diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-28 17:18:35 -0500 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-28 17:18:35 -0500 |
commit | 0fbc17ac57b74d637494d3546ccf5bfef100a67d (patch) | |
tree | 7229e5952f450de89a6e9275b0dee920eb574098 /src | |
parent | 3d6055df7b262d0fcb03b37f58c3b0461eef49e3 (diff) | |
download | libtdeldap-0fbc17ac57b74d637494d3546ccf5bfef100a67d.tar.gz libtdeldap-0fbc17ac57b74d637494d3546ccf5bfef100a67d.zip |
Convert machine add to kadmin API
Diffstat (limited to 'src')
-rw-r--r-- | src/libtdeldap.cpp | 336 | ||||
-rw-r--r-- | src/libtdeldap.h | 4 |
2 files changed, 248 insertions, 92 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 9f5f9a5..a227582 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -46,34 +46,15 @@ #include <sys/time.h> #include <errno.h> -#if 0 - #include <sys/socket.h> - #include <sys/un.h> +#include <sys/socket.h> +#include <sys/un.h> + +extern "C" { #include <hdb.h> #include <kadm5/admin.h> #include <kadm5/private.h> #include <kadm5/kadm5-private.h> -#else - #include <kadm5/admin.h> - - extern "C" { - // The following declaration was taken from hdb-protos.h - const char * - hdb_db_dir (krb5_context /*context*/); - - // The following declaration was taken from kadm5-private.h - kadm5_ret_t - kadm5_s_init_with_password_ctx ( - krb5_context /*context*/, - const char */*client_name*/, - const char */*password*/, - const char */*service_name*/, - kadm5_config_params */*realm_params*/, - unsigned long /*struct_version*/, - unsigned long /*api_version*/, - void **/*server_handle*/); - } -#endif +} #include "libtdeldap.h" #include "ldaplogindlg.h" @@ -90,6 +71,9 @@ // This assumes Debian! #define KRB5_FILE "/etc/krb5.conf" +//#define KRB5_ANK_RANDOM_PASSWORD_LENGTH 1024 +#define KRB5_ANK_RANDOM_PASSWORD_LENGTH 512 + #define NSSWITCH_FILE "/etc/nsswitch.conf" #define PAMD_DIRECTORY "/etc/pam.d/" @@ -137,6 +121,19 @@ bool fileExists(const char* filename) { } } +static kadm5_ret_t kadm5_get_default_principal_info(krb5_context context, void* handle, krb5_principal princ, kadm5_principal_ent_t def) { + kadm5_ret_t ret; + krb5_principal def_principal; + krb5_const_realm realm = krb5_principal_get_realm(context, princ); + ret = krb5_make_principal(context, &def_principal, realm, "default", NULL); + if (ret) { + return ret; + } + ret = kadm5_get_principal(handle, def_principal, def, KADM5_PRINCIPAL_NORMAL_MASK); + krb5_free_principal(context, def_principal); + return ret; +} + LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(0), m_ldap(0), m_krb5admHandle(0), m_krb5admKeytabFilename(0), m_krb5admRealmName(0) { TQStringList domainChunks = TQStringList::split(".", realm.lower()); @@ -196,9 +193,24 @@ TQString LDAPManager::realm() { return m_realm; } -LDAPCredentials LDAPManager::currentLDAPCredentials() { +LDAPCredentials LDAPManager::currentLDAPCredentials(bool inferGSSAPIData) { if (m_creds) { - return *m_creds; + if (inferGSSAPIData) { + LDAPCredentials credentials = *m_creds; + if ((credentials.username == "") && (credentials.password == "")) { + // Probably GSSAPI + // Get active ticket principal... + KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList(); + TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false); + credentials.username = principalParts[0]; + credentials.realm = principalParts[1]; + credentials.use_gssapi = true; + } + return credentials; + } + else { + return *m_creds; + } } else { return LDAPCredentials(); @@ -346,8 +358,9 @@ int LDAPManager::bind(TQString* errstr) { return -1; } struct berval anoncred; - anoncred.bv_val = ""; - anoncred.bv_len = strlen(""); + TQCString anonpass = ""; + anoncred.bv_val = anonpass.data(); + anoncred.bv_len = anonpass.length(); retcode = ldap_sasl_bind_s(ldapconn, "", mechanism, &anoncred, NULL, NULL, NULL); if (retcode == LDAP_SUCCESS ) { // Look for the DN for the specified user @@ -372,7 +385,7 @@ int LDAPManager::bind(TQString* errstr) { } // clean up ldap_msgfree(msg); - + // All done! ldap_unbind_ext_s(ldapconn, NULL, NULL); } @@ -727,10 +740,10 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) { for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { users.append(parseLDAPUserRecord(entry)); } - + // clean up ldap_msgfree(msg); - + if (mretcode) *mretcode = 0; return users; } @@ -743,7 +756,7 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) { LDAPControl* pageControl = NULL; LDAPControl* serverControls[2] = { NULL, NULL }; LDAPControl** returnedControls = NULL; - + do { retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl); if (retcode != LDAP_SUCCESS) { @@ -791,7 +804,7 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) { else { morePages = false; } - + if (returnedControls != NULL) { ldap_controls_free(returnedControls); returnedControls = NULL; @@ -799,17 +812,17 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) { serverControls[0] = NULL; ldap_control_free(pageControl); pageControl = NULL; - + // Iterate through the returned entries LDAPMessage* entry; for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { users.append(parseLDAPUserRecord(entry)); } - + // clean up ldap_msgfree(msg); } while (morePages); - + if (mretcode) *mretcode = 0; return users; } @@ -838,7 +851,7 @@ LDAPUserInfo LDAPManager::getUserByDistinguishedName(TQString dn) { for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { userinfo = parseLDAPUserRecord(entry); } - + // clean up ldap_msgfree(msg); @@ -869,7 +882,7 @@ LDAPGroupInfo LDAPManager::getGroupByDistinguishedName(TQString dn, TQString *er for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { groupinfo = parseLDAPGroupRecord(entry); } - + // clean up ldap_msgfree(msg); @@ -1127,7 +1140,7 @@ TQString LDAPManager::readFullLineFromPtyProcess(PtyProcess* proc) { return result; } -int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) { +int LDAPManager::bindKAdmin(TQString *errstr) { int retcode = 1; kadm5_ret_t krb5adm_ret; @@ -1186,7 +1199,7 @@ int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) { krb5adm_ret = krb5_init_context(&m_krb5admContext); if (krb5adm_ret) { - if (errstr) *errstr = TQString("%1<p>Details:<br>Failed to execute kadm5_init_krb5_context (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret); + if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_init_krb5_context (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret); } else { if (use_local_socket) { @@ -1205,7 +1218,7 @@ int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) { if (krb5adm_ret) { if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_prepend_config_files_default (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret); } - + krb5adm_ret = krb5_set_config_files(m_krb5admContext, files); krb5_free_config_files(files); if(krb5adm_ret) { @@ -1278,7 +1291,7 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) { int retcode; kadm5_ret_t krb5adm_ret; - retcode = bindKAdmin(user, errstr); + retcode = bindKAdmin(errstr); if (retcode == 0) { retcode = 1; krb5_principal user_kadm5_principal; @@ -1301,6 +1314,7 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) { } unbindKAdmin(); + unbind(true); // Using kadmin can disrupt our LDAP connection } return retcode; @@ -1833,6 +1847,147 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { return -1; } else { + int retcode; + kadm5_ret_t krb5adm_ret; + int i; + char* password = NULL; + + retcode = bindKAdmin(errstr); + if (retcode == 0) { + retcode = 1; + bool generate_password; + if (machine.newPassword == "") { + generate_password = true; + } + else { + generate_password = false; + password = strdup(machine.newPassword.data()); + } + + LDAPCredentials admincreds = currentLDAPCredentials(true); + TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower(); + + // Construct and add new principal record + kadm5_principal_ent_rec principal_record; + kadm5_principal_ent_rec default_record; + kadm5_principal_ent_rec *default_entry = NULL; + krb5_principal principal_entry = NULL; + int mask = 0; + + memset(&principal_record, 0, sizeof(principal_record)); + krb5adm_ret = krb5_parse_name(m_krb5admContext, hoststring.ascii(), &principal_entry); + if (krb5adm_ret) { + if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_parse_name (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret); + } + principal_record.principal = principal_entry; + mask |= KADM5_PRINCIPAL; + + default_entry = &default_record; + krb5adm_ret = kadm5_get_default_principal_info(m_krb5admContext, m_krb5admHandle, principal_entry, default_entry); + if (krb5adm_ret) { + default_entry = NULL; + if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_get_default_principal_info (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret); + } + else { + // Use