You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
libtdeldap/src/libtdeldap.cpp

1526 lines
51 KiB

/***************************************************************************
* Copyright (C) 2012 by Timothy Pearson *
* kb9vqf@pearsoncomputing.net *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <tqfile.h>
#include <klocale.h>
#include <kmessagebox.h>
#include <klineedit.h>
#include <kpassdlg.h>
#include <ksimpleconfig.h>
#include <ldap.h>
#include <stdlib.h>
#include <sys/time.h>
#include "libtdeldap.h"
#include "ldaplogindlg.h"
#include "ldappasswddlg.h"
#define LDAP_INSECURE_PORT 389
#define LDAP_SECURE_PORT 636
// FIXME
// Connect this to CMake/Automake
#define KDE_CONFDIR "/etc/trinity"
#define LDAP_FILE "/etc/ldap.conf"
int requested_ldap_version = LDAP_VERSION3;
int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection?
char* ldap_user_and_operational_attributes[2] = {"*", "+"};
enum ErrorCauseLocation {
ERRORCAUSE_LOCATION_BIND = 0
};
LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(0), m_ldap(0)
{
TQStringList domainChunks = TQStringList::split(".", realm.lower());
m_basedc = "dc=" + domainChunks.join(",dc=");
}
LDAPManager::LDAPManager(TQString realm, TQString host, LDAPCredentials* creds, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(creds), m_ldap(0)
{
TQStringList domainChunks = TQStringList::split(".", realm.lower());
m_basedc = "dc=" + domainChunks.join(",dc=");
}
LDAPManager::~LDAPManager() {
unbind(true);
}
TQString LDAPManager::basedn() {
return m_basedc;
}
TQString LDAPManager::realm() {
return m_realm;
}
LDAPCredentials LDAPManager::currentLDAPCredentials() {
if (m_creds) {
return *m_creds;
}
else {
return LDAPCredentials();
}
}
TQString ldapLikelyErrorCause(int errcode, int location) {
TQString ret;
if (location == ERRORCAUSE_LOCATION_BIND) {
if (LDAP_NAME_ERROR(errcode)) {
ret = "Unknown user name or incorrect user name format";
}
}
if (ret != "") {
ret.prepend("<p>" + i18n("Likely cause") + ":<br>");
}
return ret;
}
int LDAPManager::bind(TQString* errstr) {
printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout);
if (m_ldap) {
return 0;
}
int use_secure_connection = 0;
TQString uri;
if (m_host.contains("://")) {
uri = m_host;
if (!m_creds) {
m_creds = new LDAPCredentials();
m_creds->username = "";
m_creds->password = "";
m_creds->realm = m_realm;
}
}
else {
if (use_secure_connection == 1) {
m_port = LDAP_SECURE_PORT;
uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
}
else {
m_port = LDAP_INSECURE_PORT;
uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port);
}
}
printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout);
int retcode = ldap_initialize(&m_ldap, uri.ascii());
if (retcode < 0) {
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND)), i18n("Unable to connect to server!"));
return -1;
}
retcode = ldap_set_option(m_ldap, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version);
if (retcode != LDAP_OPT_SUCCESS) {
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND)), i18n("Unable to connect to server!"));
return -1;
}
printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
TQString errorString;
bool havepass = false;
if (m_creds) {
havepass = true;
}
else {
printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
LDAPPasswordDialog passdlg(0);
passdlg.m_base->ldapAdminRealm->setEnabled(false);
passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
if (passdlg.exec() == TQDialog::Accepted) {
havepass = true;
if (!m_creds) {
m_creds = new LDAPCredentials();
m_creds->username = passdlg.m_base->ldapAdminUsername->text();
m_creds->password = passdlg.m_base->ldapAdminPassword->password();
m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
}
}
}
if (havepass == true) {
char* mechanism = NULL;
struct berval cred;
TQString ldap_dn = m_creds->username;
TQCString pass = m_creds->password;
cred.bv_val = pass.data();
cred.bv_len = pass.length();
printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
if (!uri.startsWith("ldapi://")) {
if (!ldap_dn.contains(",")) {
// Look for a POSIX account with anonymous bind and the specified account name
TQString uri;
LDAP* ldapconn;
if (m_host.contains("://")) {
uri = m_host;
}
else {
if (use_secure_connection == 1) {
m_port = LDAP_SECURE_PORT;
uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
}
else {
m_port = LDAP_INSECURE_PORT;
uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port);
}
}
int retcode = ldap_initialize(&ldapconn, uri.ascii());
if (retcode < 0) {
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
retcode = ldap_set_option(ldapconn, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version);
if (retcode != LDAP_OPT_SUCCESS) {
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!"));
return -1;
}
struct berval anoncred;
anoncred.bv_val = "";
anoncred.bv_len = strlen("");
retcode = ldap_sasl_bind_s(ldapconn, "", mechanism, &anoncred, NULL, NULL, NULL);
if (retcode == LDAP_SUCCESS ) {
// Look for the DN for the specified user
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = TQString("(&(objectclass=posixAccount)(uid=%1))").arg(m_creds->username);
retcode = ldap_search_ext_s(ldapconn, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), NULL, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
}
else {
// Iterate through the returned entries
char* dn = NULL;
LDAPMessage* entry;
for(entry = ldap_first_entry(ldapconn, msg); entry != NULL; entry = ldap_next_entry(ldapconn, entry)) {
if((dn = ldap_get_dn(ldapconn, entry)) != NULL) {
ldap_dn = dn;
ldap_memfree(dn);
}
}
}
// clean up
ldap_msgfree(msg);
// All done!
