TDE
/
kcmldapcontroller
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/kcmldapcontroller
0
0
Fork 0
Code Issues Releases Wiki Activity

Add skeleton for secondary realm controller and fix wizard

Browse Source
pull/1/head
Timothy Pearson 12 years ago
parent e2d9b461c3
commit ccfa240cc2
6 changed files with 130 additions and 195 deletions
Show Stats Download Patch File Download Diff File

149
src/ldapcontroller.cpp
Unescape View File

@ -146,6 +146,8 @@ LDAPController::~LDAPController() {
}
void LDAPController::systemRoleChanged() {
int previousRole = m_prevRole;
if (m_base->systemRole->currentItem() != m_prevRole) {
// Verify that this workstation was not already bonded to an LDAP realm!
bool bonded = false;
@ -160,58 +162,72 @@ void LDAPController::systemRoleChanged() {
}
if (m_base->systemRole->currentItem() == ROLE_PRIMARY_REALM_CONTROLLER) {
if (bonded) {
KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure"));
m_base->systemRole->setCurrentItem(m_prevRole);
if (previousRole == ROLE_SECONDARY_REALM_CONTROLLER) {
// TODO FIXME
KMessageBox::error(0, i18n("<qt>Secondary realm controller promotion is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available"));
m_base->systemRole->setCurrentItem(previousRole);
}
else {
// Something will probably change
save();
PrimaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this);
if (realmwizard.exec() < 0) {
// Wizard was cancelled
// Back out all changes!
m_base->systemRole->setCurrentItem(m_prevRole);
save();
if (bonded) {
KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure"));
m_base->systemRole->setCurrentItem(previousRole);
}
else {
// Wizard completed; commit changes
// Something will probably change
save();
PrimaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this);
if (realmwizard.exec() < 0) {
// Wizard was cancelled
// Back out all changes!
m_base->systemRole->setCurrentItem(previousRole);
save();
}
else {
// Wizard completed; commit changes
save();
}
// Something probably changed
load();
}
// Something probably changed
load();
}
}
else if (m_base->systemRole->currentItem() == ROLE_SECONDARY_REALM_CONTROLLER) {
// RAJA FIXME
#if 0
#if 1
// TODO FIXME
KMessageBox::error(0, i18n("<qt>Secondary realm controller support is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available"));
m_base->systemRole->setCurrentItem(m_prevRole);
m_base->systemRole->setCurrentItem(previousRole);
#else
if (bonded) {
KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure"));
m_base->systemRole->setCurrentItem(m_prevRole);
if (previousRole == ROLE_PRIMARY_REALM_CONTROLLER) {
// TODO FIXME
KMessageBox::error(0, i18n("<qt>Primary realm controller demotion is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available"));
m_base->systemRole->setCurrentItem(previousRole);
}
else {
// Something will probably change
save();
SecondaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this);
if (realmwizard.exec() < 0) {
// Wizard was cancelled
// Back out all changes!
m_base->systemRole->setCurrentItem(m_prevRole);
save();
if (bonded) {
KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure"));
m_base->systemRole->setCurrentItem(previousRole);
}
else {
// Wizard completed; commit changes
// Something will probably change
save();
SecondaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this);
if (realmwizard.exec() < 0) {
// Wizard was cancelled
// Back out all changes!
m_base->systemRole->setCurrentItem(previousRole);
save();
}
else {
// Wizard completed; commit changes
save();
}
// Something probably changed
load();
}
// Something probably changed
load();
}
#endif
}
@ -262,7 +278,7 @@ void LDAPController::systemRoleChanged() {
load();
}
else {
m_base->systemRole->setCurrentItem(m_prevRole);
m_base->systemRole->setCurrentItem(previousRole);
}
}
}
@ -1223,6 +1239,67 @@ int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQStrin
// #define STRICT_SETUP 1
int LDAPController::createNewSecondaryController(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
// Fortunately this is somewhat simpler than createNewLDAPRealm(...)!
ProcessingDialog pdialog(dialogparent);
pdialog.setStatusMessage(i18n("Loading data for secondary controller..."));
pdialog.raise();
pdialog.setActiveWindow();
tqApp->processEvents();
// RAJA FIXME
// Threading would be a good idea here, to keep the GUI responsive while the backend code works
// Reset improperly uninitialized variables
realmconfig.bonded = true;
// Find the templates
TQString templateDir = locate("data", "kcmldapcontroller/skel/heimdal/heimdal.defaults");
templateDir.replace("heimdal/heimdal.defaults", "");
if (templateDir == "") {
if (errstr) *errstr = i18n("Unable to locate required template files");
pdialog.closeDialog();
return -1;
}
KTempDir configTempDir;
configTempDir.setAutoDelete(true);
TQString destDir = "/etc/";
pdialog.setStatusMessage(i18n("Stopping servers..."));
// Stop SASL
if (controlSASLServer(SC_STOP) != 0) {
#ifdef STRICT_SETUP
if (errstr) *errstr = i18n("Unable to stop SASL server");
pdialog.closeDialog();
return -1;
#endif // STRICT_SETUP
}
// Stop Heimdal
if (controlHeimdalServer(SC_STOP) != 0) {
#ifdef STRICT_SETUP
if (errstr) *errstr = i18n("Unable to stop Kerberos server");
pdialog.closeDialog();
return -1;
#endif // STRICT_SETUP
}
// Stop slapd
if (controlLDAPServer(SC_STOP) != 0) {
#ifdef STRICT_SETUP
if (errstr) *errstr = i18n("Unable to stop LDAP server");
pdialog.closeDialog();
return -1;
#endif // STRICT_SETUP
}
// RAJA FIXME
// 1.) Fetch CA private/public certificates from master LDAP server, save them, and also use the public certificate to fill a certificate information structure
// 2.) Bond machine to Kerberos
// 3.) Set up LDAP replication
// 4.) Point local Kerberos and SASL instances to this LDAP server
}
int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) {
int ldifSchemaNumber;

