summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2013-02-28 23:48:30 -0600
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2013-02-28 23:48:30 -0600
commit9d5bebacf3dacbe843f2aeeae27bcdb67eaae5ca (patch)
tree38cd807709ef417ac268f894f8091886f3a658fc
parent660b499a222d556fb6404fdddfb6b492a42b42ac (diff)
downloadlibtdeldap-9d5bebacf3dacbe843f2aeeae27bcdb67eaae5ca.tar.gz
libtdeldap-9d5bebacf3dacbe843f2aeeae27bcdb67eaae5ca.zip
Move bonding routines into core library
-rw-r--r--src/libtdeldap.cpp183
-rw-r--r--src/libtdeldap.h3
2 files changed, 186 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 709f81a..33d3e95 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -1762,6 +1762,20 @@ int LDAPManager::deleteGroupInfo(LDAPGroupInfo group, TQString *errstr) {
return -1;
}
else {
+ // Remove the user from all member groups
+ LDAPGroupInfoList groupInfoList = groups(&retcode);
+ LDAPGroupInfoList::Iterator it;
+ for (it = groupInfoList.begin(); it != groupInfoList.end(); ++it) {
+ LDAPGroupInfo group = *it;
+ if (group.userlist.contains(user.distinguishedName)) {
+ group.userlist.remove(user.distinguishedName);
+ retcode = updateGroupInfo(group, errstr);
+ if (retcode != 0) {
+ return retcode;
+ }
+ }
+ }
+
// Delete the base DN entry
retcode = ldap_delete_ext_s(m_ldap, group.distinguishedName.ascii(), NULL, NULL);
if (retcode != LDAP_SUCCESS) {
@@ -2744,6 +2758,175 @@ TQString LDAPManager::getMachineFQDN() {
return fqdn;
}
+int LDAPManager::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
+ TQCString command = "kadmin";
+ QCStringList args;
+ args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper())) << TQCString("-r") << TQCString(adminRealm.upper());
+
+ TQString hoststring = "host/"+getMachineFQDN();
+
+ TQString prompt;
+ PtyProcess kadminProc;
+ kadminProc.exec(command, args);
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = prompt.stripWhiteSpace();
+ if (prompt == "kadmin>") {
+ command = TQCString("ext "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ if (prompt.endsWith(" Password:")) {
+ kadminProc.writeLine(adminPassword, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == "");
+ prompt = prompt.stripWhiteSpace();
+ }
+ if (prompt.contains("authentication failed")) {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+ else if (prompt.endsWith("Principal does not exist")) {
+ command = TQCString("ank --random-key "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ // Use all defaults
+ while (prompt != "kadmin>") {
+ if (prompt.endsWith(" Password:")) {
+ kadminProc.writeLine(adminPassword, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == "");
+ prompt = prompt.stripWhiteSpace();
+ }
+ if (prompt.contains("authentication failed")) {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+ else {
+ // Extract whatever default is in the [brackets] and feed it back to kadmin
+ TQString defaultParam;
+ int leftbracket = prompt.find("[");
+ int rightbracket = prompt.find("]");
+ if ((leftbracket >= 0) && (rightbracket >= 0)) {
+ leftbracket++;
+ defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
+ }
+ command = TQCString(defaultParam);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ }
+ }
+ command = TQCString("ext "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ if (prompt != "kadmin>") {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ // Success!
+ kadminProc.writeLine("quit", true);
+
+ realmcfg.bonded = true;
+ save();
+ return 0;
+ }
+ else if (prompt == "kadmin>") {
+ // Success!
+ kadminProc.writeLine("quit", true);
+
+ realmcfg.bonded = true;
+ save();
+ return 0;
+ }
+
+ // Failure
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
+ return 1; // Failure
+}
+
+int LDAPManager::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
+ Q_UNUSED(realmcfg);
+
+ TQCString command = "kadmin";
+ QCStringList args;
+ args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper()));
+
+ TQString hoststring = "host/"+getMachineFQDN();
+
+ TQString hostprinc = TQStringList::split(".", hoststring)[0];
+ hostprinc.append("@"+(adminRealm.upper()));
+
+ TQString prompt;
+ PtyProcess kadminProc;
+ kadminProc.exec(command, args);
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = prompt.stripWhiteSpace();
+ if (prompt == "kadmin>") {
+ command = TQCString("delete "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ if (prompt.endsWith(" Password:")) {
+ kadminProc.writeLine(adminPassword, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == "");
+ prompt = prompt.stripWhiteSpace();
+ }
+ if (prompt != "kadmin>") {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ // Success!
+ kadminProc.writeLine("quit", true);
+
+ // Delete keys from keytab
+ TQString commmand = TQString("ktutil remove -p %1").arg(hostprinc);
+ if (system(command) < 0) {
+ printf("ERROR: Execution of \"%s\" failed!\n\r", command.ascii());
+ return 1; // Failure
+ }
+
+ // Success!
+ return 0;
+ }
+
+ return 1; // Failure
+}
+
// ===============================================================================================================
//
// DATA CLASS CONSTRUCTORS AND DESTRUCTORS
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index d6ea2d5..f9bea53 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -426,6 +426,9 @@ class LDAPManager : public TQObject {
static TQString detailedKAdminErrorMessage(TQString initialMessage);
static TQString readFullLineFromPtyProcess(PtyProcess* proc);
+ static int bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0);
+ static int unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0);
+
private:
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);