ldap_unbind_ext_s(ldapconn, NULL, NULL);
}
}
}
retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout);
if (retcode != LDAP_SUCCESS ) {
if (errstr) *errstr = i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND));
else KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)).arg(ldapLikelyErrorCause(retcode, ERRORCAUSE_LOCATION_BIND)), i18n("Unable to connect to server!"));
return -1;
}
return 0;
}
else {
return -2;
}
return -3;
}
int LDAPManager::unbind(bool force, TQString* errstr) {
printf("[RAJA DEBUG 601.0] In LDAPManager::unbind()\n\r"); fflush(stdout);
if (!m_ldap) {
return 0;
}
int retcode = ldap_unbind_ext_s(m_ldap, NULL, NULL);
if ((retcode < 0) && (force == false)) {
if (errstr) *errstr = i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!"));
return retcode;
}
else {
m_ldap = 0;
}
return retcode;
}
LDAPUserInfo LDAPManager::parseLDAPUserRecord(LDAPMessage* entry) {
int i;
char* dn = NULL;
char* attr;
struct berval **vals;
BerElement* ber;
LDAPUserInfo userinfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
printf("Returned dn: %s\n", dn);
userinfo.distinguishedName = dn;
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
if (id.startsWith("uid=")) {
id = id.remove(0, 4);
userinfo.name = id;
}
ldap_memfree(dn);
}
for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
printf("[RAJA DEBUG 100.3] %s: %s\n\r", attr, vals[i]->bv_val);
userinfo.informationValid = true;
TQString ldap_field = attr;
i=0;
if (ldap_field == "creatorsName") {
userinfo.creatorsName = vals[i]->bv_val;
}
else if (ldap_field == "uidNumber") {
userinfo.uid = atoi(vals[i]->bv_val);
}
else if (ldap_field == "loginShell") {
userinfo.shell = vals[i]->bv_val;
}
else if (ldap_field == "homeDirectory") {
userinfo.homedir = vals[i]->bv_val;
}
else if (ldap_field == "gidNumber") {
userinfo.primary_gid = atoi(vals[i]->bv_val);
}
else if (ldap_field == "tdeBuiltinAccount") {
userinfo.tde_builtin_account = (TQString(vals[i]->bv_val).upper() == "TRUE")?true:false;
}
else if (ldap_field == "krb5KDCFlags") {
userinfo.status = (LDAPKRB5Flags)(atoi(vals[i]->bv_val));
}
else if (ldap_field == "createTimestamp") { // YYYYMMDD000000Z
TQString formattedDate = vals[i]->bv_val;
formattedDate.insert(4,"-");
formattedDate.insert(7,"-");
formattedDate.insert(10,"T");
formattedDate.insert(13,":");
formattedDate.insert(16,":");
formattedDate.remove(19, 1);
userinfo.account_created = TQDateTime::fromString(formattedDate, TQt::ISODate);
}
else if (ldap_field == "modifyTimestamp") { // YYYYMMDD000000Z
TQString formattedDate = vals[i]->bv_val;
formattedDate.insert(4,"-");
formattedDate.insert(7,"-");
formattedDate.insert(10,"T");
formattedDate.insert(13,":");
formattedDate.insert(16,":");
formattedDate.remove(19, 1);
userinfo.account_modified = TQDateTime::fromString(formattedDate, TQt::ISODate);
}
// FIXME
// These two attributes do not seem to be available with a Heimdal KDC
// userinfo.password_last_changed = vals[i]->bv_val;
// userinfo.password_expires = vals[i]->bv_val;
else if (ldap_field == "krb5PasswordEnd") { // YYYYMMDD000000Z
TQString formattedDate = vals[i]->bv_val;
formattedDate.insert(4,"-");
formattedDate.insert(7,"-");
formattedDate.insert(10,"T");
formattedDate.insert(13,":");
formattedDate.insert(16,":");
formattedDate.remove(19, 1);
userinfo.password_expiration = TQDateTime::fromString(formattedDate, TQt::ISODate);
}
// FIXME
// These six(!) attributes do not seem to be available with a Heimdal KDC
// userinfo.password_ages = vals[i]->bv_val;
// userinfo.new_password_interval = vals[i]->bv_val;
// userinfo.new_password_warn_interval = vals[i]->bv_val;
// userinfo.new_password_lockout_delay = vals[i]->bv_val;
// userinfo.password_has_minimum_age = vals[i]->bv_val;
// userinfo.password_minimum_age = vals[i]->bv_val;
else if (ldap_field == "krb5MaxLife") { // units: hours
userinfo.maximum_ticket_lifetime = atoi(vals[i]->bv_val);
}
else if (ldap_field == "cn") {
userinfo.commonName = vals[i]->bv_val;
}
else if (ldap_field == "givenName") {
userinfo.givenName = vals[i]->bv_val;
}
else if (ldap_field == "sn") {
userinfo.surName = vals[i]->bv_val;
}
else if (ldap_field == "initials") {
userinfo.initials = vals[i]->bv_val;
}
else if (ldap_field == "title") {
userinfo.title = vals[i]->bv_val;
}
else if (ldap_field == "mail") {
userinfo.email = vals[i]->bv_val;
}
else if (ldap_field == "description") {
userinfo.description = vals[i]->bv_val;
}
else if (ldap_field == "l") {
userinfo.locality = vals[i]->bv_val;
}
else if (ldap_field == "telephoneNumber") {
userinfo.telephoneNumber = vals[i]->bv_val;
}
else if (ldap_field == "facsimileTelephoneNumber") {
userinfo.faxNumber = vals[i]->bv_val;
}
else if (ldap_field == "homePhone") {
userinfo.homePhone = vals[i]->bv_val;
}
else if (ldap_field == "mobile") {
userinfo.mobilePhone = vals[i]->bv_val;
}
else if (ldap_field == "pager") {
userinfo.pagerNumber = vals[i]->bv_val;
}
else if (ldap_field == "websiteURL") {
userinfo.website = vals[i]->bv_val;
}
else if (ldap_field == "postOfficeBox") {
userinfo.poBox = vals[i]->bv_val;
