From 691351f08aeec1ea1582e46aac8aa734321e1e13 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Mon, 28 May 2012 04:02:37 -0500 Subject: Current snapshot --- src/Makefile.am | 4 +- src/groupconfigbase.ui | 2 +- src/ldap.cpp | 98 ------------ src/ldap.h | 60 -------- src/ldapconfigbase.ui | 9 ++ src/ldaplogindlg.cpp | 2 +- src/ldapmgr.cpp | 222 +++++++++++++++++++++++++++ src/ldapmgr.h | 75 +++++++++ src/libtdeldap.cpp | 408 +++++++++++++++++++++++++++++++++++++++++++++++++ src/libtdeldap.h | 133 ++++++++++++++-- src/userconfigbase.ui | 2 +- src/userconfigdlg.cpp | 49 ++++++ src/userconfigdlg.h | 47 ++++++ 13 files changed, 937 insertions(+), 174 deletions(-) delete mode 100644 src/ldap.cpp delete mode 100644 src/ldap.h create mode 100644 src/ldapmgr.cpp create mode 100644 src/ldapmgr.h create mode 100644 src/userconfigdlg.cpp create mode 100644 src/userconfigdlg.h (limited to 'src') diff --git a/src/Makefile.am b/src/Makefile.am index b38ecd8..c49b9de 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,8 +4,8 @@ METASOURCES = AUTO # Install this plugin in the KDE modules directory kde_module_LTLIBRARIES = kcm_ldapmanager.la -kcm_ldapmanager_la_SOURCES = ldap.cpp ldapconfigbase.ui userconfigbase.ui groupconfigbase.ui libtdeldap.cpp ldaplogindlgbase.ui ldaplogindlg.cpp ldappasswddlg.cpp -kcm_ldapmanager_la_LIBADD = -lkio $(LIB_TDEUI) +kcm_ldapmanager_la_SOURCES = ldapmgr.cpp ldapconfigbase.ui userconfigbase.ui groupconfigbase.ui libtdeldap.cpp ldaplogindlgbase.ui ldaplogindlg.cpp ldappasswddlg.cpp userconfigdlg.cpp +kcm_ldapmanager_la_LIBADD = -lkio $(LIB_TDEUI) -lldap kcm_ldapmanager_la_LDFLAGS = -avoid-version -module -no-undefined \ $(all_libraries) diff --git a/src/groupconfigbase.ui b/src/groupconfigbase.ui index 721338a..2f7f8db 100644 --- a/src/groupconfigbase.ui +++ b/src/groupconfigbase.ui @@ -28,7 +28,7 @@ detailsTab - Details + POSIX diff --git a/src/ldap.cpp b/src/ldap.cpp deleted file mode 100644 index 61351d1..0000000 --- a/src/ldap.cpp +++ /dev/null @@ -1,98 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2012 by Timothy Pearson * - * kb9vqf@pearsoncomputing.net * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - ***************************************************************************/ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "ldap.h" - -typedef KGenericFactory LDAPConfigFactory; - -K_EXPORT_COMPONENT_FACTORY( kcm_ldapmanager, LDAPConfigFactory("kcmldapmanager")) - -LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&) - : KCModule(parent, name), myAboutData(0) -{ - TQVBoxLayout *layout = new TQVBoxLayout(this, KDialog::marginHint(), KDialog::spacingHint()); - base = new LDAPConfigBase(this); - layout->add(base); - - base->user_list->setAllColumnsShowFocus(true); - base->user_list->setFullWidth(true); - base->group_list->setAllColumnsShowFocus(true); - base->group_list->setFullWidth(true); - base->group_memberList->setAllColumnsShowFocus(true); - base->group_memberList->setFullWidth(true); - base->machine_list->setAllColumnsShowFocus(true); - base->machine_list->setFullWidth(true); - - load(); - - KAboutData* about = new KAboutData("ldap", I18N_NOOP("TDE LDAP Realm Manager"), "0.1", - I18N_NOOP("TDE LDAP Realm Manager Control Panel Module"), - KAboutData::License_GPL, - I18N_NOOP("(c) 2012 Timothy Pearson"), 0, 0); - - about->addAuthor("Timothy Pearson", 0, "kb9vqf@pearsoncomputing.net"); - setAboutData( about ); - - processLockouts(); -}; - -LDAPConfig::~LDAPConfig() { -} - -void LDAPConfig::load() { - kgs = new KGlobalSettings(); -} - -void LDAPConfig::defaults() { - -} - -void LDAPConfig::save() { - -} - -void LDAPConfig::processLockouts() { - // -} - -int LDAPConfig::buttons() { - return KCModule::Apply|KCModule::Help; -} - -TQString LDAPConfig::quickHelp() const -{ - return i18n("This module manages