Branch: master

e0857068 2015-09-28 19:32:59 Timothy Pearson 
Convert service add to C API
M src/libtdeldap.cpp
M src/libtdeldap.h
 
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index e341ce2..93ec360 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -1842,7 +1842,7 @@
 	}
 }
 
-int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
+int LDAPManager::kAdminAddNewPrincipal(TQString principalName, TQString newPassword, TQString *errstr) {
 	if (bind() < 0) {
 		return -1;
 	}
@@ -1856,16 +1856,13 @@
 		if (retcode == 0) {
 			retcode = 1;
 			bool generate_password;
-			if (machine.newPassword == "") {
+			if (newPassword == "") {
 				generate_password = true;
 			}
 			else {
 				generate_password = false;
-				password = strdup(machine.newPassword.data());
+				password = strdup(newPassword.ascii());
 			}
-
-			LDAPCredentials admincreds = currentLDAPCredentials(true);
-			TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower();
 
 			// Construct and add new principal record
 			kadm5_principal_ent_rec principal_record;
@@ -1875,7 +1872,7 @@
 			int mask = 0;
 
 			memset(&principal_record, 0, sizeof(principal_record));
-			krb5adm_ret = krb5_parse_name(m_krb5admContext, hoststring.ascii(), &principal_entry);
+			krb5adm_ret = krb5_parse_name(m_krb5admContext, principalName.ascii(), &principal_entry);
 			if (krb5adm_ret) {
 				if (errstr) *errstr = i18n("%1<p>Details:<br>Failed to execute krb5_parse_name (code %2)").arg(krb5_get_error_message(m_krb5admContext, krb5adm_ret)).arg(krb5adm_ret);
 			}
@@ -1989,126 +1986,15 @@
 	}
 }
 