1
src/ldapcontroller.h
Unescape View File

@ -61,6 +61,7 @@ class LDAPController: public KCModule
public:
int createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr);
int createNewSecondaryController(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr);
private slots:
void systemRoleChanged();

7
src/secondaryrealmwizard/realmfinishpage.cpp
Unescape View File

@ -43,9 +43,6 @@ SecondaryRealmFinishPage::SecondaryRealmFinishPage(TQWidget *parent, const char
px_introSidebar->setPixmap(UserIcon("step3.png"));
connect(ldapAdminUsername, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries()));
connect(ldapAdminGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries()));
connect(ldapMachineAdminGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries()));
connect(ldapStandardUserGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries()));
m_parentWizard = dynamic_cast<KWizard*>(parent);
m_parentDialog = dynamic_cast<KDialogBase*>(parent);
@ -57,7 +54,7 @@ SecondaryRealmFinishPage::~SecondaryRealmFinishPage(){
void SecondaryRealmFinishPage::validateEntries() {
if (m_parentWizard) {
if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "") && (ldapMachineAdminGroupname->text() != "") && (ldapStandardUserGroupname->text() != "")) {
if (ldapAdminUsername->text() != "") {
m_parentWizard->finishButton()->setEnabled(true);
}
else {
@ -65,7 +62,7 @@ void SecondaryRealmFinishPage::validateEntries() {
}
}
if (m_parentDialog) {
if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "") && (ldapMachineAdminGroupname->text() != "") && (ldapStandardUserGroupname->text() != "")) {
if (ldapAdminUsername->text() != "") {
m_parentDialog->enableButton(KDialogBase::Ok, true);
}
else {

