Moved remaining kerberos stuff to the password method.

[gosa.git] / include / class_password-methods-kerberos.inc

<?php
/*
   This code is part of GOsa (https://gosa.gonicus.de)
   Copyright (C) 2004 Fabian Hickert 

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

class passwordMethodkerberos extends passwordMethod
{

        function passwordMethodkerberos($config)  
        {
    $this->config= &$config;
        }

  function is_available()
  {
    if (function_exists('kadm5_init_with_password')){
      return(true);
    }else{
      return false;
    }
  }

        function generate_hash($pwd)
        {
                $cfg= $this->config->data['SERVERS']['KERBEROS'];

                if (!function_exists('kadm5_init_with_password'))
                {
                        print_red (_("Warning: Can't set kerberos password. Your PHP version has no kerberos support, password has not been changed."));
                } 
                else 
                {
                        $handle = kadm5_init_with_password($cfg['SERVER'],
                                        $cfg['REALM'], $cfg['ADMIN'], $cfg['PASSWORD']);

                        if ($handle === FALSE)
                        {
                                print_red (_("Kerberos database communication failed!"));
                        }

                        $ret= kadm5_chpass_principal($handle, $this->attrs['uid'][0]."@".$cfg['REALM'],$pwd);

                        if ($ret === FALSE)
                        {
                                print_red (_("Changing password in kerberos database failed!"));
                        }

                        kadm5_destroy($handle);

      $mode= "kerberos";
      if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){
        $mode= "sasl";
      }
                        $newpass= "{$mode}".$this->attrs['uid'][0]."@".$cfg['REALM'];

                        return $newpass;       
                }
        }


  function remove_from_parent()
  {
    /* Kerberos server defined? */
    if (isset($this->config->data['SERVERS']['KERBEROS'])){
      $cfg= $this->config->data['SERVERS']['KERBEROS'];
    }
    if (isset($cfg['SERVER']) && function_exists('kadm5_init_with_password')){

      /* Connect to the admin interface */
      $handle = kadm5_init_with_password($cfg['SERVER'], $cfg['REALM'],
          $cfg['ADMIN'], $cfg['PASSWORD']);

      /* Errors? */
      if ($handle === FALSE){
        print_red (_("Kerberos database communication failed"));
        return (2);
      }

      /* Build user principal, get list of existsing principals */
      $principal= $this->uid."@".$cfg['REALM'];
      $principals = kadm5_get_principals($handle);

      /* User exists in database? */
      if (in_array($principal, $principals)){

        /* Ok. User exists. Remove him/her */
          $ret= kadm5_delete_principal ( $handle, $principal);
          if ($ret === FALSE){
            print_red (_("Can't remove user from kerberos database."));
          }
      }

      /* Free kerberos admin handle */
      kadm5_destroy($handle);
    }
  }

}

/* Dummy class for OpenLDAP Kerberos/SASL change  */
class passwordMethodsasl extends passwordMethodkerberos
{
}

// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>