diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-01 13:04:03 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-01 13:04:03 -0500 |
| commit | cda5016a3a91068e7601024d26fd80d01ee7dc6e (patch) | |
| tree | 90d50c16fdd2b46247b26f53d046ea2440f3a34d | |
| parent | a2968adbe0d31d116ab20b5b276950dab7767a30 (diff) | |
| download | kcmldapmanager-cda5016a.tar.gz kcmldapmanager-cda5016a.zip | |
Use libtdeldap
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | src/Makefile.am | 6 | ||||
| -rw-r--r-- | src/ldaplogindlg.cpp | 46 | ||||
| -rw-r--r-- | src/ldaplogindlg.h | 39 | ||||
| -rw-r--r-- | src/ldaplogindlgbase.ui | 87 | ||||
| -rw-r--r-- | src/ldappasswddlg.cpp | 46 | ||||
| -rw-r--r-- | src/ldappasswddlg.h | 43 | ||||
| -rw-r--r-- | src/libtdeldap.cpp | 1183 | ||||
| -rw-r--r-- | src/libtdeldap.h | 224 |
9 files changed, 4 insertions, 1672 deletions
diff --git a/debian/control b/debian/control index 4ea40bd..7600364 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: kcontrol-ldap-manager-trinity Section: tde Priority: optional Maintainer: Timothy Pearson <kb9vqf@pearsoncomputing.net> -Build-Depends: debhelper (>= 5), cdbs, tdelibs4-trinity-dev, libldap2-dev, automake, autoconf, libtool, libltdl-dev +Build-Depends: debhelper (>= 5), cdbs, tdelibs4-trinity-dev, libldap2-dev, libtdeldap, automake, autoconf, libtool, libltdl-dev Standards-Version: 3.8.4 Package: kcontrol-ldap-manager-trinity diff --git a/src/Makefile.am b/src/Makefile.am index f3a95af..713e114 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,11 +1,11 @@ -INCLUDES = $(all_includes) +INCLUDES = $(all_includes) $(KDE_INCLUDES)/tde METASOURCES = AUTO # Install this plugin in the KDE modules directory kde_module_LTLIBRARIES = kcm_ldapmanager.la -kcm_ldapmanager_la_SOURCES = ldapmgr.cpp ldapconfigbase.ui userconfigbase.ui groupconfigbase.ui libtdeldap.cpp ldaplogindlgbase.ui ldaplogindlg.cpp ldappasswddlg.cpp userconfigdlg.cpp groupconfigdlg.cpp -kcm_ldapmanager_la_LIBADD = -lkio $(LIB_TDEUI) -lldap +kcm_ldapmanager_la_SOURCES = ldapmgr.cpp ldapconfigbase.ui userconfigbase.ui groupconfigbase.ui userconfigdlg.cpp groupconfigdlg.cpp +kcm_ldapmanager_la_LIBADD = -lkio $(LIB_TDEUI) -lldap -ltdeldap kcm_ldapmanager_la_LDFLAGS = -avoid-version -module -no-undefined \ $(all_libraries) diff --git a/src/ldaplogindlg.cpp b/src/ldaplogindlg.cpp deleted file mode 100644 index 7bd9147..0000000 --- a/src/ldaplogindlg.cpp +++ /dev/null @@ -1,46 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2012 by Timothy Pearson * - * kb9vqf@pearsoncomputing.net * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - ***************************************************************************/ - -#include <tqstringlist.h> -#include <tqlabel.h> -#include <tqmap.h> - -#include <kapplication.h> -#include <ksimpleconfig.h> -#include <klocale.h> -#include <kdebug.h> -#include <kstandarddirs.h> -#include <kiconloader.h> -#include <dcopclient.h> -#include <kprocess.h> -#include <kcombobox.h> - -#include "ldaplogindlg.h" - -LDAPLogin::LDAPLogin(TQWidget *parent, const char *name ) : LDAPLoginDlg(parent,name) { - px_icon->setPixmap(SmallIcon("password.png")); - ldapAdminRealm->setEditable(true); -} - -LDAPLogin::~LDAPLogin(){ - // -} - -// #include "ldaplogindlg.moc" diff --git a/src/ldaplogindlg.h b/src/ldaplogindlg.h deleted file mode 100644 index c4b74f2..0000000 --- a/src/ldaplogindlg.h +++ /dev/null @@ -1,39 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2012 by Timothy Pearson * - * kb9vqf@pearsoncomputing.net * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - ***************************************************************************/ - -#ifndef LDAPLOGIN_H -#define LDAPLOGIN_H - -#include "ldaplogindlgbase.h" - -class TQStringList; - -/**LDAP login dialog - *@author Timothy Pearson - */ - -class LDAPLogin : public LDAPLoginDlg { - Q_OBJECT -public: - LDAPLogin(TQWidget *parent=0, const char *name=0); - ~LDAPLogin(); -}; - -#endif diff --git a/src/ldaplogindlgbase.ui b/src/ldaplogindlgbase.ui deleted file mode 100644 index 43ac9b4..0000000 --- a/src/ldaplogindlgbase.ui +++ /dev/null @@ -1,87 +0,0 @@ -<!DOCTYPE UI><UI version="3.0" stdsetdef="1"> -<class>LDAPLoginDlg</class> -<widget class="TQWidget"> - <property name="name"> - <cstring>LDAPLoginDlg</cstring> - </property> - <grid> - <property name="name"> - <cstring>unnamed</cstring> - </property> - <widget class="TQLabel" row="1" column="0" rowspan="1" colspan="1"> - <property name="name"> - <cstring>px_icon</cstring> - </property> - <property name="sizePolicy"> - <sizepolicy> - <hsizetype>0</hsizetype> - <vsizetype>0</vsizetype> - <horstretch>0</horstretch> - <verstretch>0</verstretch> - </sizepolicy> - </property> - <property name="frameShape"> - <enum>NoFrame</enum> - </property> - <property name="frameShadow"> - <enum>Plain</enum> - </property> - <property name="scaledContents"> - <bool>true</bool> - </property> - <property name="indent"> - <number>0</number> - </property> - </widget> - <widget class="TQLabel" row="1" column="1" colspan="2"> - <property name="name"> - <cstring>passprompt</cstring> - </property> - <property name="text"> - <string>Please provide appropriate LDAP credentials below</string> - </property> - </widget> - <widget class="TQLabel" row="2" column="0" colspan="2"> - <property name="name"> - <cstring>unnamed</cstring> - </property> - <property name="text"> - <string>Username</string> - </property> - </widget> - <widget class="KLineEdit" row="2" column="2"> - <property name="name"> - <cstring>ldapAdminUsername</cstring> - </property> - </widget> - <widget class="TQLabel" row="3" column="0" colspan="2"> - <property name="name"> - <cstring>unnamed</cstring> - </property> - <property name="text"> - <string>Password</string> - </property> - </widget> - <widget class="KPasswordEdit" row="3" column="2"> - <property name="name"> - <cstring>ldapAdminPassword</cstring> - </property> - </widget> - <widget class="TQLabel" row="4" column="0" colspan="2"> - <property