/***************************************************************************
* Copyright ( C ) 2012 by Timothy Pearson *
* kb9vqf @ pearsoncomputing . net *
* *
* This program is free software ; you can redistribute it and / or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation ; either version 2 of the License , or *
* ( at your option ) any later version . *
* *
* This program is distributed in the hope that it will be useful , *
* but WITHOUT ANY WARRANTY ; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the *
* GNU General Public License for more details . *
* *
* You should have received a copy of the GNU General Public License *
* along with this program ; if not , write to the *
* Free Software Foundation , Inc . , *
* 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA . *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
# include <sys/types.h>
# include <sys/stat.h>
# include <sys/socket.h>
# include <netdb.h>
# include <pwd.h>
# include <tqfile.h>
# include <tqcheckbox.h>
# include <klocale.h>
# include <kmessagebox.h>
# include <klineedit.h>
# include <kpassdlg.h>
# include <ksimpleconfig.h>
# include <ldap.h>
# include <stdlib.h>
# include <sys/time.h>
# include "libtdeldap.h"
# include "ldaplogindlg.h"
# include "ldappasswddlg.h"
# define LDAP_INSECURE_PORT 389
# define LDAP_SECURE_PORT 636
// FIXME
// Connect this to CMake/Automake
# define KDE_CONFDIR " / etc / trinity"
// FIXME
// This assumes Debian!
# define LDAP_FILE " / etc / ldap / ldap.conf"
# define LDAP_SECONDARY_FILE " / etc / ldap.conf"
# define TDELDAP_SUDO_D_FILE " / etc / sudoers.d / tde-realm-admins"
# define CRON_UPDATE_NSS_FILE " / etc / cron.daily / upd-local-nss-db"
# define CRON_UPDATE_NSS_COMMAND " / usr / sbin / nss_updatedb ldap"
int requested_ldap_version = LDAP_VERSION3 ;
char * ldap_user_and_operational_attributes [ 2 ] = { " * " , " + " } ;
enum ErrorCauseLocation {
ERRORCAUSE_LOCATION_BIND = 0
} ;
LDAPManager : : LDAPManager ( TQString realm , TQString host , TQObject * parent , const char * name ) : TQObject ( parent , name ) , m_realm ( realm ) , m_host ( host ) , m_port ( 0 ) , m_creds ( 0 ) , m_ldap ( 0 )
{
TQStringList domainChunks = TQStringList : : split ( " . " , realm . lower ( ) ) ;
m_basedc = " dc= " + domainChunks . join ( " ,dc= " ) ;
}
LDAPManager : : LDAPManager ( TQString realm , TQString host , LDAPCredentials * creds , TQObject * parent , const char * name ) : TQObject ( parent , name ) , m_realm ( realm ) , m_host ( host ) , m_port ( 0 ) , m_creds ( creds ) , m_ldap ( 0 )
{
TQStringList domainChunks = TQStringList : : split ( " . " , realm . lower ( ) ) ;
m_basedc = " dc= " + domainChunks . join ( " ,dc= " ) ;
}
LDAPManager : : ~ LDAPManager ( ) {
unbind ( true ) ;
}
TQString LDAPManager : : basedn ( ) {
return m_basedc ;
}
TQString LDAPManager : : realm ( ) {
return m_realm ;
}
LDAPCredentials LDAPManager : : currentLDAPCredentials ( ) {
if ( m_creds ) {
return * m_creds ;
}
else {
return LDAPCredentials ( ) ;
}
}
TQString ldapLikelyErrorCause ( int errcode , int location ) {
TQString ret ;
if ( location = = ERRORCAUSE_LOCATION_BIND ) {
if ( errcode = = LDAP_SERVER_DOWN ) {
ret = " * LDAP server down<br> * Invalid LDAP Certificate Authority file on client " ;
}
if ( LDAP_NAME_ERROR ( errcode ) ) {
ret = " Unknown user name or incorrect user name format " ;
}
}
if ( ret ! = " " ) {
if ( ret . contains ( " <br> " ) ) {
ret . prepend ( " <p> " + i18n ( " Potential causes " ) + " :<br> " ) ;
}
else {
ret . prepend ( " <p> " + i18n ( " Potential cause " ) + " :<br> " ) ;
}
}
return ret ;
}
int sasl_bind_interact_callback ( LDAP * ld , unsigned flags , void * defaults , void * sasl_interact ) {
// FIXME
// This currently does nothing and hopes for the best!
return LDAP_SUCCESS ;
}
int LDAPManager : : bind ( TQString * errstr ) {
printf ( " [RAJA DEBUG 600.0] In LDAPManager::bind(%p) \n \r " , errstr ) ; fflush ( stdout ) ;
if ( m_ldap ) {
return 0 ;
}
bool using_ldapi = false ;
bool using_gssapi = false ;
if ( m_host . startsWith ( " ldapi:// " ) ) {
using_ldapi = true ;
}
bool havepass = false ;
if ( m_creds | | using_ldapi ) {
havepass = true ;
}
else {
printf ( " [RAJA DEBUG 660.1] \n \r " ) ; fflush ( stdout ) ;
LDAPPasswordDialog passdlg ( 0 ) ;
passdlg . m_base - > ldapAdminRealm - > setEnabled ( false ) ;
passdlg . m_base - > ldapAdminRealm - > insertItem ( m_realm ) ;
passdlg . m_base - > ldapUseTLS - > setChecked ( true ) ;
if ( passdlg . exec ( ) = = TQDialog : : Accepted ) {
havepass = true ;
if ( ! m_creds ) {
m_creds = new LDAPCredentials ( ) ;
m_creds - > username = passdlg . m_base - > ldapAdminUsername - > text ( ) ;
m_creds - > password = passdlg . m_base - > ldapAdminPassword - > password ( ) ;
m_creds - > realm = passdlg . m_base - > ldapAdminRealm - > currentText ( ) ;
m_creds - > use_tls = passdlg . m_base - > ldapUseTLS - > isOn ( ) ;
}
if ( passdlg . use_gssapi ) {
using_gssapi = true ;
}
}
else {
return - 1 ;
}
}
TQString uri ;
if ( m_host . contains ( " :// " ) ) {
uri = m_host ;
if ( ! m_creds ) {
m_creds = new LDAPCredentials ( ) ;
m_creds - > username = " " ;
m_creds - > password = " " ;
m_creds - > realm = m_realm ;
}
}
else {
if ( m_creds - > use_tls ) {
m_port = LDAP_SECURE_PORT ;
uri = TQString ( " ldaps://%1:%2 " ) . arg ( m_host ) . arg ( m_port ) ;
}
else {
m_port = LDAP_INSECURE_PORT ;
uri = TQString ( " ldap://%1:%2 " ) . arg ( m_host ) . arg ( m_port ) ;
}
}
printf ( " [RAJA DEBUG 600.1] URI: %s \n \r " , uri . ascii ( ) ) ; fflush ( stdout ) ;
int retcode = ldap_initialize ( & m_ldap , uri . ascii ( ) ) ;
if ( retcode < 0 ) {
if ( errstr ) * errstr = i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) . arg ( ldapLikelyErrorCause ( retcode , ERRORCAUSE_LOCATION_BIND ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) . arg ( ldapLikelyErrorCause ( retcode , ERRORCAUSE_LOCATION_BIND ) ) , i18n ( " Unable to connect to server! " ) ) ;
return - 1 ;
}
retcode = ldap_set_option ( m_ldap , LDAP_OPT_PROTOCOL_VERSION , & requested_ldap_version ) ;
if ( retcode ! = LDAP_OPT_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) . arg ( ldapLikelyErrorCause ( retcode , ERRORCAUSE_LOCATION_BIND ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) . arg ( ldapLikelyErrorCause ( retcode , ERRORCAUSE_LOCATION_BIND ) ) , i18n ( " Unable to connect to server! " ) ) ;
return - 1 ;
}
printf ( " [RAJA DEBUG 660.0] \n \r " ) ; fflush ( stdout ) ;
TQString errorString ;
if ( havepass = = true ) {
char * mechanism = NULL ;
struct berval cred ;
TQString ldap_dn = m_creds - > username ;
TQCString pass = m_creds - > password ;
cred . bv_val = pass . data ( ) ;
cred . bv_len = pass . length ( ) ;
printf ( " [RAJA DEBUG 660.2] \n \r " ) ; fflush ( stdout ) ;
if ( ( ! using_ldapi & & ! using_gssapi ) ) {
if ( ! ldap_dn . contains ( " , " ) ) {
// Look for a POSIX account with anonymous bind and the specified account name
TQString uri ;
LDAP * ldapconn ;
if ( m_host . contains ( " :// " ) ) {
uri = m_host ;
}
else {
if ( m_creds - > use_tls ) {
m_port = LDAP_SECURE_PORT ;
