diff options
Diffstat (limited to 'src/ldapcontroller.cpp')
-rw-r--r-- | src/ldapcontroller.cpp | 149 |
1 files changed, 113 insertions, 36 deletions
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index 8340902..02fe9c3 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -146,6 +146,8 @@ LDAPController::~LDAPController() { } void LDAPController::systemRoleChanged() { + int previousRole = m_prevRole; + if (m_base->systemRole->currentItem() != m_prevRole) { // Verify that this workstation was not already bonded to an LDAP realm! bool bonded = false; @@ -160,58 +162,72 @@ void LDAPController::systemRoleChanged() { } if (m_base->systemRole->currentItem() == ROLE_PRIMARY_REALM_CONTROLLER) { - if (bonded) { - KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure")); - m_base->systemRole->setCurrentItem(m_prevRole); + if (previousRole == ROLE_SECONDARY_REALM_CONTROLLER) { + // TODO FIXME + KMessageBox::error(0, i18n("<qt>Secondary realm controller promotion is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available")); + m_base->systemRole->setCurrentItem(previousRole); } else { - // Something will probably change - save(); - - PrimaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this); - if (realmwizard.exec() < 0) { - // Wizard was cancelled - // Back out all changes! - m_base->systemRole->setCurrentItem(m_prevRole); - save(); + if (bonded) { + KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure")); + m_base->systemRole->setCurrentItem(previousRole); } else { - // Wizard completed; commit changes + // Something will probably change save(); + + PrimaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this); + if (realmwizard.exec() < 0) { + // Wizard was cancelled + // Back out all changes! + m_base->systemRole->setCurrentItem(previousRole); + save(); + } + else { + // Wizard completed; commit changes + save(); + } + + // Something probably changed + load(); } - - // Something probably changed - load(); } } else if (m_base->systemRole->currentItem() == ROLE_SECONDARY_REALM_CONTROLLER) { - // RAJA FIXME -#if 0 +#if 1 + // TODO FIXME KMessageBox::error(0, i18n("<qt>Secondary realm controller support is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available")); - m_base->systemRole->setCurrentItem(m_prevRole); + m_base->systemRole->setCurrentItem(previousRole); #else - if (bonded) { - KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure")); - m_base->systemRole->setCurrentItem(m_prevRole); + if (previousRole == ROLE_PRIMARY_REALM_CONTROLLER) { + // TODO FIXME + KMessageBox::error(0, i18n("<qt>Primary realm controller demotion is not yet available<p>If you want to see it implemented, contact the Trinity Desktop developers</qt>"), i18n("Feature Not Yet Available")); + m_base->systemRole->setCurrentItem(previousRole); } else { - // Something will probably change - save(); - - SecondaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this); - if (realmwizard.exec() < 0) { - // Wizard was cancelled - // Back out all changes! - m_base->systemRole->setCurrentItem(m_prevRole); - save(); + if (bonded) { + KMessageBox::error(0, i18n("<qt>You are already bonded to a realm!<p>Please unbond from all realms before selecting a Realm Controller role</qt>"), i18n("Common Sense Failure")); + m_base->systemRole->setCurrentItem(previousRole); } else { - // Wizard completed; commit changes + // Something will probably change save(); + + SecondaryRealmWizard realmwizard(this, m_fqdn, m_certconfig, this); + if (realmwizard.exec() < 0) { + // Wizard was cancelled + // Back out all changes! + m_base->systemRole->setCurrentItem(previousRole); + save(); + } + else { + // Wizard completed; commit changes + save(); + } + + // Something probably changed + load(); } - - // Something probably changed - load(); } #endif } @@ -262,7 +278,7 @@ void LDAPController::systemRoleChanged() { load(); } else { - m_base->systemRole->setCurrentItem(m_prevRole); + m_base->systemRole->setCurrentItem(previousRole); } } } @@ -1223,6 +1239,67 @@ int LDAPController::uploadKerberosCAKeyFileToLDAP(LDAPManager* ldap_mgr, TQStrin // #define STRICT_SETUP 1 +int LDAPController::createNewSecondaryController(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) { + // Fortunately this is somewhat simpler than createNewLDAPRealm(...)! + ProcessingDialog pdialog(dialogparent); + pdialog.setStatusMessage(i18n("Loading data for secondary controller...")); + pdialog.raise(); + pdialog.setActiveWindow(); + tqApp->processEvents(); + + // RAJA FIXME + // Threading would be a good idea here, to keep the GUI responsive while the backend code works + + // Reset improperly uninitialized variables + realmconfig.bonded = true; + + // Find the templates + TQString templateDir = locate("data", "kcmldapcontroller/skel/heimdal/heimdal.defaults"); + templateDir.replace("heimdal/heimdal.defaults", ""); + if (templateDir == "") { + if (errstr) *errstr = i18n("Unable to locate required template files"); + pdialog.closeDialog(); + return -1; + } + + KTempDir configTempDir; + configTempDir.setAutoDelete(true); + TQString destDir = "/etc/"; + + pdialog.setStatusMessage(i18n("Stopping servers...")); + + // Stop SASL + if (controlSASLServer(SC_STOP) != 0) { +#ifdef STRICT_SETUP + if (errstr) *errstr = i18n("Unable to stop SASL server"); + pdialog.closeDialog(); + return -1; +#endif // STRICT_SETUP + } + // Stop Heimdal + if (controlHeimdalServer(SC_STOP) != 0) { +#ifdef STRICT_SETUP + if (errstr) *errstr = i18n("Unable to stop Kerberos server"); + pdialog.closeDialog(); + return -1; +#endif // STRICT_SETUP + } + // Stop slapd + if (controlLDAPServer(SC_STOP) != 0) { +#ifdef STRICT_SETUP + if (errstr) *errstr = i18n("Unable to stop LDAP server"); + pdialog.closeDialog(); + return -1; +#endif // STRICT_SETUP + } + + // RAJA FIXME + // 1.) Fetch CA private/public certificates from master LDAP server, save them, and also use the public certificate to fill a certificate information structure + // 2.) Bond machine to Kerberos + // 3.) Set up LDAP replication + // 4.) Point local Kerberos and SASL instances to this LDAP server +} + int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, TQString standardUserGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, LDAPCertConfig certinfo, TQString *errstr) { int ldifSchemaNumber; |