diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index 8340902..02fe9c3 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -146,6 +146,8 @@ LDAPController::~LDAPController() { } void LDAPController::systemRoleChanged() { + int previousRole = m_prevRole; + if (m_base->systemRole->currentItem() != m_prevRole) { // Verify that this workstation was not already bonded to an LDAP realm! bool bonded = false; @@ -160,58 +162,72 @@ void LDAPController::systemRoleChanged() { } if (m_base->systemRole->currentItem() == ROLE_PRIMARY_REALM_CONTROLLER) { - if (bonded) { - KMessageBox::error(0, i18n("You are already bonded to a realm!

Please unbond from all realms before selecting a Realm Controller role"), i18n("Common Sense Failure")); - m_base->systemRole->setCurrentItem(m_prevRole); + if (previousRole == ROLE_SECONDARY_REALM_CONTROLLER) { + // TODO FIXME + KMessageBox::error(0, i18n("Secondary realm controller promotion is not yet available

If you want to see it implemented, contact the Trinity Desktop developers"), i18n("Feature Not Yet Available")); + m_base->systemRole->setCurrentItem(previousRole); } else { - // Something will probably change - save(); - - PrimaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this); - if (realmwizard.exec() < 0) { - // Wizard was cancelled - // Back out all changes! - m_base->systemRole->setCurrentItem(m_prevRole); - save(); + if (bonded) { + KMessageBox::error(0, i18n("You are already bonded to a realm!

Please unbond from all realms before selecting a Realm Controller role"), i18n("Common Sense Failure")); + m_base->systemRole->setCurrentItem(previousRole); } else { - // Wizard completed; commit changes + // Something will probably change save(); + + PrimaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this); + if (realmwizard.exec() < 0) { + // Wizard was cancelled + // Back out all changes! + m_base->systemRole->setCurrentItem(previousRole); + save(); + } + else { + // Wizard completed; commit changes + save(); + } + + // Something probably changed + load(); } - - // Something probably changed - load(); } } else if (m_base->systemRole->currentItem() == ROLE_SECONDARY_REALM_CONTROLLER) { - // RAJA FIXME -#if 0 +#if 1 + // TODO FIXME KMessageBox::error(0, i18n("Secondary realm controller support is not yet available

If you want to see it implemented, contact the Trinity Desktop developers"), i18n("Feature Not Yet Available")); - m_base->systemRole->setCurrentItem(m_prevRole); + m_base->systemRole->setCurrentItem(previousRole); #else - if (bonded) { - KMessageBox::error(0, i18n("You are already bonded to a realm!

Please unbond from all realms before selecting a Realm Controller role"), i18n("Common Sense Failure")); - m_base->systemRole->setCurrentItem(m_prevRole); + if (previousRole == ROLE_PRIMARY_REALM_CONTROLLER) { + // TODO FIXME + KMessageBox::error(0, i18n("Primary realm controller demotion is not yet available

If you want to see it implemented, contact the Trinity Desktop developers"), i18n("Feature Not Yet Available")); + m_base->systemRole->setCurrentItem(previousRole); } else { - // Something will probably change - save(); - - SecondaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this); - if (realmwizard.exec() < 0) { - // Wizard was cancelled - // Back out all changes! - m_base->systemRole->setCurrentItem(m_prevRole); - save(); + if (bonded) { + KMessageBox::error(0, i18n("You are already bonded to a realm!

