From 4d66047a3136662532e79d5e41038db246d334dd Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Wed, 30 May 2012 13:21:40 -0500
Subject: Basic user editing, and full group editing, support now in place

---
 src/libtdeldap.cpp | 226 +++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 185 insertions(+), 41 deletions(-)

(limited to 'src/libtdeldap.cpp')

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index b9ffdf4..2f834e9 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -384,7 +384,7 @@ printf("[RAJA DEBUG 100.3] %s: %s\n\r", attr, vals[i]->bv_val);
 						// FIXME
 						// This attribute is not present in my current LDAP schema
 // 						userinfo.uniqueIdentifier = vals[i]->bv_val;
-			else if (ldap_field == "preferredLanguage") {
+			else if (ldap_field == "businessCategory") {
 				userinfo.businessCategory = vals[i]->bv_val;
 			}
 			else if (ldap_field == "carLicense") {
@@ -420,9 +420,7 @@ printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(std
 		LDAPMessage* msg;
 		TQString ldap_base_dn = m_basedc;
 		TQString ldap_filter = "(objectClass=posixAccount)";
-		struct timeval timeout;
-		timeout.tv_sec = 10;	// 10 second timeout
-		retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, &timeout, 0, &msg);
+		retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
 		if (retcode != LDAP_SUCCESS) {
 			KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
 			return LDAPUserInfoList();
@@ -510,21 +508,25 @@ LDAPGroupInfo LDAPManager::getGroupByDistinguishedName(TQString dn) {
 }
 
 void create_single_attribute_operation(LDAPMod **mods, int *i, TQString attr, TQString value) {
-	char **values = (char**)malloc(2*sizeof(char*));
-	values[0] = strdup(value.ascii());
-	values[1] = NULL;
-	mods[*i]->mod_op = LDAP_MOD_ADD;
-	mods[*i]->mod_type = strdup(attr.ascii());
-	mods[*i]->mod_values = values;
-	(*i)++;
+	if (value != "") {
+		char **values = (char**)malloc(2*sizeof(char*));
+		values[0] = strdup(value.ascii());
+		values[1] = NULL;
+		mods[*i]->mod_op = LDAP_MOD_ADD;
+		mods[*i]->mod_type = strdup(attr.ascii());
+		mods[*i]->mod_values = values;
+		(*i)++;
+	}
 }
 
 void create_multiple_attributes_operation(LDAPMod **mods, int *i, TQString attr, TQStringList strings) {
 	int j=0;
 	char **values = (char**)malloc((strings.count()+1)*sizeof(char*));
 	for ( TQStringList::Iterator it = strings.begin(); it != strings.end(); ++it ) {
-		values[j] = strdup((*it).ascii());
-		j++;
+		if ((*it) != "") {
+			values[j] = strdup((*it).ascii());
+			j++;
+		}
 	}
 	values[j] = NULL;
 	mods[*i]->mod_op = LDAP_MOD_ADD;
@@ -534,34 +536,28 @@ void create_multiple_attributes_operation(LDAPMod **mods, int *i, TQString attr,
 }
 
 void add_single_attribute_operation(LDAPMod **mods, int *i, TQString attr, TQString value) {
-	mods[*i]->mod_op = LDAP_MOD_DELETE;
-	mods[*i]->mod_type = strdup(attr.ascii());
-	mods[*i]->mod_values = NULL;
-	(*i)++;
-
-	char **values = (char**)malloc(2*sizeof(char*));
-	values[0] = strdup(value.ascii());
-	values[1] = NULL;
-	mods[*i]->mod_op = LDAP_MOD_ADD;
-	mods[*i]->mod_type = strdup(attr.ascii());
-	mods[*i]->mod_values = values;
-	(*i)++;
+	if (value != "") {
+		char **values = (char**)malloc(2*sizeof(char*));
+		values[0] = strdup(value.ascii());
+		values[1] = NULL;
+		mods[*i]->mod_op = LDAP_MOD_REPLACE;
+		mods[*i]->mod_type = strdup(attr.ascii());
+		mods[*i]->mod_values = values;
+		(*i)++;
+	}
 }
 