users, groups, and machines in LDAP realms."); -} diff --git a/src/ldap.h b/src/ldap.h deleted file mode 100644 index a6bf485..0000000 --- a/src/ldap.h +++ /dev/null @@ -1,60 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2012 by Timothy Pearson * - * kb9vqf@pearsoncomputing.net * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - ***************************************************************************/ - -#ifndef _LDAP_H_ -#define _LDAP_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "ldapconfigbase.h" - -class LDAPConfig: public KCModule -{ - Q_OBJECT - - public: - LDAPConfig( TQWidget *parent=0, const char *name=0, const TQStringList& = TQStringList() ); - ~LDAPConfig(); - - virtual void load(); - virtual void save(); - virtual void defaults(); - virtual int buttons(); - virtual TQString quickHelp() const; - virtual const KAboutData *aboutData() const { return myAboutData; }; - - private slots: - void processLockouts(); - - private: - KAboutData *myAboutData; - KGlobalSettings *kgs; - - LDAPConfigBase *base; -}; - -#endif diff --git a/src/ldapconfigbase.ui b/src/ldapconfigbase.ui index 768c3c6..a95763a 100644 --- a/src/ldapconfigbase.ui +++ b/src/ldapconfigbase.ui @@ -122,6 +122,9 @@ unnamed_layoutwidget1 + + 0 + userControls @@ -375,6 +378,9 @@ unnamed_layoutwidget2 + + 0 + groupControls @@ -562,6 +568,9 @@ unnamed_layoutwidget3 + + 0 + userControls diff --git a/src/ldaplogindlg.cpp b/src/ldaplogindlg.cpp index 2a3b835..f9ca3b5 100644 --- a/src/ldaplogindlg.cpp +++ b/src/ldaplogindlg.cpp @@ -42,4 +42,4 @@ LDAPLogin::~LDAPLogin(){ // } -#include "ldaplogindlg.moc" +// #include "ldaplogindlg.moc" diff --git a/src/ldapmgr.cpp b/src/ldapmgr.cpp new file mode 100644 index 0000000..b853684 --- /dev/null +++ b/src/ldapmgr.cpp @@ -0,0 +1,222 @@ +/*************************************************************************** + * Copyright (C) 2012 by Timothy Pearson * + * kb9vqf@pearsoncomputing.net * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * + ***************************************************************************/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "ldapmgr.h" + +#include "libtdeldap.h" +#include "ldappasswddlg.h" +#include "userconfigdlg.h" + +// FIXME +// Connect this to CMake/Automake +#define KDE_CONFDIR "/etc/trinity" + +typedef KGenericFactory LDAPConfigFactory; + +K_EXPORT_COMPONENT_FACTORY( kcm_ldapmanager, LDAPConfigFactory("kcmldapmanager")) + +LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&) + : KCModule(parent, name), myAboutData(0), m_ldapmanager(0) +{ + m_systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" )); + + TQVBoxLayout *layout = new TQVBoxLayout(this, KDialog::marginHint(), KDialog::spacingHint()); + base = new LDAPConfigBase(this); + layout->add(base); + + base->user_list->setAllColumnsShowFocus(true); + base->user_list->setFullWidth(true); + base->group_list->setAllColumnsShowFocus(true); + base->group_list->setFullWidth(true); + base->group_memberList->setAllColumnsShowFocus(true); + base->group_memberList->setFullWidth(true); + base->machine_list->setAllColumnsShowFocus(true); + base->machine_list->setFullWidth(true); + + base->user_loginName->setEnabled(false); + base->user_uid->setEnabled(false); + base->user_primaryGroup->setEnabled(false); + base->user_realName->setEnabled(false); + base->user_status->setEnabled(false); + base->user_secondaryGroups->setEnabled(false); + + connect(base->user_ldapRealm, TQT_SIGNAL(highlighted(const TQString&)), this, TQT_SLOT(connectToRealm(const TQString&))); + connect(base->user_list, TQT_SIGNAL(selectionChanged()), this, TQT_SLOT(userHighlighted())); + + connect(base->user_buttonModify, TQT_SIGNAL(clicked()), this, TQT_SLOT(modifySelectedUser())); + + load(); + + KAboutData* about = new KAboutData("ldap", I18N_NOOP("TDE LDAP Realm