summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libtdeldap.cpp87
1 files changed, 27 insertions, 60 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index fd608e1..1d5486b 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -149,7 +149,6 @@ int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void*
}
int LDAPManager::bind(TQString* errstr) {
-printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout);
if (m_ldap) {
return 0;
}
@@ -166,7 +165,6 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
havepass = true;
}
else {
-printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
LDAPPasswordDialog passdlg(0, 0, (m_krbTickets.count() > 0));
passdlg.m_base->ldapAdminRealm->setEnabled(false);
passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
@@ -209,7 +207,6 @@ printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port);
}
}
-printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout);
int retcode = ldap_initialize(&m_ldap, uri.ascii());
if (retcode < 0) {
@@ -223,7 +220,6 @@ printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout);
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND)), i18n("Unable to connect to server!"));
return -1;
}
-printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
TQString errorString;
if (havepass == true) {
@@ -233,7 +229,6 @@ printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
TQCString pass = m_creds->password;
cred.bv_val = pass.data();
cred.bv_len = pass.length();
-printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
if ((!using_ldapi && !using_gssapi)) {
if (!ldap_dn.contains(",")) {
// Look for a POSIX account with anonymous bind and the specified account name
@@ -304,7 +299,6 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
else {
retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
}
-printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout);
if (retcode != LDAP_SUCCESS ) {
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND));
@@ -322,7 +316,6 @@ printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout);
}
int LDAPManager::unbind(bool force, TQString* errstr) {
-printf("[RAJA DEBUG 601.0] In LDAPManager::unbind()\n\r"); fflush(stdout);
if (!m_ldap) {
return 0;
}
@@ -349,7 +342,6 @@ LDAPUserInfo LDAPManager::parseLDAPUserRecord(LDAPMessage* entry) {
LDAPUserInfo userinfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
- printf("Returned dn: %s\n", dn);
userinfo.distinguishedName = dn;
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
@@ -362,7 +354,6 @@ LDAPUserInfo LDAPManager::parseLDAPUserRecord(LDAPMessage* entry) {
for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
-printf("[RAJA DEBUG 100.3] %s: %s\n\r", attr, vals[i]->bv_val);
userinfo.informationValid = true;
TQString ldap_field = attr;
i=0;
@@ -564,22 +555,18 @@ printf("[RAJA DEBUG 100.3] %s: %s\n\r", attr, vals[i]->bv_val);
ber_free(ber, 0);
}
- printf("\n\r");
-
return userinfo;
}
LDAPUserInfoList LDAPManager::users(int* mretcode) {
int retcode;
LDAPUserInfoList users;
-printf("[RAJA DEBUG 100.0] In LDAPManager::users()\n\r"); fflush(stdout);
if (bind() < 0) {
if (mretcode) *mretcode = -1;
return LDAPUserInfoList();
}
else {
-printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(objectClass=posixAccount)";
@@ -590,8 +577,6 @@ printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(std
return LDAPUserInfoList();
}
-printf("[RAJA DEBUG 100.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
-
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
@@ -865,14 +850,14 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
}
LDAPCredentials admincreds = currentLDAPCredentials();
-
- // RAJA FIXME
- // How to handle GSSAPI auth?
- // We can't really at this point
- // GSSAPI and friends ONLY WORK if 'kinit -S kadmin/admin' was run after the inital TGT was granted
- // What we need is a proper ticket management system
- // Also, why doesn't 'kgetcred kadmin/admin' work?
- // For now, let's just prompt for the password if admincreds.password == ""
+ if ((admincreds.username == "") && (admincreds.password == "")) {
+ // Probably GSSAPI
+ // Get active ticket principal...
+ KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
+ TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
+ admincreds.username = principalParts[0];
+ admincreds.realm = principalParts[1];
+ }
TQCString command = "kadmin";
QCStringList args;
@@ -880,7 +865,12 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
}
else {
- args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+ if (admincreds.username == "") {
+ args << TQCString("-r") << TQCString(admincreds.realm.upper());
+ }
+ else {
+ args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+ }
}
TQString prompt;
@@ -905,10 +895,19 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
prompt = prompt.stripWhiteSpace();
}
if (prompt.endsWith(" Password:")) {
- kadminProc.writeLine(admincreds.password, true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = kadminProc.readLine(true);
- prompt = prompt.stripWhiteSpace();
+ if (admincreds.password == "") {
+ TQCString password;
+ int result = KPasswordDialog::getPassword(password, prompt);
+ if (result == KPasswordDialog::Accepted) {
+ admincreds.password = password;
+ }
+ }
+ if (admincreds.password != "") {
+ kadminProc.writeLine(admincreds.password, true);
+ prompt = kadminProc.readLine(true); // Discard our own input
+ prompt = kadminProc.readLine(true);
+ prompt = prompt.stripWhiteSpace();
+ }
}
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
@@ -1539,7 +1538,6 @@ LDAPGroupInfo LDAPManager::parseLDAPGroupRecord(LDAPMessage* entry) {
LDAPGroupInfo groupinfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
- printf("Returned dn: %s\n", dn);
groupinfo.distinguishedName = dn;
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
@@ -1552,9 +1550,6 @@ LDAPGroupInfo LDAPManager::parseLDAPGroupRecord(LDAPMessage* entry) {
for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
-for(i = 0; vals[i] != NULL; i++) {
- printf("[RAJA DEBUG 110.3] %s: %s\n\r", attr, vals[i]->bv_val);
-}
groupinfo.informationValid = true;
TQString ldap_field = attr;
i=0;
@@ -1587,8 +1582,6 @@ for(i = 0; vals[i] != NULL; i++) {
ber_free(ber, 0);
}
- printf("\n\r");
-
return groupinfo;
}
@@ -1602,7 +1595,6 @@ LDAPMachineInfo LDAPManager::parseLDAPMachineRecord(LDAPMessage* entry) {
LDAPMachineInfo machineinfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
- printf("Returned dn: %s\n", dn);
machineinfo.distinguishedName = dn;
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
@@ -1616,9 +1608,6 @@ LDAPMachineInfo LDAPManager::parseLDAPMachineRecord(LDAPMessage* entry) {
for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
-for(i = 0; vals[i] != NULL; i++) {
- printf("[RAJA DEBUG 120.3] %s: %s\n\r", attr, vals[i]->bv_val);
-}
machineinfo.informationValid = true;
TQString ldap_field = attr;
i=0;
@@ -1640,22 +1629,18 @@ for(i = 0; vals[i] != NULL; i++) {
ber_free(ber, 0);
}
- printf("\n\r");
-
return machineinfo;
}
LDAPGroupInfoList LDAPManager::groups(int* mretcode) {
int retcode;
LDAPGroupInfoList groups;
-printf("[RAJA DEBUG 110.0] In LDAPManager::groups()\n\r"); fflush(stdout);
if (bind() < 0) {
if (mretcode) *mretcode = -1;
return LDAPGroupInfoList();
}
else {
-printf("[RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(objectClass=posixGroup)";
@@ -1665,13 +1650,10 @@ printf("[RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK\n\r"); fflush(st
if (mretcode) *mretcode = -1;
return LDAPGroupInfoList();
}
-
-printf("[RAJA DEBUG 110.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
- // RAJA
groups.append(parseLDAPGroupRecord(entry));
}
@@ -1688,14 +1670,12 @@ printf("[RAJA DEBUG 110.2] The number of entries returned was %d\n\n", ldap_coun
LDAPMachineInfoList LDAPManager::machines(int* mretcode) {
int retcode;
LDAPMachineInfoList machines;
-printf("[RAJA DEBUG 120.0] In LDAPManager::machines()\n\r"); fflush(stdout);
if (bind() < 0) {
if (mretcode) *mretcode = -1;
return LDAPMachineInfoList();
}
else {
-printf("[RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(&(objectClass=krb5Principal)(uid=host/*))";
@@ -1705,8 +1685,6 @@ printf("[RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK\n\r"); fflush(
if (mretcode) *mretcode = -1;
return LDAPMachineInfoList();
}
-
-printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
// Iterate through the returned entries
LDAPMessage* entry;
@@ -1783,13 +1761,11 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at
// Special method, used when creating a new Kerberos realm
int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
int retcode;
-printf("[RAJA DEBUG 140.0] In LDAPManager::moveKerberosEntries()\n\r"); fflush(stdout);
if (bind(errstr) < 0) {
return -1;
}
else {
-printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(&(objectClass=krb5Principal)(!(objectClass=posixAccount)))";
@@ -1798,8 +1774,6 @@ printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r
KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -1;
}
-
-printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
// Iterate through the returned entries
LDAPMessage* entry;
@@ -1811,7 +1785,6 @@ printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_coun
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
-printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.ascii(), newSuffix.ascii()); fflush(stdout);
retcode = ldap_rename_s(m_ldap, dn, id, newSuffix, 0, NULL, NULL);
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("LDAP rename failure<p>Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode));
@@ -1893,15 +1866,11 @@ LDAPTDEBuiltinsInfo LDAPManager::parseLDAPTDEBuiltinsRecord(LDAPMessage* entry)
LDAPTDEBuiltinsInfo builtininfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
- printf("Returned dn: %s\n", dn);
ldap_memfree(dn);
}
for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
-for(i = 0; vals[i] != NULL; i++) {
- printf("[RAJA DEBUG 160.3] %s: %s\n\r", attr, vals[i]->bv_val);
-}
builtininfo.informationValid = true;
TQString ldap_field = attr;
i=0;
@@ -1926,8 +1895,6 @@ for(i = 0; vals[i] != NULL; i++) {
ber_free(ber, 0);
}
- printf("\n\r");
-
return builtininfo;
}