summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2013-03-23 19:00:15 -0500
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2013-03-23 19:00:15 -0500
commitf101efbd4d4dbe7725bc2a1848ab2aa12d0de1d7 (patch)
tree968873d20df5e990f1e04d3cfda7e4346a0f280f /src
parent54f609f3da51af4c074b9694e7ea2dcc7ff78c63 (diff)
downloadlibtdeldap-f101efbd4d4dbe7725bc2a1848ab2aa12d0de1d7.tar.gz
libtdeldap-f101efbd4d4dbe7725bc2a1848ab2aa12d0de1d7.zip
Add exportKeytabForPrincipal method
Diffstat (limited to 'src')
-rw-r--r--src/libtdeldap.cpp127
-rw-r--r--src/libtdeldap.h3
2 files changed, 126 insertions, 4 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index e3bb252..8ff91f3 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -1614,8 +1614,6 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) {
}
int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
- LDAPGroupInfo machineinfo;
-
if (bind() < 0) {
return -1;
}
@@ -1741,8 +1739,6 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
}
int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
- LDAPGroupInfo serviceinfo;
-
if (bind() < 0) {
return -1;
}
@@ -2277,6 +2273,129 @@ LDAPServiceInfoList LDAPManager::machineServices(TQString machine_dn, int* mretc
return LDAPServiceInfoList();
}
+int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr) {
+ if (bind() < 0) {
+ return -1;
+ }
+ else {
+ // Use Kerberos kadmin to export the keytab
+ LDAPCredentials admincreds = currentLDAPCredentials();
+ if ((admincreds.username == "") && (admincreds.password == "")) {
+ // Probably GSSAPI
+ // Get active ticket principal...
+ KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
+ TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
+ admincreds.username = principalParts[0];
+ admincreds.realm = principalParts[1];
+ }
+
+ TQCString command = "kadmin";
+ QCStringList args;
+ if (m_host.startsWith("ldapi://")) {
+ args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
+ }
+ else {
+ if (admincreds.username == "") {
+ args << TQCString("-r") << TQCString(admincreds.realm.upper());
+ }
+ else {
+ args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+ }
+ }
+
+ TQString prompt;
+ PtyProcess kadminProc;
+ kadminProc.exec(command, args);
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = prompt.stripWhiteSpace();
+ if (prompt == "kadmin>") {
+ if (fileName == "") {
+ command = TQCString("ext_keytab "+principal);
+ }
+ else {
+ command = TQCString("ext_keytab --keytab=\""+fileName+"\" "+principal);
+ }
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ // Use all defaults
+ while (prompt != "kadmin>") {
+ if (prompt.endsWith(" Password:")) {
+ if (admincreds.password == "") {
+ if (tqApp->type() != TQApplication::Tty) {
+ TQCString password;
+ int result = KPasswordDialog::getPassword(password, prompt);
+ if (result == KPasswordDialog::Accepted) {
+ admincreds.password = password;
+ }
+ }
+ else {
+ TQFile file;
+ file.open(IO_ReadOnly, stdin);
+ TQTextStream qtin(&file);
+ admincreds.password = qtin.readLine();
+ }
+ }
+ if (admincreds.password != "") {
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine(admincreds.password, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == "");
+ prompt = prompt.stripWhiteSpace();
+ }
+ }
+ if (prompt.contains("authentication failed")) {
+ if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+ else {
+ // Extract whatever default is in the [brackets] and feed it back to kadmin
+ TQString defaultParam;
+ int leftbracket = prompt.find("[");
+ int rightbracket = prompt.find("]");
+ if ((leftbracket >= 0) && (rightbracket >= 0)) {
+ leftbracket++;
+ defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
+ }
+ command = TQCString(defaultParam);
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ }
+ }
+ if (prompt != "kadmin>") {
+ if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ // Success!
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine("quit", true);
+ unbind(true); // Using kadmin can disrupt our LDAP connection
+
+ return 0;
+ }
+
+ if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
+ return 1; // Failure
+
+ }
+}
+
int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr) {
int retcode;
int i;
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index 08dbb65..8bc0355 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -407,6 +407,7 @@ class LDAPManager : public TQObject {
LDAPServiceInfoList services(int* retcode=0);
LDAPUserInfo getUserByDistinguishedName(TQString dn);
LDAPGroupInfo getGroupByDistinguishedName(TQString dn, TQString *errstr=0);
+
int updateUserInfo(LDAPUserInfo user, TQString *errstr=0);
int updateGroupInfo(LDAPGroupInfo group, TQString *errstr=0);
int updateMachineInfo(LDAPMachineInfo group, TQString *errstr=0);
@@ -420,6 +421,8 @@ class LDAPManager : public TQObject {
int deleteMachineInfo(LDAPMachineInfo machine, TQString *errstr=0);
int deleteServiceInfo(LDAPServiceInfo service, TQString *errstr=0);
+ int exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr=0);
+
LDAPCredentials currentLDAPCredentials();
int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);