Manager"), "0.1", + I18N_NOOP("TDE LDAP Realm Manager Control Panel Module"), + KAboutData::License_GPL, + I18N_NOOP("(c) 2012 Timothy Pearson"), 0, 0); + + about->addAuthor("Timothy Pearson", 0, "kb9vqf@pearsoncomputing.net"); + setAboutData( about ); + + processLockouts(); +}; + +LDAPConfig::~LDAPConfig() { + delete m_systemconfig; +} + +void LDAPConfig::load() { + // Load realms + int i; + base->user_ldapRealm->clear(); + TQStringList cfgRealms = m_systemconfig->groupList(); + for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) { + if ((*it).startsWith("LDAPRealm-")) { + m_systemconfig->setGroup(*it); + TQString realmName=*it; + realmName.remove(0,strlen("LDAPRealm-")); + base->user_ldapRealm->insertItem(realmName); + } + } + TQString defaultRealm = m_systemconfig->readEntry("DefaultRealm", TQString::null); + if (defaultRealm != "") { + for (i=0; iuser_ldapRealm->count(); i++) { + if (base->user_ldapRealm->text(i).lower() == defaultRealm.lower()) { + base->user_ldapRealm->setCurrentItem(i); + break; + } + } + } + connectToRealm(base->user_ldapRealm->currentText().upper()); +} + +void LDAPConfig::defaults() { + +} + +void LDAPConfig::save() { + +} + +void LDAPConfig::processLockouts() { + // +} + +void LDAPConfig::connectToRealm(const TQString& realm) { + if (m_ldapmanager) { + if (m_ldapmanager->realm() == realm) { + return; + } + delete m_ldapmanager; + } + + m_systemconfig->setGroup("LDAPRealm-" + realm); + TQString host = m_systemconfig->readEntry("admin_server"); + m_ldapmanager = new LDAPManager(realm, host); + + populateUsers(); + // RAJA FIXME + // Groups?? Machines?? +} + +void LDAPConfig::populateUsers() { + m_userInfoList = m_ldapmanager->users(); + updateUsersList(); +} + +void LDAPConfig::updateUsersList() { + base->user_list->clear(); + LDAPUserInfoList::Iterator it; + for (it = m_userInfoList.begin(); it != m_userInfoList.end(); ++it) { + LDAPUserInfo user = *it; + (void)new TQListViewItem(base->user_list, user.name, user.commonName, TQString("%1").arg(user.uid)); + } + processLockouts(); +} + +LDAPUserInfo LDAPConfig::findUserInfoByNameAndUID(TQString name, TQString uid) { + // Figure out which user is selected + LDAPUserInfoList::Iterator it; + for (it = m_userInfoList.begin(); it != m_userInfoList.end(); ++it) { + LDAPUserInfo user = *it; + if ((user.name == name) && (TQString("%1").arg(user.uid) == uid)) { + return user; + } + } + return LDAPUserInfo(); +} + +LDAPUserInfo LDAPConfig::selectedUser() { + TQListViewItem* lvi = base->user_list->currentItem(); + if (!lvi) { + return LDAPUserInfo(); + } + return findUserInfoByNameAndUID(lvi->text(0), lvi->text(2)); +} + +void LDAPConfig::userHighlighted() { + // Show information in the quick view area + LDAPUserInfo user = selectedUser(); + + base->user_loginName->setText(user.name); + base->user_uid->setText(TQString("%1").arg(user.uid)); + base->user_primaryGroup->setText(TQString("%1").arg(user.primary_gid)); + base->user_realName->setText(user.commonName); + base->user_status->setText((user.status == KRB5_DISABLED_ACCOUNT)?"Disabled":"Enabled"); + base->user_secondaryGroups->setText("RAJA FIXME"); + + processLockouts(); +} + +void LDAPConfig::modifySelectedUser() { + // Launch a dialog to edit the user + LDAPUserInfo user = selectedUser(); + + // RAJA FIXME + UserConfigDialog userconfigdlg(user, this); + if (userconfigdlg.exec() == TQDialog::Accepted) { + } +} + +int LDAPConfig::buttons() { + return KCModule::Apply|KCModule::Help; +} + +TQString LDAPConfig::quickHelp() const +{ + return i18n("This module manages users, groups, and machines in LDAP realms."); +} diff --git a/src/ldapmgr.h b/src/ldapmgr.h new file mode 100644 index 0000000..46b69de --- /dev/null +++ b/src/ldapmgr.h @@ -0,0 +1,75 @@ +/*************************************************************************** + * Copyright (C) 