@ -149,7 +149,6 @@ int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void*
}
int LDAPManager : : bind ( TQString * errstr ) {
printf ( " [RAJA DEBUG 600.0] In LDAPManager::bind(%p) \n \r " , errstr ) ; fflush ( stdout ) ;
if ( m_ldap ) {
return 0 ;
}
@ -166,7 +165,6 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
havepass = true ;
}
else {
printf ( " [RAJA DEBUG 660.1] \n \r " ) ; fflush ( stdout ) ;
LDAPPasswordDialog passdlg ( 0 , 0 , ( m_krbTickets . count ( ) > 0 ) ) ;
passdlg . m_base - > ldapAdminRealm - > setEnabled ( false ) ;
passdlg . m_base - > ldapAdminRealm - > insertItem ( m_realm ) ;
@ -209,7 +207,6 @@ printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
uri = TQString ( " ldap://%1:%2 " ) . arg ( m_host ) . arg ( m_port ) ;
}
}
printf ( " [RAJA DEBUG 600.1] URI: %s \n \r " , uri . ascii ( ) ) ; fflush ( stdout ) ;
int retcode = ldap_initialize ( & m_ldap , uri . ascii ( ) ) ;
if ( retcode < 0 ) {
@ -223,7 +220,6 @@ printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout);
else KMessageBox : : error ( 0 , i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) . arg ( ldapLikelyErrorCause ( retcode , ERRORCAUSE_LOCATION_BIND ) ) , i18n ( " Unable to connect to server! " ) ) ;
return - 1 ;
}
printf ( " [RAJA DEBUG 660.0] \n \r " ) ; fflush ( stdout ) ;
TQString errorString ;
if ( havepass = = true ) {
@ -233,7 +229,6 @@ printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
TQCString pass = m_creds - > password ;
cred . bv_val = pass . data ( ) ;
cred . bv_len = pass . length ( ) ;
printf ( " [RAJA DEBUG 660.2] \n \r " ) ; fflush ( stdout ) ;
if ( ( ! using_ldapi & & ! using_gssapi ) ) {
if ( ! ldap_dn . contains ( " , " ) ) {
// Look for a POSIX account with anonymous bind and the specified account name
@ -304,7 +299,6 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
else {
retcode = ldap_sasl_bind_s ( m_ldap , ldap_dn . ascii ( ) , mechanism , & cred , NULL , NULL , NULL ) ;
}
printf ( " [RAJA DEBUG 600.2] ldap_dn: %s \n \r " , ldap_dn . ascii ( ) ) ; fflush ( stdout ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4%5</qt> " ) . arg ( m_host ) . arg ( m_port ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) . arg ( ldapLikelyErrorCause ( retcode , ERRORCAUSE_LOCATION_BIND ) ) ;
@ -322,7 +316,6 @@ printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout);
}
int LDAPManager : : unbind ( bool force , TQString * errstr ) {
printf ( " [RAJA DEBUG 601.0] In LDAPManager::unbind() \n \r " ) ; fflush ( stdout ) ;
if ( ! m_ldap ) {
return 0 ;
}
@ -349,7 +342,6 @@ LDAPUserInfo LDAPManager::parseLDAPUserRecord(LDAPMessage* entry) {
LDAPUserInfo userinfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
printf ( " Returned dn: %s \n " , dn ) ;
userinfo . distinguishedName = dn ;
TQStringList dnParts = TQStringList : : split ( " , " , dn ) ;
TQString id = dnParts [ 0 ] ;
@ -362,7 +354,6 @@ LDAPUserInfo LDAPManager::parseLDAPUserRecord(LDAPMessage* entry) {
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
printf ( " [RAJA DEBUG 100.3] %s: %s \n \r " , attr , vals [ i ] - > bv_val ) ;
userinfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
@ -564,22 +555,18 @@ printf("[RAJA DEBUG 100.3] %s: %s\n\r", attr, vals[i]->bv_val);
ber_free ( ber , 0 ) ;
}
printf ( " \n \r " ) ;
return userinfo ;
}
LDAPUserInfoList LDAPManager : : users ( int * mretcode ) {
int retcode ;
LDAPUserInfoList users ;
printf ( " [RAJA DEBUG 100.0] In LDAPManager::users() \n \r " ) ; fflush ( stdout ) ;
if ( bind ( ) < 0 ) {
if ( mretcode ) * mretcode = - 1 ;
return LDAPUserInfoList ( ) ;
}
else {
printf ( " [RAJA DEBUG 100.1] In LDAPManager::users() bind was OK \n \r " ) ; fflush ( stdout ) ;
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = " (objectClass=posixAccount) " ;
@ -590,8 +577,6 @@ printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(std
return LDAPUserInfoList ( ) ;
}
printf ( " [RAJA DEBUG 100.2] The number of entries returned was %d \n \n " , ldap_count_entries ( m_ldap , msg ) ) ;
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
@ -865,14 +850,14 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
}
LDAPCredentials admincreds = currentLDAPCredentials ( ) ;
// RAJA FIXME
// How to handle GSSAPI auth?