 void add_multiple_attributes_operation(LDAPMod **mods, int *i, TQString attr, TQStringList strings) {
-	mods[*i]->mod_op = LDAP_MOD_DELETE;
-	mods[*i]->mod_type = strdup(attr.ascii());
-	mods[*i]->mod_values = NULL;
-	(*i)++;
-
 	int j=0;
 	char **values = (char**)malloc((strings.count()+1)*sizeof(char*));
 	for ( TQStringList::Iterator it = strings.begin(); it != strings.end(); ++it ) {
-		values[j] = strdup((*it).ascii());
-		j++;
+		if ((*it) != "") {
+			values[j] = strdup((*it).ascii());
+			j++;
+		}
 	}
 	values[j] = NULL;
-	mods[*i]->mod_op = LDAP_MOD_ADD;
+	mods[*i]->mod_op = LDAP_MOD_REPLACE;
 	mods[*i]->mod_type = strdup(attr.ascii());
 	mods[*i]->mod_values = values;
 	(*i)++;
@@ -577,9 +573,8 @@ int LDAPManager::updateUserInfo(LDAPUserInfo user) {
 	}
 	else {
 		// Assemble the LDAPMod structure
-		// We will replace attributes by first deleting them, then adding them back with their new values
-		int number_of_parameters = 43;				// 43 primary attributes
-		number_of_parameters = (number_of_parameters * 2);	// MODIFY/DELETE
+		// We will replace any existing attributes with the new values
+		int number_of_parameters = 40;				// 40 primary attributes
 		LDAPMod *mods[number_of_parameters+1];
 		for (i=0;i<number_of_parameters;i++) {
 			mods[i] = new LDAPMod;
@@ -591,13 +586,68 @@ int LDAPManager::updateUserInfo(LDAPUserInfo user) {
 		// Load LDAP modification requests from provided data structure
 		i=0;
 		add_single_attribute_operation(mods, &i, "uidNumber", TQString("%1").arg(user.uid));
-		// RAJA FIXME
-		// Add the other 42 primary attributes!
+		add_single_attribute_operation(mods, &i, "loginShell", user.shell);
+		add_single_attribute_operation(mods, &i, "homeDirectory", user.homedir);
+		add_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(user.primary_gid));
+		add_single_attribute_operation(mods, &i, "krb5KDCFlags", TQString("%1").arg(user.status));			// Default active user is 586 [KRB5_ACTIVE_DEFAULT] and locked out user is 7586 [KRB5_DISABLED_ACCOUNT]
+// 		add_single_attribute_operation(mods, &i, "", user.password_expires);
+// 		add_single_attribute_operation(mods, &i, "", user.password_expiration);
+// 		add_single_attribute_operation(mods, &i, "", user.password_ages);
+// 		add_single_attribute_operation(mods, &i, "", user.new_password_interval);
+// 		add_single_attribute_operation(mods, &i, "", user.new_password_warn_interval);
+// 		add_single_attribute_operation(mods, &i, "", user.new_password_lockout_delay);
+// 		add_single_attribute_operation(mods, &i, "", user.password_has_minimum_age);
+// 		add_single_attribute_operation(mods, &i, "", user.password_minimum_age);
+		add_single_attribute_operation(mods, &i, "krb5MaxLife", TQString("%1").arg(user.maximum_ticket_lifetime));
+		add_single_attribute_operation(mods, &i, "cn", user.commonName);
+		add_single_attribute_operation(mods, &i, "givenName", user.givenName);
+		add_single_attribute_operation(mods, &i, "sn", user.surName);
+		add_single_attribute_operation(mods, &i, "initials", user.initials);
+		add_single_attribute_operation(mods, &i, "title", user.title);
+		add_single_attribute_operation(mods, &i, "mail", user.email);
+		add_single_attribute_operation(mods, &i, "description", user.description);
+		add_single_attribute_operation(mods, &i, "l", user.locality);
+		add_single_attribute_operation(mods, &i, "telephoneNumber", user.telephoneNumber);
+		add_single_attribute_operation(mods, &i, "facsimileTelephoneNumber", user.faxNumber);
+		add_single_attribute_operation(mods, &i, "homePhone", user.homePhone);
+		add_single_attribute_operation(mods, &i, "mobile", user.mobilePhone);
+		add_single_attribute_operation(mods, &i, "pager", user.pagerNumber);
+// 		add_single_attribute_operation(mods, &i, "", user.website);
+		add_single_attribute_operation(mods, &i, "postOfficeBox", user.poBox);
+		add_single_attribute_operation(mods, &i, "street", user.street);
+		add_single_attribute_operation(mods, &i, "postalAddress", user.address);
+		add_single_attribute_operation(mods, &i, "st", user.state);
+		add_single_attribute_operation(mods, &i, "postalCode", user.postcode);
+		add_single_attribute_operation(mods, &i, "registeredAddress", user.registeredAddress);
+		add_single_attribute_operation(mods, &i, "homePostalAddress", user.homeAddress);
+		add_single_attribute_operation(mods, &i, "seeAlso", user.seeAlso);
+		add_single_attribute_operation(mods, &i, "physicalDeliveryOfficeName", user.deliveryOffice);
+		add_single_attribute_operation(mods, &i, "departmentNumber", user.department);
+		add_single_attribute_operation(mods, &i, "roomNumber", user.roomNumber);
+		add_single_attribute_operation(mods, &i, "employeeType", user.employeeType);
+		add_single_attribute_operation(mods, &i, "employeeNumber", user.employeeNumber);
+// 		add_single_attribute_operation(mods, &i, "", user.manager);
+// 		add_single_attribute_operation(mods, &i, "", user.secretary);
+		add_single_attribute_operation(mods, &i, "internationaliSDNNumber", user.isdnNumber);
+// 		add_single_attribute_operation(mods, &i, "", user.teletexID);
+		add_single_attribute_operation(mods, &i, "telexNumber", user.telexNumber);
+// 		add_single_attribute_operation(mods, &i, "", user.preferredDelivery);
+		add_single_attribute_operation(mods, &i, "destinationIndicator", user.destinationIndicator);
+		add_single_attribute_operation(mods, &i, "x121Address", user.x121Address);
+		add_single_attribute_operation(mods, &i, "displayName", user.displayName);
+		add_single_attribute_operation(mods, &i, "preferredLanguage", user.preferredLanguage);
+// 		add_single_attribute_operation(mods, &i, "", user.uniqueIdentifier);
+		add_single_attribute_operation(mods, &i, "businessCategory", user.businessCategory);
+		add_single_attribute_operation(mods, &i, "carLicense", user.carLicense);
+// 		add_single_attribute_operation(mods, &i, "", user.notes);
+		LDAPMod *prevterm = mods[i];
+		mods[i] = NULL;
 
