Add exportKeytabForPrincipal method

src/libtdeldap.cpp

@@ -1614,8 +1614,6 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) {
 }
 
 int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
-	LDAPGroupInfo machineinfo;
-
 	if (bind() < 0) {
 		return -1;
 	}
@@ -1741,8 +1739,6 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
 }
 
 int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
-	LDAPGroupInfo serviceinfo;
-
 	if (bind() < 0) {
 		return -1;
 	}
@@ -2277,6 +2273,129 @@ LDAPServiceInfoList LDAPManager::machineServices(TQString machine_dn, int* mretc
 	return LDAPServiceInfoList();
 }
 
+int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr) {
+	if (bind() < 0) {
+		return -1;
+	}
+	else {
+		// Use Kerberos kadmin to export the keytab
+		LDAPCredentials admincreds = currentLDAPCredentials();
+		if ((admincreds.username == "") && (admincreds.password == "")) {
+			// Probably GSSAPI
+			// Get active ticket principal...
+			KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
+			TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
+			admincreds.username = principalParts[0];
+			admincreds.realm = principalParts[1];
+		}
+	
+		TQCString command = "kadmin";
+		QCStringList args;
+		if (m_host.startsWith("ldapi://")) {
+			args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
+		}
+		else {
+			if (admincreds.username == "") {
+				args << TQCString("-r") << TQCString(admincreds.realm.upper());
+			}
+			else {
+				args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
+			}
+		}
+
+		TQString prompt;
+		PtyProcess kadminProc;
+		kadminProc.exec(command, args);
+		prompt = readFullLineFromPtyProcess(&kadminProc);
+		prompt = prompt.stripWhiteSpace();
+		if (prompt == "kadmin>") {
+			if (fileName == "") {
+				command = TQCString("ext_keytab "+principal);
+			}
+			else {
+				command = TQCString("ext_keytab --keytab=\""+fileName+"\" "+principal);
+			}
+			kadminProc.enableLocalEcho(false);
+			kadminProc.writeLine(command, true);
+			do { // Discard our own input
+				prompt = readFullLineFromPtyProcess(&kadminProc);
+				printf("(kadmin) '%s'\n\r", prompt.ascii());
+			} while (prompt == TQString(command));
+			prompt = prompt.stripWhiteSpace();
+			// Use all defaults
+			while (prompt != "kadmin>") {
+				if (prompt.endsWith(" Password:")) {
+					if (admincreds.password == "") {
+						if (tqApp->type() != TQApplication::Tty) {
+							TQCString password;
+							int result = KPasswordDialog::getPassword(password, prompt);
+							if (result == KPasswordDialog::Accepted) {
+								admincreds.password = password;
+							}
+						}
+						else {
+							TQFile file;
+							file.open(IO_ReadOnly, stdin);
+							TQTextStream qtin(&file);
+							admincreds.password = qtin.readLine();
+						}
+					}
+					if (admincreds.password != "") {
+						kadminProc.enableLocalEcho(false);
+						kadminProc.writeLine(admincreds.password, true);
+						do { // Discard our own input
+							prompt = readFullLineFromPtyProcess(&kadminProc);
+							printf("(kadmin) '%s'\n\r", prompt.ascii());
+						} while (prompt == "");
+						prompt = prompt.stripWhiteSpace();
+					}
+				}
+				if (prompt.contains("authentication failed")) {
+					if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
+					kadminProc.enableLocalEcho(false);
+					kadminProc.writeLine("quit", true);
+					return 1;
+				}
+				else {
+					// Extract whatever default is in the [brackets] and feed it back to kadmin
+					TQString defaultParam;
+					int leftbracket = prompt.find("[");
+					int rightbracket = prompt.find("]");
+					if ((leftbracket >= 0) && (rightbracket >= 0)) {
+						leftbracket++;
+						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
+					}
+					command = TQCString(defaultParam);
+					kadminProc.enableLocalEcho(false);
+					kadminProc.writeLine(command, true);
+					do { // Discard our own input
+						prompt = readFullLineFromPtyProcess(&kadminProc);
+						printf("(kadmin) '%s'\n\r", prompt.ascii());
+					} while (prompt == TQString(command));
+					prompt = prompt.stripWhiteSpace();
+				}
+			}
+			if (prompt != "kadmin>") {
+				if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
+				kadminProc.enableLocalEcho(false);
+				kadminProc.writeLine("quit", true);
+				return 1;
+			}
+
+			// Success!
+			kadminProc.enableLocalEcho(false);
+			kadminProc.writeLine("quit", true);
+			unbind(true);	// Using kadmin can disrupt our LDAP connection
+
+			return 0;
+		}
+
+		if (errstr) *errstr = "Internal error.  Verify that kadmin exists and can be executed.";
+		return 1;	// Failure
+
+	}
+}
+
 int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr) {
 	int retcode;
 	int i;

src/libtdeldap.h

@@ -407,6 +407,7 @@ class LDAPManager : public TQObject {
 		LDAPServiceInfoList services(int* retcode=0);
 		LDAPUserInfo getUserByDistinguishedName(TQString dn);
 		LDAPGroupInfo getGroupByDistinguishedName(TQString dn, TQString *errstr=0);
+
 		int updateUserInfo(LDAPUserInfo user, TQString *errstr=0);
 		int updateGroupInfo(LDAPGroupInfo group, TQString *errstr=0);
 		int updateMachineInfo(LDAPMachineInfo group, TQString *errstr=0);
@@ -420,6 +421,8 @@ class LDAPManager : public TQObject {
 		int deleteMachineInfo(LDAPMachineInfo machine, TQString *errstr=0);
 		int deleteServiceInfo(LDAPServiceInfo service, TQString *errstr=0);
 
+		int exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr=0);
+
 		LDAPCredentials currentLDAPCredentials();
 
 		int moveKerberosEntries(TQString newSuffix, TQString* errstr=0);