@ -38,6 +38,7 @@
# include <tdesu/process.h> # include <tdesu/process.h>
# include <ksslcertificate.h> # include <ksslcertificate.h>
# include <krfcdate.h> # include <krfcdate.h>
# include <tdehardwaredevices.h>
# include <tdecryptographiccarddevice.h> # include <tdecryptographiccarddevice.h>
# include <ldap.h> # include <ldap.h>
@ -286,7 +287,7 @@ int LDAPManager::bind(TQString* errstr) {
havepass = true ;
havepass = true ;
}
}
else {
else {
LDAPPasswordDialog passdlg ( 0 , 0 , ( m_krbTickets . count ( ) > 0 ) ;
LDAPPasswordDialog passdlg ( 0 , 0 , ( m_krbTickets . count ( ) > 0 ) , false );
passdlg . m_base - > ldapAdminRealm - > setEnabled ( false ) ;
passdlg . m_base - > ldapAdminRealm - > setEnabled ( false ) ;
passdlg . m_base - > ldapAdminRealm - > insertItem ( m_realm ) ;
passdlg . m_base - > ldapAdminRealm - > insertItem ( m_realm ) ;
passdlg . m_base - > ldapUseTLS - > setChecked ( true ) ;
passdlg . m_base - > ldapUseTLS - > setChecked ( true ) ;
@ -1655,7 +1656,7 @@ LDAPRealmConfigList LDAPManager::fetchAndReadTDERealmList(TQString *defaultRealm
return realms ;
return realms ;
} }
int LDAPManager : : getKerberosPassword ( LDAPCredentials & creds , TQString prompt , bool requestServicePrincipal , TQWidget * parent ) int LDAPManager : : getKerberosPassword ( LDAPCredentials & creds , TQString prompt , bool requestServicePrincipal , bool allowSmartCard , TQWidget * parent )
{ {
int i ;
int i ;
@ -1665,7 +1666,7 @@ int LDAPManager::getKerberosPassword(LDAPCredentials &creds, TQString prompt, bo
if ( creds . realm ! = " " ) {
if ( creds . realm ! = " " ) {
defaultRealm = creds . realm ;
defaultRealm = creds . realm ;
}
}
LDAPPasswordDialog passdlg ( parent , 0 , false ;
LDAPPasswordDialog passdlg ( parent , 0 , false , allowSmartCard );
passdlg . m_base - > ldapAdminRealm - > setEnabled ( true ) ;
passdlg . m_base - > ldapAdminRealm - > setEnabled ( true ) ;
LDAPRealmConfigList : : Iterator it ;
LDAPRealmConfigList : : Iterator it ;
i = 0 ;
i = 0 ;
@ -1693,6 +1694,13 @@ int LDAPManager::getKerberosPassword(LDAPCredentials &creds, TQString prompt, bo
creds . realm = passdlg . m_base - > ldapAdminRealm - > currentText ( ) ;
creds . realm = passdlg . m_base - > ldapAdminRealm - > currentText ( ) ;
creds . service = passdlg . m_base - > kerberosServicePrincipal - > text ( ) ;
creds . service = passdlg . m_base - > kerberosServicePrincipal - > text ( ) ;
creds . use_tls = passdlg . m_base - > ldapUseTLS - > isOn ( ) ;
creds . use_tls = passdlg . m_base - > ldapUseTLS - > isOn ( ) ;
creds . use_gssapi = false ;
if ( allowSmartCard ) {
creds . use_smartcard = passdlg . use_smartcard ;
}
else {
creds . use_smartcard = false ;
}
}
}
return ret ;
return ret ;
} }
@ -1700,6 +1708,58 @@ int LDAPManager::getKerberosPassword(LDAPCredentials &creds, TQString prompt, bo
int LDAPManager : : obtainKerberosTicket ( LDAPCredentials creds , TQString principal , TQString * errstr ) { int LDAPManager : : obtainKerberosTicket ( LDAPCredentials creds , TQString principal , TQString * errstr ) {
TQCString command = " kinit " ;
TQCString command = " kinit " ;
QCStringList args ;
QCStringList args ;
if ( creds . use_smartcard ) {
// Get PKCS#11 slot number from the LDAP configuration file
KSimpleConfig * systemconfig = new KSimpleConfig ( TQString : : fromLatin1 ( KDE_CONFDIR " /ldap/ldapconfigrc " ) ) ;
systemconfig - > setGroup ( NULL ) ;
int pkcs11_login_card_slot = systemconfig - > readNumEntry ( " PKCS11LoginCardSlot " , 0 ) ;
delete systemconfig ;
TQString pkcsProviderString = " PKCS11: " + TDECryptographicCardDevice : : pkcsProviderLibrary ( ) ;
if ( pkcs11_login_card_slot ! = 0 ) {
pkcsProviderString . append ( TQString ( " ,slot=%1 " ) . arg ( pkcs11_login_card_slot ) ) ;
}
args < < TQCString ( " -C " ) < < TQCString ( pkcsProviderString ) ;
// Find certificate on card and set credentials to match
TDEGenericDevice * hwdevice ;
