Convert machine add to kadmin API

pull/1/head
Timothy Pearson 9 years ago
parent 3d6055df7b
commit 0fbc17ac57

@ -46,34 +46,15 @@
#include <sys/time.h>
#include <errno.h>
#if 0
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/socket.h>
#include <sys/un.h>
extern "C" {
#include <hdb.h>
#include <kadm5/admin.h>
#include <kadm5/private.h>
#include <kadm5/kadm5-private.h>
#else
#include <kadm5/admin.h>
extern "C" {
// The following declaration was taken from hdb-protos.h
const char *
hdb_db_dir (krb5_context /*context*/);
// The following declaration was taken from kadm5-private.h
kadm5_ret_t
kadm5_s_init_with_password_ctx (
krb5_context /*context*/,
const char */*client_name*/,
const char */*password*/,
const char */*service_name*/,
kadm5_config_params */*realm_params*/,
unsigned long /*struct_version*/,
unsigned long /*api_version*/,
void **/*server_handle*/);
}
#endif
}
#include "libtdeldap.h"
#include "ldaplogindlg.h"
@ -90,6 +71,9 @@
// This assumes Debian!
#define KRB5_FILE "/etc/krb5.conf"
//#define KRB5_ANK_RANDOM_PASSWORD_LENGTH 1024
#define KRB5_ANK_RANDOM_PASSWORD_LENGTH 512
#define NSSWITCH_FILE "/etc/nsswitch.conf"
#define PAMD_DIRECTORY "/etc/pam.d/"
@ -137,6 +121,19 @@ bool fileExists(const char* filename) {
}
}
static kadm5_ret_t kadm5_get_default_principal_info(krb5_context context, void* handle, krb5_principal princ, kadm5_principal_ent_t def) {
kadm5_ret_t ret;
krb5_principal def_principal;
krb5_const_realm realm = krb5_principal_get_realm(context, princ);
ret = krb5_make_principal(context, &def_principal, realm, "default", NULL);
if (ret) {
return ret;
}
ret = kadm5_get_principal(handle, def_principal, def, KADM5_PRINCIPAL_NORMAL_MASK);
krb5_free_principal(context, def_principal);
return ret;
}
LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(0), m_ldap(0), m_krb5admHandle(0), m_krb5admKeytabFilename(0), m_krb5admRealmName(0)
{
TQStringList domainChunks = TQStringList::split(".", realm.lower());
@ -196,9 +193,24 @@ TQString LDAPManager::realm() {
return m_realm;
}
LDAPCredentials LDAPManager::currentLDAPCredentials() {
LDAPCredentials LDAPManager::currentLDAPCredentials(bool inferGSSAPIData) {
if (m_creds) {
return *m_creds;
if (inferGSSAPIData) {
LDAPCredentials credentials = *m_creds;
if ((credentials.username == "") && (credentials.password == "")) {
// Probably GSSAPI
// Get active ticket principal...
KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
credentials.username = principalParts[0];
credentials.realm = principalParts[1];
credentials.use_gssapi = true;
}
return credentials;
}
else {
return *m_creds;
}
}
else {
return LDAPCredentials();
@ -346,8 +358,9 @@ int LDAPManager::bind(TQString* errstr) {
return -1;
}
struct berval anoncred;
anoncred.bv_val = "";
anoncred.bv_len = strlen("");
TQCString anonpass = "";
anoncred.bv_val = anonpass.data();
anoncred.bv_len = anonpass.length();
retcode = ldap_sasl_bind_s(ldapconn, "", mechanism, &anoncred, NULL, NULL, NULL);
if (retcode == LDAP_SUCCESS ) {
// Look for the DN for the specified user
@ -372,7 +385,7 @@ int LDAPManager::bind(TQString* errstr) {
}
// clean up
ldap_msgfree(msg);
// All done!
