Fix kadmin communication

pull/1/head
Timothy Pearson 13 years ago
parent 9f25f4b662
commit 0e555d6637

@ -270,6 +270,7 @@ void LDAPController::systemRoleChanged() {
// Write the TDE realm configuration file
LDAPRealmConfigList realms;
LDAPManager::writeTDERealmList(realms, m_systemconfig);
m_systemconfig->setGroup(NULL);
m_systemconfig->deleteEntry("DefaultRealm");
m_systemconfig->sync();
@ -285,7 +286,7 @@ void LDAPController::systemRoleChanged() {
}
void LDAPController::processLockouts() {
bool enabled = true;
bool enabled = m_base->systemEnableSupport->isChecked();
bool canChangeLDAPEnabled = true;
if (getuid() != 0 || !m_systemconfig->checkConfigFilesWritable( true )) {
@ -892,10 +893,12 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
TQString readFullLineFromPtyProcess(PtyProcess* proc) {
TQString result = "";
while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) {
while ((!result.contains("\r")) && (!result.contains(":")) && (!result.contains(">"))) {
result = result + TQString(proc->readLine(false));
tqApp->processEvents();
}
result.replace("\n", "");
result.replace("\r", "");
return result;
}
@ -906,13 +909,17 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
TQString prompt;
PtyProcess kadminProc;
kadminProc.enableLocalEcho(false);
kadminProc.exec(command, args);
prompt = kadminProc.readLine(true);
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("init "+realmName), true);
prompt = kadminProc.readLine(true); // Discard our own input
command = TQCString("init "+realmName);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
@ -920,14 +927,20 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
return 1;
}
else if (prompt.startsWith("Realm max")) {
kadminProc.writeLine("unlimited", true);
prompt = kadminProc.readLine(true); // Discard our own input
command = "unlimited";
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.startsWith("Realm max")) {
kadminProc.writeLine("unlimited", true);
prompt = kadminProc.readLine(true); // Discard our own input
command = "unlimited";
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
}
if (prompt != "kadmin>") {
@ -961,12 +974,15 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
prompt = kadminProc.readLine(true);
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("ext "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
command = TQCString("ext "+hoststring);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
@ -974,10 +990,20 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
return 1;
}
else if (prompt.endsWith("Principal does not exist")) {
kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
command = TQCString("ank --random-key "+hoststring);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
// Use all defaults
while (prompt != "kadmin>") {
if (prompt.contains("authentication failed")) {
@ -994,15 +1020,21 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
leftbracket++;
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
}
kadminProc.writeLine(TQCString(defaultParam), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = kadminProc.readLine(true);
command = TQCString(defaultParam);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
}
}
kadminProc.writeLine(TQCString("ext "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
command = TQCString("ext "+hoststring);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
@ -1040,12 +1072,15 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
prompt = kadminProc.readLine(true);
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt.startsWith("ext --keytab="));
prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
@ -1053,10 +1088,20 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
return 1;
}
else if (prompt.endsWith("Principal does not exist")) {
kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
command = TQCString("ank --random-key "+hoststring);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
// Use all defaults
while (prompt != "kadmin>") {
if (prompt.contains("authentication failed")) {
@ -1073,15 +1118,21 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
leftbracket++;
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
}
kadminProc.writeLine(TQCString(defaultParam), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = kadminProc.readLine(true);
command = TQCString(defaultParam);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
}
}
kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt.startsWith("ext --keytab="));
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
@ -1121,12 +1172,15 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
prompt = kadminProc.readLine(true);
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("passwd "+user.username), true);
prompt = kadminProc.readLine(true); // Discard our own input
command = TQCString("passwd "+user.username);
kadminProc.writeLine(command, true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
@ -1135,13 +1189,17 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
}
else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.username + "@")))) {
kadminProc.writeLine(user.password, true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = kadminProc.readLine(true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace();
if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) {
kadminProc.writeLine(user.password, true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = kadminProc.readLine(true);
do { // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace();
}
if (prompt != "kadmin>") {
@ -1560,25 +1618,25 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
TQString errorstring;
if (initializeNewKerberosRealm(realmconfig.name.upper(), &errorstring) != 0) {
if (errstr) *errstr = i18n("Unable to initialize Kerberos database").append(errorstring);
if (errstr) *errstr = i18n("Unable to initialize Kerberos database<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}
if (addHostEntryToKerberosRealm(realmconfig.kdc, &errorstring) != 0) {
if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database").arg(m_ldapUserName).append(errorstring);
if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}
if (addLDAPEntryToKerberosRealm(m_ldapUserName, realmconfig.admin_server, &errorstring) != 0) {
if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database").arg(m_ldapUserName).append(errorstring);
if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database<p>").arg(m_ldapUserName).append(errorstring);
pdialog.closeDialog();
return -1;
}
if (addLDAPEntryToKerberosRealm("ldap", realmconfig.admin_server, &errorstring) != 0) {
if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database").append(errorstring);
if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}
@ -1627,7 +1685,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
if (setKerberosPasswordForUser(adminuser, &errorstring) != 0) {
delete ldap_mgr;
delete credentials;
if (errstr) *errstr = i18n("Unable to set user password in Kerberos database").append(errorstring);
if (errstr) *errstr = i18n("Unable to set user password in Kerberos database<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}
@ -1639,6 +1697,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
LDAPRealmConfigList realms;
realms.insert(realmconfig.name, realmconfig);
LDAPManager::writeTDERealmList(realms, m_systemconfig);
m_systemconfig->setGroup(NULL);
m_systemconfig->writeEntry("DefaultRealm", realmconfig.name);
m_systemconfig->sync();
@ -1648,7 +1707,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
if (ldap_mgr->writeSudoersConfFile(&errorstring) != 0) {
delete ldap_mgr;
delete credentials;
if (errstr) *errstr = i18n("Unable to set local sudo rights").append(errorstring);
if (errstr) *errstr = i18n("Unable to set local sudo rights<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}

Loading…
Cancel
Save