TDEHardwareDevices * hwdevices = TDEGlobal : : hardwareDevices ( ) ;
TDEGenericHardwareList cardReaderList = hwdevices - > listByDeviceClass ( TDEGenericDeviceType : : CryptographicCard ) ;
for ( hwdevice = cardReaderList . first ( ) ; hwdevice ; hwdevice = cardReaderList . next ( ) ) {
TDECryptographicCardDevice * cdevice = static_cast < TDECryptographicCardDevice * > ( hwdevice ) ;
TQString username = TQString : : null ;
TQString realm = TQString : : null ;
X509CertificatePtrList certList = cdevice - > cardX509Certificates ( ) ;
if ( certList . count ( ) > 0 ) {
TQStringList : : Iterator it ;
KSSLCertificate * card_cert = NULL ;
card_cert = KSSLCertificate : : fromX509 ( certList [ 0 ] ) ;
TQStringList cert_subject_parts = TQStringList : : split ( " / " , card_cert - > getSubject ( ) , false ) ;
TQStringList reversed_cert_subject_parts ;
for ( it = cert_subject_parts . begin ( ) ; it ! = cert_subject_parts . end ( ) ; it + + ) {
reversed_cert_subject_parts . prepend ( * it ) ;
}
for ( it = reversed_cert_subject_parts . begin ( ) ; it ! = reversed_cert_subject_parts . end ( ) ; + + it ) {
TQString lcpart = ( * it ) . lower ( ) ;
if ( lcpart . startsWith ( " cn= " ) ) {
username = lcpart . right ( lcpart . length ( ) - strlen ( " cn= " ) ) ;
}
else if ( lcpart . startsWith ( " dc= " ) ) {
realm . append ( lcpart . right ( lcpart . length ( ) - strlen ( " dc= " ) ) + " . " ) ;
}
}
if ( realm . endsWith ( " . " ) ) {
realm . truncate ( realm . length ( ) - 1 ) ;
}
delete card_cert ;
}
if ( username ! = " " ) {
creds . username = username ;
creds . realm = realm ;
break ;
}
}
}
if ( principal = = " " ) {
if ( principal = = " " ) {
args < < TQCString ( creds . username + " @ " + creds . realm . upper ( ) ) ;
args < < TQCString ( creds . username + " @ " + creds . realm . upper ( ) ) ;
}
}
@ -1712,7 +1772,17 @@ int LDAPManager::obtainKerberosTicket(LDAPCredentials creds, TQString principal,
kinitProc . exec ( command , args ) ;
kinitProc . exec ( command , args ) ;
prompt = readFullLineFromPtyProcess ( & kinitProc ) ;
prompt = readFullLineFromPtyProcess ( & kinitProc ) ;
prompt = prompt . stripWhiteSpace ( ) ;
prompt = prompt . stripWhiteSpace ( ) ;
if ( prompt . endsWith ( " Password: " ) ) {
while ( prompt . endsWith ( " Password: " ) | | ( creds . use_smartcard & & prompt . contains ( " PIN " ) ) ) {
if ( creds . use_smartcard ) {
TQCString password ;
int result = KPasswordDialog : : getPassword ( password , prompt ) ;
if ( result = = KPasswordDialog : : Accepted ) {
creds . password = password ;
}
else {
return 0 ;
}
}
kinitProc . enableLocalEcho ( false ) ;
kinitProc . enableLocalEcho ( false ) ;
kinitProc . writeLine ( creds . password , true ) ;
kinitProc . writeLine ( creds . password , true ) ;
do { // Discard our own input
do { // Discard our own input
@ -3560,7 +3630,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
replicationinfo . syncDN = " cn=admin, " + m_basedc ;
replicationinfo . syncDN = " cn=admin, " + m_basedc ;
}
}
if ( ! errstr & & replicationinfo . syncPassword . isNull ( ) ) {
if ( ! errstr & & replicationinfo . syncPassword . isNull ( ) ) {
LDAPPasswordDialog passdlg ( 0 , 0 , false ;
LDAPPasswordDialog passdlg ( 0 , 0 , false , false );
passdlg . m_base - > ldapAdminRealm - > setEnabled ( false ) ;
passdlg . m_base - > ldapAdminRealm - > setEnabled ( false ) ;
passdlg . m_base - > ldapAdminRealm - > insertItem ( m_realm ) ;
passdlg . m_base - > ldapAdminRealm - > insertItem ( m_realm ) ;
passdlg . m_base - > ldapUseTLS - > hide ( ) ;
passdlg . m_base - > ldapUseTLS - > hide ( ) ;
@ -5433,6 +5503,7 @@ LDAPCredentials::LDAPCredentials() {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
use_tls = true ;
use_tls = true ;
use_gssapi = false ;
use_gssapi = false ;
use_smartcard = false ;
} }
LDAPCredentials : : ~ LDAPCredentials ( ) { LDAPCredentials : : ~ LDAPCredentials ( ) {
Timothy Pearson
9 years ago