Please unbond from all realms before selecting a Realm Controller role"), i18n("Common Sense Failure")); + m_base->systemRole->setCurrentItem(previousRole); } else { - // Wizard completed; commit changes + // Something will probably change save(); + + SecondaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this); + if (realmwizard.exec() < 0) { + // Wizard was cancelled + // Back out all changes! + m_base->systemRole->setCurrentItem(previousRole); + save(); + } + else { + // Wizard completed; commit changes + save(); + } + + // Something probably changed + load(); } - - // Something probably changed - load(); } #endif } @@ -262,7 +278,7 @@ void LDAPController::systemRoleChanged() { load(); } else { - m_base->systemRole->setCurrentItem(m_prevRole); + m_base->systemRole->setCurrentItem(previousRole); } } } @@ -1223,6 +1239,67 @@ int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQStrin // #define STRICT_SETUP 1 +int LDAPController::createNewSecondaryController(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) { + // Fortunately this is somewhat simpler than createNewLDAPRealm(...)! + ProcessingDialog pdialog(dialogparent); + pdialog.setStatusMessage(i18n("Loading data for secondary controller...")); + pdialog.raise(); + pdialog.setActiveWindow(); + tqApp->processEvents(); + + // RAJA FIXME + // Threading would be a good idea here, to keep the GUI responsive while the backend code works + + // Reset improperly uninitialized variables + realmconfig.bonded = true; + + // Find the templates + TQString templateDir = locate("data", "kcmldapcontroller/skel/heimdal/heimdal.defaults"); + templateDir.replace("heimdal/heimdal.defaults", ""); + if (templateDir == "") { + if (errstr) *errstr = i18n("Unable to locate required template files"); + pdialog.closeDialog(); + return -1; + } + + KTempDir configTempDir; + configTempDir.setAutoDelete(true); + TQString destDir = "/etc/"; + + pdialog.setStatusMessage(i18n("Stopping servers...")); + + // Stop SASL + if (controlSASLServer(SC_STOP) != 0) { +#ifdef STRICT_SETUP + if (errstr) *errstr = i18n("Unable to stop SASL server"); + pdialog.closeDialog(); + return -1; +#endif // STRICT_SETUP + } + // Stop Heimdal + if (controlHeimdalServer(SC_STOP) != 0) { +#ifdef STRICT_SETUP + if (errstr) *errstr = i18n("Unable to stop Kerberos server"); + pdialog.closeDialog(); + return -1; +#endif // STRICT_SETUP + } + // Stop slapd + if (controlLDAPServer(SC_STOP) != 0) { +#ifdef STRICT_SETUP + if (errstr) *errstr = i18n("Unable to stop LDAP server"); + pdialog.closeDialog(); + return -1; +#endif // STRICT_SETUP + } + + // RAJA FIXME + // 1.) Fetch CA private/public certificates from master LDAP server, save them, and also use the public certificate to fill a certificate information structure + // 2.) Bond machine to Kerberos + // 3.) Set up LDAP replication + // 4.) Point local Kerberos and SASL instances to this LDAP server +} + int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) { int ldifSchemaNumber; diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h index 9f5e504..6aed18d 100644 --- a/src/ldapcontroller.h +++ b/src/ldapcontroller.h @@ -61,6 +61,7 @@ class LDAPController: public KCModule public: int createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr); + int createNewSecondaryController(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr); private slots: void systemRoleChanged(); diff --git a/src/secondaryrealmwizard/realmfinishpage.cpp b/src/secondaryrealmwizard/realmfinishpage.cpp index 27c09df..e0a1047 100644 --- a/src/secondaryrealmwizard/realmfinishpage.cpp +++ b/src/secondaryrealmwizard/realmfinishpage.cpp @@ -43,9 +43,6 @@ SecondaryRealmFinishPage::SecondaryRealmFinishPage(TQWidget *parent, const char px_introSidebar->setPixmap(UserIcon("step3.png")); connect(ldapAdminUsername, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); - connect(ldapAdminGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); - connect(ldapMachineAdminGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); - connect(ldapStandardUserGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); m_parentWizard = dynamic_cast(parent); m_parentDialog = dynamic_cast(parent); @@ -57,7 +54,7 @@ SecondaryRealmFinishPage::~SecondaryRealmFinishPage(){ void SecondaryRealmFinishPage::validateEntries() { if (m_parentWizard) { - if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "") && (ldapMachineAdminGroupname->text() != "") && (ldapStandardUserGroupname->text() != "")) { + if (ldapAdminUsername->text() != "") { m_parentWizard->finishButton()->setEnabled(true); } else { @@ -65,7 +62,7 @@ void SecondaryRealmFinishPage::validateEntries() { } } if (m_parentDialog) { - if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "") && (ldapMachineAdminGroupname->text() != "") && (ldapStandardUserGroupname->text() != "")) { + if (ldapAdminUsername->text() != "") { m_parentDialog->enableButton(KDialogBase::Ok, true); } else { diff --git a/src/secondaryrealmwizard/realmfinishpagedlg.ui b/src/secondaryrealmwizard/realmfinishpagedlg.ui index 4d93234..487731f 100644 --- a/src/secondaryrealmwizard/realmfinishpagedlg.ui +++ b/src/secondaryrealmwizard/realmfinishpagedlg.ui @@ -52,7 +52,7 @@ passprompt - Please provide new LDAP realm administrator credentials below to finish setup + Please provide realm administrator credentials below to finish setup @@ -82,58 +82,6 @@ - - unnamed - - - Confirm Password - - - - - ldapConfirmAdminPassword - - - - - unnamed - - - Realm Administration Group - - - - - ldapAdminGroupname - - - - - unnamed - - - Machine Administration Group - - - - - ldapMachineAdminGroupname - - - - - unnamed - - - Standard User Group - - - - - ldapStandardUserGroupname - - - unnamed @@ -141,7 +89,7 @@ LDAP Realm - + ldapAdminRealm diff --git a/src/secondaryrealmwizard/realmintropagedlg.ui b/src/secondaryrealmwizard/realmintropagedlg.ui index 59774ae..89d6263 100644 --- a/src/secondaryrealmwizard/realmintropagedlg.ui +++ b/src/secondaryrealmwizard/realmintropagedlg.ui @@ -52,7 +52,7 @@ txt_welcome - <h3>Welcome to the TDE LDAP Realm Setup Wizard!</h3> + <h3>Welcome to the TDE Secondary Realm Controller Setup Wizard!