Fix LDAP primary realm creation failure

Clean up build warnings
author: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2012-12-11 13:51:19 -0600
committer: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2012-12-11 13:51:19 -0600
commit: 7b7565e7f5806cd66751049fafd7ad7af9d60c12 (patch)
tree: a34ad29bb18b6699a5787fed639808846f24aaf8 /src
parent: 028defbca49f155c64e39477a934aab485100780 (diff)
download: kcmldapcontroller-7b7565e7f5806cd66751049fafd7ad7af9d60c12.tar.gz
kcmldapcontroller-7b7565e7f5806cd66751049fafd7ad7af9d60c12.zip
1 files changed, 62 insertions, 39 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 2aa3ee3..2ec4260 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -145,6 +145,18 @@ LDAPController::LDAPController(TQWidget *parent, const char *name, const TQStrin
 LDAPController::~LDAPController() {
 }
 
+void system_safe(const char * cmdstr) {
+	if (system(cmdstr) < 0) {
+		printf("[ERROR] System call to '%s' failed!\n\r", cmdstr);
+	}
+}
+
+void chown_safe(const char * file, uid_t user, gid_t group) {
+	if (chown(file, user, group) < 0) {
+		printf("[ERROR] Chown call to '%s' for %d:%d failed!\n\r", file, user, group);
+	}
+}
+
 void LDAPController::systemRoleChanged() {
 	int previousRole = m_prevRole;
 
@@ -264,8 +276,8 @@ void LDAPController::systemRoleChanged() {
 				pdialog.setStatusMessage(i18n("Purging local configuration..."));
 				tqApp->processEvents();
 
-				system(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE));
-				system(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR));
+				system_safe(TQString("rm -f %1").arg(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE));
+				system_safe(TQString("rm -rf %1").arg(TDE_CERTIFICATE_DIR));
 
 				// Write the TDE realm configuration file
 				LDAPRealmConfigList realms;
@@ -536,7 +548,6 @@ void LDAPController::btnkrbExportCert() {
 }
 
 void LDAPController::btnldapRegenerate() {
-	struct stat sb;
 	uid_t slapd_uid = 0;
 	gid_t slapd_gid = 0;
 
@@ -769,7 +780,7 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
 	
 			// Set permissions
 			if ((userid > 0) && (groupid > 0)) {
-				chown(outfile.ascii(), userid, groupid);
+				chown_safe(outfile.ascii(), userid, groupid);
 			}
 		}
 		else {
@@ -833,17 +844,17 @@ int LDAPController::controlHeimdalServer(sc_command command, uid_t userid, gid_t
 	}
 	if (command == SC_PURGE) {
 		controlHeimdalServer(SC_STOP);
-		system("rm -f " + TQString(LDAP_KEYTAB_FILE));
+		system_safe("rm -f " + TQString(LDAP_KEYTAB_FILE));
 		// FIXME
 		// This assumes Debian
-		system("rm -f /etc/krb5.keytab");
-		system("rm -rf /var/lib/heimdal-kdc/*");
+		system_safe("rm -f /etc/krb5.keytab");
+		system_safe("rm -rf /var/lib/heimdal-kdc/*");
 	}
 	if (command == SC_SETDBPERMS) {
 		if ((userid > 0) && (groupid > 0)) {
 			TQString command;
 			command = TQString("chgrp %1 " + TQString(LDAP_KEYTAB_FILE)).arg(groupid);
-			system(command.ascii());
+			system_safe(command.ascii());
 			chmod(LDAP_KEYTAB_FILE, S_IRUSR|S_IWUSR|S_IRGRP);
 		}
 	}
@@ -870,8 +881,8 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
 		controlLDAPServer(SC_STOP);
 		// FIXME
 		// This assumes Debian!
-		system("rm -rf /var/lib/ldap/*");
-		system("rm -rf /etc/ldap/slapd.d/*");
+		system_safe("rm -rf /var/lib/ldap/*");
+		system_safe("rm -rf /etc/ldap/slapd.d/*");
 	}
 	if (command == SC_SETDBPERMS) {
 		if ((userid > 0) && (groupid > 0)) {
@@ -879,21 +890,30 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
 			// This assumes Debian!
 			TQString command;
 			command = TQString("chown -R %1 /var/lib/ldap/*").arg(userid);
-			system(command.ascii());
+			system_safe(command.ascii());
 			command = TQString("chgrp -R %1 /var/lib/ldap/*").arg(groupid);
-			system(command.ascii());
+			system_safe(command.ascii());
 			command = TQString("chown -R %1 /etc/ldap/slapd.d/*").arg(userid);
-			system(command.ascii());
+			system_safe(command.ascii());
 			command = TQString("chgrp -R %1 /etc/ldap/slapd.d/*").arg(groupid);
-			system(command.ascii());
+			system_safe(command.ascii());
 		}
 	}
 	return -2;
 }
 
