Add preliminary bonding and unbonding support

This does not yet handle PAM
12 years ago · 96356fea28
parent 9468495702
commit 96356fea28
1 changed files with 138 additions and 23 deletions
--- a/src/ldap.cpp
+++ b/src/ldap.cpp
@ -43,6 +43,8 @@
 #include <klineedit.h>
 #include <kmessagebox.h>

+#include <tdesu/process.h>
+
 #include "ldap.h"
 #include "bondwizard.h"
 #include "ldappasswddlg.h"
@ -373,8 +375,6 @@ void LDAPConfig::processLockouts() {
 }

 void LDAPConfig::bondToNewRealm() {
-	// RAJA FIXME
-
 	// Something will probably change
 	save();

@ -390,21 +390,22 @@ void LDAPConfig::reBondToRealm() {
 	if (selrealm) {
 		TQString realmName = selrealm->text(1);
 		LDAPRealmConfig realmcfg = m_realms[realmName];
-		if (realmcfg.bonded == false) {
-			// Password prompt...
-			TQString errorString;
-			LDAPPasswordDialog passdlg(this);
-			if (passdlg.exec() == TQDialog::Accepted) {
-				if (bondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
-					// Success!
-					realmcfg.bonded = true;
-					m_realms.remove(realmName);
-					m_realms.insert(realmName, realmcfg);
-					save();
-				}
-				else {
-					KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>%1</qt>").arg(errorString), i18n("Unable to Bond to Realm"));
-				}
+
+		// Password prompt...
+		TQString errorString;
+		LDAPPasswordDialog passdlg(this);
+		passdlg.m_base->ldapAdminRealm->setEnabled(false);
+		passdlg.m_base->ldapAdminRealm->setText(realmName);
+		if (passdlg.exec() == TQDialog::Accepted) {
+			if (bondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
+				// Success!
+				realmcfg.bonded = true;
+				m_realms.remove(realmName);
+				m_realms.insert(realmName, realmcfg);
+				save();
+			}
+			else {
+				KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>Details: %1</qt>").arg(errorString), i18n("Unable to Bond to Realm"));
 			}
 		}
 	}
@ -429,6 +430,8 @@ void LDAPConfig::deactivateRealm() {
 			// Password prompt...
 			TQString errorString;
 			LDAPPasswordDialog passdlg(this);
+			passdlg.m_base->ldapAdminRealm->setEnabled(false);
+			passdlg.m_base->ldapAdminRealm->setText(realmName);
 			passdlg.m_base->passprompt->setText(i18n("Please provide LDAP realm administrator credentials below to complete the unbonding process"));
 			if (passdlg.exec() == TQDialog::Accepted) {
 				if (unbondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
@ -447,13 +450,129 @@ void LDAPConfig::deactivateRealm() {
 	updateRealmList();
 }

