Added a few krb5 functions

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10648 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-si/client/events/krb5.pm b/gosa-si/client/events/krb5.pm
index 0ef19fbdd3a01ee8b8b07f75999f5cddb95e4580..d5454aa3d19c18769a7f9d406bff9cc1861a213f 100644 (file)
--- a/gosa-si/client/events/krb5.pm
+++ b/gosa-si/client/events/krb5.pm
@@ -17,11 +17,54 @@ my @events = (
 
 use strict;
 use warnings;
+use Data::Dumper;
 use GOSA::GosaSupportDaemon;
+use Authen::Krb5;
+use Authen::Krb5::Admin qw(:constants);
 
 BEGIN {}
 
 END {}
+
+### Start ######################################################################
+
+Authen::Krb5::init_context;
+Authen::Krb5::init_ets;
+
+my $krb_admin;
+my $krb_password;
+
+my %cfg_defaults = (
+"krb5" => {
+   "admin" => [\$krb_admin, ""],
+   "password" => [\$krb_password, ""],
+   },
+);
+&read_configfile($main::cfg_file, %cfg_defaults);
+
+
+sub read_configfile {
+    my ($cfg_file, %cfg_defaults) = @_;
+    my $cfg;
+
+    if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
+        if( -r $cfg_file ) {
+            $cfg = Config::IniFiles->new( -file => $cfg_file );
+        } else {
+            &main::daemon_log("ERROR: krb5.pm couldn't read config file!", 1);
+        }
+    } else {
+        $cfg = Config::IniFiles->new() ;
+    }
+    foreach my $section (keys %cfg_defaults) {
+        foreach my $param (keys %{$cfg_defaults{ $section }}) {
+            my $pinfo = $cfg_defaults{ $section }{ $param };
+            ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
+        }
+    }
+}
+
+
 sub get_events { return \@events; }
 
 
@@ -32,19 +75,23 @@ sub krb5_list_principals {
     my $target = @{$msg_hash->{'target'}}[0];
     my $session_id = @{$msg_hash->{'session_id'}}[0];
 
-    # do now whatever kerb5_list_pricipals has to do 
-    
     # build return message with twisted target and source
-    my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
+    my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
     &add_content2xml_hash($out_hash, "session_id", $session_id);
-    &add_content2xml_hash($out_hash, "principal", 'rettenberger@GONICUS.DE');
-    &add_content2xml_hash($out_hash, "principal", 'pollmeier@GONICUS.DE');
-    &add_content2xml_hash($out_hash, "principal", 'hickert@GONICUS.DE');
-    my $out_msg = &create_xml_string($out_hash);
 
-    # return message
-    return $out_msg;
+    # Authenticate
+    my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
+    if (not defined $kadm5){
+      &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
+    } else {
+      my @principals= $kadm5->get_principals() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
+      for my $principal (@principals) {
+        &add_content2xml_hash($out_hash, "principal", $principal);
+      }
+    }
 
+    # return message
+    return &create_xml_string($out_hash);
 }
 
 
@@ -74,13 +121,41 @@ sub krb5_get_principal {
     my $session_id = @{$msg_hash->{'session_id'}}[0];
 
     # build return message with twisted target and source
-    my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
-    my $out_msg = &create_xml_string($out_hash);
-
-    # return message
-    return $out_msg;
+    my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
+    &add_content2xml_hash($out_hash, "session_id", $session_id);
 
+    # Sanity check
+    if (not defined @{$msg_hash->{'principal'}}[0]){
+      &add_content2xml_hash($out_hash, "error", "No principal specified");
+      return &create_xml_string($out_hash);
+    }
+
+    # Authenticate
+    my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
+    my $principal;
+    if (not defined $kadm5){
+      &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
+    } else {
+      $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
+      if(not defined $principal) {
+        &add_content2xml_hash($out_hash, "error", "Illegal principal name");
+      } else {
+        my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
+        &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
+        &add_content2xml_hash($out_hash, "attributes", $data->attributes);
+        &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
+        &add_content2xml_hash($out_hash, "kvno", $data->kvno);
+        &add_content2xml_hash($out_hash, "max_life", $data->max_life);
+        &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
+        &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
+        &add_content2xml_hash($out_hash, "policy", $data->policy);
+        &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
+        &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
+      }
+    }
 
+    # return message
+    return &create_xml_string($out_hash);
 }
 
 
@@ -92,13 +167,31 @@ sub krb5_del_principal {
     my $session_id = @{$msg_hash->{'session_id'}}[0];
 
     # build return message with twisted target and source
-    my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
-    my $out_msg = &create_xml_string($out_hash);
-
-    # return message
-    return $out_msg;
+    my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
+    &add_content2xml_hash($out_hash, "session_id", $session_id);
 
