Add Kerberos password change option to popup menuldap-updates-2025

Signed-off-by: Timothy Pearson <kb9vqf@pearsoncomputing.net>

2 files changed, 59 insertions, 0 deletions

diff --git a/src/toplevel.cpp b/src/toplevel.cpp
index ce9621b..dfd724f 100644
--- a/src/toplevel.cpp
+++ b/src/toplevel.cpp
@@ -75,6 +75,7 @@ TopLevel::TopLevel() : KSystemTray(), ticketWatch(0), m_refreshTimer(0), m_reque
 	getNewSTAct = new TDEAction(i18n("&Obtain New Primary Service Ticket"), "add_user", 0, this, TQ_SLOT(getNewServiceTicket()), actionCollection(), "getnewserviceticket");
 	getNewStandardSTAct = new TDEAction(i18n("&Obtain Authenticated Service Ticket"), "add_user", 0, this, TQ_SLOT(getNewServiceTicketWithExistingCreds()), actionCollection(), "getstandardserviceticket");
 	destroyAllAct = new TDEAction(i18n("&Destroy All Tickets"), "delete_user", 0, this, TQ_SLOT(destroyAllTickets()), actionCollection(), "destroyall");
+	changePasswordAct = new TDEAction(i18n("&Change Kerberos Password"), "edit_user", 0, this, TQ_SLOT(changeKerberosPassword()), actionCollection(), "changekerberospassword");
 	confAct = new TDEAction(i18n("&Configure..."), "configure", 0, this, TQ_SLOT(config()), actionCollection(), "configure");
 
 	// create app menu (displayed on right-click)
@@ -90,6 +91,8 @@ TopLevel::TopLevel() : KSystemTray(), ticketWatch(0), m_refreshTimer(0), m_reque
 	getNewStandardSTAct->plug(menu);
 	destroyAllAct->plug(menu);
 	menu->insertSeparator();
+	changePasswordAct->plug(menu);
+	menu->insertSeparator();
 	confAct->plug(menu);
 	menu->insertItem(SmallIcon("help"), i18n("&Help"), helpMnu);
 	menu->insertItem(SmallIcon("system-log-out"), i18n("Quit"), tdeApp, TQ_SLOT(quit()));
@@ -286,6 +289,7 @@ void TopLevel::getNewTicket(bool requestServiceTicket) {
 	updateTicketList();
 }
 
+
 void TopLevel::getNewTGT() {
 	getNewTicket(false);
 }
@@ -314,6 +318,59 @@ void TopLevel::destroyAllTickets() {
 	updateTicketList();
 }
 
+void TopLevel::changeKerberosPassword() {
+	bool allow_card = false;
+	TDEGenericDevice *hwdevice;
+	TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
+	TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
+	for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
+		TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+		TQString login_name = TQString::null;
+		X509CertificatePtrList certList = cdevice->cardX509Certificates();
+		if (certList.count() > 0) {
+			KSSLCertificate* card_cert = NULL;
+			card_cert = KSSLCertificate::fromX509(certList[0]);
+			TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false);
+			for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) {
+				TQString lcpart = (*it).lower();
+				if (lcpart.startsWith("cn=")) {
+					login_name = lcpart.right(lcpart.length() - strlen("cn="));
+				}
+			}
+			delete card_cert;
+		}
+		if (login_name != "") {
+			allow_card = true;
+			break;
+		}
+	}
+
+	LDAPCredentials oldCredentials;
+	LDAPCredentials newCredentials;
+	if (m_ticketList.count() > 0) {
+		TQStringList princParts = TQStringList::split("@", m_ticketList[0].cachePrincipal);
+		oldCredentials.username = princParts[0];
+		oldCredentials.realm = princParts[1];
+	}
+	else {
+		struct passwd* pwd = getpwuid(geteuid());
+		if (pwd) {
+			oldCredentials.username = TQString(pwd->pw_name);
+		}
+	}
+	int result = LDAPManager::getNewKerberosPassword(oldCredentials, newCredentials, i18n("Please provide new Kerberos credentials below"), allow_card, this);
+	if (result == KDialog::Accepted) {
+		TQString errorstring;
+		TQString service;
+		if (LDAPManager::changeKerberosPassword(oldCredentials, newCredentials, service, &errorstring) == 0) {
+			KMessageBox::information(this, i18n("<qt>Password changed successfully</qt>"), i18n("Kerberos password changed"));
+		}
+		else {
+			KMessageBox::error(this, i18n("<qt>Failed to change password<p>%1</qt>").arg(errorstring), i18n("Failed to change Kerberos password"));
+		}
+	}
+}
+
 void TopLevel::resizeEvent (TQResizeEvent *)
 {
 	activeTicketsPixmap = loadSizedIcon("kerberos_activetickets", width());
diff --git a/src/toplevel.h b/src/toplevel.h
index 71e22b9..b24cbb8 100644
--- a/src/toplevel.h
+++ b/src/toplevel.h
@@ -73,6 +73,7 @@ private slots:
 	void getNewTicket(bool requestServiceTicket=false);
 	void destroyAllTickets();
 	void showTicketList();
+	void changeKerberosPassword();
 	void menuAction(int index);
 
 private:
@@ -87,6 +88,7 @@ private:
 	TDEAction *getNewSTAct;
 	TDEAction *getNewStandardSTAct;
 	TDEAction *destroyAllAct;
+	TDEAction *changePasswordAct;
 	TQPopupMenu *menu;
 	TQString lastTip;
 	KerberosTicketInfoList m_ticketList;