|
|
@@ -0,0 +1,246 @@
|
|
|
+/*##############################################################################
|
|
|
+
|
|
|
+ HPCC SYSTEMS software Copyright (C) 2014 HPCC Systems.
|
|
|
+
|
|
|
+ Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
+ you may not use this file except in compliance with the License.
|
|
|
+ You may obtain a copy of the License at
|
|
|
+
|
|
|
+ http://www.apache.org/licenses/LICENSE-2.0
|
|
|
+
|
|
|
+ Unless required by applicable law or agreed to in writing, software
|
|
|
+ distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
+ See the License for the specific language governing permissions and
|
|
|
+ limitations under the License.
|
|
|
+############################################################################## */
|
|
|
+#include "ldapsecurity.ipp"
|
|
|
+#include "ldapsecurity.hpp"
|
|
|
+#include "build-config.h"
|
|
|
+
|
|
|
+#ifndef _WIN32
|
|
|
+#include <unistd.h>
|
|
|
+#endif
|
|
|
+
|
|
|
+
|
|
|
+//-----------------------------------------------------
|
|
|
+//
|
|
|
+//-----------------------------------------------------
|
|
|
+void usage()
|
|
|
+{
|
|
|
+ fprintf(stdout, "\nUsage: initldap");
|
|
|
+ fprintf(stdout, "\n\n\tinitldap creates an initial HPCC Admin user account\n\tand all HPCC organization units, using the setting entered into configmanager 'LDAPServer' component\n");
|
|
|
+ fprintf(stdout, "\n");
|
|
|
+}
|
|
|
+
|
|
|
+//-----------------------------------------------------
|
|
|
+//
|
|
|
+//-----------------------------------------------------
|
|
|
+bool initLDAP(IPropertyTree * ldapProps)
|
|
|
+{
|
|
|
+ StringAttr serverType( ldapProps->queryProp("@serverType") );
|
|
|
+ if (!serverType.length())
|
|
|
+ {
|
|
|
+ fprintf(stderr, "\nERROR: serverType not set in LDAPServer component");
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ StringBuffer hpccUser;
|
|
|
+ StringBuffer hpccPwd;
|
|
|
+ ldapProps->getProp("@systemUser", hpccUser);
|
|
|
+ ldapProps->getProp("@systemPassword", hpccPwd);
|
|
|
+ if (0==hpccUser.length() || 0==hpccPwd.length())
|
|
|
+ {
|
|
|
+ fprintf(stderr, "\nERROR: HPCC systemUser credentials not found in configuration");
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ StringBuffer ldapAddress;
|
|
|
+ ldapProps->getProp("@ldapAddress", ldapAddress);
|
|
|
+
|
|
|
+ //Get LDAP admin creds from user
|
|
|
+ char buff[100];
|
|
|
+ fprintf(stdout, "\nEnter the '%s' LDAP Admin User name on '%s'...",serverType.get(),ldapAddress.str());
|
|
|
+ do
|
|
|
+ {
|
|
|
+ fgets(buff, sizeof(buff), stdin);
|
|
|
+ }
|
|
|
+ while (buff[0] == (char)'\n');
|
|
|
+
|
|
|
+ if (buff[strlen(buff)-1] == '\n')
|
|
|
+ buff[strlen(buff)-1] = (char)NULL;
|
|
|
+ StringAttr ldapUser(buff);
|
|
|
+
|
|
|
+ fprintf(stdout, "Enter the LDAP Admin user '%s' password...",ldapUser.get());
|
|
|
+ fgets(buff, sizeof(buff), stdin);
|
|
|
