From fb7be0231c63a621beab13d893ce587c8cdc82fb Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sat, 2 Jun 2012 17:03:13 -0500 Subject: [PATCH] Add kerberos rename method for RC setup --- src/libtdeldap.cpp | 116 ++++++++++++++++++++++++++++++++++++++------- src/libtdeldap.h | 7 ++- 2 files changed, 103 insertions(+), 20 deletions(-) diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index af20e0e..680a81f 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -28,6 +28,7 @@ #include #include "libtdeldap.h" +#include "ldaplogindlg.h" #include "ldappasswddlg.h" #define LDAP_INSECURE_PORT 389 @@ -43,6 +44,12 @@ LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const m_basedc = "dc=" + domainChunks.join(",dc="); } +LDAPManager::LDAPManager(TQString realm, TQString host, LDAPCredentials* creds, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(creds), m_ldap(0) +{ + TQStringList domainChunks = TQStringList::split(".", realm.lower()); + m_basedc = "dc=" + domainChunks.join(",dc="); +} + LDAPManager::~LDAPManager() { unbind(true); } @@ -64,7 +71,7 @@ LDAPCredentials LDAPManager::currentLDAPCredentials() { } } -int LDAPManager::bind() { +int LDAPManager::bind(TQString* errstr) { printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); if (m_ldap) { return 0; @@ -81,15 +88,18 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); m_port = LDAP_INSECURE_PORT; uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port); } +printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout); int retcode = ldap_initialize(&m_ldap, uri.ascii()); if (retcode < 0) { - KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + if (errstr) *errstr = i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); return -1; } retcode = ldap_set_option(m_ldap, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version); if (retcode != LDAP_OPT_SUCCESS) { - KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + if (errstr) *errstr = i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); return -1; } @@ -97,15 +107,26 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); LDAPPasswordDialog passdlg(0); passdlg.m_base->ldapAdminRealm->setEnabled(false); passdlg.m_base->ldapAdminRealm->insertItem(m_realm); - if (passdlg.exec() == TQDialog::Accepted) { + bool havepass = false; + if (m_creds) { + havepass = true; + } + else { + if (passdlg.exec() == TQDialog::Accepted) { + havepass = true; + } + } + if (havepass == true) { char* mechanism = NULL; struct berval cred; - TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text(); - TQCString pass = passdlg.m_base->ldapAdminPassword->password(); - if (!m_creds) m_creds = new LDAPCredentials(); - m_creds->username = passdlg.m_base->ldapAdminUsername->text(); - m_creds->password = passdlg.m_base->ldapAdminPassword->password(); - m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText(); + if (!m_creds) { + m_creds = new LDAPCredentials(); + m_creds->username = passdlg.m_base->ldapAdminUsername->text(); + m_creds->password = passdlg.m_base->ldapAdminPassword->password(); + m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText(); + } + TQString ldap_dn = m_creds->username; + TQCString pass = m_creds->password; cred.bv_val = pass.data(); cred.bv_len = pass.length(); @@ -123,12 +144,14 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); } int retcode = ldap_initialize(&ldapconn, uri.ascii()); if (retcode < 0) { - KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + if (errstr) *errstr = i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); return -1; } retcode = ldap_set_option(ldapconn, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version); if (retcode != LDAP_OPT_SUCCESS) { - KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + if (errstr) *errstr = i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); return -1; } struct berval anoncred; @@ -142,7 +165,8 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); TQString ldap_filter = TQString("(&(objectclass=posixAccount)(uid=%1))").arg(passdlg.m_base->ldapAdminUsername->text()); retcode = ldap_search_ext_s(ldapconn, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), NULL, 0, NULL, NULL, NULL, 0, &msg); if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + if (errstr) *errstr = i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); } else { // Iterate through the returned entries @@ -164,9 +188,11 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); } retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); +printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout); if (retcode != LDAP_SUCCESS ) { - KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); + if (errstr) *errstr = i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("Unable to connect to LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); return -1; } @@ -179,15 +205,16 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); return -3; } -int LDAPManager::unbind(bool force) { -printf("[RAJA DEBUG 600.1] In LDAPManager::unbind()\n\r"); fflush(stdout); +int LDAPManager::unbind(bool force, TQString* errstr) { +printf("[RAJA DEBUG 601.0] In LDAPManager::unbind()\n\r"); fflush(stdout); if (!m_ldap) { return 0; } int retcode = ldap_unbind_ext_s(m_ldap, NULL, NULL); if ((retcode < 0) && (force == false)) { - KMessageBox::error(0, i18n("Unable to disconnect from LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!")); + if (errstr) *errstr = i18n("Unable to disconnect from LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("Unable to disconnect from LDAP server %1 on port %2

Reason: [%3] %4").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!")); return retcode; } else { @@ -716,6 +743,8 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group) { completeGroupList.prepend(placeholderGroup); } add_multiple_attributes_operation(mods, &i, "member", completeGroupList); + // RAJA FIXME + // Also populate memberUid attribute from the above list (minus the cn=,dc=... stuff, i.e. just the username) LDAPMod *prevterm = mods[i]; mods[i] = NULL; @@ -1114,7 +1143,6 @@ printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_coun // Iterate through the returned entries LDAPMessage* entry; for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - // RAJA machines.append(parseLDAPMachineRecord(entry)); } @@ -1127,6 +1155,58 @@ printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_coun return LDAPMachineInfoList(); } +// Special method, used when creating a new Kerberos realm +int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) { + int retcode; +printf("[RAJA DEBUG 140.0] In LDAPManager::moveKerberosEntries()\n\r"); fflush(stdout); + + if (bind(errstr) < 0) { + return -1; + } + else { +printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r"); fflush(stdout); + LDAPMessage* msg; + TQString ldap_base_dn = m_basedc; + TQString ldap_filter = "(&(objectClass=krb5Principal)(!(objectClass=posixAccount)))"; + retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); + if (retcode != LDAP_SUCCESS) { + KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -1; + } + +printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); + + // Iterate through the returned entries + LDAPMessage* entry; + for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { + // RAJA + char* dn = NULL; + + LDAPMachineInfo machineinfo; + + if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { + TQStringList dnParts = TQStringList::split(",", dn); + TQString id = dnParts[0]; + int equalsPos = id.find("="); + id.remove(0,id+1); +printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.ascii(), newSuffix.ascii()); fflush(stdout); + retcode = ldap_rename_s(m_ldap, dn, id, newSuffix, 0, NULL, NULL); + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("LDAP rename failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); + return -1; + } + } + } + + // clean up + ldap_msgfree(msg); + + return 0; + } + + return -1; +} + // =============================================================================================================== // // DATA CLASS CONSTRUCTORS AND DESTRUCTORS diff --git a/src/libtdeldap.h b/src/libtdeldap.h index a1369a1..208a43e 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -186,12 +186,13 @@ class LDAPManager : public TQObject { public: LDAPManager(TQString realm, TQString host, TQObject *parent=0, const char *name=0); + LDAPManager(TQString realm, TQString host, LDAPCredentials* creds, TQObject *parent=0, const char *name=0); ~LDAPManager(); TQString realm(); TQString basedn(); - int bind(); - int unbind(bool force); + int bind(TQString* errstr=0); + int unbind(bool force, TQString* errstr=0); LDAPUserInfoList users(); LDAPGroupInfoList groups(); LDAPMachineInfoList machines(); @@ -207,6 +208,8 @@ class LDAPManager : public TQObject { LDAPCredentials currentLDAPCredentials(); + int moveKerberosEntries(TQString newSuffix, TQString* errstr=0); + private: LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry); LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);