</h3> @@ -68,7 +68,7 @@ - <p>This Wizard will help you create a new LDAP realm in four quick, easy steps.</p> + <p>This Wizard will help you create a new secondary realm controller in three quick, easy steps.</p> <p>Please note that this Wizard will overwrite any existing LDAP realms and data.</p> <p>If you wish to quit the Wizard, click <b>Cancel</b> at any time.</p> <p><b>NOTE:</b> Kerberos and LDAP rely heavily on proper DNS resolution in order to function correctly. Therefore, you must have functional forward and reverse DNS entries for this system in order to complete this Wizard.</p> diff --git a/src/secondaryrealmwizard/secondaryrealmwizard.cpp b/src/secondaryrealmwizard/secondaryrealmwizard.cpp index ef37f04..ec5f470 100644 --- a/src/secondaryrealmwizard/secondaryrealmwizard.cpp +++ b/src/secondaryrealmwizard/secondaryrealmwizard.cpp @@ -63,23 +63,19 @@ SecondaryRealmWizard::SecondaryRealmWizard(LDAPController* controller, TQString fqdn, LDAPCertConfig certinfo, TQWidget *parent, const char *name) : KWizard(parent, name, true), m_controller(controller), m_fqdn(fqdn), m_certconfig(certinfo) { - setCaption(i18n("LDAP Realm Wizard")); + setCaption(i18n("Secondary Realm Controller Wizard")); intropage = new SecondaryRealmIntroPage(this); addPage (intropage, i18n( "Step 1: Introduction" ) ); setHelpEnabled(TQWizard::page(0), false); realmpage = new SecondaryRealmConfigPage(this); - addPage (realmpage, i18n( "Step 2: Set Up New Realm" ) ); + addPage (realmpage, i18n( "Step 2: Gather Realm Information" ) ); setHelpEnabled(TQWizard::page(1), false); - certpage = new SecondaryCertConfigPage(this); - addPage (certpage, i18n( "Step 3: Set Up Certificates" ) ); - setHelpEnabled(TQWizard::page(2), false); - finishpage = new SecondaryRealmFinishPage(this); - addPage (finishpage, i18n( "Step 4: Initialize New Realm" ) ); - setHelpEnabled(TQWizard::page(3), false); + addPage (finishpage, i18n( "Step 3: Initialize New Realm Controller" ) ); + setHelpEnabled(TQWizard::page(2), false); // Set up some defaults realmpage->txtKDCPort->setValue(88); @@ -96,19 +92,6 @@ SecondaryRealmWizard::SecondaryRealmWizard(LDAPController* controller, TQString realmpage->txtKDC->setText(m_fqdn); realmpage->txtAdminServer->setText(m_fqdn); realmpage->realmNameChanged(); - certpage->generateKeysEnabled->setChecked(true); - finishpage->ldapAdminGroupname->setText("realmadmins"); - finishpage->ldapMachineAdminGroupname->setText("machineadmins"); - finishpage->ldapStandardUserGroupname->setText("standardusers"); - - // Load certificate info - certpage->organizationName->setText(m_certconfig.organizationName); - certpage->orgUnitName->setText(m_certconfig.orgUnitName); - certpage->commonName->setText(m_certconfig.commonName); - certpage->localityName->setText(m_certconfig.localityName); - certpage->stateOrProvinceName->setText(m_certconfig.stateOrProvinceName); - certpage->countryName->setText(m_certconfig.countryName); - certpage->emailAddress->setText(m_certconfig.emailAddress); // Other setup finishpage->ldapAdminRealm->setEnabled(false); @@ -116,7 +99,7 @@ SecondaryRealmWizard::SecondaryRealmWizard(LDAPController* controller, TQString // Kerberos won't work unless the DNS suffix matches the realm name realmpage->txtRealmName->setEnabled(false); - setFinishEnabled(TQWizard::page(3), true); + setFinishEnabled(TQWizard::page(2), true); setPosition(); } @@ -147,73 +130,6 @@ void SecondaryRealmWizard::next() { m_realmconfig.win2k_pkinit_require_binding = realmpage->checkWin2kPkinitRequireBinding->isChecked(); finishpage->ldapAdminRealm->setText(realmpage->txtRealmName->text()); - TQWizard::next(); - certpage->processLockouts(); - certpage->validateEntries(); - } - else if (currentPage()==certpage) { - // Save certificate information - m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn(); - m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url(); - m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url(); - m_certconfig.provided_kerberos_crt = certpage->kerberosCRT->url(); - m_certconfig.provided_kerberos_key = certpage->kerberosKEY->url(); - m_certconfig.provided_ldap_crt = certpage->ldapCRT->url(); - m_certconfig.provided_ldap_key = certpage->ldapKEY->url(); - if (m_certconfig.generate_certs) { - m_certconfig.organizationName = certpage->organizationName->text(); - m_certconfig.orgUnitName = certpage->orgUnitName->text(); - m_certconfig.commonName = certpage->commonName->text(); - m_certconfig.localityName = certpage->localityName->text(); - m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text(); - m_certconfig.countryName = certpage->countryName->text(); - m_certconfig.emailAddress = certpage->emailAddress->text(); - } - else { - // If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate - // If this is not done, the automatic certificate updater will fail! - TQFile file(m_certconfig.provided_kerberos_pem); - if (file.open(IO_ReadOnly)) { - TQByteArray ba = file.readAll(); - file.close(); - - TQCString ssldata(ba); - ssldata.replace("-----BEGIN CERTIFICATE-----", ""); - ssldata.replace("-----END CERTIFICATE-----", ""); - ssldata.replace("\n", ""); - KSSLCertificate* cert = KSSLCertificate::fromString(ssldata); - if (cert) { - TQString subj = cert->getSubject(); - TQStringList subjList = TQStringList::split("/", subj, false); - for (TQStringList::Iterator it = subjList.begin(); it != subjList.end(); ++it) { - TQStringList kvPair = TQStringList::split("=", *it, false); - if (kvPair[0] == "O") { - m_certconfig.organizationName = kvPair[1]; - } - else if (kvPair[0] == "OU") { - m_certconfig.orgUnitName = kvPair[1]; - } - else if (kvPair[0] == "CN") { - m_certconfig.commonName = kvPair[1]; - } - else if (kvPair[0] == "L") { - m_certconfig.localityName = kvPair[1]; - } - else if (kvPair[0] == "ST") { - m_certconfig.stateOrProvinceName = kvPair[1]; - } - else if (kvPair[0] == "C") { - m_certconfig.countryName = kvPair[1]; - } - else if (kvPair[0] == "emailAddress") { - m_certconfig.emailAddress = kvPair[1]; - } - } - delete cert; - } - } - } - TQWizard::next(); finishpage->validateEntries(); } @@ -237,12 +153,12 @@ bool SecondaryRealmWizard::askClose(){ } else { if ((currentPage()==certpage) || (currentPage()==finishpage)) { - text = i18n("

