summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libtdeldap.cpp139
-rw-r--r--src/libtdeldap.h4
2 files changed, 143 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 0176bbe..2088d2e 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -1458,6 +1458,18 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group, TQString *errstr) {
}
}
+// FIXME
+int LDAPManager::updateMachineInfo(LDAPMachineInfo group, TQString *errstr) {
+ if (errstr) *errstr = i18n("<qt>Not implemented yet!</qt>");
+ return -1;
+}
+
+// FIXME
+int LDAPManager::updateServiceInfo(LDAPServiceInfo group, TQString *errstr) {
+ if (errstr) *errstr = i18n("<qt>Not implemented yet!</qt>");
+ return -1;
+}
+
int LDAPManager::addUserInfo(LDAPUserInfo user, TQString *errstr) {
int retcode;
int i;
@@ -1601,6 +1613,133 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) {
}
}
+int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
+ LDAPGroupInfo machineinfo;
+
+ if (bind() < 0) {
+ return -1;
+ }
+ else {
+ // Use Kerberos kadmin to actually add the machine
+ LDAPCredentials admincreds = currentLDAPCredentials();
+ if ((admincreds.username == "") && (admincreds.password == "")) {
+ // Probably GSSAPI
+ // Get active ticket principal...
+ KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
+ TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
+ admincreds.username = principalParts[0];
+ admincreds.realm = principalParts[1];
+ }
+
+ TQCString command = "kadmin";
+ QCStringList args;
+ if (m_host.startsWith("ldapi://")) {
+ args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
+ }
+ else {
+ if (admincreds.username == "") {
+ args << TQCString("-r") << TQCString(admincreds.realm.upper());
+ }
+ else {
+ args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+ }
+ }
+
+ TQString hoststring = "host/"+machine.name+"."+admincreds.realm.lower();
+
+ TQString prompt;
+ PtyProcess kadminProc;
+ kadminProc.exec(command, args);
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = prompt.stripWhiteSpace();
+ if (prompt == "kadmin>") {
+ if (machine.newPassword == "") {
+ command = TQCString("ank --random-key "+hoststring);
+ }
+ else {
+ command = TQCString("ank --password=\""+machine.newPassword+"\" "+hoststring);
+ }
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ // Use all defaults
+ while (prompt != "kadmin>") {
+ if (prompt.endsWith(" Password:")) {
+ if (admincreds.password == "") {
+ if (tqApp->type() != TQApplication::Tty) {
+ TQCString password;
+ int result = KPasswordDialog::getPassword(password, prompt);
+ if (result == KPasswordDialog::Accepted) {
+ admincreds.password = password;
+ }
+ }
+ else {
+ TQFile file;
+ file.open(IO_ReadOnly, stdin);
+ TQTextStream qtin(&file);
+ admincreds.password = qtin.readLine();
+ }
+ }
+ if (admincreds.password != "") {
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine(admincreds.password, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == "");
+ prompt = prompt.stripWhiteSpace();
+ }
+ }
+ if (prompt.contains("authentication failed")) {
+ if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+ else {
+ // Extract whatever default is in the [brackets] and feed it back to kadmin
+ TQString defaultParam;
+ int leftbracket = prompt.find("[");
+ int rightbracket = prompt.find("]");
+ if ((leftbracket >= 0) && (rightbracket >= 0)) {
+ leftbracket++;
+ defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
+ }
+ command = TQCString(defaultParam);
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
+ }
+ }
+ if (prompt != "kadmin>") {
+ if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+
+ // Success!
+ kadminProc.enableLocalEcho(false);
+ kadminProc.writeLine("quit", true);
+ unbind(true); // Using kadmin can disrupt our LDAP connection
+
+ return 0;
+ }
+
+ if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
+ return 1; // Failure
+
+ }
+}
+
int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
LDAPGroupInfo serviceinfo;
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index a6d47b4..f6b5e54 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -320,6 +320,7 @@ class LDAPMachineInfo
TQString creatorsName;
TQString name;
+ TQString newPassword;
bool tde_builtin_account;
LDAPKRB5Flags status; // Default is 126 [KRB5_MACHINE_ACCOUNT_DEFAULT]
};
@@ -408,8 +409,11 @@ class LDAPManager : public TQObject {
LDAPGroupInfo getGroupByDistinguishedName(TQString dn, TQString *errstr=0);
int updateUserInfo(LDAPUserInfo user, TQString *errstr=0);
int updateGroupInfo(LDAPGroupInfo group, TQString *errstr=0);
+ int updateMachineInfo(LDAPMachineInfo group, TQString *errstr=0);
+ int updateServiceInfo(LDAPServiceInfo group, TQString *errstr=0);
int addUserInfo(LDAPUserInfo user, TQString *errstr=0);
int addGroupInfo(LDAPGroupInfo group, TQString *errstr=0);
+ int addMachineInfo(LDAPMachineInfo machine, TQString *errstr=0);
int addServiceInfo(LDAPServiceInfo service, TQString *errstr=0);
int deleteUserInfo(LDAPUserInfo user, TQString *errstr=0);
int deleteGroupInfo(LDAPGroupInfo group, TQString *errstr=0);