summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2012-06-02 17:03:13 -0500
committerTimothy Pearson <[email protected]>2012-06-02 17:03:13 -0500
commitfb7be0231c63a621beab13d893ce587c8cdc82fb (patch)
treec21ddb96181603a99b7098953df8e1cb5f64bea4
parent732baa0f27c3ee4bc641491d602f849fda2d687c (diff)
downloadlibtdeldap-fb7be0231c63a621beab13d893ce587c8cdc82fb.tar.gz
libtdeldap-fb7be0231c63a621beab13d893ce587c8cdc82fb.zip
Add kerberos rename method for RC setup
-rw-r--r--src/libtdeldap.cpp116
-rw-r--r--src/libtdeldap.h7
2 files changed, 103 insertions, 20 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index af20e0e..680a81f 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -28,6 +28,7 @@
#include <sys/time.h>
#include "libtdeldap.h"
+#include "ldaplogindlg.h"
#include "ldappasswddlg.h"
#define LDAP_INSECURE_PORT 389
@@ -43,6 +44,12 @@ LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const
m_basedc = "dc=" + domainChunks.join(",dc=");
}
+LDAPManager::LDAPManager(TQString realm, TQString host, LDAPCredentials* creds, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(creds), m_ldap(0)
+{
+ TQStringList domainChunks = TQStringList::split(".", realm.lower());
+ m_basedc = "dc=" + domainChunks.join(",dc=");
+}
+
LDAPManager::~LDAPManager() {
unbind(true);
}
@@ -64,7 +71,7 @@ LDAPCredentials LDAPManager::currentLDAPCredentials() {
}
}
-int LDAPManager::bind() {
+int LDAPManager::bind(TQString* errstr) {
printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
if (m_ldap) {
return 0;
@@ -81,15 +88,18 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
m_port = LDAP_INSECURE_PORT;
uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port);
}
+printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout);
int retcode = ldap_initialize(&m_ldap, uri.ascii());
if (retcode < 0) {
- KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
retcode = ldap_set_option(m_ldap, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version);
if (retcode != LDAP_OPT_SUCCESS) {
- KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
@@ -97,15 +107,26 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
LDAPPasswordDialog passdlg(0);
passdlg.m_base->ldapAdminRealm->setEnabled(false);
passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
- if (passdlg.exec() == TQDialog::Accepted) {
+ bool havepass = false;
+ if (m_creds) {
+ havepass = true;
+ }
+ else {
+ if (passdlg.exec() == TQDialog::Accepted) {
+ havepass = true;
+ }
+ }
+ if (havepass == true) {
char* mechanism = NULL;
struct berval cred;
- TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text();
- TQCString pass = passdlg.m_base->ldapAdminPassword->password();
- if (!m_creds) m_creds = new LDAPCredentials();
- m_creds->username = passdlg.m_base->ldapAdminUsername->text();
- m_creds->password = passdlg.m_base->ldapAdminPassword->password();
- m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
+ if (!m_creds) {
+ m_creds = new LDAPCredentials();
+ m_creds->username = passdlg.m_base->ldapAdminUsername->text();
+ m_creds->password = passdlg.m_base->ldapAdminPassword->password();
+ m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
+ }
+ TQString ldap_dn = m_creds->username;
+ TQCString pass = m_creds->password;
cred.bv_val = pass.data();
cred.bv_len = pass.length();
@@ -123,12 +144,14 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
}
int retcode = ldap_initialize(&ldapconn, uri.ascii());
if (retcode < 0) {
- KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
retcode = ldap_set_option(ldapconn, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version);
if (retcode != LDAP_OPT_SUCCESS) {
- KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
struct berval anoncred;
@@ -142,7 +165,8 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
TQString ldap_filter = TQString("(&(objectclass=posixAccount)(uid=%1))").arg(passdlg.m_base->ldapAdminUsername->text());
retcode = ldap_search_ext_s(ldapconn, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), NULL, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
- KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+ if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
}
else {
// Iterate through the returned entries
