|
|
@ -48,6 +48,8 @@
|
|
|
|
// Connect this to CMake/Automake
|
|
|
|
// Connect this to CMake/Automake
|
|
|
|
#define KDE_CONFDIR "/etc/trinity"
|
|
|
|
#define KDE_CONFDIR "/etc/trinity"
|
|
|
|
#define KRB5_FILE "/etc/krb5.conf"
|
|
|
|
#define KRB5_FILE "/etc/krb5.conf"
|
|
|
|
|
|
|
|
#define LDAP_FILE "/etc/ldap.conf"
|
|
|
|
|
|
|
|
#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
|
|
|
|
|
|
|
|
|
|
|
|
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
|
|
|
|
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
|
|
|
|
|
|
|
|
|
|
|
@ -89,6 +91,13 @@ LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
|
|
|
|
connect(base->btnDeactivateRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(deactivateRealm()));
|
|
|
|
connect(base->btnDeactivateRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(deactivateRealm()));
|
|
|
|
connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), this, TQT_SLOT(realmProperties()));
|
|
|
|
connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), this, TQT_SLOT(realmProperties()));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
connect(base->ldapVersion, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
|
|
|
|
|
|
|
|
connect(base->ldapTimeout, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
|
|
|
|
|
|
|
|
connect(base->bindPolicy, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
|
|
|
|
|
|
|
|
connect(base->ldapBindTimeout, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
|
|
|
|
|
|
|
|
connect(base->passwordHash, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
|
|
|
|
|
|
|
|
connect(base->ignoredUsers, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(changed()));
|
|
|
|
|
|
|
|
|
|
|
|
load();
|
|
|
|
load();
|
|
|
|
|
|
|
|
|
|
|
|
if (getuid() != 0 || !systemconfig->checkConfigFilesWritable( true )) {
|
|
|
|
if (getuid() != 0 || !systemconfig->checkConfigFilesWritable( true )) {
|
|
|
@ -110,6 +119,8 @@ void LDAPConfig::load() {
|
|
|
|
|
|
|
|
|
|
|
|
void LDAPConfig::load(bool useDefaults )
|
|
|
|
void LDAPConfig::load(bool useDefaults )
|
|
|
|
{
|
|
|
|
{
|
|
|
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
|
|
//Update the toggle buttons with the current configuration
|
|
|
|
//Update the toggle buttons with the current configuration
|
|
|
|
systemconfig->setReadDefaults( useDefaults );
|
|
|
|
systemconfig->setReadDefaults( useDefaults );
|
|
|
|
|
|
|
|
|
|
|
@ -118,6 +129,13 @@ void LDAPConfig::load(bool useDefaults )
|
|
|
|
m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
|
|
|
|
m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
|
|
|
|
m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
|
|
|
|
m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
m_ldapVersion = systemconfig->readNumEntry("ConnectionLDAPVersion", 3);
|
|
|
|
|
|
|
|
m_ldapTimeout = systemconfig->readNumEntry("ConnectionLDAPTimeout", 2);
|
|
|
|
|
|
|
|
m_bindPolicy = systemconfig->readEntry("ConnectionBindPolicy", "soft");
|
|
|
|
|
|
|
|
m_ldapBindTimeout = systemconfig->readNumEntry("ConnectionBindTimeout", 2);
|
|
|
|
|
|
|
|
m_passwordHash = systemconfig->readEntry("ConnectionPasswordHash", "exop");
|
|
|
|
|
|
|
|
m_ignoredUsers = systemconfig->readEntry("ConnectionIgnoredUsers", DEFAULT_IGNORED_USERS_LIST);
|
|
|
|
|
|
|
|
|
|
|
|
// Load realms
|
|
|
|
// Load realms
|
|
|
|
m_realms.clear();
|
|
|
|
m_realms.clear();
|
|
|
|
TQStringList cfgRealms = systemconfig->groupList();
|
|
|
|
TQStringList cfgRealms = systemconfig->groupList();
|
|
|
@ -149,6 +167,24 @@ void LDAPConfig::load(bool useDefaults )
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
base->ticketLifetime->setValue(m_ticketLifetime);
|
|
|
|
base->ticketLifetime->setValue(m_ticketLifetime);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
base->ldapVersion->setValue(m_ldapVersion);
|
|
|
|
|
|
|
|
base->ldapTimeout->setValue(m_ldapTimeout);
|
|
|
|
|
|
|
|
for (i=0; i<base->bindPolicy->count(); i++) {
|
|
|
|
|
|
|
|
if (base->bindPolicy->text(i).lower() == m_defaultRealm.lower()) {
|
|
|
|
|
|
|
|
base->bindPolicy->setCurrentItem(i);
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
base->ldapBindTimeout->setValue(m_ldapBindTimeout);
|
|
|
|
|
|
|
|
for (i=0; i<base->passwordHash->count(); i++) {
|
|
|
|
|
|
|
|
if (base->passwordHash->text(i).lower() == m_passwordHash.lower()) {
|
|
|
|
|
|
|
|
base->passwordHash->setCurrentItem(i);
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
base->ignoredUsers->setText(m_ignoredUsers);
|
|
|
|
|
|
|
|
|
|
|
|
updateRealmList();
|
|
|
|
updateRealmList();
|
|
|
|
|
|
|
|
|
|
|
|
processLockouts();
|
|
|
|
processLockouts();
|
|
|
@ -186,6 +222,14 @@ void LDAPConfig::save() {
|
|
|
|
systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
|
|
|
|
systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
