summaryrefslogtreecommitdiffstats
path: root/src/ldapcontroller.cpp
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2012-06-02 02:41:47 -0500
committerTimothy Pearson <[email protected]>2012-06-02 02:41:47 -0500
commited617ebffea2ac94d4a368b876f2a6414af0bbb3 (patch)
tree1d5f16ed2e663590ebfcfffa2fd2652ccec5131d /src/ldapcontroller.cpp
parent7df2e830ef2d9005a27e0a295988fece9911c0f5 (diff)
downloadkcmldapcontroller-ed617ebffea2ac94d4a368b876f2a6414af0bbb3.tar.gz
kcmldapcontroller-ed617ebffea2ac94d4a368b876f2a6414af0bbb3.zip
OpenLDAP now initializes, but login is not possible and kadmin does not work yet
Diffstat (limited to 'src/ldapcontroller.cpp')
-rw-r--r--src/ldapcontroller.cpp195
1 files changed, 190 insertions, 5 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 0b30db9..427148b 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -41,6 +41,9 @@
#include <kmessagebox.h>
#include <tqcheckbox.h>
#include <ktempdir.h>
+#include <kprocess.h>
+
+#include "sha1.h"
#include "ldapcontroller.h"
#include "realmwizard.h"
@@ -225,11 +228,109 @@ void LDAPController::save() {
load();
}
-void replacePlaceholdersInFile(TQString infile, TQString outfile) {
+void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, int ldifSchemaNumber=-1, uid_t userid=-1, gid_t groupid=-1) {
+ SHA1 sha;
+ sha.process(rootPassword, strlen(rootPassword));
+ TQString rootpw_hash = sha.base64Hash();
+ sha.reset();
+ sha.process(adminPassword, strlen(rootPassword));
+ TQString adminpw_hash = sha.base64Hash();
+
// RAJA FIXME
+
+ // Created needed strings
+ TQStringList domainChunks = TQStringList::split(".", realmconfig.name.lower());
+ TQString basedcname = "dc=" + domainChunks.join(",dc=");
+ TQString simpledcname = domainChunks[0];
+ TQString simpledcnamecap = simpledcname.lower();
+ simpledcnamecap[0] = simpledcnamecap[0].upper();
+ TQString timestamp = TQDateTime::currentDateTime().toString(TQt::ISODate);
+ timestamp.replace("-", "");
+ timestamp.replace(":", "");
+ timestamp.replace("T", "");
+
+ TQFile ifile(infile);
+ TQFile ofile(outfile);
+ if (ifile.open(IO_ReadOnly) && ofile.open(IO_WriteOnly)) {
+ TQString line;
+ TQTextStream istream(&ifile);
+ TQTextStream ostream(&ofile);
+ while (!istream.atEnd()) {
+ line = istream.readLine();
+ line.replace("@@@REALM_DCNAME@@@", basedcname);
+ line.replace("@@@REALM_UCNAME@@@", realmconfig.name.upper());
+ line.replace("@@@REALM_LCNAME@@@", realmconfig.name.lower());
+ line.replace("@@@ADMINSERVER@@@", realmconfig.admin_server);
+ line.replace("@@@ADMINPORT@@@", TQString("%1").arg(realmconfig.admin_server_port));
+ line.replace("@@@KDCSERVER@@@", realmconfig.kdc);
+ line.replace("@@@KDCPORT@@@", TQString("%1").arg(realmconfig.kdc_port));
+ line.replace("@@@ROOTUSER@@@", rootUserName);
+ line.replace("@@@ROOTPW_SHA@@@", rootpw_hash);
+ line.replace("@@@ADMINUSER@@@", adminUserName);
+ line.replace("@@@ADMINGROUP@@@", adminGroupName);
+ line.replace("@@@ADMINPW_SHA@@@", adminpw_hash);
+ line.replace("@@@PKINIT_REQUIRE_EKU@@@", (realmconfig.pkinit_require_eku)?"yes":"no");
+ line.replace("@@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@", (realmconfig.pkinit_require_krbtgt_otherName)?"yes":"no");
+ line.replace("@@@WIN2K_PKINIT@@@", (realmconfig.win2k_pkinit)?"yes":"no");
+ line.replace("@@@WIN2K_PKINIT_REQUIRE_BINDING@@@", (realmconfig.win2k_pkinit_require_binding)?"yes":"no");
+ line.replace("@@@REALM_SIMPLE_CP_NAME@@@", simpledcnamecap);
+ line.replace("@@@REALM_SIMPLE_LC_NAME@@@", simpledcname.lower());
+ line.replace("@@@TIMESTAMP@@@", timestamp);
+ if (ldifSchemaNumber >= 0) {
+ line.replace("@@@LDIFSCHEMANUMBER@@@", TQString("%1").arg(ldifSchemaNumber));
+ }
+ ostream << line << "\n";
+ }
+ ifile.close();
+ ofile.close();
+ }
+
+ // Set permissions
+ if ((userid > 0) && (groupid > 0)) {
+ chown(outfile.ascii(), userid, groupid);
+ }
+
+ // Keep UI responsive
+ tqApp->processEvents();
}
-int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
+int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t groupid) {
+ if (command == SC_START) {
+ // FIXME
+ // This assumes Debian!
+ return system("/etc/init.d/slapd start");
+ }
+ if (command == SC_STOP) {
+ // FIXME
+ // This assumes Debian!
