TDE
/
kcmldapcontroller
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/kcmldapcontroller
0
0
Fork 0
Code Issues Releases Wiki Activity

Fix kadmin communication

Browse Source
pull/1/head
Timothy Pearson 12 years ago
parent 9f25f4b662
commit 0e555d6637
1 changed files with 109 additions and 50 deletions
Show Stats Download Patch File Download Diff File

159
src/ldapcontroller.cpp
Unescape View File

@ -270,6 +270,7 @@ void LDAPController::systemRoleChanged() {
// Write the TDE realm configuration file // Write the TDE realm configuration file
LDAPRealmConfigList realms; LDAPRealmConfigList realms;
LDAPManager::writeTDERealmList(realms, m_systemconfig); LDAPManager::writeTDERealmList(realms, m_systemconfig);
m_systemconfig->setGroup(NULL);
m_systemconfig->deleteEntry("DefaultRealm"); m_systemconfig->deleteEntry("DefaultRealm");
m_systemconfig->sync(); m_systemconfig->sync();
@ -285,7 +286,7 @@ void LDAPController::systemRoleChanged() {
} }
void LDAPController::processLockouts() { void LDAPController::processLockouts() {
bool enabled = true; bool enabled = m_base->systemEnableSupport->isChecked();
bool canChangeLDAPEnabled = true; bool canChangeLDAPEnabled = true;
if (getuid() != 0 || !m_systemconfig->checkConfigFilesWritable( true )) { if (getuid() != 0 || !m_systemconfig->checkConfigFilesWritable( true )) {
@ -892,10 +893,12 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
TQString readFullLineFromPtyProcess(PtyProcess* proc) { TQString readFullLineFromPtyProcess(PtyProcess* proc) {
TQString result = ""; TQString result = "";
while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) { while ((!result.contains("\r")) && (!result.contains(":")) && (!result.contains(">"))) {
result = result + TQString(proc->readLine(false)); result = result + TQString(proc->readLine(false));
tqApp->processEvents(); tqApp->processEvents();
} }
result.replace("\n", "");
result.replace("\r", "");
return result; return result;
} }
@ -906,13 +909,17 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
TQString prompt; TQString prompt;
PtyProcess kadminProc; PtyProcess kadminProc;
kadminProc.enableLocalEcho(false);
kadminProc.exec(command, args); kadminProc.exec(command, args);
prompt = kadminProc.readLine(true); prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") { if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("init "+realmName), true); command = TQCString("init "+realmName);
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = readFullLineFromPtyProcess(&kadminProc); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) { if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt; if (errstr) *errstr = prompt;
@ -920,14 +927,20 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
return 1; return 1;
} }
else if (prompt.startsWith("Realm max")) { else if (prompt.startsWith("Realm max")) {
kadminProc.writeLine("unlimited", true); command = "unlimited";
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = readFullLineFromPtyProcess(&kadminProc); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt.startsWith("Realm max")) { if (prompt.startsWith("Realm max")) {
kadminProc.writeLine("unlimited", true); command = "unlimited";
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = readFullLineFromPtyProcess(&kadminProc); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
} }
if (prompt != "kadmin>") { if (prompt != "kadmin>") {
@ -961,12 +974,15 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
TQString prompt; TQString prompt;
PtyProcess kadminProc; PtyProcess kadminProc;
kadminProc.exec(command, args); kadminProc.exec(command, args);
prompt = kadminProc.readLine(true); prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") { if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("ext "+hoststring), true); command = TQCString("ext "+hoststring);
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = readFullLineFromPtyProcess(&kadminProc); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) { if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt; if (errstr) *errstr = prompt;
@ -974,10 +990,20 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
return 1; return 1;
} }
else if (prompt.endsWith("Principal does not exist")) { else if (prompt.endsWith("Principal does not exist")) {
kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc); prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
command = TQCString("ank --random-key "+hoststring);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
// Use all defaults // Use all defaults
while (prompt != "kadmin>") { while (prompt != "kadmin>") {
if (prompt.contains("authentication failed")) { if (prompt.contains("authentication failed")) {
@ -994,15 +1020,21 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
leftbracket++; leftbracket++;
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket); defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
} }
kadminProc.writeLine(TQCString(defaultParam), true); command = TQCString(defaultParam);
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = kadminProc.readLine(true); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
} }
} }
kadminProc.writeLine(TQCString("ext "+hoststring), true); command = TQCString("ext "+hoststring);
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = readFullLineFromPtyProcess(&kadminProc); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") { if (prompt != "kadmin>") {
if (errstr) *errstr = prompt; if (errstr) *errstr = prompt;
@ -1040,12 +1072,15 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
TQString prompt; TQString prompt;
PtyProcess kadminProc; PtyProcess kadminProc;
kadminProc.exec(command, args); kadminProc.exec(command, args);
prompt = kadminProc.readLine(true); prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") { if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true); command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = readFullLineFromPtyProcess(&kadminProc); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt.startsWith("ext --keytab="));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) { if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt; if (errstr) *errstr = prompt;
@ -1053,10 +1088,20 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
return 1; return 1;
} }
else if (prompt.endsWith("Principal does not exist")) { else if (prompt.endsWith("Principal does not exist")) {
kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc); prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
command = TQCString("ank --random-key "+hoststring);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
// Use all defaults // Use all defaults
while (prompt != "kadmin>") { while (prompt != "kadmin>") {
if (prompt.contains("authentication failed")) { if (prompt.contains("authentication failed")) {
@ -1073,15 +1118,21 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
leftbracket++; leftbracket++;
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket); defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
} }
kadminProc.writeLine(TQCString(defaultParam), true); command = TQCString(defaultParam);
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = kadminProc.readLine(true); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
} }
} }
kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true); command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = readFullLineFromPtyProcess(&kadminProc); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt.startsWith("ext --keytab="));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") { if (prompt != "kadmin>") {
if (errstr) *errstr = prompt; if (errstr) *errstr = prompt;
@ -1121,12 +1172,15 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
TQString prompt; TQString prompt;
PtyProcess kadminProc; PtyProcess kadminProc;
kadminProc.exec(command, args); kadminProc.exec(command, args);
prompt = kadminProc.readLine(true); prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") { if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("passwd "+user.username), true); command = TQCString("passwd "+user.username);
prompt = kadminProc.readLine(true); // Discard our own input kadminProc.writeLine(command, true);
prompt = readFullLineFromPtyProcess(&kadminProc); do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) { if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt; if (errstr) *errstr = prompt;
@ -1135,13 +1189,17 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
} }
else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.username + "@")))) { else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.username + "@")))) {
kadminProc.writeLine(user.password, true); kadminProc.writeLine(user.password, true);
prompt = kadminProc.readLine(true); // Discard our own input do { // Discard our own input
prompt = kadminProc.readLine(true); prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) { if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) {
kadminProc.writeLine(user.password, true); kadminProc.writeLine(user.password, true);
prompt = kadminProc.readLine(true); // Discard our own input do { // Discard our own input
prompt = kadminProc.readLine(true); prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace(); prompt = prompt.stripWhiteSpace();
} }
if (prompt != "kadmin>") { if (prompt != "kadmin>") {
@ -1560,25 +1618,25 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
TQString errorstring; TQString errorstring;
if (initializeNewKerberosRealm(realmconfig.name.upper(), &errorstring) != 0) { if (initializeNewKerberosRealm(realmconfig.name.upper(), &errorstring) != 0) {
if (errstr) *errstr = i18n("Unable to initialize Kerberos database").append(errorstring); if (errstr) *errstr = i18n("Unable to initialize Kerberos database<p>").append(errorstring);
pdialog.closeDialog(); pdialog.closeDialog();
return -1; return -1;
} }
if (addHostEntryToKerberosRealm(realmconfig.kdc, &errorstring) != 0) { if (addHostEntryToKerberosRealm(realmconfig.kdc, &errorstring) != 0) {
if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database").arg(m_ldapUserName).append(errorstring); if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database<p>").append(errorstring);
pdialog.closeDialog(); pdialog.closeDialog();
return -1; return -1;
} }
if (addLDAPEntryToKerberosRealm(m_ldapUserName, realmconfig.admin_server, &errorstring) != 0) { if (addLDAPEntryToKerberosRealm(m_ldapUserName, realmconfig.admin_server, &errorstring) != 0) {
if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database").arg(m_ldapUserName).append(errorstring); if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database<p>").arg(m_ldapUserName).append(errorstring);
pdialog.closeDialog(); pdialog.closeDialog();
return -1; return -1;
} }
if (addLDAPEntryToKerberosRealm("ldap", realmconfig.admin_server, &errorstring) != 0) { if (addLDAPEntryToKerberosRealm("ldap", realmconfig.admin_server, &errorstring) != 0) {
if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database").append(errorstring); if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database<p>").append(errorstring);
pdialog.closeDialog(); pdialog.closeDialog();
return -1; return -1;
} }
@ -1627,7 +1685,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
if (setKerberosPasswordForUser(adminuser, &errorstring) != 0) { if (setKerberosPasswordForUser(adminuser, &errorstring) != 0) {
delete ldap_mgr; delete ldap_mgr;
delete credentials; delete credentials;
if (errstr) *errstr = i18n("Unable to set user password in Kerberos database").append(errorstring); if (errstr) *errstr = i18n("Unable to set user password in Kerberos database<p>").append(errorstring);
pdialog.closeDialog(); pdialog.closeDialog();
return -1; return -1;
} }
@ -1639,6 +1697,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
LDAPRealmConfigList realms; LDAPRealmConfigList realms;
realms.insert(realmconfig.name, realmconfig); realms.insert(realmconfig.name, realmconfig);
LDAPManager::writeTDERealmList(realms, m_systemconfig); LDAPManager::writeTDERealmList(realms, m_systemconfig);
m_systemconfig->setGroup(NULL);
m_systemconfig->writeEntry("DefaultRealm", realmconfig.name); m_systemconfig->writeEntry("DefaultRealm", realmconfig.name);
m_systemconfig->sync(); m_systemconfig->sync();
@ -1648,7 +1707,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
if (ldap_mgr->writeSudoersConfFile(&errorstring) != 0) { if (ldap_mgr->writeSudoersConfFile(&errorstring) != 0) {
delete ldap_mgr; delete ldap_mgr;
delete credentials; delete credentials;
if (errstr) *errstr = i18n("Unable to set local sudo rights").append(errorstring); if (errstr) *errstr = i18n("Unable to set local sudo rights<p>").append(errorstring);
pdialog.closeDialog(); pdialog.closeDialog();
return -1; return -1;
} }

Write Preview
Loading…
Cancel
Save