I lied earlier...kadmin support now added

12 years ago · 93a591d8f0
parent 4d66047a31
commit 93a591d8f0
5 changed files with 158 additions and 6 deletions
--- a/src/ldapconfigbase.ui
+++ b/src/ldapconfigbase.ui
@ -573,7 +573,7 @@
 								</property>
 								<widget class="TQLayoutWidget" row="0" column="0">
 									<property name="name">
-										<cstring>userControls</cstring>
+										<cstring>machineControls</cstring>
 									</property>
 									<grid>
 										<property name="name">
@ -581,7 +581,7 @@
 										</property>
 										<widget class="TQPushButton" row="0" column="1" colspan="0">
 											<property name="name">
-												<cstring>user_buttonModify</cstring>
+												<cstring>machine_buttonModify</cstring>
 											</property>
 											<property name="text">
 												<string>Modify</string>
@ -589,7 +589,7 @@
 										</widget>
 										<widget class="TQPushButton" row="0" column="0" colspan="0">
 											<property name="name">
-												<cstring>user_buttonAdd</cstring>
+												<cstring>machine_buttonAdd</cstring>
 											</property>
 											<property name="text">
 												<string>New</string>
@ -597,7 +597,7 @@
 										</widget>
 										<widget class="TQPushButton" row="0" column="2" colspan="0">
 											<property name="name">
-												<cstring>user_buttonDelete</cstring>
+												<cstring>machine_buttonDelete</cstring>
 											</property>
 											<property name="text">
 												<string>Delete</string>
--- a/src/ldapmgr.cpp
+++ b/src/ldapmgr.cpp
@ -19,6 +19,7 @@
 ***************************************************************************/

 #include <tqlayout.h>
+#include <tqapplication.h>

 #include <klocale.h>
 #include <kglobal.h>
@ -38,6 +39,8 @@
 #include <kmessagebox.h>
 #include <klineedit.h>

+#include <tdesu/process.h>
+
 #include "ldapmgr.h"

 #include "libtdeldap.h"
@ -148,7 +151,6 @@ void LDAPConfig::save() {
 }

 void LDAPConfig::processLockouts() {
-	// RAJA FIXME
 	TQListViewItem* lvi = base->user_list->selectedItem();
 	if (lvi) {
 		base->user_buttonModify->setEnabled(true);
@ -170,6 +172,19 @@ void LDAPConfig::processLockouts() {
 		base->group_buttonDelete->setEnabled(false);
 	}
 	base->group_buttonAdd->setEnabled(true);
+
+	lvi = base->machine_list->selectedItem();
+	if (lvi) {
+		base->machine_buttonDelete->setEnabled(true);
+	}
+	else {
+		base->machine_buttonDelete->setEnabled(false);
+	}
+	// FIXME
+	// Disable machine add/modify as they are not implemented
+	// In fact, I don't know if I CAN implement them!
+	base->machine_buttonAdd->setEnabled(true);
+	base->machine_buttonModify->setEnabled(true);
 }

 void LDAPConfig::connectToRealm(const TQString& realm) {
@ -431,7 +446,36 @@ void LDAPConfig::addNewUser() {
 			else {
 				user.distinguishedName = "uid=" + user.name + "," + m_ldapmanager->basedn();
 			}
-			m_ldapmanager->addUserInfo(user);
+			if (m_ldapmanager->addUserInfo(user) == 0) {
+				if (user.new_password != "") {
+					// If a new password was set, use Kerberos to set it on the server
+					TQString errorString;
+					if (setPasswordForUser(user, &errorString) != 0) {
+						KMessageBox::error(0, i18n("<qt>Unable to set password for user!<p>%1</qt>").arg(errorString), i18n("Kerberos Failure"));
+					}
+				}
+	
+				// Modify group(s) as needed
+				populateGroups();
+				LDAPGroupInfoList::Iterator it;
+				for (it = m_groupInfoList.begin(); it != m_groupInfoList.end(); ++it) {
+					LDAPGroupInfo group = *it;
+					if (userconfigdlg.selectedGroups.contains(group.name)) {
+						// Make sure that we are in this group!
+						if (!group.userlist.contains(user.distinguishedName)) {
+							group.userlist.append(user.distinguishedName);
+							m_ldapmanager->updateGroupInfo(group);
+						}
+					}
+					else {
+						// Make sure that we are NOT in this group!
+						if (group.userlist.contains(user.distinguishedName)) {
+							group.userlist.remove(user.distinguishedName);
+							m_ldapmanager->updateGroupInfo(group);
+						}
+					}
+				}
+			}
 		}
 		else {
 			// PEBKAC
@ -492,6 +536,14 @@ void LDAPConfig::modifySelectedUser() {
 	if (userconfigdlg.exec() == TQDialog::Accepted) {
 		user = userconfigdlg.m_user;
 		if (m_ldapmanager->updateUserInfo(user) == 0) {
+			if (user.new_password != "") {
+				// If a new password was set, use Kerberos to set it on the server
+				TQString errorString;
+				if (setPasswordForUser(user, &errorString) != 0) {
+					KMessageBox::error(0, i18n("<qt>Unable to set password for user!<p>%1</qt>").arg(errorString), i18n("Kerberos Failure"));
+				}
+			}
+
 			// Modify group(s) as needed
 			populateGroups();
 			LDAPGroupInfoList::Iterator it;
@ -551,6 +603,90 @@ void LDAPConfig::removeSelectedGroup() {
 	updateAllInformation();
 }

