1 package krb5;
2 use Exporter;
3 @ISA = qw(Exporter);
4 my @events = (
5 "get_events",
6 "krb5_list_principals",
7 "krb5_list_policies",
8 "krb5_get_principal",
9 "krb5_set_principal",
10 "krb5_del_principal",
11 "krb5_get_policy",
12 "krb5_set_policy",
13 "krb5_del_policy",
15 );
16 @EXPORT = @events;
18 use strict;
19 use warnings;
20 use Data::Dumper;
21 use GOSA::GosaSupportDaemon;
22 use Authen::Krb5;
23 use Authen::Krb5::Admin qw(:constants);
25 BEGIN {}
27 END {}
29 ### Start ######################################################################
31 Authen::Krb5::init_context;
32 Authen::Krb5::init_ets;
34 my $krb_admin;
35 my $krb_password;
37 my %cfg_defaults = (
38 "krb5" => {
39 "admin" => [\$krb_admin, ""],
40 "password" => [\$krb_password, ""],
41 },
42 );
43 &read_configfile($main::cfg_file, %cfg_defaults);
46 sub read_configfile {
47 my ($cfg_file, %cfg_defaults) = @_;
48 my $cfg;
50 if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
51 if( -r $cfg_file ) {
52 $cfg = Config::IniFiles->new( -file => $cfg_file );
53 } else {
54 &main::daemon_log("ERROR: krb5.pm couldn't read config file!", 1);
55 }
56 } else {
57 $cfg = Config::IniFiles->new() ;
58 }
59 foreach my $section (keys %cfg_defaults) {
60 foreach my $param (keys %{$cfg_defaults{ $section }}) {
61 my $pinfo = $cfg_defaults{ $section }{ $param };
62 ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
63 }
64 }
65 }
68 sub get_events { return \@events; }
71 sub krb5_list_principals {
72 my ($msg, $msg_hash) = @_;
73 my $header = @{$msg_hash->{'header'}}[0];
74 my $source = @{$msg_hash->{'source'}}[0];
75 my $target = @{$msg_hash->{'target'}}[0];
76 my $session_id = @{$msg_hash->{'session_id'}}[0];
78 # build return message with twisted target and source
79 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
80 &add_content2xml_hash($out_hash, "session_id", $session_id);
82 # Authenticate
83 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
84 if (not defined $kadm5){
85 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
86 } else {
87 my @principals= $kadm5->get_principals() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
88 for my $principal (@principals) {
89 &add_content2xml_hash($out_hash, "principal", $principal);
90 }
91 }
93 # return message
94 return &create_xml_string($out_hash);
95 }
98 sub krb5_set_principal {
99 my ($msg, $msg_hash) = @_;
100 my $header = @{$msg_hash->{'header'}}[0];
101 my $source = @{$msg_hash->{'source'}}[0];
102 my $target = @{$msg_hash->{'target'}}[0];
103 my $session_id = @{$msg_hash->{'session_id'}}[0];
105 # build return message with twisted target and source
106 my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
107 my $out_msg = &create_xml_string($out_hash);
109 # return message
110 return $out_msg;
113 }
116 sub krb5_get_principal {
117 my ($msg, $msg_hash) = @_;
118 my $header = @{$msg_hash->{'header'}}[0];
119 my $source = @{$msg_hash->{'source'}}[0];
120 my $target = @{$msg_hash->{'target'}}[0];
121 my $session_id = @{$msg_hash->{'session_id'}}[0];
123 # build return message with twisted target and source
124 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
125 &add_content2xml_hash($out_hash, "session_id", $session_id);
127 # Sanity check
128 if (not defined @{$msg_hash->{'principal'}}[0]){
129 &add_content2xml_hash($out_hash, "error", "No principal specified");
130 return &create_xml_string($out_hash);
131 }
133 # Authenticate
134 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
135 my $principal;
136 if (not defined $kadm5){
137 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
138 } else {
139 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
140 if(not defined $principal) {
141 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
142 } else {
143 my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
144 &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
145 &add_content2xml_hash($out_hash, "attributes", $data->attributes);
146 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
147 &add_content2xml_hash($out_hash, "kvno", $data->kvno);
148 &add_content2xml_hash($out_hash, "max_life", $data->max_life);
149 &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
150 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
151 &add_content2xml_hash($out_hash, "policy", $data->policy);
152 &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
153 &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
154 }
155 }
157 # return message
158 return &create_xml_string($out_hash);
159 }
162 sub krb5_del_principal {
163 my ($msg, $msg_hash) = @_;
164 my $header = @{$msg_hash->{'header'}}[0];
165 my $source = @{$msg_hash->{'source'}}[0];
166 my $target = @{$msg_hash->{'target'}}[0];
167 my $session_id = @{$msg_hash->{'session_id'}}[0];
