diff options
| -rw-r--r-- | src/libtdeldap.cpp | 87 |
1 files changed, 27 insertions, 60 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index fd608e1..1d5486b 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -149,7 +149,6 @@ int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* } int LDAPManager::bind(TQString* errstr) { -printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout); if (m_ldap) { return 0; } @@ -166,7 +165,6 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout havepass = true; } else { -printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout); LDAPPasswordDialog passdlg(0, 0, (m_krbTickets.count() > 0)); passdlg.m_base->ldapAdminRealm->setEnabled(false); passdlg.m_base->ldapAdminRealm->insertItem(m_realm); @@ -209,7 +207,6 @@ printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout); uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port); } } -printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout); int retcode = ldap_initialize(&m_ldap, uri.ascii()); if (retcode < 0) { @@ -223,7 +220,6 @@ printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout); else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND)), i18n("Unable to connect to server!")); return -1; } -printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout); TQString errorString; if (havepass == true) { @@ -233,7 +229,6 @@ printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout); TQCString pass = m_creds->password; cred.bv_val = pass.data(); cred.bv_len = pass.length(); -printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout); if ((!using_ldapi && !using_gssapi)) { if (!ldap_dn.contains(",")) { // Look for a POSIX account with anonymous bind and the specified account name @@ -304,7 +299,6 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout); else { retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); } -printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout); if (retcode != LDAP_SUCCESS ) { if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND)); @@ -322,7 +316,6 @@ printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout); } int LDAPManager::unbind(bool force, TQString* errstr) { -printf("[RAJA DEBUG 601.0] In LDAPManager::unbind()\n\r"); fflush(stdout); if (!m_ldap) { return 0; } @@ -349,7 +342,6 @@ LDAPUserInfo LDAPManager::parseLDAPUserRecord(LDAPMessage* entry) { LDAPUserInfo userinfo; if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { - printf("Returned dn: %s\n", dn); userinfo.distinguishedName = dn; TQStringList dnParts = TQStringList::split(",", dn); TQString id = dnParts[0]; @@ -362,7 +354,6 @@ LDAPUserInfo LDAPManager::parseLDAPUserRecord(LDAPMessage* entry) { for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { -printf("[RAJA DEBUG 100.3] %s: %s\n\r", attr, vals[i]->bv_val); userinfo.informationValid = true; TQString ldap_field = attr; i=0; @@ -564,22 +555,18 @@ printf("[RAJA DEBUG 100.3] %s: %s\n\r", attr, vals[i]->bv_val); ber_free(ber, 0); } - printf("\n\r"); - return userinfo; } LDAPUserInfoList LDAPManager::users(int* mretcode) { int retcode; LDAPUserInfoList users; -printf("[RAJA DEBUG 100.0] In LDAPManager::users()\n\r"); fflush(stdout); if (bind() < 0) { if (mretcode) *mretcode = -1; return LDAPUserInfoList(); } else { -printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(stdout); LDAPMessage* msg; TQString ldap_base_dn = m_basedc; TQString ldap_filter = "(objectClass=posixAccount)"; @@ -590,8 +577,6 @@ printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(std return LDAPUserInfoList(); } -printf("[RAJA DEBUG 100.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); - // Iterate through the returned entries LDAPMessage* entry; for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { @@ -865,14 +850,14 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) { } LDAPCredentials admincreds = currentLDAPCredentials(); - - // RAJA FIXME - // How to handle GSSAPI auth? - // We can't really at this point - // GSSAPI and friends ONLY WORK if 'kinit -S kadmin/admin' was run after the inital TGT was granted - // What we need is a proper ticket management system - // Also, why doesn't 'kgetcred kadmin/admin' work? - // For now, let's just prompt for the password if admincreds.password == "" + if ((admincreds.username == "") && (admincreds.password == "")) { + // Probably GSSAPI + // Get active ticket principal... + KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList(); + TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false); + admincreds.username = principalParts[0]; + admincreds.realm = principalParts[1]; + } TQCString command = "kadmin"; QCStringList args; @@ -880,7 +865,12 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) { args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper()); } else { - args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper()); + if (admincreds.username == "") { + args << TQCString("-r") << TQCString(admincreds.realm.upper()); + } + else { + args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper()); + } } TQString prompt; @@ -905,10 +895,19 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) { prompt = prompt.stripWhiteSpace(); } if (prompt.endsWith(" Password:")) { - kadminProc.writeLine(admincreds.password, true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = kadminProc.readLine(true); - prompt = prompt.stripWhiteSpace(); + if (admincreds.password == "") { + TQCString password; + int result = KPasswordDialog::getPassword(password, prompt); + if (result == KPasswordDialog::Accepted) { + admincreds.password = password; + } + } + if (admincreds.password != "") { + kadminProc.writeLine(admincreds.password, true); + prompt = kadminProc.readLine(true); // Discard our own input + prompt = kadminProc.readLine(true); + prompt = prompt.stripWhiteSpace(); + } } if (prompt != "kadmin>") { if (errstr) *errstr = prompt; @@ -1539,7 +1538,6 @@ LDAPGroupInfo LDAPManager::parseLDAPGroupRecord(LDAPMessage* entry) { LDAPGroupInfo groupinfo; if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { - printf("Returned dn: %s\n", dn); groupinfo.distinguishedName = dn; TQStringList dnParts = TQStringList::split(",", dn); TQString id = dnParts[0]; @@ -1552,9 +1550,6 @@ LDAPGroupInfo LDAPManager::parseLDAPGroupRecord(LDAPMessage* entry) { for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { -for(i = 0; vals[i] != NULL; i++) { - printf("[RAJA DEBUG 110.3] %s: %s\n\r", attr, vals[i]->bv_val); -} groupinfo.informationValid = true; TQString ldap_field = attr; i=0; @@ -1587,8 +1582,6 @@ for(i = 0; vals[i] != NULL; i++) { ber_free(ber, 0); } - printf("\n\r"); - return groupinfo; } @@ -1602,7 +1595,6 @@ LDAPMachineInfo LDAPManager::parseLDAPMachineRecord(LDAPMessage* entry) { LDAPMachineInfo machineinfo; if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { - printf("Returned dn: %s\n", dn); machineinfo.distinguishedName = dn; TQStringList dnParts = TQStringList::split(",", dn); TQString id = dnParts[0]; @@ -1616,9 +1608,6 @@ LDAPMachineInfo LDAPManager::parseLDAPMachineRecord(LDAPMessage* entry) { for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { -for(i = 0; vals[i] != NULL; i++) { - printf("[RAJA DEBUG 120.3] %s: %s\n\r", attr, vals[i]->bv_val); -} machineinfo.informationValid = true; TQString ldap_field = attr; i=0; @@ -1640,22 +1629,18 @@ for(i = 0; vals[i] != NULL; i++) { ber_free(ber, 0); } - printf("\n\r"); - return machineinfo; } LDAPGroupInfoList LDAPManager::groups(int* mretcode) { int retcode; LDAPGroupInfoList groups; -printf("[RAJA DEBUG 110.0] In LDAPManager::groups()\n\r"); fflush(stdout); if (bind() < 0) { if (mretcode) *mretcode = -1; return LDAPGroupInfoList(); } else { -printf("[RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK\n\r"); fflush(stdout); LDAPMessage* msg; TQString ldap_base_dn = m_basedc; TQString ldap_filter = "(objectClass=posixGroup)"; @@ -1665,13 +1650,10 @@ printf("[RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK\n\r"); fflush(st if (mretcode) *mretcode = -1; return LDAPGroupInfoList(); } - -printf("[RAJA DEBUG 110.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); // Iterate through the returned entries LDAPMessage* entry; for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - // RAJA groups.append(parseLDAPGroupRecord(entry)); } @@ -1688,14 +1670,12 @@ printf("[RAJA DEBUG 110.2] The number of entries returned was %d\n\n", ldap_coun LDAPMachineInfoList LDAPManager::machines(int* mretcode) { int retcode; LDAPMachineInfoList machines; -printf("[RAJA DEBUG 120.0] In LDAPManager::machines()\n\r"); fflush(stdout); if (bind() < 0) { if (mretcode) *mretcode = -1; return LDAPMachineInfoList(); } else { -printf("[RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK\n\r"); fflush(stdout); LDAPMessage* msg; TQString ldap_base_dn = m_basedc; TQString ldap_filter = "(&(objectClass=krb5Principal)(uid=host/*))"; @@ -1705,8 +1685,6 @@ printf("[RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK\n\r"); fflush( if (mretcode) *mretcode = -1; return LDAPMachineInfoList(); } - -printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); // Iterate through the returned entries LDAPMessage* entry; @@ -1783,13 +1761,11 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at // Special method, used when creating a new Kerberos realm int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) { int retcode; -printf("[RAJA DEBUG 140.0] In LDAPManager::moveKerberosEntries()\n\r"); fflush(stdout); if (bind(errstr) < 0) { return -1; } else { -printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r"); fflush(stdout); LDAPMessage* msg; TQString ldap_base_dn = m_basedc; TQString ldap_filter = "(&(objectClass=krb5Principal)(!(objectClass=posixAccount)))"; @@ -1798,8 +1774,6 @@ printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); return -1; } - -printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); // Iterate through the returned entries LDAPMessage* entry; @@ -1811,7 +1785,6 @@ printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_coun if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { TQStringList dnParts = TQStringList::split(",", dn); TQString id = dnParts[0]; -printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.ascii(), newSuffix.ascii()); fflush(stdout); retcode = ldap_rename_s(m_ldap, dn, id, newSuffix, 0, NULL, NULL); if (retcode != LDAP_SUCCESS) { if (errstr) *errstr = i18n("LDAP rename failure<p>Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); @@ -1893,15 +1866,11 @@ LDAPTDEBuiltinsInfo LDAPManager::parseLDAPTDEBuiltinsRecord(LDAPMessage* entry) LDAPTDEBuiltinsInfo builtininfo; if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { - printf("Returned dn: %s\n", dn); ldap_memfree(dn); } for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { -for(i = 0; vals[i] != NULL; i++) { - printf("[RAJA DEBUG 160.3] %s: %s\n\r", attr, vals[i]->bv_val); -} builtininfo.informationValid = true; TQString ldap_field = attr; i=0; @@ -1926,8 +1895,6 @@ for(i = 0; vals[i] != NULL; i++) { ber_free(ber, 0); } - printf("\n\r"); - return builtininfo; } |