+TQString readFullLineFromPtyProcess(PtyProcess* proc) {
+	TQString result = "";
+	while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) {
+		result = result + TQString(proc->readLine(false));
+		tqApp->processEvents();
+	}
+	return result;
+}
+
+int LDAPConfig::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
+	if (user.new_password == "") {
+		return 0;
+	}
+
+	LDAPCredentials admincreds = m_ldapmanager->currentLDAPCredentials();
+
+	TQCString command = "kadmin";
+	QCStringList args;
+	args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+
+	TQString prompt;
+	PtyProcess kadminProc;
+	kadminProc.exec(command, args);
+	prompt = kadminProc.readLine(true);
+	prompt = prompt.stripWhiteSpace();
+	if (prompt == "kadmin>") {
+		kadminProc.writeLine(TQCString("passwd "+user.name), true);
+		prompt = kadminProc.readLine(true);	// Discard our own input
+		prompt = readFullLineFromPtyProcess(&kadminProc);
+		prompt = prompt.stripWhiteSpace();
+		if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) {
+			kadminProc.writeLine(admincreds.password, true);
+			prompt = kadminProc.readLine(true);	// Discard our own input
+			prompt = kadminProc.readLine(true);
+			prompt = prompt.stripWhiteSpace();
+		}
+		if (prompt.contains("authentication failed")) {
+			if (errstr) *errstr = prompt;
+			kadminProc.writeLine("quit", true);
+			return 1;
+		}
+		else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.name + "@")))) {
+			kadminProc.writeLine(user.new_password, true);
+			prompt = kadminProc.readLine(true);	// Discard our own input
+			prompt = kadminProc.readLine(true);
+			prompt = prompt.stripWhiteSpace();
+			if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) {
+				kadminProc.writeLine(user.new_password, true);
+				prompt = kadminProc.readLine(true);	// Discard our own input
+				prompt = kadminProc.readLine(true);
+				prompt = prompt.stripWhiteSpace();
+			}
+			if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) {
+				kadminProc.writeLine(admincreds.password, true);
+				prompt = kadminProc.readLine(true);	// Discard our own input
+				prompt = kadminProc.readLine(true);
+				prompt = prompt.stripWhiteSpace();
+			}
+			if (prompt != "kadmin>") {
+				if (errstr) *errstr = prompt;
+				kadminProc.writeLine("quit", true);
+				return 1;
+			}
+
+			// Success!
+			kadminProc.writeLine("quit", true);
+			return 0;
+		}
+		else if (prompt == "kadmin>") {
+			// Success!
+			kadminProc.writeLine("quit", true);
+			return 0;
+		}
+
+		// Failure
+		if (errstr) *errstr = prompt;
+		kadminProc.writeLine("quit", true);
+		return 1;
+	}
+
+	if (errstr) *errstr = "Internal error.  Verify that kadmin exists and can be executed.";
+	return 1;	// Failure
+}
+
 int LDAPConfig::buttons() {
 	return KCModule::Apply|KCModule::Help;
 }
--- a/src/ldapmgr.h
+++ b/src/ldapmgr.h
@ -81,6 +81,7 @@ class LDAPConfig: public KCModule
 	private:
 		LDAPUserInfo selectedUser();
 		LDAPGroupInfo selectedGroup();
+		int setPasswordForUser(LDAPUserInfo user, TQString *errstr);

 	private:
 		KAboutData *myAboutData;
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@ -55,6 +55,15 @@ TQString LDAPManager::realm() {
 	return m_realm;
 }

+LDAPCredentials LDAPManager::currentLDAPCredentials() {
+	if (m_creds) {
+		return *m_creds;
+	}
+	else {
+		return LDAPCredentials();
+	}
+}
+
 int LDAPManager::bind() {
 printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
 	if (m_ldap) {
@ -93,6 +102,10 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
 		struct berval cred;
 		TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text();
 		TQCString pass = passdlg.m_base->ldapAdminPassword->password();
+		if (!m_creds) m_creds = new LDAPCredentials();
+		m_creds->username = passdlg.m_base->ldapAdminUsername->text();
+		m_creds->password = passdlg.m_base->ldapAdminPassword->password();
+		m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
 		cred.bv_val = pass.data();
 		cred.bv_len = pass.length();

--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@ -184,6 +184,8 @@ class LDAPManager : public TQObject {
 		int deleteUserInfo(LDAPUserInfo user);
 		int deleteGroupInfo(LDAPGroupInfo group);

+		LDAPCredentials currentLDAPCredentials();
+
 	private:
 		LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
 		LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);