From dbaffcee8670af6f571356c43d26357237fcd616 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sun, 20 May 2012 02:21:04 -0500 Subject: GUI nearly complete, still need to add backend bonding commands --- src/Makefile.am | 2 +- src/bondfinishpagedlg.ui | 65 ++++++++++++++++--- src/bondrealmpage.cpp | 15 +++++ src/bondrealmpage.h | 3 + src/bondwizard.cpp | 24 ++++++- src/bondwizard.h | 1 + src/ldap.cpp | 159 +++++++++++++++++++++++++++++++++++++++++++++-- src/ldap.h | 8 +++ src/ldapconfigbase.ui | 63 ++++++++++++++++++- src/ldappasswddlg.cpp | 51 +++++++++++++++ src/ldappasswddlg.h | 43 +++++++++++++ 11 files changed, 415 insertions(+), 19 deletions(-) create mode 100644 src/ldappasswddlg.cpp create mode 100644 src/ldappasswddlg.h diff --git a/src/Makefile.am b/src/Makefile.am index 2d17844..ba0703e 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,7 +4,7 @@ METASOURCES = AUTO # Install this plugin in the KDE modules directory kde_module_LTLIBRARIES = kcm_ldap.la -kcm_ldap_la_SOURCES = ldap.cpp ldapconfigbase.ui realmpropertiesdialog.cpp bondintropage.cpp bondintropagedlg.ui bondrealmpage.cpp bondrealmpagedlg.ui bondfinishpage.cpp bondfinishpagedlg.ui bondwizard.cpp +kcm_ldap_la_SOURCES = ldap.cpp ldapconfigbase.ui realmpropertiesdialog.cpp bondintropage.cpp bondintropagedlg.ui bondrealmpage.cpp bondrealmpagedlg.ui bondfinishpage.cpp bondfinishpagedlg.ui bondwizard.cpp ldappasswddlg.cpp kcm_ldap_la_LIBADD = -lkio $(LIB_TDEUI) kcm_ldap_la_LDFLAGS = -avoid-version -module -no-undefined \ $(all_libraries) diff --git a/src/bondfinishpagedlg.ui b/src/bondfinishpagedlg.ui index 448fdd8..00778f1 100644 --- a/src/bondfinishpagedlg.ui +++ b/src/bondfinishpagedlg.ui @@ -4,14 +4,6 @@ BondFinishPageDlg - - - 0 - 0 - 678 - 452 - - unnamed @@ -47,7 +39,62 @@ 0 - + + + yad_string + + + <h3>You're almost done!</h3> + + + + + passprompt + + + Please provide LDAP realm administrator credentials below to complete the bonding process + + + + + unnamed + + + Username + + + + + ldapAdminUsername + + + + + unnamed + + + Password + + + + + ldapAdminPassword + + + + + unnamed + + + LDAP Realm + + + + + ldapAdminRealm + + + Spacer6 diff --git a/src/bondrealmpage.cpp b/src/bondrealmpage.cpp index 80f047a..e244e84 100644 --- a/src/bondrealmpage.cpp +++ b/src/bondrealmpage.cpp @@ -31,6 +31,7 @@ #include #include #include +#include #include #include @@ -44,6 +45,8 @@ BondRealmPage::BondRealmPage(TQWidget *parent, const char *name ) : BondRealmPag connect(txtKDC, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); connect(txtAdminServer, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); + connect(txtRealmName, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(realmNameChanged())); + m_parentWizard = dynamic_cast(parent); m_parentDialog = dynamic_cast(parent); } @@ -71,4 +74,16 @@ void BondRealmPage::validateEntries() { } } +void BondRealmPage::realmNameChanged() { + TQString realmName = txtRealmName->text(); + txtRealmName->setText(realmName.upper()); + + TQString defaultDomainAliases; + defaultDomainAliases = realmName.lower(); + defaultDomainAliases += "\n"; + defaultDomainAliases += "."; + defaultDomainAliases += realmName.lower(); + txtDomains->setText(defaultDomainAliases); +} + #include "bondrealmpage.moc" diff --git a/src/bondrealmpage.h b/src/bondrealmpage.h index a73e166..21b8169 100644 --- a/src/bondrealmpage.h +++ b/src/bondrealmpage.h @@ -43,6 +43,9 @@ public: public slots: void validateEntries(); +private slots: + void realmNameChanged(); + private: KWizard* m_parentWizard; KDialogBase* m_parentDialog; diff --git a/src/bondwizard.cpp b/src/bondwizard.cpp index eeddfa6..03ca5a6 100644 --- a/src/bondwizard.cpp +++ b/src/bondwizard.cpp @@ -42,6 +42,7 @@ #include #include #include +#include #include @@ -77,6 +78,9 @@ BondWizard::BondWizard(LDAPRealmConfigList *realmlist, LDAPConfig *ldapconfig, T realmpage->txtUIDOffset->setValue(5000); realmpage->txtGIDOffset->setValue(5000); + // Other setup + finishpage->ldapAdminRealm->setEnabled(false); + setFinishEnabled(TQWizard::page(2), true); setPosition(); @@ -112,6 +116,8 @@ void BondWizard::next() { if (!m_realmList->contains(realm.name)) { m_realmList->insert(realm.name, realm); m_ldapConfig->save(); + finishpage->ldapAdminRealm->setText(realm.name); + m_finalRealm = realm; TQWizard::next(); } else { @@ -119,6 +125,7 @@ void BondWizard::next() { } } if (currentPage()==finishpage) { + backButton()->setEnabled(false); finishButton()->setFocus(); } } @@ -141,7 +148,13 @@ bool BondWizard::askClose(){ text = i18n("