}
else if (ldap_field == "street") {
userinfo.street = vals[i]->bv_val;
}
else if (ldap_field == "postalAddress") {
userinfo.address = vals[i]->bv_val;
}
else if (ldap_field == "st") {
userinfo.state = vals[i]->bv_val;
}
else if (ldap_field == "postalCode") {
userinfo.postcode = vals[i]->bv_val;
}
else if (ldap_field == "registeredAddress") {
userinfo.registeredAddress = vals[i]->bv_val;
}
else if (ldap_field == "homePostalAddress") {
userinfo.homeAddress = vals[i]->bv_val;
}
else if (ldap_field == "seeAlso") {
userinfo.seeAlso = vals[i]->bv_val;
}
else if (ldap_field == "physicalDeliveryOfficeName") {
userinfo.deliveryOffice = vals[i]->bv_val;
}
else if (ldap_field == "departmentNumber") {
userinfo.department = vals[i]->bv_val;
}
else if (ldap_field == "roomNumber") {
userinfo.roomNumber = vals[i]->bv_val;
}
else if (ldap_field == "employeeType") {
userinfo.employeeType = vals[i]->bv_val;
}
else if (ldap_field == "employeeNumber") {
userinfo.employeeNumber = vals[i]->bv_val;
}
else if (ldap_field == "managerName") {
userinfo.manager = vals[i]->bv_val;
}
else if (ldap_field == "secretaryName") {
userinfo.secretary = vals[i]->bv_val;
}
else if (ldap_field == "internationaliSDNNumber") {
userinfo.isdnNumber = vals[i]->bv_val;
}
else if (ldap_field == "teletexId") {
userinfo.teletexID = vals[i]->bv_val;
}
else if (ldap_field == "telexNumber") {
userinfo.telexNumber = vals[i]->bv_val;
}
else if (ldap_field == "preferredDelivery") {
userinfo.preferredDelivery = vals[i]->bv_val;
}
else if (ldap_field == "destinationIndicator") {
userinfo.destinationIndicator = vals[i]->bv_val;
}
else if (ldap_field == "x121Address") {
userinfo.x121Address = vals[i]->bv_val;
}
else if (ldap_field == "displayName") {
userinfo.displayName = vals[i]->bv_val;
}
else if (ldap_field == "preferredLanguage") {
userinfo.preferredLanguage = vals[i]->bv_val;
}
else if (ldap_field == "locallyUniqueID") {
userinfo.uniqueIdentifier = vals[i]->bv_val;
}
else if (ldap_field == "businessCategory") {
userinfo.businessCategory = vals[i]->bv_val;
}
else if (ldap_field == "carLicense") {
userinfo.carLicense = vals[i]->bv_val;
}
else if (ldap_field == "notes") {
userinfo.notes = vals[i]->bv_val;
}
ldap_value_free_len(vals);
}
ldap_memfree(attr);
}
if (ber != NULL) {
ber_free(ber, 0);
}
printf("\n\r");
return userinfo;
}
LDAPUserInfoList LDAPManager::users(int* mretcode) {
int retcode;
LDAPUserInfoList users;
printf("[RAJA DEBUG 100.0] In LDAPManager::users()\n\r"); fflush(stdout);
if (bind() < 0) {
if (mretcode) *mretcode = -1;
return LDAPUserInfoList();
}
else {
printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(objectClass=posixAccount)";
retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
if (mretcode) *mretcode = -1;
return LDAPUserInfoList();
}
printf("[RAJA DEBUG 100.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
users.append(parseLDAPUserRecord(entry));
}
// clean up
ldap_msgfree(msg);
if (mretcode) *mretcode = 0;
return users;
}
return LDAPUserInfoList();
}
LDAPUserInfo LDAPManager::getUserByDistinguishedName(TQString dn) {
int retcode;
LDAPUserInfo userinfo;
if (bind() < 0) {
return LDAPUserInfo();
}
else {
LDAPMessage* msg;
struct timeval timeout;
timeout.tv_sec = 10; // 10 second timeout
retcode = ldap_search_ext_s(m_ldap, dn.ascii(), LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, &timeout, 0, &msg);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return LDAPUserInfo();
}
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
userinfo = parseLDAPUserRecord(entry);
}
// clean up
ldap_msgfree(msg);
return userinfo;
}
return LDAPUserInfo();
}
LDAPGroupInfo LDAPManager::getGroupByDistinguishedName(TQString dn, TQString *errstr) {
int retcode;
LDAPGroupInfo groupinfo;
if (bind(errstr) < 0) {
return LDAPGroupInfo();
}
else {
LDAPMessage* msg;
struct timeval timeout;
timeout.tv_sec = 10; // 10 second timeout
retcode = ldap_search_ext_s(m_ldap, dn.ascii(), LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, &timeout, 0, &msg);
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return LDAPGroupInfo();
}
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
groupinfo = parseLDAPGroupRecord(entry);
}
// clean up
ldap_msgfree(msg);
return groupinfo;
}
return LDAPGroupInfo();
}
void create_single_attribute_operation(LDAPMod **mods, int *i, TQString attr, TQString value) {
if (value != "") {
char **values = (char**)malloc(2*sizeof(char*));
values[0] = strdup(value.ascii());
values[1] = NULL;
mods[*i]->mod_op = LDAP_MOD_ADD;
mods[*i]->mod_type = strdup(attr.ascii());
mods[*i]->mod_values = values;
(*i)++;
}
}
void create_multiple_attributes_operation(LDAPMod **mods, int *i, TQString attr, TQStringList strings) {
int j=0;
char **values = (char**)malloc((strings.count()+1)*sizeof(char*));
for ( TQStringList::Iterator it = strings.begin(); it != strings.end(); ++it ) {
if ((*it) != "") {
values[j] = strdup((*it).ascii());
j++;
}
}
values[j] = NULL;
mods[*i]->mod_op = LDAP_MOD_ADD;
mods[*i]->mod_type = strdup(attr.ascii());
mods[*i]->mod_values = values;
(*i)++;