+// WARNING
+// kadmin does not have a standard "waiting for user input" character or sequence
+// To make matters worse, the colon does not uniquely designate the end of a line; for example the response "kadmin: ext openldap/foo.bar.baz: Principal does not exist"
+// One way around this would be to see if the first colon is part of a "kadmin:" string; if so, then the colon is not a reliable end of line indicator for the current line
+// (in fact only '\r' should be used as the end of line indicator in that case)
 TQString readFullLineFromPtyProcess(PtyProcess* proc) {
 	TQString result = "";
-	while ((!result.contains("\r")) && (!result.contains(":")) && (!result.contains(">"))) {
+	while ((!result.contains("\r")) &&
+		(!result.contains(">")) &&
+		(!((!result.contains("kadmin:")) && result.contains(":"))) &&
+		(!((result.contains("kadmin:")) && result.contains("\r")))
+		) {
 		result = result + TQString(proc->readLine(false));
 		tqApp->processEvents();
 	}
@@ -1232,9 +1252,9 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
 	// Certificate authority certificate
 	TQString command;
 	command = TQString("openssl genrsa -out %1 %2").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KEY_STRENGTH);
-	system(command);
+	system_safe(command);
 	chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR);
-	chown(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
+	chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
 
 	LDAPManager::generatePublicKerberosCACertificate(certinfo);
 
@@ -1246,9 +1266,9 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
 	kdc_keyfile.replace("@@@KDCSERVER@@@", realmconfig.kdc);
 	kdc_reqfile.replace("@@@KDCSERVER@@@", realmconfig.kdc);
 	command = TQString("openssl genrsa -out %1 %2").arg(kdc_keyfile).arg(KEY_STRENGTH);
-	system(command);
+	system_safe(command);
 	chmod(kdc_keyfile.ascii(), S_IRUSR|S_IWUSR);
-	chown(kdc_keyfile.ascii(), 0, 0);
+	chown_safe(kdc_keyfile.ascii(), 0, 0);
 
 	LDAPManager::generatePublicKerberosCertificate(certinfo, realmconfig);
 
@@ -1260,9 +1280,9 @@ int LDAPController::createRealmCertificates(LDAPCertConfig certinfo, LDAPRealmCo
 	ldap_keyfile.replace("@@@ADMINSERVER@@@", realmconfig.admin_server);
 	ldap_reqfile.replace("@@@ADMINSERVER@@@", realmconfig.admin_server);
 	command = TQString("openssl genrsa -out %1 %2").arg(ldap_keyfile).arg(KEY_STRENGTH);
-	system(command);
+	system_safe(command);
 	chmod(ldap_keyfile.ascii(), S_IRUSR|S_IWUSR);
-	chown(ldap_keyfile.ascii(), ldap_uid, ldap_gid);
+	chown_safe(ldap_keyfile.ascii(), ldap_uid, ldap_gid);
 
 	LDAPManager::generatePublicLDAPCertificate(certinfo, realmconfig, ldap_uid, ldap_gid);
 
@@ -1356,9 +1376,13 @@ int LDAPController::createNewSecondaryController(TQWidget* dialogparent, LDAPRea
 	// 2.) Bond machine to Kerberos
 	// 3.) Set up LDAP replication
 	// 4.) Point local Kerberos and SASL instances to this LDAP server
+
+	return -1;
 }
 
 int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) {
+	Q_UNUSED(adminRealm)
+
 	int ldifSchemaNumber;
 
 	ProcessingDialog pdialog(dialogparent);
@@ -1453,15 +1477,14 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	// FIXME
 	// This assumes Debian!
 	// Grant LDAP access to SASL mux pipe
-	system("dpkg-statoverride --remove --quiet /var/run/saslauthd");
-	system(TQString("dpkg-statoverride --add root %1 710 /var/run/saslauthd").arg(m_ldapGroupName).ascii());
+	system_safe("dpkg-statoverride --remove --quiet /var/run/saslauthd");
+	system_safe(TQString("dpkg-statoverride --add root %1 710 /var/run/saslauthd").arg(m_ldapGroupName).ascii());
 
