summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-09-28 17:18:35 -0500
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-09-28 17:18:35 -0500
commit0fbc17ac57b74d637494d3546ccf5bfef100a67d (patch)
tree7229e5952f450de89a6e9275b0dee920eb574098
parent3d6055df7b262d0fcb03b37f58c3b0461eef49e3 (diff)
downloadlibtdeldap-0fbc17ac.tar.gz
libtdeldap-0fbc17ac.zip
Convert machine add to kadmin API
-rw-r--r--src/libtdeldap.cpp336
-rw-r--r--src/libtdeldap.h4
2 files changed, 248 insertions, 92 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 9f5f9a5..a227582 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -46,34 +46,15 @@
#include <sys/time.h>
#include <errno.h>
-#if 0
- #include <sys/socket.h>
- #include <sys/un.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+extern "C" {
#include <hdb.h>
#include <kadm5/admin.h>
#include <kadm5/private.h>
#include <kadm5/kadm5-private.h>
-#else
- #include <kadm5/admin.h>
-
- extern "C" {
- // The following declaration was taken from hdb-protos.h
- const char *
- hdb_db_dir (krb5_context /*context*/);
-
- // The following declaration was taken from kadm5-private.h
- kadm5_ret_t
- kadm5_s_init_with_password_ctx (
- krb5_context /*context*/,
- const char */*client_name*/,
- const char */*password*/,
- const char */*service_name*/,
- kadm5_config_params */*realm_params*/,
- unsigned long /*struct_version*/,
- unsigned long /*api_version*/,
- void **/*server_handle*/);
- }
-#endif
+}
#include "libtdeldap.h"
#include "ldaplogindlg.h"
@@ -90,6 +71,9 @@
// This assumes Debian!
#define KRB5_FILE "/etc/krb5.conf"
+//#define KRB5_ANK_RANDOM_PASSWORD_LENGTH 1024
+#define KRB5_ANK_RANDOM_PASSWORD_LENGTH 512
+
#define NSSWITCH_FILE "/etc/nsswitch.conf"
#define PAMD_DIRECTORY "/etc/pam.d/"
@@ -137,6 +121,19 @@ bool fileExists(const char* filename) {
}
}
+static kadm5_ret_t kadm5_get_default_principal_info(krb5_context context, void* handle, krb5_principal princ, kadm5_principal_ent_t def) {
+ kadm5_ret_t ret;
+ krb5_principal def_principal;
+ krb5_const_realm realm = krb5_principal_get_realm(context, princ);
+ ret = krb5_make_principal(context, &def_principal, realm, "default", NULL);
+ if (ret) {
+ return ret;
+ }
+ ret = kadm5_get_principal(handle, def_principal, def, KADM5_PRINCIPAL_NORMAL_MASK);
+ krb5_free_principal(context, def_principal);
+ return ret;
+}
+
LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(0), m_ldap(0), m_krb5admHandle(0), m_krb5admKeytabFilename(0), m_krb5admRealmName(0)
{
TQStringList domainChunks = TQStringList::split(".", realm.lower());
@@ -196,9 +193,24 @@ TQString LDAPManager::realm() {
return m_realm;
}
-LDAPCredentials LDAPManager::currentLDAPCredentials() {
+LDAPCredentials LDAPManager::currentLDAPCredentials(bool inferGSSAPIData) {
if (m_creds) {
- return *m_creds;
+ if (inferGSSAPIData) {
+ LDAPCredentials credentials = *m_creds;
+ if ((credentials.username == "") && (credentials.password == "")) {
+ // Probably GSSAPI
+ // Get active ticket principal...
+ KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
+ TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
+ credentials.username = principalParts[0];
+ credentials.realm = principalParts[1];
+ credentials.use_gssapi = true;
+ }
+ return credentials;
+ }
+ else {
+ return *m_creds;
+ }
}
else {
return LDAPCredentials();
@@ -346,8 +358,9 @@ int LDAPManager::bind(TQString* errstr) {
return -1;
}
struct berval anoncred;
- anoncred.bv_val = "";
- anoncred.bv_len = strlen("");
+ TQCString anonpass = "";
+ anoncred.bv_val = anonpass.data();
+ anoncred.bv_len = anonpass.length();
retcode = ldap_sasl_bind_s(ldapconn, "", mechanism, &anoncred, NULL, NULL, NULL);
if (retcode == LDAP_SUCCESS ) {
// Look for the DN for the specified user
@@ -372,7 +385,7 @@ int LDAPManager::bind(TQString* errstr) {
}
// clean up
ldap_msgfree(msg);
-
+
// All done!
ldap_unbind_ext_s(ldapconn, NULL, NULL);
}
@@ -727,10 +740,10 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
users.append(parseLDAPUserRecord(entry));
}
-
+
// clean up
ldap_msgfree(msg);
-
+
if (mretcode) *mretcode = 0;
return users;
}
@@ -743,7 +756,7 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
LDAPControl* pageControl = NULL;
LDAPControl* serverControls[2] = { NULL, NULL };
LDAPControl** returnedControls = NULL;
-
+
do {
retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl);
if (retcode != LDAP_SUCCESS) {
@@ -791,7 +804,7 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
else {
morePages = false;
}
-
+
if (returnedControls != NULL) {
ldap_controls_free(returnedControls);
returnedControls = NULL;
@@ -799,17 +812,17 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
serverControls[0] = NULL;
ldap_control_free(pageControl);
pageControl = NULL;
-
+
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
users.append(parseLDAPUserRecord(entry));
}
-
+
// clean up
ldap_msgfree(msg);
} while (morePages);
-
+
if (mretcode) *mretcode = 0;
return users;
}
@@ -838,7 +851,7 @@ LDAPUserInfo LDAPManager::getUserByDistinguishedName(TQString dn) {
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
userinfo = parseLDAPUserRecord(entry);
}
-
+
// clean up
ldap_msgfree(msg);
@@ -869,7 +882,7 @@ LDAPGroupInfo LDAPManager::getGroupByDistinguishedName(TQString dn, TQString *er
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
groupinfo = parseLDAPGroupRecord(entry);
}
-
+
// clean up
ldap_msgfree(msg);
@@ -1127,7 +1140,7 @@ TQString LDAPManager::readFullLineFromPtyProcess(PtyProcess* proc) {
return result;
}
-int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) {
+int LDAPManager::bindKAdmin(TQString *errstr) {
int retcode = 1;
kadm5_ret_t krb5adm_ret;
@@ -1186,7 +1199,7 @@ int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) {
krb5adm_ret = krb5_init_context(&m_krb5admContext);
if (krb5adm_ret) {
- if (errstr) *errstr = TQString("%1<p>Details:<br>Failed to execute kadm5_init_krb5_context (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
+ if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_init_krb5_context (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
else {
if (use_local_socket) {
@@ -1205,7 +1218,7 @@ int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) {
if (krb5adm_ret) {
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_prepend_config_files_default (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
-
+
krb5adm_ret = krb5_set_config_files(m_krb5admContext, files);
krb5_free_config_files(files);
if(krb5adm_ret) {
@@ -1278,7 +1291,7 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
int retcode;
kadm5_ret_t krb5adm_ret;
- retcode = bindKAdmin(user, errstr);
+ retcode = bindKAdmin(errstr);
if (retcode == 0) {
retcode = 1;
krb5_principal user_kadm5_principal;
@@ -1301,6 +1314,7 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
}
unbindKAdmin();
+ unbind(true); // Using kadmin can disrupt our LDAP connection
}
return retcode;
@@ -1833,6 +1847,147 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
return -1;
}
else {
+ int retcode;
+ kadm5_ret_t krb5adm_ret;
+ int i;
+ char* password = NULL;
+
+ retcode = bindKAdmin(errstr);
+ if (retcode == 0) {
+ retcode = 1;
+ bool generate_password;
+ if (machine.newPassword == "") {
+ generate_password = true;
+ }
+ else {
+ generate_password = false;
+ password = strdup(machine.newPassword.data());