 		// Perform LDAP update
 		retcode = ldap_modify_ext_s(m_ldap, user.distinguishedName.ascii(), mods, NULL, NULL);
 
 		// Clean up
+		mods[i] = prevterm;
 		for (i=0;i<number_of_parameters;i++) {
 			if (mods[i]->mod_type != NULL) {
 				free(mods[i]->mod_type);
@@ -633,9 +683,8 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group) {
 	}
 	else {
 		// Assemble the LDAPMod structure
-		// We will replace attributes by first deleting them, then adding them back with their new values
+		// We will replace any existing attributes with the new values
 		int number_of_parameters = 2;				// 2 primary attributes
-		number_of_parameters = (number_of_parameters * 2);	// MODIFY/DELETE
 		LDAPMod *mods[number_of_parameters+1];
 		for (i=0;i<number_of_parameters;i++) {
 			mods[i] = new LDAPMod;
@@ -653,11 +702,14 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group) {
 			completeGroupList.prepend(placeholderGroup);
 		}
 		add_multiple_attributes_operation(mods, &i, "member", completeGroupList);
+		LDAPMod *prevterm = mods[i];
+		mods[i] = NULL;
 
 		// Perform LDAP update
 		retcode = ldap_modify_ext_s(m_ldap, group.distinguishedName.ascii(), mods, NULL, NULL);
 
 		// Clean up
+		mods[i] = prevterm;
 		for (i=0;i<number_of_parameters;i++) {
 			if (mods[i]->mod_type != NULL) {
 				free(mods[i]->mod_type);
@@ -683,6 +735,75 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group) {
 	}
 }
 