uri = TQString ( " ldaps://%1:%2 " ) . arg ( m_host ) . arg ( m_port ) ;
}
else {
m_port = LDAP_INSECURE_PORT ;
uri = TQString ( " ldap://%1:%2 " ) . arg ( m_host ) . arg ( m_port ) ;
}
}
int retcode = ldap_initialize ( & ldapconn , uri . ascii ( ) ) ;
if ( retcode < 0 ) {
if ( errstr ) * errstr = i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " Unable to connect to server! " ) ) ;
return - 1 ;
}
retcode = ldap_set_option ( ldapconn , LDAP_OPT_PROTOCOL_VERSION , & requested_ldap_version ) ;
if ( retcode ! = LDAP_OPT_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " Unable to connect to server! " ) ) ;
return - 1 ;
}
struct berval anoncred ;
anoncred . bv_val = " " ;
anoncred . bv_len = strlen ( " " ) ;
retcode = ldap_sasl_bind_s ( ldapconn , " " , mechanism , & anoncred , NULL , NULL , NULL ) ;
if ( retcode = = LDAP_SUCCESS ) {
// Look for the DN for the specified user
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = TQString ( " (&(objectclass=posixAccount)(uid=%1)) " ) . arg ( m_creds - > username ) ;
retcode = ldap_search_ext_s ( ldapconn , ldap_base_dn . ascii ( ) , LDAP_SCOPE_SUBTREE , ldap_filter . ascii ( ) , NULL , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
}
else {
// Iterate through the returned entries
char * dn = NULL ;
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( ldapconn , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( ldapconn , entry ) ) {
if ( ( dn = ldap_get_dn ( ldapconn , entry ) ) ! = NULL ) {
ldap_dn = dn ;
ldap_memfree ( dn ) ;
}
}
}
// clean up
ldap_msgfree ( msg ) ;
// All done!
ldap_unbind_ext_s ( ldapconn , NULL , NULL ) ;
}
}
}
if ( using_gssapi ) {
retcode = ldap_sasl_interactive_bind_s ( m_ldap , " " , " GSSAPI " , NULL , NULL , LDAP_SASL_AUTOMATIC , sasl_bind_interact_callback , NULL ) ;
}
else {
retcode = ldap_sasl_bind_s ( m_ldap , ldap_dn . ascii ( ) , mechanism , & cred , NULL , NULL , NULL ) ;
}
printf ( " [RAJA DEBUG 600.2] ldap_dn: %s \n \r " , ldap_dn . ascii ( ) ) ; fflush ( stdout ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) . arg ( ldapLikelyErrorCause ( retcode , ERRORCAUSE_LOCATION_BIND ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) . arg ( ldapLikelyErrorCause ( retcode , ERRORCAUSE_LOCATION_BIND ) ) , i18n ( " Unable to connect to server! " ) ) ;
return - 1 ;
}
return 0 ;
}
else {
return - 2 ;
}
return - 3 ;
}
int LDAPManager : : unbind ( bool force , TQString * errstr ) {
printf ( " [RAJA DEBUG 601.0] In LDAPManager::unbind() \n \r " ) ; fflush ( stdout ) ;
if ( ! m_ldap ) {
return 0 ;
}
int retcode = ldap_unbind_ext_s ( m_ldap , NULL , NULL ) ;
if ( ( retcode < 0 ) & & ( force = = false ) ) {
if ( errstr ) * errstr = i18n ( " <qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " Unable to disconnect from server! " ) ) ;
return retcode ;
}
else {
m_ldap = 0 ;
}
return retcode ;
}
LDAPUserInfo LDAPManager : : parseLDAPUserRecord ( LDAPMessage * entry ) {
int i ;
char * dn = NULL ;
char * attr ;
struct berval * * vals ;
BerElement * ber ;
LDAPUserInfo userinfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
printf ( " Returned dn: %s \n " , dn ) ;
userinfo . distinguishedName = dn ;
TQStringList dnParts = TQStringList : : split ( " , " , dn ) ;
TQString id = dnParts [ 0 ] ;
if ( id . startsWith ( " uid= " ) ) {
id = id . remove ( 0 , 4 ) ;
userinfo . name = id ;
}
ldap_memfree ( dn ) ;
}
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
printf ( " [RAJA DEBUG 100.3] %s: %s \n \r " , attr , vals [ i ] - > bv_val ) ;
userinfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
if ( ldap_field = = " creatorsName " ) {
userinfo . creatorsName = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " uidNumber " ) {
userinfo . uid = atoi ( vals [ i ] - > bv_val ) ;
}
else if ( ldap_field = = " loginShell " ) {
userinfo . shell = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " homeDirectory " ) {
userinfo . homedir = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " gidNumber " ) {
userinfo . primary_gid = atoi ( vals [ i ] - > bv_val ) ;
}
else if ( ldap_field = = " tdeBuiltinAccount " ) {
userinfo . tde_builtin_account = ( TQString ( vals [ i ] - > bv_val ) . upper ( ) = = " TRUE " ) ? true : false ;
}
else if ( ldap_field = = " krb5KDCFlags " ) {
userinfo . status = ( LDAPKRB5Flags ) ( atoi ( vals [ i ] - > bv_val ) ) ;
}
else if ( ldap_field = = " createTimestamp " ) { // YYYYMMDD000000Z
TQString formattedDate = vals [ i ] - > bv_val ;
formattedDate . insert ( 4 , " - " ) ;
formattedDate . insert ( 7 , " - " ) ;
formattedDate . insert ( 10 , " T " ) ;
formattedDate . insert ( 13 , " : " ) ;
formattedDate . insert ( 16 , " : " ) ;
formattedDate . remove ( 19 , 1 ) ;
userinfo . account_created = TQDateTime : : fromString ( formattedDate , TQt : : ISODate ) ;
}
else if ( ldap_field = = " modifyTimestamp " ) { // YYYYMMDD000000Z
TQString formattedDate = vals [ i ] - > bv_val ;
formattedDate . insert ( 4 , " - " ) ;
formattedDate . insert ( 7 , " - " ) ;
formattedDate . insert ( 10 , " T " ) ;
formattedDate . insert ( 13 , " : " ) ;
formattedDate . insert ( 16 , " : " ) ;
formattedDate . remove ( 19 , 1 ) ;
userinfo . account_modified = TQDateTime : : fromString ( formattedDate , TQt : : ISODate ) ;
}
// FIXME
// These two attributes do not seem to be available with a Heimdal KDC
// userinfo.password_last_changed = vals[i]->bv_val;
// userinfo.password_expires = vals[i]->bv_val;
else if ( ldap_field = = " krb5PasswordEnd " ) { // YYYYMMDD000000Z
TQString formattedDate = vals [ i ] - > bv_val ;
formattedDate . insert ( 4 , " - " ) ;
formattedDate . insert ( 7 , " - " ) ;
formattedDate . insert ( 10 , " T " ) ;
formattedDate . insert ( 13 , " : " ) ;
formattedDate . insert ( 16 , " : " ) ;
formattedDate . remove ( 19 , 1 ) ;
userinfo . password_expiration = TQDateTime : : fromString ( formattedDate , TQt : : ISODate ) ;
}
// FIXME
// These six(!) attributes do not seem to be available with a Heimdal KDC
// userinfo.password_ages = vals[i]->bv_val;
// userinfo.new_password_interval = vals[i]->bv_val;
// userinfo.new_password_warn_interval = vals[i]->bv_val;
// userinfo.new_password_lockout_delay = vals[i]->bv_val;
// userinfo.password_has_minimum_age = vals[i]->bv_val;
// userinfo.password_minimum_age = vals[i]->bv_val;
else if ( ldap_field = = " krb5MaxLife " ) { // units: hours
userinfo . maximum_ticket_lifetime = atoi ( vals [ i ] - > bv_val ) ;
}
else if ( ldap_field = = " cn " ) {
userinfo . commonName = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " givenName " ) {
userinfo . givenName = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " sn " ) {
userinfo . surName = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " initials " ) {
userinfo . initials = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " title " ) {
userinfo . title = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " mail " ) {
userinfo . email = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " description " ) {
userinfo . description = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " l " ) {