+ if (buff[strlen(buff)-1] == '\n')
|
|
|
+ buff[strlen(buff)-1] = (char)NULL;
|
|
|
+ StringAttr ldapPwd(buff);
|
|
|
+ if (0==ldapUser.length() || 0==ldapPwd.length())
|
|
|
+ {
|
|
|
+ fprintf(stderr, "\nERROR: Invalid LDAP Admin account credentials entered");
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ fprintf(stdout, "\nReady to initialize HPCC LDAP Environment, using the following settings");
|
|
|
+ fprintf(stdout, "\n\tLDAP Server : %s", ldapAddress.str());
|
|
|
+ fprintf(stdout, "\n\tLDAP Type : %s", serverType.get());
|
|
|
+ fprintf(stdout, "\n\tHPCC Admin User : %s", hpccUser.str());
|
|
|
+ fprintf(stdout, "\nProceed? y/n ");
|
|
|
+ for (;;)
|
|
|
+ {
|
|
|
+ int c = getchar();
|
|
|
+ if (c == 'y' || c == 'Y')
|
|
|
+ break;
|
|
|
+ else if (c == 'n' || c == 'N')
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (stricmp(serverType.get(),"ActiveDirectory"))
|
|
|
+ ldapProps->setProp("@systemBasedn", "");
|
|
|
+
|
|
|
+ //Replace system user with LDAP Admin credentials
|
|
|
+ ldapProps->setProp("@systemUser", ldapUser);
|
|
|
+ ldapProps->setProp("@systemCommonName", ldapUser);
|
|
|
+ StringBuffer sb;
|
|
|
+ encrypt(sb,ldapPwd);
|
|
|
+ ldapProps->setProp("@systemPassword", sb.str());
|
|
|
+
|
|
|
+ //Create security manager. This creates the required OUs
|
|
|
+ Owned<ISecManager> secMgr;
|
|
|
+ try
|
|
|
+ {
|
|
|
+ secMgr.setown(newLdapSecManager("initldap", *LINK(ldapProps)));
|
|
|
+ }
|
|
|
+ catch(IException *e)
|
|
|
+ {
|
|
|
+ StringBuffer buff;
|
|
|
+ e->errorMessage(buff);
|
|
|
+ e->Release();
|
|
|
+ fprintf(stderr, "\nERROR: Unable to create security manager : %s", buff.str());
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ //Create HPCC Admin user
|
|
|
+ Owned<ISecUser> user = secMgr->createUser(hpccUser.str());
|
|
|
+ StringBuffer pwd;
|
|
|
+ decrypt(pwd, hpccPwd.str());
|
|
|
+ user->credentials().setPassword(pwd.str());
|
|
|
+ try { secMgr->addUser(*user.get()); }
|
|
|
+ catch(...) {}//user may already exist, so just move on
|
|
|
+
|
|
|
+ //Add HPCC admin user to Administrators group
|
|
|
+ CLdapSecManager* ldapSecMgr = dynamic_cast<CLdapSecManager*>(secMgr.get());
|
|
|
+ if (!ldapSecMgr)
|
|
|
+ {
|
|
|
+ fprintf(stderr, "\nERROR: Unable to access CLdapSecManager object");
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ StringAttr adminGroup;
|
|
|
+ bool isActiveDir = true;
|
|
|
+ if (0 == stricmp(serverType.get(),"ActiveDirectory"))
|
|
|
+ adminGroup.set("Administrators");
|
|
|
+ else
|
|
|
+ adminGroup.set("Directory Administrators");
|
|
|
+ try { ldapSecMgr->changeUserGroup("add", hpccUser.str(), adminGroup); }
|
|
|
+ catch(...) {}//user may already be in group so just move on
|
|
|
+
|
|
|
+ fprintf(stdout, "\n\nLDAP Initialization successful\n");
|
|
|
+ return true;
|
|
|
+}
|
|
|
+
|
|
|
+//-----------------------------------------------------
|
