Fix kadmin communication

author: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2012-07-08 23:25:39 -0500
committer: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2012-07-08 23:25:39 -0500
commit: 0e555d663735a59d5a62c12e26360ce88d709535 (patch)
tree: 4026376b88bb757007d8af5d18c4ea070e1c4684
parent: 9f25f4b6624da216c9c34e93f1c605803fb2031e (diff)
download: kcmldapcontroller-0e555d66.tar.gz
kcmldapcontroller-0e555d66.zip
1 files changed, 109 insertions, 50 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 38089b0..2aa3ee3 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -270,6 +270,7 @@ void LDAPController::systemRoleChanged() {
 				// Write the TDE realm configuration file
 				LDAPRealmConfigList realms;
 				LDAPManager::writeTDERealmList(realms, m_systemconfig);
+				m_systemconfig->setGroup(NULL);
 				m_systemconfig->deleteEntry("DefaultRealm");
 				m_systemconfig->sync();
 
@@ -285,7 +286,7 @@ void LDAPController::systemRoleChanged() {
 }
 
 void LDAPController::processLockouts() {
-	bool enabled = true;
+	bool enabled = m_base->systemEnableSupport->isChecked();
 	bool canChangeLDAPEnabled = true;
 
 	if (getuid() != 0 || !m_systemconfig->checkConfigFilesWritable( true )) {
@@ -892,10 +893,12 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
 
 TQString readFullLineFromPtyProcess(PtyProcess* proc) {
 	TQString result = "";
-	while ((!result.contains("\n")) && (!result.contains(":")) && (!result.contains(">"))) {
+	while ((!result.contains("\r")) && (!result.contains(":")) && (!result.contains(">"))) {
 		result = result + TQString(proc->readLine(false));
 		tqApp->processEvents();
 	}
+	result.replace("\n", "");
+	result.replace("\r", "");
 	return result;
 }
 
