From 0e555d663735a59d5a62c12e26360ce88d709535 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sun, 8 Jul 2012 23:25:39 -0500 Subject: [PATCH] Fix kadmin communication --- src/ldapcontroller.cpp | 159 ++++++++++++++++++++++++++++------------- 1 file changed, 109 insertions(+), 50 deletions(-) diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index 38089b0..2aa3ee3 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -270,6 +270,7 @@ void LDAPController::systemRoleChanged() { // Write the TDE realm configuration file LDAPRealmConfigList realms; LDAPManager::writeTDERealmList(realms, m_systemconfig); + m_systemconfig->setGroup(NULL); m_systemconfig->deleteEntry("DefaultRealm"); m_systemconfig->sync(); @@ -285,7 +286,7 @@ void LDAPController::systemRoleChanged() { } void LDAPController::processLockouts() { - bool enabled = true; + bool enabled = m_base->systemEnableSupport->isChecked(); bool canChangeLDAPEnabled = true; if (getuid() != 0 || !m_systemconfig->checkConfigFilesWritable( true )) { @@ -892,10 +893,12 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr TQString readFullLineFromPtyProcess(PtyProcess* proc) { TQString result = ""; - while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) { + while ((!result.contains("\r")) && (!result.contains(":")) && (!result.contains(">"))) { result = result + TQString(proc->readLine(false)); tqApp->processEvents(); } + result.replace("\n", ""); + result.replace("\r", ""); return result; } @@ -906,13 +909,17 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err TQString prompt; PtyProcess kadminProc; + kadminProc.enableLocalEcho(false); kadminProc.exec(command, args); - prompt = kadminProc.readLine(true); + prompt = readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); if (prompt == "kadmin>") { - kadminProc.writeLine(TQCString("init "+realmName), true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + command = TQCString("init "+realmName); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt.contains("authentication failed")) { if (errstr) *errstr = prompt; @@ -920,14 +927,20 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err return 1; } else if (prompt.startsWith("Realm max")) { - kadminProc.writeLine("unlimited", true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + command = "unlimited"; + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt.startsWith("Realm max")) { - kadminProc.writeLine("unlimited", true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + command = "unlimited"; + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); } if (prompt != "kadmin>") { @@ -961,12 +974,15 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString TQString prompt; PtyProcess kadminProc; kadminProc.exec(command, args); - prompt = kadminProc.readLine(true); + prompt = readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); if (prompt == "kadmin>") { - kadminProc.writeLine(TQCString("ext "+hoststring), true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + command = TQCString("ext "+hoststring); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt.contains("authentication failed")) { if (errstr) *errstr = prompt; @@ -974,10 +990,20 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString return 1; } else if (prompt.endsWith("Principal does not exist")) { - kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true); - prompt = kadminProc.readLine(true); // Discard our own input prompt = readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); + if (prompt != "kadmin>") { + if (errstr) *errstr = prompt; + kadminProc.writeLine("quit", true); + return 1; + } + command = TQCString("ank --random-key "+hoststring); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); + prompt = prompt.stripWhiteSpace(); // Use all defaults while (prompt != "kadmin>") { if (prompt.contains("authentication failed")) { @@ -994,15 +1020,21 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString leftbracket++; defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket); } - kadminProc.writeLine(TQCString(defaultParam), true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = kadminProc.readLine(true); + command = TQCString(defaultParam); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); } } - kadminProc.writeLine(TQCString("ext "+hoststring), true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + command = TQCString("ext "+hoststring); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt != "kadmin>") { if (errstr) *errstr = prompt; @@ -1040,12 +1072,15 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T TQString prompt; PtyProcess kadminProc; kadminProc.exec(command, args); - prompt = kadminProc.readLine(true); + prompt = readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); if (prompt == "kadmin>") { - kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt.startsWith("ext --keytab=")); prompt = prompt.stripWhiteSpace(); if (prompt.contains("authentication failed")) { if (errstr) *errstr = prompt; @@ -1053,10 +1088,20 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T return 1; } else if (prompt.endsWith("Principal does not exist")) { - kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true); - prompt = kadminProc.readLine(true); // Discard our own input prompt = readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); + if (prompt != "kadmin>") { + if (errstr) *errstr = prompt; + kadminProc.writeLine("quit", true); + return 1; + } + command = TQCString("ank --random-key "+hoststring); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); + prompt = prompt.stripWhiteSpace(); // Use all defaults while (prompt != "kadmin>") { if (prompt.contains("authentication failed")) { @@ -1073,15 +1118,21 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T leftbracket++; defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket); } - kadminProc.writeLine(TQCString(defaultParam), true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = kadminProc.readLine(true); + command = TQCString(defaultParam); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); } } - kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt.startsWith("ext --keytab=")); prompt = prompt.stripWhiteSpace(); if (prompt != "kadmin>") { if (errstr) *errstr = prompt; @@ -1121,12 +1172,15 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e TQString prompt; PtyProcess kadminProc; kadminProc.exec(command, args); - prompt = kadminProc.readLine(true); + prompt = readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); if (prompt == "kadmin>") { - kadminProc.writeLine(TQCString("passwd "+user.username), true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + command = TQCString("passwd "+user.username); + kadminProc.writeLine(command, true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt.contains("authentication failed")) { if (errstr) *errstr = prompt; @@ -1135,13 +1189,17 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e } else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.username + "@")))) { kadminProc.writeLine(user.password, true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = kadminProc.readLine(true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == ""); prompt = prompt.stripWhiteSpace(); if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) { kadminProc.writeLine(user.password, true); - prompt = kadminProc.readLine(true); // Discard our own input - prompt = kadminProc.readLine(true); + do { // Discard our own input + prompt = readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } while (prompt == ""); prompt = prompt.stripWhiteSpace(); } if (prompt != "kadmin>") { @@ -1560,25 +1618,25 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r TQString errorstring; if (initializeNewKerberosRealm(realmconfig.name.upper(), &errorstring) != 0) { - if (errstr) *errstr = i18n("Unable to initialize Kerberos database").append(errorstring); + if (errstr) *errstr = i18n("Unable to initialize Kerberos database