ldap_unbind_ext_s(ldapconn, NULL, NULL);
}
@ -727,10 +740,10 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
users.append(parseLDAPUserRecord(entry));
}
// clean up
ldap_msgfree(msg);
if (mretcode) *mretcode = 0;
return users;
}
@ -743,7 +756,7 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
LDAPControl* pageControl = NULL;
LDAPControl* serverControls[2] = { NULL, NULL };
LDAPControl** returnedControls = NULL;
do {
retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl);
if (retcode != LDAP_SUCCESS) {
@ -791,7 +804,7 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
else {
morePages = false;
}
if (returnedControls != NULL) {
ldap_controls_free(returnedControls);
returnedControls = NULL;
@ -799,17 +812,17 @@ LDAPUserInfoList LDAPManager::users(int* mretcode, TQString *errstr) {
serverControls[0] = NULL;
ldap_control_free(pageControl);
pageControl = NULL;
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
users.append(parseLDAPUserRecord(entry));
}
// clean up
ldap_msgfree(msg);
} while (morePages);
if (mretcode) *mretcode = 0;
return users;
}
@ -838,7 +851,7 @@ LDAPUserInfo LDAPManager::getUserByDistinguishedName(TQString dn) {
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
userinfo = parseLDAPUserRecord(entry);
}
// clean up
ldap_msgfree(msg);
@ -869,7 +882,7 @@ LDAPGroupInfo LDAPManager::getGroupByDistinguishedName(TQString dn, TQString *er
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
groupinfo = parseLDAPGroupRecord(entry);
}
// clean up
ldap_msgfree(msg);
@ -1127,7 +1140,7 @@ TQString LDAPManager::readFullLineFromPtyProcess(PtyProcess* proc) {
return result;
}
int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) {
int LDAPManager::bindKAdmin(TQString *errstr) {
int retcode = 1;
kadm5_ret_t krb5adm_ret;
@ -1186,7 +1199,7 @@ int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) {
krb5adm_ret = krb5_init_context(&m_krb5admContext);
if (krb5adm_ret) {
if (errstr) *errstr = TQString("%1<p>Details:<br>Failed to execute kadm5_init_krb5_context (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_init_krb5_context (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
else {
if (use_local_socket) {
@ -1205,7 +1218,7 @@ int LDAPManager::bindKAdmin(LDAPUserInfo user, TQString *errstr) {
if (krb5adm_ret) {
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_prepend_config_files_default (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
krb5adm_ret = krb5_set_config_files(m_krb5admContext, files);
krb5_free_config_files(files);
if(krb5adm_ret) {
@ -1278,7 +1291,7 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
int retcode;
kadm5_ret_t krb5adm_ret;
retcode = bindKAdmin(user, errstr);
retcode = bindKAdmin(errstr);
if (retcode == 0) {
retcode = 1;
krb5_principal user_kadm5_principal;
@ -1301,6 +1314,7 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
}
unbindKAdmin();
unbind(true); // Using kadmin can disrupt our LDAP connection
}
return retcode;
@ -1833,6 +1847,147 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
return -1;
}
else {
int retcode;
kadm5_ret_t krb5adm_ret;
int i;
char* password = NULL;
retcode = bindKAdmin(errstr);
if (retcode == 0) {
retcode = 1;
bool generate_password;
if (machine.newPassword == "") {
generate_password = true;
}
else {
generate_password = false;
password = strdup(machine.newPassword.data());
}
LDAPCredentials admincreds = currentLDAPCredentials(true);
TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower();
// Construct and add new principal record
kadm5_principal_ent_rec principal_record;
kadm5_principal_ent_rec default_record;
kadm5_principal_ent_rec *default_entry = NULL;
krb5_principal principal_entry = NULL;
int mask = 0;
memset(&principal_record, 0, sizeof(principal_record));
krb5adm_ret = krb5_parse_name(m_krb5admContext, hoststring.ascii(), &principal_entry);
if (krb5adm_ret) {
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_parse_name (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
principal_record.principal = principal_entry;
mask |= KADM5_PRINCIPAL;
default_entry = &default_record;
krb5adm_ret = kadm5_get_default_principal_info(m_krb5admContext, m_krb5admHandle, principal_entry, default_entry);
if (krb5adm_ret) {
default_entry = NULL;
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_get_default_principal_info (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
else {
// Use defaults
principal_record.max_life = default_entry->max_life;
principal_record.max_renewable_life = default_entry->max_renewable_life;
principal_record.princ_expire_time = default_entry->princ_expire_time;
principal_record.pw_expiration = default_entry->pw_expiration;
principal_record.attributes = default_entry->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX;
principal_record.policy = strdup(default_entry->policy);
if (generate_password) {
const char charset[] =
"@$%&*()-+=:,/<>?0123456789"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz";
const size_t max_index = (sizeof(charset) - 2);
TQFile randomNode("/dev/urandom");
if (randomNode.open(IO_ReadOnly)) {
password = (char*)malloc(sizeof(char) * KRB5_ANK_RANDOM_PASSWORD_LENGTH);