@@ -164,9 +188,11 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
}
retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
+printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout);
if (retcode != LDAP_SUCCESS ) {
- KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
+ if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
@@ -179,15 +205,16 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
return -3;
}
-int LDAPManager::unbind(bool force) {
-printf("[RAJA DEBUG 600.1] In LDAPManager::unbind()\n\r"); fflush(stdout);
+int LDAPManager::unbind(bool force, TQString* errstr) {
+printf("[RAJA DEBUG 601.0] In LDAPManager::unbind()\n\r"); fflush(stdout);
if (!m_ldap) {
return 0;
}
int retcode = ldap_unbind_ext_s(m_ldap, NULL, NULL);
if ((retcode < 0) && (force == false)) {
- KMessageBox::error(0, i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!"));
+ if (errstr) *errstr = i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!"));
return retcode;
}
else {
@@ -716,6 +743,8 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group) {
completeGroupList.prepend(placeholderGroup);
}
add_multiple_attributes_operation(mods, &i, "member", completeGroupList);
+ // RAJA FIXME
+ // Also populate memberUid attribute from the above list (minus the cn=,dc=... stuff, i.e. just the username)
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
@@ -1114,7 +1143,6 @@ printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_coun
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
- // RAJA
machines.append(parseLDAPMachineRecord(entry));
}
@@ -1127,6 +1155,58 @@ printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_coun
return LDAPMachineInfoList();
}
+// Special method, used when creating a new Kerberos realm
+int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
+ int retcode;
+printf("[RAJA DEBUG 140.0] In LDAPManager::moveKerberosEntries()\n\r"); fflush(stdout);
+
+ if (bind(errstr) < 0) {
+ return -1;
+ }
+ else {
+printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r"); fflush(stdout);
+ LDAPMessage* msg;
+ TQString ldap_base_dn = m_basedc;
+ TQString ldap_filter = "(&(objectClass=krb5Principal)(!(objectClass=posixAccount)))";
+ retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
+ if (retcode != LDAP_SUCCESS) {
+ KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+ return -1;
+ }
+
+printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
+
+ // Iterate through the returned entries
+ LDAPMessage* entry;
+ for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
+ // RAJA
+ char* dn = NULL;
+
+ LDAPMachineInfo machineinfo;
+
+ if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
+ TQStringList dnParts = TQStringList::split(",", dn);
+ TQString id = dnParts[0];
+ int equalsPos = id.find("=");
+ id.remove(0,id+1);
+printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.ascii(), newSuffix.ascii()); fflush(stdout);
+ retcode = ldap_rename_s(m_ldap, dn, id, newSuffix, 0, NULL, NULL);
+ if (retcode != LDAP_SUCCESS) {
+ if (errstr) *errstr = i18n("LDAP rename failure<p>Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode));
+ return -1;
+ }
+ }
+ }
+
+ // clean up
+ ldap_msgfree(msg);
+
+ return 0;
+ }
+
+ return -1;
+}
+
// ===============================================================================================================
//
// DATA CLASS CONSTRUCTORS AND DESTRUCTORS
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index a1369a1..208a43e 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -186,12 +186,13 @@ class LDAPManager : public TQObject {
public:
LDAPManager(TQString realm, TQString host, TQObject *parent=0, const char *name=0);
+ LDAPManager(TQString realm, TQString host, LDAPCredentials* creds, TQObject *parent=0, const char *name=0);
~LDAPManager();
TQString realm();
TQString basedn();
- int bind();
- int unbind(bool force);
+ int bind(TQString* errstr=0);
+ int unbind(bool force, TQString* errstr=0);
LDAPUserInfoList users();
LDAPGroupInfoList groups();
LDAPMachineInfoList machines();
@@ -207,6 +208,8 @@ class LDAPManager : public TQObject {
LDAPCredentials currentLDAPCredentials();
+ int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
+
private:
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);