Updated krb host key generation.

author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Mon, 2 Jun 2008 14:04:12 +0000 (14:04 +0000)

committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Mon, 2 Jun 2008 14:04:12 +0000 (14:04 +0000)
author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Mon, 2 Jun 2008 14:04:12 +0000 (14:04 +0000)
committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Mon, 2 Jun 2008 14:04:12 +0000 (14:04 +0000)
diff --git a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc

index 4660d621bdd32d8268fbe77ee41de29076e26dc3..0aabd686744ef2a64f683d7adba47561385dec93 100644 (file)
--- a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc
+++ b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc
@@ -1,4 +1,25 @@
  <?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id: class_gosaSupportDaemon.inc 10788 2008-05-06 11:15:57Z hickert $$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
  
  class krb_host_keys extends plugin 
  {
@@ -6,19 +27,74 @@ class krb_host_keys extends plugin
    public  $config;
    private $object;
    private $o_queue;
-  private $host_key_realm = "disabled";
-  private $host_key_realms = array();
+  private $goKrbRealm = "disabled";
    private $kerberos_support= FALSE;
  
+  private $pwd_handle = NULL;
+  private $server_list;
+  private $map  = array();
+
+  private $namingAttr = "";
+
    public function __construct($config,$object)
    {
      plugin::plugin($config, NULL);
      $this->object = $object;
      $this->o_queue = new gosaSupportDaemon();
-    $this->host_key_realms['disabled'] = _("Disabled");
+    $this->goKrbRealms =array("deactivated"=> _("Deactivated"));
  
-    /* Collect other realms here later */
-    $this->kerberos_support = TRUE;
+    /* Check if the SI based kerberos method is available 
+     */
+    if(class_available("passwordMethodMIT")){
+      $this->pwd_handle = new passwordMethodMIT($this->config);
+
+      /* Get a list of all kerberos servers, defined in ldap
+         and get a list of principals they are providing.
+       */
+      $ldap = $this->config->get_ldap_link();
+      $ldap->cd($this->config->current['BASE']);
+      $ldap->search("(&(objectClass=goServer)(objectClass=goKrbServer))",array("goKrbRealm","cn","description","macAddress"));
+      $this->server_list = array();
+      while($attrs = $ldap->fetch()){
+        if(!isset($attrs['macAddress'][0])) continue;
+        if(!isset($attrs['description'][0])) $attrs['description'][0] ="";
+
+        $principals = $this->pwd_handle->load_principals_for_server($attrs['macAddress'][0]);
+
+        /* Create Realm/Server/Principal mapping.
+         */
+        foreach($principals as $principal){
+          $this->map["PRINCIPAL_SERVER"][$principal] = $attrs['cn'][0];
+          $this->map["PRINCIPAL_REALM"] [$principal] = $attrs['goKrbRealm'][0];
+        }
+        $this->map["MAC_SERVER"][$attrs['cn'][0]] = $attrs['macAddress'][0];
+        $this->map["SERVER_REALM"][$attrs['cn'][0]] = $attrs['goKrbRealm'][0];
+        $this->map["REALM_SERVER"][$attrs['goKrbRealm'][0]] = $attrs['cn'][0];
+
+        $this->goKrbRealms[$attrs['goKrbRealm'][0]] = $attrs['goKrbRealm'][0];
+
+        /* Set first realm as selected.
+         */
+        if($this->goKrbRealm == ""){
+          $this->goKrbRealm = $attrs['goKrbRealm'][0];
+        }
+
+        /* Create Server list
+         */
+        $this->server_list[$attrs['cn'][0]] = array("macAddress" => $attrs['macAddress'][0],
+            "description"=> $attrs['description'][0],
+            "dn"         => $attrs['dn'],
+            "principals" => $principals,
+            "goKrbRealm" => $attrs['goKrbRealm'][0],
+            "cn"         => $attrs['cn'][0]);
+      }
+  
+      /* Everything seems to be OK, we have found at least one principal
+       */
+      if(isset($this->map['PRINCIPAL_SERVER']) && count($this->map['PRINCIPAL_SERVER'])){
+        $this->kerberos_support = TRUE;
+      }
+    }
    }
  
    public function execute()
@@ -28,15 +104,27 @@ class krb_host_keys extends plugin
      if(!$this->kerberos_support) return("");
    
      $smarty = get_smarty(); 
-    $smarty->assign("host_key_realms",$this->host_key_realms);
-    $smarty->assign("host_key_realm",$this->host_key_realm);
+    $smarty->assign("Realms",$this->goKrbRealms);
+    $smarty->assign("goKrbRealm",$this->goKrbRealm);
      return($smarty->fetch (get_template_path('krb_host_keys.tpl', TRUE,dirname(__FILE__))));
    }
  
  
    private function generate_key()
    {
-    echo "NIY";
+
+    /* Check if the source object is useable, we require the cn to be set 
+     *  If this is not the case, do not display this plugin.
+     */
+    if(!isset($this->object->cn)){
+      echo "Verdammt";
+    }else{
+      $name  = "host/".$this->object->cn;
+      $realm = $this->goKrbRealm;
+      $server= $this->map['REALM_SERVER'][$realm];
+      $mac   = $this->map['MAC_SERVER'][$server];
+      $this->o_queue ->krb5_add_principal($mac,$name,array());
+    }
    }
  
  
@@ -45,9 +133,9 @@ class krb_host_keys extends plugin
      /* Skip if there is no kerberos support available 
       */
      if(!$this->kerberos_support) return;
-    
-    if(isset($_POST['host_key_realm']) && isset($this->host_key_realms[$_POST['host_key_realm']])){
-      $this->host_key_realm = get_post('host_key_realm');
+
+    if(isset($_POST['goKrbRealm']) && isset($this->goKrbRealms[$_POST['goKrbRealm']])){
+      $this->goKrbRealm = get_post('goKrbRealm');
      }
      if(isset($_POST['host_key_generate'])){
        $this->generate_key();
diff --git a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl

index 74541ce889daa5a2e909fd736ab8b782f3ee3a5d..ba8f271b99ece0da1eeca2dbd9e6863b3a891e47 100644 (file)
--- a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl
+++ b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl
@@ -4,8 +4,8 @@
         <tr>
                 <td>{t}Realm{/t}</td>
                 <td>
-                       <select name="host_key_realm" title="{t}Select a realm{/t}">
-                       {html_options options=$host_key_realms selected=$host_key_realm}
+                       <select name="goKrbRealm" title="{t}Select a realm{/t}">
+                       {html_options options=$Realms selected=$goKrbRealm}
                         </select>
                 </td>
                 <td><input type='submit' name="host_key_generate" value="{t}Generate{/t}"></td>
author	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Mon, 2 Jun 2008 14:04:12 +0000 (14:04 +0000)
committer	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Mon, 2 Jun 2008 14:04:12 +0000 (14:04 +0000)
gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc		patch \| blob \| history
gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl		patch \| blob \| history