = " < < realmcfg . kdc < < " : " < < realmcfg . kdc_port < < " \n " ;
stream < < " admin_server = " < < realmcfg . admin_server < < " : " < < realmcfg . admin_server_port < < " \n " ;
stream < < " pkinit_require_eku = " < < ( realmcfg . pkinit_require_eku ? " true " : " false " ) < < " \n " ;
stream < < " pkinit_require_krbtgt_otherName = " < < ( realmcfg . pkinit_require_krbtgt_otherName ? " true " : " false " ) < < " \n " ;
stream < < " win2k_pkinit = " < < ( realmcfg . win2k_pkinit ? " yes " : " no " ) < < " \n " ;
stream < < " win2k_pkinit_require_binding = " < < ( realmcfg . win2k_pkinit_require_binding ? " yes " : " no " ) < < " \n " ;
stream < < " } \n " ;
}
stream < < " \n " ;
// Domain aliases
stream < < " [domain_realm] \n " ;
LDAPRealmConfigList : : Iterator it2 ;
for ( it2 = m_realms . begin ( ) ; it2 ! = m_realms . end ( ) ; + + it2 ) {
LDAPRealmConfig realmcfg = it2 . data ( ) ;
TQStringList domains = realmcfg . domain_mappings ;
for ( TQStringList : : Iterator it3 = domains . begin ( ) ; it3 ! = domains . end ( ) ; + + it3 ) {
stream < < " " < < * it3 < < " = " < < realmcfg . name < < " \n " ;
}
}
file . close ( ) ;
}
}
void LDAPConfig : : writeLDAPConfFile ( ) {
LDAPManager : : writeLDAPConfFile ( m_realms [ m_defaultRealm ] ) ;
}
void LDAPConfig : : writeNSSwitchFile ( ) {
TQFile file ( NSSWITCH_FILE ) ;
if ( file . open ( IO_WriteOnly ) ) {
TQTextStream stream ( & file ) ;
stream < < " # This file was automatically generated by TDE \n " ;
stream < < " # All changes will be lost! \n " ;
stream < < " \n " ;
stream < < " passwd: files ldap [NOTFOUND=return] db " < < " \n " ;
stream < < " group: files ldap [NOTFOUND=return] db " < < " \n " ;
stream < < " shadow: files ldap [NOTFOUND=return] db " < < " \n " ;
stream < < " \n " ;
stream < < " hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 " < < " \n " ;
stream < < " networks: files " < < " \n " ;
stream < < " \n " ;
stream < < " protocols: db files " < < " \n " ;
stream < < " services: db files " < < " \n " ;
stream < < " ethers: db files " < < " \n " ;
stream < < " rpc: db files " < < " \n " ;
stream < < " \n " ;
stream < < " netgroup: nis " < < " \n " ;
file . close ( ) ;
}
}
void LDAPConfig : : writePAMFiles ( ) {
TQFile file ( PAMD_DIRECTORY PAMD_COMMON_ACCOUNT ) ;
if ( file . open ( IO_WriteOnly ) ) {
TQTextStream stream ( & file ) ;
stream < < " # This file was automatically generated by TDE \n " ;
stream < < " # All changes will be lost! \n " ;
stream < < " \n " ;
stream < < " account sufficient pam_unix.so nullok_secure " < < " \n " ;
stream < < " account sufficient pam_ldap.so " < < " \n " ;
stream < < " account required pam_permit.so " < < " \n " ;
file . close ( ) ;
}
TQFile file2 ( PAMD_DIRECTORY PAMD_COMMON_AUTH ) ;
if ( file2 . open ( IO_WriteOnly ) ) {
TQTextStream stream ( & file2 ) ;
stream < < " # This file was automatically generated by TDE \n " ;
stream < < " # All changes will be lost! \n " ;
stream < < " \n " ;
stream < < " auth [default=ignore success=ignore] pam_mount.so " < < " \n " ;
stream < < " auth sufficient pam_unix.so nullok try_first_pass " < < " \n " ;
stream < < " auth [default=ignore success=1 service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass " < < " \n " ;
stream < < " auth [default=die success=done] pam_ccreds.so action=validate use_first_pass " < < " \n " ;
stream < < " auth sufficient pam_ccreds.so action=store use_first_pass " < < " \n " ;
stream < < " auth required pam_deny.so " < < " \n " ;
file2 . close ( ) ;
}
}
int LDAPConfig : : buttons ( ) {
return KCModule : : Apply | KCModule : : Help ;
}
TQString LDAPConfig : : quickHelp ( ) const
{
return i18n ( " This module configures which LDAP realms TDE uses for authentication. " ) ;
}