Fix LDAP primary realm creation failure

Clean up build warnings
pull/1/head
Timothy Pearson 12 years ago
parent 028defbca4
commit 7b7565e7f5

@ -145,6 +145,18 @@ LDAPController::LDAPController(TQWidget *parent, const char *name, const TQStrin
LDAPController::~LDAPController() {
}
void system_safe(const char * cmdstr) {
if (system(cmdstr) < 0) {
printf("[ERROR] System call to '%s' failed!\n\r", cmdstr);
}
}
void chown_safe(const char * file, uid_t user, gid_t group) {
if (chown(file, user, group) < 0) {
printf("[ERROR] Chown call to '%s' for %d:%d failed!\n\r", file, user, group);
}
}
void LDAPController::systemRoleChanged() {
int previousRole = m_prevRole;
@ -264,8 +276,8 @@ void LDAPController::systemRoleChanged() {
pdialog.setStatusMessage(i18n("Purging local configuration..."));
tqApp->processEvents();
system(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE));
system(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR));
system_safe(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE));
system_safe(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR));
// Write the TDE realm configuration file
LDAPRealmConfigList realms;
@ -536,7 +548,6 @@ void LDAPController::btnkrbExportCert() {
}
void LDAPController::btnldapRegenerate() {
struct stat sb;
uid_t slapd_uid = 0;
gid_t slapd_gid = 0;
@ -769,7 +780,7 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
// Set permissions
if ((userid > 0) && (groupid > 0)) {
chown(outfile.ascii(), userid, groupid);
chown_safe(outfile.ascii(), userid, groupid);
}
}
else {
@ -833,17 +844,17 @@ int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t
}
if (command == SC_PURGE) {
controlHeimdalServer(SC_STOP);
system("rm -f " + TQString(LDAP_KEYTAB_FILE));
system_safe("rm -f " + TQString(LDAP_KEYTAB_FILE));
// FIXME
// This assumes Debian
system("rm -f /etc/krb5.keytab");
system("rm -rf /var/lib/heimdal-kdc/*");
system_safe("rm -f /etc/krb5.keytab");
system_safe("rm -rf /var/lib/heimdal-kdc/*");
}
if (command == SC_SETDBPERMS) {
if ((userid > 0) && (groupid > 0)) {
TQString command;
command = TQString("chgrp %1 " + TQString(LDAP_KEYTAB_FILE)).arg(groupid);
system(command.ascii());
system_safe(command.ascii());
chmod(LDAP_KEYTAB_FILE, S_IRUSR|S_IWUSR|S_IRGRP);
}
}
@ -870,8 +881,8 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
controlLDAPServer(SC_STOP);
// FIXME
// This assumes Debian!
system("rm -rf /var/lib/ldap/*");
system("rm -rf /etc/ldap/slapd.d/*");
system_safe("rm -rf /var/lib/ldap/*");
system_safe("rm -rf /etc/ldap/slapd.d/*");
}
if (command == SC_SETDBPERMS) {
if ((userid > 0) && (groupid > 0)) {
@ -879,21 +890,30 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
// This assumes Debian!
TQString command;
command = TQString("chown -R %1 /var/lib/ldap/*").arg(userid);
system(command.ascii());
system_safe(command.ascii());
command = TQString("chgrp -R %1 /var/lib/ldap/*").arg(groupid);
system(command.ascii());
system_safe(command.ascii());
command = TQString("chown -R %1 /etc/ldap/slapd.d/*").arg(userid);
system(command.ascii());
system_safe(command.ascii());
command = TQString("chgrp -R %1 /etc/ldap/slapd.d/*").arg(groupid);
system(command.ascii());
system_safe(command.ascii());
}
}
return -2;
}
// WARNING
// kadmin does not have a standard "waiting for user input" character or sequence
// To make matters worse, the colon does not uniquely designate the end of a line; for example the response "kadmin: ext openldap/foo.bar.baz: Principal does not exist"
// One way around this would be to see if the first colon is part of a "kadmin:" string; if so, then the colon is not a reliable end of line indicator for the current line
// (in fact only '\r' should be used as the end of line indicator in that case)
TQString readFullLineFromPtyProcess(PtyProcess* proc) {
TQString result = "";
while ((!result.contains("\r")) && (!result.contains(":")) && (!result.contains(">"))) {
while ((!result.contains("\r")) &&
(!result.contains(">")) &&
(!((!result.contains("kadmin:")) && result.contains(":"))) &&
(!((result.contains("kadmin:")) && result.contains("\r")))
) {
result = result + TQString(proc->readLine(false));
tqApp->processEvents();
}
@ -1232,9 +1252,9 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
// Certificate authority certificate
TQString command;
command = TQString("openssl genrsa -out %1 %2").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KEY_STRENGTH);
system(command);
system_safe(command);
chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR);
chown(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
LDAPManager::generatePublicKerberosCACertificate(certinfo);
@ -1246,9 +1266,9 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