name="name"> - <cstring>unnamed</cstring> - </property> - <property name="text"> - <string>LDAP Realm</string> - </property> - </widget> - <widget class="KComboBox" row="4" column="2"> - <property name="name"> - <cstring>ldapAdminRealm</cstring> - </property> - </widget> - </grid> -</widget> -<layoutdefaults spacing="3" margin="6"/> -<layoutfunctions spacing="KDialog::spacingHint" margin="KDialog::marginHint"/> -</UI> diff --git a/src/ldappasswddlg.cpp b/src/ldappasswddlg.cpp deleted file mode 100644 index 054f9dc..0000000 --- a/src/ldappasswddlg.cpp +++ /dev/null @@ -1,46 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2012 by Timothy Pearson * - * kb9vqf@pearsoncomputing.net * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - ***************************************************************************/ - -#include <klocale.h> -#include <klineedit.h> -#include <ktextedit.h> -#include <knuminput.h> -#include <kactionselector.h> -#include <tqlistbox.h> -#include <kpushbutton.h> -#include <tqpixmap.h> -#include <tqiconset.h> -#include <tqlabel.h> - -#include "ldappasswddlg.h" - -LDAPPasswordDialog::LDAPPasswordDialog(TQWidget* parent, const char* name) - : KDialogBase(parent, name, true, i18n("LDAP Authentication"), Ok|Cancel, Ok, true) -{ - m_base = new LDAPLogin(this); - - setMainWidget(m_base); -} - -void LDAPPasswordDialog::slotOk() { - accept(); -} - -#include "ldappasswddlg.moc" diff --git a/src/ldappasswddlg.h b/src/ldappasswddlg.h deleted file mode 100644 index 2c3c060..0000000 --- a/src/ldappasswddlg.h +++ /dev/null @@ -1,43 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2012 by Timothy Pearson * - * kb9vqf@pearsoncomputing.net * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - ***************************************************************************/ - -#ifndef _LDAPPASSWORDDIALOG_H_ -#define _LDAPPASSWORDDIALOG_H_ - -#include <kdialogbase.h> -#include <kcombobox.h> - -#include "ldaplogindlg.h" - -class LDAPPasswordDialog : public KDialogBase -{ - Q_OBJECT - -public: - LDAPPasswordDialog(TQWidget* parent = 0, const char* name = 0); - -public slots: - void slotOk(); - -public: - LDAPLogin *m_base; -}; - -#endif diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp deleted file mode 100644 index af20e0e..0000000 --- a/src/libtdeldap.cpp +++ /dev/null @@ -1,1183 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2012 by Timothy Pearson * - * kb9vqf@pearsoncomputing.net * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - ***************************************************************************/ - -#include <klocale.h> -#include <kmessagebox.h> -#include <klineedit.h> -#include <kpassdlg.h> - -#include <ldap.h> -#include <stdlib.h> -#include <sys/time.h> - -#include "libtdeldap.h" -#include "ldappasswddlg.h" - -#define LDAP_INSECURE_PORT 389 -#define LDAP_SECURE_PORT 636 - -int requested_ldap_version = LDAP_VERSION3; -int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection? -char* ldap_user_and_operational_attributes[2] = {"*", "+"}; - -LDAPManager::LDAPManager(TQString realm, TQString host, TQObject *parent, const char *name) : TQObject(parent, name), m_realm(realm), m_host(host), m_port(0), m_creds(0), m_ldap(0) -{ - TQStringList domainChunks = TQStringList::split(".", realm.lower()); - m_basedc = "dc=" + domainChunks.join(",dc="); -} - -LDAPManager::~LDAPManager() { - unbind(true); -} - -TQString LDAPManager::basedn() { - return m_basedc; -} - -TQString LDAPManager::realm() { - return m_realm; -} - -LDAPCredentials LDAPManager::currentLDAPCredentials() { - if (m_creds) { - return *m_creds; - } - else { - return LDAPCredentials(); - } -} - -int LDAPManager::bind() { -printf("[RAJA DEBUG 600.0] In LDAPManager::bind()\n\r"); fflush(stdout); - if (m_ldap) { - return 0; - } - - int use_secure_connection = 0; - - TQString uri; - if (use_secure_connection == 1) { - m_port = LDAP_SECURE_PORT; - uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port); - } - else { - m_port = LDAP_INSECURE_PORT; - uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port); - } - - int retcode = ldap_initialize(&m_ldap, uri.ascii()); - if (retcode < 0) { - KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); - return -1; - } - retcode = ldap_set_option(m_ldap, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version); - if (retcode != LDAP_OPT_SUCCESS) { - KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); - return -1; - } - - TQString errorString; - LDAPPasswordDialog passdlg(0); - passdlg.m_base->ldapAdminRealm->setEnabled(false); - passdlg.m_base->ldapAdminRealm->insertItem(m_realm); - if (passdlg.exec() == TQDialog::Accepted) { - char* mechanism = NULL; - struct berval cred; - TQString ldap_dn = passdlg.m_base->ldapAdminUsername->text(); - TQCString pass = passdlg.m_base->ldapAdminPassword->password(); - if (!m_creds) m_creds = new LDAPCredentials(); - m_creds->username = passdlg.m_base->ldapAdminUsername->text(); - m_creds->password = passdlg.m_base->ldapAdminPassword->password(); - m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText(); - cred.bv_val = pass.data(); - cred.bv_len = pass.length(); - - if (!ldap_dn.contains(",")) { - // Look for a POSIX account with anonymous bind and the specified account name - TQString uri; - LDAP* ldapconn; - if (use_secure_connection == 1) { - m_port = LDAP_SECURE_PORT; - uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port); - } - else { - m_port = LDAP_INSECURE_PORT; - uri = TQString("ldap://%1:%2").arg(m_host).arg(m_port); - } - int retcode = ldap_initialize(&ldapconn, uri.ascii()); - if (retcode < 0) { - KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); - return -1; - } - retcode = ldap_set_option(ldapconn, LDAP_OPT_PROTOCOL_VERSION, &requested_ldap_version); - if (retcode != LDAP_OPT_SUCCESS) { - KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); - return -1; - } - struct berval anoncred; - anoncred.bv_val = ""; - anoncred.bv_len = strlen(""); - retcode = ldap_sasl_bind_s(ldapconn, "", mechanism, &anoncred, NULL, NULL, NULL); - if (retcode == LDAP_SUCCESS ) { - // Look for the DN for the specified user - LDAPMessage* msg; - TQString ldap_base_dn = m_basedc; - TQString ldap_filter = TQString("(&(objectclass=posixAccount)(uid=%1))").arg(passdlg.m_base->ldapAdminUsername->text()); - retcode = ldap_search_ext_s(ldapconn, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), NULL, 0, NULL, NULL, NULL, 0, &msg); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - } - else { - // Iterate through the returned entries - char* dn = NULL; - LDAPMessage* entry; - for(entry = ldap_first_entry(ldapconn, msg); entry != NULL; entry = ldap_next_entry(ldapconn, entry)) { - if((dn = ldap_get_dn(ldapconn, entry)) != NULL) { - ldap_dn = dn; - ldap_memfree(dn); - } - } - } - // clean up - ldap_msgfree(msg); - - // All done! - ldap_unbind_ext_s(ldapconn, NULL, NULL); - } - } - - retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL); - - if (retcode != LDAP_SUCCESS ) { - KMessageBox::error(0, i18n("<qt>Unable to connect to LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to connect to server!")); - return -1; - } - - return 0; - } - else { - return -2; - } - - return -3; -} - -int LDAPManager::unbind(bool force) { -printf("[RAJA DEBUG 600.1] In LDAPManager::unbind()\n\r"); fflush(stdout); - if (!m_ldap) { - return 0; - } - - int retcode = ldap_unbind_ext_s(m_ldap, NULL, NULL); - if ((retcode < 0) && (force == false)) { - KMessageBox::error(0, i18n("<qt>Unable to disconnect from LDAP server %1 on port %2<p>Reason: [%3] %4</qt>").arg(m_host).arg(m_port).arg(retcode).arg(ldap_err2string(retcode)), i18n("Unable to disconnect from server!")); - return retcode; - } - else { - m_ldap = 0; - } - return retcode; -} - -LDAPUserInfo LDAPManager::parseLDAPUserRecord(LDAPMessage* entry) { - int i; - char* dn = NULL; - char* attr; - struct berval **vals; - BerElement* ber; - - LDAPUserInfo userinfo; - - if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { - printf("Returned dn: %s\n", dn); - userinfo.distinguishedName = dn; - TQStringList dnParts = TQStringList::split(",", dn); - TQString id = dnParts[0]; - if (id.startsWith("uid=")) { - id = id.remove(0, 4); - userinfo.name = id; - } - ldap_memfree(dn); - } - - for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { - if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { -printf("[RAJA DEBUG 100.3] %s: %s\n\r", attr, vals[i]->bv_val); - userinfo.informationValid = true; - TQString ldap_field = attr; - i=0; - if (ldap_field == "creatorsName") { - userinfo.creatorsName = vals[i]->bv_val; - } - else if (ldap_field == "uidNumber") { - userinfo.uid = atoi(vals[i]->bv_val); - } - else if (ldap_field == "loginShell") { - userinfo.shell = vals[i]->bv_val; - } - else if (ldap_field == "homeDirectory") { - userinfo.homedir = vals[i]->bv_val; - } - else if (ldap_field == "gidNumber") { - userinfo.primary_gid = atoi(vals[i]->bv_val); - } - else if (ldap_field == "krb5KDCFlags") { - userinfo.status = (LDAPKRB5Flags)(atoi(vals[i]->bv_val)); - } - else if (ldap_field == "createTimestamp") { // YYYYMMDD000000Z - TQString formattedDate = vals[i]->bv_val; - formattedDate.insert(4,"-"); - formattedDate.insert(7,"-"); - formattedDate.insert(10,"T"); - formattedDate.insert(13,":"); - formattedDate.insert(16,":"); - formattedDate.remove(19, 1); - userinfo.account_created = TQDateTime::fromString(formattedDate, TQt::ISODate); - } - else if (ldap_field == "modifyTimestamp") { // YYYYMMDD000000Z - TQString formattedDate = vals[i]->bv_val; - formattedDate.insert(4,"-"); - formattedDate.insert(7,"-"); - formattedDate.insert(10,"T"); - formattedDate.insert(13,":"); - formattedDate.insert(16,":"); - formattedDate.remove(19, 1); - userinfo.account_modified = TQDateTime::fromString(formattedDate, TQt::ISODate); - } - // FIXME - // These two attributes do not seem to be available with a Heimdal KDC - // userinfo.password_last_changed = vals[i]->bv_val; - // userinfo.password_expires = vals[i]->bv_val; - else if (ldap_field == "krb5PasswordEnd") { // YYYYMMDD000000Z - TQString formattedDate = vals[i]->bv_val; - formattedDate.insert(4,"-"); - formattedDate.insert(7,"-"); - formattedDate.insert(10,"T"); - formattedDate.insert(13,":"); - formattedDate.insert(16,":"); - formattedDate.remove(19, 1); - userinfo.password_expiration = TQDateTime::fromString(formattedDate, TQt::ISODate); - } - // FIXME - // These six(!) attributes do not seem to be available with a Heimdal KDC - // userinfo.password_ages = vals[i]->bv_val; - // userinfo.new_password_interval = vals[i]->bv_val; - // userinfo.new_password_warn_interval = vals[i]->bv_val; - // userinfo.new_password_lockout_delay = vals[i]->bv_val; - // userinfo.password_has_minimum_age = vals[i]->bv_val; - // userinfo.password_minimum_age = vals[i]->bv_val; - else if (ldap_field == "krb5MaxLife") { // units: hours - userinfo.maximum_ticket_lifetime = atoi(vals[i]->bv_val); - } - else if (ldap_field == "cn") { - userinfo.commonName = vals[i]->bv_val; - } - else if (ldap_field == "givenName") { - userinfo.givenName = vals[i]->bv_val; - } - else if (ldap_field == "sn") { - userinfo.surName = vals[i]->bv_val; - } - else if (ldap_field == "initials") { - userinfo.initials = vals[i]->bv_val; - } - else if (ldap_field == "title") { - userinfo.title = vals[i]->bv_val; - } - else if (ldap_field == "mail") { - userinfo.email = vals[i]->bv_val; - } - else if (ldap_field == "description") { - userinfo.description = vals[i]->bv_val; - } - else if (ldap_field == "l") { - userinfo.locality = vals[i]->bv_val; - } - else if (ldap_field == "telephoneNumber") { - userinfo.telephoneNumber = vals[i]->bv_val; - } - else if (ldap_field == "facsimileTelephoneNumber") { - userinfo.faxNumber = vals[i]->bv_val; - } - else if (ldap_field == "homePhone") { - userinfo.homePhone = vals[i]->bv_val; - } - else if (ldap_field == "mobile") { - userinfo.mobilePhone = vals[i]->bv_val; - } - else if (ldap_field == "pager") { - userinfo.pagerNumber = vals[i]->bv_val; - } - // FIXME - // This attribute is not present in my current