You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
261 lines
9.1 KiB
261 lines
9.1 KiB
/***************************************************************************
|
|
* Copyright (C) 2012 by Timothy Pearson *
|
|
* kb9vqf@pearsoncomputing.net *
|
|
* *
|
|
* This program is free software; you can redistribute it and/or modify *
|
|
* it under the terms of the GNU General Public License as published by *
|
|
* the Free Software Foundation; either version 2 of the License, or *
|
|
* (at your option) any later version. *
|
|
* *
|
|
* This program is distributed in the hope that it will be useful, *
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
* GNU General Public License for more details. *
|
|
* *
|
|
* You should have received a copy of the GNU General Public License *
|
|
* along with this program; if not, write to the *
|
|
* Free Software Foundation, Inc., *
|
|
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
|
|
***************************************************************************/
|
|
|
|
#include <tqlayout.h>
|
|
|
|
#include <klocale.h>
|
|
#include <kglobal.h>
|
|
#include <kcombobox.h>
|
|
#include <kparts/genericfactory.h>
|
|
#include <ksimpleconfig.h>
|
|
#include <kglobalsettings.h>
|
|
#include <kstandarddirs.h>
|
|
#include <kurlrequester.h>
|
|
#include <klistview.h>
|
|
#include <kopenwith.h>
|
|
#include <kpropertiesdialog.h>
|
|
#include <kio/job.h>
|
|
#include <tqdir.h>
|
|
#include <tqheader.h>
|
|
|
|
#include "ldap.h"
|
|
#include "bondwizard.h"
|
|
|
|
// FIXME
|
|
// Connect this to CMake/Automake
|
|
#define KDE_CONFDIR "/etc/trinity"
|
|
|
|
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
|
|
|
|
K_EXPORT_COMPONENT_FACTORY( kcm_ldap, ldapFactory("kcmldap"))
|
|
|
|
KSimpleConfig *systemconfig = 0;
|
|
|
|
LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
|
|
: KCModule(parent, name), myAboutData(0)
|
|
{
|
|
TQVBoxLayout *layout = new TQVBoxLayout(this, KDialog::marginHint(), KDialog::spacingHint());
|
|
systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
|
|
|
|
KAboutData* about = new KAboutData("ldap", I18N_NOOP("TDE LDAP Manager"), "0.1",
|
|
I18N_NOOP("TDE LDAP Manager Control Panel Module"),
|
|
KAboutData::License_GPL,
|
|
I18N_NOOP("(c) 2012 Timothy Pearson"), 0, 0);
|
|
|
|
about->addAuthor("Timothy Pearson", 0, "kb9vqf@pearsoncomputing.net");
|
|
setAboutData( about );
|
|
|
|
base = new LDAPConfigBase(this);
|
|
layout->add(base);
|
|
base->ldapRealmList->setAllColumnsShowFocus(true);
|
|
|
|
setRootOnlyMsg(i18n("<b>Bonded LDAP realms take effect system wide, and require administrator access to modify</b><br>To alter the system's bonded LDAP realms, click on the \"Administrator Mode\" button below."));
|
|
setUseRootOnlyMsg(true);
|
|
|
|
connect(base->systemEnableSupport, TQT_SIGNAL(clicked()), this, TQT_SLOT(changed()));
|
|
connect(base->systemEnableSupport, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts()));
|
|
connect(base->ldapRealmList, TQT_SIGNAL(selectionChanged()), this, TQT_SLOT(processLockouts()));
|
|
|
|
connect(base->btnBondRealm, TQT_SIGNAL(clicked()), TQT_SLOT(bondToNewRealm()));
