1 package krb5;
2 use Exporter;
3 @ISA = qw(Exporter);
4 my @events = (
5 "get_events",
6 "krb5_list_principals",
7 "krb5_list_policies",
8 "krb5_get_principal",
9 "krb5_create_principal",
10 "krb5_modify_principal",
11 "krb5_del_principal",
12 "krb5_get_policy",
13 "krb5_create_policy",
14 "krb5_modify_policy",
15 "krb5_del_policy",
16 "krb5_set_password",
17 );
18 @EXPORT = @events;
20 use strict;
21 use warnings;
22 use Data::Dumper;
23 use GOSA::GosaSupportDaemon;
24 use Authen::Krb5;
25 use Authen::Krb5::Admin qw(:constants);
27 BEGIN {}
29 END {}
31 ### Start ######################################################################
33 Authen::Krb5::init_context;
34 Authen::Krb5::init_ets;
36 my $krb_admin;
37 my $krb_password;
39 my %cfg_defaults = (
40 "krb5" => {
41 "admin" => [\$krb_admin, ""],
42 "password" => [\$krb_password, ""],
43 },
44 );
45 &read_configfile($main::cfg_file, %cfg_defaults);
48 sub read_configfile {
49 my ($cfg_file, %cfg_defaults) = @_;
50 my $cfg;
52 if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
53 if( -r $cfg_file ) {
54 $cfg = Config::IniFiles->new( -file => $cfg_file );
55 } else {
56 &main::daemon_log("ERROR: krb5.pm couldn't read config file!", 1);
57 }
58 } else {
59 $cfg = Config::IniFiles->new() ;
60 }
61 foreach my $section (keys %cfg_defaults) {
62 foreach my $param (keys %{$cfg_defaults{ $section }}) {
63 my $pinfo = $cfg_defaults{ $section }{ $param };
64 ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
65 }
66 }
67 }
70 sub get_events { return \@events; }
73 sub krb5_list_principals {
74 my ($msg, $msg_hash) = @_;
75 my $header = @{$msg_hash->{'header'}}[0];
76 my $source = @{$msg_hash->{'source'}}[0];
77 my $target = @{$msg_hash->{'target'}}[0];
78 my $session_id = @{$msg_hash->{'session_id'}}[0];
80 # build return message with twisted target and source
81 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
82 &add_content2xml_hash($out_hash, "session_id", $session_id);
84 # Authenticate
85 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
86 if (not defined $kadm5){
87 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
88 } else {
89 my @principals= $kadm5->get_principals() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
90 for my $principal (@principals) {
91 &add_content2xml_hash($out_hash, "principal", $principal);
92 }
93 }
95 # return message
96 return &create_xml_string($out_hash);
97 }
100 sub krb5_create_principal {
101 my ($msg, $msg_hash) = @_;
102 my $header = @{$msg_hash->{'header'}}[0];
103 my $source = @{$msg_hash->{'source'}}[0];
104 my $target = @{$msg_hash->{'target'}}[0];
105 my $session_id = @{$msg_hash->{'session_id'}}[0];
107 # build return message with twisted target and source
108 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
109 &add_content2xml_hash($out_hash, "session_id", $session_id);
111 # Sanity check
112 if (not defined @{$msg_hash->{'principal'}}[0]){
113 &add_content2xml_hash($out_hash, "error", "No principal specified");
114 return &create_xml_string($out_hash);
115 }
117 # Authenticate
118 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
119 my $principal;
120 if (not defined $kadm5){
121 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
122 } else {
123 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
124 if(not defined $principal) {
125 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
126 } else {
127 if ( $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error)){
128 &add_content2xml_hash($out_hash, "error", "Principal exists");
129 return &create_xml_string($out_hash);
130 }
131 }
132 }
134 # return message
135 return &create_xml_string($out_hash);
136 }
139 sub krb5_modify_principal {
140 my ($msg, $msg_hash) = @_;
141 my $header = @{$msg_hash->{'header'}}[0];
142 my $source = @{$msg_hash->{'source'}}[0];
143 my $target = @{$msg_hash->{'target'}}[0];
144 my $session_id = @{$msg_hash->{'session_id'}}[0];
146 # build return message with twisted target and source
147 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
148 &add_content2xml_hash($out_hash, "session_id", $session_id);
150 # Sanity check
151 if (not defined @{$msg_hash->{'principal'}}[0]){
152 &add_content2xml_hash($out_hash, "error", "No principal specified");
153 return &create_xml_string($out_hash);
154 }
156 # Authenticate
157 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
158 my $principal;
159 if (not defined $kadm5){
160 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
161 } else {
162 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
163 if(not defined $principal) {
164 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
165 } else {