|
|
+//
|
|
|
+//-----------------------------------------------------
|
|
|
+int main(int argc, char* argv[])
|
|
|
+{
|
|
|
+#ifdef _NO_LDAP
|
|
|
+ fprintf(stderr, "System was built with _NO_LDAP\n");
|
|
|
+ return -1;
|
|
|
+#endif
|
|
|
+
|
|
|
+ for (int x = 1; x < argc; x++)
|
|
|
+ {
|
|
|
+ if (0==strncmp("-h", argv[x], 2))
|
|
|
+ {
|
|
|
+ usage();
|
|
|
+ exit(0);
|
|
|
+ }
|
|
|
+ else
|
|
|
+ {
|
|
|
+ fprintf(stderr, "\nERROR: Unrecognized parameter : '%s', enter 'initldap -h' for help\n", argv[x]);
|
|
|
+ exit(1);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ InitModuleObjects();
|
|
|
+
|
|
|
+ //execute configgen to query the LDAP Server configuration(s)
|
|
|
+ StringBuffer cmd;
|
|
|
+ cmd.appendf("%s%cconfiggen -env %s%c%s -listldapservers", ADMIN_DIR,PATHSEPCHAR,CONFIG_DIR, PATHSEPCHAR, ENV_XML_FILE);
|
|
|
+
|
|
|
+ char * configBuffer = NULL;
|
|
|
+
|
|
|
+ //acquire LDAP configuration by executing configgen and capturing output
|
|
|
+ {
|
|
|
+ StringBuffer configBuff;
|
|
|
+ Owned<IPipeProcess> pipe = createPipeProcess();
|
|
|
+ if (pipe->run("configgen", cmd.str(), ".", false, true, true, 0))
|
|
|
+ {
|
|
|
+ Owned<ISimpleReadStream> pipeReader = pipe->getOutputStream();
|
|
|
+ const size32_t chunkSize = 8192;
|
|
|
+ for (;;)
|
|
|
+ {
|
|
|
+ size32_t sizeRead = pipeReader->read(chunkSize, configBuff.reserve(chunkSize));
|
|
|
+ if (sizeRead < chunkSize)
|
|
|
+ {
|
|
|
+ configBuff.setLength(configBuff.length() - (chunkSize - sizeRead));
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ pipe->closeOutput();
|
|
|
+ }
|
|
|
+ int retcode = pipe->wait();
|
|
|
+ if (retcode)
|
|
|
+ {
|
|
|
+ fprintf(stderr, "\nERROR %d: unable to execute %s", retcode, cmd.str());
|
|
|
+ exit(1);
|
|
|
+ }
|
|
|
+ configBuffer = strdup(configBuff.str());
|
|
|
+ }
|
|
|
+
|
|
|
+ //Using the LDAP Server parms queried from configgen, build an
|
|
|
+ //LDAPSecurity property tree for each LDAP Server and call the LDAP
|
|
|
+ //Security Manager to create the needed entries
|
|
|
+ Owned<IPropertyTree> ldapProps;
|
|
|
+ char *saveptr;
|
|
|
+ char * pLine = strtok_r(configBuffer, "\n", &saveptr);
|
|
|
+ while (pLine)
|
|
|
+ {
|
|
|
+ if (pLine && 0==strcmp(pLine, "LDAPServerProcess"))
|
|
|
+ {
|
|
|
+ if (ldapProps)
|
|
|
+ initLDAP(ldapProps);
|
|
|
+ ldapProps.clear();
|
|
|
+ ldapProps.setown(createPTree("ldapSecurity"));
|
|
|
+ }
|
|
|
+ else
|
|
|
+ {
|
|
|
+ char * sep = strchr(pLine, ',');
|
|
|
+ if (sep)
|
|
|
+ {
|
|
|
+ *sep = (char)NULL;
|
|
|
+ ldapProps->addProp(pLine, sep+1);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ pLine = strtok_r(NULL, "\n", &saveptr);
|
|
|
+ }
|
|
|
+ if (ldapProps)
|
|
|
+ initLDAP(ldapProps);
|
|
|
+ if (configBuffer)
|
|
|
+ free(configBuffer);
|
|
|
+ ldapProps.clear();
|
|
|
+
|
|
|
+ releaseAtoms();
|
|
|
+ return 0;
|
|
|
+}
|
William Whitehead