summaryrefslogtreecommitdiffstats
path: root/src/ldapbonding.cpp
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2013-01-15 23:50:57 -0600
committerTimothy Pearson <[email protected]>2013-01-15 23:50:57 -0600
commitb712cbc116db4676f5458e25fd69325d730188cc (patch)
treee90334e6c27cd110c5ed05e6edb101a9a2784ca7 /src/ldapbonding.cpp
parentb4c09d072a95ec14e0e2bd0ae144df103d1738d6 (diff)
downloadkcmldap-b712cbc116db4676f5458e25fd69325d730188cc.tar.gz
kcmldap-b712cbc116db4676f5458e25fd69325d730188cc.zip
Minor GUI enhancements
Fix bonding problems
Diffstat (limited to 'src/ldapbonding.cpp')
-rw-r--r--src/ldapbonding.cpp122
1 files changed, 64 insertions, 58 deletions
diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp
index 4c2393b..de5c99b 100644
--- a/src/ldapbonding.cpp
+++ b/src/ldapbonding.cpp
@@ -257,22 +257,27 @@ void LDAPConfig::save() {
// Write the cron files
LDAPManager::writeCronFiles();
- // Bind anonymously to LDAP
- LDAPCredentials* credentials = new LDAPCredentials;
- credentials->username = "";
- credentials->password = "";
- credentials->realm = m_defaultRealm.upper();
- LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials);
-
- // Add the domain-wide computer local admin group to local sudoers
- ldap_mgr->writeSudoersConfFile(&errorstring);
- // Get and install the CA root certificate from LDAP
- mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
- mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
- ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring);
-
- delete ldap_mgr;
- delete credentials;
+ if (m_defaultRealm != "") {
+ // Bind anonymously to LDAP
+ LDAPCredentials* credentials = new LDAPCredentials;
+ credentials->username = "";
+ credentials->password = "";
+ credentials->realm = m_defaultRealm.upper();
+ credentials->use_tls = false;
+ LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), TQString("ldap://%1").arg(m_realms[m_defaultRealm].admin_server).ascii(), credentials);
+
+ // Add the domain-wide computer local admin group to local sudoers
+ ldap_mgr->writeSudoersConfFile(&errorstring);
+ // Get and install the CA root certificate from LDAP
+ mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+ mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+ if (ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring) != 0) {
+ KMessageBox::sorry(this, i18n("<qt><b>Unable to obtain root certificate for realm %1!</b><p>Details: %2</qt>").arg(m_defaultRealm.upper()).arg(errorstring), i18n("Unable to Obtain Certificate"));
+ }
+
+ delete ldap_mgr;
+ delete credentials;
+ }
}
load();
@@ -390,33 +395,6 @@ void LDAPConfig::deactivateRealm() {
updateRealmList();
}
-// WARNING
-// kadmin does not have a standard "waiting for user input" character or sequence
-// To make matters worse, the colon does not uniquely designate the end of a line; for example the response "kadmin: ext openldap/foo.bar.baz: Principal does not exist"
-// One way around this would be to see if the first colon is part of a "kadmin:" string; if so, then the colon is not a reliable end of line indicator for the current line
-// (in fact only '\r' should be used as the end of line indicator in that case)
-TQString readFullLineFromPtyProcess(PtyProcess* proc) {
- TQString result = "";
- while ((!result.contains("\r")) &&
- (!result.contains(">")) &&
- (!((!result.contains("kadmin:")) && result.contains(":"))) &&
- (!((result.contains("kadmin:")) && result.contains("\r")))
- ) {
- result = result + TQString(proc->readLine(false));
- tqApp->processEvents();
- if (!TQFile::exists(TQString("/proc/%1/exe").arg(proc->pid()))) {
- result.replace("\n", "");
- result.replace("\r", "");
- if (result == "") {
- result = "TDE process terminated";
- }
- break;
- }
- }
- result.replace("\n", "");
- result.replace("\r", "");
- return result;
-}
int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
TQCString command = "kadmin";
QCStringList args;
@@ -427,49 +405,63 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
command = TQCString("ext "+hoststring);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.endsWith(" Password:")) {
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(adminPassword, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace();
}
if (prompt.contains("authentication failed")) {
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
else if (prompt.endsWith("Principal does not exist")) {
+ // Wait for kadmin to be ready for the next command
+ if (!prompt.contains("kadmin>")) {
+ prompt = "";
+ }
+ while (prompt == "") {
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ }
command = TQCString("ank --random-key "+hoststring);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
// Use all defaults
while (prompt != "kadmin>") {
if (prompt.endsWith(" Password:")) {
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(adminPassword, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace();
}
if (prompt.contains("authentication failed")) {
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
@@ -483,45 +475,55 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
}
command = TQCString(defaultParam);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
}
}
command = TQCString("ext "+hoststring);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
// Success!
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
realmcfg.bonded = true;
+ m_realms.remove(realmcfg.name);
+ m_realms.insert(realmcfg.name, realmcfg);
save();
return 0;
}
else if (prompt == "kadmin>") {
// Success!
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
realmcfg.bonded = true;
+ m_realms.remove(realmcfg.name);
+ m_realms.insert(realmcfg.name, realmcfg);
save();
return 0;
}
// Failure
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
@@ -542,31 +544,35 @@ int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, co
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
command = TQCString("delete "+hoststring);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.endsWith(" Password:")) {
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(adminPassword, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace();
}
if (prompt != "kadmin>") {
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
// Success!
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 0;
}