kdc_keyfile.replace("@@@KDCSERVER@@@", realmconfig.kdc);
kdc_reqfile.replace("@@@KDCSERVER@@@", realmconfig.kdc);
command = TQString("openssl genrsa -out %1 %2").arg(kdc_keyfile).arg(KEY_STRENGTH);
system(command);
system_safe(command);
chmod(kdc_keyfile.ascii(), S_IRUSR|S_IWUSR);
chown(kdc_keyfile.ascii(), 0, 0);
chown_safe(kdc_keyfile.ascii(), 0, 0);
LDAPManager::generatePublicKerberosCertificate(certinfo, realmconfig);
@ -1260,9 +1280,9 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
ldap_keyfile.replace("@@@ADMINSERVER@@@", realmconfig.admin_server);
ldap_reqfile.replace("@@@ADMINSERVER@@@", realmconfig.admin_server);
command = TQString("openssl genrsa -out %1 %2").arg(ldap_keyfile).arg(KEY_STRENGTH);
system(command);
system_safe(command);
chmod(ldap_keyfile.ascii(), S_IRUSR|S_IWUSR);
chown(ldap_keyfile.ascii(), ldap_uid, ldap_gid);
chown_safe(ldap_keyfile.ascii(), ldap_uid, ldap_gid);
LDAPManager::generatePublicLDAPCertificate(certinfo, realmconfig, ldap_uid, ldap_gid);
@ -1356,9 +1376,13 @@ int LDAPController::createNewSecondaryController(TQWidget* dialogparent, LDAPRea
// 2.) Bond machine to Kerberos
// 3.) Set up LDAP replication
// 4.) Point local Kerberos and SASL instances to this LDAP server
return -1;
}
int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) {
Q_UNUSED(adminRealm)
int ldifSchemaNumber;
ProcessingDialog pdialog(dialogparent);
@ -1453,15 +1477,14 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
// FIXME
// This assumes Debian!
// Grant LDAP access to SASL mux pipe
system("dpkg-statoverride --remove --quiet /var/run/saslauthd");
system(TQString("dpkg-statoverride --add root %1 710 /var/run/saslauthd").arg(m_ldapGroupName).ascii());
system_safe("dpkg-statoverride --remove --quiet /var/run/saslauthd");
system_safe(TQString("dpkg-statoverride --add root %1 710 /var/run/saslauthd").arg(m_ldapGroupName).ascii());
// FIXME
// This assumes Debian!
system("ln -s /etc/heimdal-kdc/kadmind.acl /var/lib/heimdal-kdc/kadmind.acl");
system("ln -s /etc/heimdal-kdc/kdc.conf /var/lib/heimdal-kdc/kdc.conf");
system_safe("ln -s /etc/heimdal-kdc/kadmind.acl /var/lib/heimdal-kdc/kadmind.acl");
system_safe("ln -s /etc/heimdal-kdc/kdc.conf /var/lib/heimdal-kdc/kdc.conf");
struct stat sb;
uid_t slapd_uid = 0;
gid_t slapd_gid = 0;
@ -1511,7 +1534,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
// Set permissions
chmod(TQString(HEIMDAL_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
chmod(TQString(HEIMDAL_ACL_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
chown(TQString(HEIMDAL_ACL_FILE).ascii(), slapd_uid, 0);
chown_safe(TQString(HEIMDAL_ACL_FILE).ascii(), slapd_uid, 0);
chmod(TQString(destDir + "heimdal-kdc/kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
@ -1552,31 +1575,31 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
// There has GOT to be a better way to do this than system()!!!
TQString command;
command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_pem).arg(KERBEROS_PKI_PEMKEY_FILE);
system(command);
system_safe(command);
command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_pemkey).arg(KERBEROS_PKI_PEM_FILE);
system(command);
system_safe(command);
command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_crt).arg(kdc_certfile);
system(command);
system_safe(command);
command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_key).arg(kdc_keyfile);
system(command);
system_safe(command);
command = TQString("cp %1 %2").arg(certinfo.provided_ldap_crt).arg(ldap_certfile);
system(command);
system_safe(command);
command = TQString("cp %1 %2").arg(certinfo.provided_ldap_key).arg(ldap_keyfile);
system(command);
system_safe(command);
// Set permissions
chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR);
chown(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
chmod(KERBEROS_PKI_PEM_FILE, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
chown(KERBEROS_PKI_PEM_FILE, 0, 0);
chown_safe(KERBEROS_PKI_PEM_FILE, 0, 0);
chmod(kdc_keyfile.ascii(), S_IRUSR|S_IWUSR);
chown(kdc_keyfile.ascii(), 0, 0);
chown_safe(kdc_keyfile.ascii(), 0, 0);
chmod(kdc_certfile.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
chown(kdc_certfile.ascii(), 0, 0);
chown_safe(kdc_certfile.ascii(), 0, 0);
chmod(ldap_keyfile.ascii(), S_IRUSR|S_IWUSR);
chown(ldap_keyfile.ascii(), slapd_uid, slapd_gid);
chown_safe(ldap_keyfile.ascii(), slapd_uid, slapd_gid);
chmod(ldap_certfile.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
chown(ldap_certfile.ascii(), slapd_uid, slapd_gid);
chown_safe(ldap_certfile.ascii(), slapd_uid, slapd_gid);
}
pdialog.setStatusMessage(i18n("Loading initial database into LDAP..."));

Loading…
Cancel
Save