+int LDAPManager::addMachineInfo(LDAPMachineInfo machine, TQString *errstr) {
+	LDAPCredentials admincreds = currentLDAPCredentials(true);
+	TQString hoststring = "host/" + machine.name + "." + admincreds.realm.lower();
+	return kAdminAddNewPrincipal(hoststring, machine.newPassword, errstr);
+}
+
 int LDAPManager::addServiceInfo(LDAPServiceInfo service, TQString *errstr) {
-	if (bind() < 0) {
-		return -1;
-	}
-	else {
-		// Use Kerberos kadmin to actually add the service
-		LDAPCredentials admincreds = currentLDAPCredentials();
-		if ((admincreds.username == "") && (admincreds.password == "")) {
-			// Probably GSSAPI
-			// Get active ticket principal...
-			KerberosTicketInfoList tickets = LDAPManager::getKerberosTicketList();
-			TQStringList principalParts = TQStringList::split("@", tickets[0].cachePrincipal, false);
-			admincreds.username = principalParts[0];
-			admincreds.realm = principalParts[1];
-			admincreds.use_gssapi = true;
-		}
-
-		TQCString command = "kadmin";
-		QCStringList args;
-		if (m_host.startsWith("ldapi://")) {
-			args << TQCString("-l") << TQCString("-r") << TQCString(admincreds.realm.upper());
-		}
-		else {
-			if (admincreds.username == "") {
-				args << TQCString("-r") << TQCString(admincreds.realm.upper());
-			}
-			else {
-				args << TQCString("-p") << TQCString(admincreds.username.lower()+"@"+(admincreds.realm.upper())) << TQCString("-r") << TQCString(admincreds.realm.upper());
-			}
-		}
-
-		TQString hoststring = service.name+"/"+service.machine;
-
-		TQString prompt;
-		PtyProcess kadminProc;
-		kadminProc.exec(command, args);
-		prompt = readFullLineFromPtyProcess(&kadminProc);
-		prompt = prompt.stripWhiteSpace();
-		if (prompt == "kadmin>") {
-			command = TQCString("ank --random-key "+hoststring);
-			kadminProc.enableLocalEcho(false);
-			kadminProc.writeLine(command, true);
-			do { // Discard our own input
-				prompt = readFullLineFromPtyProcess(&kadminProc);
-				printf("(kadmin) '%s'\n", prompt.ascii());
-			} while ((prompt == TQString(command)) || (prompt == ""));
-			prompt = prompt.stripWhiteSpace();
-			// Use all defaults
-			while (prompt != "kadmin>") {
-				if (prompt.endsWith(" Password:")) {
-					if (admincreds.password == "") {
-						if (tqApp->type() != TQApplication::Tty) {
-							TQCString password;
-							int result = KPasswordDialog::getPassword(password, prompt);
-							if (result == KPasswordDialog::Accepted) {
-								admincreds.password = password;
-							}
-						}
-						else {
-							TQFile file;
-							file.open(IO_ReadOnly, stdin);
-							TQTextStream qtin(&file);
-							admincreds.password = qtin.readLine();
-						}
-					}
-					if (admincreds.password != "") {
-						kadminProc.enableLocalEcho(false);
-						kadminProc.writeLine(admincreds.password, true);
-						do { // Discard our own input
-							prompt = readFullLineFromPtyProcess(&kadminProc);
-							printf("(kadmin) '%s'\n", prompt.ascii());
-						} while (prompt == "");
-						prompt = prompt.stripWhiteSpace();
-					}
-				}
-				if (prompt.contains("authentication failed")) {
-					if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
-					kadminProc.enableLocalEcho(false);
-					kadminProc.writeLine("quit", true);
-					return 1;
-				}
-				else {
-					// Extract whatever default is in the [brackets] and feed it back to kadmin
-					TQString defaultParam;
-					int leftbracket = prompt.find("[");
-					int rightbracket = prompt.find("]");
-					if ((leftbracket >= 0) && (rightbracket >= 0)) {
-						leftbracket++;
-						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
-					}
-					command = TQCString(defaultParam);
-					kadminProc.enableLocalEcho(false);
-					kadminProc.writeLine(command, true);
-					do { // Discard our own input
-						prompt = readFullLineFromPtyProcess(&kadminProc);
-						printf("(kadmin) '%s'\n", prompt.ascii());
-					} while ((prompt == TQString(command)) || (prompt == ""));
-					prompt = prompt.stripWhiteSpace();
-				}
-			}
-			if (prompt != "kadmin>") {
-				if (errstr) *errstr = detailedKAdminErrorMessage(prompt);
-				kadminProc.enableLocalEcho(false);
-				kadminProc.writeLine("quit", true);
-				return 1;
-			}
-
-			// Success!
-			kadminProc.enableLocalEcho(false);
-			kadminProc.writeLine("quit", true);
-			unbind(true);	// Using kadmin can disrupt our LDAP connection
-
-			// Move Kerberos entries
-			return moveKerberosEntries("o=kerberos,cn=kerberos control,ou=master services,ou=core,ou=realm," + m_basedc, errstr);
-		}
-
-		if (errstr) *errstr = "Internal error.  Verify that kadmin exists and can be executed.";
-		return 1;	// Failure
-
-	}
+	TQString hoststring = service.name + "/" + service.machine;
+	return kAdminAddNewPrincipal(hoststring, TQString::null, errstr);
 }
 
 int LDAPManager::deleteUserInfo(LDAPUserInfo user, TQString *errstr) {
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index d91766f..a62c429 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -591,6 +591,7 @@
 	private:
 		int bindKAdmin(TQString *errstr=0);
 		int unbindKAdmin(TQString *errstr=0);
+		int kAdminAddNewPrincipal(TQString principalName, TQString newPassword, TQString *errstr=0);
 		LDAPUserInfo parseLDAPUserRecord(LDAPMessage* entry);
 		LDAPGroupInfo parseLDAPGroupRecord(LDAPMessage* entry);
 		LDAPMachineInfo parseLDAPMachineRecord(LDAPMessage* entry);