|
|
|
@ -1614,8 +1614,6 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
|
|
|
|
|
LDAPGroupInfo machineinfo;
|
|
|
|
|
|
|
|
|
|
if (bind() < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
@ -1741,8 +1739,6 @@ int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
|
|
|
|
|
LDAPGroupInfo serviceinfo;
|
|
|
|
|
|
|
|
|
|
if (bind() < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
@ -2277,6 +2273,129 @@ LDAPServiceInfoList LDAPManager::machineServices(TQString machine_dn, int* mretc
|
|
|
|
|
return LDAPServiceInfoList();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::exportKeytabForPrincipal(TQString principal, TQString fileName, TQString *errstr) {
|
|
|
|
|
if (bind() < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// Use Kerberos kadmin to export the keytab
|
|
|
|
|
LDAPCredentials admincreds = currentLDAPCredentials();
|
|
|
|
|
if ((admincreds.username == "") && (admincreds.password == "")) {
|
|
|
|
|
// Probably GSSAPI
|
|
|
|
|
// Get active ticket principal...
|
|
|
|
|
KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
|
|
|
|
|
TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
|
|
|
|
|
admincreds.username = principalParts[0];
|
|
|
|
|
admincreds.realm = principalParts[1];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQCString command = "kadmin";
|
|
|
|
|
QCStringList args;
|
|
|
|
|
if (m_host.startsWith("ldapi://")) {
|
|
|
|
|
args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if (admincreds.username == "") {
|
|
|
|
|
args << TQCString("-r") << TQCString(admincreds.realm.upper());
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQString prompt;
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
|
kadminProc.exec(command, args);
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
if (fileName == "") {
|
|
|
|
|
command = TQCString("ext_keytab "+principal);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
command = TQCString("ext_keytab --keytab=\""+fileName+"\" "+principal);
|
|
|
|
|
}
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
// Use all defaults
|
|
|
|
|
while (prompt != "kadmin>") {
|
|
|
|
|
if (prompt.endsWith(" Password:")) {
|
|
|
|
|
if (admincreds.password == "") {
|
|
|
|
|
if (tqApp->type() != TQApplication::Tty) {
|
|
|
|
|
TQCString password;
|
|
|
|
|
int result = KPasswordDialog::getPassword(password, prompt);
|
|
|
|
|
if (result == KPasswordDialog::Accepted) {
|
|
|
|
|
admincreds.password = password;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
TQFile file;
|
|
|
|
|
file.open(IO_ReadOnly, stdin);
|
|
|
|
|
TQTextStream qtin(&file);
|
|
|
|
|
admincreds.password = qtin.readLine();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (admincreds.password != "") {
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(admincreds.password, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == "");
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
|
if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// Extract whatever default is in the [brackets] and feed it back to kadmin
|
|
|
|
|
TQString defaultParam;
|
|
|
|
|
int leftbracket = prompt.find("[");
|
|
|
|
|
int rightbracket = prompt.find("]");
|
|
|
|
|
if ((leftbracket >= 0) && (rightbracket >= 0)) {
|
|
|
|
|
leftbracket++;
|
|
|
|
|
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
|
|
|
|
|
}
|
|
|
|
|
command = TQCString(defaultParam);
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
|
if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Success!
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
unbind(true); // Using kadmin can disrupt our LDAP connection
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
|
|
|
|
|
return 1; // Failure
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr) {
|
|
|
|
|
int retcode;
|
|
|
|
|
int i;
|
|
|
|
|