TDE
/
libtdeldap
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/libtdeldap
0
0
Fork 0
Code Issues Releases Wiki Activity

Add kerberos rename method for RC setup

Browse Source
pull/1/head
Timothy Pearson 12 years ago
parent 732baa0f27
commit fb7be0231c
2 changed files with 103 additions and 20 deletions
Show Stats Download Patch File Download Diff File

116
src/libtdeldap.cpp
Unescape View File

@ -28,6 +28,7 @@
#include <sys/time.h>
#include "libtdeldap.h"
#include "ldaplogindlg.h"
#include "ldappasswddlg.h"
#define LDAP_INSECURE_PORT 389
@ -43,6 +44,12 @@ LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const
m_basedc = "dc=" + domainChunks.join(",dc=");
}
LDAPManager::LDAPManager(TQString realm, TQString host, LDAPCredentials* creds, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(creds), m_ldap(0)
{
TQStringList domainChunks = TQStringList::split(".", realm.lower());
m_basedc = "dc=" + domainChunks.join(",dc=");
}
LDAPManager::~LDAPManager() {
unbind(true);
}
@ -64,7 +71,7 @@ LDAPCredentials LDAPManager::currentLDAPCredentials() {
}
}
int LDAPManager::bind() {
int LDAPManager::bind(TQString* errstr) {
printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
if (m_ldap) {
return 0;
@ -81,15 +88,18 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
m_port = LDAP_INSECURE_PORT;
uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port);
}
printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout);
int retcode = ldap_initialize(&m_ldap, uri.ascii());
if (retcode < 0) {
KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
retcode = ldap_set_option(m_ldap, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version);
if (retcode != LDAP_OPT_SUCCESS) {
KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
@ -97,15 +107,26 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
LDAPPasswordDialog passdlg(0);
passdlg.m_base->ldapAdminRealm->setEnabled(false);
passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
if (passdlg.exec() == TQDialog::Accepted) {
bool havepass = false;
if (m_creds) {
havepass = true;
}
else {
if (passdlg.exec() == TQDialog::Accepted) {
havepass = true;
}
}
if (havepass == true) {
char* mechanism = NULL;
struct berval cred;
TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text();
TQCString pass = passdlg.m_base->ldapAdminPassword->password();
if (!m_creds) m_creds = new LDAPCredentials();
m_creds->username = passdlg.m_base->ldapAdminUsername->text();
m_creds->password = passdlg.m_base->ldapAdminPassword->password();
m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
if (!m_creds) {
m_creds = new LDAPCredentials();
m_creds->username = passdlg.m_base->ldapAdminUsername->text();
m_creds->password = passdlg.m_base->ldapAdminPassword->password();
m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
}
TQString ldap_dn = m_creds->username;
TQCString pass = m_creds->password;
cred.bv_val = pass.data();
cred.bv_len = pass.length();
@ -123,12 +144,14 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
}
int retcode = ldap_initialize(&ldapconn, uri.ascii());
if (retcode < 0) {
KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
retcode = ldap_set_option(ldapconn, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version);
if (retcode != LDAP_OPT_SUCCESS) {
KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
struct berval anoncred;
@ -142,7 +165,8 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
TQString ldap_filter = TQString("(&(objectclass=posixAccount)(uid=%1))").arg(passdlg.m_base->ldapAdminUsername->text());
retcode = ldap_search_ext_s(ldapconn, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), NULL, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
}
else {
// Iterate through the returned entries
@ -164,9 +188,11 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
}
retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout);
if (retcode != LDAP_SUCCESS ) {
KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
@ -179,15 +205,16 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout);
return -3;
}
int LDAPManager::unbind(bool force) {
printf("[RAJA DEBUG 600.1] In LDAPManager::unbind()\n\r"); fflush(stdout);
int LDAPManager::unbind(bool force, TQString* errstr) {
printf("[RAJA DEBUG 601.0] In LDAPManager::unbind()\n\r"); fflush(stdout);
if (!m_ldap) {
return 0;
}
int retcode = ldap_unbind_ext_s(m_ldap, NULL, NULL);
if ((retcode < 0) && (force == false)) {
KMessageBox::error(0, i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!"));
if (errstr) *errstr = i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!"));
return retcode;
}
else {
@ -716,6 +743,8 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group) {
completeGroupList.prepend(placeholderGroup);
}
add_multiple_attributes_operation(mods, &i, "member", completeGroupList);
// RAJA FIXME
// Also populate memberUid attribute from the above list (minus the cn=,dc=... stuff, i.e. just the username)
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
@ -1114,7 +1143,6 @@ printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_coun
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
// RAJA
machines.append(parseLDAPMachineRecord(entry));
}
@ -1127,6 +1155,58 @@ printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_coun
return LDAPMachineInfoList();
}
// Special method, used when creating a new Kerberos realm
int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
int retcode;
printf("[RAJA DEBUG 140.0] In LDAPManager::moveKerberosEntries()\n\r"); fflush(stdout);
if (bind(errstr) < 0) {
return -1;
}
else {
printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(&(objectClass=krb5Principal)(!(objectClass=posixAccount)))";
retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -1;
}
printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
// RAJA
char* dn = NULL;
LDAPMachineInfo machineinfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
int equalsPos = id.find("=");
id.remove(0,id+1);
printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.ascii(), newSuffix.ascii()); fflush(stdout);
retcode = ldap_rename_s(m_ldap, dn, id, newSuffix, 0, NULL, NULL);
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("LDAP rename failure<p>Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode));
return -1;
}
}
}
// clean up
ldap_msgfree(msg);
return 0;
}
return -1;
}
// ===============================================================================================================
//
// DATA CLASS CONSTRUCTORS AND DESTRUCTORS

7
src/libtdeldap.h
Unescape View File

@ -186,12 +186,13 @@ class LDAPManager : public TQObject {
public:
LDAPManager(TQString realm, TQString host, TQObject *parent=0, const char *name=0);
LDAPManager(TQString realm, TQString host, LDAPCredentials* creds, TQObject *parent=0, const char *name=0);
~LDAPManager();
TQString realm();
TQString basedn();
int bind();
int unbind(bool force);
int bind(TQString* errstr=0);
int unbind(bool force, TQString* errstr=0);
LDAPUserInfoList users();
LDAPGroupInfoList groups();
LDAPMachineInfoList machines();
@ -207,6 +208,8 @@ class LDAPManager : public TQObject {
LDAPCredentials currentLDAPCredentials();
int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
private:
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);

Write Preview
Loading…
Cancel
Save