// We can't really at this point
// GSSAPI and friends ONLY WORK if 'kinit -S kadmin/admin' was run after the inital TGT was granted
// What we need is a proper ticket management system
// Also, why doesn't 'kgetcred kadmin/admin' work?
// For now, let's just prompt for the password if admincreds.password == ""
if ( ( admincreds . username = = " " ) & & ( admincreds . password = = " " ) ) {
// Probably GSSAPI
// Get active ticket principal...
KerberosTicketInfoList tickets = LDAPManager : : getKerberosTicketList ( ) ;
TQStringList principalParts = TQStringList : : split ( " @ " , tickets [ 0 ] . cachePrincipal , false ) ;
admincreds . username = principalParts [ 0 ] ;
admincreds . realm = principalParts [ 1 ] ;
}
TQCString command = " kadmin " ;
QCStringList args ;
@ -880,7 +865,12 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
args < < TQCString ( " -l " ) < < TQCString ( " -r " ) < < TQCString ( admincreds . realm . upper ( ) ) ;
}
else {
args < < TQCString ( " -p " ) < < TQCString ( admincreds . username . lower ( ) + " @ " + ( admincreds . realm . upper ( ) ) ) < < TQCString ( " -r " ) < < TQCString ( admincreds . realm . upper ( ) ) ;
if ( admincreds . username = = " " ) {
args < < TQCString ( " -r " ) < < TQCString ( admincreds . realm . upper ( ) ) ;
}
else {
args < < TQCString ( " -p " ) < < TQCString ( admincreds . username . lower ( ) + " @ " + ( admincreds . realm . upper ( ) ) ) < < TQCString ( " -r " ) < < TQCString ( admincreds . realm . upper ( ) ) ;
}
}
TQString prompt ;
@ -905,10 +895,19 @@ int LDAPManager::setPasswordForUser(LDAPUserInfo user, TQString *errstr) {
prompt = prompt . stripWhiteSpace ( ) ;
}
if ( prompt . endsWith ( " Password: " ) ) {
kadminProc . writeLine ( admincreds . password , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = kadminProc . readLine ( true ) ;
prompt = prompt . stripWhiteSpace ( ) ;
if ( admincreds . password = = " " ) {
TQCString password ;
int result = KPasswordDialog : : getPassword ( password , prompt ) ;
if ( result = = KPasswordDialog : : Accepted ) {
admincreds . password = password ;
}
}
if ( admincreds . password ! = " " ) {
kadminProc . writeLine ( admincreds . password , true ) ;
prompt = kadminProc . readLine ( true ) ; // Discard our own input
prompt = kadminProc . readLine ( true ) ;
prompt = prompt . stripWhiteSpace ( ) ;
}
}
if ( prompt ! = " kadmin> " ) {
if ( errstr ) * errstr = prompt ;
@ -1539,7 +1538,6 @@ LDAPGroupInfo LDAPManager::parseLDAPGroupRecord(LDAPMessage* entry) {
LDAPGroupInfo groupinfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
printf ( " Returned dn: %s \n " , dn ) ;
groupinfo . distinguishedName = dn ;
TQStringList dnParts = TQStringList : : split ( " , " , dn ) ;
TQString id = dnParts [ 0 ] ;
@ -1552,9 +1550,6 @@ LDAPGroupInfo LDAPManager::parseLDAPGroupRecord(LDAPMessage* entry) {
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
for ( i = 0 ; vals [ i ] ! = NULL ; i + + ) {
printf ( " [RAJA DEBUG 110.3] %s: %s \n \r " , attr , vals [ i ] - > bv_val ) ;
}
groupinfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
@ -1587,8 +1582,6 @@ for(i = 0; vals[i] != NULL; i++) {
ber_free ( ber , 0 ) ;
}
printf ( " \n \r " ) ;
return groupinfo ;
}
@ -1602,7 +1595,6 @@ LDAPMachineInfo LDAPManager::parseLDAPMachineRecord(LDAPMessage* entry) {
LDAPMachineInfo machineinfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
printf ( " Returned dn: %s \n " , dn ) ;
machineinfo . distinguishedName = dn ;
TQStringList dnParts = TQStringList : : split ( " , " , dn ) ;
TQString id = dnParts [ 0 ] ;
@ -1616,9 +1608,6 @@ LDAPMachineInfo LDAPManager::parseLDAPMachineRecord(LDAPMessage* entry) {
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
for ( i = 0 ; vals [ i ] ! = NULL ; i + + ) {
printf ( " [RAJA DEBUG 120.3] %s: %s \n \r " , attr , vals [ i ] - > bv_val ) ;
}
machineinfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
@ -1640,22 +1629,18 @@ for(i = 0; vals[i] != NULL; i++) {
ber_free ( ber , 0 ) ;
}
printf ( " \n \r " ) ;
return machineinfo ;
}
LDAPGroupInfoList LDAPManager : : groups ( int * mretcode ) {
int retcode ;
LDAPGroupInfoList groups ;