+ return system("/etc/init.d/slapd stop");
+ }
+ if (command == SC_RESTART) {
+ // FIXME
+ // This assumes Debian!
+ return system("/etc/init.d/slapd restart");
+ }
+ if (command == SC_PURGE) {
+ controlLDAPServer(SC_STOP);
+ // FIXME
+ // This assumes Debian!
+ system("rm -rf /var/lib/ldap/*");
+ }
+ if (command == SC_SETDBPERMS) {
+ if ((userid > 0) && (groupid > 0)) {
+ TQString command;
+ command = TQString("chown -R %1 /var/lib/ldap/*").arg(userid);
+ system(command.ascii());
+ command = TQString("chgrp -R %1 /var/lib/ldap/*").arg(groupid);
+ system(command.ascii());
+ }
+ }
+ return -2;
+}
+
+int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr) {
+ int ldifSchemaNumber;
+
ProcessingDialog pdialog(dialogparent);
pdialog.setStatusMessage(i18n("Loading data for realm deployment..."));
pdialog.raise();
@@ -237,16 +338,100 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
tqApp->processEvents();
// Find the templates
- TQString templateDir = locate("data", "kcmldapcontroller/skel");
-printf("[RAJA DEBUG 100.0] templateDir: %s\n\r", templateDir.ascii()); fflush(stdout);
+ TQString templateDir = locate("data", "kcmldapcontroller/skel/heimdal/heimdal.defaults");
+ templateDir.replace("heimdal/heimdal.defaults", "");
if (templateDir == "") {
+ if (errstr) *errstr = i18n("Unable to locate required template files");
pdialog.closeDialog();
return -1;
}
KTempDir configTempDir;
configTempDir.setAutoDelete(true);
- replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", configTempDir.name() + "heimdal/heimdal.defaults");
+configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY
+ TQString destDir = "/etc/";
+
+ mkdir(TQString(destDir + "heimdal").ascii(), S_IRUSR|S_IWUSR|S_IXUSR);
+ mkdir(TQString(destDir + "openldap").ascii(), S_IRUSR|S_IWUSR|S_IXUSR);
+ mkdir(TQString(destDir + "openldap/ldap").ascii(), S_IRUSR|S_IWUSR|S_IXUSR);
+
+ replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", destDir + "heimdal.defaults", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+ replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "kadmind.acl", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+ replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "kdc.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+ replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+
+ replacePlaceholdersInFile(templateDir + "openldap/skel.ldif", configTempDir.name() + "skel.ldif", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+ replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.conf", destDir + "ldap/slapd.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+ replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.defaults", destDir + "ldap/slapd.defaults", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+
+ struct stat sb;
+ uid_t slapd_uid = 0;
+ gid_t slapd_gid = 0;
+ if (stat(destDir + "ldap/slapd.d/cn=config/cn=schema", &sb) == 0) {
+ slapd_uid = sb.st_uid;
+ slapd_gid = sb.st_gid;
+ }
+
+ // Base database configuration
+ ldifSchemaNumber = 1;
+ replacePlaceholdersInFile(templateDir + "openldap/ldif/olcDatabase.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+
+ // Schema files
+ ldifSchemaNumber = 10;
+ replacePlaceholdersInFile(templateDir + "openldap/ldif/ems-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ems-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+ ldifSchemaNumber = 11;
+ replacePlaceholdersInFile(templateDir + "openldap/ldif/hdb.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+ ldifSchemaNumber = 12;
+ replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+
+ // Set permissions
+ chmod(TQString(destDir + "heimdal.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+ chmod(TQString(destDir + "kadmind.acl").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+ chmod(TQString(destDir + "kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+ chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+
+ chmod(TQString(configTempDir.name() + "skel.ldif").ascii(), S_IRUSR|S_IWUSR);
+ chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR);
+ chmod(TQString(destDir + "ldap/slapd.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+
+ pdialog.setStatusMessage(i18n("Purging existing LDAP database..."));
+ tqApp->processEvents();
+ controlLDAPServer(SC_PURGE);
+
+ pdialog.setStatusMessage(i18n("Loading initial database into LDAP..."));
+ tqApp->processEvents();
+
+ // Stop slapd
+ if (controlLDAPServer(SC_STOP) != 0) {
+ if (errstr) *errstr = i18n("Unable to stop LDAP server");
+ pdialog.closeDialog();
+ return -1;
+ }
+
+ // Load database
+ KProcess slapadd;
+ slapadd << "slapadd" << "-l" << configTempDir.name() + "skel.ldif";
+ slapadd.start();
+ while (slapadd.isRunning()) {
+ tqApp->processEvents();
+ }
+ if (slapadd.exitStatus() != 0) {
+ if (errstr) *errstr = i18n("Unable to import initial database into LDAP");
+ pdialog.closeDialog();
+ return -1;
+ }
+
+ controlLDAPServer(SC_SETDBPERMS, slapd_uid, slapd_gid);
+
+ pdialog.setStatusMessage(i18n("Starting LDAP server..."));
+ tqApp->processEvents();
+
+ // Start slapd
+ if (controlLDAPServer(SC_START) != 0) {
+ if (errstr) *errstr = i18n("Unable to start LDAP server");
+ pdialog.closeDialog();
+ return -1;
+ }
// RAJA FIXME
pdialog.closeDialog();