diff options
Diffstat (limited to 'src/ldapbonding.cpp')
| -rw-r--r-- | src/ldapbonding.cpp | 122 | 
1 files changed, 64 insertions, 58 deletions
| diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp index 4c2393b..de5c99b 100644 --- a/src/ldapbonding.cpp +++ b/src/ldapbonding.cpp @@ -257,22 +257,27 @@ void LDAPConfig::save() {  		// Write the cron files  		LDAPManager::writeCronFiles(); -		// Bind anonymously to LDAP -		LDAPCredentials* credentials = new LDAPCredentials; -		credentials->username = ""; -		credentials->password = ""; -		credentials->realm = m_defaultRealm.upper(); -		LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials); - -		// Add the domain-wide computer local admin group to local sudoers -		ldap_mgr->writeSudoersConfFile(&errorstring); -		// Get and install the CA root certificate from LDAP -		mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); -		mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); -		ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring); - -		delete ldap_mgr; -		delete credentials; +		if (m_defaultRealm != "") { +			// Bind anonymously to LDAP +			LDAPCredentials* credentials = new LDAPCredentials; +			credentials->username = ""; +			credentials->password = ""; +			credentials->realm = m_defaultRealm.upper(); +			credentials->use_tls = false; +			LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), TQString("ldap://%1").arg(m_realms[m_defaultRealm].admin_server).ascii(), credentials); +	 +			// Add the domain-wide computer local admin group to local sudoers +			ldap_mgr->writeSudoersConfFile(&errorstring); +			// Get and install the CA root certificate from LDAP +			mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); +			mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); +			if (ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring) != 0) { +				KMessageBox::sorry(this, i18n("<qt><b>Unable to obtain root certificate for realm %1!</b><p>Details: %2</qt>").arg(m_defaultRealm.upper()).arg(errorstring), i18n("Unable to Obtain Certificate")); +			} +	 +			delete ldap_mgr; +			delete credentials; +		}  	}  	load(); @@ -390,33 +395,6 @@ void LDAPConfig::deactivateRealm() {  	updateRealmList();  } -// WARNING -// kadmin does not have a standard "waiting for user input" character or sequence -// To make matters worse, the colon does not uniquely designate the end of a line; for example the response "kadmin: ext openldap/foo.bar.baz: Principal does not exist" -// One way around this would be to see if the first colon is part of a "kadmin:" string; if so, then the colon is not a reliable end of line indicator for the current line -// (in fact only '\r' should be used as the end of line indicator in that case) -TQString readFullLineFromPtyProcess(PtyProcess* proc) { -	TQString result = ""; -	while ((!result.contains("\r")) && -		(!result.contains(">")) && -		(!((!result.contains("kadmin:")) && result.contains(":"))) && -		(!((result.contains("kadmin:")) && result.contains("\r"))) -		) { -		result = result + TQString(proc->readLine(false)); -		tqApp->processEvents(); -		if (!TQFile::exists(TQString("/proc/%1/exe").arg(proc->pid()))) { -			result.replace("\n", ""); -			result.replace("\r", ""); -			if (result == "") { -				result = "TDE process terminated"; -			} -			break; -		} -	} -	result.replace("\n", ""); -	result.replace("\r", ""); -	return result; -}  int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {  	TQCString command = "kadmin";  	QCStringList args; @@ -427,49 +405,63 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons  	TQString prompt;  	PtyProcess kadminProc;  	kadminProc.exec(command, args); -	prompt = readFullLineFromPtyProcess(&kadminProc); +	prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  	prompt = prompt.stripWhiteSpace();  	if (prompt == "kadmin>") {  		command = TQCString("ext "+hoststring); +		kadminProc.enableLocalEcho(false);  		kadminProc.writeLine(command, true);  		do { // Discard our own input -			prompt = readFullLineFromPtyProcess(&kadminProc); +			prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  			printf("(kadmin) '%s'\n\r", prompt.ascii());  		} while (prompt == TQString(command));  		prompt = prompt.stripWhiteSpace();  		if (prompt.endsWith(" Password:")) { +			kadminProc.enableLocalEcho(false);  			kadminProc.writeLine(adminPassword, true);  			do { // Discard our own input -				prompt = readFullLineFromPtyProcess(&kadminProc); +				prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  				printf("(kadmin) '%s'\n\r", prompt.ascii());  			} while (prompt == "");  			prompt = prompt.stripWhiteSpace();  		}  		if (prompt.contains("authentication failed")) { -			if (errstr) *errstr = prompt; +			if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); +			kadminProc.enableLocalEcho(false);  			kadminProc.writeLine("quit", true);  			return 1;  		}  		