summaryrefslogtreecommitdiffstats
path: root/src/ldapcontroller.cpp
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2012-07-08 23:25:39 -0500
committerTimothy Pearson <[email protected]>2012-07-08 23:25:39 -0500
commit0e555d663735a59d5a62c12e26360ce88d709535 (patch)
tree4026376b88bb757007d8af5d18c4ea070e1c4684 /src/ldapcontroller.cpp
parent9f25f4b6624da216c9c34e93f1c605803fb2031e (diff)
downloadkcmldapcontroller-0e555d663735a59d5a62c12e26360ce88d709535.tar.gz
kcmldapcontroller-0e555d663735a59d5a62c12e26360ce88d709535.zip
Fix kadmin communication
Diffstat (limited to 'src/ldapcontroller.cpp')
-rw-r--r--src/ldapcontroller.cpp159
1 files changed, 109 insertions, 50 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 38089b0..2aa3ee3 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -270,6 +270,7 @@ void LDAPController::systemRoleChanged() {
// Write the TDE realm configuration file
LDAPRealmConfigList realms;
LDAPManager::writeTDERealmList(realms, m_systemconfig);
+ m_systemconfig->setGroup(NULL);
m_systemconfig->deleteEntry("DefaultRealm");
m_systemconfig->sync();
@@ -285,7 +286,7 @@ void LDAPController::systemRoleChanged() {
}
void LDAPController::processLockouts() {
- bool enabled = true;
+ bool enabled = m_base->systemEnableSupport->isChecked();
bool canChangeLDAPEnabled = true;
if (getuid() != 0 || !m_systemconfig->checkConfigFilesWritable( true )) {
@@ -892,10 +893,12 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
TQString readFullLineFromPtyProcess(PtyProcess* proc) {
TQString result = "";
- while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) {
+ while ((!result.contains("\r")) && (!result.contains(":")) && (!result.contains(">"))) {
result = result + TQString(proc->readLine(false));
tqApp->processEvents();
}
+ result.replace("\n", "");
+ result.replace("\r", "");
return result;
}
@@ -906,13 +909,17 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
TQString prompt;
PtyProcess kadminProc;
+ kadminProc.enableLocalEcho(false);
kadminProc.exec(command, args);
- prompt = kadminProc.readLine(true);
+ prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
- kadminProc.writeLine(TQCString("init "+realmName), true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ command = TQCString("init "+realmName);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
@@ -920,14 +927,20 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
return 1;
}
else if (prompt.startsWith("Realm max")) {
- kadminProc.writeLine("unlimited", true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ command = "unlimited";
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.startsWith("Realm max")) {
- kadminProc.writeLine("unlimited", true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ command = "unlimited";
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
}
if (prompt != "kadmin>") {
@@ -961,12 +974,15 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
- prompt = kadminProc.readLine(true);
+ prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
- kadminProc.writeLine(TQCString("ext "+hoststring), true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ command = TQCString("ext "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
@@ -974,10 +990,20 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
return 1;
}
else if (prompt.endsWith("Principal does not exist")) {
- kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
- prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
+ if (prompt != "kadmin>") {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+ command = TQCString("ank --random-key "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
// Use all defaults
while (prompt != "kadmin>") {
if (prompt.contains("authentication failed")) {
@@ -994,15 +1020,21 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
leftbracket++;
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
}
- kadminProc.writeLine(TQCString(defaultParam), true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = kadminProc.readLine(true);
+ command = TQCString(defaultParam);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
}
}
- kadminProc.writeLine(TQCString("ext "+hoststring), true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ command = TQCString("ext "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
@@ -1040,12 +1072,15 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
- prompt = kadminProc.readLine(true);
+ prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
- kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt.startsWith("ext --keytab="));
prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
@@ -1053,10 +1088,20 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
return 1;
}
else if (prompt.endsWith("Principal does not exist")) {
- kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
- prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
+ if (prompt != "kadmin>") {
+ if (errstr) *errstr = prompt;
+ kadminProc.writeLine("quit", true);
+ return 1;
+ }
+ command = TQCString("ank --random-key "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
+ prompt = prompt.stripWhiteSpace();
// Use all defaults
while (prompt != "kadmin>") {
if (prompt.contains("authentication failed")) {
@@ -1073,15 +1118,21 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
leftbracket++;
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
}
- kadminProc.writeLine(TQCString(defaultParam), true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = kadminProc.readLine(true);
+ command = TQCString(defaultParam);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
}
}
- kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt.startsWith("ext --keytab="));
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
@@ -1121,12 +1172,15 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
- prompt = kadminProc.readLine(true);
+ prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
- kadminProc.writeLine(TQCString("passwd "+user.username), true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ command = TQCString("passwd "+user.username);
+ kadminProc.writeLine(command, true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
@@ -1135,13 +1189,17 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
}
else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.username + "@")))) {
kadminProc.writeLine(user.password, true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = kadminProc.readLine(true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == "");
prompt = prompt.stripWhiteSpace();
if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) {
kadminProc.writeLine(user.password, true);
- prompt = kadminProc.readLine(true); // Discard our own input
- prompt = kadminProc.readLine(true);
+ do { // Discard our own input
+ prompt = readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ } while (prompt == "");
prompt = prompt.stripWhiteSpace();
}
if (prompt != "kadmin>") {
@@ -1560,25 +1618,25 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
TQString errorstring;
if (initializeNewKerberosRealm(realmconfig.name.upper(), &errorstring) != 0) {
- if (errstr) *errstr = i18n("Unable to initialize Kerberos database").append(errorstring);
+ if (errstr) *errstr = i18n("Unable to initialize Kerberos database<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}
if (addHostEntryToKerberosRealm(realmconfig.kdc, &errorstring) != 0) {
- if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database").arg(m_ldapUserName).append(errorstring);
+ if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}
if (addLDAPEntryToKerberosRealm(m_ldapUserName, realmconfig.admin_server, &errorstring) != 0) {
- if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database").arg(m_ldapUserName).append(errorstring);
+ if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database<p>").arg(m_ldapUserName).append(errorstring);
pdialog.closeDialog();
return -1;
}
if (addLDAPEntryToKerberosRealm("ldap", realmconfig.admin_server, &errorstring) != 0) {
- if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database").append(errorstring);
+ if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}
@@ -1627,7 +1685,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
if (setKerberosPasswordForUser(adminuser, &errorstring) != 0) {
delete ldap_mgr;
delete credentials;
- if (errstr) *errstr = i18n("Unable to set user password in Kerberos database").append(errorstring);
+ if (errstr) *errstr = i18n("Unable to set user password in Kerberos database<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}
@@ -1639,6 +1697,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
LDAPRealmConfigList realms;
realms.insert(realmconfig.name, realmconfig);
LDAPManager::writeTDERealmList(realms, m_systemconfig);
+ m_systemconfig->setGroup(NULL);
m_systemconfig->writeEntry("DefaultRealm", realmconfig.name);
m_systemconfig->sync();
@@ -1648,7 +1707,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
if (ldap_mgr->writeSudoersConfFile(&errorstring) != 0) {
delete ldap_mgr;
delete credentials;
- if (errstr) *errstr = i18n("Unable to set local sudo rights").append(errorstring);
+ if (errstr) *errstr = i18n("Unable to set local sudo rights<p>").append(errorstring);
pdialog.closeDialog();
return -1;
}