|
|
|
@ -270,6 +270,7 @@ void LDAPController::systemRoleChanged() {
|
|
|
|
|
// Write the TDE realm configuration file
|
|
|
|
|
LDAPRealmConfigList realms;
|
|
|
|
|
LDAPManager::writeTDERealmList(realms, m_systemconfig);
|
|
|
|
|
m_systemconfig->setGroup(NULL);
|
|
|
|
|
m_systemconfig->deleteEntry("DefaultRealm");
|
|
|
|
|
m_systemconfig->sync();
|
|
|
|
|
|
|
|
|
@ -285,7 +286,7 @@ void LDAPController::systemRoleChanged() {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void LDAPController::processLockouts() {
|
|
|
|
|
bool enabled = true;
|
|
|
|
|
bool enabled = m_base->systemEnableSupport->isChecked();
|
|
|
|
|
bool canChangeLDAPEnabled = true;
|
|
|
|
|
|
|
|
|
|
if (getuid() != 0 || !m_systemconfig->checkConfigFilesWritable( true )) {
|
|
|
|
@ -892,10 +893,12 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
|
|
|
|
|
|
|
|
|
|
TQString readFullLineFromPtyProcess(PtyProcess* proc) {
|
|
|
|
|
TQString result = "";
|
|
|
|
|
while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) {
|
|
|
|
|
while ((!result.contains("\r")) && (!result.contains(":")) && (!result.contains(">"))) {
|
|
|
|
|
result = result + TQString(proc->readLine(false));
|
|
|
|
|
tqApp->processEvents();
|
|
|
|
|
}
|
|
|
|
|
result.replace("\n", "");
|
|
|
|
|
result.replace("\r", "");
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -906,13 +909,17 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
|
|
|
|
|
|
|
|
|
|
TQString prompt;
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
|
kadminProc.enableLocalEcho(false);
|
|
|
|
|
kadminProc.exec(command, args);
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
kadminProc.writeLine(TQCString("init "+realmName), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
command = TQCString("init "+realmName);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
@ -920,14 +927,20 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else if (prompt.startsWith("Realm max")) {
|
|
|
|
|
kadminProc.writeLine("unlimited", true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
command = "unlimited";
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt.startsWith("Realm max")) {
|
|
|
|
|
kadminProc.writeLine("unlimited", true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
command = "unlimited";
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
@ -961,12 +974,15 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
|
|
|
|
|
TQString prompt;
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
|
kadminProc.exec(command, args);
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
kadminProc.writeLine(TQCString("ext "+hoststring), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
command = TQCString("ext "+hoststring);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
@ -974,10 +990,20 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else if (prompt.endsWith("Principal does not exist")) {
|
|
|
|
|
kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
command = TQCString("ank --random-key "+hoststring);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
// Use all defaults
|
|
|
|
|
while (prompt != "kadmin>") {
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
@ -994,15 +1020,21 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
|
|
|
|
|
leftbracket++;
|
|
|
|
|
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
|
|
|
|
|
}
|
|
|
|
|
kadminProc.writeLine(TQCString(defaultParam), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
command = TQCString(defaultParam);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
kadminProc.writeLine(TQCString("ext "+hoststring), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
command = TQCString("ext "+hoststring);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
@ -1040,12 +1072,15 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
|
|
|
|
|
TQString prompt;
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
|
kadminProc.exec(command, args);
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt.startsWith("ext --keytab="));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
@ -1053,10 +1088,20 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else if (prompt.endsWith("Principal does not exist")) {
|
|
|
|
|
kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
|
kadminProc.writeLine("quit", true);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
command = TQCString("ank --random-key "+hoststring);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
// Use all defaults
|
|
|
|
|
while (prompt != "kadmin>") {
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
@ -1073,15 +1118,21 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
|
|
|
|
|
leftbracket++;
|
|
|
|
|
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
|
|
|
