From b712cbc116db4676f5458e25fd69325d730188cc Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Tue, 15 Jan 2013 23:50:57 -0600 Subject: Minor GUI enhancements Fix bonding problems --- src/ldapbonding.cpp | 122 +++++++++++++++++++++++++++------------------------- 1 file changed, 64 insertions(+), 58 deletions(-) (limited to 'src/ldapbonding.cpp') diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp index 4c2393b..de5c99b 100644 --- a/src/ldapbonding.cpp +++ b/src/ldapbonding.cpp @@ -257,22 +257,27 @@ void LDAPConfig::save() { // Write the cron files LDAPManager::writeCronFiles(); - // Bind anonymously to LDAP - LDAPCredentials* credentials = new LDAPCredentials; - credentials->username = ""; - credentials->password = ""; - credentials->realm = m_defaultRealm.upper(); - LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials); - - // Add the domain-wide computer local admin group to local sudoers - ldap_mgr->writeSudoersConfFile(&errorstring); - // Get and install the CA root certificate from LDAP - mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring); - - delete ldap_mgr; - delete credentials; + if (m_defaultRealm != "") { + // Bind anonymously to LDAP + LDAPCredentials* credentials = new LDAPCredentials; + credentials->username = ""; + credentials->password = ""; + credentials->realm = m_defaultRealm.upper(); + credentials->use_tls = false; + LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), TQString("ldap://%1").arg(m_realms[m_defaultRealm].admin_server).ascii(), credentials); + + // Add the domain-wide computer local admin group to local sudoers + ldap_mgr->writeSudoersConfFile(&errorstring); + // Get and install the CA root certificate from LDAP + mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + if (ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring) != 0) { + KMessageBox::sorry(this, i18n("Unable to obtain root certificate for realm %1!

Details: %2").arg(m_defaultRealm.upper()).arg(errorstring), i18n("Unable to Obtain Certificate")); + } + + delete ldap_mgr; + delete credentials; + } } load(); @@ -390,33 +395,6 @@ void LDAPConfig::deactivateRealm() { updateRealmList(); } -// WARNING -// kadmin does not have a standard "waiting for user input" character or sequence -// To make matters worse, the colon does not uniquely designate the end of a line; for example the response "kadmin: ext openldap/foo.bar.baz: Principal does not exist" -// One way around this would be to see if the first colon is part of a "kadmin:" string; if so, then the colon is not a reliable end of line indicator for the current line -// (in fact only '\r' should be used as the end of line indicator in that case) -TQString readFullLineFromPtyProcess(PtyProcess* proc) { - TQString result = ""; - while ((!result.contains("\r")) && - (!result.contains(">")) && - (!((!result.contains("kadmin:")) && result.contains(":"))) && - (!((result.contains("kadmin:")) && result.contains("\r"))) - ) { - result = result + TQString(proc->readLine(false)); - tqApp->processEvents(); - if (!TQFile::exists(TQString("/proc/%1/exe").arg(proc->pid()))) { - result.replace("\n", ""); - result.replace("\r", ""); - if (result == "") { - result = "TDE process terminated"; - } - break; - } - } - result.replace("\n", ""); - result.replace("\r", ""); - return result; -} int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) { TQCString command = "kadmin"; QCStringList args; @@ -427,49 +405,63 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons TQString prompt; PtyProcess kadminProc; kadminProc.exec(command, args); - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); if (prompt == "kadmin>") { command = TQCString("ext "+hoststring); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt.endsWith(" Password:")) { + kadminProc.enableLocalEcho(false); kadminProc.writeLine(adminPassword, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == ""); prompt = prompt.stripWhiteSpace(); } if (prompt.contains("authentication failed")) { - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } else if (prompt.endsWith("Principal does not exist")) { + // Wait for kadmin to be ready for the next command + if (!prompt.contains("kadmin>")) { + prompt = ""; + } + while (prompt == "") { + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } command = TQCString("ank --random-key "+hoststring); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); // Use all defaults while (prompt != "kadmin>") { if (prompt.endsWith(" Password:")) { + kadminProc.enableLocalEcho(false); kadminProc.writeLine(adminPassword, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == ""); prompt = prompt.stripWhiteSpace(); } if (prompt.contains("authentication failed")) { - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } @@ -483,45 +475,55 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket); } command = TQCString(defaultParam); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); } } command = TQCString("ext "+hoststring); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt != "kadmin>") { - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } // Success! + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); realmcfg.bonded = true; + m_realms.remove(realmcfg.name); + m_realms.insert(realmcfg.name, realmcfg); save(); return 0; } else if (prompt == "kadmin>") { // Success! + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); realmcfg.bonded = true; + m_realms.remove(realmcfg.name); + m_realms.insert(realmcfg.name, realmcfg); save(); return 0; } // Failure - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } @@ -542,31 +544,35 @@ int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, co TQString prompt; PtyProcess kadminProc; kadminProc.exec(command, args); - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); if (prompt == "kadmin>") { command = TQCString("delete "+hoststring); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt.endsWith(" Password:")) { + kadminProc.enableLocalEcho(false); kadminProc.writeLine(adminPassword, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == ""); prompt = prompt.stripWhiteSpace(); } if (prompt != "kadmin>") { - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } // Success! + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 0; } -- cgit v1.2.1