From 93a591d8f0733774cfc62329ef4b9cc5403bd16c Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Wed, 30 May 2012 13:57:42 -0500 Subject: [PATCH] I lied earlier...kadmin support now added --- src/ldapconfigbase.ui | 8 +-- src/ldapmgr.cpp | 140 +++++++++++++++++++++++++++++++++++++++++- src/ldapmgr.h | 1 + src/libtdeldap.cpp | 13 ++++ src/libtdeldap.h | 2 + 5 files changed, 158 insertions(+), 6 deletions(-) diff --git a/src/ldapconfigbase.ui b/src/ldapconfigbase.ui index aa3af07..9c0be29 100644 --- a/src/ldapconfigbase.ui +++ b/src/ldapconfigbase.ui @@ -573,7 +573,7 @@ - userControls + machineControls @@ -581,7 +581,7 @@ - user_buttonModify + machine_buttonModify Modify @@ -589,7 +589,7 @@ - user_buttonAdd + machine_buttonAdd New @@ -597,7 +597,7 @@ - user_buttonDelete + machine_buttonDelete Delete diff --git a/src/ldapmgr.cpp b/src/ldapmgr.cpp index 6d94a0c..5481b2e 100644 --- a/src/ldapmgr.cpp +++ b/src/ldapmgr.cpp @@ -19,6 +19,7 @@ ***************************************************************************/ #include +#include #include #include @@ -38,6 +39,8 @@ #include #include +#include + #include "ldapmgr.h" #include "libtdeldap.h" @@ -148,7 +151,6 @@ void LDAPConfig::save() { } void LDAPConfig::processLockouts() { - // RAJA FIXME TQListViewItem* lvi = base->user_list->selectedItem(); if (lvi) { base->user_buttonModify->setEnabled(true); @@ -170,6 +172,19 @@ void LDAPConfig::processLockouts() { base->group_buttonDelete->setEnabled(false); } base->group_buttonAdd->setEnabled(true); + + lvi = base->machine_list->selectedItem(); + if (lvi) { + base->machine_buttonDelete->setEnabled(true); + } + else { + base->machine_buttonDelete->setEnabled(false); + } + // FIXME + // Disable machine add/modify as they are not implemented + // In fact, I don't know if I CAN implement them! + base->machine_buttonAdd->setEnabled(true); + base->machine_buttonModify->setEnabled(true); } void LDAPConfig::connectToRealm(const TQString& realm) { @@ -431,7 +446,36 @@ void LDAPConfig::addNewUser() { else { user.distinguishedName = "uid=" + user.name + "," + m_ldapmanager->basedn(); } - m_ldapmanager->addUserInfo(user); + if (m_ldapmanager->addUserInfo(user) == 0) { + if (user.new_password != "") { + // If a new password was set, use Kerberos to set it on the server + TQString errorString; + if (setPasswordForUser(user, &errorString) != 0) { + KMessageBox::error(0, i18n("Unable to set password for user!

%1").arg(errorString), i18n("Kerberos Failure")); + } + } + + // Modify group(s) as needed + populateGroups(); + LDAPGroupInfoList::Iterator it; + for (it = m_groupInfoList.begin(); it != m_groupInfoList.end(); ++it) { + LDAPGroupInfo group = *it; + if (userconfigdlg.selectedGroups.contains(group.name)) { + // Make sure that we are in this group! + if (!group.userlist.contains(user.distinguishedName)) { + group.userlist.append(user.distinguishedName); + m_ldapmanager->updateGroupInfo(group); + } + } + else { + // Make sure that we are NOT in this group! + if (group.userlist.contains(user.distinguishedName)) { + group.userlist.remove(user.distinguishedName); + m_ldapmanager->updateGroupInfo(group); + } + } + } + } } else { // PEBKAC @@ -492,6 +536,14 @@ void LDAPConfig::modifySelectedUser() { if (userconfigdlg.exec() == TQDialog::Accepted) { user = userconfigdlg.m_user; if (m_ldapmanager->updateUserInfo(user) == 0) { + if (user.new_password != "") { + // If a new password was set, use Kerberos to set it on the server + TQString errorString; + if (setPasswordForUser(user, &errorString) != 0) { + KMessageBox::error(0, i18n("Unable to set password for user!