userinfo . locality = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " telephoneNumber " ) {
userinfo . telephoneNumber = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " facsimileTelephoneNumber " ) {
userinfo . faxNumber = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " homePhone " ) {
userinfo . homePhone = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " mobile " ) {
userinfo . mobilePhone = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " pager " ) {
userinfo . pagerNumber = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " websiteURL " ) {
userinfo . website = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " postOfficeBox " ) {
userinfo . poBox = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " street " ) {
userinfo . street = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " postalAddress " ) {
userinfo . address = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " st " ) {
userinfo . state = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " postalCode " ) {
userinfo . postcode = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " registeredAddress " ) {
userinfo . registeredAddress = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " homePostalAddress " ) {
userinfo . homeAddress = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " seeAlso " ) {
userinfo . seeAlso = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " physicalDeliveryOfficeName " ) {
userinfo . deliveryOffice = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " departmentNumber " ) {
userinfo . department = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " roomNumber " ) {
userinfo . roomNumber = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " employeeType " ) {
userinfo . employeeType = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " employeeNumber " ) {
userinfo . employeeNumber = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " managerName " ) {
userinfo . manager = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " secretaryName " ) {
userinfo . secretary = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " internationaliSDNNumber " ) {
userinfo . isdnNumber = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " teletexId " ) {
userinfo . teletexID = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " telexNumber " ) {
userinfo . telexNumber = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " preferredDelivery " ) {
userinfo . preferredDelivery = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " destinationIndicator " ) {
userinfo . destinationIndicator = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " x121Address " ) {
userinfo . x121Address = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " displayName " ) {
userinfo . displayName = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " preferredLanguage " ) {
userinfo . preferredLanguage = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " locallyUniqueID " ) {
userinfo . uniqueIdentifier = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " businessCategory " ) {
userinfo . businessCategory = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " carLicense " ) {
userinfo . carLicense = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " notes " ) {
userinfo . notes = vals [ i ] - > bv_val ;
}
ldap_value_free_len ( vals ) ;
}
ldap_memfree ( attr ) ;
}
if ( ber ! = NULL ) {
ber_free ( ber , 0 ) ;
}
printf ( " \n \r " ) ;
return userinfo ;
}
LDAPUserInfoList LDAPManager : : users ( int * mretcode ) {
int retcode ;
LDAPUserInfoList users ;
printf ( " [RAJA DEBUG 100.0] In LDAPManager::users() \n \r " ) ; fflush ( stdout ) ;
if ( bind ( ) < 0 ) {
if ( mretcode ) * mretcode = - 1 ;
return LDAPUserInfoList ( ) ;
}
else {
printf ( " [RAJA DEBUG 100.1] In LDAPManager::users() bind was OK \n \r " ) ; fflush ( stdout ) ;
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = " (objectClass=posixAccount) " ;
retcode = ldap_search_ext_s ( m_ldap , ldap_base_dn . ascii ( ) , LDAP_SCOPE_SUBTREE , ldap_filter . ascii ( ) , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
if ( mretcode ) * mretcode = - 1 ;
return LDAPUserInfoList ( ) ;
}
printf ( " [RAJA DEBUG 100.2] The number of entries returned was %d \n \n " , ldap_count_entries ( m_ldap , msg ) ) ;
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
users . append ( parseLDAPUserRecord ( entry ) ) ;
}
// clean up
ldap_msgfree ( msg ) ;
if ( mretcode ) * mretcode = 0 ;
return users ;
}
return LDAPUserInfoList ( ) ;
}
LDAPUserInfo LDAPManager : : getUserByDistinguishedName ( TQString dn ) {
int retcode ;
LDAPUserInfo userinfo ;
if ( bind ( ) < 0 ) {
return LDAPUserInfo ( ) ;
}
else {
LDAPMessage * msg ;
retcode = ldap_search_ext_s ( m_ldap , dn . ascii ( ) , LDAP_SCOPE_SUBTREE , NULL , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return LDAPUserInfo ( ) ;
}
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
userinfo = parseLDAPUserRecord ( entry ) ;
}
// clean up
ldap_msgfree ( msg ) ;
return userinfo ;
}
return LDAPUserInfo ( ) ;
}
LDAPGroupInfo LDAPManager : : getGroupByDistinguishedName ( TQString dn , TQString * errstr ) {
int retcode ;
LDAPGroupInfo groupinfo ;
if ( bind ( errstr ) < 0 ) {
return LDAPGroupInfo ( ) ;
}
else {
LDAPMessage * msg ;
retcode = ldap_search_ext_s ( m_ldap , dn . ascii ( ) , LDAP_SCOPE_SUBTREE , NULL , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return LDAPGroupInfo ( ) ;
}
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
groupinfo = parseLDAPGroupRecord ( entry ) ;
}
// clean up
ldap_msgfree ( msg ) ;
return groupinfo ;
}
return LDAPGroupInfo ( ) ;
}
void create_single_attribute_operation ( LDAPMod * * mods , int * i , TQString attr , TQString value ) {
if ( value ! = " " ) {
char * * values = ( char * * ) malloc ( 2 * sizeof ( char * ) ) ;
values [ 0 ] = strdup ( value . ascii ( ) ) ;
values [ 1 ] = NULL ;
mods [ * i ] - > mod_op = LDAP_MOD_ADD ;
mods [ * i ] - > mod_type = strdup ( attr . ascii ( ) ) ;
mods [ * i ] - > mod_values = values ;
( * i ) + + ;
}
}
void create_multiple_attributes_operation ( LDAPMod * * mods , int * i , TQString attr , TQStringList strings ) {
int j = 0 ;
char * * values = ( char * * ) malloc ( ( strings . count ( ) + 1 ) * sizeof ( char * ) ) ;
for ( TQStringList : : Iterator it = strings . begin ( ) ; it ! = strings . end ( ) ; + + it ) {
if ( ( * it ) ! = " " ) {
values [ j ] = strdup ( ( * it ) . ascii ( ) ) ;
j + + ;
}
}
values [ j ] = NULL ;
mods [ * i ] - > mod_op = LDAP_MOD_ADD ;
mods [ * i ] - > mod_type = strdup ( attr . ascii ( ) ) ;
mods [ * i ] - > mod_values = values ;
( * i ) + + ;
}
void add_single_attribute_operation ( LDAPMod * * mods , int * i , TQString attr , TQString value ) {
if ( value ! = " " ) {
char * * values = ( char * * ) malloc ( 2 * sizeof ( char * ) ) ;
values [ 0 ] = strdup ( value . ascii ( ) ) ;
values [ 1 ] = NULL ;
mods [ * i ] - > mod_op = LDAP_MOD_REPLACE ;
mods [ * i ] - > mod_type = strdup ( attr . ascii ( ) ) ;
mods [ * i ] - > mod_values = values ;
( * i ) + + ;
}
}