+TQString readFullLineFromPtyProcess(PtyProcess* proc) {
+	TQString result = "";
+	while ((!result.contains("\n")) && (!result.contains(":"))) {
+		result = result + TQString(proc->readLine(false));
+		tqApp->processEvents();
+	}
+	return result;
+}
+
 int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
-	// RAJA FIXME
+	TQCString command = "kadmin";
+	QCStringList args;
+	args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper()));
+
+	TQString hoststring = "host/"+m_fqdn;
+
+	TQString prompt;
+	PtyProcess kadminProc;
+	kadminProc.exec(command, args);
+	prompt = kadminProc.readLine(true);
+	prompt = prompt.stripWhiteSpace();
+	if (prompt == "kadmin>") {
+		kadminProc.writeLine(TQCString("ext "+hoststring), true);
+		prompt = kadminProc.readLine(true);	// Discard our own input
+		prompt = readFullLineFromPtyProcess(&kadminProc);
+		prompt = prompt.stripWhiteSpace();
+		if (prompt.endsWith(" Password:")) {
+			kadminProc.writeLine(adminPassword, true);
+			prompt = kadminProc.readLine(true);	// Discard our own input
+			prompt = readFullLineFromPtyProcess(&kadminProc);
+			prompt = prompt.stripWhiteSpace();
+		}
+		if (prompt.contains("authentication failed")) {
+			if (errstr) *errstr = prompt;
+			kadminProc.writeLine("quit", true);
+			return 1;
+		}
+		else if (prompt.endsWith("Principal does not exist")) {
+			kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
+			// Use all defaults
+			while (prompt != "kadmin>") {
+				prompt = kadminProc.readLine(true);	// Discard our own input
+				prompt = readFullLineFromPtyProcess(&kadminProc);
+				prompt = prompt.stripWhiteSpace();
+				if (prompt.endsWith(" Password:")) {
+					kadminProc.writeLine(adminPassword, true);
+					prompt = kadminProc.readLine(true);	// Discard our own input
+					prompt = readFullLineFromPtyProcess(&kadminProc);
+					prompt = prompt.stripWhiteSpace();
+				}
+				if (prompt.contains("authentication failed")) {
+					if (errstr) *errstr = prompt;
+					kadminProc.writeLine("quit", true);
+					return 1;
+				}
+				else {
+					kadminProc.writeLine("", true);
+				}
+			}
+			kadminProc.writeLine(TQCString("ext "+hoststring), true);
+			prompt = kadminProc.readLine(true);	// Discard our own input
+			prompt = readFullLineFromPtyProcess(&kadminProc);
+			prompt = prompt.stripWhiteSpace();
+			if (prompt != "kadmin>") {
+				if (errstr) *errstr = prompt;
+				kadminProc.writeLine("quit", true);
+				return 1;
+			}
+
+			// Success!
+			kadminProc.writeLine("quit", true);
+			return 0;
+		}
+		else if (prompt == "kadmin>") {
+			// Success!
+			kadminProc.writeLine("quit", true);
+			return 0;
+		}
+
+		// Failure
+		if (errstr) *errstr = prompt;
+		kadminProc.writeLine("quit", true);
+		return 1;
+	}
+
+	if (errstr) *errstr = "Internal error.  Verify that kadmin exists and can be executed.";
 	return 1;	// Failure
 }

 int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
-	// RAJA FIXME
+	TQCString command = "kadmin";
+	QCStringList args;
+	args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper()));
+
+	TQString hoststring = "host/"+m_fqdn;
+
+	TQString prompt;
+	PtyProcess kadminProc;
+	kadminProc.exec(command, args);
+	prompt = kadminProc.readLine(true);
+	prompt = prompt.stripWhiteSpace();
+	if (prompt == "kadmin>") {
+		kadminProc.writeLine(TQCString("delete "+hoststring), true);
+		prompt = kadminProc.readLine(true);	// Discard our own input
+		prompt = readFullLineFromPtyProcess(&kadminProc);
+		prompt = prompt.stripWhiteSpace();
+		if (prompt.endsWith(" Password:")) {
+			kadminProc.writeLine(adminPassword, true);
+			prompt = kadminProc.readLine(true);	// Discard our own input
+			prompt = readFullLineFromPtyProcess(&kadminProc);
+			prompt = prompt.stripWhiteSpace();
+		}
+		if (prompt != "kadmin>") {
+			if (errstr) *errstr = prompt;
+			kadminProc.writeLine("quit", true);
+			return 1;
+		}
+
+		// Success!
+		kadminProc.writeLine("quit", true);
+		return 0;
+	}
+
 	return 1;	// Failure
 }

@ -478,15 +597,11 @@ void LDAPConfig::writeKrb5ConfFile() {
 		stream << "\n";

 		// Defaults
-		// FIXME
-		// These should be configurable!
 		stream << "[libdefaults]\n";
 		stream << "    ticket_lifetime = " << m_ticketLifetime << "\n";
 		if (m_defaultRealm != "") {
 			stream << "    default_realm = " << m_defaultRealm << "\n";
 		}
-		stream << "    default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n";
-		stream << "    default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n";
 		stream << "\n";

 		// Realms