@@ -906,13 +909,17 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
 
 	TQString prompt;
 	PtyProcess kadminProc;
+	kadminProc.enableLocalEcho(false);
 	kadminProc.exec(command, args);
-	prompt = kadminProc.readLine(true);
+	prompt = readFullLineFromPtyProcess(&kadminProc);
 	prompt = prompt.stripWhiteSpace();
 	if (prompt == "kadmin>") {
-		kadminProc.writeLine(TQCString("init "+realmName), true);
-		prompt = kadminProc.readLine(true);	// Discard our own input
-		prompt = readFullLineFromPtyProcess(&kadminProc);
+		command = TQCString("init "+realmName);
+		kadminProc.writeLine(command, true);
+		do { // Discard our own input
+			prompt = readFullLineFromPtyProcess(&kadminProc);
+			printf("(kadmin) '%s'\n\r", prompt.ascii());
+		} while (prompt == TQString(command));
 		prompt = prompt.stripWhiteSpace();
 		if (prompt.contains("authentication failed")) {
 			if (errstr) *errstr = prompt;
@@ -920,14 +927,20 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
 			return 1;
 		}
 		else if (prompt.startsWith("Realm max")) {
-			kadminProc.writeLine("unlimited", true);
-			prompt = kadminProc.readLine(true);	// Discard our own input
-			prompt = readFullLineFromPtyProcess(&kadminProc);
+			command = "unlimited";
+			kadminProc.writeLine(command, true);
+			do { // Discard our own input
+				prompt = readFullLineFromPtyProcess(&kadminProc);
+				printf("(kadmin) '%s'\n\r", prompt.ascii());
+			} while (prompt == TQString(command));
 			prompt = prompt.stripWhiteSpace();
 			if (prompt.startsWith("Realm max")) {
-				kadminProc.writeLine("unlimited", true);
-				prompt = kadminProc.readLine(true);	// Discard our own input
-				prompt = readFullLineFromPtyProcess(&kadminProc);
+				command = "unlimited";
+				kadminProc.writeLine(command, true);
+				do { // Discard our own input
+					prompt = readFullLineFromPtyProcess(&kadminProc);
+					printf("(kadmin) '%s'\n\r", prompt.ascii());
+				} while (prompt == TQString(command));
 				prompt = prompt.stripWhiteSpace();
 			}
 			if (prompt != "kadmin>") {
@@ -961,12 +974,15 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
 	TQString prompt;
 	PtyProcess kadminProc;
 	kadminProc.exec(command, args);
-	prompt = kadminProc.readLine(true);
+	prompt = readFullLineFromPtyProcess(&kadminProc);
 	prompt = prompt.stripWhiteSpace();
 	if (prompt == "kadmin>") {
-		kadminProc.writeLine(TQCString("ext "+hoststring), true);
-		prompt = kadminProc.readLine(true);	// Discard our own input
-		prompt = readFullLineFromPtyProcess(&kadminProc);
+		command = TQCString("ext "+hoststring);
+		kadminProc.writeLine(command, true);
+		do { // Discard our own input
+			prompt = readFullLineFromPtyProcess(&kadminProc);
+			printf("(kadmin) '%s'\n\r", prompt.ascii());
+		} while (prompt == TQString(command));
 		prompt = prompt.stripWhiteSpace();
 		if (prompt.contains("authentication failed")) {
 			if (errstr) *errstr = prompt;
@@ -974,10 +990,20 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
 			return 1;
 		}
 		else if (prompt.endsWith("Principal does not exist")) {
-			kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
-			prompt = kadminProc.readLine(true);	// Discard our own input
 			prompt = readFullLineFromPtyProcess(&kadminProc);
 			prompt = prompt.stripWhiteSpace();
+			if (prompt != "kadmin>") {
+				if (errstr) *errstr = prompt;
+				kadminProc.writeLine("quit", true);
+				return 1;
+			}
+			command = TQCString("ank --random-key "+hoststring);
+			kadminProc.writeLine(command, true);
+			do { // Discard our own input
+				prompt = readFullLineFromPtyProcess(&kadminProc);
+				printf("(kadmin) '%s'\n\r", prompt.ascii());
+			} while (prompt == TQString(command));
+			prompt = prompt.stripWhiteSpace();
 			// Use all defaults
 			while (prompt != "kadmin>") {
 				if (prompt.contains("authentication failed")) {
@@ -994,15 +1020,21 @@ int LDAPController::addHostEntryToKerberosRealm(TQString kerberosHost, TQString
 						leftbracket++;
 						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
 					}
-					kadminProc.writeLine(TQCString(defaultParam), true);
-					prompt = kadminProc.readLine(true);	// Discard our own input
-					prompt = kadminProc.readLine(true);
+					command = TQCString(defaultParam);
+					kadminProc.writeLine(command, true);
+					do { // Discard our own input
+						prompt = readFullLineFromPtyProcess(&kadminProc);
+						printf("(kadmin) '%s'\n\r", prompt.ascii());
+					} while (prompt == TQString(command));
 					prompt = prompt.stripWhiteSpace();
 				}
 			}
-			kadminProc.writeLine(TQCString("ext "+hoststring), true);
-			prompt = kadminProc.readLine(true);	// Discard our own input
-			prompt = readFullLineFromPtyProcess(&kadminProc);
+			command = TQCString("ext "+hoststring);
+			kadminProc.writeLine(command, true);
+			do { // Discard our own input
+				prompt = readFullLineFromPtyProcess(&kadminProc);
+				printf("(kadmin) '%s'\n\r", prompt.ascii());
+			} while (prompt == TQString(command));
 			prompt = prompt.stripWhiteSpace();
 			if (prompt != "kadmin>") {
 				if (errstr) *errstr = prompt;
@@ -1040,12 +1072,15 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
 	TQString prompt;
 	PtyProcess kadminProc;
 	kadminProc.exec(command, args);
-	prompt = kadminProc.readLine(true);
+	prompt = readFullLineFromPtyProcess(&kadminProc);
