|
|
@ -19,10 +19,13 @@
|
|
|
|
***************************************************************************/
|
|
|
|
***************************************************************************/
|
|
|
|
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <netdb.h>
|
|
|
|
#include <netdb.h>
|
|
|
|
|
|
|
|
#include <pwd.h>
|
|
|
|
|
|
|
|
|
|
|
|
#include <tqfile.h>
|
|
|
|
#include <tqfile.h>
|
|
|
|
|
|
|
|
#include <tqcheckbox.h>
|
|
|
|
|
|
|
|
|
|
|
|
#include <klocale.h>
|
|
|
|
#include <klocale.h>
|
|
|
|
#include <kmessagebox.h>
|
|
|
|
#include <kmessagebox.h>
|
|
|
@ -44,7 +47,7 @@
|
|
|
|
// FIXME
|
|
|
|
// FIXME
|
|
|
|
// Connect this to CMake/Automake
|
|
|
|
// Connect this to CMake/Automake
|
|
|
|
#define KDE_CONFDIR "/etc/trinity"
|
|
|
|
#define KDE_CONFDIR "/etc/trinity"
|
|
|
|
#define LDAP_FILE "/etc/ldap.conf"
|
|
|
|
#define LDAP_FILE "/etc/ldap/ldap.conf"
|
|
|
|
|
|
|
|
|
|
|
|
int requested_ldap_version = LDAP_VERSION3;
|
|
|
|
int requested_ldap_version = LDAP_VERSION3;
|
|
|
|
int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection?
|
|
|
|
int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection?
|
|
|
@ -91,13 +94,21 @@ TQString ldapLikelyErrorCause(int errcode, int location) {
|
|
|
|
TQString ret;
|
|
|
|
TQString ret;
|
|
|
|
|
|
|
|
|
|
|
|
if (location == ERRORCAUSE_LOCATION_BIND) {
|
|
|
|
if (location == ERRORCAUSE_LOCATION_BIND) {
|
|
|
|
|
|
|
|
if (errcode == LDAP_SERVER_DOWN) {
|
|
|
|
|
|
|
|
ret = " * LDAP server down<br> * Invalid LDAP Certificate Authority file on client";
|
|
|
|
|
|
|
|
}
|
|
|
|
if (LDAP_NAME_ERROR(errcode)) {
|
|
|
|
if (LDAP_NAME_ERROR(errcode)) {
|
|
|
|
ret = "Unknown user name or incorrect user name format";
|
|
|
|
ret = "Unknown user name or incorrect user name format";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (ret != "") {
|
|
|
|
if (ret != "") {
|
|
|
|
ret.prepend("<p>" + i18n("Likely cause") + ":<br>");
|
|
|
|
if (ret.contains("<br>")) {
|
|
|
|
|
|
|
|
ret.prepend("<p>" + i18n("Potential causes") + ":<br>");
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
ret.prepend("<p>" + i18n("Potential cause") + ":<br>");
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
return ret;
|
|
|
@ -109,7 +120,31 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
|
|
|
|
return 0;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int use_secure_connection = 0;
|
|
|
|
bool using_ldapi = false;
|
|
|
|
|
|
|
|
if (m_host.startsWith("ldapi://")) {
|
|
|
|
|
|
|
|
using_ldapi = true;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
bool havepass = false;
|
|
|
|
|
|
|
|
if (m_creds || using_ldapi) {
|
|
|
|
|
|
|
|
havepass = true;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout);
|
|
|
|
|
|
|
|
LDAPPasswordDialog passdlg(0);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->setEnabled(false);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapUseTLS->setChecked(true);
|
|
|
|
|
|
|
|
if (passdlg.exec() == TQDialog::Accepted) {
|
|
|
|
|
|
|
|
havepass = true;
|
|
|
|
|
|
|
|
if (!m_creds) {
|
|
|
|
|
|
|
|
m_creds = new LDAPCredentials();
|
|
|
|
|
|
|
|
m_creds->username = passdlg.m_base->ldapAdminUsername->text();
|
|
|
|
|
|
|
|
m_creds->password = passdlg.m_base->ldapAdminPassword->password();
|
|
|
|
|
|
|
|
m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
|
|
|
|
|
|
|
|
m_creds->use_tls = passdlg.m_base->ldapUseTLS->isOn();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
TQString uri;
|
|
|
|
TQString uri;
|
|
|
|
if (m_host.contains("://")) {
|
|
|
|
if (m_host.contains("://")) {
|
|
|
@ -122,7 +157,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
else {
|
|
|
|
if (use_secure_connection == 1) {
|
|
|
|
if (m_creds->use_tls) {
|
|
|
|
m_port = LDAP_SECURE_PORT;
|
|
|
|
m_port = LDAP_SECURE_PORT;
|
|
|
|
uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
|
|
|
|
uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -148,25 +183,6 @@ printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout);
|
|
|
|
printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
|
|
|
|
printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
|
|
|
|
|
|
|
|
|
|
|
|
TQString errorString;
|
|
|
|
TQString errorString;
|
|
|
|
bool havepass = false;
|
|
|
|
|
|
|
|
if (m_creds) {
|
|
|
|
|
|
|
|
havepass = true;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
|
|
|
|
|
|
|
|
LDAPPasswordDialog passdlg(0);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->setEnabled(false);
|
|
|
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
|
|
|
|
|
|
|
|
if (passdlg.exec() == TQDialog::Accepted) {
|
|
|
|
|
|
|
|
havepass = true;
|
|
|
|
|
|
|
|
if (!m_creds) {
|
|
|
|
|
|
|
|
m_creds = new LDAPCredentials();
|
|
|
|
|
|
|
|
m_creds->username = passdlg.m_base->ldapAdminUsername->text();
|
|
|
|
|
|
|
|
m_creds->password = passdlg.m_base->ldapAdminPassword->password();
|
|
|
|
|
|
|
|
m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (havepass == true) {
|
|
|
|
if (havepass == true) {
|
|
|
|
char* mechanism = NULL;
|
|
|
|
char* mechanism = NULL;
|
|
|
|
struct berval cred;
|
|
|
|
struct berval cred;
|
|
|
@ -175,7 +191,7 @@ printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
|
|
|
|
cred.bv_val = pass.data();
|
|
|
|
cred.bv_val = pass.data();
|
|
|
|
cred.bv_len = pass.length();
|
|
|
|
cred.bv_len = pass.length();
|
|
|
|
printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
|
|
|
|
printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
|
|
|
|
if (!uri.startsWith("ldapi://")) {
|
|
|
|
if (!using_ldapi) {
|
|
|
|
if (!ldap_dn.contains(",")) {
|
|
|
|
if (!ldap_dn.contains(",")) {
|
|
|
|
// Look for a POSIX account with anonymous bind and the specified account name
|
|
|
|
// Look for a POSIX account with anonymous bind and the specified account name
|
|
|
|
TQString uri;
|
|
|
|
TQString uri;
|
|
|
@ -184,7 +200,7 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
|
|
|
|
uri = m_host;
|
|
|
|
uri = m_host;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
else {
|
|
|
|
if (use_secure_connection == 1) {
|
|
|
|
if (m_creds->use_tls) {
|
|
|
|
m_port = LDAP_SECURE_PORT;
|
|
|
|
m_port = LDAP_SECURE_PORT;
|
|
|
|
uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
|
|
|
|
uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -1398,11 +1414,14 @@ void LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg) {
|
|
|
|
stream << "bind_policy " << m_bindPolicy.lower() << "\n";
|
|
|
|
stream << "bind_policy " << m_bindPolicy.lower() << "\n";
|
|
|
|
stream << "pam_password " << m_passwordHash.lower() << "\n";
|
|
|
|
stream << "pam_password " << m_passwordHash.lower() << "\n";
|
|
|
|
stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
|
|
|
|
stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
|
|
|
|
|
|
|
|
stream << "tls_cacert /etc/trinity/ldap/tde-ca/public/argus5.starlink.edu.ldap.crt" << "\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
file.close();
|
|
|
|
file.close();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
chmod(LDAP_FILE, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
|
|
|
|
|
|
|
|
|
|
|
|
delete systemconfig;
|
|
|
|
delete systemconfig;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -1473,6 +1492,15 @@ TQString LDAPManager::getMachineFQDN() {
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// ===============================================================================================================
|
|
|
|
// ===============================================================================================================
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LDAPCredentials::LDAPCredentials() {
|
|
|
|
|
|
|
|
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
|
|
|
|
|
|
|
|
use_tls = true;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LDAPCredentials::~LDAPCredentials() {
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
LDAPUserInfo::LDAPUserInfo() {
|
|
|
|
LDAPUserInfo::LDAPUserInfo() {
|
|
|
|
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
|
|
|
|
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
|
|
|
|
informationValid = false;
|
|
|
|
informationValid = false;
|
|
|
|