//----------------------------------------------------- // //----------------------------------------------------- bool initLDAP(IPropertyTree * ldapProps) { StringAttr serverType( ldapProps->queryProp("@serverType") ); if (!serverType.length()) { fprintf(stderr, "\nERROR: serverType not set in LDAPServer component"); return false; } StringBuffer hpccUser; StringBuffer hpccPwd; ldapProps->getProp("@systemUser", hpccUser); ldapProps->getProp("@systemPassword", hpccPwd); if (0==hpccUser.length() || 0==hpccPwd.length()) { fprintf(stderr, "\nERROR: HPCC systemUser credentials not found in configuration"); return false; } StringBuffer ldapAddress; ldapProps->getProp("@ldapAddress", ldapAddress); //Get LDAP admin creds from user char buff[100]; fprintf(stdout, "\nEnter the '%s' LDAP Admin User name on '%s'...",serverType.get(),ldapAddress.str()); do { char * line = fgets(buff, sizeof(buff), stdin); if (!line) return false; } while (buff[0] == (char)'\n'); if (buff[strlen(buff)-1] == '\n') buff[strlen(buff)-1] = (char)NULL; StringAttr ldapUser(buff); fprintf(stdout, "Enter the LDAP Admin user '%s' password...",ldapUser.get()); char * line = fgets(buff, sizeof(buff), stdin); if (!line) return false; if (buff[strlen(buff)-1] == '\n') buff[strlen(buff)-1] = (char)NULL; StringAttr ldapPwd(buff); if (0==ldapUser.length() || 0==ldapPwd.length()) { fprintf(stderr, "\nERROR: Invalid LDAP Admin account credentials entered"); return false; } fprintf(stdout, "\nReady to initialize HPCC LDAP Environment, using the following settings"); fprintf(stdout, "\n\tLDAP Server : %s", ldapAddress.str()); fprintf(stdout, "\n\tLDAP Type : %s", serverType.get()); fprintf(stdout, "\n\tHPCC Admin User : %s", hpccUser.str()); fprintf(stdout, "\nProceed? y/n "); for (;;) { int c = getchar(); if (c == 'y' || c == 'Y') break; else if (c == 'n' || c == 'N') return true; } if (stricmp(serverType.get(),"ActiveDirectory")) ldapProps->setProp("@systemBasedn", ""); //Replace system user with LDAP Admin credentials ldapProps->setProp("@systemUser", ldapUser); ldapProps->setProp("@systemCommonName", ldapUser); StringBuffer sb; encrypt(sb,ldapPwd); ldapProps->setProp("@systemPassword", sb.str()); //Create security manager. This creates the required OUs Owned<ISecManager> secMgr; try { secMgr.setown(newLdapSecManager("initldap", *LINK(ldapProps))); } catch(IException *e) { StringBuffer buff; e->errorMessage(buff); e->Release(); fprintf(stderr, "\nERROR: Unable to create security manager : %s", buff.str()); return false; } //Create HPCC Admin user Owned<ISecUser> user = secMgr->createUser(hpccUser.str()); StringBuffer pwd; decrypt(pwd, hpccPwd.str()); user->credentials().setPassword(pwd.str()); try { secMgr->addUser(*user.get()); } catch(...) {}//user may already exist, so just move on //Add HPCC admin user to Administrators group CLdapSecManager* ldapSecMgr = dynamic_cast<CLdapSecManager*>(secMgr.get()); if (!ldapSecMgr) { fprintf(stderr, "\nERROR: Unable to access CLdapSecManager object"); return false; } StringAttr adminGroup; bool isActiveDir = true; if (0 == stricmp(serverType.get(),"ActiveDirectory")) adminGroup.set("Administrators"); else adminGroup.set("Directory Administrators"); try { ldapSecMgr->changeUserGroup("add", hpccUser.str(), adminGroup); } catch(...) {}//user may already be in group so just move on fprintf(stdout, "\n\nLDAP Initialization successful\n"); return true; }
