![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e6934ea)
raw | patch | inline | side by side (parent: e6934ea)
| author | cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 15 Oct 2007 13:14:08 +0000 (13:14 +0000) | ||
| committer | cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 15 Oct 2007 13:14:08 +0000 (13:14 +0000) |
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@7553 594d385d-05f5-0310-b6e9-bd551577e9d8
diff --git a/include/class_password-methods-kerberos.inc b/include/class_password-methods-kerberos.inc
index 835ec8bec3de4cddd9cc95aa71cc0484ce7e2f52..af48ee998497b8ddd001d903c2f00ad6fc6d367a 100644 (file)
kadm5_destroy($handle);
- $newpass= "{kerberos}".$this->attrs['uid'][0]."@".$cfg['REALM'];
+ $mode= "kerberos";
+ if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){
+ $mode= "sasl";
+ }
+ $newpass= "{$mode}".$this->attrs['uid'][0]."@".$cfg['REALM'];
return $newpass;
}
}
+
+
+ function remove_from_parent()
+ {
+ /* Kerberos server defined? */
+ if (isset($this->config->data['SERVERS']['KERBEROS'])){
+ $cfg= $this->config->data['SERVERS']['KERBEROS'];
+ }
+ if (isset($cfg['SERVER']) && function_exists('kadm5_init_with_password')){
+
+ /* Connect to the admin interface */
+ $handle = kadm5_init_with_password($cfg['SERVER'], $cfg['REALM'],
+ $cfg['ADMIN'], $cfg['PASSWORD']);
+
+ /* Errors? */
+ if ($handle === FALSE){
+ print_red (_("Kerberos database communication failed"));
+ return (2);
+ }
+
+ /* Build user principal, get list of existsing principals */
+ $principal= $this->uid."@".$cfg['REALM'];
+ $principals = kadm5_get_principals($handle);
+
+ /* User exists in database? */
+ if (in_array($principal, $principals)){
+
+ /* Ok. User exists. Remove him/her */
+ $ret= kadm5_delete_principal ( $handle, $principal);
+ if ($ret === FALSE){
+ print_red (_("Can't remove user from kerberos database."));
+ }
+ }
+
+ /* Free kerberos admin handle */
+ kadm5_destroy($handle);
+ }
+ }
+
}
/* Dummy class for OpenLDAP Kerberos/SASL change */
index 2f7db9525d18a74c91c82ed2b4c5618b8ef0e8a7..9ed414980e424be0a402f5f8a71a917c21f19858 100644 (file)
}
return($ret);
}
+
+
+ function remove_from_parent()
+ {
+ }
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>
diff --git a/include/functions.inc b/include/functions.inc
index b244a0896791d5875904669353d0283659c546bb..23300bd08378077963f97edb61757755ad615f2d 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
$deactivated = FALSE;
}
-# // Get current password hash method if available
-# if($hash == "" && isset($attrs['userPassword'][0]) && preg_match("/[\{\}]/",$attrs['userPassword'][0])){
-# $hash = preg_replace("/^[^\{]*+\{([^\}]*).*$/","\\1",$attrs['userPassword'][0]);
-# $hash = strtolower($hash);
-# }
-
-# // Set encryption type to clear if required
-# if (!isset($attrs['userPassword'][0]) || $hash == ""){
-# $hash= "clear";
-# }
// Detect the encryption Method
if ( (isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)) || $hash != ""){
index 1c5aa291454463f8f85c1633a3c3e7f36db59dc2..bdf1c69d819a3aa35e6ccb8dde826b77b957953e 100644 (file)
$og->save ();
}
- /* Kerberos server defined? */
- if (isset($this->config->data['SERVERS']['KERBEROS'])){
- $cfg= $this->config->data['SERVERS']['KERBEROS'];
+ /* If needed, let the password method do some cleanup */
+ $tmp = new passwordMethod($_SESSION['config']);
+ $available = $tmp->get_available_methods();
+ if (in_array_ics($this->pw_storage, $available['name'])){
+ $test= new $available[$this->pw_storage]($this->config);
+ $test->attrs= $this->attrs;
+ $test->dn= $this->dn;
+ $test->remove_from_parent();
}
- if (isset($cfg['SERVER']) && function_exists('kadm5_init_with_password')){
- /* Connect to the admin interface */
- $handle = kadm5_init_with_password($cfg['SERVER'], $cfg['REALM'],
- $cfg['ADMIN'], $cfg['PASSWORD']);
-
- /* Errors? */
- if ($handle === FALSE){
- print_red (_("Kerberos database communication failed"));
- return (2);
- }
-
- /* Build user principal, get list of existsing principals */
- $principal= $this->uid."@".$cfg['REALM'];
- $principals = kadm5_get_principals($handle);
-
- /* User exists in database? */
- if (in_array($principal, $principals)){
-
- /* Ok. User exists. Remove him/her */
- $ret= kadm5_delete_principal ( $handle, $principal);
- if ($ret === FALSE){
- print_red (_("Can't remove user from kerberos database."));
- }
- }
-
- /* Free kerberos admin handle */
- kadm5_destroy($handle);
- }
-
- /* Remove ACL dependencies too,
- */
+ /* Remove ACL dependencies too */
$tmp = new acl($this->config,$this->parent,$this->dn);
$tmp->remove_acl();
}
- /* Remove ACL dependencies too,
- */
+ /* Remove ACL dependencies too */
if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
$tmp = new acl($this->config,$this->parent,$this->dn);
$tmp->update_acl_membership($this->orig_dn,$this->dn);
ldap_close($ds);
}
- /* Kerberos server defined? */
- if (isset($this->config->data['SERVERS']['KERBEROS'])){
- $cfg= $this->config->data['SERVERS']['KERBEROS'];
- }
- if (isset($cfg['SERVER']) && function_exists('kadm5_init_with_password')){
-
- /* Connect to the admin interface */
- $handle = kadm5_init_with_password($cfg['SERVER'], $cfg['REALM'],
- $cfg['ADMIN'], $cfg['PASSWORD']);
-
- /* Errors? */
- if ($handle === FALSE){
- print_red (_("Kerberos database communication failed"));
- return (2);
+ /* If needed, let the password method do some cleanup */
+ if ($this->pw_storage != $this->last_pw_storage){
+ $tmp = new passwordMethod($_SESSION['config']);
+ $available = $tmp->get_available_methods();
+ if (in_array_ics($this->pw_storage, $available['name'])){
+ $test= new $available[$this->pw_storage]($this->config);
+ $test->attrs= $this->attrs;
+ $test->dn= $this->dn;
+ $test->remove_from_parent();
}
-
- /* Build user principal, get list of existsing principals */
- $principal= $this->uid."@".$cfg['REALM'];
- $principals = kadm5_get_principals($handle);
-
- /* User exists in database? */
- if (in_array($principal, $principals)){
-
- /* Ok. User exists. Remove him/her when pw_storage has
- changed to be NOT kerberos. */
- if ($this->pw_storage != $this->config->current['KRBSASL']){
- $ret= kadm5_delete_principal ( $handle, $principal);
-
- if ($ret === FALSE){
- print_red (_("Can't remove user from kerberos database."));
- }
- }
-
- } else {
-
- /* User doesn't exists, create it when pw_storage is kerberos. */
- if ($this->pw_storage == "kerberos" || $this->pw_storage == "sasl" ){
- $ret= kadm5_create_principal ( $handle, $principal);
-
- if ($ret === FALSE){
- print_red (_("Can't add user to kerberos database."));
- }
- }
-
- }
-
- /* Free kerberos admin handle */
- kadm5_destroy($handle);
}
/* Optionally execute a command after we're done */