LDAP schema - // userinfo.website = vals[i]->bv_val; - else if (ldap_field == "postOfficeBox") { - userinfo.poBox = vals[i]->bv_val; - } - else if (ldap_field == "street") { - userinfo.street = vals[i]->bv_val; - } - else if (ldap_field == "postalAddress") { - userinfo.address = vals[i]->bv_val; - } - else if (ldap_field == "st") { - userinfo.state = vals[i]->bv_val; - } - else if (ldap_field == "postalCode") { - userinfo.postcode = vals[i]->bv_val; - } - else if (ldap_field == "registeredAddress") { - userinfo.registeredAddress = vals[i]->bv_val; - } - else if (ldap_field == "homePostalAddress") { - userinfo.homeAddress = vals[i]->bv_val; - } - else if (ldap_field == "seeAlso") { - userinfo.seeAlso = vals[i]->bv_val; - } - else if (ldap_field == "physicalDeliveryOfficeName") { - userinfo.deliveryOffice = vals[i]->bv_val; - } - else if (ldap_field == "departmentNumber") { - userinfo.department = vals[i]->bv_val; - } - else if (ldap_field == "roomNumber") { - userinfo.roomNumber = vals[i]->bv_val; - } - else if (ldap_field == "employeeType") { - userinfo.employeeType = vals[i]->bv_val; - } - else if (ldap_field == "employeeNumber") { - userinfo.employeeNumber = vals[i]->bv_val; - } - // FIXME - // These two attributes are not present in my current LDAP schema -// userinfo.manager = vals[i]->bv_val; -// userinfo.secretary = vals[i]->bv_val; - else if (ldap_field == "internationaliSDNNumber") { - userinfo.isdnNumber = vals[i]->bv_val; - } - // FIXME - // This attribute is not present in my current LDAP schema -// userinfo.teletexID = vals[i]->bv_val; - else if (ldap_field == "telexNumber") { - userinfo.telexNumber = vals[i]->bv_val; - } - // FIXME - // This attribute is not present in my current LDAP schema -// userinfo.preferredDelivery = vals[i]->bv_val; - else if (ldap_field == "destinationIndicator") { - userinfo.destinationIndicator = vals[i]->bv_val; - } - else if (ldap_field == "x121Address") { - userinfo.x121Address = vals[i]->bv_val; - } - else if (ldap_field == "displayName") { - userinfo.displayName = vals[i]->bv_val; - } - else if (ldap_field == "preferredLanguage") { - userinfo.preferredLanguage = vals[i]->bv_val; - } - // FIXME - // This attribute is not present in my current LDAP schema -// userinfo.uniqueIdentifier = vals[i]->bv_val; - else if (ldap_field == "businessCategory") { - userinfo.businessCategory = vals[i]->bv_val; - } - else if (ldap_field == "carLicense") { - userinfo.carLicense = vals[i]->bv_val; - } - // FIXME - // This attribute is not present in my current LDAP schema -// userinfo.notes = vals[i]->bv_val; - ldap_value_free_len(vals); - } - ldap_memfree(attr); - } - - if (ber != NULL) { - ber_free(ber, 0); - } - - printf("\n\r"); - - return userinfo; -} - -LDAPUserInfoList LDAPManager::users() { - int retcode; - LDAPUserInfoList users; -printf("[RAJA DEBUG 100.0] In LDAPManager::users()\n\r"); fflush(stdout); - - if (bind() < 0) { - return LDAPUserInfoList(); - } - else { -printf("[RAJA DEBUG 100.1] In LDAPManager::users() bind was OK\n\r"); fflush(stdout); - LDAPMessage* msg; - TQString ldap_base_dn = m_basedc; - TQString ldap_filter = "(objectClass=posixAccount)"; - retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return LDAPUserInfoList(); - } - -printf("[RAJA DEBUG 100.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); - - // Iterate through the returned entries - LDAPMessage* entry; - for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - users.append(parseLDAPUserRecord(entry)); - } - - // clean up - ldap_msgfree(msg); - - return users; - } - - return LDAPUserInfoList(); -} - -LDAPUserInfo LDAPManager::getUserByDistinguishedName(TQString dn) { - int retcode; - LDAPUserInfo userinfo; - - if (bind() < 0) { - return LDAPUserInfo(); - } - else { - LDAPMessage* msg; - struct timeval timeout; - timeout.tv_sec = 10; // 10 second timeout - retcode = ldap_search_ext_s(m_ldap, dn.ascii(), LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, &timeout, 0, &msg); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return LDAPUserInfo(); - } - - // Iterate through the returned entries - LDAPMessage* entry; - for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - userinfo = parseLDAPUserRecord(entry); - } - - // clean up - ldap_msgfree(msg); - - return userinfo; - } - - return LDAPUserInfo(); -} - -LDAPGroupInfo LDAPManager::getGroupByDistinguishedName(TQString dn) { - int retcode; - LDAPGroupInfo groupinfo; - - if (bind() < 0) { - return LDAPGroupInfo(); - } - else { - LDAPMessage* msg; - struct timeval timeout; - timeout.tv_sec = 10; // 10 second timeout - retcode = ldap_search_ext_s(m_ldap, dn.ascii(), LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, &timeout, 0, &msg); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return LDAPGroupInfo(); - } - - // Iterate through the returned entries - LDAPMessage* entry; - for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - groupinfo = parseLDAPGroupRecord(entry); - } - - // clean up - ldap_msgfree(msg); - - return groupinfo; - } - - return LDAPGroupInfo(); -} - -void create_single_attribute_operation(LDAPMod **mods, int *i, TQString attr, TQString value) { - if (value != "") { - char **values = (char**)malloc(2*sizeof(char*)); - values[0] = strdup(value.ascii()); - values[1] = NULL; - mods[*i]->mod_op = LDAP_MOD_ADD; - mods[*i]->mod_type = strdup(attr.ascii()); - mods[*i]->mod_values = values; - (*i)++; - } -} - -void create_multiple_attributes_operation(LDAPMod **mods, int *i, TQString attr, TQStringList strings) { - int j=0; - char **values = (char**)malloc((strings.count()+1)*sizeof(char*)); - for ( TQStringList::Iterator it = strings.begin(); it != strings.end(); ++it ) { - if ((*it) != "") { - values[j] = strdup((*it).ascii()); - j++; - } - } - values[j] = NULL; - mods[*i]->mod_op = LDAP_MOD_ADD; - mods[*i]->mod_type = strdup(attr.ascii()); - mods[*i]->mod_values = values; - (*i)++; -} - -void add_single_attribute_operation(LDAPMod **mods, int *i, TQString attr, TQString value) { - if (value != "") { - char **values = (char**)malloc(2*sizeof(char*)); - values[0] = strdup(value.ascii()); - values[1] = NULL; - mods[*i]->mod_op = LDAP_MOD_REPLACE; - mods[*i]->mod_type = strdup(attr.ascii()); - mods[*i]->mod_values = values; - (*i)++; - } -} - -void add_multiple_attributes_operation(LDAPMod **mods, int *i, TQString attr, TQStringList strings) { - int j=0; - char **values = (char**)malloc((strings.count()+1)*sizeof(char*)); - for ( TQStringList::Iterator it = strings.begin(); it != strings.end(); ++it ) { - if ((*it) != "") { - values[j] = strdup((*it).ascii()); - j++; - } - } - values[j] = NULL; - mods[*i]->mod_op = LDAP_MOD_REPLACE; - mods[*i]->mod_type = strdup(attr.ascii()); - mods[*i]->mod_values = values; - (*i)++; -} - -int LDAPManager::updateUserInfo(LDAPUserInfo user) { - int retcode; - int i; - LDAPUserInfo userinfo; - - if (bind() < 0) { - return -1; - } - else { - // Assemble the LDAPMod structure - // We will replace any existing attributes with the new values - int number_of_parameters = 40; // 40 primary attributes - LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; - - // Load LDAP modification requests from provided data structure - i=0; - add_single_attribute_operation(mods, &i, "uidNumber", TQString("%1").arg(user.uid)); - add_single_attribute_operation(mods, &i, "loginShell", user.shell); - add_single_attribute_operation(mods, &i, "homeDirectory", user.homedir); - add_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(user.primary_gid)); - add_single_attribute_operation(mods, &i, "krb5KDCFlags", TQString("%1").arg(user.status)); // Default active user is 586 [KRB5_ACTIVE_DEFAULT] and locked out user is 7586 [KRB5_DISABLED_ACCOUNT] -// add_single_attribute_operation(mods, &i, "", user.password_expires); -// add_single_attribute_operation(mods, &i, "", user.password_expiration); -// add_single_attribute_operation(mods, &i, "", user.password_ages); -// add_single_attribute_operation(mods, &i, "", user.new_password_interval); -// add_single_attribute_operation(mods, &i, "", user.new_password_warn_interval); -// add_single_attribute_operation(mods, &i, "", user.new_password_lockout_delay); -// add_single_attribute_operation(mods, &i, "", user.password_has_minimum_age); -// add_single_attribute_operation(mods, &i, "", user.password_minimum_age); - add_single_attribute_operation(mods, &i, "krb5MaxLife", TQString("%1").arg(user.maximum_ticket_lifetime)); - add_single_attribute_operation(mods, &i, "cn", user.commonName); - add_single_attribute_operation(mods, &i, "givenName", user.givenName); - add_single_attribute_operation(mods, &i, "sn", user.surName); - add_single_attribute_operation(mods, &i, "initials", user.initials); - add_single_attribute_operation(mods, &i, "title", user.title); - add_single_attribute_operation(mods, &i, "mail", user.email); - add_single_attribute_operation(mods, &i, "description", user.description); - add_single_attribute_operation(mods, &i, "l", user.locality); - add_single_attribute_operation(mods, &i, "telephoneNumber", user.telephoneNumber); - add_single_attribute_operation(mods, &i, "facsimileTelephoneNumber", user.faxNumber); - add_single_attribute_operation(mods, &i, "homePhone", user.homePhone); - add_single_attribute_operation(mods, &i, "mobile", user.mobilePhone); - add_single_attribute_operation(mods, &i, "pager", user.pagerNumber); -// add_single_attribute_operation(mods, &i, "", user.website); - add_single_attribute_operation(mods, &i, "postOfficeBox", user.poBox); - add_single_attribute_operation(mods, &i, "street", user.street); - add_single_attribute_operation(mods, &i, "postalAddress", user.address); - add_single_attribute_operation(mods, &i, "st", user.state); - add_single_attribute_operation(mods, &i, "postalCode", user.postcode); - add_single_attribute_operation(mods, &i, "registeredAddress", user.registeredAddress); - add_single_attribute_operation(mods, &i, "homePostalAddress", user.homeAddress); - add_single_attribute_operation(mods, &i, "seeAlso", user.seeAlso); - add_single_attribute_operation(mods, &i, "physicalDeliveryOfficeName", user.deliveryOffice); - add_single_attribute_operation(mods, &i, "departmentNumber", user.department); - add_single_attribute_operation(mods, &i, "roomNumber", user.roomNumber); - add_single_attribute_operation(mods, &i, "employeeType", user.employeeType); - add_single_attribute_operation(mods, &i, "employeeNumber", user.employeeNumber); -// add_single_attribute_operation(mods, &i, "", user.manager); -// add_single_attribute_operation(mods, &i, "", user.secretary); - add_single_attribute_operation(mods, &i, "internationaliSDNNumber", user.isdnNumber); -// add_single_attribute_operation(mods, &i, "", user.teletexID); - add_single_attribute_operation(mods, &i, "telexNumber", user.telexNumber); -// add_single_attribute_operation(mods, &i, "", user.preferredDelivery); - add_single_attribute_operation(mods, &i, "destinationIndicator", user.destinationIndicator); - add_single_attribute_operation(mods, &i, "x121Address", user.x121Address); - add_single_attribute_operation(mods, &i, "displayName", user.displayName); - add_single_attribute_operation(mods, &i, "preferredLanguage", user.preferredLanguage); -// add_single_attribute_operation(mods, &i, "", user.uniqueIdentifier); - add_single_attribute_operation(mods, &i, "businessCategory", user.businessCategory); - add_single_attribute_operation(mods, &i, "carLicense", user.carLicense); -// add_single_attribute_operation(mods, &i, "", user.notes); - LDAPMod *prevterm = mods[i]; - mods[i] = NULL; - - // Perform LDAP update - retcode = ldap_modify_ext_s(m_ldap, user.distinguishedName.ascii(), mods, NULL, NULL); - - // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - free(mods[i]->mod_values[j]); - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } - - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } - else { - return 0; - } - } -} - -int LDAPManager::updateGroupInfo(LDAPGroupInfo group) { - int retcode; - int i; - LDAPGroupInfo groupinfo; - - if (bind() < 0) { - return -1; - } - else { - // Assemble the LDAPMod structure - // We will replace any existing attributes with the new values - int number_of_parameters = 2; // 2 primary attributes - LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; - - // Load LDAP modification requests from provided data structure - i=0; - add_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(group.gid)); - TQStringList completeGroupList = group.userlist; - TQString placeholderGroup = "cn=placeholder," + m_basedc; - if (!completeGroupList.contains(placeholderGroup)) { - completeGroupList.prepend(placeholderGroup); - } - add_multiple_attributes_operation(mods, &i, "member", completeGroupList); - LDAPMod *prevterm = mods[i]; - mods[i] = NULL; - - // Perform LDAP update - retcode = ldap_modify_ext_s(m_ldap, group.distinguishedName.ascii(), mods, NULL, NULL); - - // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - free(mods[i]->mod_values[j]); - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } - - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } - else { - return 0; - } - } -} - -int LDAPManager::addUserInfo(LDAPUserInfo user) { - int retcode; - int i; - LDAPUserInfo userinfo; - - if (bind() < 0) { - return -1; - } - else { - // Create the base DN entry - int number_of_parameters = 13; // 13 primary attributes - LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; - - // Load initial required LDAP object attributes - i=0; - create_single_attribute_operation(mods, &i, "uidNumber", TQString("%1").arg(user.uid)); - create_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(user.primary_gid)); - create_multiple_attributes_operation(mods, &i, "objectClass", TQStringList::split(" ", "inetOrgPerson krb5Realm krb5Principal krb5KDCEntry emsUser posixAccount")); - create_single_attribute_operation(mods, &i, "uid", user.name); - create_single_attribute_operation(mods, &i, "cn", user.commonName); - create_single_attribute_operation(mods, &i, "sn", user.surName); - create_single_attribute_operation(mods, &i, "homeDirectory", user.homedir); - // Kerberos - create_single_attribute_operation(mods, &i, "krb5KeyVersionNumber", "1"); - create_single_attribute_operation(mods, &i, "krb5PrincipalName", TQString(user.name.lower()) + "@" + m_realm.upper()); - create_single_attribute_operation(mods, &i, "krb5RealmName", m_realm.upper()); - // Zivios specific - create_single_attribute_operation(mods, &i, "emsdescription", "None"); - create_single_attribute_operation(mods, &i, "emsprimarygroupdn", "None"); - create_single_attribute_operation(mods, &i, "emstype", "UserEntry"); - LDAPMod *prevterm = mods[i]; - mods[i] = NULL; - - // Add new object - retcode = ldap_add_ext_s(m_ldap, user.distinguishedName.ascii(), mods, NULL, NULL); - - // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - free(mods[i]->mod_values[j]); - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } - - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP addition failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } - else { - return updateUserInfo(user); - } - } -} - -int LDAPManager::addGroupInfo(LDAPGroupInfo group) { - int retcode; - int i; - LDAPGroupInfo groupinfo; - - if (bind() < 0) { - return -1; - } - else { - // Create the base DN entry - int number_of_parameters = 6; // 6 primary attributes - LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; - - TQString placeholderGroup = "cn=placeholder," + m_basedc; - - // Load initial required LDAP object attributes - i=0; - create_single_attribute_operation(mods, &i, "gidNumber", TQString("%1").arg(group.gid)); - create_multiple_attributes_operation(mods, &i, "objectClass", TQStringList::split(" ", "emsGroup groupOfNames posixGroup")); - create_single_attribute_operation(mods, &i, "cn", group.name); - create_multiple_attributes_operation(mods, &i, "member", TQStringList(placeholderGroup)); - // Zivios specific - create_single_attribute_operation(mods, &i, "emsdescription", "None"); - create_single_attribute_operation(mods, &i, "emstype", "GroupEntry"); - LDAPMod *prevterm = mods[i]; - mods[i] = NULL; - - // Add new object - retcode = ldap_add_ext_s(m_ldap, group.distinguishedName.ascii(), mods, NULL, NULL); - - // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - free(mods[i]->mod_values[j]); - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } - - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP addition failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } - else { - return updateGroupInfo(group); - } - } -} - -int LDAPManager::deleteUserInfo(LDAPUserInfo user) { - int retcode; - LDAPUserInfo userinfo; - - if (bind() < 0) { - return -1; - } - else { - // Delete the base DN entry - retcode = ldap_delete_ext_s(m_ldap, user.distinguishedName.ascii(), NULL, NULL); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP deletion failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } - else { - return 0; - } - } -} - -int LDAPManager::deleteGroupInfo(LDAPGroupInfo group) { - int retcode; - LDAPGroupInfo groupinfo; - - if (bind() < 0) { - return -1; - } - else { - // Delete the base DN entry - retcode = ldap_delete_ext_s(m_ldap, group.distinguishedName.ascii(), NULL, NULL); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP deletion failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } - else { - return 0; - } - } -} - -int LDAPManager::deleteMachineInfo(LDAPMachineInfo machine) { - int retcode; - LDAPMachineInfo machineinfo; - - if (bind() < 0) { - return -1; - } - else { - // Delete the base DN entry - retcode = ldap_delete_ext_s(m_ldap, machine.distinguishedName.ascii(), NULL, NULL); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP deletion failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } - else { - return 0; - } - } -} - -LDAPGroupInfo LDAPManager::parseLDAPGroupRecord(LDAPMessage* entry) { - char* dn = NULL; - char* attr; - struct berval **vals; - BerElement* ber; - int i; - - LDAPGroupInfo groupinfo; - - if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { - printf("Returned