56
src/secondaryrealmwizard/realmfinishpagedlg.ui
Unescape View File

@ -52,7 +52,7 @@
<cstring>passprompt</cstring>
</property>
<property name="text">
<string>Please provide new LDAP realm administrator credentials below to finish setup</string>
<string>Please provide realm administrator credentials below to finish setup</string>
</property>
</widget>
<widget class="TQLabel" row="2" column="1">
@ -82,58 +82,6 @@
</property>
</widget>
<widget class="TQLabel" row="4" column="1">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Confirm Password</string>
</property>
</widget>
<widget class="KPasswordEdit" row="4" column="2">
<property name="name">
<cstring>ldapConfirmAdminPassword</cstring>
</property>
</widget>
<widget class="TQLabel" row="5" column="1">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Realm Administration Group</string>
</property>
</widget>
<widget class="KLineEdit" row="5" column="2">
<property name="name">
<cstring>ldapAdminGroupname</cstring>
</property>
</widget>
<widget class="TQLabel" row="6" column="1">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Machine Administration Group</string>
</property>
</widget>
<widget class="KLineEdit" row="6" column="2">
<property name="name">
<cstring>ldapMachineAdminGroupname</cstring>
</property>
</widget>
<widget class="TQLabel" row="7" column="1">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Standard User Group</string>
</property>
</widget>
<widget class="KLineEdit" row="7" column="2">
<property name="name">
<cstring>ldapStandardUserGroupname</cstring>
</property>
</widget>
<widget class="TQLabel" row="8" column="1">
<property name="name">
<cstring>unnamed</cstring>
</property>
@ -141,7 +89,7 @@
<string>LDAP Realm</string>
</property>
</widget>
<widget class="KLineEdit" row="8" column="2">
<widget class="KLineEdit" row="4" column="2">
<property name="name">
<cstring>ldapAdminRealm</cstring>
</property>

4
src/secondaryrealmwizard/realmintropagedlg.ui
Unescape View File

@ -52,7 +52,7 @@
<cstring>txt_welcome</cstring>
</property>
<property name="text">
<string>&lt;h3&gt;Welcome to the TDE LDAP Realm Setup Wizard!&lt;/h3&gt;</string>
<string>&lt;h3&gt;Welcome to the TDE Secondary Realm Controller Setup Wizard!&lt;/h3&gt;</string>
</property>
</widget>
<widget class="TQLabel" row="1" column="1">
@ -68,7 +68,7 @@
</sizepolicy>
</property>
<property name="text">
<string>&lt;p&gt;This Wizard will help you create a new LDAP realm in four quick, easy steps.&lt;/p&gt;
<string>&lt;p&gt;This Wizard will help you create a new secondary realm controller in three quick, easy steps.&lt;/p&gt;
&lt;p&gt;Please note that this Wizard will overwrite any existing LDAP realms and data.&lt;/p&gt;
&lt;p&gt;If you wish to quit the Wizard, click &lt;b&gt;Cancel&lt;/b&gt; at any time.&lt;/p&gt;
&lt;p&gt;&lt;b&gt;NOTE:&lt;/b&gt; Kerberos and LDAP rely heavily on proper DNS resolution in order to function correctly. Therefore, you must have functional forward and reverse DNS entries for this system in order to complete this Wizard.&lt;/p&gt;</string>

