diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 0176bbe..2088d2e 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -1458,6 +1458,18 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group, TQString *errstr) { } } +// FIXME +int LDAPManager::updateMachineInfo(LDAPMachineInfo group, TQString *errstr) { + if (errstr) *errstr = i18n("Not implemented yet!"); + return -1; +} + +// FIXME +int LDAPManager::updateServiceInfo(LDAPServiceInfo group, TQString *errstr) { + if (errstr) *errstr = i18n("Not implemented yet!"); + return -1; +} + int LDAPManager::addUserInfo(LDAPUserInfo user, TQString *errstr) { int retcode; int i; @@ -1601,6 +1613,133 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) { } } +int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) { + LDAPGroupInfo machineinfo; + + if (bind() < 0) { + return -1; + } + else { + // Use Kerberos kadmin to actually add the machine + LDAPCredentials admincreds = currentLDAPCredentials(); + if ((admincreds.username == "") && (admincreds.password == "")) { + // Probably GSSAPI + // Get active ticket principal... + KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList(); + TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false); + admincreds.username = principalParts[0]; + admincreds.realm = principalParts[1]; + } + + TQCString command = "kadmin"; + QCStringList args; + if (m_host.startsWith("ldapi://")) { + args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper()); + } + else { + if (admincreds.username == "") { + args << TQCString("-r") << TQCString(admincreds.realm.upper()); + } + else { + args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper()); + } + } + + TQString hoststring = "host/"+machine.name+"."+admincreds.realm.lower(); + + TQString prompt; + PtyProcess kadminProc; + kadminProc.exec(command, args); + prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = prompt.stripWhiteSpace(); + if (prompt == "kadmin>") { + if (machine.newPassword == "") { + command = TQCString("ank --random-key "+hoststring); + } + else { + command = TQCString("ank --password=\""+machine.newPassword+"\" "+hoststring); + } + kadminProc.enableLocalEcho(false); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); + prompt = prompt.stripWhiteSpace(); + // Use all defaults + while (prompt != "kadmin>") { + if (prompt.endsWith(" Password:")) { + if (admincreds.password == "") { + if (tqApp->type() != TQApplication::Tty) { + TQCString password; + int result = KPasswordDialog::getPassword(password, prompt); + if (result == KPasswordDialog::Accepted) { + admincreds.password = password; + } + } + else { + TQFile file; + file.open(IO_ReadOnly, stdin); + TQTextStream qtin(&file); + admincreds.password = qtin.readLine(); + } + } + if (admincreds.password != "") { + kadminProc.enableLocalEcho(false); + kadminProc.writeLine(admincreds.password, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == ""); + prompt = prompt.stripWhiteSpace(); + } + } + if (prompt.contains("authentication failed")) { + if (errstr) *errstr = detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); + kadminProc.writeLine("quit", true); + return 1; + } + else { + // Extract whatever default is in the [brackets] and feed it back to kadmin + TQString defaultParam; + int leftbracket = prompt.find("["); + int rightbracket = prompt.find("]"); + if ((leftbracket >= 0) && (rightbracket >= 0)) { + leftbracket++; + defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket); + } + command = TQCString(defaultParam); + kadminProc.enableLocalEcho(false); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); + prompt = prompt.stripWhiteSpace(); + } + } + if (prompt != "kadmin>") { + if (errstr) *errstr = detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); + kadminProc.writeLine("quit", true); + return 1; + } + + // Success! + kadminProc.enableLocalEcho(false); + kadminProc.writeLine("quit", true); + unbind(true); // Using kadmin can disrupt our LDAP connection + + return 0; + } + + if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed."; + return 1; // Failure + + } +} + int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) { LDAPGroupInfo serviceinfo; diff --git a/src/libtdeldap.h b/src/libtdeldap.h index a6d47b4..f6b5e54 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -320,6 +320,7 @@ class LDAPMachineInfo TQString creatorsName; TQString name; + TQString newPassword; bool tde_builtin_account; LDAPKRB5Flags status; // Default is 126 [KRB5_MACHINE_ACCOUNT_DEFAULT] }; @@ -408,8 +409,11 @@ class LDAPManager : public TQObject { LDAPGroupInfo getGroupByDistinguishedName(TQString dn, TQString *errstr=0); int updateUserInfo(LDAPUserInfo user, TQString *errstr=0); int updateGroupInfo(LDAPGroupInfo group, TQString *errstr=0); + int updateMachineInfo(LDAPMachineInfo group, TQString *errstr=0); + int updateServiceInfo(LDAPServiceInfo group, TQString *errstr=0); int addUserInfo(LDAPUserInfo user, TQString *errstr=0); int addGroupInfo(LDAPGroupInfo group, TQString *errstr=0); + int addMachineInfo(LDAPMachineInfo machine, TQString *errstr=0); int addServiceInfo(LDAPServiceInfo service, TQString *errstr=0); int deleteUserInfo(LDAPUserInfo user, TQString *errstr=0); int deleteGroupInfo(LDAPGroupInfo group, TQString *errstr=0);