Example #1
0
//-----------------------------------------------------
//
//-----------------------------------------------------
bool initLDAP(IPropertyTree * ldapProps)
{
    StringAttr serverType( ldapProps->queryProp("@serverType") );
    if (!serverType.length())
    {
        fprintf(stderr, "\nERROR: serverType not set in LDAPServer component");
        return false;
    }

    StringBuffer hpccUser;
    StringBuffer hpccPwd;
    ldapProps->getProp("@systemUser", hpccUser);
    ldapProps->getProp("@systemPassword", hpccPwd);
    if (0==hpccUser.length() || 0==hpccPwd.length())
    {
        fprintf(stderr, "\nERROR: HPCC systemUser credentials not found in configuration");
        return false;
    }

    StringBuffer ldapAddress;
    ldapProps->getProp("@ldapAddress", ldapAddress);

    //Get LDAP admin creds from user
    char buff[100];
    fprintf(stdout, "\nEnter the '%s' LDAP Admin User name on '%s'...",serverType.get(),ldapAddress.str());
    do
    {
        char * line = fgets(buff, sizeof(buff), stdin);
        if (!line)
            return false;
    }
    while (buff[0] == (char)'\n');

    if (buff[strlen(buff)-1] == '\n')
        buff[strlen(buff)-1] = (char)NULL;
    StringAttr ldapUser(buff);

    fprintf(stdout, "Enter the LDAP Admin user '%s' password...",ldapUser.get());
    char * line = fgets(buff, sizeof(buff), stdin);
    if (!line)
        return false;

    if (buff[strlen(buff)-1] == '\n')
        buff[strlen(buff)-1] = (char)NULL;
    StringAttr ldapPwd(buff);
    if (0==ldapUser.length() || 0==ldapPwd.length())
    {
        fprintf(stderr, "\nERROR: Invalid LDAP Admin account credentials entered");
        return false;
    }

    fprintf(stdout, "\nReady to initialize HPCC LDAP Environment, using the following settings");
    fprintf(stdout, "\n\tLDAP Server     : %s", ldapAddress.str());
    fprintf(stdout, "\n\tLDAP Type       : %s", serverType.get());
    fprintf(stdout, "\n\tHPCC Admin User : %s", hpccUser.str());
    fprintf(stdout, "\nProceed?  y/n ");
    for (;;)
    {
        int c = getchar();
        if (c == 'y' || c == 'Y')
            break;
        else if (c == 'n' || c == 'N')
            return true;
    }

    if (stricmp(serverType.get(),"ActiveDirectory"))
        ldapProps->setProp("@systemBasedn", "");

    //Replace system user with LDAP Admin credentials
    ldapProps->setProp("@systemUser", ldapUser);
    ldapProps->setProp("@systemCommonName", ldapUser);
    StringBuffer sb;
    encrypt(sb,ldapPwd);
    ldapProps->setProp("@systemPassword", sb.str());

    //Create security manager. This creates the required OUs
    Owned<ISecManager> secMgr;
    try
    {
        secMgr.setown(newLdapSecManager("initldap", *LINK(ldapProps)));
    }
    catch(IException *e)
    {
        StringBuffer buff;
        e->errorMessage(buff);
        e->Release();
        fprintf(stderr, "\nERROR: Unable to create security manager : %s", buff.str());
        return false;
    }

    //Create HPCC Admin user
    Owned<ISecUser> user = secMgr->createUser(hpccUser.str());
    StringBuffer pwd;
    decrypt(pwd, hpccPwd.str());
    user->credentials().setPassword(pwd.str());
    try { secMgr->addUser(*user.get()); }
    catch(...) {}//user may already exist, so just move on

    //Add HPCC admin user to Administrators group
    CLdapSecManager* ldapSecMgr = dynamic_cast<CLdapSecManager*>(secMgr.get());
    if (!ldapSecMgr)
    {
        fprintf(stderr, "\nERROR: Unable to access CLdapSecManager object");
        return false;
    }
    StringAttr adminGroup;
    bool isActiveDir = true;
    if (0 == stricmp(serverType.get(),"ActiveDirectory"))
        adminGroup.set("Administrators");
    else
        adminGroup.set("Directory Administrators");
    try { ldapSecMgr->changeUserGroup("add", hpccUser.str(), adminGroup); }
    catch(...) {}//user may already be in group so just move on

    fprintf(stdout, "\n\nLDAP Initialization successful\n");
    return true;
}
int main(int argc, char* argv[])
{
    if(argc < 2)
    {
        usage();
        return -1;
    }

    InitModuleObjects();

    const char *action = NULL, *configfile = NULL, *username = NULL, *passwd = NULL, 
        *resource = NULL, *resourcetype = NULL, *newpasswd = NULL, *firstname = NULL, *lastname=NULL;

    bool stress = false;
    int numthrds = 0;
    int numrounds = 0;
    int numfiles = 0;