dn: %s\n", dn); - groupinfo.distinguishedName = dn; - TQStringList dnParts = TQStringList::split(",", dn); - TQString id = dnParts[0]; - if (id.startsWith("cn=")) { - id = id.remove(0, 3); - groupinfo.name = id; - } - ldap_memfree(dn); - } - - for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { - if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { -for(i = 0; vals[i] != NULL; i++) { - printf("[RAJA DEBUG 110.3] %s: %s\n\r", attr, vals[i]->bv_val); -} - groupinfo.informationValid = true; - TQString ldap_field = attr; - i=0; - if (ldap_field == "creatorsName") { - groupinfo.creatorsName = vals[i]->bv_val; - } - else if (ldap_field == "member") { - TQStringList members; - for(i = 0; vals[i] != NULL; i++) { - TQString userdn = vals[i]->bv_val; - if (userdn.startsWith("cn=placeholder,dc=")) { - continue; - } - members.append(userdn); - } - groupinfo.userlist = members; - } - else if (ldap_field == "gidNumber") { - groupinfo.gid = atoi(vals[i]->bv_val); - } - ldap_value_free_len(vals); - } - ldap_memfree(attr); - } - - if (ber != NULL) { - ber_free(ber, 0); - } - - printf("\n\r"); - - return groupinfo; -} - -LDAPMachineInfo LDAPManager::parseLDAPMachineRecord(LDAPMessage* entry) { - char* dn = NULL; - char* attr; - struct berval **vals; - BerElement* ber; - int i; - - LDAPMachineInfo machineinfo; - - if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { - printf("Returned dn: %s\n", dn); - machineinfo.distinguishedName = dn; - TQStringList dnParts = TQStringList::split(",", dn); - TQString id = dnParts[0]; - if (id.startsWith("krb5PrincipalName=host/")) { - id = id.remove(0, 23); - id.replace("@"+m_realm, ""); - machineinfo.name = id; - } - ldap_memfree(dn); - } - - for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { - if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { -for(i = 0; vals[i] != NULL; i++) { - printf("[RAJA DEBUG 120.3] %s: %s\n\r", attr, vals[i]->bv_val); -} - machineinfo.informationValid = true; - TQString ldap_field = attr; - i=0; - if (ldap_field == "creatorsName") { - machineinfo.creatorsName = vals[i]->bv_val; - } - else if (ldap_field == "krb5KDCFlags") { - machineinfo.status = (LDAPKRB5Flags)(atoi(vals[i]->bv_val)); - } - ldap_value_free_len(vals); - } - ldap_memfree(attr); - } - - if (ber != NULL) { - ber_free(ber, 0); - } - - printf("\n\r"); - - return machineinfo; -} - -LDAPGroupInfoList LDAPManager::groups() { - int retcode; - LDAPGroupInfoList groups; -printf("[RAJA DEBUG 110.0] In LDAPManager::groups()\n\r"); fflush(stdout); - - if (bind() < 0) { - return LDAPGroupInfoList(); - } - else { -printf("[RAJA DEBUG 110.1] In LDAPManager::groups() bind was OK\n\r"); fflush(stdout); - LDAPMessage* msg; - TQString ldap_base_dn = m_basedc; - TQString ldap_filter = "(objectClass=posixGroup)"; - struct timeval timeout; - timeout.tv_sec = 10; // 10 second timeout - retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, &timeout, 0, &msg); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return LDAPGroupInfoList(); - } - -printf("[RAJA DEBUG 110.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); - - // Iterate through the returned entries - LDAPMessage* entry; - for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - // RAJA - groups.append(parseLDAPGroupRecord(entry)); - } - - // clean up - ldap_msgfree(msg); - - return groups; - } - - return LDAPGroupInfoList(); -} - -LDAPMachineInfoList LDAPManager::machines() { - int retcode; - LDAPMachineInfoList machines; -printf("[RAJA DEBUG 120.0] In LDAPManager::machines()\n\r"); fflush(stdout); - - if (bind() < 0) { - return LDAPMachineInfoList(); - } - else { -printf("[RAJA DEBUG 120.1] In LDAPManager::machines() bind was OK\n\r"); fflush(stdout); - LDAPMessage* msg; - TQString ldap_base_dn = m_basedc; - TQString ldap_filter = "(&(objectClass=krb5Principal)(uid=host/*))"; - retcode = ldap_search_ext_s(m_ldap, ldap_base_dn.ascii(), LDAP_SCOPE_SUBTREE, ldap_filter.ascii(), ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); - if (retcode != LDAP_SUCCESS) { - KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return LDAPMachineInfoList(); - } - -printf("[RAJA DEBUG 120.2] The number of entries returned was %d\n\n", ldap_count_entries(m_ldap, msg)); - - // Iterate through the returned entries - LDAPMessage* entry; - for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - // RAJA - machines.append(parseLDAPMachineRecord(entry)); - } - - // clean up - ldap_msgfree(msg); - - return machines; - } - - return LDAPMachineInfoList(); -} - -// =============================================================================================================== -// -// DATA CLASS CONSTRUCTORS AND DESTRUCTORS -// -// =============================================================================================================== - -LDAPUserInfo::LDAPUserInfo() { - // TQStrings are always initialized to TQString::null, so they don't need initialization here... - informationValid = false; - - uid = -1; - primary_gid = -1; - status = (LDAPKRB5Flags)0; - account_created = TQDateTime::fromString("1970-01-01T00:00:00", TQt::ISODate); - account_modified = TQDateTime::fromString("1970-01-01T00:00:00", TQt::ISODate); - password_last_changed = TQDateTime::fromString("1970-01-01T00:00:00", TQt::ISODate); - password_expires = false; - password_expiration = TQDateTime::fromString("1970-01-01T00:00:00", TQt::ISODate); - password_ages = false; - new_password_interval = -1; - new_password_warn_interval = -1; - new_password_lockout_delay = -1; - password_has_minimum_age = false; - password_minimum_age = -1; - maximum_ticket_lifetime = -1; -} - -LDAPUserInfo::~LDAPUserInfo() { - // -} - -LDAPGroupInfo::LDAPGroupInfo() { - // TQStrings are always initialized to TQString::null, so they don't need initialization here... - informationValid = false; - - gid = -1; -} - -LDAPGroupInfo::~LDAPGroupInfo() { - // -} - -LDAPMachineInfo::LDAPMachineInfo() { - // TQStrings are always initialized to TQString::null, so they don't need initialization here... - informationValid = false; - - status = (LDAPKRB5Flags)0; -} - -LDAPMachineInfo::~LDAPMachineInfo() { - // -} - -#include "libtdeldap.moc"