void add_single_binary_attribute_operation ( LDAPMod * * mods , int * i , TQString attr , TQByteArray & ba ) {
if ( ba . size ( ) > 0 ) {
struct berval * * values = ( berval * * ) malloc ( 2 * sizeof ( berval * ) ) ;
values [ 0 ] = new berval ;
values [ 0 ] - > bv_len = ba . size ( ) ;
values [ 0 ] - > bv_val = ba . data ( ) ;
values [ 1 ] = NULL ;
mods [ * i ] - > mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES ;
mods [ * i ] - > mod_type = strdup ( attr . ascii ( ) ) ;
mods [ * i ] - > mod_bvalues = values ;
( * i ) + + ;
}
}
void add_multiple_attributes_operation ( LDAPMod * * mods , int * i , TQString attr , TQStringList strings ) {
int j = 0 ;
char * * values = ( char * * ) malloc ( ( strings . count ( ) + 1 ) * sizeof ( char * ) ) ;
for ( TQStringList : : Iterator it = strings . begin ( ) ; it ! = strings . end ( ) ; + + it ) {
if ( ( * it ) ! = " " ) {
values [ j ] = strdup ( ( * it ) . ascii ( ) ) ;
j + + ;
}
}
values [ j ] = NULL ;
mods [ * i ] - > mod_op = LDAP_MOD_REPLACE ;
mods [ * i ] - > mod_type = strdup ( attr . ascii ( ) ) ;
mods [ * i ] - > mod_values = values ;
( * i ) + + ;
}
int LDAPManager : : updateUserInfo ( LDAPUserInfo user ) {
int retcode ;
int i ;
LDAPUserInfo userinfo ;
if ( bind ( ) < 0 ) {
return - 1 ;
}
else {
// Assemble the LDAPMod structure
// We will replace any existing attributes with the new values
int number_of_parameters = 40 ; // 40 primary attributes
LDAPMod * mods [ number_of_parameters + 1 ] ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
mods [ i ] = new LDAPMod ;
mods [ i ] - > mod_type = NULL ;
mods [ i ] - > mod_values = NULL ;
}
mods [ number_of_parameters ] = NULL ;
// Load LDAP modification requests from provided data structure
i = 0 ;
add_single_attribute_operation ( mods , & i , " uidNumber " , TQString ( " %1 " ) . arg ( user . uid ) ) ;
add_single_attribute_operation ( mods , & i , " loginShell " , user . shell ) ;
add_single_attribute_operation ( mods , & i , " homeDirectory " , user . homedir ) ;
add_single_attribute_operation ( mods , & i , " userPassword " , " {SASL} " + user . name + " @ " + m_realm . upper ( ) ) ;
add_single_attribute_operation ( mods , & i , " gidNumber " , TQString ( " %1 " ) . arg ( user . primary_gid ) ) ;
add_single_attribute_operation ( mods , & i , " krb5KDCFlags " , TQString ( " %1 " ) . arg ( user . status ) ) ; // Default active user is 586 [KRB5_ACTIVE_DEFAULT] and locked out user is 7586 [KRB5_DISABLED_ACCOUNT]
// add_single_attribute_operation(mods, &i, "", user.password_expires);
// add_single_attribute_operation(mods, &i, "", user.password_expiration);
// add_single_attribute_operation(mods, &i, "", user.password_ages);
// add_single_attribute_operation(mods, &i, "", user.new_password_interval);
// add_single_attribute_operation(mods, &i, "", user.new_password_warn_interval);
// add_single_attribute_operation(mods, &i, "", user.new_password_lockout_delay);
// add_single_attribute_operation(mods, &i, "", user.password_has_minimum_age);
// add_single_attribute_operation(mods, &i, "", user.password_minimum_age);
add_single_attribute_operation ( mods , & i , " krb5MaxLife " , TQString ( " %1 " ) . arg ( user . maximum_ticket_lifetime ) ) ;
add_single_attribute_operation ( mods , & i , " cn " , user . commonName ) ;
add_single_attribute_operation ( mods , & i , " givenName " , user . givenName ) ;
add_single_attribute_operation ( mods , & i , " sn " , user . surName ) ;
add_single_attribute_operation ( mods , & i , " initials " , user . initials ) ;
add_single_attribute_operation ( mods , & i , " title " , user . title ) ;
add_single_attribute_operation ( mods , & i , " mail " , user . email ) ;
add_single_attribute_operation ( mods , & i , " description " , user . description ) ;
add_single_attribute_operation ( mods , & i , " l " , user . locality ) ;
add_single_attribute_operation ( mods , & i , " telephoneNumber " , user . telephoneNumber ) ;
add_single_attribute_operation ( mods , & i , " facsimileTelephoneNumber " , user . faxNumber ) ;
add_single_attribute_operation ( mods , & i , " homePhone " , user . homePhone ) ;
add_single_attribute_operation ( mods , & i , " mobile " , user . mobilePhone ) ;
add_single_attribute_operation ( mods , & i , " pager " , user . pagerNumber ) ;
add_single_attribute_operation ( mods , & i , " websiteURL " , user . website ) ;
add_single_attribute_operation ( mods , & i , " postOfficeBox " , user . poBox ) ;
add_single_attribute_operation ( mods , & i , " street " , user . street ) ;
add_single_attribute_operation ( mods , & i , " postalAddress " , user . address ) ;
add_single_attribute_operation ( mods , & i , " st " , user . state ) ;
add_single_attribute_operation ( mods , & i , " postalCode " , user . postcode ) ;
add_single_attribute_operation ( mods , & i , " registeredAddress " , user . registeredAddress ) ;
add_single_attribute_operation ( mods , & i , " homePostalAddress " , user . homeAddress ) ;
add_single_attribute_operation ( mods , & i , " seeAlso " , user . seeAlso ) ;
add_single_attribute_operation ( mods , & i , " physicalDeliveryOfficeName " , user . deliveryOffice ) ;
add_single_attribute_operation ( mods , & i , " departmentNumber " , user . department ) ;
add_single_attribute_operation ( mods , & i , " roomNumber " , user . roomNumber ) ;
add_single_attribute_operation ( mods , & i , " employeeType " , user . employeeType ) ;
add_single_attribute_operation ( mods , & i , " employeeNumber " , user . employeeNumber ) ;
add_single_attribute_operation ( mods , & i , " managerName " , user . manager ) ;
add_single_attribute_operation ( mods , & i , " secretaryName " , user . secretary ) ;
add_single_attribute_operation ( mods , & i , " internationaliSDNNumber " , user . isdnNumber ) ;
add_single_attribute_operation ( mods , & i , " teletexId " , user . teletexID ) ;
add_single_attribute_operation ( mods , & i , " telexNumber " , user . telexNumber ) ;
add_single_attribute_operation ( mods , & i , " preferredDelivery " , user . preferredDelivery ) ;
add_single_attribute_operation ( mods , & i , " destinationIndicator " , user . destinationIndicator ) ;
add_single_attribute_operation ( mods , & i , " x121Address " , user . x121Address ) ;
add_single_attribute_operation ( mods , & i , " displayName " , user . displayName ) ;
add_single_attribute_operation ( mods , & i , " preferredLanguage " , user . preferredLanguage ) ;
add_single_attribute_operation ( mods , & i , " locallyUniqueID " , user . uniqueIdentifier ) ;
add_single_attribute_operation ( mods , & i , " businessCategory " , user . businessCategory ) ;
add_single_attribute_operation ( mods , & i , " carLicense " , user . carLicense ) ;
add_single_attribute_operation ( mods , & i , " notes " , user . notes ) ;
LDAPMod * prevterm = mods [ i ] ;
mods [ i ] = NULL ;
// Perform LDAP update
retcode = ldap_modify_ext_s ( m_ldap , user . distinguishedName . ascii ( ) , mods , NULL , NULL ) ;
// Clean up
mods [ i ] = prevterm ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
if ( mods [ i ] - > mod_type ! = NULL ) {
