summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/libtdeldap.cpp138
-rw-r--r--src/libtdeldap.h1
2 files changed, 13 insertions, 126 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index e341ce2..93ec360 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -1842,7 +1842,7 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) {
}
}
-int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
+int LDAPManager::kAdminAddNewPrincipal(TQString principalName, TQString newPassword, TQString *errstr) {
if (bind() < 0) {
return -1;
}
@@ -1856,17 +1856,14 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
if (retcode == 0) {
retcode = 1;
bool generate_password;
- if (machine.newPassword == "") {
+ if (newPassword == "") {
generate_password = true;
}
else {
generate_password = false;
- password = strdup(machine.newPassword.data());
+ password = strdup(newPassword.ascii());
}
- LDAPCredentials admincreds = currentLDAPCredentials(true);
- TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower();
-
// Construct and add new principal record
kadm5_principal_ent_rec principal_record;
kadm5_principal_ent_rec default_record;
@@ -1875,7 +1872,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
int mask = 0;
memset(&principal_record, 0, sizeof(principal_record));
- krb5adm_ret = krb5_parse_name(m_krb5admContext, hoststring.ascii(), &principal_entry);
+ krb5adm_ret = krb5_parse_name(m_krb5admContext, principalName.ascii(), &principal_entry);
if (krb5adm_ret) {
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_parse_name (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
@@ -1989,126 +1986,15 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
}
}
-int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
- if (bind() < 0) {
- return -1;
- }
- else {
- // Use Kerberos kadmin to actually add the service
- LDAPCredentials admincreds = currentLDAPCredentials();
- if ((admincreds.username == "") && (admincreds.password == "")) {
- // Probably GSSAPI
- // Get active ticket principal...
- KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
- TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
- admincreds.username = principalParts[0];
- admincreds.realm = principalParts[1];
- admincreds.use_gssapi = true;
- }
-
- TQCString command = "kadmin";
- QCStringList args;
- if (m_host.startsWith("ldapi://")) {
- args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
- }
- else {
- if (admincreds.username == "") {
- args << TQCString("-r") << TQCString(admincreds.realm.upper());
- }
- else {
- args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
- }
- }
-
- TQString hoststring = service.name+"/"+service.machine;
-
- TQString prompt;
- PtyProcess kadminProc;
- kadminProc.exec(command, args);
- prompt = readFullLineFromPtyProcess(&kadminProc);
- prompt = prompt.stripWhiteSpace();
- if (prompt == "kadmin>") {
- command = TQCString("ank --random-key "+hoststring);
- kadminProc.enableLocalEcho(false);
- kadminProc.writeLine(command, true);
- do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
- printf("(kadmin) '%s'\n", prompt.ascii());
- } while ((prompt == TQString(command)) || (prompt == ""));
- prompt = prompt.stripWhiteSpace();
- // Use all defaults
- while (prompt != "kadmin>") {
- if (prompt.endsWith(" Password:")) {
- if (admincreds.password == "") {
- if (tqApp->type() != TQApplication::Tty) {
- TQCString password;
- int result = KPasswordDialog::getPassword(password, prompt);
- if (result == KPasswordDialog::Accepted) {
- admincreds.password = password;
- }
- }
- else {
- TQFile file;
- file.open(IO_ReadOnly, stdin);
- TQTextStream qtin(&file);
- admincreds.password = qtin.readLine();
- }
- }
- if (admincreds.password != "") {
- kadminProc.enableLocalEcho(false);
- kadminProc.writeLine(admincreds.password, true);
- do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
- printf("(kadmin) '%s'\n", prompt.ascii());
- } while (prompt == "");
- prompt = prompt.stripWhiteSpace();
- }
- }
- if (prompt.contains("authentication failed")) {
- if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
- kadminProc.enableLocalEcho(false);
- kadminProc.writeLine("quit", true);
- return 1;
- }
- else {
- // Extract whatever default is in the [brackets] and feed it back to kadmin
- TQString defaultParam;
- int leftbracket = prompt.find("[");
- int rightbracket = prompt.find("]");
- if ((leftbracket >= 0) && (rightbracket >= 0)) {
- leftbracket++;
- defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
- }
- command = TQCString(defaultParam);
- kadminProc.enableLocalEcho(false);
- kadminProc.writeLine(command, true);
- do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
- printf("(kadmin) '%s'\n", prompt.ascii());
- } while ((prompt == TQString(command)) || (prompt == ""));
- prompt = prompt.stripWhiteSpace();
- }
- }
- if (prompt != "kadmin>") {
- if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
- kadminProc.enableLocalEcho(false);
- kadminProc.writeLine("quit", true);
- return 1;
- }
-
- // Success!
- kadminProc.enableLocalEcho(false);
- kadminProc.writeLine("quit", true);
- unbind(true); // Using kadmin can disrupt our LDAP connection
-
- // Move Kerberos entries
- return moveKerberosEntries("o=kerberos,cn=kerberos control,ou=master services,ou=core,ou=realm," + m_basedc, errstr);
- }
-
- if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
- return 1; // Failure
+int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
+ LDAPCredentials admincreds = currentLDAPCredentials(true);
+ TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower();
+ return kAdminAddNewPrincipal(hoststring, machine.newPassword, errstr);
+}
- }
+int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
+ TQString hoststring = service.name + "/" + service.machine;
+ return kAdminAddNewPrincipal(hoststring, TQString::null, errstr);
}
int LDAPManager::deleteUserInfo(LDAPUserInfo user, TQString *errstr) {
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index d91766f..a62c429 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -591,6 +591,7 @@ class LDAPManager : public TQObject {
private:
int bindKAdmin(TQString *errstr=0);
int unbindKAdmin(TQString *errstr=0);
+ int kAdminAddNewPrincipal(TQString principalName, TQString newPassword, TQString *errstr=0);
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);
LDAPMachineInfo parseLDAPMachineRecord(LDAPMessage* entry);