|
|
connect(base->btnRemoveRealm, TQT_SIGNAL(clicked()), TQT_SLOT(removeRealm()));
|
|
|
|
load();
|
|
|
|
if (getuid() != 0 || !systemconfig->checkConfigFilesWritable( true )) {
|
|
base->systemEnableSupport->setEnabled(false);
|
|
}
|
|
|
|
processLockouts();
|
|
};
|
|
|
|
LDAPConfig::~LDAPConfig() {
|
|
delete systemconfig;
|
|
}
|
|
|
|
void LDAPConfig::load() {
|
|
kgs = new KGlobalSettings();
|
|
KStandardDirs *ksd = new KStandardDirs();
|
|
|
|
load(false);
|
|
}
|
|
|
|
void LDAPConfig::load(bool useDefaults )
|
|
{
|
|
//Update the toggle buttons with the current configuration
|
|
systemconfig->setReadDefaults( useDefaults );
|
|
|
|
systemconfig->setGroup(NULL);
|
|
base->systemEnableSupport->setChecked(systemconfig->readBoolEntry("EnableLDAP", false));
|
|
|
|
// Load realms
|
|
m_realms.clear();
|
|
TQStringList cfgRealms = systemconfig->groupList();
|
|
for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
|
|
if ((*it).startsWith("LDAPRealm-")) {
|
|
systemconfig->setGroup(*it);
|
|
TQString realmName=*it;
|
|
realmName.remove(0,strlen("LDAPRealm-"));
|
|
if (!m_realms.contains(realmName)) {
|
|
// Read in realm data
|
|
LDAPRealmConfig realmcfg;
|
|
realmcfg.name = realmName;
|
|
realmcfg.bonded = systemconfig->readBoolEntry("bonded");
|
|
realmcfg.uid_offset = systemconfig->readNumEntry("uid_offset");
|
|
realmcfg.gid_offset = systemconfig->readNumEntry("gid_offset");
|
|
realmcfg.domain_mappings = systemconfig->readListEntry("domain_mappings");
|
|
realmcfg.kdc = systemconfig->readEntry("kdc");
|
|
realmcfg.kdc_port = systemconfig->readNumEntry("kdc_port");
|
|
realmcfg.admin_server = systemconfig->readEntry("admin_server");
|
|
realmcfg.admin_server_port = systemconfig->readNumEntry("admin_server_port");
|
|
realmcfg.pkinit_require_eku = systemconfig->readBoolEntry("pkinit_require_eku");
|
|
realmcfg.pkinit_require_krbtgt_otherName = systemconfig->readBoolEntry("pkinit_require_krbtgt_otherName");
|
|
realmcfg.win2k_pkinit = systemconfig->readBoolEntry("win2k_pkinit");
|
|
realmcfg.win2k_pkinit_require_binding = systemconfig->readBoolEntry("win2k_pkinit_require_binding");
|
|
// Add realm to list
|
|
m_realms.insert(realmName, realmcfg);
|
|
}
|
|
}
|
|
}
|
|
|
|
updateRealmList();
|
|
|
|
processLockouts();
|
|
|
|
emit changed(useDefaults);
|
|
}
|
|
|
|
void LDAPConfig::updateRealmList() {
|
|
base->ldapRealmList->clear();
|
|
LDAPRealmConfigList::Iterator it;
|
|
for (it = m_realms.begin(); it != m_realms.end(); ++it) {
|
|
LDAPRealmConfig realmcfg = it.data();
|
|
(void)new TQListViewItem(base->ldapRealmList, ((realmcfg.bonded)?i18n("Bonded"):i18n("Deactivated")), realmcfg.name);
|
|
}
|
|
}
|
|
|
|
void LDAPConfig::defaults() {
|
|
|
|
}
|
|
|
|
void LDAPConfig::save() {
|
|
// Write system configuration
|
|
systemconfig->setGroup(NULL);
|
|
systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
|
|
|
|
LDAPRealmConfigList::Iterator it;
|
|
for (it = m_realms.begin(); it != m_realms.end(); ++it) {
|
|
LDAPRealmConfig realmcfg = it.data();
|
|
TQString configRealmName = realmcfg.name;
|
|
configRealmName.prepend("LDAPRealm-");