}
void add_single_attribute_operation(LDAPMod **mods, int *i, TQString attr, TQString value) {
if (value != "") {
char **values = (char**)malloc(2*sizeof(char*));
values[0] = strdup(value.ascii());
values[1] = NULL;
mods[*i]->mod_op = LDAP_MOD_REPLACE;
mods[*i]->mod_type = strdup(attr.ascii());
mods[*i]->mod_values = values;
(*i)++;
}
}
void add_single_binary_attribute_operation(LDAPMod **mods, int *i, TQString attr, TQByteArray &ba) {
if (ba.size() > 0) {
struct berval **values = (berval**)malloc(2*sizeof(berval*));
values[0] = new berval;
values[0]->bv_len = ba.size();
values[0]->bv_val = ba.data();
values[1] = NULL;
mods[*i]->mod_op = LDAP_MOD_REPLACE|LDAP_MOD_BVALUES;
mods[*i]->mod_type = strdup(attr.ascii());
mods[*i]->mod_bvalues = values;
(*i)++;
}
}
void add_multiple_attributes_operation(LDAPMod **mods, int *i, TQString attr, TQStringList strings) {
int j=0;
char **values = (char**)malloc((strings.count()+1)*sizeof(char*));
for ( TQStringList::Iterator it = strings.begin(); it != strings.end(); ++it ) {
if ((*it) != "") {
values[j] = strdup((*it).ascii());
j++;
}
}
values[j] = NULL;
mods[*i]->mod_op = LDAP_MOD_REPLACE;
mods[*i]->mod_type = strdup(attr.ascii());
mods[*i]->mod_values = values;
(*i)++;
}
int LDAPManager::updateUserInfo(LDAPUserInfo user) {
int retcode;
int i;
LDAPUserInfo userinfo;
if (bind() < 0) {
return -1;
}
else {
// Assemble the LDAPMod structure
// We will replace any existing attributes with the new values
int number_of_parameters = 40; // 40 primary attributes
LDAPMod *mods[number_of_parameters+1];
for (i=0;i<number_of_parameters;i++) {
mods[i] = new LDAPMod;
mods[i]->mod_type = NULL;
mods[i]->mod_values = NULL;
}
mods[number_of_parameters] = NULL;
// Load LDAP modification requests from provided data structure
i=0;
add_single_attribute_operation(mods, &i, "uidNumber", TQString("%1").arg(user.uid));
add_single_attribute_operation(mods, &i, "loginShell", user.shell);
add_single_attribute_operation(mods, &i, "homeDirectory", user.homedir);
add_single_attribute_operation(mods, &i, "userPassword", "{SASL}" + user.name + "@" + m_realm.upper());
add_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(user.primary_gid));
add_single_attribute_operation(mods, &i, "krb5KDCFlags", TQString("%1").arg(user.status)); // Default active user is 586 [KRB5_ACTIVE_DEFAULT] and locked out user is 7586 [KRB5_DISABLED_ACCOUNT]
// add_single_attribute_operation(mods, &i, "", user.password_expires);
// add_single_attribute_operation(mods, &i, "", user.password_expiration);
// add_single_attribute_operation(mods, &i, "", user.password_ages);
// add_single_attribute_operation(mods, &i, "", user.new_password_interval);
// add_single_attribute_operation(mods, &i, "", user.new_password_warn_interval);
// add_single_attribute_operation(mods, &i, "", user.new_password_lockout_delay);
// add_single_attribute_operation(mods, &i, "", user.password_has_minimum_age);
// add_single_attribute_operation(mods, &i, "", user.password_minimum_age);
add_single_attribute_operation(mods, &i, "krb5MaxLife", TQString("%1").arg(user.maximum_ticket_lifetime));
add_single_attribute_operation(mods, &i, "cn", user.commonName);
add_single_attribute_operation(mods, &i, "givenName", user.givenName);
add_single_attribute_operation(mods, &i, "sn", user.surName);
add_single_attribute_operation(mods, &i, "initials", user.initials);
add_single_attribute_operation(mods, &i, "title", user.title);
add_single_attribute_operation(mods, &i, "mail", user.email);
add_single_attribute_operation(mods, &i, "description", user.description);
add_single_attribute_operation(mods, &i, "l", user.locality);
add_single_attribute_operation(mods, &i, "telephoneNumber", user.telephoneNumber);
add_single_attribute_operation(mods, &i, "facsimileTelephoneNumber", user.faxNumber);
add_single_attribute_operation(mods, &i, "homePhone", user.homePhone);
add_single_attribute_operation(mods, &i, "mobile", user.mobilePhone);
add_single_attribute_operation(mods, &i, "pager", user.pagerNumber);
add_single_attribute_operation(mods, &i, "websiteURL", user.website);
add_single_attribute_operation(mods, &i, "postOfficeBox", user.poBox);
add_single_attribute_operation(mods, &i, "street", user.street);
add_single_attribute_operation(mods, &i, "postalAddress", user.address);
add_single_attribute_operation(mods, &i, "st", user.state);
add_single_attribute_operation(mods, &i, "postalCode", user.postcode);
add_single_attribute_operation(mods, &i, "registeredAddress", user.registeredAddress);
add_single_attribute_operation(mods, &i, "homePostalAddress", user.homeAddress);
add_single_attribute_operation(mods, &i, "seeAlso", user.seeAlso);
add_single_attribute_operation(mods, &i, "physicalDeliveryOfficeName", user.deliveryOffice);
add_single_attribute_operation(mods, &i, "departmentNumber", user.department);
add_single_attribute_operation(mods, &i, "roomNumber", user.roomNumber);
add_single_attribute_operation(mods, &i, "employeeType", user.employeeType);
add_single_attribute_operation(mods, &i, "employeeNumber", user.employeeNumber);