2012 by Timothy Pearson * + * kb9vqf@pearsoncomputing.net * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * + ***************************************************************************/ + +#ifndef _LDAPMGR_H_ +#define _LDAPMGR_H_ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "libtdeldap.h" +#include "ldapconfigbase.h" + +class KSimpleConfig; + +class LDAPConfig: public KCModule +{ + Q_OBJECT + + public: + LDAPConfig( TQWidget *parent=0, const char *name=0, const TQStringList& = TQStringList() ); + ~LDAPConfig(); + + virtual void load(); + virtual void save(); + virtual void defaults(); + virtual int buttons(); + virtual TQString quickHelp() const; + virtual const KAboutData *aboutData() const { return myAboutData; }; + + private slots: + void processLockouts(); + void connectToRealm(const TQString&); + void populateUsers(); + void updateUsersList(); + void userHighlighted(); + void modifySelectedUser(); + + private: + LDAPUserInfo findUserInfoByNameAndUID(TQString name, TQString uid); + LDAPUserInfo selectedUser(); + + private: + KAboutData *myAboutData; + + LDAPConfigBase *base; + KSimpleConfig *m_systemconfig; + LDAPManager *m_ldapmanager; + + LDAPUserInfoList m_userInfoList; +}; + +#endif diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index e69de29..f6f7466 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -0,0 +1,408 @@ +/*************************************************************************** + * Copyright (C) 2012 by Timothy Pearson * + * kb9vqf@pearsoncomputing.net * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * + ***************************************************************************/ + +#include +#include +#include +#include + +#include +#include +#include + +#include "libtdeldap.h" +#include "ldappasswddlg.h" + +#define LDAP_INSECURE_PORT 389 +#define LDAP_SECURE_PORT 636 + +int requested_ldap_version = LDAP_VERSION3; +int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection? +char* ldap_user_and_operational_attributes[2] = {"*", "+"}; + +LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(0), m_ldap(0) +{ + TQStringList domainChunks = TQStringList::split(".", realm.lower()); + m_basedc = "dc=" + domainChunks.join(",dc="); +} + +LDAPManager::~LDAPManager() { + unbind(true); +} + +TQString LDAPManager::realm() { + return m_realm; +} + +int LDAPManager::bind() { + if (m_ldap) { + return 0; + } + + int use_secure_connection = 0; + + TQString uri; + if (use_secure_connection == 1) { + m_port = LDAP_SECURE_PORT; + uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port); + } + else { + m_port = LDAP_INSECURE_PORT; + uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port); + } + + int retcode = ldap_initialize(&m_ldap, uri.ascii()); + if (retcode < 0) { + KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + return -1; + } + retcode = ldap_set_option(m_ldap, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version); + if (retcode != LDAP_OPT_SUCCESS) { + KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + return -1; + } + + TQString errorString; + LDAPPasswordDialog passdlg(0); + passdlg.m_base->ldapAdminRealm->setEnabled(false); + passdlg.m_base->ldapAdminRealm->setText(m_realm); + if (passdlg.exec() == TQDialog::Accepted) { + char* mechanism = NULL; + struct berval cred; + TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text(); + TQCString pass = passdlg.m_base->ldapAdminPassword->password(); + cred.bv_val = pass.data(); + cred.bv_len = pass.length(); + + if (!ldap_dn.contains(",")) { + // Look for a POSIX account with anonymous bind and the specified account name + TQString uri; + LDAP* ldapconn; + if (use_secure_connection == 1) { + m_port = LDAP_SECURE_PORT; + uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port); + } + else { + m_port = LDAP_INSECURE_PORT; + uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port); + } + int retcode = ldap_initialize(&ldapconn, uri.ascii()); + if (retcode < 0) { + KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + return -1; + } + retcode = ldap_set_option(ldapconn, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version); + if (retcode != LDAP_OPT_SUCCESS) { + KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + return -1; + } + struct berval anoncred; + anoncred.bv_val = ""; + anoncred.bv_len = strlen(""); + retcode = ldap_sasl_bind_s(ldapconn, "", mechanism, &anoncred, NULL, NULL, NULL); + if (retcode == LDAP_SUCCESS ) { + // Look for the DN for the specified user + LDAPMessage* msg; + TQString ldap_base_dn = m_basedc; + TQString ldap_filter = TQString("(&(objectclass=posixAccount)(uid=%1))").arg(passdlg.m_base->ldapAdminUsername->text()); + struct timeval timeout; + timeout.tv_sec = 10; // 10 second timeout + retcode = ldap_search_ext_s(ldapconn, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), NULL, 0, NULL, NULL, &timeout, 0, &msg); + if (retcode != LDAP_SUCCESS) { + KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + } + else { + // Iterate through the returned entries + char* dn = NULL; + LDAPMessage* entry; + for(entry = ldap_first_entry(ldapconn, msg); entry != NULL; entry = ldap_next_entry(ldapconn, entry)) { + if((dn = ldap_get_dn(ldapconn, entry)) != NULL) { + ldap_dn = dn; + ldap_memfree(dn); + } + } + } + // clean up + ldap_msgfree(msg); + + // All done! + ldap_unbind_ext_s(ldapconn, NULL, NULL); + } + } + + retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); + + if (retcode != LDAP_SUCCESS ) { + KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + return -1; + } + + return 0; + } + else { + return -2; + } + + return -3; +} + +int LDAPManager::unbind(bool force) { + if (!m_ldap) { + return 0; + } + + int retcode = ldap_unbind_ext_s(m_ldap, NULL, NULL); + if ((retcode < 0) && (force == false)) { + KMessageBox::error(0, i18n("Unable to disconnect from LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!")); + return retcode; + } + else { + m_ldap = 0; + } + return retcode; +} + +LDAPUserInfoList LDAPManager::users() { + int retcode; + LDAPUserInfoList users; +printf("[RAJA DEBUG 100.0] In LDAPManager::users()\n\r"); fflush(stdout); + + if (bind() < 0) { + return LDAPUserInfoList(); + } + else { +printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(stdout); + LDAPMessage* msg; + TQString ldap_base_dn = m_basedc; + TQString ldap_filter = "(objectClass=posixAccount)"; + struct timeval timeout; + timeout.tv_sec = 10; // 10 second timeout + retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, &timeout, 0, &msg); + if (retcode != LDAP_SUCCESS) { + KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return LDAPUserInfoList(); + } + +printf("[RAJA DEBUG 100.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); + + // Iterate through the returned entries + char* dn = NULL; + char* attr; + struct berval **vals; + BerElement* ber; + LDAPMessage* entry; + int i; + for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { + if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { + printf("Returned dn: %s\n", dn); + ldap_memfree(dn); + } + + LDAPUserInfo userinfo; + for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { + if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { +printf("%s: %s\n\r", attr, vals[i]->bv_val); + userinfo.informationValid = true; + TQString ldap_field = attr; + i=0; + if (ldap_field == "uid") { + userinfo.name = vals[i]->bv_val; + } + else if (ldap_field == "uidNumber") { + userinfo.uid = atoi(vals[i]->bv_val); + } + else if (ldap_field == "loginShell") { + userinfo.shell = vals[i]->bv_val; + } + else if (ldap_field == "homeDirectory") { + userinfo.homedir = vals[i]->bv_val; + } + else if (ldap_field == "gidNumber") { + userinfo.primary_gid = atoi(vals[i]->bv_val); + } + else if (ldap_field == "krb5KDCFlags") { + userinfo.status = (LDAPKRB5Flags)(atoi(vals[i]->bv_val)); + } + else if (ldap_field == "createTimestamp") { // YYYYMMDD000000Z + userinfo.account_created = TQDateTime::fromString(vals[i]->bv_val); + } + else if (ldap_field == "modifyTimestamp") { // YYYYMMDD000000Z + userinfo.account_modified = TQDateTime::fromString(vals[i]->bv_val); + } + // FIXME + // These two attributes do not seem to be available with a Heimdal KDC + // userinfo.password_last_changed = vals[i]->bv_val; + // userinfo.password_expires = vals[i]->bv_val; + else if (ldap_field == "krb5PasswordEnd") { // YYYYMMDD000000Z + userinfo.password_expiration = TQDateTime::fromString(vals[i]->bv_val); + } + // FIXME + // These six(!) attributes do not seem to be available with a Heimdal KDC + // userinfo.password_ages = vals[i]->bv_val; + // userinfo.new_password_interval = vals[i]->bv_val; + // userinfo.new_password_warn_interval = vals[i]->bv_val; + // userinfo.new_password_lockout_delay = vals[i]->bv_val; + // userinfo.password_has_minimum_age = vals[i]->bv_val; + // userinfo.password_minimum_age = vals[i]->bv_val; + else if (ldap_field == "krb5MaxLife") { // units: hours + userinfo.maximum_ticket_lifetime = atoi(vals[i]->bv_val); + } + else if (ldap_field == "cn") { + userinfo.commonName = vals[i]->bv_val; + } + else if (ldap_field == "givenName") { + userinfo.givenName = vals[i]->bv_val; + } + else if (ldap_field == "sn") { + userinfo.surName = vals[i]->bv_val; + } + else if (ldap_field == "initials") { + userinfo.initials = vals[i]->bv_val; + } + else if (ldap_field == "title") { + userinfo.title = vals[i]->bv_val; + } + else if (ldap_field == "mail") { + userinfo.email = vals[i]->bv_val; + } + else if (ldap_field == "description") { + userinfo.description = vals[i]->bv_val; + } + else if (ldap_field == "l") { + userinfo.locality = vals[i]->bv_val; + } + else if (ldap_field == "telephoneNumber") { + userinfo.telephoneNumber = vals[i]->bv_val; + } + else if (ldap_field == "facsimileTelephoneNumber") { + userinfo.faxNumber = vals[i]->bv_val; + } + else if (ldap_field == "homePhone") { + userinfo.homePhone = vals[i]->bv_val; + } + else if (ldap_field == "mobile") { + userinfo.mobilePhone = vals[i]->bv_val; + } + else if (ldap_field == "pager") { + userinfo.pagerNumber = vals[i]->bv_val; + } + // FIXME + // This attribute is not present in my current LDAP schema + // userinfo.website = vals[i]->bv_val; + + // RAJA FIXME + // Populate these fields! +// userinfo.poBox = vals[i]->bv_val; +// userinfo.street = vals[i]->bv_val; +// userinfo.address = vals[i]->bv_val; +// userinfo.state = vals[i]->bv_val; +// userinfo.postcode = vals[i]->bv_val; +// userinfo.registeredAddress = vals[i]->bv_val; +// userinfo.homeAddress = vals[i]->bv_val; +// userinfo.seeAlso = vals[i]->bv_val; +// userinfo.deliveryOffice = vals[i]->bv_val; +// userinfo.department = vals[i]->bv_val; +// userinfo.roomNumber = vals[i]->bv_val; +// userinfo.employeeType = vals[i]->bv_val; +// userinfo.employeeNumber = vals[i]->bv_val; +// userinfo.manager = vals[i]->bv_val; +// userinfo.secretary = vals[i]->bv_val; +// userinfo.isdnNumber = vals[i]->bv_val; +// userinfo.teletexID = vals[i]->bv_val; +// userinfo.telexNumber = vals[i]->bv_val; +// userinfo.preferredDelivery = vals[i]->bv_val; +// userinfo.destinationIndicator = vals[i]->bv_val; +// userinfo.x121Address = vals[i]->bv_val; +// userinfo.displayName = vals[i]->bv_val; +// userinfo.preferredLanguage = vals[i]->bv_val; +// userinfo.uniqueIdentifier = vals[i]->bv_val; +// userinfo.businessCategory = vals[i]->bv_val; +// userinfo.carLicense = vals[i]->bv_val; +// userinfo.notes = vals[i]->bv_val; + +// for(i = 0; vals[i] != NULL; i++) { +// printf("%s: %s\n", attr, vals[i]->bv_val); +// } + ldap_value_free_len(vals); + } + ldap_memfree(attr); + } + users.append(userinfo); + + if (ber != NULL) { + ber_free(ber, 0); + } + + printf("\n\r"); + } + + // clean up + ldap_msgfree(msg); + + // RAJA FIXME + return users; + } + + return LDAPUserInfoList(); +} + +// =============================================================================================================== +// +// DATA CLASS CONSTRUCTORS AND DESTRUCTORS +// +// =============================================================================================================== + +LDAPUserInfo::LDAPUserInfo() { + // TQStrings are always initialized to TQString::null, so they don't need initialization here... + informationValid = false; + + uid = -1; + primary_gid = -1; + status = (LDAPKRB5Flags)0; + account_created = TQDateTime::fromString("01-01-1970 00:00:00"); + account_modified = TQDateTime::fromString("01-01-1970 00:00:00"); + password_last_changed = TQDateTime::fromString("01-01-1970 00:00:00"); + password_expires = false; + password_expiration = TQDateTime::fromString("01-01-1970 00:00:00"); + password_ages = false; + new_password_interval = -1; + new_password_warn_interval = -1; + new_password_lockout_delay = -1; + password_has_minimum_age = false; + password_minimum_age = -1; + maximum_ticket_lifetime = -1; +} + +LDAPUserInfo::~LDAPUserInfo() { + // +} + +LDAPGroupInfo::LDAPGroupInfo() { + // TQStrings are always initialized to TQString::null, so they don't need initialization here... + informationValid = false; + + gid = -1; +} + +LDAPGroupInfo::~LDAPGroupInfo() { + // +} + +#include "libtdeldap.moc" \ No newline at end of file diff --git a/src/libtdeldap.h b/src/libtdeldap.h index b0bfba2..1281ec3 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -22,51 +22,162 @@ #define _LIBTDELDAP_H_ #include +#include +#include #include #include #include -enum LDAPUserStatus { - USER_STATUS_ENABLED, - USER_STATUS_DISABLED +// Values from hdb.asn1 +enum LDAPKRB5Flags { + KRB5_INITIAL = 0x00000001, + KRB5_FORWARDABLE = 0x00000002, + KRB5_PROXIABLE = 0x00000004, + KRB5_RENEWABLE = 0x00000008, + KRB5_POSTDATE = 0x00000010, + KRB5_SERVER = 0x00000020, + KRB5_CLIENT = 0x00000040, + KRB5_INVALID = 0x00000080, + KRB5_REQUIRE_PREAUTH = 0x00000100, + KRB5_CHANGE_PW = 0x00000200, + KRB5_REQUIRE_HWAUTH = 0x00000400, + KRB5_OK_AS_DELEGATE = 0x00000800, + KRB5_USER_TO_USER = 0x00001000, + KRB5_IMMUTABLE = 0x00002000, + KRB5_TRUSTED_FOR_DELEGATION = 0x00004000, + KRB5_ALLOW_KERBEROS_4 = 0x00008000, + KRB5_ALLOW_DIGEST = 0x00010000, + KRB5_LOCKED_OUT = 0x00020000, + + KRB5_ACTIVE_DEFAULT = KRB5_FORWARDABLE | KRB5_RENEWABLE | KRB5_CLIENT | KRB5_CHANGE_PW, + KRB5_DISABLED_ACCOUNT = KRB5_FORWARDABLE | KRB5_SERVER | KRB5_INVALID | KRB5_REQUIRE_PREAUTH | KRB5_REQUIRE_HWAUTH | KRB5_OK_AS_DELEGATE | KRB5_USER_TO_USER, + KRB5_FLAG_MAX = 0x80000000 }; typedef TQValueList UserList; typedef TQValueList GroupList; +class LDAPCredentials +{ + public: + TQString username; + TQCString password; + TQString realm; +}; + class LDAPUserInfo { public: + LDAPUserInfo(); + ~LDAPUserInfo(); + + public: + bool informationValid; + TQString name; uid_t uid; TQString shell; TQString homedir; gid_t primary_gid; - GroupList grouplist; - LDAPUserStatus status; - TQDate password_last_changed; + LDAPKRB5Flags status; // Default active user is 586 [KRB5_ACTIVE_DEFAULT] and locked out user is 7586 [KRB5_DISABLED_ACCOUNT] + TQDateTime account_created; + TQDateTime account_modified; + TQDateTime password_last_changed; bool password_expires; - TQDate password_expiration; + TQDateTime password_expiration; bool password_ages; int new_password_interval; int new_password_warn_interval; int new_password_lockout_delay; bool password_has_minimum_age; int password_minimum_age; + int maximum_ticket_lifetime; + + // Page 1 + TQString