int main(int argc, char* argv[]) { if(argc < 2) { usage(); return -1; } InitModuleObjects(); const char *action = NULL, *configfile = NULL, *username = NULL, *passwd = NULL, *resource = NULL, *resourcetype = NULL, *newpasswd = NULL, *firstname = NULL, *lastname=NULL; bool stress = false; int numthrds = 0; int numrounds = 0; int numfiles = 0; int i = 1; while(i<argc) { if (stricmp(argv[i], "-ac")==0 || stricmp(argv[i], "-au") == 0 || stricmp(argv[i], "-ar") == 0|| stricmp(argv[i], "-cp") == 0) { action = argv[i++]; } else if (stricmp(argv[i], "-c")==0) { i++; configfile = argv[i++]; } else if (stricmp(argv[i],"-u")==0) { i++; username = argv[i++]; } else if (stricmp(argv[i], "-p")==0) { i++; passwd = argv[i++]; } else if (stricmp(argv[i], "-r")==0) { i++; resource = argv[i++]; } else if (stricmp(argv[i], "-t") == 0) { i++; resourcetype = argv[i++]; } else if (stricmp(argv[i], "-np") == 0) { i++; newpasswd = argv[i++]; } else if (stricmp(argv[i], "-fn") == 0) { i++; firstname = argv[i++]; } else if (stricmp(argv[i], "-ln") == 0) { i++; lastname = argv[i++]; } else if (stricmp(argv[i], "-stress") == 0) { stress = true; i++; numthrds = atoi(argv[i++]); numrounds = atoi(argv[i++]); } else if (stricmp(argv[i], "-open") == 0) { i++; numfiles = atoi(argv[i++]); } else { printf("Error: command format error\n"); usage(); return -1; } } if(configfile == NULL || *configfile == '\0') { printf("You have to specify the config file"); return -1; } try { Owned<IPropertyTree> cfg = createPTreeFromXMLFile(configfile); Owned<IPropertyTree> seccfg = cfg->getPropTree(".//ldapSecurity"); if(seccfg == NULL) { printf("ldapSecurity not found\n"); return -1; } #ifdef _NO_LDAP printf("System was built with _NO_LDAP\n"); return -1; #else Owned<ISecManager> secmgr = newLdapSecManager("test", *LINK(seccfg)); if(secmgr == NULL) { printf("security manager can't be created\n"); return -1; } if(action == NULL || stricmp(action, "-ac") == 0) { if(username == NULL || *username == '\0') { printf("missing username\n"); return -1; } if(resource == NULL || *resource == '\0') { printf("missing resource\n"); return -1; } SecResourceType rtype = RT_DEFAULT; if((resourcetype != NULL) && (stricmp(resourcetype, "filescope") == 0)) rtype = RT_FILE_SCOPE; else if((resourcetype != NULL) && (stricmp(resourcetype, "workunit") == 0)) rtype = RT_WORKUNIT_SCOPE; StringBuffer passbuf; if(passwd == NULL || *passwd == '\0') { getpassword("Enter password: "******"%s's permission = %d \n", resource, access); } else { CPermissionCheckThread** thrds = new CPermissionCheckThread*[numthrds]; for(int i = 0; i < numthrds; i++) thrds[i] = new CPermissionCheckThread(secmgr, username, passwd, resource, rtype, numrounds); for(int j = 0; j < numthrds; j++) thrds[j]->start(); for(int k = 0; k < numthrds; k++) thrds[k]->join(); } } else if(stricmp(action, "-au") == 0) { if(username == NULL || *username == '\0') { printf("missing username\n"); return -1; } Owned<ISecUser> usr = secmgr->createUser(username); if(firstname != NULL) usr->setFirstName(firstname); if(lastname != NULL) usr->setLastName(lastname); usr->credentials().setPassword(passwd); bool ok = usr?secmgr->addUser(*usr):false; if(ok) printf("user %s added\n", username); else printf("user %s not added\n", username); } else if(stricmp(action, "-ar") == 0) { if(resource == NULL || *resource == '\0') { printf("missing resource\n"); return -1; } SecResourceType rtype = RT_DEFAULT; if((resourcetype != NULL) && (stricmp(resourcetype, "filescope") == 0)) rtype = RT_FILE_SCOPE; else if((resourcetype != NULL) && (stricmp(resourcetype, "workunit") == 0)) rtype = RT_WORKUNIT_SCOPE; Owned<ISecUser> usr; if(username != NULL && *username != '\0') usr.setown(secmgr->createUser(username)); bool ok = secmgr->addResourceEx(rtype, *usr, resource, PT_ADMINISTRATORS_ONLY, NULL); if(!ok) printf("resource not added\n"); else printf("resource %s added\n", resource); } else if(stricmp(action, "-cp") == 0) { if(username == NULL || *username == '\0') { printf("missing username\n"); return -1; } StringBuffer passbuf, newpassbuf; if(passwd == NULL || *passwd == '\0') { getpassword("Enter password: "******"\nEnter new password: "******"user password changed\n"); else printf("user password not changed\n"); } #endif } catch(IException* e) { StringBuffer errmsg; e->errorMessage(errmsg); printf("%s\n", errmsg.str()); } catch(...) { printf("Unknown exception\n"); } releaseAtoms(); return 0; }