summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/bondwizard.cpp20
-rw-r--r--src/ldapbonding.cpp122
2 files changed, 83 insertions, 59 deletions
diff --git a/src/bondwizard.cpp b/src/bondwizard.cpp
index d9a36c2..cbf1586 100644
--- a/src/bondwizard.cpp
+++ b/src/bondwizard.cpp
@@ -94,6 +94,10 @@ void BondWizard::next() {
if (currentPage()==intropage) {
TQWizard::next();
realmpage->validateEntries();
+
+ // Focus the first entry field on the new wizard page
+ realmpage->txtRealmName->setFocus();
+ realmpage->txtRealmName->selectAll();
}
else if (currentPage()==realmpage) {
// Save realm information
@@ -119,6 +123,10 @@ void BondWizard::next() {
finishpage->ldapAdminRealm->setText(realm.name);
m_finalRealm = realm;
TQWizard::next();
+
+ // Focus the first entry field on the new wizard page
+ finishpage->ldapAdminUsername->setFocus();
+ finishpage->ldapAdminUsername->selectAll();
}
else {
KMessageBox::error(this, i18n("<qt><b>The specified realm is already known to this system.</b><p>If the realm name is correct, please exit the Wizard and select 'Re-Bond to Realm' in the LDAP configuration module.</qt>"), i18n("Duplicate Realm Entry Detected"));
@@ -126,7 +134,6 @@ void BondWizard::next() {
}
if (currentPage()==finishpage) {
backButton()->setEnabled(false);
- finishButton()->setFocus();
}
}
@@ -189,12 +196,23 @@ void BondWizard::closeEvent(TQCloseEvent* e){
void BondWizard::accept(){
// Try to bond
TQString errorString;
+ backButton()->setEnabled(false);
+ nextButton()->setEnabled(false);
+ finishButton()->setEnabled(false);
+ cancelButton()->setEnabled(false);
+ finishpage->setEnabled(false);
+
if (m_ldapConfig->bondRealm(m_finalRealm, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), &errorString) == 0) {
done(0);
}
else {
KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>Details: %1</qt>").arg(errorString), i18n("Unable to Bond to Realm"));
}
+
+ finishpage->setEnabled(true);
+ backButton()->setEnabled(true);
+ finishButton()->setEnabled(true);
+ cancelButton()->setEnabled(true);
}
/** calls all save functions after resetting all features/ OS/ theme selections to Trinity default */
diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp
index 4c2393b..de5c99b 100644
--- a/src/ldapbonding.cpp
+++ b/src/ldapbonding.cpp
@@ -257,22 +257,27 @@ void LDAPConfig::save() {
// Write the cron files
LDAPManager::writeCronFiles();
- // Bind anonymously to LDAP
- LDAPCredentials* credentials = new LDAPCredentials;
- credentials->username = "";
- credentials->password = "";
- credentials->realm = m_defaultRealm.upper();
- LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials);
-
- // Add the domain-wide computer local admin group to local sudoers
- ldap_mgr->writeSudoersConfFile(&errorstring);
- // Get and install the CA root certificate from LDAP
- mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
- mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
- ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring);
-
- delete ldap_mgr;
- delete credentials;
+ if (m_defaultRealm != "") {
+ // Bind anonymously to LDAP
+ LDAPCredentials* credentials = new LDAPCredentials;
+ credentials->username = "";
+ credentials->password = "";
+ credentials->realm = m_defaultRealm.upper();
+ credentials->use_tls = false;
+ LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), TQString("ldap://%1").arg(m_realms[m_defaultRealm].admin_server).ascii(), credentials);
+
+ // Add the domain-wide computer local admin group to local sudoers
+ ldap_mgr->writeSudoersConfFile(&errorstring);
+ // Get and install the CA root certificate from LDAP
+ mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+ mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+ if (ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring) != 0) {
+ KMessageBox::sorry(this, i18n("<qt><b>Unable to obtain root certificate for realm %1!</b><p>Details: %2</qt>").arg(m_defaultRealm.upper()).arg(errorstring), i18n("Unable to Obtain Certificate"));
+ }
+
+ delete ldap_mgr;
+ delete credentials;
+ }
}
load();
@@ -390,33 +395,6 @@ void LDAPConfig::deactivateRealm() {
updateRealmList();
}
-// WARNING
-// kadmin does not have a standard "waiting for user input" character or sequence
