Add skeleton for secondary realm controller and fix wizard

1 files changed, 113 insertions, 36 deletions

diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 8340902..02fe9c3 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -146,6 +146,8 @@ LDAPController::~LDAPController() {
 }
 
 void LDAPController::systemRoleChanged() {
+	int previousRole = m_prevRole;
+
 	if (m_base->systemRole->currentItem() != m_prevRole) {
 		// Verify that this workstation was not already bonded to an LDAP realm!
 		bool bonded = false;
@@ -160,58 +162,72 @@ void LDAPController::systemRoleChanged() {
 		}
 
 		if (m_base->systemRole->currentItem() == ROLE_PRIMARY_REALM_CONTROLLER) {
-			if (bonded) {
-				KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure"));
-				m_base->systemRole->setCurrentItem(m_prevRole);
+			if (previousRole == ROLE_SECONDARY_REALM_CONTROLLER) {
+				// TODO FIXME
+				KMessageBox::error(0, i18n("<qt>Secondary realm controller promotion is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available"));
+				m_base->systemRole->setCurrentItem(previousRole);
 			}
 			else {
-				// Something will probably change
-				save();
-			
-				PrimaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this);
-				if (realmwizard.exec() < 0) {
-					// Wizard was cancelled
-					// Back out all changes!
-					m_base->systemRole->setCurrentItem(m_prevRole);
-					save();
+				if (bonded) {
+					KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure"));
+					m_base->systemRole->setCurrentItem(previousRole);
 				}
 				else {
-					// Wizard completed; commit changes
+					// Something will probably change
 					save();
+				
+					PrimaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this);
+					if (realmwizard.exec() < 0) {
+						// Wizard was cancelled
+						// Back out all changes!
+						m_base->systemRole->setCurrentItem(previousRole);
+						save();
+					}
+					else {
+						// Wizard completed; commit changes
+						save();
+					}
+				
+					// Something probably changed
+					load();
 				}
-			
-				// Something probably changed
-				load();
 			}
 		}
 		else if (m_base->systemRole->currentItem() == ROLE_SECONDARY_REALM_CONTROLLER) {
-			// RAJA FIXME
-#if 0
+#if 1
+			// TODO FIXME
 			KMessageBox::error(0, i18n("<qt>Secondary realm controller support is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available"));
-			m_base->systemRole->setCurrentItem(m_prevRole);
+			m_base->systemRole->setCurrentItem(previousRole);
 #else
-			if (bonded) {
-				KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure"));
-				m_base->systemRole->setCurrentItem(m_prevRole);
+			if (previousRole == ROLE_PRIMARY_REALM_CONTROLLER) {
+				// TODO FIXME
+				KMessageBox::error(0, i18n("<qt>Primary realm controller demotion is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available"));
+				m_base->systemRole->setCurrentItem(previousRole);
 			}
 			else {
-				// Something will probably change
-				save();
-	
-				SecondaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this);
-				if (realmwizard.exec() < 0) {
-					// Wizard was cancelled
-					// Back out all changes!
-					m_base->systemRole->setCurrentItem(m_prevRole);
-					save();
+				if (bonded) {
+					KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure"));
+					m_base->systemRole->setCurrentItem(previousRole);
 				}
 				else {
-					// Wizard completed; commit changes
+					// Something will probably change
 					save();
+		
+					SecondaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this);
+					if (realmwizard.exec() < 0) {
+						// Wizard was cancelled
+						// Back out all changes!
+						m_base->systemRole->setCurrentItem(previousRole);
+						save();
+					}
+					else {
+						// Wizard completed; commit changes
+						save();
+					}
+		
+					// Something probably changed
+					load();
 				}
-	
-				// Something probably changed
-				load();
 			}
 #endif
 		}
@@ -262,7 +278,7 @@ void LDAPController::systemRoleChanged() {
 				load();
 			}
 			else {
-				m_base->systemRole->setCurrentItem(m_prevRole);
+				m_base->systemRole->setCurrentItem(previousRole);
 			}
 		}
 	}
@@ -1223,6 +1239,67 @@ int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQStrin
 
 // #define STRICT_SETUP 1
 
+int LDAPController::createNewSecondaryController(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
+	// Fortunately this is somewhat simpler than createNewLDAPRealm(...)!
+	ProcessingDialog pdialog(dialogparent);
+	pdialog.setStatusMessage(i18n("Loading data for secondary controller..."));
+	pdialog.raise();
+	pdialog.setActiveWindow();
+	tqApp->processEvents();
+
+	// RAJA FIXME
+	// Threading would be a good idea here, to keep the GUI responsive while the backend code works
+
+	// Reset improperly uninitialized variables
+	realmconfig.bonded = true;
+
+	// Find the templates
+	TQString templateDir = locate("data", "kcmldapcontroller/skel/heimdal/heimdal.defaults");
+	templateDir.replace("heimdal/heimdal.defaults", "");
+	if (templateDir == "") {
+		if (errstr) *errstr = i18n("Unable to locate required template files");
+		pdialog.closeDialog();
+		return -1;
+	}
+
+	KTempDir configTempDir;
+	configTempDir.setAutoDelete(true);
+	TQString destDir = "/etc/";
+
+	pdialog.setStatusMessage(i18n("Stopping servers..."));
+
+	// Stop SASL
+	if (controlSASLServer(SC_STOP) != 0) {
+#ifdef STRICT_SETUP
+		if (errstr) *errstr = i18n("Unable to stop SASL server");
+		pdialog.closeDialog();
+		return -1;
+#endif // STRICT_SETUP
+	}
+	// Stop Heimdal
+	if (controlHeimdalServer(SC_STOP) != 0) {
+#ifdef STRICT_SETUP
+		if (errstr) *errstr = i18n("Unable to stop Kerberos server");
+		pdialog.closeDialog();
+		return -1;
+#endif // STRICT_SETUP
+	}
+	// Stop slapd
+	if (controlLDAPServer(SC_STOP) != 0) {
+#ifdef STRICT_SETUP
+		if (errstr) *errstr = i18n("Unable to stop LDAP server");
+		pdialog.closeDialog();
+		return -1;
+#endif // STRICT_SETUP
+	}
+
+	// RAJA FIXME
+	// 1.) Fetch CA private/public certificates from master LDAP server, save them, and also use the public certificate to fill a certificate information structure
+	// 2.) Bond machine to Kerberos
+	// 3.) Set up LDAP replication
+	// 4.) Point local Kerberos and SASL instances to this LDAP server
+}
+
 int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) {
 	int ldifSchemaNumber;