+ }
+
+ LDAPCredentials admincreds = currentLDAPCredentials(true);
+ TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower();
+
+ // Construct and add new principal record
+ kadm5_principal_ent_rec principal_record;
+ kadm5_principal_ent_rec default_record;
+ kadm5_principal_ent_rec *default_entry = NULL;
+ krb5_principal principal_entry = NULL;
+ int mask = 0;
+
+ memset(&principal_record, 0, sizeof(principal_record));
+ krb5adm_ret = krb5_parse_name(m_krb5admContext, hoststring.ascii(), &principal_entry);
+ if (krb5adm_ret) {
+ if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_parse_name (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
+ }
+ principal_record.principal = principal_entry;
+ mask |= KADM5_PRINCIPAL;
+
+ default_entry = &default_record;
+ krb5adm_ret = kadm5_get_default_principal_info(m_krb5admContext, m_krb5admHandle, principal_entry, default_entry);
+ if (krb5adm_ret) {
+ default_entry = NULL;
+ if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_get_default_principal_info (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
+ }
+ else {
+ // Use defaults
+ principal_record.max_life = default_entry->max_life;
+ principal_record.max_renewable_life = default_entry->max_renewable_life;
+ principal_record.princ_expire_time = default_entry->princ_expire_time;
+ principal_record.pw_expiration = default_entry->pw_expiration;
+ principal_record.attributes = default_entry->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX;
+ principal_record.policy = strdup(default_entry->policy);
+
+ if (generate_password) {
+ const char charset[] =
+ "@$%&*()-+=:,/<>?0123456789"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz";
+ const size_t max_index = (sizeof(charset) - 2);
+
+ TQFile randomNode("/dev/urandom");
+ if (randomNode.open(IO_ReadOnly)) {
+ password = (char*)malloc(sizeof(char) * KRB5_ANK_RANDOM_PASSWORD_LENGTH);
+ if (password) {
+ if (randomNode.readBlock(password, KRB5_ANK_RANDOM_PASSWORD_LENGTH) < KRB5_ANK_RANDOM_PASSWORD_LENGTH) {
+ free(password);
+ password = NULL;
+ }
+ else {
+ for (i = 0; i < KRB5_ANK_RANDOM_PASSWORD_LENGTH - 1; i++) {
+ while ((unsigned char)password[i] > max_index) {
+ password[i] -= max_index;
+ }
+ password[i] = charset[(int)password[i]];
+ }
+ password[i] = 0;
+ }
+ }
+ randomNode.close();
+ }
+ if (password) {
+ principal_record.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+ mask |= KADM5_ATTRIBUTES;
+ }
+ else {
+ if (errstr) *errstr = i18n("Unable to generate random password");
+ }
+ }
+
+ if (password) {
+ krb5adm_ret = kadm5_create_principal(m_krb5admHandle, &principal_record, mask, password);
+ if (krb5adm_ret) {
+ if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_create_principal (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
+ }
+ else {
+ if (generate_password) {
+ krb5_keyblock *new_keys;
+ int key_count;
+ krb5adm_ret = kadm5_randkey_principal(m_krb5admHandle, principal_entry, &new_keys, &key_count);
+ if (krb5adm_ret) {
+ key_count = 0;
+ }
+ for (i = 0; i < key_count; i++) {
+ krb5_free_keyblock_contents(m_krb5admContext, &new_keys[i]);
+ }
+ if (key_count > 0) {
+ free(new_keys);
+ }
+ kadm5_get_principal(m_krb5admHandle, principal_entry, &principal_record, KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
+ krb5_free_principal(m_krb5admContext, principal_entry);
+ principal_entry = principal_record.principal;
+ principal_record.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
+ principal_record.kvno = 1;
+ krb5adm_ret = kadm5_modify_principal(m_krb5admHandle, &principal_record, KADM5_ATTRIBUTES | KADM5_KVNO);
+ if (krb5adm_ret) {
+ if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_modify_principal (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
+ }
+ else {
+ retcode = 0;
+ }
+ }
+ else {
+ retcode = 0;
+ }
+ }
+ }
+ }
+
+ kadm5_free_principal_ent(m_krb5admHandle, &principal_record);
+ if (default_entry) {
+ kadm5_free_principal_ent(m_krb5admHandle, default_entry);
+ }
+
+ if (password) {
+ free(password);
+ }
+
+ unbindKAdmin();
+ unbind(true); // Using kadmin can disrupt our LDAP connection
+ }
+
+ return retcode;
+
+#if 0
// Use Kerberos kadmin to actually add the machine
LDAPCredentials admincreds = currentLDAPCredentials();
if ((admincreds.username == "") && (admincreds.password == "")) {
