diff options
-rw-r--r-- | src/libtdeldap.cpp | 138 | ||||
-rw-r--r-- | src/libtdeldap.h | 1 |
2 files changed, 13 insertions, 126 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index e341ce2..93ec360 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -1842,7 +1842,7 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) { } } -int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { +int LDAPManager::kAdminAddNewPrincipal(TQString principalName, TQString newPassword, TQString *errstr) { if (bind() < 0) { return -1; } @@ -1856,17 +1856,14 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { if (retcode == 0) { retcode = 1; bool generate_password; - if (machine.newPassword == "") { + if (newPassword == "") { generate_password = true; } else { generate_password = false; - password = strdup(machine.newPassword.data()); + password = strdup(newPassword.ascii()); } - LDAPCredentials admincreds = currentLDAPCredentials(true); - TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower(); - // Construct and add new principal record kadm5_principal_ent_rec principal_record; kadm5_principal_ent_rec default_record; @@ -1875,7 +1872,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { int mask = 0; memset(&principal_record, 0, sizeof(principal_record)); - krb5adm_ret = krb5_parse_name(m_krb5admContext, hoststring.ascii(), &principal_entry); + krb5adm_ret = krb5_parse_name(m_krb5admContext, principalName.ascii(), &principal_entry); if (krb5adm_ret) { if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_parse_name (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret); } @@ -1989,126 +1986,15 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { } } -int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) { - if (bind() < 0) { - return -1; - } - else { - // Use Kerberos kadmin to actually add the service - LDAPCredentials admincreds = currentLDAPCredentials(); - if ((admincreds.username == "") && (admincreds.password == "")) { - // Probably GSSAPI - // Get active ticket principal... - KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList(); - TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false); - admincreds.username = principalParts[0]; - admincreds.realm = principalParts[1]; - admincreds.use_gssapi = true; - } - - TQCString command = "kadmin"; - QCStringList args; - if (m_host.startsWith("ldapi://")) { - args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper()); - } - else { - if (admincreds.username == "") { - args << TQCString("-r") << TQCString(admincreds.realm.upper()); - } - else { - args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper()); - } - } - - TQString hoststring = service.name+"/"+service.machine; - - TQString prompt; - PtyProcess kadminProc; - kadminProc.exec(command, args); - prompt = readFullLineFromPtyProcess(&kadminProc); - prompt = prompt.stripWhiteSpace(); - if (prompt == "kadmin>") { - command = TQCString("ank --random-key "+hoststring); - kadminProc.enableLocalEcho(false); - kadminProc.writeLine(command, true); - do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); - printf("(kadmin) '%s'\n", prompt.ascii()); - } while ((prompt == TQString(command)) || (prompt == "")); - prompt = prompt.stripWhiteSpace(); - // Use all defaults - while (prompt != "kadmin>") { - if (prompt.endsWith(" Password:")) { - if (admincreds.password == "") { - if (tqApp->type() != TQApplication::Tty) { - TQCString password; - int result = KPasswordDialog::getPassword(password, prompt); - if (result == KPasswordDialog::Accepted) { - admincreds.password = password; - } - } - else { - TQFile file; - file.open(IO_ReadOnly, stdin); - TQTextStream qtin(&file); - admincreds.password = qtin.readLine(); - } - } - if (admincreds.password != "") { - kadminProc.enableLocalEcho(false); - kadminProc.writeLine(admincreds.password, true); - do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); - printf("(kadmin) '%s'\n", prompt.ascii()); - } while (prompt == ""); - prompt = prompt.stripWhiteSpace(); - } - } - if (prompt.contains("authentication failed")) { - if (errstr) *errstr = detailedKAdminErrorMessage(prompt); - kadminProc.enableLocalEcho(false); - kadminProc.writeLine("quit", true); - return 1; - } - else { - // Extract whatever default is in the [brackets] and feed it back to kadmin - TQString defaultParam; - int leftbracket = prompt.find("["); - int rightbracket = prompt.find("]"); - if ((leftbracket >= 0) && (rightbracket >= 0)) { - leftbracket++; - defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket); - } - command = TQCString(defaultParam); - kadminProc.enableLocalEcho(false); - kadminProc.writeLine(command, true); - do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); - printf("(kadmin) '%s'\n", prompt.ascii()); - } while ((prompt == TQString(command)) || (prompt == "")); - prompt = prompt.stripWhiteSpace(); - } - } - if (prompt != "kadmin>") { - if (errstr) *errstr = detailedKAdminErrorMessage(prompt); - kadminProc.enableLocalEcho(false); - kadminProc.writeLine("quit", true); - return 1; - } - - // Success! - kadminProc.enableLocalEcho(false); - kadminProc.writeLine("quit", true); - unbind(true); // Using kadmin can disrupt our LDAP connection - - // Move Kerberos entries - return moveKerberosEntries("o=kerberos,cn=kerberos control,ou=master services,ou=core,ou=realm," + m_basedc, errstr); - } - - if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed."; - return 1; // Failure +int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { + LDAPCredentials admincreds = currentLDAPCredentials(true); + TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower(); + return kAdminAddNewPrincipal(hoststring, machine.newPassword, errstr); +} - } +int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) { + TQString hoststring = service.name + "/" + service.machine; + return kAdminAddNewPrincipal(hoststring, TQString::null, errstr); } int LDAPManager::deleteUserInfo(LDAPUserInfo user, TQString *errstr) { diff --git a/src/libtdeldap.h b/src/libtdeldap.h index d91766f..a62c429 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -591,6 +591,7 @@ class LDAPManager : public TQObject { private: int bindKAdmin(TQString *errstr=0); int unbindKAdmin(TQString *errstr=0); + int kAdminAddNewPrincipal(TQString principalName, TQString newPassword, TQString *errstr=0); LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry); LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry); LDAPMachineInfo parseLDAPMachineRecord(LDAPMessage* entry); |