add_single_attribute_operation(mods, &i, "managerName", user.manager);
add_single_attribute_operation(mods, &i, "secretaryName", user.secretary);
add_single_attribute_operation(mods, &i, "internationaliSDNNumber", user.isdnNumber);
add_single_attribute_operation(mods, &i, "teletexId", user.teletexID);
add_single_attribute_operation(mods, &i, "telexNumber", user.telexNumber);
add_single_attribute_operation(mods, &i, "preferredDelivery", user.preferredDelivery);
add_single_attribute_operation(mods, &i, "destinationIndicator", user.destinationIndicator);
add_single_attribute_operation(mods, &i, "x121Address", user.x121Address);
add_single_attribute_operation(mods, &i, "displayName", user.displayName);
add_single_attribute_operation(mods, &i, "preferredLanguage", user.preferredLanguage);
add_single_attribute_operation(mods, &i, "locallyUniqueID", user.uniqueIdentifier);
add_single_attribute_operation(mods, &i, "businessCategory", user.businessCategory);
add_single_attribute_operation(mods, &i, "carLicense", user.carLicense);
add_single_attribute_operation(mods, &i, "notes", user.notes);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, user.distinguishedName.ascii(), mods, NULL, NULL);
// Clean up
mods[i] = prevterm;
for (i=0;i<number_of_parameters;i++) {
if (mods[i]->mod_type != NULL) {
free(mods[i]->mod_type);
}
if (mods[i]->mod_values != NULL) {
int j = 0;
while (mods[i]->mod_values[j] != NULL) {
free(mods[i]->mod_values[j]);
j++;
}
free(mods[i]->mod_values);
}
delete mods[i];
}
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
else {
return 0;
}
}
}
int LDAPManager::updateGroupInfo(LDAPGroupInfo group) {
int retcode;
int i;
LDAPGroupInfo groupinfo;
if (bind() < 0) {
return -1;
}
else {
// Assemble the LDAPMod structure
// We will replace any existing attributes with the new values
int number_of_parameters = 3; // 3 primary attributes
LDAPMod *mods[number_of_parameters+1];
for (i=0;i<number_of_parameters;i++) {
mods[i] = new LDAPMod;
mods[i]->mod_type = NULL;
mods[i]->mod_values = NULL;
}
mods[number_of_parameters] = NULL;
// Load LDAP modification requests from provided data structure
i=0;
add_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(group.gid));
TQStringList completeGroupList = group.userlist;
TQString placeholderGroup = "cn=placeholder," + m_basedc;
if (!completeGroupList.contains(placeholderGroup)) {
completeGroupList.prepend(placeholderGroup);
}
add_multiple_attributes_operation(mods, &i, "member", completeGroupList);
// Also populate memberUid attribute from the above list (minus the cn=,dc=... stuff, i.e. just the username)
TQStringList posixGroupList;
for ( TQStringList::Iterator it = group.userlist.begin(); it != group.userlist.end(); ++it ) {
TQString plainUserName = *it;
int eqpos = plainUserName.find("=")+1;
int cmpos = plainUserName.find(",", eqpos);
plainUserName.truncate(cmpos);
plainUserName.remove(0, eqpos);
posixGroupList.append(plainUserName);
}
add_multiple_attributes_operation(mods, &i, "memberUid", posixGroupList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, group.distinguishedName.ascii(), mods, NULL, NULL);
// Clean up
mods[i] = prevterm;
for (i=0;i<number_of_parameters;i++) {
if (mods[i]->mod_type != NULL) {
free(mods[i]->mod_type);
}
if (mods[i]->mod_values != NULL) {
int j = 0;
while (mods[i]->mod_values[j] != NULL) {
free(mods[i]->mod_values[j]);
j++;
}
free(mods[i]->mod_values);
}
delete mods[i];
}
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
else {
return 0;
}
}
}
int LDAPManager::addUserInfo(LDAPUserInfo user) {
int retcode;
int i;
LDAPUserInfo userinfo;
if (bind() < 0) {
return -1;
}
else {
// Create the base DN entry
int number_of_parameters = 13; // 13 primary attributes
LDAPMod *mods[number_of_parameters+1];
for (i=0;i<number_of_parameters;i++) {
mods[i] = new LDAPMod;
mods[i]->mod_type = NULL;
mods[i]->mod_values = NULL;
}
mods[number_of_parameters] = NULL;
// Load initial required LDAP object attributes
i=0;
create_single_attribute_operation(mods, &i, "uidNumber", TQString("%1").arg(user.uid));
create_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(user.primary_gid));
create_multiple_attributes_operation(mods, &i, "objectClass", TQStringList::split(" ", "inetOrgPerson krb5Realm krb5Principal krb5KDCEntry emsUser posixAccount"));
create_single_attribute_operation(mods, &i, "uid", user.name);
create_single_attribute_operation(mods, &i, "cn", user.commonName);
create_single_attribute_operation(mods, &i, "sn", user.surName);
create_single_attribute_operation(mods, &i, "homeDirectory", user.homedir);
create_single_attribute_operation(mods, &i, "userPassword", "{SASL}" + user.name + "@" + m_realm.upper());
// Kerberos
create_single_attribute_operation(mods, &i, "krb5KeyVersionNumber", "1");
create_single_attribute_operation(mods, &i, "krb5PrincipalName", TQString(user.name.lower()) + "@" + m_realm.upper());
create_single_attribute_operation(mods, &i, "krb5RealmName", m_realm.upper());
// Zivios specific
create_single_attribute_operation(mods, &i, "emsdescription", "None");