defaults + principal_record.max_life = default_entry->max_life; + principal_record.max_renewable_life = default_entry->max_renewable_life; + principal_record.princ_expire_time = default_entry->princ_expire_time; + principal_record.pw_expiration = default_entry->pw_expiration; + principal_record.attributes = default_entry->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX; + principal_record.policy = strdup(default_entry->policy); + + if (generate_password) { + const char charset[] = + "@$%&*()-+=:,/<>?0123456789" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz"; + const size_t max_index = (sizeof(charset) - 2); + + TQFile randomNode("/dev/urandom"); + if (randomNode.open(IO_ReadOnly)) { + password = (char*)malloc(sizeof(char) * KRB5_ANK_RANDOM_PASSWORD_LENGTH); + if (password) { + if (randomNode.readBlock(password, KRB5_ANK_RANDOM_PASSWORD_LENGTH) < KRB5_ANK_RANDOM_PASSWORD_LENGTH) { + free(password); + password = NULL; + } + else { + for (i = 0; i < KRB5_ANK_RANDOM_PASSWORD_LENGTH - 1; i++) { + while ((unsigned char)password[i] > max_index) { + password[i] -= max_index; + } + password[i] = charset[(int)password[i]]; + } + password[i] = 0; + } + } + randomNode.close(); + } + if (password) { + principal_record.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; + mask |= KADM5_ATTRIBUTES; + } + else { + if (errstr) *errstr = i18n("Unable to generate random password"); + } + } + + if (password) { + krb5adm_ret = kadm5_create_principal(m_krb5admHandle, &principal_record, mask, password); + if (krb5adm_ret) { + if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_create_principal (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret); + } + else { + if (generate_password) { + krb5_keyblock *new_keys; + int key_count; + krb5adm_ret = kadm5_randkey_principal(m_krb5admHandle, principal_entry, &new_keys, &key_count); + if (krb5adm_ret) { + key_count = 0; + } + for (i = 0; i < key_count; i++) { + krb5_free_keyblock_contents(m_krb5admContext, &new_keys[i]); + } + if (key_count > 0) { + free(new_keys); + } + kadm5_get_principal(m_krb5admHandle, principal_entry, &principal_record, KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES); + krb5_free_principal(m_krb5admContext, principal_entry); + principal_entry = principal_record.principal; + principal_record.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); + principal_record.kvno = 1; + krb5adm_ret = kadm5_modify_principal(m_krb5admHandle, &principal_record, KADM5_ATTRIBUTES | KADM5_KVNO); + if (krb5adm_ret) { + if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_modify_principal (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret); + } + else { + retcode = 0; + } + } + else { + retcode = 0; + } + } + } + } + + kadm5_free_principal_ent(m_krb5admHandle, &principal_record); + if (default_entry) { + kadm5_free_principal_ent(m_krb5admHandle, default_entry); + } + + if (password) { + free(password); + } + + unbindKAdmin(); + unbind(true); // Using kadmin can disrupt our LDAP connection + } + + return retcode; + +#if 0 // Use Kerberos kadmin to actually add the machine LDAPCredentials admincreds = currentLDAPCredentials(); if ((admincreds.username == "") && (admincreds.password == "")) { @@ -1844,7 +1999,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { admincreds.realm = principalParts[1]; admincreds.use_gssapi = true; } - + TQCString command = "kadmin"; QCStringList args; if (m_host.startsWith("ldapi://")) { @@ -1950,6 +2105,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed."; return 1; // Failure +#endif } } @@ -1970,7 +2126,7 @@ int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) { admincreds.realm = principalParts[1]; admincreds.use_gssapi = true; } - + TQCString command = "kadmin"; QCStringList args; if (m_host.startsWith("ldapi://")) { @@ -2370,10 +2526,10 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) { for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { groups.append(parseLDAPGroupRecord(entry)); } - + // clean up ldap_msgfree(msg); - + if (mretcode) *mretcode = 0; return groups; } @@ -2386,7 +2542,7 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) { LDAPControl* pageControl = NULL; LDAPControl* serverControls[2] = { NULL, NULL }; LDAPControl** returnedControls = NULL; - + do { retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl); if (retcode != LDAP_SUCCESS) { @@ -2434,7 +2590,7 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) { else { morePages = false; } - + if (returnedControls != NULL) { ldap_controls_free(returnedControls); returnedControls = NULL; @@ -2442,17 +2598,17 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) { serverControls[0] = NULL; ldap_control_free(pageControl); pageControl = NULL; - + // Iterate through the returned entries LDAPMessage* entry; for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { groups.append(parseLDAPGroupRecord(entry)); } - + // clean up ldap_msgfree(msg); } while (morePages); - + if (mretcode) *mretcode = 0; return groups; } @@ -2491,10 +2647,10 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) { for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { machines.append(parseLDAPMachineRecord(entry)); } - + // clean up ldap_msgfree(msg); - + if (mretcode) *mretcode = 0; return machines; } @@ -2507,7 +2663,7 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) { LDAPControl* pageControl = NULL; LDAPControl* serverControls[2] = { NULL, NULL }; LDAPControl** returnedControls = NULL; - + do { retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl); if (retcode != LDAP_SUCCESS) { @@ -2555,7 +2711,7 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) { else { morePages = false; } - + if (returnedControls != NULL) { ldap_controls_free(returnedControls); returnedControls = NULL; @@ -2563,17 +2719,17 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) { serverControls[0] = NULL; ldap_control_free(pageControl); pageControl = NULL; - + // Iterate through the returned entries LDAPMessage* entry; for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { machines.append(parseLDAPMachineRecord(entry)); } - + // clean up ldap_msgfree(msg); } while (morePages); - + if (mretcode) *mretcode = 0; return machines; } @@ -2678,7 +2834,7 @@ int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName, admincreds.realm = principalParts[1]; admincreds.use_gssapi = true; } - + TQCString command = "kadmin"; QCStringList args; if (m_host.startsWith("ldapi://")) { @@ -3498,7 +3654,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl int number_of_parameters = 1; // 1 primary attribute LDAPMod *mods[number_of_parameters+1]; set_up_attribute_operations(mods, number_of_parameters); - + // Load LDAP modification requests from provided data structure i=0; TQStringList serverMappingList; @@ -3509,13 +3665,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl add_multiple_attributes_operation(mods, &i, "olcServerID", serverMappingList); LDAPMod *prevterm = mods[i]; mods[i] = NULL; - + // Perform LDAP update retcode = ldap_modify_ext_s(m_ldap, "cn=config", mods, NULL, NULL); - + // Clean up clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); - + if (retcode == LDAP_NO_SUCH_ATTRIBUTE) { // Add new object instead // Assemble the LDAPMod structure @@ -3523,7 +3679,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl int number_of_parameters = 1; // 1 primary attribute LDAPMod *mods[number_of_parameters+1]; set_up_attribute_operations(mods, number_of_parameters); - + // Load LDAP modification requests from provided data structure i=0; TQStringList serverMappingList; @@ -3534,14 +3690,14 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl create_multiple_attributes_operation(mods, &i, "olcServerID", serverMappingList); LDAPMod *prevterm = mods[i]; mods[i] = NULL; - + // Perform LDAP update retcode = ldap_add_ext_s(m_ldap, "cn=config", mods, NULL, NULL); - + // Clean up clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); } - + if (retcode != LDAP_SUCCESS) { if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); @@ -3554,16 +3710,16 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl int number_of_parameters = 1; // 1 primary attribute LDAPMod *mods[number_of_parameters+1]; set_up_attribute_operations(mods, number_of_parameters); - + // Load LDAP delete request i=0; delete_single_attribute_operation(mods, &i, "olcServerID"); LDAPMod *prevterm = mods[i]; mods[i] = NULL; - + // Perform LDAP update retcode = ldap_modify_ext_s(m_ldap, "cn=config", mods, NULL, NULL); - + // Clean up clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); @@ -3679,20 +3835,20 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl int number_of_parameters = 2; // 2 primary attributes LDAPMod *mods[number_of_parameters+1]; set_up_attribute_operations(mods, number_of_parameters); - + // Load LDAP delete request i=0; delete_single_attribute_operation(mods, &i, "olcSyncRepl"); delete_single_attribute_operation(mods, &i, "olcMirrorMode"); LDAPMod *prevterm = mods[i]; mods[i] = NULL; - + // Perform LDAP update retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={1}hdb,cn=config", mods, NULL, NULL); - + // Clean up clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); - + if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) { if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); @@ -3706,20 +3862,20 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl int number_of_parameters = 2; // 2 primary attributes LDAPMod *mods[number_of_parameters+1]; set_up_attribute_operations(mods, number_of_parameters); - + // Load LDAP delete request i=0; delete_single_attribute_operation(mods, &i, "olcSyncRepl"); delete_single_attribute_operation(mods, &i, "olcMirrorMode"); LDAPMod *prevterm = mods[i]; mods[i] = NULL; - + // Perform LDAP update retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={0}config,cn=config", mods, NULL, NULL); - + // Clean up clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); - + if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) { if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); @@ -3758,7 +3914,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl haveOlcOverlaySyncProv = true; } } - + // clean up ldap_msgfree(msg); @@ -3776,13 +3932,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList); LDAPMod *prevterm = mods[i]; mods[i] = NULL; - + // Add new object retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL); - + // Clean up clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); - + if (retcode != LDAP_SUCCESS) { if (errstr) { *errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); @@ -3808,7 +3964,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl haveOlcOverlaySyncProv = true; } } - + // clean up ldap_msgfree(msg); @@ -3826,13 +3982,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList); LDAPMod *prevterm = mods[i]; mods[i] = NULL; - + // Add new object retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config", mods, NULL, NULL); - + // Clean up clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); - + if (retcode != LDAP_SUCCESS) { if (errstr) { *errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); @@ -4623,16 +4779,16 @@ int LDAPManager::generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQStri TQString LDAPManager::getMachineFQDN() { struct addrinfo hints, *info, *p; int gai_result; - + char hostname[1024]; hostname[1023] = '\0'; gethostname(hostname, 1023); - + memset(&hints, 0, sizeof hints); hints.ai_family = AF_UNSPEC; // IPV4 or IPV6 hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_CANONNAME; - + if ((gai_result = getaddrinfo(hostname, NULL, &hints, &info)) != 0) { return TQString(hostname); } @@ -4976,7 +5132,7 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQStrin int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUserInfo user, TQString opensslConfigFile, TQString caRootKeyFile, TQString caRootCertFile, TQString caRootDatabaseFile, TQString autoLoginPIN, TQString *errstr) { TQString ca_public_crl_certfile = KERBEROS_PKI_PUBLICDIR + realmcfg.admin_server + ".ldap.crl"; TQString crl_url; - + crl_url = TQString("URI:file://%1,URI:file://%2").arg(KERBEROS_PKI_CRL_FILE).arg(ca_public_crl_certfile); if (caRootKeyFile == "") { diff --git a/src/libtdeldap.h b/src/libtdeldap.h index ee685b4..d91766f 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -521,7 +521,7 @@ class LDAPManager : public TQObject { int exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr=0); - LDAPCredentials currentLDAPCredentials(); + LDAPCredentials currentLDAPCredentials(bool inferGSSAPIData=false); int moveKerberosEntries(TQString newSuffix, TQString* errstr=0); int writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr=0); @@ -589,7 +589,7 @@ class LDAPManager : public TQObject { static int unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0); private: - int bindKAdmin(LDAPUserInfo user, TQString *errstr=0); + int bindKAdmin(TQString *errstr=0); int unbindKAdmin(TQString *errstr=0); LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry); LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry); |