if (password) {
if (randomNode.readBlock(password, KRB5_ANK_RANDOM_PASSWORD_LENGTH) < KRB5_ANK_RANDOM_PASSWORD_LENGTH) {
free(password);
password = NULL;
}
else {
for (i = 0; i < KRB5_ANK_RANDOM_PASSWORD_LENGTH - 1; i++) {
while ((unsigned char)password[i] > max_index) {
password[i] -= max_index;
}
password[i] = charset[(int)password[i]];
}
password[i] = 0;
}
}
randomNode.close();
}
if (password) {
principal_record.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
mask |= KADM5_ATTRIBUTES;
}
else {
if (errstr) *errstr = i18n("Unable to generate random password");
}
}
if (password) {
krb5adm_ret = kadm5_create_principal(m_krb5admHandle, &principal_record, mask, password);
if (krb5adm_ret) {
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_create_principal (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
else {
if (generate_password) {
krb5_keyblock *new_keys;
int key_count;
krb5adm_ret = kadm5_randkey_principal(m_krb5admHandle, principal_entry, &new_keys, &key_count);
if (krb5adm_ret) {
key_count = 0;
}
for (i = 0; i < key_count; i++) {
krb5_free_keyblock_contents(m_krb5admContext, &new_keys[i]);
}
if (key_count > 0) {
free(new_keys);
}
kadm5_get_principal(m_krb5admHandle, principal_entry, &principal_record, KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
krb5_free_principal(m_krb5admContext, principal_entry);
principal_entry = principal_record.principal;
principal_record.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
principal_record.kvno = 1;
krb5adm_ret = kadm5_modify_principal(m_krb5admHandle, &principal_record, KADM5_ATTRIBUTES | KADM5_KVNO);
if (krb5adm_ret) {
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute kadm5_modify_principal (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
}
else {
retcode = 0;
}
}
else {
retcode = 0;
}
}
}
}
kadm5_free_principal_ent(m_krb5admHandle, &principal_record);
if (default_entry) {
kadm5_free_principal_ent(m_krb5admHandle, default_entry);
}
if (password) {
free(password);
}
unbindKAdmin();
unbind(true); // Using kadmin can disrupt our LDAP connection
}
return retcode;
#if 0
// Use Kerberos kadmin to actually add the machine
LDAPCredentials admincreds = currentLDAPCredentials();
if ((admincreds.username == "") && (admincreds.password == "")) {
@ -1844,7 +1999,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
admincreds.realm = principalParts[1];
admincreds.use_gssapi = true;
}
TQCString command = "kadmin";
QCStringList args;
if (m_host.startsWith("ldapi://")) {
@ -1950,6 +2105,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
return 1; // Failure
#endif
}
}
@ -1970,7 +2126,7 @@ int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
admincreds.realm = principalParts[1];
admincreds.use_gssapi = true;
}
TQCString command = "kadmin";
QCStringList args;
if (m_host.startsWith("ldapi://")) {
@ -2370,10 +2526,10 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
groups.append(parseLDAPGroupRecord(entry));
}
// clean up
ldap_msgfree(msg);
if (mretcode) *mretcode = 0;
return groups;
}
@ -2386,7 +2542,7 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
LDAPControl* pageControl = NULL;
LDAPControl* serverControls[2] = { NULL, NULL };
LDAPControl** returnedControls = NULL;
do {
retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl);
if (retcode != LDAP_SUCCESS) {
@ -2434,7 +2590,7 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
else {
morePages = false;
}
if (returnedControls != NULL) {
ldap_controls_free(returnedControls);
returnedControls = NULL;
@ -2442,17 +2598,17 @@ LDAPGroupInfoList LDAPManager::groups(int* mretcode, TQString *errstr) {
serverControls[0] = NULL;
ldap_control_free(pageControl);
pageControl = NULL;
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
groups.append(parseLDAPGroupRecord(entry));
}
// clean up
ldap_msgfree(msg);
} while (morePages);
if (mretcode) *mretcode = 0;
return groups;
}
@ -2491,10 +2647,10 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
machines.append(parseLDAPMachineRecord(entry));
}
// clean up
ldap_msgfree(msg);
if (mretcode) *mretcode = 0;
return machines;
}
@ -2507,7 +2663,7 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
LDAPControl* pageControl = NULL;
LDAPControl* serverControls[2] = { NULL, NULL };
LDAPControl** returnedControls = NULL;
do {
retcode = ldap_create_page_control(m_ldap, pageSize, &cookie, pagingCriticality, &pageControl);
if (retcode != LDAP_SUCCESS) {
@ -2555,7 +2711,7 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
else {
morePages = false;
}
if (returnedControls != NULL) {
ldap_controls_free(returnedControls);
returnedControls = NULL;
@ -2563,17 +2719,17 @@ LDAPMachineInfoList LDAPManager::machines(int* mretcode, TQString *errstr) {
serverControls[0] = NULL;
ldap_control_free(pageControl);
pageControl = NULL;
// Iterate through the returned entries
LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
machines.append(parseLDAPMachineRecord(entry));
}
// clean up
ldap_msgfree(msg);
} while (morePages);
if (mretcode) *mretcode = 0;
return machines;
}
@ -2678,7 +2834,7 @@ int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName,