free ( mods [ i ] - > mod_type ) ;
}
if ( mods [ i ] - > mod_values ! = NULL ) {
int j = 0 ;
while ( mods [ i ] - > mod_values [ j ] ! = NULL ) {
free ( mods [ i ] - > mod_values [ j ] ) ;
j + + ;
}
free ( mods [ i ] - > mod_values ) ;
}
delete mods [ i ] ;
}
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP modification failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
else {
return 0 ;
}
}
}
int LDAPManager : : updateGroupInfo ( LDAPGroupInfo group ) {
int retcode ;
int i ;
LDAPGroupInfo groupinfo ;
if ( bind ( ) < 0 ) {
return - 1 ;
}
else {
// Assemble the LDAPMod structure
// We will replace any existing attributes with the new values
int number_of_parameters = 3 ; // 3 primary attributes
LDAPMod * mods [ number_of_parameters + 1 ] ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
mods [ i ] = new LDAPMod ;
mods [ i ] - > mod_type = NULL ;
mods [ i ] - > mod_values = NULL ;
}
mods [ number_of_parameters ] = NULL ;
// Load LDAP modification requests from provided data structure
i = 0 ;
add_single_attribute_operation ( mods , & i , " gidNumber " , TQString ( " %1 " ) . arg ( group . gid ) ) ;
TQStringList completeGroupList = group . userlist ;
TQString placeholderGroup = " cn=placeholder, " + m_basedc ;
if ( ! completeGroupList . contains ( placeholderGroup ) ) {
completeGroupList . prepend ( placeholderGroup ) ;
}
add_multiple_attributes_operation ( mods , & i , " member " , completeGroupList ) ;
// Also populate memberUid attribute from the above list (minus the cn=,dc=... stuff, i.e. just the username)
TQStringList posixGroupList ;
for ( TQStringList : : Iterator it = group . userlist . begin ( ) ; it ! = group . userlist . end ( ) ; + + it ) {
TQString plainUserName = * it ;
int eqpos = plainUserName . find ( " = " ) + 1 ;
int cmpos = plainUserName . find ( " , " , eqpos ) ;
plainUserName . truncate ( cmpos ) ;
plainUserName . remove ( 0 , eqpos ) ;
posixGroupList . append ( plainUserName ) ;
}
add_multiple_attributes_operation ( mods , & i , " memberUid " , posixGroupList ) ;
LDAPMod * prevterm = mods [ i ] ;
mods [ i ] = NULL ;
// Perform LDAP update
retcode = ldap_modify_ext_s ( m_ldap , group . distinguishedName . ascii ( ) , mods , NULL , NULL ) ;
// Clean up
mods [ i ] = prevterm ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
if ( mods [ i ] - > mod_type ! = NULL ) {
free ( mods [ i ] - > mod_type ) ;
}
if ( mods [ i ] - > mod_values ! = NULL ) {
int j = 0 ;
while ( mods [ i ] - > mod_values [ j ] ! = NULL ) {
free ( mods [ i ] - > mod_values [ j ] ) ;
j + + ;
}
free ( mods [ i ] - > mod_values ) ;
}
delete mods [ i ] ;
}
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP modification failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
else {
return 0 ;
}
}
}
int LDAPManager : : addUserInfo ( LDAPUserInfo user ) {
int retcode ;
int i ;
LDAPUserInfo userinfo ;
if ( bind ( ) < 0 ) {
return - 1 ;
}
else {
// Create the base DN entry
int number_of_parameters = 13 ; // 13 primary attributes
LDAPMod * mods [ number_of_parameters + 1 ] ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
mods [ i ] = new LDAPMod ;
mods [ i ] - > mod_type = NULL ;
mods [ i ] - > mod_values = NULL ;
}
mods [ number_of_parameters ] = NULL ;
// Load initial required LDAP object attributes
i = 0 ;
create_single_attribute_operation ( mods , & i , " uidNumber " , TQString ( " %1 " ) . arg ( user . uid ) ) ;
create_single_attribute_operation ( mods , & i , " gidNumber " , TQString ( " %1 " ) . arg ( user . primary_gid ) ) ;
create_multiple_attributes_operation ( mods , & i , " objectClass " , TQStringList : : split ( " " , " inetOrgPerson krb5Realm krb5Principal krb5KDCEntry emsUser posixAccount " ) ) ;
create_single_attribute_operation ( mods , & i , " uid " , user . name ) ;
create_single_attribute_operation ( mods , & i , " cn " , user . commonName ) ;
create_single_attribute_operation ( mods , & i , " sn " , user . surName ) ;
create_single_attribute_operation ( mods , & i , " homeDirectory " , user . homedir ) ;
create_single_attribute_operation ( mods , & i , " userPassword " , " {SASL} " + user . name + " @ " + m_realm . upper ( ) ) ;
// Kerberos
create_single_attribute_operation ( mods , & i , " krb5KeyVersionNumber " , " 1 " ) ;
create_single_attribute_operation ( mods , & i , " krb5PrincipalName " , TQString ( user . name . lower ( ) ) + " @ " + m_realm . upper ( ) ) ;
create_single_attribute_operation ( mods , & i , " krb5RealmName " , m_realm . upper ( ) ) ;
// Zivios specific
create_single_attribute_operation ( mods , & i , " emsdescription " , " None " ) ;
create_single_attribute_operation ( mods , & i , " emsprimarygroupdn " , " None " ) ;
create_single_attribute_operation ( mods , & i , " emstype " , " UserEntry " ) ;
LDAPMod * prevterm = mods [ i ] ;
mods [ i ] = NULL ;
// Add new object
retcode = ldap_add_ext_s ( m_ldap , user . distinguishedName . ascii ( ) , mods , NULL , NULL ) ;
// Clean up
mods [ i ] = prevterm ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
if ( mods [ i ] - > mod_type ! = NULL ) {
free ( mods [ i ] - > mod_type ) ;
}
if ( mods [ i ] - > mod_values ! = NULL ) {
int j = 0 ;
while ( mods [ i ] - > mod_values [ j ] ! = NULL ) {
free ( mods [ i ] - > mod_values [ j ] ) ;
j + + ;
}
free ( mods [ i ] - > mod_values ) ;
}
delete mods [ i ] ;
}
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP addition failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
else {
return updateUserInfo ( user ) ;
}
}
}
int LDAPManager : : addGroupInfo ( LDAPGroupInfo group ) {
int retcode ;
int i ;
LDAPGroupInfo groupinfo ;
if ( bind ( ) < 0 ) {
return - 1 ;
}
else {
// Create the base DN entry
int number_of_parameters = 6 ; // 6 primary attributes
LDAPMod * mods [ number_of_parameters + 1 ] ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
mods [ i ] = new LDAPMod ;
mods [ i ] - > mod_type = NULL ;
mods [ i ] - > mod_values = NULL ;
}
mods [ number_of_parameters ] = NULL ;
TQString placeholderGroup = " cn=placeholder, " + m_basedc ;
// Load initial required LDAP object attributes
i = 0 ;
create_single_attribute_operation ( mods , & i , " gidNumber " , TQString ( " %1 " ) . arg ( group . gid ) ) ;
create_multiple_attributes_operation ( mods , & i , " objectClass " , TQStringList : : split ( " " , " emsGroup groupOfNames posixGroup " ) ) ;
create_single_attribute_operation ( mods , & i , " cn " , group . name ) ;
create_multiple_attributes_operation ( mods , & i , " member " , TQStringList ( placeholderGroup ) ) ;
// Zivios specific
create_single_attribute_operation ( mods , & i , " emsdescription " , " None " ) ;
create_single_attribute_operation ( mods , & i , " emstype " , " GroupEntry " ) ;
LDAPMod * prevterm = mods [ i ] ;
mods [ i ] = NULL ;
// Add new object
retcode = ldap_add_ext_s ( m_ldap , group . distinguishedName . ascii ( ) , mods , NULL , NULL ) ;
// Clean up
mods [ i ] = prevterm ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
if ( mods [ i ] - > mod_type ! = NULL ) {
free ( mods [ i ] - > mod_type ) ;
}
if ( mods [ i ] - > mod_values ! = NULL ) {
int j = 0 ;
