From 072098e10daf6fb9a0af0065d9b1130c5405bd0d Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Mon, 11 Jun 2012 02:10:36 -0500 Subject: Add a variety of ticket management functions --- src/libtdeldap.h | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) (limited to 'src/libtdeldap.h') diff --git a/src/libtdeldap.h b/src/libtdeldap.h index 39ce2b0..0edf803 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -77,6 +77,48 @@ enum LDAPKRB5Flags { KRB5_FLAG_MAX = 0x80000000 }; +inline LDAPKRB5Flags operator|(LDAPKRB5Flags a, LDAPKRB5Flags b) +{ + return static_cast(static_cast(a) | static_cast(b)); +} + +inline LDAPKRB5Flags operator&(LDAPKRB5Flags a, LDAPKRB5Flags b) +{ + return static_cast(static_cast(a) & static_cast(b)); +} + +// Values from krb5.asn1 +enum KRB5TicketFlags { + KRB5_TICKET_RESERVED = 0x00000001, + KRB5_TICKET_FORWARDABLE = 0x00000002, + KRB5_TICKET_FORWARDED = 0x00000004, + KRB5_TICKET_PROXIABLE = 0x00000008, + KRB5_TICKET_PROXY = 0x00000010, + KRB5_TICKET_MAY_POSTDATE = 0x00000020, + KRB5_TICKET_POSTDATED = 0x00000040, + KRB5_TICKET_INVALID = 0x00000080, + KRB5_TICKET_RENEWABLE = 0x00000100, + KRB5_TICKET_INITIAL = 0x00000200, + KRB5_TICKET_PREAUTHENT = 0x00000400, + KRB5_TICKET_HW_AUTHENT = 0x00000800, + KRB5_TICKET_TRANSIT_CHECKED = 0x00001000, + KRB5_TICKET_OK_AS_DELEGATE = 0x00002000, + KRB5_TICKET_ANONYMOUS = 0x00004000, + KRB5_TICKET_ENC_PA_REP = 0x00008000, + + KRB5_TICKET_FLAG_MAX = 0x80000000 +}; + +inline KRB5TicketFlags operator|(KRB5TicketFlags a, KRB5TicketFlags b) +{ + return static_cast(static_cast(a) | static_cast(b)); +} + +inline KRB5TicketFlags operator&(KRB5TicketFlags a, KRB5TicketFlags b) +{ + return static_cast(static_cast(a) & static_cast(b)); +} + typedef TQValueList UserList; typedef TQValueList GroupList; @@ -91,6 +133,7 @@ class LDAPCredentials TQCString password; TQString realm; bool use_tls; + TQString service; }; // PRIVATE @@ -262,9 +305,33 @@ class LDAPTDEBuiltinsInfo TQString builtinStandardUserGroup; }; +class KerberosTicketInfo +{ + public: + KerberosTicketInfo(); + ~KerberosTicketInfo(); + + public: + bool informationValid; + TQString cacheURL; + TQString cachePrincipal; + int cacheVersion; + TQString serverPrincipal; + TQString clientPrincipal; + TQString encryptionType; + int keyVersionNumber; + int ticketSize; + TQDateTime authenticationTime; + TQDateTime validStartTime; + TQDateTime validEndTime; + KRB5TicketFlags flags; + TQStringList addresses; +}; + typedef TQValueList LDAPUserInfoList; typedef TQValueList LDAPGroupInfoList; typedef TQValueList LDAPMachineInfoList; +typedef TQValueList KerberosTicketInfoList; class LDAPManager : public TQObject { Q_OBJECT @@ -315,6 +382,11 @@ class LDAPManager : public TQObject { static TQString ldapdnForRealm(TQString realm); static TQString cnFromDn(TQString dn); + static KerberosTicketInfoList getKerberosTicketList(TQString cache=TQString::null, TQString *cacheFileName=0); + static int getKerberosPassword(LDAPCredentials &creds, TQString prompt, bool requestServicePrincipal=false, TQWidget* parent=0); + static int obtainKerberosTicket(LDAPCredentials creds, TQString principal, TQString *errstr=0); + static int destroyKerberosTicket(TQString principal, TQString *errstr=0); + private: LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry); LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry); -- cgit v1.2.1