|
|
systemconfig->setGroup(configRealmName);
|
|
// Save realm settings
|
|
systemconfig->writeEntry("bonded", realmcfg.bonded);
|
|
systemconfig->writeEntry("uid_offset", realmcfg.uid_offset);
|
|
systemconfig->writeEntry("gid_offset", realmcfg.gid_offset);
|
|
systemconfig->writeEntry("domain_mappings", realmcfg.domain_mappings);
|
|
systemconfig->writeEntry("kdc", realmcfg.kdc);
|
|
systemconfig->writeEntry("kdc_port", realmcfg.kdc_port);
|
|
systemconfig->writeEntry("admin_server", realmcfg.admin_server);
|
|
systemconfig->writeEntry("admin_server_port", realmcfg.admin_server_port);
|
|
systemconfig->writeEntry("pkinit_require_eku", realmcfg.pkinit_require_eku);
|
|
systemconfig->writeEntry("pkinit_require_krbtgt_otherName", realmcfg.pkinit_require_krbtgt_otherName);
|
|
systemconfig->writeEntry("win2k_pkinit", realmcfg.win2k_pkinit);
|
|
systemconfig->writeEntry("win2k_pkinit_require_binding", realmcfg.win2k_pkinit_require_binding);
|
|
}
|
|
|
|
// Delete any realms that do not exist in the m_realms database
|
|
TQStringList cfgRealms = systemconfig->groupList();
|
|
for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
|
|
if ((*it).startsWith("LDAPRealm-")) {
|
|
systemconfig->setGroup(*it);
|
|
TQString realmName=*it;
|
|
realmName.remove(0,strlen("LDAPRealm-"));
|
|
if (!m_realms.contains(realmName)) {
|
|
systemconfig->deleteGroup(*it);
|
|
}
|
|
}
|
|
}
|
|
|
|
systemconfig->sync();
|
|
|
|
load();
|
|
}
|
|
|
|
void LDAPConfig::processLockouts() {
|
|
bool panelIsEnabled = base->systemEnableSupport->isChecked();
|
|
|
|
base->groupRealms->setEnabled(panelIsEnabled);
|
|
|
|
TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
|
|
if (selrealm) {
|
|
LDAPRealmConfig realmcfg = m_realms[selrealm->text(1)];
|
|
base->btnBondRealm->setEnabled(true);
|
|
base->btnReBondRealm->setEnabled(true);
|
|
if (realmcfg.bonded) {
|
|
base->btnDeactivateRealm->setEnabled(true);
|
|
base->btnRemoveRealm->setEnabled(false);
|
|
base->btnRealmProperties->setEnabled(false);
|
|
}
|
|
else {
|
|
base->btnDeactivateRealm->setEnabled(false);
|
|
base->btnRemoveRealm->setEnabled(true);
|
|
base->btnRealmProperties->setEnabled(true);
|
|
}
|
|
}
|
|
else {
|
|
base->btnBondRealm->setEnabled(true);
|
|
base->btnReBondRealm->setEnabled(false);
|
|
base->btnDeactivateRealm->setEnabled(false);
|
|
base->btnRemoveRealm->setEnabled(false);
|
|
base->btnRealmProperties->setEnabled(false);
|
|
}
|
|
}
|
|
|
|
void LDAPConfig::bondToNewRealm() {
|
|
// RAJA FIXME
|
|
|
|
// Something will probably change
|
|
save();
|
|
|
|
BondWizard bondwizard(&m_realms, this, this);
|
|
bondwizard.exec();
|
|
|
|
// Something probably changed
|
|
load();
|
|
}
|
|
|
|
void LDAPConfig::removeRealm() {
|
|
TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
|
|
if (selrealm) {
|
|
m_realms.remove(selrealm->text(1));
|
|
updateRealmList();
|
|
changed();
|
|
}
|
|
}
|
|
|
|
int LDAPConfig::buttons() {
|
|
return KCModule::Apply|KCModule::Help;
|
|
}
|
|
|
|
TQString LDAPConfig::quickHelp() const
|
|
{
|
|
return i18n("This module configures which LDAP realms TDE uses for authentication.");
|
|
}
|