\ No newline at end of file diff --git a/src/libtdeldap.h b/src/libtdeldap.h deleted file mode 100644 index a1369a1..0000000 --- a/src/libtdeldap.h +++ /dev/null @@ -1,224 +0,0 @@ -/*************************************************************************** - * Copyright (C) 2012 by Timothy Pearson * - * kb9vqf@pearsoncomputing.net * - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - * This program is distributed in the hope that it will be useful, * - * but WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * - * GNU General Public License for more details. * - * * - * You should have received a copy of the GNU General Public License * - * along with this program; if not, write to the * - * Free Software Foundation, Inc., * - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - ***************************************************************************/ - -#ifndef _LIBTDELDAP_H_ -#define _LIBTDELDAP_H_ - -#include <unistd.h> -#include <ldap.h> - -#include <tqobject.h> -#include <tqstring.h> -#include <tqdatetime.h> -#include <tqvaluelist.h> - -// Values from hdb.asn1 -enum LDAPKRB5Flags { - KRB5_INITIAL = 0x00000001, - KRB5_FORWARDABLE = 0x00000002, - KRB5_PROXIABLE = 0x00000004, - KRB5_RENEWABLE = 0x00000008, - KRB5_POSTDATE = 0x00000010, - KRB5_SERVER = 0x00000020, - KRB5_CLIENT = 0x00000040, - KRB5_INVALID = 0x00000080, - KRB5_REQUIRE_PREAUTH = 0x00000100, - KRB5_CHANGE_PW = 0x00000200, - KRB5_REQUIRE_HWAUTH = 0x00000400, - KRB5_OK_AS_DELEGATE = 0x00000800, - KRB5_USER_TO_USER = 0x00001000, - KRB5_IMMUTABLE = 0x00002000, - KRB5_TRUSTED_FOR_DELEGATION = 0x00004000, - KRB5_ALLOW_KERBEROS_4 = 0x00008000, - KRB5_ALLOW_DIGEST = 0x00010000, - KRB5_LOCKED_OUT = 0x00020000, - - KRB5_ACTIVE_DEFAULT = KRB5_FORWARDABLE | KRB5_RENEWABLE | KRB5_CLIENT | KRB5_CHANGE_PW, - KRB5_DISABLED_ACCOUNT = KRB5_FORWARDABLE | KRB5_SERVER | KRB5_INVALID | KRB5_REQUIRE_PREAUTH | KRB5_REQUIRE_HWAUTH | KRB5_OK_AS_DELEGATE | KRB5_USER_TO_USER, - KRB5_MACHINE_ACCOUNT_DEFAULT = KRB5_FORWARDABLE | KRB5_PROXIABLE | KRB5_RENEWABLE | KRB5_POSTDATE | KRB5_SERVER | KRB5_CLIENT, - KRB5_FLAG_MAX = 0x80000000 -}; - -typedef TQValueList<uid_t> UserList; -typedef TQValueList<gid_t> GroupList; - -class LDAPCredentials -{ - public: - TQString username; - TQCString password; - TQString realm; -}; - -class LDAPUserInfo -{ - public: - LDAPUserInfo(); - ~LDAPUserInfo(); - - public: - bool informationValid; - TQString distinguishedName; - TQString creatorsName; - - TQString name; - uid_t uid; - TQString shell; - TQString homedir; - gid_t primary_gid; - LDAPKRB5Flags status; // Default active user is 586 [KRB5_ACTIVE_DEFAULT] and locked out user is 7586 [KRB5_DISABLED_ACCOUNT] - TQCString new_password; - TQDateTime account_created; - TQDateTime account_modified; - TQDateTime password_last_changed; - bool password_expires; - TQDateTime password_expiration; - bool password_ages; - int new_password_interval; - int new_password_warn_interval; - int new_password_lockout_delay; - bool password_has_minimum_age; - int password_minimum_age; - int maximum_ticket_lifetime; - - // Page 1 - TQString commonName; - TQString givenName; - TQString surName; - TQString initials; - TQString title; - TQString email; - TQString description; - TQString locality; - TQString telephoneNumber; - TQString faxNumber; - TQString homePhone; - TQString mobilePhone; - TQString pagerNumber; - TQString website; - - // Page 2 - TQString poBox; - TQString street; - TQString address; - TQString state; - TQString postcode; - TQString registeredAddress; - TQString homeAddress; - - // Page 3 - TQString seeAlso; - TQString deliveryOffice; - TQString department; - TQString roomNumber; - TQString employeeType; - TQString employeeNumber; - TQString manager; - TQString secretary; - TQString isdnNumber; - TQString teletexID; - TQString telexNumber; - TQString preferredDelivery; - TQString destinationIndicator; - TQString x121Address; - TQString displayName; - TQString preferredLanguage; - TQString uniqueIdentifier; - TQString businessCategory; - TQString carLicense; - TQString notes; -}; - -class LDAPGroupInfo -{ - public: - LDAPGroupInfo(); - ~LDAPGroupInfo(); - - public: - bool informationValid; - TQString distinguishedName; - TQString creatorsName; - - TQString name; - gid_t gid; - TQStringList userlist; -}; - -class LDAPMachineInfo -{ - public: - LDAPMachineInfo(); - ~LDAPMachineInfo(); - - public: - bool informationValid; - TQString distinguishedName; - TQString creatorsName; - - TQString name; - LDAPKRB5Flags status; -}; - -typedef TQValueList<LDAPUserInfo> LDAPUserInfoList; -typedef TQValueList<LDAPGroupInfo> LDAPGroupInfoList; -typedef TQValueList<LDAPMachineInfo> LDAPMachineInfoList; - -class LDAPManager : public TQObject { - Q_OBJECT - - public: - LDAPManager(TQString realm, TQString host, TQObject *parent=0, const char *name=0); - ~LDAPManager(); - - TQString realm(); - TQString basedn(); - int bind(); - int unbind(bool force); - LDAPUserInfoList users(); - LDAPGroupInfoList groups(); - LDAPMachineInfoList machines(); - LDAPUserInfo getUserByDistinguishedName(TQString dn); - LDAPGroupInfo getGroupByDistinguishedName(TQString dn); - int updateUserInfo(LDAPUserInfo user); - int updateGroupInfo(LDAPGroupInfo group); - int addUserInfo(LDAPUserInfo user); - int addGroupInfo(LDAPGroupInfo group); - int deleteUserInfo(LDAPUserInfo user); - int deleteGroupInfo(LDAPGroupInfo group); - int deleteMachineInfo(LDAPMachineInfo machine); - - LDAPCredentials currentLDAPCredentials(); - - private: - LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry); - LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry); - LDAPMachineInfo parseLDAPMachineRecord(LDAPMessage* entry); - - private: - TQString m_realm; - TQString m_host; - int m_port; - TQString m_basedc; - LDAPCredentials* m_creds; - LDAP *m_ldap; -}; - -#endif // _LIBTDELDAP_H_
\ No newline at end of file |