create_single_attribute_operation(mods, &i, "emsprimarygroupdn", "None");
create_single_attribute_operation(mods, &i, "emstype", "UserEntry");
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Add new object
retcode = ldap_add_ext_s(m_ldap, user.distinguishedName.ascii(), mods, NULL, NULL);
// Clean up
mods[i] = prevterm;
for (i=0;i<number_of_parameters;i++) {
if (mods[i]->mod_type != NULL) {
free(mods[i]->mod_type);
}
if (mods[i]->mod_values != NULL) {
int j = 0;
while (mods[i]->mod_values[j] != NULL) {
free(mods[i]->mod_values[j]);
j++;
}
free(mods[i]->mod_values);
}
delete mods[i];
}
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP addition failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
else {
return updateUserInfo(user);
}
}
}
int LDAPManager::addGroupInfo(LDAPGroupInfo group) {
int retcode;
int i;
LDAPGroupInfo groupinfo;
if (bind() < 0) {
return -1;
}
else {
// Create the base DN entry
int number_of_parameters = 6; // 6 primary attributes
LDAPMod *mods[number_of_parameters+1];
for (i=0;i<number_of_parameters;i++) {
mods[i] = new LDAPMod;
mods[i]->mod_type = NULL;
mods[i]->mod_values = NULL;
}
mods[number_of_parameters] = NULL;
TQString placeholderGroup = "cn=placeholder," + m_basedc;
// Load initial required LDAP object attributes
i=0;
create_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(group.gid));
create_multiple_attributes_operation(mods, &i, "objectClass", TQStringList::split(" ", "emsGroup groupOfNames posixGroup"));
create_single_attribute_operation(mods, &i, "cn", group.name);
create_multiple_attributes_operation(mods, &i, "member", TQStringList(placeholderGroup));
// Zivios specific
create_single_attribute_operation(mods, &i, "emsdescription", "None");
create_single_attribute_operation(mods, &i, "emstype", "GroupEntry");
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Add new object
retcode = ldap_add_ext_s(m_ldap, group.distinguishedName.ascii(), mods, NULL, NULL);
// Clean up
mods[i] = prevterm;
for (i=0;i<number_of_parameters;i++) {
if (mods[i]->mod_type != NULL) {
free(mods[i]->mod_type);
}
if (mods[i]->mod_values != NULL) {
int j = 0;
while (mods[i]->mod_values[j] != NULL) {
free(mods[i]->mod_values[j]);
j++;
}
free(mods[i]->mod_values);
}
delete mods[i];
}
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP addition failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
else {
return updateGroupInfo(group);
}
}
}
int LDAPManager::deleteUserInfo(LDAPUserInfo user) {
int retcode;
LDAPUserInfo userinfo;
if (bind() < 0) {
return -1;
}
else {
// Delete the base DN entry
retcode = ldap_delete_ext_s(m_ldap, user.distinguishedName.ascii(), NULL, NULL);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP deletion failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
else {
return 0;
}
}
}
int LDAPManager::deleteGroupInfo(LDAPGroupInfo group) {
int retcode;
LDAPGroupInfo groupinfo;
if (bind() < 0) {
return -1;
}
else {
// Delete the base DN entry
retcode = ldap_delete_ext_s(m_ldap, group.distinguishedName.ascii(), NULL, NULL);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP deletion failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
else {
return 0;
}
}
}
int LDAPManager::deleteMachineInfo(LDAPMachineInfo machine) {
int retcode;
LDAPMachineInfo machineinfo;
if (bind() < 0) {
return -1;
}
else {
// Delete the base DN entry
retcode = ldap_delete_ext_s(m_ldap, machine.distinguishedName.ascii(), NULL, NULL);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP deletion failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
else {
return 0;
}
}
}
LDAPGroupInfo LDAPManager::parseLDAPGroupRecord(LDAPMessage* entry) {
char* dn = NULL;
char* attr;
struct berval **vals;
BerElement* ber;
int i;
LDAPGroupInfo groupinfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
printf("Returned dn: %s\n", dn);
groupinfo.distinguishedName = dn;
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
if (id.startsWith("cn=")) {
id = id.remove(0, 3);
groupinfo.name = id;
}
ldap_memfree(dn);
}
for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
for(i = 0; vals[i] != NULL; i++) {
printf("[RAJA DEBUG 110.3] %s: %s\n\r", attr, vals[i]->bv_val);
}
groupinfo.informationValid = true;
TQString ldap_field = attr;
i=0;
if (ldap_field == "creatorsName") {
groupinfo.creatorsName = vals[i]->bv_val;
}
else if (ldap_field == "member") {
TQStringList members;
for(i = 0; vals[i] != NULL; i++) {
TQString userdn = vals[i]->bv_val;
if (userdn.startsWith("cn=placeholder,dc=")) {
continue;
}
members.append(userdn);
}
groupinfo.userlist = members;
}
else if (ldap_field == "gidNumber") {
groupinfo.gid = atoi(vals[i]->bv_val);
}
else if (ldap_field == "tdeBuiltinAccount") {
groupinfo.tde_builtin_account = (TQString(vals[i]->bv_val).upper() == "TRUE")?true:false;
}
ldap_value_free_len(vals);
}
ldap_memfree(attr);
}
if (ber != NULL) {
ber_free(ber, 0);
}
printf("\n\r");
return groupinfo;
}
LDAPMachineInfo LDAPManager::parseLDAPMachineRecord(LDAPMessage* entry) {
char* dn = NULL;
char* attr;
struct berval **vals;