Are you sure you want to quit the LDAP Bonding Wizard?

" "

If yes, click Quit and all changes will be lost." "
If not, click Cancel to return and finish your setup.

"); - } else { + } + else if (currentPage()==finishpage) { + text = i18n("

Are you sure you want to quit the LDAP Bonding Wizard?

" + "

If yes, click Quit and the new realm will remain deactivated pending bonding." + "
If not, click Cancel to return and finish your setup.

"); + } + else { text = i18n("

Are you sure you want to quit the LDAP Bonding Wizard?

" "

If not, click Cancel to return and finish bonding.

"); } @@ -174,7 +187,14 @@ void BondWizard::closeEvent(TQCloseEvent* e){ /** maybe call a dialog that the wizard has finished. */ void BondWizard::accept(){ - done(0); + // Try to bond + if (m_ldapConfig->bondRealm(m_finalRealm, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text()) == 0) { + done(0); + } + else { + KMessageBox::error(this, i18n("Unable to bond to realm!

RAJA ERRORSTR"), i18n("Unable to Bond to Realm")); + // RAJA FIXME + } } /** calls all save functions after resetting all features/ OS/ theme selections to Trinity default */ diff --git a/src/bondwizard.h b/src/bondwizard.h index 4296bb7..8256539 100644 --- a/src/bondwizard.h +++ b/src/bondwizard.h @@ -73,6 +73,7 @@ private: bool realm_dirty; LDAPRealmConfigList* m_realmList; LDAPConfig* m_ldapConfig; + LDAPRealmConfig m_finalRealm; protected: // Protected methods // the close button on the titlebar sets e->accept() which we don't want. diff --git a/src/ldap.cpp b/src/ldap.cpp index 2b230ba..306d8c6 100644 --- a/src/ldap.cpp +++ b/src/ldap.cpp @@ -34,14 +34,20 @@ #include #include #include +#include +#include +#include +#include #include "ldap.h" #include "bondwizard.h" +#include "ldappasswddlg.h" #include "realmpropertiesdialog.h" // FIXME // Connect this to CMake/Automake #define KDE_CONFDIR "/etc/trinity" +#define KRB5_FILE "/etc/krb5.conf" typedef KGenericFactory ldapFactory; @@ -72,12 +78,16 @@ LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&) setUseRootOnlyMsg(true); connect(base->systemEnableSupport, TQT_SIGNAL(clicked()), this, TQT_SLOT(changed())); + connect(base->defaultRealm, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed())); + connect(base->ticketLifetime, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed())); connect(base->systemEnableSupport, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts())); connect(base->ldapRealmList, TQT_SIGNAL(selectionChanged()), this, TQT_SLOT(processLockouts())); - connect(base->btnBondRealm, TQT_SIGNAL(clicked()), TQT_SLOT(bondToNewRealm())); - connect(base->btnRemoveRealm, TQT_SIGNAL(clicked()), TQT_SLOT(removeRealm())); - connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), TQT_SLOT(realmProperties())); + connect(base->btnBondRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(bondToNewRealm())); + connect(base->btnReBondRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(reBondToRealm())); + connect(base->btnRemoveRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(removeRealm())); + connect(base->btnDeactivateRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(deactivateRealm())); + connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), this, TQT_SLOT(realmProperties())); load(); @@ -94,7 +104,6 @@ LDAPConfig::~LDAPConfig() { void LDAPConfig::load() { kgs = new KGlobalSettings(); - KStandardDirs *ksd = new KStandardDirs(); load(false); } @@ -106,6 +115,8 @@ void LDAPConfig::load(bool useDefaults ) systemconfig->setGroup(NULL); base->systemEnableSupport->setChecked(systemconfig->readBoolEntry("EnableLDAP", false)); + m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null); + m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400); // Load realms m_realms.clear(); @@ -137,6 +148,7 @@ void LDAPConfig::load(bool useDefaults ) } } + base->ticketLifetime->setValue(m_ticketLifetime); updateRealmList(); processLockouts(); @@ -146,11 +158,22 @@ void LDAPConfig::load(bool useDefaults ) void LDAPConfig::updateRealmList() { base->ldapRealmList->clear(); + base->defaultRealm->clear(); LDAPRealmConfigList::Iterator it; for (it = m_realms.begin(); it != m_realms.end(); ++it) { LDAPRealmConfig realmcfg = it.data(); (void)new TQListViewItem(base->ldapRealmList, ((realmcfg.bonded)?i18n("Bonded"):i18n("Deactivated")), realmcfg.name); + base->defaultRealm->insertItem(realmcfg.name); } + if (m_defaultRealm != "") { + for (int i=0; idefaultRealm->count(); i++) { + if (base->defaultRealm->text(i) == m_defaultRealm) { + base->defaultRealm->setCurrentItem(i); + break; + } + } + } + processLockouts(); } void LDAPConfig::defaults() { @@ -161,6 +184,15 @@ void LDAPConfig::save() { // Write system configuration systemconfig->setGroup(NULL); systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked()); + m_defaultRealm = base->defaultRealm->currentText(); + m_ticketLifetime = base->ticketLifetime->value(); + if (m_defaultRealm != "") { + systemconfig->writeEntry("DefaultRealm", m_defaultRealm); + } + else { + systemconfig->deleteEntry("DefaultRealm"); + } + systemconfig->writeEntry("TicketLifetime", m_ticketLifetime); LDAPRealmConfigList::Iterator it; for (it = m_realms.begin(); it != m_realms.end(); ++it) { @@ -198,8 +230,8 @@ void LDAPConfig::save() { systemconfig->sync(); - // RAJA FIXME - // Write the appropriate /etc/krb5.conf file here! + // Write the Kerberos5 configuration file + writeKrb5ConfFile(); load(); } @@ -247,6 +279,32 @@ void LDAPConfig::bondToNewRealm() { load(); } +void LDAPConfig::reBondToRealm() { + TQListViewItem *selrealm = base->ldapRealmList->selectedItem(); + if (selrealm) { + TQString realmName = selrealm->text(1); + LDAPRealmConfig realmcfg = m_realms[realmName]; + if (realmcfg.bonded == false) { + // Password prompt... + TQString errorString; + LDAPPasswordDialog passdlg(this); + if (passdlg.exec() == TQDialog::Accepted) { + if (bondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) { + // Success! + realmcfg.bonded = true; + m_realms.remove(realmName); + m_realms.insert(realmName, realmcfg); + save(); + } + else { + KMessageBox::error(this, i18n("Unable to bond to realm!