Are you sure you want to quit the LDAP Realm Wizard?

" + text = i18n("

Are you sure you want to quit the Secondary Realm Controller Wizard?

" "

If yes, click Quit and all changes will be lost." "
If not, click Cancel to return and finish your setup.

"); } else { - text = i18n("

Are you sure you want to quit the LDAP Realm Wizard?

" + text = i18n("

Are you sure you want to quit the Secondary Realm Controller Wizard?

" "

If not, click Cancel to return and finish setup.

"); } int status = KMessageBox::warningContinueCancel(this, text, i18n("All Changes Will Be Lost"), KStdGuiItem::quit()); @@ -275,12 +191,8 @@ void SecondaryRealmWizard::closeEvent(TQCloseEvent* e){ /** maybe call a dialog that the wizard has finished. */ void SecondaryRealmWizard::accept() { // Validate entries - if (TQString(finishpage->ldapAdminPassword->password()) != TQString(finishpage->ldapConfirmAdminPassword->password())) { - KMessageBox::error(this, i18n("Passwords do not match!

Please re-enter the new administration account password"), i18n("Input Error")); - return; - } if (TQString(finishpage->ldapAdminPassword->password()) == "") { - KMessageBox::error(this, i18n("Password required!

Please enter the new administration account password"), i18n("Input Error")); + KMessageBox::error(this, i18n("Password required!

Please enter the administration account password"), i18n("Input Error")); return; } @@ -293,11 +205,11 @@ void SecondaryRealmWizard::accept() { nextButton()->setEnabled(false); finishButton()->setEnabled(false); cancelButton()->setEnabled(false); - if (m_controller->createNewLDAPRealm(this, m_realmconfig, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminGroupname->text(), finishpage->ldapMachineAdminGroupname->text(), finishpage->ldapStandardUserGroupname->text(), finishpage->ldapAdminPassword->password(), "admin", finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), m_certconfig, &errorString) == 0) { + if (m_controller->createNewSecondaryController(this, m_realmconfig, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), &errorString) == 0) { done(0); } else { - KMessageBox::error(this, i18n("Unable to create new realm!

Details: %1").arg(errorString), i18n("Unable to create new realm")); + KMessageBox::error(this, i18n("Unable to add new secondary realm controller!

Details: %1").arg(errorString), i18n("Unable to add new secondary realm controller")); } backButton()->setEnabled(true);