%1").arg(errorString), i18n("Kerberos Failure")); + } + } + // Modify group(s) as needed populateGroups(); LDAPGroupInfoList::Iterator it; @@ -551,6 +603,90 @@ void LDAPConfig::removeSelectedGroup() { updateAllInformation(); } +TQString readFullLineFromPtyProcess(PtyProcess* proc) { + TQString result = ""; + while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) { + result = result + TQString(proc->readLine(false)); + tqApp->processEvents(); + } + return result; +} + +int LDAPConfig::setPasswordForUser(LDAPUserInfo user, TQString *errstr) { + if (user.new_password == "") { + return 0; + } + + LDAPCredentials admincreds = m_ldapmanager->currentLDAPCredentials(); + + TQCString command = "kadmin"; + QCStringList args; + args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper()); + + TQString prompt; + PtyProcess kadminProc; + kadminProc.exec(command, args); + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + if (prompt == "kadmin>") { + kadminProc.writeLine(TQCString("passwd "+user.name), true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = prompt.stripWhiteSpace(); + if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) { + kadminProc.writeLine(admincreds.password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + } + if (prompt.contains("authentication failed")) { + if (errstr) *errstr = prompt; + kadminProc.writeLine("quit", true); + return 1; + } + else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.name + "@")))) { + kadminProc.writeLine(user.new_password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) { + kadminProc.writeLine(user.new_password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + } + if ((prompt.endsWith(" Password:")) && (!prompt.startsWith(TQString(user.name + "@")))) { + kadminProc.writeLine(admincreds.password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + } + if (prompt != "kadmin>") { + if (errstr) *errstr = prompt; + kadminProc.writeLine("quit", true); + return 1; + } + + // Success! + kadminProc.writeLine("quit", true); + return 0; + } + else if (prompt == "kadmin>") { + // Success! + kadminProc.writeLine("quit", true); + return 0; + } + + // Failure + if (errstr) *errstr = prompt; + kadminProc.writeLine("quit", true); + return 1; + } + + if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed."; + return 1; // Failure +} + int LDAPConfig::buttons() { return KCModule::Apply|KCModule::Help; } diff --git a/src/ldapmgr.h b/src/ldapmgr.h index a007b87..4ba458e 100644 --- a/src/ldapmgr.h +++ b/src/ldapmgr.h @@ -81,6 +81,7 @@ class LDAPConfig: public KCModule private: LDAPUserInfo selectedUser(); LDAPGroupInfo selectedGroup(); + int setPasswordForUser(LDAPUserInfo user, TQString *errstr); private: KAboutData *myAboutData; diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 2f834e9..1bb149c 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -55,6 +55,15 @@ TQString LDAPManager::realm() { return m_realm; } +LDAPCredentials LDAPManager::currentLDAPCredentials() { + if (m_creds) { + return *m_creds; + } + else { + return LDAPCredentials(); + } +} + int LDAPManager::bind() { printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); if (m_ldap) { @@ -93,6 +102,10 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); struct berval cred; TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text(); TQCString pass = passdlg.m_base->ldapAdminPassword->password(); + if (!m_creds) m_creds = new LDAPCredentials(); + m_creds->username = passdlg.m_base->ldapAdminUsername->text(); + m_creds->password = passdlg.m_base->ldapAdminPassword->password(); + m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText(); cred.bv_val = pass.data(); cred.bv_len = pass.length(); diff --git a/src/libtdeldap.h b/src/libtdeldap.h index eaba974..b0c8c08 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -184,6 +184,8 @@ class LDAPManager : public TQObject { int deleteUserInfo(LDAPUserInfo user); int deleteGroupInfo(LDAPGroupInfo group); + LDAPCredentials currentLDAPCredentials(); + private: LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry); LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);