%1").arg(errorString), i18n("Unable to Bond to Realm")); + } + } + } + } + updateRealmList(); +} + void LDAPConfig::removeRealm() { TQListViewItem *selrealm = base->ldapRealmList->selectedItem(); if (selrealm) { @@ -256,6 +314,43 @@ void LDAPConfig::removeRealm() { } } +void LDAPConfig::deactivateRealm() { + TQListViewItem *selrealm = base->ldapRealmList->selectedItem(); + if (selrealm) { + TQString realmName = selrealm->text(1); + LDAPRealmConfig realmcfg = m_realms[realmName]; + if (realmcfg.bonded == true) { + // Password prompt... + TQString errorString; + LDAPPasswordDialog passdlg(this); + passdlg.m_base->passprompt->setText(i18n("Please provide LDAP realm administrator credentials below to complete the unbonding process")); + if (passdlg.exec() == TQDialog::Accepted) { + if (unbondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) { + // Success! + realmcfg.bonded = false; + m_realms.remove(realmName); + m_realms.insert(realmName, realmcfg); + save(); + } + else { + KMessageBox::error(this, i18n("Unable to unbond from realm!

%1").arg(errorString), i18n("Unable to Unbond from Realm")); + } + } + } + } + updateRealmList(); +} + +int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) { + // RAJA FIXME + return 1; // Failure +} + +int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) { + // RAJA FIXME + return 1; // Failure +} + void LDAPConfig::realmProperties() { TQListViewItem *selrealm = base->ldapRealmList->selectedItem(); if (selrealm) { @@ -267,6 +362,58 @@ void LDAPConfig::realmProperties() { } } +void LDAPConfig::writeKrb5ConfFile() { + TQFile file(KRB5_FILE); + if (file.open(IO_WriteOnly)) { + TQTextStream stream( &file ); + + stream << "# This file was automatically generated by TDE\n"; + stream << "# All changes will be lost!\n"; + stream << "\n"; + + // Defaults + // FIXME + // These should be configurable! + stream << "[libdefaults]\n"; + stream << " ticket_lifetime = " << m_ticketLifetime << "\n"; + if (m_defaultRealm != "") { + stream << " default_realm = " << m_defaultRealm << "\n"; + } + stream << " default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n"; + stream << " default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n"; + stream << "\n"; + + // Realms + stream << "[realms]\n"; + LDAPRealmConfigList::Iterator it; + for (it = m_realms.begin(); it != m_realms.end(); ++it) { + LDAPRealmConfig realmcfg = it.data(); + stream << " " << realmcfg.name << " = {\n"; + stream << " kdc = " << realmcfg.kdc << ":" << realmcfg.kdc_port << "\n"; + stream << " admin_server = " << realmcfg.admin_server << ":" << realmcfg.admin_server_port << "\n"; + stream << " pkinit_require_eku = " << (realmcfg.pkinit_require_eku?"true":"false") << "\n"; + stream << " pkinit_require_krbtgt_otherName = " << (realmcfg.pkinit_require_krbtgt_otherName?"true":"false") << "\n"; + stream << " win2k_pkinit = " << (realmcfg.win2k_pkinit?"yes":"no") << "\n"; + stream << " win2k_pkinit_require_binding = " << (realmcfg.win2k_pkinit_require_binding?"yes":"no") << "\n"; + stream << " }\n"; + } + stream << "\n"; + + // Domain aliases + stream << "[domain_realm]\n"; + LDAPRealmConfigList::Iterator it2; + for (it2 = m_realms.begin(); it2 != m_realms.end(); ++it2) { + LDAPRealmConfig realmcfg = it2.data(); + TQStringList domains = realmcfg.domain_mappings; + for (TQStringList::Iterator it3 = domains.begin(); it3 != domains.end(); ++it3 ) { + stream << " " << *it3 << " = " << realmcfg.name << "\n"; + } + } + + file.close(); + } +} + int LDAPConfig::buttons() { return KCModule::Apply|KCModule::Help; } diff --git a/src/ldap.h b/src/ldap.h index 93cdf10..923d8f6 100644 --- a/src/ldap.h +++ b/src/ldap.h @@ -74,20 +74,28 @@ class LDAPConfig: public KCModule virtual TQString quickHelp() const; virtual const KAboutData *aboutData() const { return myAboutData; }; + int bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0); + int unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0); + private slots: void processLockouts(); void bondToNewRealm(); + void reBondToRealm(); void removeRealm(); + void deactivateRealm(); void realmProperties(); private: void updateRealmList(); + void writeKrb5ConfFile(); private: KAboutData *myAboutData; KGlobalSettings *kgs; LDAPConfigBase *base; LDAPRealmConfigList m_realms; + TQString m_defaultRealm; + int m_ticketLifetime; }; #endif diff --git a/src/ldapconfigbase.ui b/src/ldapconfigbase.ui index fa14933..bf81979 100644 --- a/src/ldapconfigbase.ui +++ b/src/ldapconfigbase.ui @@ -50,7 +50,7 @@ systemEnableSupport - &Enable LDAP + &Enable LDAP Realm Support @@ -138,6 +138,67 @@ + + + groupDefaults + + + LDAP Default Settings + + + + unnamed + + + + unnamed + + + Default Realm + + + + 0 + 0 + 0 + 0 + + + + + + defaultRealm + + + + + unnamed + + + Ticket Lifetime (seconds) + + + + 0 + 0 + 0 + 0 + + + + + + ticketLifetime + + + 60 + + + 1000000 + + + + Spacer4 diff --git a/src/ldappasswddlg.cpp b/src/ldappasswddlg.cpp new file mode 100644 index 0000000..7ddba14 --- /dev/null +++ b/src/ldappasswddlg.cpp @@ -0,0 +1,51 @@ +/*************************************************************************** + * Copyright (C) 2012 by Timothy Pearson * + * kb9vqf@pearsoncomputing.net * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * + ***************************************************************************/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "ldappasswddlg.h" + +LDAPPasswordDialog::LDAPPasswordDialog(TQWidget* parent, const char* name) + : KDialogBase(parent, name, true, i18n("LDAP Authentication"), Ok|Cancel, Ok, true) +{ + m_base = new BondFinishPage(this); + + m_base->px_introSidebar->hide(); + m_base->yad_string->hide(); + + setMainWidget(m_base); +} + +void LDAPPasswordDialog::slotOk() { + // RAJA FIXME + + accept(); +} + +#include "ldappasswddlg.moc" diff --git a/src/ldappasswddlg.h b/src/ldappasswddlg.h new file mode 100644 index 0000000..5ade3d3 --- /dev/null +++ b/src/ldappasswddlg.h @@ -0,0 +1,43 @@ +/*************************************************************************** + * Copyright (C) 2012 by Timothy Pearson * + * kb9vqf@pearsoncomputing.net * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * + ***************************************************************************/ + +#ifndef _LDAPPASSWORDDIALOG_H_ +#define _LDAPPASSWORDDIALOG_H_ + +#include + +#include "ldap.h" +#include "bondfinishpage.h" + +class LDAPPasswordDialog : public KDialogBase +{ + Q_OBJECT + +public: + LDAPPasswordDialog(TQWidget* parent = 0, const char* name = 0); + +public slots: + void slotOk(); + +public: + BondFinishPage *m_base; +}; + +#endif -- cgit v1.2.1