 	prompt = prompt.stripWhiteSpace();
 	if (prompt == "kadmin>") {
-		kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true);
-		prompt = kadminProc.readLine(true);	// Discard our own input
-		prompt = readFullLineFromPtyProcess(&kadminProc);
+		command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
+		kadminProc.writeLine(command, true);
+		do { // Discard our own input
+			prompt = readFullLineFromPtyProcess(&kadminProc);
+			printf("(kadmin) '%s'\n\r", prompt.ascii());
+		} while (prompt.startsWith("ext --keytab="));
 		prompt = prompt.stripWhiteSpace();
 		if (prompt.contains("authentication failed")) {
 			if (errstr) *errstr = prompt;
@@ -1053,10 +1088,20 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
 			return 1;
 		}
 		else if (prompt.endsWith("Principal does not exist")) {
-			kadminProc.writeLine(TQCString("ank --random-key "+hoststring), true);
-			prompt = kadminProc.readLine(true);	// Discard our own input
 			prompt = readFullLineFromPtyProcess(&kadminProc);
 			prompt = prompt.stripWhiteSpace();
+			if (prompt != "kadmin>") {
+				if (errstr) *errstr = prompt;
+				kadminProc.writeLine("quit", true);
+				return 1;
+			}
+			command = TQCString("ank --random-key "+hoststring);
+			kadminProc.writeLine(command, true);
+			do { // Discard our own input
+				prompt = readFullLineFromPtyProcess(&kadminProc);
+				printf("(kadmin) '%s'\n\r", prompt.ascii());
+			} while (prompt == TQString(command));
+			prompt = prompt.stripWhiteSpace();
 			// Use all defaults
 			while (prompt != "kadmin>") {
 				if (prompt.contains("authentication failed")) {
@@ -1073,15 +1118,21 @@ int LDAPController::addLDAPEntryToKerberosRealm(TQString ldapProcessOwnerName, T
 						leftbracket++;
 						defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
 					}
-					kadminProc.writeLine(TQCString(defaultParam), true);
-					prompt = kadminProc.readLine(true);	// Discard our own input
-					prompt = kadminProc.readLine(true);
+					command = TQCString(defaultParam);
+					kadminProc.writeLine(command, true);
+					do { // Discard our own input
+						prompt = readFullLineFromPtyProcess(&kadminProc);
+						printf("(kadmin) '%s'\n\r", prompt.ascii());
+					} while (prompt == TQString(command));
 					prompt = prompt.stripWhiteSpace();
 				}
 			}
-			kadminProc.writeLine(TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring), true);
-			prompt = kadminProc.readLine(true);	// Discard our own input
-			prompt = readFullLineFromPtyProcess(&kadminProc);
+			command = TQCString("ext --keytab="+TQString(LDAP_KEYTAB_FILE)+" "+hoststring);
+			kadminProc.writeLine(command, true);
+			do { // Discard our own input
+				prompt = readFullLineFromPtyProcess(&kadminProc);
+				printf("(kadmin) '%s'\n\r", prompt.ascii());
+			} while (prompt.startsWith("ext --keytab="));
 			prompt = prompt.stripWhiteSpace();
 			if (prompt != "kadmin>") {
 				if (errstr) *errstr = prompt;
@@ -1121,12 +1172,15 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
 	TQString prompt;
 	PtyProcess kadminProc;
 	kadminProc.exec(command, args);
-	prompt = kadminProc.readLine(true);
+	prompt = readFullLineFromPtyProcess(&kadminProc);
 	prompt = prompt.stripWhiteSpace();
 	if (prompt == "kadmin>") {
-		kadminProc.writeLine(TQCString("passwd "+user.username), true);
-		prompt = kadminProc.readLine(true);	// Discard our own input
-		prompt = readFullLineFromPtyProcess(&kadminProc);
+		command = TQCString("passwd "+user.username);
+		kadminProc.writeLine(command, true);
+		do { // Discard our own input
+			prompt = readFullLineFromPtyProcess(&kadminProc);
+			printf("(kadmin) '%s'\n\r", prompt.ascii());
+		} while (prompt == TQString(command));
 		prompt = prompt.stripWhiteSpace();
 		if (prompt.contains("authentication failed")) {
 			if (errstr) *errstr = prompt;
@@ -1135,13 +1189,17 @@ int LDAPController::setKerberosPasswordForUser(LDAPCredentials user, TQString *e
 		}
 		else if ((prompt.endsWith(" Password:")) && (prompt.startsWith(TQString(user.username + "@")))) {
 			kadminProc.writeLine(user.password, true);
-			prompt = kadminProc.readLine(true);	// Discard our own input
-			prompt = kadminProc.readLine(true);
+			do { // Discard our own input
+				prompt = readFullLineFromPtyProcess(&kadminProc);
+				printf("(kadmin) '%s'\n\r", prompt.ascii());
+			} while (prompt == "");
 			prompt = prompt.stripWhiteSpace();
 			if ((prompt.endsWith(" Password:")) && (prompt.startsWith("Verify"))) {
 				kadminProc.writeLine(user.password, true);
-				prompt = kadminProc.readLine(true);	// Discard our own input
-				prompt = kadminProc.readLine(true);
+				do { // Discard our own input
+					prompt = readFullLineFromPtyProcess(&kadminProc);
+					printf("(kadmin) '%s'\n\r", prompt.ascii());
+				} while (prompt == "");
 				prompt = prompt.stripWhiteSpace();
 			}
 			if (prompt != "kadmin>") {
@@ -1560,25 +1618,25 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 
 	TQString errorstring;
 	if (initializeNewKerberosRealm(realmconfig.name.upper(), &errorstring) != 0) {
-		if (errstr) *errstr = i18n("Unable to initialize Kerberos database").append(errorstring);
+		if (errstr) *errstr = i18n("Unable to initialize Kerberos database<p>").append(errorstring);
 		pdialog.closeDialog();
 		return -1;
 	}
 
