24240bad576c6a6c266e78362fa9a96f2163df27
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2004 Fabian Hickert
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 class passwordMethodkerberos extends passwordMethod
22 {
24 function passwordMethodkerberos($config)
25 {
26 $this->config= &$config;
27 }
29 function is_available()
30 {
31 if (function_exists('kadm5_init_with_password')){
32 return(true);
33 }else{
34 return false;
35 }
36 }
38 function generate_hash($pwd)
39 {
40 $cfg= $this->config->data['SERVERS']['KERBEROS'];
42 if (!function_exists('kadm5_init_with_password'))
43 {
44 print_red (_("Warning: Can't set kerberos password. Your PHP version has no kerberos support, password has not been changed."));
45 }
46 else
47 {
48 $handle = kadm5_init_with_password($cfg['SERVER'],
49 $cfg['REALM'], $cfg['ADMIN'], $cfg['PASSWORD']);
51 if ($handle === FALSE)
52 {
53 print_red (_("Kerberos database communication failed!"));
54 }
56 $ret= kadm5_chpass_principal($handle, $this->attrs['uid'][0]."@".$cfg['REALM'],$pwd);
58 if ($ret === FALSE)
59 {
60 print_red (_("Changing password in kerberos database failed!"));
61 }
63 kadm5_destroy($handle);
65 $mode= "kerberos";
66 if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){
67 $mode= "sasl";
68 }
69 $newpass= "{".$mode."}".$this->attrs['uid'][0]."@".$cfg['REALM'];
71 return $newpass;
72 }
73 }
76 function remove_from_parent()
77 {
78 /* Kerberos server defined? */
79 if (isset($this->config->data['SERVERS']['KERBEROS'])){
80 $cfg= $this->config->data['SERVERS']['KERBEROS'];
81 }
82 if (isset($cfg['SERVER']) && function_exists('kadm5_init_with_password')){
84 /* Connect to the admin interface */
85 $handle = kadm5_init_with_password($cfg['SERVER'], $cfg['REALM'],
86 $cfg['ADMIN'], $cfg['PASSWORD']);
88 /* Errors? */
89 if ($handle === FALSE){
90 print_red (_("Kerberos database communication failed"));
91 return (2);
92 }
94 /* Build user principal, get list of existsing principals */
95 $principal= $this->uid."@".$cfg['REALM'];
96 $principals = kadm5_get_principals($handle);
98 /* User exists in database? */
99 if (in_array($principal, $principals)){
101 /* Ok. User exists. Remove him/her */
102 $ret= kadm5_delete_principal ( $handle, $principal);
103 if ($ret === FALSE){
104 print_red (_("Can't remove user from kerberos database."));
105 }
106 }
108 /* Free kerberos admin handle */
109 kadm5_destroy($handle);
110 }
111 }
113 function get_hash_name()
114 {
115 $mode= "kerberos";
116 if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){
117 $mode= "sasl";
118 }
119 return "$mode";
120 }
122 }
124 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
125 ?>