admincreds.realm = principalParts[1];
admincreds.use_gssapi = true;
}
TQCString command = "kadmin";
QCStringList args;
if (m_host.startsWith("ldapi://")) {
@ -3498,7 +3654,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
// Load LDAP modification requests from provided data structure
i=0;
TQStringList serverMappingList;
@ -3509,13 +3665,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
add_multiple_attributes_operation(mods, &i, "olcServerID", serverMappingList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, "cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
if (retcode == LDAP_NO_SUCH_ATTRIBUTE) {
// Add new object instead
// Assemble the LDAPMod structure
@ -3523,7 +3679,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
// Load LDAP modification requests from provided data structure
i=0;
TQStringList serverMappingList;
@ -3534,14 +3690,14 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
create_multiple_attributes_operation(mods, &i, "olcServerID", serverMappingList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Perform LDAP update
retcode = ldap_add_ext_s(m_ldap, "cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
}
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
@ -3554,16 +3710,16 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
// Load LDAP delete request
i=0;
delete_single_attribute_operation(mods, &i, "olcServerID");
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, "cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
@ -3679,20 +3835,20 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 2; // 2 primary attributes
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
// Load LDAP delete request
i=0;
delete_single_attribute_operation(mods, &i, "olcSyncRepl");
delete_single_attribute_operation(mods, &i, "olcMirrorMode");
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={1}hdb,cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) {
if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
@ -3706,20 +3862,20 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
int number_of_parameters = 2; // 2 primary attributes
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
// Load LDAP delete request
i=0;
delete_single_attribute_operation(mods, &i, "olcSyncRepl");
delete_single_attribute_operation(mods, &i, "olcMirrorMode");
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Perform LDAP update
retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={0}config,cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) {
if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
@ -3758,7 +3914,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
haveOlcOverlaySyncProv = true;
}
}
// clean up
ldap_msgfree(msg);
@ -3776,13 +3932,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Add new object
retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
if (retcode != LDAP_SUCCESS) {
if (errstr) {
*errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
@ -3808,7 +3964,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
haveOlcOverlaySyncProv = true;
}
}
// clean up
ldap_msgfree(msg);
@ -3826,13 +3982,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Add new object
retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
if (retcode != LDAP_SUCCESS) {
if (errstr) {
*errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
@ -4623,16 +4779,16 @@ int LDAPManager::generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQStri
TQString LDAPManager::getMachineFQDN() {
struct addrinfo hints, *info, *p;
int gai_result;
char hostname[1024];
hostname[1023] = '\0';
gethostname(hostname, 1023);
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC; // IPV4 or IPV6
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_CANONNAME;
if ((gai_result = getaddrinfo(hostname, NULL, &hints, &info)) != 0) {
return TQString(hostname);
}
@ -4976,7 +5132,7 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQStrin
int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUserInfo user, TQString opensslConfigFile, TQString caRootKeyFile, TQString caRootCertFile, TQString caRootDatabaseFile, TQString autoLoginPIN, TQString *errstr) {
TQString ca_public_crl_certfile = KERBEROS_PKI_PUBLICDIR + realmcfg.admin_server + ".ldap.crl";
TQString crl_url;
crl_url = TQString("URI:file://%1,URI:file://%2").arg(KERBEROS_PKI_CRL_FILE).arg(ca_public_crl_certfile);
if (caRootKeyFile == "") {

@ -521,7 +521,7 @@ class LDAPManager : public TQObject {
int exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr=0);
LDAPCredentials currentLDAPCredentials();
LDAPCredentials currentLDAPCredentials(bool inferGSSAPIData=false);
int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
int writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr=0);
@ -589,7 +589,7 @@ class LDAPManager : public TQObject {
static int unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr=0);
private:
int bindKAdmin(LDAPUserInfo user, TQString *errstr=0);
int bindKAdmin(TQString *errstr=0);
int unbindKAdmin(TQString *errstr=0);
LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);

Loading…
Cancel
Save