@@ -1844,7 +1999,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
admincreds.realm = principalParts[1];
admincreds.use_gssapi = true;
}
-
+
TQCString command = "kadmin";
QCStringList args;
if (m_host.startsWith("ldapi://")) {
@@ -1950,6 +2105,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
return 1; // Failure
+#endif
}
}
@@ -1970,7 +2126,7 @@ int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
admincreds.realm = principalParts[1];
admincreds.use_gssapi = true;
}
-
+
TQCString command = "kadmin";
QCStringList args;
if (m_host.startsWith("ldapi://")) {
@@ -2370,10 +2526,10 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
groups.append(parseLDAPGroupRecord(entry));
}
-
+
// clean up
ldap_msgfree(msg);
-
+
if (mretcode) *mretcode = 0;
return groups;
}
@@ -2386,7 +2542,7 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
LDAPControl* pageControl = NULL;
LDAPControl* serverControls[2] = { NULL, NULL };
LDAPControl** returnedControls = NULL;
-
+
do {
retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl);
if (retcode != LDAP_SUCCESS) {
@@ -2434,7 +2590,7 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
else {
morePages = false;
}
-
+
if (returnedControls != NULL) {
ldap_controls_free(returnedControls);
returnedControls = NULL;
@@ -2442,17 +2598,17 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
serverControls[0] = NULL;
ldap_control_free(pageControl);
pageControl = NULL;
-
+
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
groups.append(parseLDAPGroupRecord(entry));
}
-
+
// clean up
ldap_msgfree(msg);
} while (morePages);
-
+
if (mretcode) *mretcode = 0;
return groups;
}
@@ -2491,10 +2647,10 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
machines.append(parseLDAPMachineRecord(entry));
}
-
+
// clean up
ldap_msgfree(msg);
-
+
if (mretcode) *mretcode = 0;
return machines;
}
@@ -2507,7 +2663,7 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
LDAPControl* pageControl = NULL;
LDAPControl* serverControls[2] = { NULL, NULL };
LDAPControl** returnedControls = NULL;
-
+
do {
retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl);
if (retcode != LDAP_SUCCESS) {
@@ -2555,7 +2711,7 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
else {
morePages = false;
}
-
+
if (returnedControls != NULL) {
ldap_controls_free(returnedControls);
returnedControls = NULL;
@@ -2563,17 +2719,17 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
serverControls[0] = NULL;
ldap_control_free(pageControl);
pageControl = NULL;
-
+
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
machines.append(parseLDAPMachineRecord(entry));
}
-
+
// clean up
ldap_msgfree(msg);
} while (morePages);
-
+
if (mretcode) *mretcode = 0;
return machines;
}
@@ -2678,7 +2834,7 @@ int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName,
admincreds.realm = principalParts[1];
admincreds.use_gssapi = true;
}
-
+
TQCString command = "kadmin";
QCStringList args;
if (m_host.startsWith("ldapi://")) {
@@ -3498,7 +3654,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
-
+
// Load LDAP modification requests from provided data structure
i=0;
TQStringList serverMappingList;
@@ -3509,13 +3665,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
add_multiple_attributes_operation(mods, &i, "olcServerID", serverMappingList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
-
+
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, "cn=config", mods, NULL, NULL);
-
+
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
-
+
if (retcode == LDAP_NO_SUCH_ATTRIBUTE) {
// Add new object instead
// Assemble the LDAPMod structure
@@ -3523,7 +3679,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
-
+
// Load LDAP modification requests from provided data structure
i=0;
TQStringList serverMappingList;
@@ -3534,14 +3690,14 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
create_multiple_attributes_operation(mods, &i, "olcServerID", serverMappingList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
-
+
// Perform LDAP update
retcode = ldap_add_ext_s(m_ldap, "cn=config", mods, NULL, NULL);
-
+
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
}
-
+
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
@@ -3554,16 +3710,16 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
-
+
// Load LDAP delete request
i=0;
delete_single_attribute_operation(mods, &i, "olcServerID");