BerElement* ber;
int i;
LDAPMachineInfo machineinfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
printf("Returned dn: %s\n", dn);
machineinfo.distinguishedName = dn;
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
if (id.startsWith("krb5PrincipalName=host/")) {
id = id.remove(0, 23);
id.replace("@"+m_realm, "");
machineinfo.name = id;
}
ldap_memfree(dn);
}
for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
for(i = 0; vals[i] != NULL; i++) {
printf("[RAJA DEBUG 120.3] %s: %s\n\r", attr, vals[i]->bv_val);
}
machineinfo.informationValid = true;
TQString ldap_field = attr;
i=0;
if (ldap_field == "creatorsName") {
machineinfo.creatorsName = vals[i]->bv_val;
}
else if (ldap_field == "tdeBuiltinAccount") {
machineinfo.tde_builtin_account = (TQString(vals[i]->bv_val).upper() == "TRUE")?true:false;
}
else if (ldap_field == "krb5KDCFlags") {
machineinfo.status = (LDAPKRB5Flags)(atoi(vals[i]->bv_val));
}
ldap_value_free_len(vals);
}
ldap_memfree(attr);
}
if (ber != NULL) {
ber_free(ber, 0);
}
printf("\n\r");
return machineinfo;
}
LDAPGroupInfoList LDAPManager::groups(int* mretcode) {
int retcode;
LDAPGroupInfoList groups;
printf("[RAJA DEBUG 110.0] In LDAPManager::groups()\n\r"); fflush(stdout);
if (bind() < 0) {
if (mretcode) *mretcode = -1;
return LDAPGroupInfoList();
}
else {
printf("[RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(objectClass=posixGroup)";
retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
if (mretcode) *mretcode = -1;
return LDAPGroupInfoList();
}
printf("[RAJA DEBUG 110.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
// RAJA
groups.append(parseLDAPGroupRecord(entry));
}
// clean up
ldap_msgfree(msg);
if (mretcode) *mretcode = 0;
return groups;
}
return LDAPGroupInfoList();
}
LDAPMachineInfoList LDAPManager::machines(int* mretcode) {
int retcode;
LDAPMachineInfoList machines;
printf("[RAJA DEBUG 120.0] In LDAPManager::machines()\n\r"); fflush(stdout);
if (bind() < 0) {
if (mretcode) *mretcode = -1;
return LDAPMachineInfoList();
}
else {
printf("[RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(&(objectClass=krb5Principal)(uid=host/*))";
retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
if (mretcode) *mretcode = -1;
return LDAPMachineInfoList();
}
printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
machines.append(parseLDAPMachineRecord(entry));
}
// clean up
ldap_msgfree(msg);
if (mretcode) *mretcode = 0;
return machines;
}
return LDAPMachineInfoList();
}
int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr) {
int retcode;
int i;
if (bind() < 0) {
return -1;
}
else {
// Assemble the LDAPMod structure
// We will replace any existing attributes with the new values
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
for (i=0;i<number_of_parameters;i++) {
mods[i] = new LDAPMod;
mods[i]->mod_type = NULL;
mods[i]->mod_values = NULL;
}
mods[number_of_parameters] = NULL;
// Load LDAP modification requests from provided data structure
i=0;
add_single_binary_attribute_operation(mods, &i, attr, cert);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc).ascii(), mods, NULL, NULL); // RAJA FIXME
// Clean up
mods[i] = prevterm;
for (i=0;i<number_of_parameters;i++) {
if (mods[i]->mod_type != NULL) {
free(mods[i]->mod_type);
}
if (mods[i]->mod_values != NULL) {
int j = 0;
while (mods[i]->mod_values[j] != NULL) {
delete mods[i]->mod_values[j];
j++;
}
free(mods[i]->mod_values);
}
delete mods[i];
}
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("<qt>LDAP certificate upload failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP certificate upload failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
else {
return 0;
}
}
}
// Special method, used when creating a new Kerberos realm
int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
int retcode;
printf("[RAJA DEBUG 140.0] In LDAPManager::moveKerberosEntries()\n\r"); fflush(stdout);
if (bind(errstr) < 0) {
return -1;
}
else {
printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r"); fflush(stdout);
LDAPMessage* msg;
TQString ldap_base_dn = m_basedc;
TQString ldap_filter = "(&(objectClass=krb5Principal)(!(objectClass=posixAccount)))";
retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -1;
}
printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg));
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
char* dn = NULL;
LDAPMachineInfo machineinfo;
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
TQStringList dnParts = TQStringList::split(",", dn);
TQString id = dnParts[0];
printf("[RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s", dn, id.ascii(), newSuffix.ascii()); fflush(stdout);
retcode = ldap_rename_s(m_ldap, dn, id, newSuffix, 0, NULL, NULL);
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("LDAP rename failure<p>Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode));
return -1;
}
}
}
// clean up
ldap_msgfree(msg);
return 0;
}
return -1;
}
void LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg) {
KSimpleConfig* systemconfig;
TQString m_defaultRealm;
int m_ticketLifetime;