printf ( " [RAJA DEBUG 110.0] In LDAPManager::groups() \n \r " ) ; fflush ( stdout ) ;
if ( bind ( ) < 0 ) {
if ( mretcode ) * mretcode = - 1 ;
return LDAPGroupInfoList ( ) ;
}
else {
printf ( " [RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK \n \r " ) ; fflush ( stdout ) ;
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = " (objectClass=posixGroup) " ;
@ -1665,13 +1650,10 @@ printf("[RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK\n\r"); fflush(st
if ( mretcode ) * mretcode = - 1 ;
return LDAPGroupInfoList ( ) ;
}
printf ( " [RAJA DEBUG 110.2] The number of entries returned was %d \n \n " , ldap_count_entries ( m_ldap , msg ) ) ;
// Iterate through the returned entries
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
// RAJA
groups . append ( parseLDAPGroupRecord ( entry ) ) ;
}
@ -1688,14 +1670,12 @@ printf("[RAJA DEBUG 110.2] The number of entries returned was %d\n\n", ldap_coun
LDAPMachineInfoList LDAPManager : : machines ( int * mretcode ) {
int retcode ;
LDAPMachineInfoList machines ;
printf ( " [RAJA DEBUG 120.0] In LDAPManager::machines() \n \r " ) ; fflush ( stdout ) ;
if ( bind ( ) < 0 ) {
if ( mretcode ) * mretcode = - 1 ;
return LDAPMachineInfoList ( ) ;
}
else {
printf ( " [RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK \n \r " ) ; fflush ( stdout ) ;
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = " (&(objectClass=krb5Principal)(uid=host/*)) " ;
@ -1705,8 +1685,6 @@ printf("[RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK\n\r"); fflush(
if ( mretcode ) * mretcode = - 1 ;
return LDAPMachineInfoList ( ) ;
}
printf ( " [RAJA DEBUG 120.2] The number of entries returned was %d \n \n " , ldap_count_entries ( m_ldap , msg ) ) ;
// Iterate through the returned entries
LDAPMessage * entry ;
@ -1783,13 +1761,11 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at
// Special method, used when creating a new Kerberos realm
int LDAPManager : : moveKerberosEntries ( TQString newSuffix , TQString * errstr ) {
int retcode ;
printf ( " [RAJA DEBUG 140.0] In LDAPManager::moveKerberosEntries() \n \r " ) ; fflush ( stdout ) ;
if ( bind ( errstr ) < 0 ) {
return - 1 ;
}
else {
printf ( " [RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK \n \r " ) ; fflush ( stdout ) ;
LDAPMessage * msg ;
TQString ldap_base_dn = m_basedc ;
TQString ldap_filter = " (&(objectClass=krb5Principal)(!(objectClass=posixAccount))) " ;
@ -1798,8 +1774,6 @@ printf("[RAJA DEBUG 140.1] In LDAPManager::moveKerberosEntries() bind was OK\n\r
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 1 ;
}
printf ( " [RAJA DEBUG 140.2] The number of entries returned was %d \n \n " , ldap_count_entries ( m_ldap , msg ) ) ;
// Iterate through the returned entries
LDAPMessage * entry ;
@ -1811,7 +1785,6 @@ printf("[RAJA DEBUG 140.2] The number of entries returned was %d\n\n", ldap_coun
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
TQStringList dnParts = TQStringList : : split ( " , " , dn ) ;
TQString id = dnParts [ 0 ] ;
printf ( " [RAJA DEBUG 140.3] Moving %s to relative DN %s and parent %s " , dn , id . ascii ( ) , newSuffix . ascii ( ) ) ; fflush ( stdout ) ;
retcode = ldap_rename_s ( m_ldap , dn , id , newSuffix , 0 , NULL , NULL ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " LDAP rename failure<p>Reason: [%3] %4 " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
@ -1893,15 +1866,11 @@ LDAPTDEBuiltinsInfo LDAPManager::parseLDAPTDEBuiltinsRecord(LDAPMessage* entry)
LDAPTDEBuiltinsInfo builtininfo ;
if ( ( dn = ldap_get_dn ( m_ldap , entry ) ) ! = NULL ) {
printf ( " Returned dn: %s \n " , dn ) ;
ldap_memfree ( dn ) ;
}
for ( attr = ldap_first_attribute ( m_ldap , entry , & ber ) ; attr ! = NULL ; attr = ldap_next_attribute ( m_ldap , entry , ber ) ) {
if ( ( vals = ldap_get_values_len ( m_ldap , entry , attr ) ) ! = NULL ) {
for ( i = 0 ; vals [ i ] ! = NULL ; i + + ) {
printf ( " [RAJA DEBUG 160.3] %s: %s \n \r " , attr , vals [ i ] - > bv_val ) ;
}
builtininfo . informationValid = true ;
TQString ldap_field = attr ;
i = 0 ;
@ -1926,8 +1895,6 @@ for(i = 0; vals[i] != NULL; i++) {
ber_free ( ber , 0 ) ;
}
printf ( " \n \r " ) ;
return builtininfo ;
}
Timothy Pearson
13 years ago