108
src/secondaryrealmwizard/secondaryrealmwizard.cpp
Unescape View File

@ -63,23 +63,19 @@
SecondaryRealmWizard::SecondaryRealmWizard(LDAPController* controller, TQString fqdn, LDAPCertConfig certinfo, TQWidget *parent, const char *name)
: KWizard(parent, name, true), m_controller(controller), m_fqdn(fqdn), m_certconfig(certinfo) {
setCaption(i18n("LDAP Realm Wizard"));
setCaption(i18n("Secondary Realm Controller Wizard"));
intropage = new SecondaryRealmIntroPage(this);
addPage (intropage, i18n( "Step 1: Introduction" ) );
setHelpEnabled(TQWizard::page(0), false);
realmpage = new SecondaryRealmConfigPage(this);
addPage (realmpage, i18n( "Step 2: Set Up New Realm" ) );
addPage (realmpage, i18n( "Step 2: Gather Realm Information" ) );
setHelpEnabled(TQWizard::page(1), false);
certpage = new SecondaryCertConfigPage(this);
addPage (certpage, i18n( "Step 3: Set Up Certificates" ) );
setHelpEnabled(TQWizard::page(2), false);
finishpage = new SecondaryRealmFinishPage(this);
addPage (finishpage, i18n( "Step 4: Initialize New Realm" ) );
setHelpEnabled(TQWizard::page(3), false);
addPage (finishpage, i18n( "Step 3: Initialize New Realm Controller" ) );
setHelpEnabled(TQWizard::page(2), false);
// Set up some defaults
realmpage->txtKDCPort->setValue(88);
@ -96,19 +92,6 @@ SecondaryRealmWizard::SecondaryRealmWizard(LDAPController* controller, TQString
realmpage->txtKDC->setText(m_fqdn);
realmpage->txtAdminServer->setText(m_fqdn);
realmpage->realmNameChanged();
certpage->generateKeysEnabled->setChecked(true);
finishpage->ldapAdminGroupname->setText("realmadmins");
finishpage->ldapMachineAdminGroupname->setText("machineadmins");
finishpage->ldapStandardUserGroupname->setText("standardusers");
// Load certificate info
certpage->organizationName->setText(m_certconfig.organizationName);
certpage->orgUnitName->setText(m_certconfig.orgUnitName);
certpage->commonName->setText(m_certconfig.commonName);
certpage->localityName->setText(m_certconfig.localityName);
certpage->stateOrProvinceName->setText(m_certconfig.stateOrProvinceName);
certpage->countryName->setText(m_certconfig.countryName);
certpage->emailAddress->setText(m_certconfig.emailAddress);
// Other setup
finishpage->ldapAdminRealm->setEnabled(false);
@ -116,7 +99,7 @@ SecondaryRealmWizard::SecondaryRealmWizard(LDAPController* controller, TQString
// Kerberos won't work unless the DNS suffix matches the realm name
realmpage->txtRealmName->setEnabled(false);
setFinishEnabled(TQWizard::page(3), true);
setFinishEnabled(TQWizard::page(2), true);
setPosition();
}
@ -147,73 +130,6 @@ void SecondaryRealmWizard::next() {
m_realmconfig.win2k_pkinit_require_binding = realmpage->checkWin2kPkinitRequireBinding->isChecked();
finishpage->ldapAdminRealm->setText(realmpage->txtRealmName->text());
TQWizard::next();
certpage->processLockouts();
certpage->validateEntries();
}
else if (currentPage()==certpage) {
// Save certificate information
m_certconfig.generate_certs = certpage->generateKeysEnabled->isOn();
m_certconfig.provided_kerberos_pem = certpage->kerberosPEM->url();
m_certconfig.provided_kerberos_pemkey = certpage->kerberosPEMKEY->url();
m_certconfig.provided_kerberos_crt = certpage->kerberosCRT->url();
m_certconfig.provided_kerberos_key = certpage->kerberosKEY->url();
m_certconfig.provided_ldap_crt = certpage->ldapCRT->url();
m_certconfig.provided_ldap_key = certpage->ldapKEY->url();
if (m_certconfig.generate_certs) {
m_certconfig.organizationName = certpage->organizationName->text();
m_certconfig.orgUnitName = certpage->orgUnitName->text();
m_certconfig.commonName = certpage->commonName->text();
m_certconfig.localityName = certpage->localityName->text();
m_certconfig.stateOrProvinceName = certpage->stateOrProvinceName->text();
m_certconfig.countryName = certpage->countryName->text();
m_certconfig.emailAddress = certpage->emailAddress->text();
}
else {
// If generate_certs == false, we need to load m_certconfig structure with data from the provided certificate