int m_ldapVersion;
int m_ldapTimeout;
TQString m_bindPolicy;
int m_ldapBindTimeout;
TQString m_passwordHash;
TQString m_ignoredUsers;
systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" ));
systemconfig->setGroup(NULL);
m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
m_ldapVersion = systemconfig->readNumEntry("ConnectionLDAPVersion", 3);
m_ldapTimeout = systemconfig->readNumEntry("ConnectionLDAPTimeout", 2);
m_bindPolicy = systemconfig->readEntry("ConnectionBindPolicy", "soft");
m_ldapBindTimeout = systemconfig->readNumEntry("ConnectionBindTimeout", 2);
m_passwordHash = systemconfig->readEntry("ConnectionPasswordHash", "exop");
m_ignoredUsers = systemconfig->readEntry("ConnectionIgnoredUsers", DEFAULT_IGNORED_USERS_LIST);
TQFile file(LDAP_FILE);
if (file.open(IO_WriteOnly)) {
TQTextStream stream( &file );
stream << "# This file was automatically generated by TDE\n";
stream << "# All changes will be lost!\n";
stream << "\n";
if (realmcfg.bonded) {
stream << "host " << realmcfg.admin_server << "\n";
TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
stream << "base dc=" << domainChunks.join(",dc=") << "\n";
stream << "ldap_version " << m_ldapVersion << "\n";
stream << "timelimit " << m_ldapTimeout << "\n";
stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
stream << "bind_policy " << m_bindPolicy.lower() << "\n";
stream << "pam_password " << m_passwordHash.lower() << "\n";
stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
}
file.close();
}
delete systemconfig;
}
void LDAPManager::writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config) {
LDAPRealmConfigList::Iterator it;
for (it = realms.begin(); it != realms.end(); ++it) {
LDAPRealmConfig realmcfg = it.data();
TQString configRealmName = realmcfg.name;
configRealmName.prepend("LDAPRealm-");
config->setGroup(configRealmName);
// Save realm settings
config->writeEntry("bonded", realmcfg.bonded);
config->writeEntry("uid_offset", realmcfg.uid_offset);
config->writeEntry("gid_offset", realmcfg.gid_offset);
config->writeEntry("domain_mappings", realmcfg.domain_mappings);
config->writeEntry("kdc", realmcfg.kdc);
config->writeEntry("kdc_port", realmcfg.kdc_port);
config->writeEntry("admin_server", realmcfg.admin_server);
config->writeEntry("admin_server_port", realmcfg.admin_server_port);
config->writeEntry("pkinit_require_eku", realmcfg.pkinit_require_eku);
config->writeEntry("pkinit_require_krbtgt_otherName", realmcfg.pkinit_require_krbtgt_otherName);
config->writeEntry("win2k_pkinit", realmcfg.win2k_pkinit);
config->writeEntry("win2k_pkinit_require_binding", realmcfg.win2k_pkinit_require_binding);
}
// Delete any realms that do not exist in the realms database
TQStringList cfgRealms = config->groupList();
for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
if ((*it).startsWith("LDAPRealm-")) {
config->setGroup(*it);
TQString realmName=*it;
realmName.remove(0,strlen("LDAPRealm-"));
if (!realms.contains(realmName)) {
config->deleteGroup(*it);
}
}
}
}
TQString LDAPManager::getMachineFQDN() {
struct addrinfo hints, *info, *p;
int gai_result;
char hostname[1024];
hostname[1023] = '\0';
gethostname(hostname, 1023);
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC; // IPV4 or IPV6
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_CANONNAME;
if ((gai_result = getaddrinfo(hostname, NULL, &hints, &info)) != 0) {
return TQString(hostname);
}
TQString fqdn = TQString(hostname);
for (p=info; p!=NULL; p=p->ai_next) {
fqdn = TQString(p->ai_canonname);
}
freeaddrinfo(info);
return fqdn;
}
// ===============================================================================================================
//
// DATA CLASS CONSTRUCTORS AND DESTRUCTORS
//
// ===============================================================================================================
LDAPUserInfo::LDAPUserInfo() {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
informationValid = false;
uid = -1;
primary_gid = -1;
tde_builtin_account = false;
status = (LDAPKRB5Flags)0;
account_created = TQDateTime::fromString("1970-01-01T00:00:00", TQt::ISODate);
account_modified = TQDateTime::fromString("1970-01-01T00:00:00", TQt::ISODate);
password_last_changed = TQDateTime::fromString("1970-01-01T00:00:00", TQt::ISODate);
password_expires = false;
password_expiration = TQDateTime::fromString("1970-01-01T00:00:00", TQt::ISODate);
password_ages = false;
new_password_interval = -1;
new_password_warn_interval = -1;
new_password_lockout_delay = -1;
password_has_minimum_age = false;
password_minimum_age = -1;
maximum_ticket_lifetime = -1;
}
LDAPUserInfo::~LDAPUserInfo() {
//
}
LDAPGroupInfo::LDAPGroupInfo() {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
informationValid = false;
gid = -1;
tde_builtin_account = false;
}
LDAPGroupInfo::~LDAPGroupInfo() {
//
}
LDAPMachineInfo::LDAPMachineInfo() {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
informationValid = false;
tde_builtin_account = false;
status = (LDAPKRB5Flags)0;
}
LDAPMachineInfo::~LDAPMachineInfo() {
//
}
#include "libtdeldap.moc"