 	if (addHostEntryToKerberosRealm(realmconfig.kdc, &errorstring) != 0) {
-		if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database").arg(m_ldapUserName).append(errorstring);
+		if (errstr) *errstr = i18n("Unable to add KDC server entry to Kerberos database<p>").append(errorstring);
 		pdialog.closeDialog();
 		return -1;
 	}
 
 	if (addLDAPEntryToKerberosRealm(m_ldapUserName, realmconfig.admin_server, &errorstring) != 0) {
-		if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database").arg(m_ldapUserName).append(errorstring);
+		if (errstr) *errstr = i18n("Unable to add %1 entry to Kerberos database<p>").arg(m_ldapUserName).append(errorstring);
 		pdialog.closeDialog();
 		return -1;
 	}
 
 	if (addLDAPEntryToKerberosRealm("ldap", realmconfig.admin_server, &errorstring) != 0) {
-		if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database").append(errorstring);
+		if (errstr) *errstr = i18n("Unable to add LDAP entry to Kerberos database<p>").append(errorstring);
 		pdialog.closeDialog();
 		return -1;
 	}
@@ -1627,7 +1685,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	if (setKerberosPasswordForUser(adminuser, &errorstring) != 0) {
 		delete ldap_mgr;
 		delete credentials;
-		if (errstr) *errstr = i18n("Unable to set user password in Kerberos database").append(errorstring);
+		if (errstr) *errstr = i18n("Unable to set user password in Kerberos database<p>").append(errorstring);
 		pdialog.closeDialog();
 		return -1;
 	}
@@ -1639,6 +1697,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	LDAPRealmConfigList realms;
 	realms.insert(realmconfig.name, realmconfig);
 	LDAPManager::writeTDERealmList(realms, m_systemconfig);
+	m_systemconfig->setGroup(NULL);
 	m_systemconfig->writeEntry("DefaultRealm", realmconfig.name);
 	m_systemconfig->sync();
 
@@ -1648,7 +1707,7 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	if (ldap_mgr->writeSudoersConfFile(&errorstring) != 0) {
 		delete ldap_mgr;
 		delete credentials;
-		if (errstr) *errstr = i18n("Unable to set local sudo rights").append(errorstring);
+		if (errstr) *errstr = i18n("Unable to set local sudo rights<p>").append(errorstring);
 		pdialog.closeDialog();
 		return -1;
 	}
author	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2012-07-08 23:25:39 -0500
committer	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2012-07-08 23:25:39 -0500
commit	0e555d663735a59d5a62c12e26360ce88d709535 (patch)
tree	4026376b88bb757007d8af5d18c4ea070e1c4684
parent	9f25f4b6624da216c9c34e93f1c605803fb2031e (diff)
download	kcmldapcontroller-0e555d66.tar.gz kcmldapcontroller-0e555d66.zip