// If this is not done, the automatic certificate updater will fail!
TQFile file(m_certconfig.provided_kerberos_pem);
if (file.open(IO_ReadOnly)) {
TQByteArray ba = file.readAll();
file.close();
TQCString ssldata(ba);
ssldata.replace("-----BEGIN CERTIFICATE-----", "");
ssldata.replace("-----END CERTIFICATE-----", "");
ssldata.replace("\n", "");
KSSLCertificate* cert = KSSLCertificate::fromString(ssldata);
if (cert) {
TQString subj = cert->getSubject();
TQStringList subjList = TQStringList::split("/", subj, false);
for (TQStringList::Iterator it = subjList.begin(); it != subjList.end(); ++it) {
TQStringList kvPair = TQStringList::split("=", *it, false);
if (kvPair[0] == "O") {
m_certconfig.organizationName = kvPair[1];
}
else if (kvPair[0] == "OU") {
m_certconfig.orgUnitName = kvPair[1];
}
else if (kvPair[0] == "CN") {
m_certconfig.commonName = kvPair[1];
}
else if (kvPair[0] == "L") {
m_certconfig.localityName = kvPair[1];
}
else if (kvPair[0] == "ST") {
m_certconfig.stateOrProvinceName = kvPair[1];
}
else if (kvPair[0] == "C") {
m_certconfig.countryName = kvPair[1];
}
else if (kvPair[0] == "emailAddress") {
m_certconfig.emailAddress = kvPair[1];
}
}
delete cert;
}
}
}
TQWizard::next();
finishpage->validateEntries();
}
@ -237,12 +153,12 @@ bool SecondaryRealmWizard::askClose(){
}
else {
if ((currentPage()==certpage) || (currentPage()==finishpage)) {
text = i18n("<p>Are you sure you want to quit the LDAP Realm Wizard?</p>"
text = i18n("<p>Are you sure you want to quit the Secondary Realm Controller Wizard?</p>"
"<p>If yes, click <b>Quit</b> and all changes will be lost."
"<br>If not, click <b>Cancel</b> to return and finish your setup.</p>");
}
else {
text = i18n("<p>Are you sure you want to quit the LDAP Realm Wizard?</p>"
text = i18n("<p>Are you sure you want to quit the Secondary Realm Controller Wizard?</p>"
"<p>If not, click <b>Cancel</b> to return and finish setup.</p>");
}
int status = KMessageBox::warningContinueCancel(this, text, i18n("All Changes Will Be Lost"), KStdGuiItem::quit());
@ -275,12 +191,8 @@ void SecondaryRealmWizard::closeEvent(TQCloseEvent* e){
/** maybe call a dialog that the wizard has finished. */
void SecondaryRealmWizard::accept() {
// Validate entries
if (TQString(finishpage->ldapAdminPassword->password()) != TQString(finishpage->ldapConfirmAdminPassword->password())) {
KMessageBox::error(this, i18n("<qt><b>Passwords do not match!</b><p>Please re-enter the new administration account password</qt>"), i18n("Input Error"));
return;
}
if (TQString(finishpage->ldapAdminPassword->password()) == "") {
KMessageBox::error(this, i18n("<qt><b>Password required!</b><p>Please enter the new administration account password</qt>"), i18n("Input Error"));
KMessageBox::error(this, i18n("<qt><b>Password required!</b><p>Please enter the administration account password</qt>"), i18n("Input Error"));
return;
}
@ -293,11 +205,11 @@ void SecondaryRealmWizard::accept() {
nextButton()->setEnabled(false);
finishButton()->setEnabled(false);
cancelButton()->setEnabled(false);
if (m_controller->createNewLDAPRealm(this, m_realmconfig, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminGroupname->text(), finishpage->ldapMachineAdminGroupname->text(), finishpage->ldapStandardUserGroupname->text(), finishpage->ldapAdminPassword->password(), "admin", finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), m_certconfig, &errorString) == 0) {
if (m_controller->createNewSecondaryController(this, m_realmconfig, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), &errorString) == 0) {
done(0);
}
else {
KMessageBox::error(this, i18n("<qt><b>Unable to create new realm!</b><p>Details: %1</qt>").arg(errorString), i18n("Unable to create new realm"));
KMessageBox::error(this, i18n("<qt><b>Unable to add new secondary realm controller!</b><p>Details: %1</qt>").arg(errorString), i18n("Unable to add new secondary realm controller"));
}
backButton()->setEnabled(true);

Write Preview
Loading…
Cancel
Save