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
-
+
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, "cn=config", mods, NULL, NULL);
-
+
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
@@ -3679,20 +3835,20 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 2; // 2 primary attributes
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
-
+
// Load LDAP delete request
i=0;
delete_single_attribute_operation(mods, &i, "olcSyncRepl");
delete_single_attribute_operation(mods, &i, "olcMirrorMode");
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
-
+
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={1}hdb,cn=config", mods, NULL, NULL);
-
+
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
-
+
if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) {
if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
@@ -3706,20 +3862,20 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 2; // 2 primary attributes
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
-
+
// Load LDAP delete request
i=0;
delete_single_attribute_operation(mods, &i, "olcSyncRepl");
delete_single_attribute_operation(mods, &i, "olcMirrorMode");
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
-
+
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={0}config,cn=config", mods, NULL, NULL);
-
+
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
-
+
if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) {
if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
@@ -3758,7 +3914,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
haveOlcOverlaySyncProv = true;
}
}
-
+
// clean up
ldap_msgfree(msg);
@@ -3776,13 +3932,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
-
+
// Add new object
retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL);
-
+
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
-
+
if (retcode != LDAP_SUCCESS) {
if (errstr) {
*errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
@@ -3808,7 +3964,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
haveOlcOverlaySyncProv = true;
}
}
-
+
// clean up
ldap_msgfree(msg);
@@ -3826,13 +3982,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
-
+
// Add new object
retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config", mods, NULL, NULL);
-
+
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
-
+
if (retcode != LDAP_SUCCESS) {
if (errstr) {
*errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
@@ -4623,16 +4779,16 @@ int LDAPManager::generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQStri
TQString LDAPManager::getMachineFQDN() {
struct addrinfo hints, *info, *p;
int gai_result;
-
+
char hostname[1024];
hostname[1023] = '\0';
gethostname(hostname, 1023);
-
+
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC; // IPV4 or IPV6
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_CANONNAME;
-
+
if ((gai_result = getaddrinfo(hostname, NULL, &hints, &info)) != 0) {
return TQString(hostname);
}
@@ -4976,7 +5132,7 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQStrin
int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUserInfo user, TQString opensslConfigFile, TQString caRootKeyFile, TQString caRootCertFile, TQString caRootDatabaseFile, TQString autoLoginPIN, TQString *errstr) {
TQString ca_public_crl_certfile = KERBEROS_PKI_PUBLICDIR + realmcfg.admin_server + ".ldap.crl";
TQString crl_url;
-
+
crl_url = TQString("URI:file://%1,URI:file://%2").arg(KERBEROS_PKI_CRL_FILE).arg(ca_public_crl_certfile);
if (caRootKeyFile == "") {
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index ee685b4..d91766f 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -521,7 +521,7 @@ class LDAPManager : public TQObject {
int exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr=0);
- LDAPCredentials currentLDAPCredentials();
+ LDAPCredentials currentLDAPCredentials(bool inferGSSAPIData=false);
int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
int writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr=0);
@@ -589,7 +589,7 @@ class LDAPManager : public TQObject {
static int unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0);
private:
- int bindKAdmin(LDAPUserInfo user, TQString *errstr=0);
+ int bindKAdmin(TQString *errstr=0);
int unbindKAdmin(TQString *errstr=0);
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);