diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/bondwizard.cpp | 20 | ||||
-rw-r--r-- | src/ldapbonding.cpp | 122 |
2 files changed, 83 insertions, 59 deletions
diff --git a/src/bondwizard.cpp b/src/bondwizard.cpp index d9a36c2..cbf1586 100644 --- a/src/bondwizard.cpp +++ b/src/bondwizard.cpp @@ -94,6 +94,10 @@ void BondWizard::next() { if (currentPage()==intropage) { TQWizard::next(); realmpage->validateEntries(); + + // Focus the first entry field on the new wizard page + realmpage->txtRealmName->setFocus(); + realmpage->txtRealmName->selectAll(); } else if (currentPage()==realmpage) { // Save realm information @@ -119,6 +123,10 @@ void BondWizard::next() { finishpage->ldapAdminRealm->setText(realm.name); m_finalRealm = realm; TQWizard::next(); + + // Focus the first entry field on the new wizard page + finishpage->ldapAdminUsername->setFocus(); + finishpage->ldapAdminUsername->selectAll(); } else { KMessageBox::error(this, i18n("<qt><b>The specified realm is already known to this system.</b><p>If the realm name is correct, please exit the Wizard and select 'Re-Bond to Realm' in the LDAP configuration module.</qt>"), i18n("Duplicate Realm Entry Detected")); @@ -126,7 +134,6 @@ void BondWizard::next() { } if (currentPage()==finishpage) { backButton()->setEnabled(false); - finishButton()->setFocus(); } } @@ -189,12 +196,23 @@ void BondWizard::closeEvent(TQCloseEvent* e){ void BondWizard::accept(){ // Try to bond TQString errorString; + backButton()->setEnabled(false); + nextButton()->setEnabled(false); + finishButton()->setEnabled(false); + cancelButton()->setEnabled(false); + finishpage->setEnabled(false); + if (m_ldapConfig->bondRealm(m_finalRealm, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), &errorString) == 0) { done(0); } else { KMessageBox::error(this, i18n("<qt><b>Unable to bond to realm!</b><p>Details: %1</qt>").arg(errorString), i18n("Unable to Bond to Realm")); } + + finishpage->setEnabled(true); + backButton()->setEnabled(true); + finishButton()->setEnabled(true); + cancelButton()->setEnabled(true); } /** calls all save functions after resetting all features/ OS/ theme selections to Trinity default */ diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp index 4c2393b..de5c99b 100644 --- a/src/ldapbonding.cpp +++ b/src/ldapbonding.cpp @@ -257,22 +257,27 @@ void LDAPConfig::save() { // Write the cron files LDAPManager::writeCronFiles(); - // Bind anonymously to LDAP - LDAPCredentials* credentials = new LDAPCredentials; - credentials->username = ""; - credentials->password = ""; - credentials->realm = m_defaultRealm.upper(); - LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials); - - // Add the domain-wide computer local admin group to local sudoers - ldap_mgr->writeSudoersConfFile(&errorstring); - // Get and install the CA root certificate from LDAP - mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring); - - delete ldap_mgr; - delete credentials; + if (m_defaultRealm != "") { + // Bind anonymously to LDAP + LDAPCredentials* credentials = new LDAPCredentials; + credentials->username = ""; + credentials->password = ""; + credentials->realm = m_defaultRealm.upper(); + credentials->use_tls = false; + LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), TQString("ldap://%1").arg(m_realms[m_defaultRealm].admin_server).ascii(), credentials); + + // Add the domain-wide computer local admin group to local sudoers + ldap_mgr->writeSudoersConfFile(&errorstring); + // Get and install the CA root certificate from LDAP + mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + if (ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring) != 0) { + KMessageBox::sorry(this, i18n("<qt><b>Unable to obtain root certificate for realm %1!</b><p>Details: %2</qt>").arg(m_defaultRealm.upper()).arg(errorstring), i18n("Unable to Obtain Certificate")); + } + + delete ldap_mgr; + delete credentials; + } } load(); @@ -390,33 +395,6 @@ void LDAPConfig::deactivateRealm() { updateRealmList(); } -// WARNING -// kadmin does not have a standard "waiting for user input" character or sequence -// To make matters worse, the colon does not uniquely designate the end of a line; for example the response "kadmin: ext openldap/foo.bar.baz: Principal does not exist" -// One way around this would be to see if the first colon is part of a "kadmin:" string; if so, then the colon is not a reliable end of line indicator for the current line -// (in fact only '\r' should be used as the end of line indicator in that case) -TQString readFullLineFromPtyProcess(PtyProcess* proc) { - TQString result = ""; - while ((!result.contains("\r")) && - (!result.contains(">")) && - (!