169 # build return message with twisted target and source
170 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
171 &add_content2xml_hash($out_hash, "session_id", $session_id);
173 # Sanity check
174 if (not defined @{$msg_hash->{'principal'}}[0]){
175 &add_content2xml_hash($out_hash, "error", "No principal specified");
176 return &create_xml_string($out_hash);
177 }
179 # Authenticate
180 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
181 my $principal;
182 if (not defined $kadm5){
183 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
184 } else {
185 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
186 if(not defined $principal) {
187 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
188 } else {
189 $kadm5->delete_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
190 }
191 }
193 # return message
194 return &create_xml_string($out_hash);
195 }
198 sub krb5_list_policies {
199 my ($msg, $msg_hash) = @_;
200 my $header = @{$msg_hash->{'header'}}[0];
201 my $source = @{$msg_hash->{'source'}}[0];
202 my $target = @{$msg_hash->{'target'}}[0];
203 my $session_id = @{$msg_hash->{'session_id'}}[0];
205 # build return message with twisted target and source
206 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
207 &add_content2xml_hash($out_hash, "session_id", $session_id);
209 # Authenticate
210 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
211 if (not defined $kadm5){
212 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
213 } else {
214 my @policies= $kadm5->get_policies() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
215 for my $policy (@policies) {
216 &add_content2xml_hash($out_hash, "policy", $policy);
217 }
218 }
220 # return message
221 return &create_xml_string($out_hash);
222 }
225 sub krb5_get_policy {
226 my ($msg, $msg_hash) = @_;
227 my $header = @{$msg_hash->{'header'}}[0];
228 my $source = @{$msg_hash->{'source'}}[0];
229 my $target = @{$msg_hash->{'target'}}[0];
230 my $session_id = @{$msg_hash->{'session_id'}}[0];
232 # build return message with twisted target and source
233 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
234 &add_content2xml_hash($out_hash, "session_id", $session_id);
236 # Sanity check
237 if (not defined @{$msg_hash->{'policy'}}[0]){
238 &add_content2xml_hash($out_hash, "error", "No policy specified");
239 return &create_xml_string($out_hash);
240 }
242 # Authenticate
243 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
244 my $principal;
245 if (not defined $kadm5){
246 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
247 } else {
248 my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
249 &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
250 &add_content2xml_hash($out_hash, "attributes", $data->attributes);
251 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
252 &add_content2xml_hash($out_hash, "kvno", $data->kvno);
253 &add_content2xml_hash($out_hash, "max_life", $data->max_life);
254 &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
255 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
256 &add_content2xml_hash($out_hash, "policy", $data->policy);
257 &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
258 &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
259 }
261 # return message
262 return &create_xml_string($out_hash);
263 }
266 sub krb5_set_policy {
267 my ($msg, $msg_hash) = @_;
268 my $header = @{$msg_hash->{'header'}}[0];
269 my $source = @{$msg_hash->{'source'}}[0];
270 my $target = @{$msg_hash->{'target'}}[0];
271 my $session_id = @{$msg_hash->{'session_id'}}[0];
273 # build return message with twisted target and source
274 my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
275 my $out_msg = &create_xml_string($out_hash);
277 # return message
278 return $out_msg;
281 }
284 sub krb5_del_policy {
285 my ($msg, $msg_hash) = @_;
286 my $header = @{$msg_hash->{'header'}}[0];
287 my $source = @{$msg_hash->{'source'}}[0];
288 my $target = @{$msg_hash->{'target'}}[0];
289 my $session_id = @{$msg_hash->{'session_id'}}[0];
291 # build return message with twisted target and source
292 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
293 &add_content2xml_hash($out_hash, "session_id", $session_id);
295 # Sanity check
296 if (not defined @{$msg_hash->{'policy'}}[0]){
297 &add_content2xml_hash($out_hash, "error", "No policy specified");
298 return &create_xml_string($out_hash);
299 }
301 # Authenticate
302 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
303 my $policy;
304 if (not defined $kadm5){
305 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
306 } else {
307 $kadm5->delete_policy($policy) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
308 }
310 # return message
311 return &create_xml_string($out_hash);
312 }
314 1;