").append(errorstring); pdialog.closeDialog(); return -1; } if (addHostEntryToKerberosRealm(realmconfig.kdc, &errorstring) != 0) { - if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database").arg(m_ldapUserName).append(errorstring); + if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database

").append(errorstring); pdialog.closeDialog(); return -1; } if (addLDAPEntryToKerberosRealm(m_ldapUserName, realmconfig.admin_server, &errorstring) != 0) { - if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database").arg(m_ldapUserName).append(errorstring); + if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database

").arg(m_ldapUserName).append(errorstring); pdialog.closeDialog(); return -1; } if (addLDAPEntryToKerberosRealm("ldap", realmconfig.admin_server, &errorstring) != 0) { - if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database").append(errorstring); + if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database

").append(errorstring); pdialog.closeDialog(); return -1; } @@ -1627,7 +1685,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r if (setKerberosPasswordForUser(adminuser, &errorstring) != 0) { delete ldap_mgr; delete credentials; - if (errstr) *errstr = i18n("Unable to set user password in Kerberos database").append(errorstring); + if (errstr) *errstr = i18n("Unable to set user password in Kerberos database

").append(errorstring); pdialog.closeDialog(); return -1; } @@ -1639,6 +1697,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r LDAPRealmConfigList realms; realms.insert(realmconfig.name, realmconfig); LDAPManager::writeTDERealmList(realms, m_systemconfig); + m_systemconfig->setGroup(NULL); m_systemconfig->writeEntry("DefaultRealm", realmconfig.name); m_systemconfig->sync(); @@ -1648,7 +1707,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r if (ldap_mgr->writeSudoersConfFile(&errorstring) != 0) { delete ldap_mgr; delete credentials; - if (errstr) *errstr = i18n("Unable to set local sudo rights").append(errorstring); + if (errstr) *errstr = i18n("Unable to set local sudo rights

").append(errorstring); pdialog.closeDialog(); return -1; }