|
|
@ -43,6 +43,8 @@
|
|
|
|
#include <klineedit.h>
|
|
|
|
#include <klineedit.h>
|
|
|
|
#include <kmessagebox.h>
|
|
|
|
#include <kmessagebox.h>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <tdesu/process.h>
|
|
|
|
|
|
|
|
|
|
|
|
#include "ldap.h"
|
|
|
|
#include "ldap.h"
|
|
|
|
#include "bondwizard.h"
|
|
|
|
#include "bondwizard.h"
|
|
|
|
#include "ldappasswddlg.h"
|
|
|
|
#include "ldappasswddlg.h"
|
|
|
@ -373,8 +375,6 @@ void LDAPConfig::processLockouts() {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void LDAPConfig::bondToNewRealm() {
|
|
|
|
void LDAPConfig::bondToNewRealm() {
|
|
|
|
// RAJA FIXME
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Something will probably change
|
|
|
|
// Something will probably change
|
|
|
|
save();
|
|
|
|
save();
|
|
|
|
|
|
|
|
|
|
|
@ -390,10 +390,12 @@ void LDAPConfig::reBondToRealm() {
|
|
|
|
if (selrealm) {
|
|
|
|
if (selrealm) {
|
|
|
|
TQString realmName = selrealm->text(1);
|
|
|
|
TQString realmName = selrealm->text(1);
|
|
|
|
LDAPRealmConfig realmcfg = m_realms[realmName];
|
|
|
|
LDAPRealmConfig realmcfg = m_realms[realmName];
|
|
|
|
if (realmcfg.bonded == false) {
|
|
|
|
|
|
|
|
// Password prompt...
|
|
|
|
// Password prompt...
|
|
|
|
TQString errorString;
|
|
|
|
TQString errorString;
|
|
|
|
LDAPPasswordDialog passdlg(this);
|
|
|
|
LDAPPasswordDialog passdlg(this);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->setEnabled(false);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->setText(realmName);
|
|
|
|
if (passdlg.exec() == TQDialog::Accepted) {
|
|
|
|
if (passdlg.exec() == TQDialog::Accepted) {
|
|
|
|
if (bondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
|
|
|
|
if (bondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
|
|
|
|
// Success!
|
|
|
|
// Success!
|
|
|
@ -403,8 +405,7 @@ void LDAPConfig::reBondToRealm() {
|
|
|
|
save();
|
|
|
|
save();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
else {
|
|
|
|
KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>%1</qt>").arg(errorString), i18n("Unable to Bond to Realm"));
|
|
|
|
KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>Details: %1</qt>").arg(errorString), i18n("Unable to Bond to Realm"));
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -429,6 +430,8 @@ void LDAPConfig::deactivateRealm() {
|
|
|
|
// Password prompt...
|
|
|
|
// Password prompt...
|
|
|
|
TQString errorString;
|
|
|
|
TQString errorString;
|
|
|
|
LDAPPasswordDialog passdlg(this);
|
|
|
|
LDAPPasswordDialog passdlg(this);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->setEnabled(false);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->setText(realmName);
|
|
|
|
passdlg.m_base->passprompt->setText(i18n("Please provide LDAP realm administrator credentials below to complete the unbonding process"));
|
|
|
|
passdlg.m_base->passprompt->setText(i18n("Please provide LDAP realm administrator credentials below to complete the unbonding process"));
|
|
|
|
if (passdlg.exec() == TQDialog::Accepted) {
|
|
|
|
if (passdlg.exec() == TQDialog::Accepted) {
|
|
|
|
if (unbondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
|
|
|
|
if (unbondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
|
|
|
@ -447,13 +450,129 @@ void LDAPConfig::deactivateRealm() {
|
|
|
|
updateRealmList();
|
|
|
|
updateRealmList();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TQString readFullLineFromPtyProcess(PtyProcess* proc) {
|
|
|
|
|
|
|
|
TQString result = "";
|
|
|
|
|
|
|
|
while ((!result.contains("\n")) && (!result.contains(":"))) {
|
|
|
|
|
|
|
|
result = result + TQString(proc->readLine(false));
|
|
|
|
|
|
|
|
tqApp->processEvents();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
|
|
|
|
int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
|
|
|
|
// RAJA FIXME
|
|
|
|
TQCString command = "kadmin";
|
|
|
|
|
|
|
|
QCStringList args;
|
|
|
|
|
|
|
|
args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper()));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TQString hoststring = "host/"+m_fqdn;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TQString prompt;
|
|
|
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
|
|
|
|
kadminProc.exec(command, args);
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
|
|
|
kadminProc.writeLine(TQCString("ext "+hoststring), true);
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
if (prompt.endsWith(" Password:")) {
|
|
|
|
|
|
|
|
kadminProc.writeLine(adminPassword, true);
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else if (prompt.endsWith("Principal does not exist")) {
|
|
|
|
|
|
|
|
kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
|
|
|
|
|
|
|
|
// Use all defaults
|
|
|
|
|
|
|
|
while (prompt != "kadmin>") {
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
if (prompt.endsWith(" Password:")) {
|
|
|
|
|
|
|
|
kadminProc.writeLine(adminPassword, true);
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
kadminProc.writeLine("", true);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
kadminProc.writeLine(TQCString("ext "+hoststring), true);
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Success!
|
|
|
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else if (prompt == "kadmin>") {
|
|
|
|
|
|
|
|
// Success!
|
|
|
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Failure
|
|
|
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
|
|
|
|
return 1; // Failure
|
|
|
|
return 1; // Failure
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
|
|
|
|
int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
|
|
|
|
// RAJA FIXME
|
|
|
|
TQCString command = "kadmin";
|
|
|
|
|
|
|
|
QCStringList args;
|
|
|
|
|
|
|
|
args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper()));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TQString hoststring = "host/"+m_fqdn;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TQString prompt;
|
|
|
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
|
|
|
|
kadminProc.exec(command, args);
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
|
|
|
kadminProc.writeLine(TQCString("delete "+hoststring), true);
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
if (prompt.endsWith(" Password:")) {
|
|
|
|
|
|
|
|
kadminProc.writeLine(adminPassword, true);
|
|
|
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Success!
|
|
|
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 1; // Failure
|
|
|
|
return 1; // Failure
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -478,15 +597,11 @@ void LDAPConfig::writeKrb5ConfFile() {
|
|
|
|
stream << "\n";
|
|
|
|
stream << "\n";
|
|
|
|
|
|
|
|
|
|
|
|
// Defaults
|
|
|
|
// Defaults
|
|
|
|
// FIXME
|
|
|
|
|
|
|
|
// These should be configurable!
|
|
|
|
|
|
|
|
stream << "[libdefaults]\n";
|
|
|
|
stream << "[libdefaults]\n";
|
|
|
|
stream << " ticket_lifetime = " << m_ticketLifetime << "\n";
|
|
|
|
stream << " ticket_lifetime = " << m_ticketLifetime << "\n";
|
|
|
|
if (m_defaultRealm != "") {
|
|
|
|
if (m_defaultRealm != "") {
|
|
|
|
stream << " default_realm = " << m_defaultRealm << "\n";
|
|
|
|
stream << " default_realm = " << m_defaultRealm << "\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
stream << " default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n";
|
|
|
|
|
|
|
|
stream << " default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n";
|
|
|
|
|
|
|
|
stream << "\n";
|
|
|
|
stream << "\n";
|
|
|
|
|
|
|
|
|
|
|
|
// Realms
|
|
|
|
// Realms
|
|
|
|