while ( mods [ i ] - > mod_values [ j ] ! = NULL ) {
free ( mods [ i ] - > mod_values [ j ] ) ;
j + + ;
}
free ( mods [ i ] - > mod_values ) ;
}
delete mods [ i ] ;
}
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP addition failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
else {
return updateGroupInfo ( group ) ;
}
}
}
int LDAPManager : : deleteUserInfo ( LDAPUserInfo user ) {
int retcode ;
LDAPUserInfo userinfo ;
if ( bind ( ) < 0 ) {
return - 1 ;
}
else {
// Delete the base DN entry
retcode = ldap_delete_ext_s ( m_ldap , user . distinguishedName . ascii ( ) , NULL , NULL ) ;
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP deletion failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
else {
return 0 ;
}
}
}
int LDAPManager : : deleteGroupInfo ( LDAPGroupInfo group ) {
int retcode ;
LDAPGroupInfo groupinfo ;
if ( bind ( ) < 0 ) {
return - 1 ;
}
else {
// Delete the base DN entry
retcode = ldap_delete_ext_s ( m_ldap , group . distinguishedName . ascii ( ) , NULL , NULL ) ;
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP deletion failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
else {
return 0 ;
}
}
}
int LDAPManager : : deleteMachineInfo ( LDAPMachineInfo machine ) {
int retcode ;
LDAPMachineInfo machineinfo ;
if ( bind ( ) < 0 ) {
return - 1 ;
}
else {
// Delete the base DN entry
retcode = ldap_delete_ext_s ( m_ldap , machine . distinguishedName . ascii ( ) , NULL , NULL ) ;
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP deletion failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
else {
return 0 ;
}
}
}
LDAPGroupInfo LDAPManager : : parseLDAPGroupRecord ( LDAPMessage * entry ) {
char * dn = NULL ;
char * attr ;
struct berval * * vals ;
BerElement * ber ;
int i ;
LDAPGroupInfo groupinfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
printf ( " Returned dn: %s \n " , dn ) ;
groupinfo . distinguishedName = dn ;
TQStringList dnParts = TQStringList : : split ( " , " , dn ) ;
TQString id = dnParts [ 0 ] ;
if ( id . startsWith ( " cn= " ) ) {
id = id . remove ( 0 , 3 ) ;
groupinfo . name = id ;
}
ldap_memfree ( dn ) ;
}
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
for ( i = 0 ; vals [ i ] ! = NULL ; i + + ) {
printf ( " [RAJA DEBUG 110.3] %s: %s \n \r " , attr , vals [ i ] - > bv_val ) ;
}
groupinfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
if ( ldap_field = = " creatorsName " ) {
groupinfo . creatorsName = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " member " ) {
TQStringList members ;
for ( i = 0 ; vals [ i ] ! = NULL ; i + + ) {
TQString userdn = vals [ i ] - > bv_val ;
if ( userdn . startsWith ( " cn=placeholder,dc= " ) ) {
continue ;
}
members . append ( userdn ) ;
}
groupinfo . userlist = members ;
}
else if ( ldap_field = = " gidNumber " ) {
groupinfo . gid = atoi ( vals [ i ] - > bv_val ) ;
}
else if ( ldap_field = = " tdeBuiltinAccount " ) {
groupinfo . tde_builtin_account = ( TQString ( vals [ i ] - > bv_val ) . upper ( ) = = " TRUE " ) ? true : false ;
}
ldap_value_free_len ( vals ) ;
}
ldap_memfree ( attr ) ;
}
if ( ber ! = NULL ) {
ber_free ( ber , 0 ) ;
}
printf ( " \n \r " ) ;
return groupinfo ;
}
LDAPMachineInfo LDAPManager : : parseLDAPMachineRecord ( LDAPMessage * entry ) {
char * dn = NULL ;
char * attr ;
struct berval * * vals ;
BerElement * ber ;
int i ;
LDAPMachineInfo machineinfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
printf ( " Returned dn: %s \n " , dn ) ;
machineinfo . distinguishedName = dn ;
TQStringList dnParts = TQStringList : : split ( " , " , dn ) ;
TQString id = dnParts [ 0 ] ;
if ( id . startsWith ( " krb5PrincipalName=host/ " ) ) {
id = id . remove ( 0 , 23 ) ;
id . replace ( " @ " + m_realm , " " ) ;
machineinfo . name = id ;
}
ldap_memfree ( dn ) ;
}
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
for ( i = 0 ; vals [ i ] ! = NULL ; i + + ) {
printf ( " [RAJA DEBUG 120.3] %s: %s \n \r " , attr , vals [ i ] - > bv_val ) ;
}
machineinfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
if ( ldap_field = = " creatorsName " ) {
machineinfo . creatorsName = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " tdeBuiltinAccount " ) {
machineinfo . tde_builtin_account = ( TQString ( vals [ i ] - > bv_val ) . upper ( ) = = " TRUE " ) ? true : false ;
}
else if ( ldap_field = = " krb5KDCFlags " ) {
machineinfo . status = ( LDAPKRB5Flags ) ( atoi ( vals [ i ] - > bv_val ) ) ;
}
ldap_value_free_len ( vals ) ;
}
ldap_memfree ( attr ) ;
}
if ( ber ! = NULL ) {
ber_free ( ber , 0 ) ;
}
printf ( " \n \r " ) ;
return machineinfo ;
}
LDAPGroupInfoList LDAPManager : : groups ( int * mretcode ) {
int retcode ;
LDAPGroupInfoList groups ;
printf ( " [RAJA DEBUG 110.0] In LDAPManager::groups() \n \r " ) ; fflush ( stdout ) ;
if ( bind ( ) < 0 ) {
if ( mretcode ) * mretcode = - 1 ;
return LDAPGroupInfoList ( ) ;
}
else {
printf ( " [RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK \n \r " ) ; fflush ( stdout ) ;
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = " (objectClass=posixGroup) " ;
retcode = ldap_search_ext_s ( m_ldap , ldap_base_dn . ascii ( ) , LDAP_SCOPE_SUBTREE , ldap_filter . ascii ( ) , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
if ( mretcode ) * mretcode = - 1 ;
return LDAPGroupInfoList ( ) ;
}
printf ( " [RAJA DEBUG 110.2] The number of entries returned was %d \n \n " , ldap_count_entries ( m_ldap , msg ) ) ;
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
// RAJA
groups . append ( parseLDAPGroupRecord ( entry ) ) ;
}
// clean up
ldap_msgfree ( msg ) ;
if ( mretcode ) * mretcode = 0 ;
return groups ;
}
return LDAPGroupInfoList ( ) ;
}
LDAPMachineInfoList LDAPManager : : machines ( int * mretcode ) {
int retcode ;
LDAPMachineInfoList machines ;
printf ( " [RAJA DEBUG 120.0] In LDAPManager::machines() \n \r " ) ; fflush ( stdout ) ;
if ( bind ( ) < 0 ) {
if ( mretcode ) * mretcode = - 1 ;
return LDAPMachineInfoList ( ) ;
}
else {
printf ( " [RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK \n \r " ) ; fflush ( stdout ) ;
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = " (&(objectClass=krb5Principal)(uid=host/*)) " ;
retcode = ldap_search_ext_s ( m_ldap , ldap_base_dn . ascii ( ) , LDAP_SCOPE_SUBTREE , ldap_filter . ascii ( ) , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
if ( mretcode ) * mretcode = - 1 ;
return LDAPMachineInfoList ( ) ;
}
printf ( " [RAJA DEBUG 120.2] The number of entries returned was %d \n \n " , ldap_count_entries ( m_ldap , msg ) ) ;
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
machines . append ( parseLDAPMachineRecord ( entry ) ) ;
}
// clean up
ldap_msgfree ( msg ) ;
if ( mretcode ) * mretcode = 0 ;
return machines ;
}
return LDAPMachineInfoList ( ) ;
}
int LDAPManager : : writeCertificateFileIntoDirectory ( TQByteArray cert , TQString attr , TQString * errstr ) {
int retcode ;
int i ;
if ( bind ( ) < 0 ) {
return - 1 ;
}
else {
// Assemble the LDAPMod structure
// We will replace any existing attributes with the new values
int number_of_parameters = 1 ; // 1 primary attribute