    int i = 1;
    while(i<argc)
    {
        if (stricmp(argv[i], "-ac")==0 || stricmp(argv[i], "-au") == 0 || stricmp(argv[i], "-ar") == 0|| stricmp(argv[i], "-cp") == 0)
        {
            action = argv[i++];
        }
        else if (stricmp(argv[i], "-c")==0)
        {
            i++;
            configfile = argv[i++];
        }
        else if (stricmp(argv[i],"-u")==0)
        {
            i++;
            username = argv[i++];
        }
        else if (stricmp(argv[i], "-p")==0)
        {
            i++;
            passwd = argv[i++];
        }
        else if (stricmp(argv[i], "-r")==0)
        {
            i++;
            resource = argv[i++];
        }
        else if (stricmp(argv[i], "-t") == 0)
        {
            i++;
            resourcetype = argv[i++];
        }
        else if (stricmp(argv[i], "-np") == 0)
        {
            i++;
            newpasswd = argv[i++];
        }
        else if (stricmp(argv[i], "-fn") == 0)
        {
            i++;
            firstname = argv[i++];
        }
        else if (stricmp(argv[i], "-ln") == 0)
        {
            i++;
            lastname = argv[i++];
        }
        else if (stricmp(argv[i], "-stress") == 0)
        {
            stress = true;
            i++;
            numthrds = atoi(argv[i++]);
            numrounds = atoi(argv[i++]);
        }
        else if (stricmp(argv[i], "-open") == 0)
        {
            i++;
            numfiles = atoi(argv[i++]);
        }
        else
        {
            printf("Error: command format error\n");
            usage();
            return -1;
        }
    }

    if(configfile == NULL || *configfile == '\0')
    {
        printf("You have to specify the config file");
        return -1;
    }
    
    try
    {
        Owned<IPropertyTree> cfg = createPTreeFromXMLFile(configfile);
        Owned<IPropertyTree> seccfg = cfg->getPropTree(".//ldapSecurity");
        if(seccfg == NULL)
        {
            printf("ldapSecurity not found\n");
            return -1;
        }
#ifdef _NO_LDAP
        printf("System was built with _NO_LDAP\n");
        return -1;
#else
        Owned<ISecManager> secmgr = newLdapSecManager("test", *LINK(seccfg));
        if(secmgr == NULL)
        {
            printf("security manager can't be created\n");
            return -1;
        }

        if(action == NULL || stricmp(action, "-ac") == 0)
        {
            if(username == NULL || *username == '\0')
            {
                printf("missing username\n");
                return -1;
            }
            if(resource == NULL || *resource == '\0')
            {
                printf("missing resource\n");
                return -1;
            }

            SecResourceType rtype = RT_DEFAULT;
            if((resourcetype != NULL) && (stricmp(resourcetype, "filescope") == 0))
                rtype = RT_FILE_SCOPE;
            else if((resourcetype != NULL) && (stricmp(resourcetype, "workunit") == 0))
                rtype = RT_WORKUNIT_SCOPE;

            StringBuffer passbuf;
            if(passwd == NULL || *passwd == '\0')
            {
                getpassword("Enter password: ", passbuf, false);
                passwd = passbuf.str();
            }

            if(!stress)
            {
                Owned<ISecUser> usr = secmgr->createUser(username);
                usr->credentials().setPassword(passwd);
                int access = secmgr->authorizeEx(rtype, *usr, resource);
                printf("%s's permission = %d \n", resource, access);
            }
            else
            {
                CPermissionCheckThread** thrds = new CPermissionCheckThread*[numthrds];
                for(int i = 0; i < numthrds; i++)   
                    thrds[i] = new CPermissionCheckThread(secmgr, username, passwd, resource, rtype, numrounds);
                for(int j = 0; j < numthrds; j++)
                    thrds[j]->start();
                for(int k = 0; k < numthrds; k++)
                    thrds[k]->join();
            }
        }
        else if(stricmp(action, "-au") == 0)
        {
            if(username == NULL || *username == '\0')
            {
                printf("missing username\n");
                return -1;
            }

            Owned<ISecUser> usr = secmgr->createUser(username);
            if(firstname != NULL)
                usr->setFirstName(firstname);
            if(lastname != NULL)
                usr->setLastName(lastname);
            usr->credentials().setPassword(passwd);
            bool ok = usr?secmgr->addUser(*usr):false;
            if(ok)
                printf("user %s added\n", username);
            else
                printf("user %s not added\n", username);
        }
        else if(stricmp(action, "-ar") == 0)
        {
            if(resource == NULL || *resource == '\0')
            {
                printf("missing resource\n");
                return -1;
            }

            SecResourceType rtype = RT_DEFAULT;
            if((resourcetype != NULL) && (stricmp(resourcetype, "filescope") == 0))
                rtype = RT_FILE_SCOPE;
            else if((resourcetype != NULL) && (stricmp(resourcetype, "workunit") == 0))
                rtype = RT_WORKUNIT_SCOPE;

            Owned<ISecUser> usr;
            if(username != NULL && *username != '\0')
                usr.setown(secmgr->createUser(username));

            bool ok = secmgr->addResourceEx(rtype, *usr, resource, PT_ADMINISTRATORS_ONLY, NULL);
            if(!ok)
                printf("resource not added\n");
            else
                printf("resource %s added\n", resource);
        }
        else if(stricmp(action, "-cp") == 0)
        {
            if(username == NULL || *username == '\0')
            {
                printf("missing username\n");
                return -1;
            }
            StringBuffer passbuf, newpassbuf;
            if(passwd == NULL || *passwd == '\0')
            {
                getpassword("Enter password: ", passbuf, false);
                passwd = passbuf.str();
            }
            if(newpasswd == NULL || *newpasswd == '\0')
            {
                getpassword("\nEnter new password: ", newpassbuf, true);
                newpasswd = newpassbuf.str();
            }

            Owned<ISecUser> usr = secmgr->createUser(username);
            usr->credentials().setPassword(passwd);
            bool ok = secmgr->updateUserPassword(*usr, newpasswd);
            if(ok)
                printf("user password changed\n");
            else
                printf("user password not changed\n");          
        }
#endif
    }
    catch(IException* e)
    {
        StringBuffer errmsg;
        e->errorMessage(errmsg);
        printf("%s\n", errmsg.str());
    }
    catch(...)
    {
        printf("Unknown exception\n");
    }

    releaseAtoms();

    return 0;
}