else if (prompt.endsWith("Principal does not exist")) { +			// Wait for kadmin to be ready for the next command +			if (!prompt.contains("kadmin>")) { +				prompt = ""; +			} +			while (prompt == "") { +				prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); +				printf("(kadmin) '%s'\n\r", prompt.ascii()); +			}  			command = TQCString("ank --random-key "+hoststring); +			kadminProc.enableLocalEcho(false);  			kadminProc.writeLine(command, true);  			do { // Discard our own input -				prompt = readFullLineFromPtyProcess(&kadminProc); +				prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  				printf("(kadmin) '%s'\n\r", prompt.ascii());  			} while (prompt == TQString(command));  			prompt = prompt.stripWhiteSpace();  			// Use all defaults  			while (prompt != "kadmin>") {  				if (prompt.endsWith(" Password:")) { +					kadminProc.enableLocalEcho(false);  					kadminProc.writeLine(adminPassword, true);  					do { // Discard our own input -						prompt = readFullLineFromPtyProcess(&kadminProc); +						prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  						printf("(kadmin) '%s'\n\r", prompt.ascii());  					} while (prompt == "");  					prompt = prompt.stripWhiteSpace();  				}  				if (prompt.contains("authentication failed")) { -					if (errstr) *errstr = prompt; +					if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); +					kadminProc.enableLocalEcho(false);  					kadminProc.writeLine("quit", true);  					return 1;  				} @@ -483,45 +475,55 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons  						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);  					}  					command = TQCString(defaultParam); +					kadminProc.enableLocalEcho(false);  					kadminProc.writeLine(command, true);  					do { // Discard our own input -						prompt = readFullLineFromPtyProcess(&kadminProc); +						prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  						printf("(kadmin) '%s'\n\r", prompt.ascii());  					} while (prompt == TQString(command));  					prompt = prompt.stripWhiteSpace();  				}  			}  			command = TQCString("ext "+hoststring); +			kadminProc.enableLocalEcho(false);  			kadminProc.writeLine(command, true);  			do { // Discard our own input -				prompt = readFullLineFromPtyProcess(&kadminProc); +				prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  				printf("(kadmin) '%s'\n\r", prompt.ascii());  			} while (prompt == TQString(command));  			prompt = prompt.stripWhiteSpace();  			if (prompt != "kadmin>") { -				if (errstr) *errstr = prompt; +				if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); +				kadminProc.enableLocalEcho(false);  				kadminProc.writeLine("quit", true);  				return 1;  			}  			// Success! +			kadminProc.enableLocalEcho(false);  			kadminProc.writeLine("quit", true);  			realmcfg.bonded = true; +			m_realms.remove(realmcfg.name); +			m_realms.insert(realmcfg.name, realmcfg);  			save();  			return 0;  		}  		else if (prompt == "kadmin>") {  			// Success! +			kadminProc.enableLocalEcho(false);  			kadminProc.writeLine("quit", true);  			realmcfg.bonded = true; +			m_realms.remove(realmcfg.name); +			m_realms.insert(realmcfg.name, realmcfg);  			save();  			return 0;  		}  		// Failure -		if (errstr) *errstr = prompt; +		if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); +		kadminProc.enableLocalEcho(false);  		kadminProc.writeLine("quit", true);  		return 1;  	} @@ -542,31 +544,35 @@ int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, co  	TQString prompt;  	PtyProcess kadminProc;  	kadminProc.exec(command, args); -	prompt = readFullLineFromPtyProcess(&kadminProc); +	prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  	prompt = prompt.stripWhiteSpace();  	if (prompt == "kadmin>") {  		command = TQCString("delete "+hoststring); +		kadminProc.enableLocalEcho(false);  		kadminProc.writeLine(command, true);  		do { // Discard our own input -			prompt = readFullLineFromPtyProcess(&kadminProc); +			prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  			printf("(kadmin) '%s'\n\r", prompt.ascii());  		} while (prompt == TQString(command));  		prompt = prompt.stripWhiteSpace();  		if (prompt.endsWith(" Password:")) { +			kadminProc.enableLocalEcho(false);  			kadminProc.writeLine(adminPassword, true);  			do { // Discard our own input -				prompt = readFullLineFromPtyProcess(&kadminProc); +				prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);  				printf("(kadmin) '%s'\n\r", prompt.ascii());  			} while (prompt == "");  			prompt = prompt.stripWhiteSpace();  		}  		if (prompt != "kadmin>") { -			if (errstr) *errstr = prompt; +			if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); +			kadminProc.enableLocalEcho(false);  			kadminProc.writeLine("quit", true);  			return 1;  		}  		// Success! +		kadminProc.enableLocalEcho(false);  		kadminProc.writeLine("quit", true);  		return 0;  	} | 