LDAPMod * mods [ number_of_parameters + 1 ] ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
mods [ i ] = new LDAPMod ;
mods [ i ] - > mod_type = NULL ;
mods [ i ] - > mod_values = NULL ;
}
mods [ number_of_parameters ] = NULL ;
// Load LDAP modification requests from provided data structure
i = 0 ;
add_single_binary_attribute_operation ( mods , & i , attr , cert ) ;
LDAPMod * prevterm = mods [ i ] ;
mods [ i ] = NULL ;
// Perform LDAP update
retcode = ldap_modify_ext_s ( m_ldap , TQString ( " cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1 " ) . arg ( m_basedc ) . ascii ( ) , mods , NULL , NULL ) ;
// Clean up
mods [ i ] = prevterm ;
for ( i = 0 ; i < number_of_parameters ; i + + ) {
if ( mods [ i ] - > mod_type ! = NULL ) {
free ( mods [ i ] - > mod_type ) ;
}
if ( mods [ i ] - > mod_values ! = NULL ) {
int j = 0 ;
while ( mods [ i ] - > mod_values [ j ] ! = NULL ) {
delete mods [ i ] - > mod_values [ j ] ;
j + + ;
}
free ( mods [ i ] - > mod_values ) ;
}
delete mods [ i ] ;
}
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>LDAP certificate upload failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP certificate upload failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
else {
return 0 ;
}
}
}
// Special method, used when creating a new Kerberos realm
int LDAPManager : : moveKerberosEntries ( TQString newSuffix , TQString * errstr ) {
int retcode ;
printf ( " [RAJA DEBUG 140.0] In LDAPManager::moveKerberosEntries() \n \r " ) ; fflush ( stdout ) ;
if ( bind ( errstr ) < 0 ) {
return - 1 ;
}
else {
printf ( " [RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK \n \r " ) ; fflush ( stdout ) ;
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = " (&(objectClass=krb5Principal)(!(objectClass=posixAccount))) " ;
retcode = ldap_search_ext_s ( m_ldap , ldap_base_dn . ascii ( ) , LDAP_SCOPE_SUBTREE , ldap_filter . ascii ( ) , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 1 ;
}
printf ( " [RAJA DEBUG 140.2] The number of entries returned was %d \n \n " , ldap_count_entries ( m_ldap , msg ) ) ;
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
char * dn = NULL ;
LDAPMachineInfo machineinfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
TQStringList dnParts = TQStringList : : split ( " , " , dn ) ;
TQString id = dnParts [ 0 ] ;
printf ( " [RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s " , dn , id . ascii ( ) , newSuffix . ascii ( ) ) ; fflush ( stdout ) ;
retcode = ldap_rename_s ( m_ldap , dn , id , newSuffix , 0 , NULL , NULL ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " LDAP rename failure<p>Reason: [%3] %4 " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
return - 1 ;
}
}
}
// clean up
ldap_msgfree ( msg ) ;
return 0 ;
}
return - 1 ;
}
void LDAPManager : : writeLDAPConfFile ( LDAPRealmConfig realmcfg ) {
KSimpleConfig * systemconfig ;
TQString m_defaultRealm ;
int m_ticketLifetime ;
int m_ldapVersion ;
int m_ldapTimeout ;
TQString m_bindPolicy ;
int m_ldapBindTimeout ;
TQString m_passwordHash ;
TQString m_ignoredUsers ;
systemconfig = new KSimpleConfig ( TQString : : fromLatin1 ( KDE_CONFDIR " /ldap/ldapconfigrc " ) ) ;
systemconfig - > setGroup ( NULL ) ;
m_defaultRealm = systemconfig - > readEntry ( " DefaultRealm " , TQString : : null ) ;
m_ticketLifetime = systemconfig - > readNumEntry ( " TicketLifetime " , 86400 ) ;
m_ldapVersion = systemconfig - > readNumEntry ( " ConnectionLDAPVersion " , 3 ) ;
m_ldapTimeout = systemconfig - > readNumEntry ( " ConnectionLDAPTimeout " , 2 ) ;
m_bindPolicy = systemconfig - > readEntry ( " ConnectionBindPolicy " , " soft " ) ;
m_ldapBindTimeout = systemconfig - > readNumEntry ( " ConnectionBindTimeout " , 2 ) ;
m_passwordHash = systemconfig - > readEntry ( " ConnectionPasswordHash " , " exop " ) ;
m_ignoredUsers = systemconfig - > readEntry ( " ConnectionIgnoredUsers " , DEFAULT_IGNORED_USERS_LIST ) ;
TQFile file ( LDAP_FILE ) ;
if ( file . open ( IO_WriteOnly ) ) {
TQTextStream stream ( & file ) ;
stream < < " # This file was automatically generated by TDE \n " ;
stream < < " # All changes will be lost! \n " ;
stream < < " \n " ;
if ( realmcfg . bonded ) {
stream < < " host " < < realmcfg . admin_server < < " \n " ;
TQStringList domainChunks = TQStringList : : split ( " . " , realmcfg . name . lower ( ) ) ;
stream < < " base dc= " < < domainChunks . join ( " ,dc= " ) < < " \n " ;
stream < < " ldap_version " < < m_ldapVersion < < " \n " ;
stream < < " timelimit " < < m_ldapTimeout < < " \n " ;
stream < < " bind_timelimit " < < m_ldapBindTimeout < < " \n " ;
stream < < " bind_policy " < < m_bindPolicy . lower ( ) < < " \n " ;
stream < < " pam_password " < < m_passwordHash . lower ( ) < < " \n " ;
stream < < " nss_initgroups_ignoreusers " < < m_ignoredUsers < < " \n " ;
stream < < " tls_cacert " < < KERBEROS_PKI_PUBLICDIR < < realmcfg . admin_server < < " .ldap.crt " < < " \n " ;
}
file . close ( ) ;
}
chmod ( LDAP_FILE , S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH ) ;
system ( TQString ( " ln -s %1 %2 " ) . arg ( LDAP_FILE ) . arg ( LDAP_SECONDARY_FILE ) . ascii ( ) ) ;
delete systemconfig ;
}
LDAPTDEBuiltinsInfo LDAPManager : : parseLDAPTDEBuiltinsRecord ( LDAPMessage * entry ) {
char * dn = NULL ;
char * attr ;
struct berval * * vals ;
BerElement * ber ;
int i ;
LDAPTDEBuiltinsInfo builtininfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
printf ( " Returned dn: %s \n " , dn ) ;
ldap_memfree ( dn ) ;
}
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
for ( i = 0 ; vals [ i ] ! = NULL ; i + + ) {
printf ( " [RAJA DEBUG 160.3] %s: %s \n \r " , attr , vals [ i ] - > bv_val ) ;
}
builtininfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
if ( ldap_field = = " builtinRealmAdminAccount " ) {
builtininfo . builtinRealmAdminAccount = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " builtinRealmAdminGroup " ) {
builtininfo . builtinRealmAdminGroup = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " builtinMachineAdminGroup " ) {
builtininfo . builtinMachineAdminGroup = vals [ i ] - > bv_val ;
}
else if ( ldap_field = = " builtinStandardUserGroup " ) {
builtininfo . builtinStandardUserGroup = vals [ i ] - > bv_val ;
}
ldap_value_free_len ( vals ) ;
}
ldap_memfree ( attr ) ;
}
if ( ber ! = NULL ) {
ber_free ( ber , 0 ) ;
}
printf ( " \n \r " ) ;
return builtininfo ;
}
LDAPTDEBuiltinsInfo LDAPManager : : getTDEBuiltinMappings ( TQString * errstr ) {
int retcode ;
LDAPTDEBuiltinsInfo builtininfo ;
TQString dn = TQString ( " cn=builtin mappings,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1 " ) . arg ( m_basedc ) ;
if ( bind ( errstr ) < 0 ) {
return LDAPTDEBuiltinsInfo ( ) ;
}
else {
LDAPMessage * msg ;
retcode = ldap_search_ext_s ( m_ldap , dn . ascii ( ) , LDAP_SCOPE_SUBTREE , NULL , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return LDAPTDEBuiltinsInfo ( ) ;
}
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
builtininfo = parseLDAPTDEBuiltinsRecord ( entry ) ;
}
// clean up
ldap_msgfree ( msg ) ;
return builtininfo ;
}
return LDAPTDEBuiltinsInfo ( ) ;
}
