From c8902fca043da26014b6302b41b47ec85062d95a Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Mon, 1 Jul 2013 18:41:18 +0000
Subject: [PATCH] Add missing data fields to LDAPMasterReplicationInfo
 structure

---
 src/libtdeldap.cpp | 116 ++++++++++++++++++++++++++++++++++++++++++++-
 src/libtdeldap.h   |   6 +++
 2 files changed, 121 insertions(+), 1 deletion(-)

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 8aac29f..872b436 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -2656,6 +2656,78 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at
 	}
 }
 
+TQString LDAPManager::getRealmCAMaster(TQString* errstr) {
+	int retcode;
+	int i;
+	TQString realmCAMaster;
+
+	TQString dn = TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc);
+
+	if (bind() < 0) {
+		return TQString();
+	}
+	else {
+		LDAPMessage* msg;
+		retcode = ldap_search_ext_s(m_ldap, dn.ascii(), LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
+		if (retcode != LDAP_SUCCESS) {
+			if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
+			else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+			return TQString();
+		}
+
+		// Iterate through the returned entries
+		LDAPMessage* entry;
+		for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
+			TQString result;
+			if (parseLDAPTDEStringAttribute(entry, "publicRootCertificateOriginServer", result)) {
+				realmCAMaster = result;
+			}
+		}
+
+		// clean up
+		ldap_msgfree(msg);
+
+		return realmCAMaster;
+	}
+}
+
+int LDAPManager::setRealmCAMaster(TQString masterFQDN, TQString* errstr) {
+	int retcode;
+	int i;
+
+	if (bind() < 0) {
+		return -1;
+	}
+	else {
+		// Assemble the LDAPMod structure
+		// We will replace any existing attributes with the new values
+		int number_of_parameters = 1;				// 1 primary attribute
+		LDAPMod *mods[number_of_parameters+1];
+		set_up_attribute_operations(mods, number_of_parameters);
+
+		// Load LDAP modification requests from provided data structure
+		i=0;
+		add_single_attribute_operation(mods, &i, "publicRootCertificateOriginServer", masterFQDN);
+		LDAPMod *prevterm = mods[i];
+		mods[i] = NULL;
+
+		// Perform LDAP update
+		retcode = ldap_modify_ext_s(m_ldap, TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc).ascii(), mods, NULL, NULL);
+
+		// Clean up
+		clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
+
+		if (retcode != LDAP_SUCCESS) {
+			if (errstr) *errstr = i18n("<qt>LDAP CA master modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
+			else KMessageBox::error(0, i18n("<qt>LDAP CA master modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+			return -2;
+		}
+		else {
+			return 0;
+		}
+	}
+}
+
 // Special method, used when creating a new Kerberos realm
 int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
 	int retcode;
@@ -2824,6 +2896,41 @@ LDAPTDEBuiltinsInfo LDAPManager::parseLDAPTDEBuiltinsRecord(LDAPMessage* entry)
 	return builtininfo;
 }
 
+bool LDAPManager::parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval) {
+	char* dn = NULL;
+	char* attr;
+	struct berval **vals;
+	BerElement* ber;
+	int i;
+	bool found = false;
+
+	LDAPTDEBuiltinsInfo builtininfo;
+
+	if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
+		ldap_memfree(dn);
+	}
+
+	for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
+		if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL)  {
+			builtininfo.informationValid = true;
+			TQString ldap_field = attr;
+			i=0;
+			if (ldap_field == attribute) {
+				retval = TQString(vals[i]->bv_val);
+				found = true;
+			}
+			ldap_value_free_len(vals);
+		}
+		ldap_memfree(attr);
+	}
+
+	if (ber != NULL) {
+		ber_free(ber, 0);
+	}
+
+	return found;
+}
+
 LDAPMasterReplicationInfo LDAPManager::parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry) {
 	char* dn = NULL;
 	char* attr;
@@ -3153,7 +3260,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
 						TQString databaseDN;
 						ridString.sprintf("%03d", rid);
 						databaseDN = "cn=config";
-						serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout);
+						serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"allow":"demand");
+						if (replicationinfo.certificateFile != "") {
+							serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
+						}
+						if (replicationinfo.caCertificateFile != "") {
+							serverSyncReplString.append(TQString(" tls_cacert=\"%1\"").arg(replicationinfo.caCertificateFile));
+						}
 						syncReplServerList.append(serverSyncReplString);
 						rid++;
 					}
@@ -4245,6 +4358,7 @@ LDAPMasterReplicationInfo::LDAPMasterReplicationInfo() {
 	// See http://www.openldap.org/doc/admin24/slapdconfig.html for syntax
 	retryMethod = "5 5 300 5";
 	timeout = 1;
+	ignore_ssl_failure = false;
 }
 
 LDAPMasterReplicationInfo::~LDAPMasterReplicationInfo() {
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index ee60b94..c3d58f0 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -403,6 +403,8 @@ class LDAPMasterReplicationInfo
 		TQString syncDN;
 		TQCString syncPassword;
 		TQString certificateFile;
+		TQString caCertificateFile;
+		bool ignore_ssl_failure;
 };
 
 class KerberosTicketInfo
@@ -476,6 +478,9 @@ class LDAPManager : public TQObject {
 		int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);
 		int writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr=0);
 
+		TQString getRealmCAMaster(TQString* errstr=0);
+		int setRealmCAMaster(TQString masterFQDN, TQString* errstr=0);
+
 		LDAPTDEBuiltinsInfo getTDEBuiltinMappings(TQString *errstr=0);
 		LDAPMasterReplicationInfo getLDAPMasterReplicationSettings(TQString *errstr=0);
 		int setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo replicationinfo, TQString *errstr=0);
@@ -524,6 +529,7 @@ class LDAPManager : public TQObject {
 		LDAPTDEBuiltinsInfo parseLDAPTDEBuiltinsRecord(LDAPMessage* entry);
 		LDAPMasterReplicationInfo parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry);
 		TQString parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry);
+		bool parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval);
 
 	private:
 		TQString m_realm;