|
|
|
|
m_defaultRealm = base->defaultRealm->currentText();
|
|
|
|
m_defaultRealm = base->defaultRealm->currentText();
|
|
|
|
m_ticketLifetime = base->ticketLifetime->value();
|
|
|
|
m_ticketLifetime = base->ticketLifetime->value();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
m_ldapVersion = base->ldapVersion->value();
|
|
|
|
|
|
|
|
m_ldapTimeout = base->ldapTimeout->value();
|
|
|
|
|
|
|
|
m_bindPolicy = base->bindPolicy->currentText();
|
|
|
|
|
|
|
|
m_ldapBindTimeout = base->ldapBindTimeout->value();
|
|
|
|
|
|
|
|
m_passwordHash = base->passwordHash->currentText();
|
|
|
|
|
|
|
|
m_ignoredUsers = base->ignoredUsers->text();
|
|
|
|
|
|
|
|
|
|
|
|
if (m_defaultRealm != "") {
|
|
|
|
if (m_defaultRealm != "") {
|
|
|
|
systemconfig->writeEntry("DefaultRealm", m_defaultRealm);
|
|
|
|
systemconfig->writeEntry("DefaultRealm", m_defaultRealm);
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -194,6 +238,13 @@ void LDAPConfig::save() {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
systemconfig->writeEntry("TicketLifetime", m_ticketLifetime);
|
|
|
|
systemconfig->writeEntry("TicketLifetime", m_ticketLifetime);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
systemconfig->writeEntry("ConnectionLDAPVersion", m_ldapVersion);
|
|
|
|
|
|
|
|
systemconfig->writeEntry("ConnectionLDAPTimeout", m_ldapTimeout);
|
|
|
|
|
|
|
|
systemconfig->writeEntry("ConnectionBindPolicy", m_bindPolicy);
|
|
|
|
|
|
|
|
systemconfig->writeEntry("ConnectionBindTimeout", m_ldapBindTimeout);
|
|
|
|
|
|
|
|
systemconfig->writeEntry("ConnectionPasswordHash", m_passwordHash);
|
|
|
|
|
|
|
|
systemconfig->writeEntry("ConnectionIgnoredUsers", m_ignoredUsers);
|
|
|
|
|
|
|
|
|
|
|
|
LDAPRealmConfigList::Iterator it;
|
|
|
|
LDAPRealmConfigList::Iterator it;
|
|
|
|
for (it = m_realms.begin(); it != m_realms.end(); ++it) {
|
|
|
|
for (it = m_realms.begin(); it != m_realms.end(); ++it) {
|
|
|
|
LDAPRealmConfig realmcfg = it.data();
|
|
|
|
LDAPRealmConfig realmcfg = it.data();
|
|
|
@ -230,8 +281,12 @@ void LDAPConfig::save() {
|
|
|
|
|
|
|
|
|
|
|
|
systemconfig->sync();
|
|
|
|
systemconfig->sync();
|
|
|
|
|
|
|
|
|
|
|
|
// Write the Kerberos5 configuration file
|
|
|
|
if (base->systemEnableSupport->isChecked()) {
|
|
|
|
writeKrb5ConfFile();
|
|
|
|
// Write the Kerberos5 configuration file
|
|
|
|
|
|
|
|
writeKrb5ConfFile();
|
|
|
|
|
|
|
|
// Write the LDAP configuration file
|
|
|
|
|
|
|
|
writeLDAPConfFile();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
load();
|
|
|
|
load();
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -240,6 +295,8 @@ void LDAPConfig::processLockouts() {
|
|
|
|
bool panelIsEnabled = base->systemEnableSupport->isChecked();
|
|
|
|
bool panelIsEnabled = base->systemEnableSupport->isChecked();
|
|
|
|
|
|
|
|
|
|
|
|
base->groupRealms->setEnabled(panelIsEnabled);
|
|
|
|
base->groupRealms->setEnabled(panelIsEnabled);
|
|
|
|
|
|
|
|
base->groupKrbDefaults->setEnabled(panelIsEnabled);
|
|
|
|
|
|
|
|
base->groupConnectionParameters->setEnabled(panelIsEnabled);
|
|
|
|
|
|
|
|
|
|
|
|
TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
|
|
|
|
TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
|
|
|
|
if (selrealm) {
|
|
|
|
if (selrealm) {
|
|
|
@ -414,6 +471,31 @@ void LDAPConfig::writeKrb5ConfFile() {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void LDAPConfig::writeLDAPConfFile() {
|
|
|
|
|
|
|
|
TQFile file(LDAP_FILE);
|
|
|
|
|
|
|
|
if (file.open(IO_WriteOnly)) {
|
|
|
|
|
|
|
|
TQTextStream stream( &file );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LDAPRealmConfig realmcfg = m_realms[m_defaultRealm];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
stream << "# This file was automatically generated by TDE\n";
|
|
|
|
|
|
|
|
stream << "# All changes will be lost!\n";
|
|
|
|
|
|
|
|
stream << "\n";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
stream << "host " << realmcfg.admin_server << "\n";
|
|
|
|
|
|
|
|
TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
|
|
|
|
|
|
|
|
stream << "base dc=" << domainChunks.join(",dc=") << "\n";
|
|
|
|
|
|
|
|
stream << "ldap_version " << m_ldapVersion << "\n";
|
|
|
|
|
|
|
|
stream << "timelimit " << m_ldapTimeout << "\n";
|
|
|
|
|
|
|
|
stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
|
|
|
|
|
|
|
|
stream << "bind_policy " << m_bindPolicy.lower() << "\n";
|
|
|
|
|
|
|
|
stream << "pam_password " << m_passwordHash.lower() << "\n";
|
|
|
|
|
|
|
|
stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
file.close();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int LDAPConfig::buttons() {
|
|
|
|
int LDAPConfig::buttons() {
|
|
|
|
return KCModule::Apply|KCModule::Help;
|
|
|
|
return KCModule::Apply|KCModule::Help;
|
|
|
|
}
|
|
|
|
}
|
|
|
|