int LDAPManager : : getTDECertificate ( TQString certificateName , TQString fileName , TQString * errstr ) {
int retcode ;
int returncode ;
LDAPTDEBuiltinsInfo builtininfo ;
TQString dn = TQString ( " cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1 " ) . arg ( m_basedc ) ;
if ( bind ( errstr ) < 0 ) {
return - 1 ;
}
else {
LDAPMessage * msg ;
retcode = ldap_search_ext_s ( m_ldap , dn . ascii ( ) , LDAP_SCOPE_SUBTREE , NULL , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 1 ;
}
returncode = - 2 ;
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
char * attr ;
struct berval * * vals ;
BerElement * ber ;
int i ;
LDAPTDEBuiltinsInfo builtininfo ;
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
builtininfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
if ( ldap_field = = certificateName ) {
TQFile file ( fileName ) ;
if ( file . open ( IO_WriteOnly ) ) {
TQByteArray ba ;
ba . duplicate ( vals [ i ] - > bv_val , vals [ i ] - > bv_len ) ;
file . writeBlock ( ba ) ;
returncode = 0 ;
}
}
ldap_value_free_len ( vals ) ;
}
ldap_memfree ( attr ) ;
}
if ( ber ! = NULL ) {
ber_free ( ber , 0 ) ;
}
}
// clean up
ldap_msgfree ( msg ) ;
return returncode ;
}
return - 1 ;
}
int LDAPManager : : writeSudoersConfFile ( TQString * errstr ) {
LDAPTDEBuiltinsInfo tdebuiltins = getTDEBuiltinMappings ( errstr ) ;
if ( ! tdebuiltins . informationValid ) {
if ( errstr ) * errstr = i18n ( " Unable to read builtin TDE user/group mappings " ) ;
return - 1 ;
}
TQString localadmingroup = tdebuiltins . builtinMachineAdminGroup ;
int eqpos = localadmingroup . find ( " = " ) + 1 ;
int cmpos = localadmingroup . find ( " , " , eqpos ) ;
localadmingroup . truncate ( cmpos ) ;
localadmingroup . remove ( 0 , eqpos ) ;
TQFile file ( TDELDAP_SUDO_D_FILE ) ;
if ( file . open ( IO_WriteOnly ) ) {
TQTextStream stream ( & file ) ;
stream < < " # This file was automatically generated by TDE \n " ;
stream < < " # All changes will be lost! \n " ;
stream < < " \n " ;
stream < < " # Realm local machine administrators \n " ;
stream < < " % " < < localadmingroup < < " ALL=NOPASSWD: ALL " < < " \n " ;
file . close ( ) ;
}
chown ( TDELDAP_SUDO_D_FILE , 0 , 0 ) ;
chmod ( TDELDAP_SUDO_D_FILE , S_IRUSR | S_IRGRP ) ;
return 0 ;
}
void LDAPManager : : writeCronFiles ( ) {
TQFile file ( CRON_UPDATE_NSS_FILE ) ;
if ( file . open ( IO_WriteOnly ) ) {
TQTextStream stream ( & file ) ;
stream < < " # This file was automatically generated by TDE \n " ;
stream < < " # All changes will be lost! \n " ;
stream < < " \n " ;
stream < < " #!/bin/sh " < < " \n " ;
stream < < CRON_UPDATE_NSS_COMMAND < < " \n " ;
file . close ( ) ;
}
system ( CRON_UPDATE_NSS_COMMAND ) ;
}
void LDAPManager : : writeTDERealmList ( LDAPRealmConfigList realms , KSimpleConfig * config ) {
LDAPRealmConfigList : : Iterator it ;
for ( it = realms . begin ( ) ; it ! = realms . end ( ) ; + + it ) {
LDAPRealmConfig realmcfg = it . data ( ) ;
TQString configRealmName = realmcfg . name ;
configRealmName . prepend ( " LDAPRealm- " ) ;
config - > setGroup ( configRealmName ) ;
// Save realm settings
config - > writeEntry ( " bonded " , realmcfg . bonded ) ;
config - > writeEntry ( " uid_offset " , realmcfg . uid_offset ) ;
config - > writeEntry ( " gid_offset " , realmcfg . gid_offset ) ;
config - > writeEntry ( " domain_mappings " , realmcfg . domain_mappings ) ;
config - > writeEntry ( " kdc " , realmcfg . kdc ) ;
config - > writeEntry ( " kdc_port " , realmcfg . kdc_port ) ;
config - > writeEntry ( " admin_server " , realmcfg . admin_server ) ;
config - > writeEntry ( " admin_server_port " , realmcfg . admin_server_port ) ;
config - > writeEntry ( " pkinit_require_eku " , realmcfg . pkinit_require_eku ) ;
config - > writeEntry ( " pkinit_require_krbtgt_otherName " , realmcfg . pkinit_require_krbtgt_otherName ) ;
config - > writeEntry ( " win2k_pkinit " , realmcfg . win2k_pkinit ) ;
config - > writeEntry ( " win2k_pkinit_require_binding " , realmcfg . win2k_pkinit_require_binding ) ;
}
// Delete any realms that do not exist in the realms database
TQStringList cfgRealms = config - > groupList ( ) ;
for ( TQStringList : : Iterator it ( cfgRealms . begin ( ) ) ; it ! = cfgRealms . end ( ) ; + + it ) {
if ( ( * it ) . startsWith ( " LDAPRealm- " ) ) {
config - > setGroup ( * it ) ;
TQString realmName = * it ;
realmName . remove ( 0 , strlen ( " LDAPRealm- " ) ) ;
if ( ! realms . contains ( realmName ) ) {
config - > deleteGroup ( * it ) ;
}
}
}
}
TQString LDAPManager : : getMachineFQDN ( ) {
struct addrinfo hints , * info , * p ;
int gai_result ;
char hostname [ 1024 ] ;
hostname [ 1023 ] = ' \0 ' ;
gethostname ( hostname , 1023 ) ;
memset ( & hints , 0 , sizeof hints ) ;
hints . ai_family = AF_UNSPEC ; // IPV4 or IPV6
hints . ai_socktype = SOCK_STREAM ;
hints . ai_flags = AI_CANONNAME ;
if ( ( gai_result = getaddrinfo ( hostname , NULL , & hints , & info ) ) ! = 0 ) {
return TQString ( hostname ) ;
}
TQString fqdn = TQString ( hostname ) ;
for ( p = info ; p ! = NULL ; p = p - > ai_next ) {
fqdn = TQString ( p - > ai_canonname ) ;
}
freeaddrinfo ( info ) ;
return fqdn ;
}
// ===============================================================================================================
//
// DATA CLASS CONSTRUCTORS AND DESTRUCTORS
//
// ===============================================================================================================
LDAPCredentials : : LDAPCredentials ( ) {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
use_tls = true ;
}
LDAPCredentials : : ~ LDAPCredentials ( ) {
//
}
LDAPUserInfo : : LDAPUserInfo ( ) {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
informationValid = false ;
uid = - 1 ;
primary_gid = - 1 ;
tde_builtin_account = false ;
status = ( LDAPKRB5Flags ) 0 ;
account_created = TQDateTime : : fromString ( " 1970-01-01T00:00:00 " , TQt : : ISODate ) ;
account_modified = TQDateTime : : fromString ( " 1970-01-01T00:00:00 " , TQt : : ISODate ) ;
password_last_changed = TQDateTime : : fromString ( " 1970-01-01T00:00:00 " , TQt : : ISODate ) ;
password_expires = false ;
password_expiration = TQDateTime : : fromString ( " 1970-01-01T00:00:00 " , TQt : : ISODate ) ;
password_ages = false ;
new_password_interval = - 1 ;
new_password_warn_interval = - 1 ;
new_password_lockout_delay = - 1 ;
password_has_minimum_age = false ;
password_minimum_age = - 1 ;
maximum_ticket_lifetime = - 1 ;
}
LDAPUserInfo : : ~ LDAPUserInfo ( ) {
//
}
LDAPGroupInfo : : LDAPGroupInfo ( ) {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
informationValid = false ;
gid = - 1 ;
tde_builtin_account = false ;
}
LDAPGroupInfo : : ~ LDAPGroupInfo ( ) {
//
}
LDAPMachineInfo : : LDAPMachineInfo ( ) {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
informationValid = false ;
tde_builtin_account = false ;
status = ( LDAPKRB5Flags ) 0 ;
}
LDAPMachineInfo : : ~ LDAPMachineInfo ( ) {
//
}
LDAPTDEBuiltinsInfo : : LDAPTDEBuiltinsInfo ( ) {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
informationValid = false ;
}
LDAPTDEBuiltinsInfo : : ~ LDAPTDEBuiltinsInfo ( ) {
//
}
# include "libtdeldap.moc"