summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/libtdeldap.cpp116
-rw-r--r--src/libtdeldap.h6
2 files changed, 121 insertions, 1 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 8aac29f..872b436 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -2656,6 +2656,78 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at
}
}
+TQString LDAPManager::getRealmCAMaster(TQString* errstr) {
+ int retcode;
+ int i;
+ TQString realmCAMaster;
+
+ TQString dn = TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc);
+
+ if (bind() < 0) {
+ return TQString();
+ }
+ else {
+ LDAPMessage* msg;
+ retcode = ldap_search_ext_s(m_ldap, dn.ascii(), LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
+ if (retcode != LDAP_SUCCESS) {
+ if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+ return TQString();
+ }
+
+ // Iterate through the returned entries
+ LDAPMessage* entry;
+ for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
+ TQString result;
+ if (parseLDAPTDEStringAttribute(entry, "publicRootCertificateOriginServer", result)) {
+ realmCAMaster = result;
+ }
+ }
+
+ // clean up
+ ldap_msgfree(msg);
+
+ return realmCAMaster;
+ }
+}
+
+int LDAPManager::setRealmCAMaster(TQString masterFQDN, TQString* errstr) {
+ int retcode;
+ int i;
+
+ if (bind() < 0) {
+ return -1;
+ }
+ else {
+ // Assemble the LDAPMod structure
+ // We will replace any existing attributes with the new values
+ int number_of_parameters = 1; // 1 primary attribute
+ LDAPMod *mods[number_of_parameters+1];
+ set_up_attribute_operations(mods, number_of_parameters);
+
+ // Load LDAP modification requests from provided data structure
+ i=0;
+ add_single_attribute_operation(mods, &i, "publicRootCertificateOriginServer", masterFQDN);
+ LDAPMod *prevterm = mods[i];
+ mods[i] = NULL;
+
+ // Perform LDAP update
+ retcode = ldap_modify_ext_s(m_ldap, TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc).ascii(), mods, NULL, NULL);
+
+ // Clean up
+ clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
+
+ if (retcode != LDAP_SUCCESS) {
+ if (errstr) *errstr = i18n("<qt>LDAP CA master modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("<qt>LDAP CA master modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+ return -2;
+ }
+ else {
+ return 0;
+ }
+ }
+}
+
// Special method, used when creating a new Kerberos realm
int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
int retcode;
@@ -2824,6 +2896,41 @@ LDAPTDEBuiltinsInfo LDAPManager::parseLDAPTDEBuiltinsRecord(LDAPMessage* entry)
return builtininfo;
}
+bool LDAPManager::parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval) {
+ char* dn = NULL;
+ char* attr;
+ struct berval **vals;
+ BerElement* ber;
+ int i;
+ bool found = false;
+
+ LDAPTDEBuiltinsInfo builtininfo;
+
+ if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
+ ldap_memfree(dn);
+ }
+
+ for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
+ if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
+ builtininfo.informationValid = true;
+ TQString ldap_field = attr;
+ i=0;
+ if (ldap_field == attribute) {
+ retval = TQString(vals[i]->bv_val);
+ found = true;
+ }
+ ldap_value_free_len(vals);
+ }
+ ldap_memfree(attr);
+ }
+
+ if (ber != NULL) {
+ ber_free(ber, 0);
+ }
+
+ return found;
+}
+
LDAPMasterReplicationInfo LDAPManager::parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry) {
char* dn = NULL;
char* attr;
@@ -3153,7 +3260,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
TQString databaseDN;
ridString.sprintf("%03d", rid);
databaseDN = "cn=config";
- serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout);
+ serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"allow":"demand");
+ if (replicationinfo.certificateFile != "") {
+ serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
+ }
+ if (replicationinfo.caCertificateFile != "") {
+ serverSyncReplString.append(TQString(" tls_cacert=\"%1\"").arg(replicationinfo.caCertificateFile));
+ }
syncReplServerList.append(serverSyncReplString);
rid++;
}
@@ -4245,6 +4358,7 @@ LDAPMasterReplicationInfo::LDAPMasterReplicationInfo() {
// See http://www.openldap.org/doc/admin24/slapdconfig.html for syntax
retryMethod = "5 5 300 5";
timeout = 1;
+ ignore_ssl_failure = false;
}
LDAPMasterReplicationInfo::~LDAPMasterReplicationInfo() {
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index ee60b94..c3d58f0 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -403,6 +403,8 @@ class LDAPMasterReplicationInfo
TQString syncDN;
TQCString syncPassword;
TQString certificateFile;
+ TQString caCertificateFile;
+ bool ignore_ssl_failure;
};
class KerberosTicketInfo
@@ -476,6 +478,9 @@ class LDAPManager : public TQObject {
int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
int writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr=0);
+ TQString getRealmCAMaster(TQString* errstr=0);
+ int setRealmCAMaster(TQString masterFQDN, TQString* errstr=0);
+
LDAPTDEBuiltinsInfo getTDEBuiltinMappings(TQString *errstr=0);
LDAPMasterReplicationInfo getLDAPMasterReplicationSettings(TQString *errstr=0);
int setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo replicationinfo, TQString *errstr=0);
@@ -524,6 +529,7 @@ class LDAPManager : public TQObject {
LDAPTDEBuiltinsInfo parseLDAPTDEBuiltinsRecord(LDAPMessage* entry);
LDAPMasterReplicationInfo parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry);
TQString parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry);
+ bool parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval);
private:
TQString m_realm;