166 if ( $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error)){
167 &add_content2xml_hash($out_hash, "error", "Principal exists");
168 return &create_xml_string($out_hash);
169 }
170 }
171 }
173 # return message
174 return &create_xml_string($out_hash);
175 }
178 sub krb5_get_principal {
179 my ($msg, $msg_hash) = @_;
180 my $header = @{$msg_hash->{'header'}}[0];
181 my $source = @{$msg_hash->{'source'}}[0];
182 my $target = @{$msg_hash->{'target'}}[0];
183 my $session_id = @{$msg_hash->{'session_id'}}[0];
185 # build return message with twisted target and source
186 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
187 &add_content2xml_hash($out_hash, "session_id", $session_id);
189 # Sanity check
190 if (not defined @{$msg_hash->{'principal'}}[0]){
191 &add_content2xml_hash($out_hash, "error", "No principal specified");
192 return &create_xml_string($out_hash);
193 }
195 # Authenticate
196 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
197 my $principal;
198 if (not defined $kadm5){
199 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
200 } else {
201 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
202 if(not defined $principal) {
203 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
204 } else {
205 my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
206 &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
207 &add_content2xml_hash($out_hash, "mask", $data->mask);
208 &add_content2xml_hash($out_hash, "attributes", $data->attributes);
209 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
210 &add_content2xml_hash($out_hash, "kvno", $data->kvno);
211 &add_content2xml_hash($out_hash, "max_life", $data->max_life);
212 &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
213 &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
214 &add_content2xml_hash($out_hash, "policy", $data->policy);
215 &add_content2xml_hash($out_hash, "fail_auth_count", $data->fail_auth_count);
216 &add_content2xml_hash($out_hash, "last_failed", $data->last_failed);
217 &add_content2xml_hash($out_hash, "last_pwd_change", $data->last_pwd_change);
218 &add_content2xml_hash($out_hash, "last_success", $data->last_success);
219 &add_content2xml_hash($out_hash, "mod_date", $data->mod_date);
220 &add_content2xml_hash($out_hash, "mod_name", $data->mod_name);
221 &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
222 &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
223 }
224 }
226 # return message
227 return &create_xml_string($out_hash);
228 }
231 sub krb5_del_principal {
232 my ($msg, $msg_hash) = @_;
233 my $header = @{$msg_hash->{'header'}}[0];
234 my $source = @{$msg_hash->{'source'}}[0];
235 my $target = @{$msg_hash->{'target'}}[0];
236 my $session_id = @{$msg_hash->{'session_id'}}[0];
238 # build return message with twisted target and source
239 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
240 &add_content2xml_hash($out_hash, "session_id", $session_id);
242 # Sanity check
243 if (not defined @{$msg_hash->{'principal'}}[0]){
244 &add_content2xml_hash($out_hash, "error", "No principal specified");
245 return &create_xml_string($out_hash);
246 }
248 # Authenticate
249 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
250 my $principal;
251 if (not defined $kadm5){
252 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
253 } else {
254 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
255 if(not defined $principal) {
256 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
257 } else {
258 $kadm5->delete_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
259 }
260 }
262 # return message
263 return &create_xml_string($out_hash);
264 }
267 sub krb5_list_policies {
268 my ($msg, $msg_hash) = @_;
269 my $header = @{$msg_hash->{'header'}}[0];
270 my $source = @{$msg_hash->{'source'}}[0];
271 my $target = @{$msg_hash->{'target'}}[0];
272 my $session_id = @{$msg_hash->{'session_id'}}[0];
274 # build return message with twisted target and source
275 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
276 &add_content2xml_hash($out_hash, "session_id", $session_id);
278 # Authenticate
279 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
280 if (not defined $kadm5){
281 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
282 } else {
283 my @policies= $kadm5->get_policies() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
284 for my $policy (@policies) {
285 &add_content2xml_hash($out_hash, "policy", $policy);
286 }
287 }
289 # return message
290 return &create_xml_string($out_hash);
291 }
294 sub krb5_get_policy {
295 my ($msg, $msg_hash) = @_;
296 my $header = @{$msg_hash->{'header'}}[0];
297 my $source = @{$msg_hash->{'source'}}[0];
298 my $target = @{$msg_hash->{'target'}}[0];