commonName; + TQString givenName; + TQString surName; + TQString initials; + TQString title; + TQString email; + TQString description; + TQString locality; + TQString telephoneNumber; + TQString faxNumber; + TQString homePhone; + TQString mobilePhone; + TQString pagerNumber; + TQString website; + + // Page 2 + TQString poBox; + TQString street; + TQString address; + TQString state; + TQString postcode; + TQString registeredAddress; + TQString homeAddress; - TQString realName; - TQString organization; - // FIXME - // Add other attributes (cubicle, phone number, etc) + // Page 3 + TQString seeAlso; + TQString deliveryOffice; + TQString department; + TQString roomNumber; + TQString employeeType; + TQString employeeNumber; + TQString manager; + TQString secretary; + TQString isdnNumber; + TQString teletexID; + TQString telexNumber; + TQString preferredDelivery; + TQString destinationIndicator; + TQString x121Address; + TQString displayName; + TQString preferredLanguage; + TQString uniqueIdentifier; + TQString businessCategory; + TQString carLicense; + TQString notes; }; class LDAPGroupInfo { public: + LDAPGroupInfo(); + ~LDAPGroupInfo(); + + public: + bool informationValid; + TQString name; gid_t gid; UserList userlist; }; +typedef TQValueList LDAPUserInfoList; +typedef TQValueList LDAPGroupInfoList; + +class LDAPManager : public TQObject { + Q_OBJECT + + public: + LDAPManager(TQString realm, TQString host, TQObject *parent=0, const char *name=0); + ~LDAPManager(); + + TQString realm(); + int bind(); + int unbind(bool force); + LDAPUserInfoList users(); + + private: + TQString m_realm; + TQString m_host; + int m_port; + TQString m_basedc; + LDAPCredentials* m_creds; + LDAP *m_ldap; +}; + #endif // _LIBTDELDAP_H_ \ No newline at end of file diff --git a/src/userconfigbase.ui b/src/userconfigbase.ui index b568067..03c2690 100644 --- a/src/userconfigbase.ui +++ b/src/userconfigbase.ui @@ -28,7 +28,7 @@ detailsTab - Details + POSIX diff --git a/src/userconfigdlg.cpp b/src/userconfigdlg.cpp new file mode 100644 index 0000000..477585d --- /dev/null +++ b/src/userconfigdlg.cpp @@ -0,0 +1,49 @@ +/*************************************************************************** + * Copyright (C) 2012 by Timothy Pearson * + * kb9vqf@pearsoncomputing.net * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * + ***************************************************************************/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "userconfigdlg.h" + +UserConfigDialog::UserConfigDialog(LDAPUserInfo user, TQWidget* parent, const char* name) + : KDialogBase(parent, name, true, i18n("LDAP User Properties"), Ok|Cancel, Ok, true), m_user(user) +{ + m_base = new LDAPUserConfigBase(this); + setMainWidget(m_base); +} + +void UserConfigDialog::slotOk() { + accept(); +} + +LDAPUserInfo UserConfigDialog::userProperties() { + return m_user; +} + +#include "userconfigdlg.moc" diff --git a/src/userconfigdlg.h b/src/userconfigdlg.h new file mode 100644 index 0000000..6ab3033 --- /dev/null +++ b/src/userconfigdlg.h @@ -0,0 +1,47 @@ +/*************************************************************************** + * Copyright (C) 2012 by Timothy Pearson * + * kb9vqf@pearsoncomputing.net * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * + ***************************************************************************/ + +#ifndef _USERCONFIGDIALOG_H_ +#define _USERCONFIGDIALOG_H_ + +#include + +#include "libtdeldap.h" +#include "userconfigbase.h" + +class UserConfigDialog : public KDialogBase +{ + Q_OBJECT + +public: + UserConfigDialog(LDAPUserInfo user, TQWidget* parent = 0, const char* name = 0); + LDAPUserInfo userProperties(); + +public slots: + void slotOk(); + +public: + LDAPUserConfigBase *m_base; + +private: + LDAPUserInfo m_user; +}; + +#endif // _USERCONFIGDIALOG_H_ -- cgit v1.2.1