Add preliminary bonding and unbonding support

This does not yet handle PAM
pull/1/head
Timothy Pearson 13 years ago
parent 9468495702
commit 96356fea28

@ -43,6 +43,8 @@
#include <klineedit.h> #include <klineedit.h>
#include <kmessagebox.h> #include <kmessagebox.h>
#include <tdesu/process.h>
#include "ldap.h" #include "ldap.h"
#include "bondwizard.h" #include "bondwizard.h"
#include "ldappasswddlg.h" #include "ldappasswddlg.h"
@ -373,8 +375,6 @@ void LDAPConfig::processLockouts() {
} }
void LDAPConfig::bondToNewRealm() { void LDAPConfig::bondToNewRealm() {
// RAJA FIXME
// Something will probably change // Something will probably change
save(); save();
@ -390,10 +390,12 @@ void LDAPConfig::reBondToRealm() {
if (selrealm) { if (selrealm) {
TQString realmName = selrealm->text(1); TQString realmName = selrealm->text(1);
LDAPRealmConfig realmcfg = m_realms[realmName]; LDAPRealmConfig realmcfg = m_realms[realmName];
if (realmcfg.bonded == false) {
// Password prompt... // Password prompt...
TQString errorString; TQString errorString;
LDAPPasswordDialog passdlg(this); LDAPPasswordDialog passdlg(this);
passdlg.m_base->ldapAdminRealm->setEnabled(false);
passdlg.m_base->ldapAdminRealm->setText(realmName);
if (passdlg.exec() == TQDialog::Accepted) { if (passdlg.exec() == TQDialog::Accepted) {
if (bondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) { if (bondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
// Success! // Success!
@ -403,8 +405,7 @@ void LDAPConfig::reBondToRealm() {
save(); save();
} }
else { else {
KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>%1</qt>").arg(errorString), i18n("Unable to Bond to Realm")); KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>Details: %1</qt>").arg(errorString), i18n("Unable to Bond to Realm"));
}
} }
} }
} }
@ -429,6 +430,8 @@ void LDAPConfig::deactivateRealm() {
// Password prompt... // Password prompt...
TQString errorString; TQString errorString;
LDAPPasswordDialog passdlg(this); LDAPPasswordDialog passdlg(this);
passdlg.m_base->ldapAdminRealm->setEnabled(false);
passdlg.m_base->ldapAdminRealm->setText(realmName);
passdlg.m_base->passprompt->setText(i18n("Please provide LDAP realm administrator credentials below to complete the unbonding process")); passdlg.m_base->passprompt->setText(i18n("Please provide LDAP realm administrator credentials below to complete the unbonding process"));
if (passdlg.exec() == TQDialog::Accepted) { if (passdlg.exec() == TQDialog::Accepted) {
if (unbondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) { if (unbondRealm(m_realms[realmName], passdlg.m_base->ldapAdminUsername->text(), passdlg.m_base->ldapAdminPassword->password(), passdlg.m_base->ldapAdminRealm->text(), &errorString) == 0) {
@ -447,13 +450,129 @@ void LDAPConfig::deactivateRealm() {
updateRealmList(); updateRealmList();
} }
TQString readFullLineFromPtyProcess(PtyProcess* proc) {
TQString result = "";
while ((!result.contains("\n")) && (!result.contains(":"))) {
result = result + TQString(proc->readLine(false));
tqApp->processEvents();
}
return result;
}
int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) { int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
// RAJA FIXME TQCString command = "kadmin";
QCStringList args;
args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper()));
TQString hoststring = "host/"+m_fqdn;
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
prompt = kadminProc.readLine(true);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("ext "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt.endsWith(" Password:")) {
kadminProc.writeLine(adminPassword, true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
}
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
else if (prompt.endsWith("Principal does not exist")) {
kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
// Use all defaults
while (prompt != "kadmin>") {
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt.endsWith(" Password:")) {
kadminProc.writeLine(adminPassword, true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
}
if (prompt.contains("authentication failed")) {
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
else {
kadminProc.writeLine("", true);
}
}
kadminProc.writeLine(TQCString("ext "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
// Success!
kadminProc.writeLine("quit", true);
return 0;
}
else if (prompt == "kadmin>") {
// Success!
kadminProc.writeLine("quit", true);
return 0;
}
// Failure
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
if (errstr) *errstr = "Internal error. Verify that kadmin exists and can be executed.";
return 1; // Failure return 1; // Failure
} }
int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) { int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
// RAJA FIXME TQCString command = "kadmin";
QCStringList args;
args << TQCString("-p") << TQCString(adminUserName+"@"+(adminRealm.upper()));
TQString hoststring = "host/"+m_fqdn;
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
prompt = kadminProc.readLine(true);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
kadminProc.writeLine(TQCString("delete "+hoststring), true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt.endsWith(" Password:")) {
kadminProc.writeLine(adminPassword, true);
prompt = kadminProc.readLine(true); // Discard our own input
prompt = readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
}
if (prompt != "kadmin>") {
if (errstr) *errstr = prompt;
kadminProc.writeLine("quit", true);
return 1;
}
// Success!
kadminProc.writeLine("quit", true);
return 0;
}
return 1; // Failure return 1; // Failure
} }
@ -478,15 +597,11 @@ void LDAPConfig::writeKrb5ConfFile() {
stream << "\n"; stream << "\n";
// Defaults // Defaults
// FIXME
// These should be configurable!
stream << "[libdefaults]\n"; stream << "[libdefaults]\n";
stream << " ticket_lifetime = " << m_ticketLifetime << "\n"; stream << " ticket_lifetime = " << m_ticketLifetime << "\n";
if (m_defaultRealm != "") { if (m_defaultRealm != "") {
stream << " default_realm = " << m_defaultRealm << "\n"; stream << " default_realm = " << m_defaultRealm << "\n";
} }
stream << " default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n";
stream << " default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5\n";
stream << "\n"; stream << "\n";
// Realms // Realms

Loading…
Cancel
Save