299 my $session_id = @{$msg_hash->{'session_id'}}[0];
301 # build return message with twisted target and source
302 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
303 &add_content2xml_hash($out_hash, "session_id", $session_id);
305 # Sanity check
306 if (not defined @{$msg_hash->{'policy'}}[0]){
307 &add_content2xml_hash($out_hash, "error", "No policy specified");
308 return &create_xml_string($out_hash);
309 }
311 # Authenticate
312 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
313 my $principal;
314 if (not defined $kadm5){
315 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
316 } else {
317 my $data= $kadm5->get_policy(@{$msg_hash->{'policy'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
318 &add_content2xml_hash($out_hash, "name", $data->name);
319 &add_content2xml_hash($out_hash, "mask", $data->mask);
320 &add_content2xml_hash($out_hash, "pw_history_num", $data->pw_history_num);
321 &add_content2xml_hash($out_hash, "pw_max_life", $data->pw_max_life);
322 &add_content2xml_hash($out_hash, "pw_min_classes", $data->pw_min_classes);
323 &add_content2xml_hash($out_hash, "pw_min_length", $data->pw_min_length);
324 &add_content2xml_hash($out_hash, "pw_min_life", $data->pw_min_life);
325 &add_content2xml_hash($out_hash, "policy_refcnt", $data->policy_refcnt);
326 }
328 # return message
329 return &create_xml_string($out_hash);
330 }
333 sub krb5_create_policy {
334 my ($msg, $msg_hash) = @_;
335 my $header = @{$msg_hash->{'header'}}[0];
336 my $source = @{$msg_hash->{'source'}}[0];
337 my $target = @{$msg_hash->{'target'}}[0];
338 my $session_id = @{$msg_hash->{'session_id'}}[0];
340 # build return message with twisted target and source
341 my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
342 my $out_msg = &create_xml_string($out_hash);
344 # return message
345 return $out_msg;
348 }
351 sub krb5_modify_policy {
352 my ($msg, $msg_hash) = @_;
353 my $header = @{$msg_hash->{'header'}}[0];
354 my $source = @{$msg_hash->{'source'}}[0];
355 my $target = @{$msg_hash->{'target'}}[0];
356 my $session_id = @{$msg_hash->{'session_id'}}[0];
358 # build return message with twisted target and source
359 my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
360 my $out_msg = &create_xml_string($out_hash);
362 # return message
363 return $out_msg;
366 }
369 sub krb5_del_policy {
370 my ($msg, $msg_hash) = @_;
371 my $header = @{$msg_hash->{'header'}}[0];
372 my $source = @{$msg_hash->{'source'}}[0];
373 my $target = @{$msg_hash->{'target'}}[0];
374 my $session_id = @{$msg_hash->{'session_id'}}[0];
376 # build return message with twisted target and source
377 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
378 &add_content2xml_hash($out_hash, "session_id", $session_id);
380 # Sanity check
381 if (not defined @{$msg_hash->{'policy'}}[0]){
382 &add_content2xml_hash($out_hash, "error", "No policy specified");
383 return &create_xml_string($out_hash);
384 }
386 # Authenticate
387 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
388 my $policy;
389 if (not defined $kadm5){
390 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
391 } else {
392 $kadm5->delete_policy($policy) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
393 }
395 # return message
396 return &create_xml_string($out_hash);
397 }
399 sub krb5_set_password {
400 my ($msg, $msg_hash) = @_;
401 my $header = @{$msg_hash->{'header'}}[0];
402 my $source = @{$msg_hash->{'source'}}[0];
403 my $target = @{$msg_hash->{'target'}}[0];
404 my $session_id = @{$msg_hash->{'session_id'}}[0];
406 # build return message with twisted target and source
407 my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
408 &add_content2xml_hash($out_hash, "session_id", $session_id);
410 # Sanity check
411 if (not defined @{$msg_hash->{'principal'}}[0]){
412 &add_content2xml_hash($out_hash, "error", "No principal specified");
413 return &create_xml_string($out_hash);
414 }
415 if (not defined @{$msg_hash->{'password'}}[0]){
416 &add_content2xml_hash($out_hash, "error", "No password specified");
417 return &create_xml_string($out_hash);
418 }
420 # Authenticate
421 my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
422 my $principal;
423 if (not defined $kadm5){
424 &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
425 }
427 $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
428 if(not defined $principal) {
429 &add_content2xml_hash($out_hash, "error", "Illegal principal name");
430 } else {
431 $kadm5->chpass_principal($principal, @{$msg_hash->{'password'}}[0]) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
432 }
434 # return message
435 return &create_xml_string($out_hash);
436 }
437 1;