|
|
}
|
|
|
|
|
kadminProc.writeLine(TQCString(defaultParam), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
command = TQCString(defaultParam);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt.startsWith("ext --keytab="));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
@ -1121,12 +1172,15 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
|
|
|
|
|
TQString prompt;
|
|
|
|
|
PtyProcess kadminProc;
|
|
|
|
|
kadminProc.exec(command, args);
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt == "kadmin>") {
|
|
|
|
|
kadminProc.writeLine(TQCString("passwd "+user.username), true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
command = TQCString("passwd "+user.username);
|
|
|
|
|
kadminProc.writeLine(command, true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == TQString(command));
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if (prompt.contains("authentication failed")) {
|
|
|
|
|
if (errstr) *errstr = prompt;
|
|
|
|
@ -1135,13 +1189,17 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
|
|
|
|
|
}
|
|
|
|
|
else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.username + "@")))) {
|
|
|
|
|
kadminProc.writeLine(user.password, true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == "");
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) {
|
|
|
|
|
kadminProc.writeLine(user.password, true);
|
|
|
|
|
prompt = kadminProc.readLine(true); // Discard our own input
|
|
|
|
|
prompt = kadminProc.readLine(true);
|
|
|
|
|
do { // Discard our own input
|
|
|
|
|
prompt = readFullLineFromPtyProcess(&kadminProc);
|
|
|
|
|
printf("(kadmin) '%s'\n\r", prompt.ascii());
|
|
|
|
|
} while (prompt == "");
|
|
|
|
|
prompt = prompt.stripWhiteSpace();
|
|
|
|
|
}
|
|
|
|
|
if (prompt != "kadmin>") {
|
|
|
|
@ -1560,25 +1618,25 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
|
|
|
|
|
|
|
|
|
|
TQString errorstring;
|
|
|
|
|
if (initializeNewKerberosRealm(realmconfig.name.upper(), &errorstring) != 0) {
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to initialize Kerberos database").append(errorstring);
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to initialize Kerberos database<p>").append(errorstring);
|
|
|
|
|
pdialog.closeDialog();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (addHostEntryToKerberosRealm(realmconfig.kdc, &errorstring) != 0) {
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database").arg(m_ldapUserName).append(errorstring);
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database<p>").append(errorstring);
|
|
|
|
|
pdialog.closeDialog();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (addLDAPEntryToKerberosRealm(m_ldapUserName, realmconfig.admin_server, &errorstring) != 0) {
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database").arg(m_ldapUserName).append(errorstring);
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database<p>").arg(m_ldapUserName).append(errorstring);
|
|
|
|
|
pdialog.closeDialog();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (addLDAPEntryToKerberosRealm("ldap", realmconfig.admin_server, &errorstring) != 0) {
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database").append(errorstring);
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database<p>").append(errorstring);
|
|
|
|
|
pdialog.closeDialog();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
@ -1627,7 +1685,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
|
|
|
|
|
if (setKerberosPasswordForUser(adminuser, &errorstring) != 0) {
|
|
|
|
|
delete ldap_mgr;
|
|
|
|
|
delete credentials;
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to set user password in Kerberos database").append(errorstring);
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to set user password in Kerberos database<p>").append(errorstring);
|
|
|
|
|
pdialog.closeDialog();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
@ -1639,6 +1697,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
|
|
|
|
|
LDAPRealmConfigList realms;
|
|
|
|
|
realms.insert(realmconfig.name, realmconfig);
|
|
|
|
|
LDAPManager::writeTDERealmList(realms, m_systemconfig);
|
|
|
|
|
m_systemconfig->setGroup(NULL);
|
|
|
|
|
m_systemconfig->writeEntry("DefaultRealm", realmconfig.name);
|
|
|
|
|
m_systemconfig->sync();
|
|
|
|
|
|
|
|
|
@ -1648,7 +1707,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
|
|
|
|
|
if (ldap_mgr->writeSudoersConfFile(&errorstring) != 0) {
|
|
|
|
|
delete ldap_mgr;
|
|
|
|
|
delete credentials;
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to set local sudo rights").append(errorstring);
|
|
|
|
|
if (errstr) *errstr = i18n("Unable to set local sudo rights<p>").append(errorstring);
|
|
|
|
|
pdialog.closeDialog();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|