+    # Sanity check
+    if (not defined @{$msg_hash->{'principal'}}[0]){
+      &add_content2xml_hash($out_hash, "error", "No principal specified");
+      return &create_xml_string($out_hash);
+    }
+
+    # Authenticate
+    my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
+    my $principal;
+    if (not defined $kadm5){
+      &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
+    } else {
+      $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]);
+      if(not defined $principal) {
+        &add_content2xml_hash($out_hash, "error", "Illegal principal name");
+      } else {
+        $kadm5->delete_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
+      }
+    }
 
+    # return message
+    return &create_xml_string($out_hash);
 }
 
 
@@ -110,13 +203,22 @@ sub krb5_list_policies {
     my $session_id = @{$msg_hash->{'session_id'}}[0];
 
     # build return message with twisted target and source
-    my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
-    my $out_msg = &create_xml_string($out_hash);
-
-    # return message
-    return $out_msg;
+    my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
+    &add_content2xml_hash($out_hash, "session_id", $session_id);
 
+    # Authenticate
+    my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
+    if (not defined $kadm5){
+      &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
+    } else {
+      my @policies= $kadm5->get_policies() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
+      for my $policy (@policies) {
+        &add_content2xml_hash($out_hash, "policy", $policy);
+      }
+    }
 
+    # return message
+    return &create_xml_string($out_hash);
 }
 
 
@@ -128,13 +230,36 @@ sub krb5_get_policy {
     my $session_id = @{$msg_hash->{'session_id'}}[0];
 
     # build return message with twisted target and source
-    my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
-    my $out_msg = &create_xml_string($out_hash);
-
-    # return message
-    return $out_msg;
+    my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
+    &add_content2xml_hash($out_hash, "session_id", $session_id);
 
+    # Sanity check
+    if (not defined @{$msg_hash->{'policy'}}[0]){
+      &add_content2xml_hash($out_hash, "error", "No policy specified");
+      return &create_xml_string($out_hash);
+    }
+
+    # Authenticate
+    my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
+    my $principal;
+    if (not defined $kadm5){
+      &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
+    } else {
+      my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
+      &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]);
+      &add_content2xml_hash($out_hash, "attributes", $data->attributes);
+      &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
+      &add_content2xml_hash($out_hash, "kvno", $data->kvno);
+      &add_content2xml_hash($out_hash, "max_life", $data->max_life);
+      &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life);
+      &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes);
+      &add_content2xml_hash($out_hash, "policy", $data->policy);
+      &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time);
+      &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration);
+    }
 
+    # return message
+    return &create_xml_string($out_hash);
 }
 
 
@@ -164,13 +289,26 @@ sub krb5_del_policy {
     my $session_id = @{$msg_hash->{'session_id'}}[0];
 
     # build return message with twisted target and source
-    my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source);
-    my $out_msg = &create_xml_string($out_hash);
-
-    # return message
-    return $out_msg;
+    my $out_hash = &main::create_xml_hash("answer_$header", $target, $source);
+    &add_content2xml_hash($out_hash, "session_id", $session_id);
 
+    # Sanity check
+    if (not defined @{$msg_hash->{'policy'}}[0]){
+      &add_content2xml_hash($out_hash, "error", "No policy specified");
+      return &create_xml_string($out_hash);
+    }
+
+    # Authenticate
+    my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password);
+    my $policy;
+    if (not defined $kadm5){
+      &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server");
+    } else {
+      $kadm5->delete_policy($policy) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error);
+    }
 
+    # return message
+    return &create_xml_string($out_hash);
 }
 
 1;

diff --git a/gosa-si/tests/client.php b/gosa-si/tests/client.php
index dafcce5cd5dc35791fd23fced26a53f8abf2a1d3..52ff3c9cd64eed3245ae713dd0c3e75e4a271ba9 100755 (executable)
--- a/gosa-si/tests/client.php
+++ b/gosa-si/tests/client.php
@@ -9,7 +9,7 @@ $zahl= 1;
 for($count = 1; $count <= $zahl; $count++)
 {
 
-  $sock = new Socket_Client("127.0.0.1","20081",TRUE,1);
+  $sock = new Socket_Client("10.3.67.111","20081",TRUE,5);
   $sock->setEncryptionKey("UldOjon9gra");
 
   if($sock->connected()){
@@ -99,7 +99,7 @@ for($count = 1; $count <= $zahl; $count++)
 
     #########
     # Kerberos test query
-    #$data = "<xml> <header>gosa_krb5_list_principals</header> <target>00:01:6c:9d:b9:fa</target> <source>GOSA</source></xml>"; 
+    $data = "<xml> <header>gosa_krb5_get_principal</header> <target>00:01:6c:9d:aa:16</target> <principal>cajus@WIRECARD.SYS</principal><source>GOSA</source></xml>"; 
 
     $sock->write($data);
     $answer = "nothing";