|
|
|
|
@ -1842,7 +1842,7 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
|
|
|
|
|
int LDAPManager::kAdminAddNewPrincipal(TQString principalName, TQString newPassword, TQString *errstr) {
|
|
|
|
|
if (bind() < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
@ -1856,17 +1856,14 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
|
|
|
|
|
if (retcode == 0) {
|
|
|
|
|
retcode = 1;
|
|
|
|
|
bool generate_password;
|
|
|
|
|
if (machine.newPassword == "") {
|
|
|
|
|
if (newPassword == "") {
|
|
|
|
|
generate_password = true;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
generate_password = false;
|
|
|
|
|
password = strdup(machine.newPassword.data());
|
|
|
|
|
password = strdup(newPassword.ascii());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LDAPCredentials admincreds = currentLDAPCredentials(true);
|
|
|
|
|
TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower();
|
|
|
|
|
|
|
|
|
|
// Construct and add new principal record
|
|
|
|
|
kadm5_principal_ent_rec principal_record;
|
|
|
|
|
kadm5_principal_ent_rec default_record;
|
|
|
|
|
@ -1875,7 +1872,7 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
|
|
|
|
|
int mask = 0;
|
|
|
|
|
|
|
|
|
|
memset(&principal_record, 0, sizeof(principal_record));
|
|
|
|
|
krb5adm_ret = krb5_parse_name(m_krb5admContext, hoststring.ascii(), &principal_entry);
|
|
|
|
|
krb5adm_ret = krb5_parse_name(m_krb5admContext, principalName.ascii(), &principal_entry);
|
|
|
|
|
if (krb5adm_ret) {
|
|
|
|
|
if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_parse_name (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
|
|
|
|
|
}
|
|
|
|
|
@ -1989,126 +1986,15 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
|
|
|
|
|
if (bind() < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// Use Kerberos kadmin to actually add the service
|
|
|
|
|
LDAPCredentials admincreds = currentLDAPCredentials();
|
|
|
|
|
if ((admincreds.username == "") && (admincreds.password == "")) {
|
|
|
|
|
// Probably GSSAPI
|
|
|
|
|
// Get active ticket principal...
|
|
|
|
|
KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
|
|
|
|
|
TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
|
|
|
|
|
admincreds.username = principalParts[0];
|
|
|
|
|
admincreds.realm = principalParts[1];
|
|
|
|
|
admincreds.use_gssapi = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQCString command = "kadmin";
|
|
|
|
|
QCStringList args;
|
|
|
|
|
if (m_host.startsWith("ldapi://")) {
|
|
|
|
|
args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if (admincreds.username == "") {
|
|
|
|
|
args << TQCString("-r") << TQCString(admincreds.realm.upper());
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQString hoststring = service.name+"/"+service.machine;
|
|
|
|
|
|
|
|
|
|
TQString prompt;
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
|
kadminProc.exec(command, args);
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
command = TQCString("ank --random-key "+hoststring);
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n", prompt.ascii());
|
|
|
|
|
} while ((prompt == TQString(command)) || (prompt == ""));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
// Use all defaults
|
|
|
|
|
while (prompt != "kadmin>") {
|
|
|
|
|
if (prompt.endsWith(" Password:")) {
|
|
|
|
|
if (admincreds.password == "") {
|
|
|
|
|
if (tqApp->type() != TQApplication::Tty) {
|
|
|
|
|
TQCString password;
|
|
|
|
|
int result = KPasswordDialog::getPassword(password, prompt);
|
|
|
|
|
if (result == KPasswordDialog::Accepted) {
|
|
|
|
|
admincreds.password = password;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
TQFile file;
|
|
|
|
|
file.open(IO_ReadOnly, stdin);
|
|
|
|
|
TQTextStream qtin(&file);
|
|
|
|
|
admincreds.password = qtin.readLine();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (admincreds.password != "") {
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(admincreds.password, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n", prompt.ascii());
|
|
|
|
|
} while (prompt == "");
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
|
if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// Extract whatever default is in the [brackets] and feed it back to kadmin
|
|
|
|
|
TQString defaultParam;
|
|
|
|
|
int leftbracket = prompt.find("[");
|
|
|
|
|
int rightbracket = prompt.find("]");
|
|
|
|
|
if ((leftbracket >= 0) && (rightbracket >= 0)) {
|
|
|
|
|
leftbracket++;
|
|
|
|
|
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
|
|
|
|
|
}
|
|
|
|
|
command = TQCString(defaultParam);
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n", prompt.ascii());
|
|
|
|
|
} while ((prompt == TQString(command)) || (prompt == ""));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
|
if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Success!
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
unbind(true); // Using kadmin can disrupt our LDAP connection
|
|
|
|
|
|
|
|
|
|
// Move Kerberos entries
|
|
|
|
|
return moveKerberosEntries("o=kerberos,cn=kerberos control,ou=master services,ou=core,ou=realm," + m_basedc, errstr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
|
|
|
|
|
return 1; // Failure
|
|
|
|
|
int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
|
|
|
|
|
LDAPCredentials admincreds = currentLDAPCredentials(true);
|
|
|
|
|
TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower();
|
|
|
|
|
return kAdminAddNewPrincipal(hoststring, machine.newPassword, errstr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
|
|
|
|
|
TQString hoststring = service.name + "/" + service.machine;
|
|
|
|
|
return kAdminAddNewPrincipal(hoststring, TQString::null, errstr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::deleteUserInfo(LDAPUserInfo user, TQString *errstr) {
|
|
|
|
|
|
Timothy Pearson
10 years ago