+int LDAPManager::addUserInfo(LDAPUserInfo user) {
+	int retcode;
+	int i;
+	LDAPUserInfo userinfo;
+
+	if (bind() < 0) {
+		return -1;
+	}
+	else {
+		// Create the base DN entry
+		int number_of_parameters = 13;				// 13 primary attributes
+		LDAPMod *mods[number_of_parameters+1];
+		for (i=0;i<number_of_parameters;i++) {
+			mods[i] = new LDAPMod;
+			mods[i]->mod_type = NULL;
+			mods[i]->mod_values = NULL;
+		}
+		mods[number_of_parameters] = NULL;
+
+		// Load initial required LDAP object attributes
+		i=0;
+		create_single_attribute_operation(mods, &i, "uidNumber", TQString("%1").arg(user.uid));
+		create_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(user.primary_gid));
+		create_multiple_attributes_operation(mods, &i, "objectClass", TQStringList::split(" ", "inetOrgPerson krb5Realm krb5Principal krb5KDCEntry emsUser posixAccount"));
+		create_single_attribute_operation(mods, &i, "uid", user.name);
+		create_single_attribute_operation(mods, &i, "cn", user.commonName);
+		create_single_attribute_operation(mods, &i, "sn", user.surName);
+		create_single_attribute_operation(mods, &i, "homeDirectory", user.homedir);
+		// Kerberos
+		create_single_attribute_operation(mods, &i, "krb5KeyVersionNumber", "1");
+		create_single_attribute_operation(mods, &i, "krb5PrincipalName", TQString(user.name.lower()) + "@" + m_realm.upper());
+		create_single_attribute_operation(mods, &i, "krb5RealmName", m_realm.upper());
+		// Zivios specific
+		create_single_attribute_operation(mods, &i, "emsdescription", "None");
+		create_single_attribute_operation(mods, &i, "emsprimarygroupdn", "None");
+		create_single_attribute_operation(mods, &i, "emstype", "UserEntry");
+		LDAPMod *prevterm = mods[i];
+		mods[i] = NULL;
+
+		// Add new object
+		retcode = ldap_add_ext_s(m_ldap, user.distinguishedName.ascii(), mods, NULL, NULL);
+
+		// Clean up
+		mods[i] = prevterm;
+		for (i=0;i<number_of_parameters;i++) {
+			if (mods[i]->mod_type != NULL) {
+				free(mods[i]->mod_type);
+			}
+			if (mods[i]->mod_values != NULL) {
+				int j = 0;
+				while (mods[i]->mod_values[j] != NULL) {
+					free(mods[i]->mod_values[j]);
+					j++;
+				}
+				free(mods[i]->mod_values);
+			}
+			delete mods[i];
+		}
+
+		if (retcode != LDAP_SUCCESS) {
+			KMessageBox::error(0, i18n("<qt>LDAP addition failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+			return -2;
+		}
+		else {
+			return updateUserInfo(user);
+		}
+	}
+}
+
 int LDAPManager::addGroupInfo(LDAPGroupInfo group) {
 	int retcode;
 	int i;
@@ -693,7 +814,7 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group) {
 	}
 	else {
 		// Create the base DN entry
-		int number_of_parameters = 6;				// 3 primary attributes
+		int number_of_parameters = 6;				// 6 primary attributes
 		LDAPMod *mods[number_of_parameters+1];
 		for (i=0;i<number_of_parameters;i++) {
 			mods[i] = new LDAPMod;
@@ -713,11 +834,14 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group) {
 		// Zivios specific
 		create_single_attribute_operation(mods, &i, "emsdescription", "None");
 		create_single_attribute_operation(mods, &i, "emstype", "GroupEntry");
+		LDAPMod *prevterm = mods[i];
+		mods[i] = NULL;
 
 		// Add new object
 		retcode = ldap_add_ext_s(m_ldap, group.distinguishedName.ascii(), mods, NULL, NULL);
 
 		// Clean up
+		mods[i] = prevterm;
 		for (i=0;i<number_of_parameters;i++) {
 			if (mods[i]->mod_type != NULL) {
 				free(mods[i]->mod_type);
@@ -743,6 +867,26 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group) {
 	}
 }
 
+int LDAPManager::deleteUserInfo(LDAPUserInfo user) {
+	int retcode;
+	LDAPUserInfo userinfo;
+
+	if (bind() < 0) {
+		return -1;
+	}
+	else {
+		// Delete the base DN entry
+		retcode = ldap_delete_ext_s(m_ldap, user.distinguishedName.ascii(), NULL, NULL);
+		if (retcode != LDAP_SUCCESS) {
+			KMessageBox::error(0, i18n("<qt>LDAP deletion failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+			return -2;
+		}
+		else {
+			return 0;
+		}
+	}
+}
+
 int LDAPManager::deleteGroupInfo(LDAPGroupInfo group) {
 	int retcode;
 	LDAPGroupInfo groupinfo;
-- 
cgit v1.2.1