((!result.contains("kadmin:")) && result.contains(":"))) && - (!((result.contains("kadmin:")) && result.contains("\r"))) - ) { - result = result + TQString(proc->readLine(false)); - tqApp->processEvents(); - if (!TQFile::exists(TQString("/proc/%1/exe").arg(proc->pid()))) { - result.replace("\n", ""); - result.replace("\r", ""); - if (result == "") { - result = "TDE process terminated"; - } - break; - } - } - result.replace("\n", ""); - result.replace("\r", ""); - return result; -} int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, const char * adminPassword, TQString adminRealm, TQString *errstr) { TQCString command = "kadmin"; QCStringList args; @@ -427,49 +405,63 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons TQString prompt; PtyProcess kadminProc; kadminProc.exec(command, args); - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); if (prompt == "kadmin>") { command = TQCString("ext "+hoststring); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt.endsWith(" Password:")) { + kadminProc.enableLocalEcho(false); kadminProc.writeLine(adminPassword, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == ""); prompt = prompt.stripWhiteSpace(); } if (prompt.contains("authentication failed")) { - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } else if (prompt.endsWith("Principal does not exist")) { + // Wait for kadmin to be ready for the next command + if (!prompt.contains("kadmin>")) { + prompt = ""; + } + while (prompt == "") { + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); + printf("(kadmin) '%s'\n\r", prompt.ascii()); + } command = TQCString("ank --random-key "+hoststring); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); // Use all defaults while (prompt != "kadmin>") { if (prompt.endsWith(" Password:")) { + kadminProc.enableLocalEcho(false); kadminProc.writeLine(adminPassword, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == ""); prompt = prompt.stripWhiteSpace(); } if (prompt.contains("authentication failed")) { - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } @@ -483,45 +475,55 @@ int LDAPConfig::bondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, cons defaultParam = prompt.mid(leftbracket, rightbracket-leftbracket); } command = TQCString(defaultParam); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); } } command = TQCString("ext "+hoststring); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt != "kadmin>") { - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } // Success! + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); realmcfg.bonded = true; + m_realms.remove(realmcfg.name); + m_realms.insert(realmcfg.name, realmcfg); save(); return 0; } else if (prompt == "kadmin>") { // Success! + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); realmcfg.bonded = true; + m_realms.remove(realmcfg.name); + m_realms.insert(realmcfg.name, realmcfg); save(); return 0; } // Failure - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } @@ -542,31 +544,35 @@ int LDAPConfig::unbondRealm(LDAPRealmConfig realmcfg, TQString adminUserName, co TQString prompt; PtyProcess kadminProc; kadminProc.exec(command, args); - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); prompt = prompt.stripWhiteSpace(); if (prompt == "kadmin>") { command = TQCString("delete "+hoststring); + kadminProc.enableLocalEcho(false); kadminProc.writeLine(command, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == TQString(command)); prompt = prompt.stripWhiteSpace(); if (prompt.endsWith(" Password:")) { + kadminProc.enableLocalEcho(false); kadminProc.writeLine(adminPassword, true); do { // Discard our own input - prompt = readFullLineFromPtyProcess(&kadminProc); + prompt = LDAPManager::readFullLineFromPtyProcess(&kadminProc); printf("(kadmin) '%s'\n\r", prompt.ascii()); } while (prompt == ""); prompt = prompt.stripWhiteSpace(); } if (prompt != "kadmin>") { - if (errstr) *errstr = prompt; + if (errstr) *errstr = LDAPManager::detailedKAdminErrorMessage(prompt); + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 1; } // Success! + kadminProc.enableLocalEcho(false); kadminProc.writeLine("quit", true); return 0; } |