-// To make matters worse, the colon does not uniquely designate the end of a line; for example the response "kadmin: ext openldap/foo.bar.baz: Principal does not exist"
-// One way around this would be to see if the first colon is part of a "kadmin:" string; if so, then the colon is not a reliable end of line indicator for the current line
-// (in fact only '\r' should be used as the end of line indicator in that case)
-TQString readFullLineFromPtyProcess(PtyProcess* proc) {
- TQString result = "";
- while ((!result.contains("\r")) &&
- (!result.contains(">")) &&
- (!((!result.contains("kadmin:")) && result.contains(":"))) &&
- (!((result.contains("kadmin:")) && result.contains("\r")))
- ) {
- result = result + TQString(proc->readLine(false));
- tqApp->processEvents();
- if (!TQFile::exists(TQString("/proc/%1/exe").arg(proc->pid()))) {
- result.replace("\n", "");
- result.replace("\r", "");
- if (result == "") {
- result = "TDE process terminated";
- }
- break;
- }
- }
- result.replace("\n", "");
- result.replace("\r", "");
- return result;
-}
int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) {
TQCString command = "kadmin";
QCStringList args;
@@ -427,49 +405,63 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
command = TQCString("ext "+hoststring);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.endsWith(" Password:")) {
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(adminPassword, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace();
}
if (prompt.contains("authentication failed")) {
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
else if (prompt.endsWith("Principal does not exist")) {
+ // Wait for kadmin to be ready for the next command
+ if (!prompt.contains("kadmin>")) {
+ prompt = "";
+ }
+ while (prompt == "") {
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
+ printf("(kadmin) '%s'\n\r", prompt.ascii());
+ }
command = TQCString("ank --random-key "+hoststring);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
// Use all defaults
while (prompt != "kadmin>") {
if (prompt.endsWith(" Password:")) {
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(adminPassword, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace();
}
if (prompt.contains("authentication failed")) {
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
@@ -483,45 +475,55 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons
defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket);
}
command = TQCString(defaultParam);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
}
}
command = TQCString("ext "+hoststring);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt != "kadmin>") {
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
// Success!
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
realmcfg.bonded = true;
+ m_realms.remove(realmcfg.name);
+ m_realms.insert(realmcfg.name, realmcfg);
save();
return 0;
}
else if (prompt == "kadmin>") {
// Success!
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
realmcfg.bonded = true;
+ m_realms.remove(realmcfg.name);
+ m_realms.insert(realmcfg.name, realmcfg);
save();
return 0;
}
// Failure
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
@@ -542,31 +544,35 @@ int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, co
TQString prompt;
PtyProcess kadminProc;
kadminProc.exec(command, args);
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
prompt = prompt.stripWhiteSpace();
if (prompt == "kadmin>") {
command = TQCString("delete "+hoststring);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(command, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == TQString(command));
prompt = prompt.stripWhiteSpace();
if (prompt.endsWith(" Password:")) {
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine(adminPassword, true);
do { // Discard our own input
- prompt = readFullLineFromPtyProcess(&kadminProc);
+ prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc);
printf("(kadmin) '%s'\n\r", prompt.ascii());
} while (prompt == "");
prompt = prompt.stripWhiteSpace();
}
if (prompt != "kadmin>") {
- if (errstr) *errstr = prompt;
+ if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt);
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 1;
}
// Success!
+ kadminProc.enableLocalEcho(false);
kadminProc.writeLine("quit", true);
return 0;
}