 	// FIXME
 	// This assumes Debian!
-	system("ln -s /etc/heimdal-kdc/kadmind.acl /var/lib/heimdal-kdc/kadmind.acl");
-	system("ln -s /etc/heimdal-kdc/kdc.conf /var/lib/heimdal-kdc/kdc.conf");
+	system_safe("ln -s /etc/heimdal-kdc/kadmind.acl /var/lib/heimdal-kdc/kadmind.acl");
+	system_safe("ln -s /etc/heimdal-kdc/kdc.conf /var/lib/heimdal-kdc/kdc.conf");
 
-	struct stat sb;
 	uid_t slapd_uid = 0;
 	gid_t slapd_gid = 0;
 
@@ -1511,7 +1534,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	// Set permissions
 	chmod(TQString(HEIMDAL_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
 	chmod(TQString(HEIMDAL_ACL_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
-	chown(TQString(HEIMDAL_ACL_FILE).ascii(), slapd_uid, 0);
+	chown_safe(TQString(HEIMDAL_ACL_FILE).ascii(), slapd_uid, 0);
 	chmod(TQString(destDir + "heimdal-kdc/kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
 	chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
 
@@ -1552,31 +1575,31 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 		// There has GOT to be a better way to do this than system()!!!
 		TQString command;
 		command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_pem).arg(KERBEROS_PKI_PEMKEY_FILE);
-		system(command);
+		system_safe(command);
 		command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_pemkey).arg(KERBEROS_PKI_PEM_FILE);
-		system(command);
+		system_safe(command);
 		command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_crt).arg(kdc_certfile);
-		system(command);
+		system_safe(command);
 		command = TQString("cp %1 %2").arg(certinfo.provided_kerberos_key).arg(kdc_keyfile);
-		system(command);
+		system_safe(command);
 		command = TQString("cp %1 %2").arg(certinfo.provided_ldap_crt).arg(ldap_certfile);
-		system(command);
+		system_safe(command);
 		command = TQString("cp %1 %2").arg(certinfo.provided_ldap_key).arg(ldap_keyfile);
-		system(command);
+		system_safe(command);
 
 		// Set permissions
 		chmod(KERBEROS_PKI_PEMKEY_FILE, S_IRUSR|S_IWUSR);
-		chown(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
+		chown_safe(KERBEROS_PKI_PEMKEY_FILE, 0, 0);
 		chmod(KERBEROS_PKI_PEM_FILE, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
-		chown(KERBEROS_PKI_PEM_FILE, 0, 0);
+		chown_safe(KERBEROS_PKI_PEM_FILE, 0, 0);
 		chmod(kdc_keyfile.ascii(), S_IRUSR|S_IWUSR);
-		chown(kdc_keyfile.ascii(), 0, 0);
+		chown_safe(kdc_keyfile.ascii(), 0, 0);
 		chmod(kdc_certfile.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
-		chown(kdc_certfile.ascii(), 0, 0);
+		chown_safe(kdc_certfile.ascii(), 0, 0);
 		chmod(ldap_keyfile.ascii(), S_IRUSR|S_IWUSR);
-		chown(ldap_keyfile.ascii(), slapd_uid, slapd_gid);
+		chown_safe(ldap_keyfile.ascii(), slapd_uid, slapd_gid);
 		chmod(ldap_certfile.ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
-		chown(ldap_certfile.ascii(), slapd_uid, slapd_gid);
+		chown_safe(ldap_certfile.ascii(), slapd_uid, slapd_gid);
 	}
 
 	pdialog.setStatusMessage(i18n("Loading initial database into LDAP..."));
author	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2012-12-11 13:51:19 -0600
committer	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2012-12-11 13:51:19 -0600
commit	7b7565e7f5806cd66751049fafd7ad7af9d60c12 (patch)
tree	a34ad29bb18b6699a5787fed639808846f24aaf8 /src
parent	028defbca49f155c64e39477a934aab485100780 (diff)
download	kcmldapcontroller-7b7565e7f5806cd66751049fafd7ad7af9d60c12.tar.gz kcmldapcontroller-7b7565e7f5806cd66751049fafd7ad7af9d60c12.zip