From 6145d9e4186a486c06fbcd4aae92885433ed3cc2 Mon Sep 17 00:00:00 2001 From: cajus Date: Mon, 15 Oct 2007 13:14:08 +0000 Subject: [PATCH] Moved remaining kerberos stuff to the password method. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@7553 594d385d-05f5-0310-b6e9-bd551577e9d8 --- include/class_password-methods-kerberos.inc | 45 ++++++++- include/class_password-methods.inc | 6 ++ include/functions.inc | 10 -- plugins/personal/generic/class_user.inc | 102 ++++---------------- 4 files changed, 69 insertions(+), 94 deletions(-) diff --git a/include/class_password-methods-kerberos.inc b/include/class_password-methods-kerberos.inc index 835ec8bec..af48ee998 100644 --- a/include/class_password-methods-kerberos.inc +++ b/include/class_password-methods-kerberos.inc @@ -62,11 +62,54 @@ class passwordMethodkerberos extends passwordMethod kadm5_destroy($handle); - $newpass= "{kerberos}".$this->attrs['uid'][0]."@".$cfg['REALM']; + $mode= "kerberos"; + if (isset($this->config->current['KRBSASL']) && preg_match('/^true$/i', $this->config->current['KRBSASL'])){ + $mode= "sasl"; + } + $newpass= "{$mode}".$this->attrs['uid'][0]."@".$cfg['REALM']; return $newpass; } } + + + function remove_from_parent() + { + /* Kerberos server defined? */ + if (isset($this->config->data['SERVERS']['KERBEROS'])){ + $cfg= $this->config->data['SERVERS']['KERBEROS']; + } + if (isset($cfg['SERVER']) && function_exists('kadm5_init_with_password')){ + + /* Connect to the admin interface */ + $handle = kadm5_init_with_password($cfg['SERVER'], $cfg['REALM'], + $cfg['ADMIN'], $cfg['PASSWORD']); + + /* Errors? */ + if ($handle === FALSE){ + print_red (_("Kerberos database communication failed")); + return (2); + } + + /* Build user principal, get list of existsing principals */ + $principal= $this->uid."@".$cfg['REALM']; + $principals = kadm5_get_principals($handle); + + /* User exists in database? */ + if (in_array($principal, $principals)){ + + /* Ok. User exists. Remove him/her */ + $ret= kadm5_delete_principal ( $handle, $principal); + if ($ret === FALSE){ + print_red (_("Can't remove user from kerberos database.")); + } + } + + /* Free kerberos admin handle */ + kadm5_destroy($handle); + } + } + } /* Dummy class for OpenLDAP Kerberos/SASL change */ diff --git a/include/class_password-methods.inc b/include/class_password-methods.inc index 2f7db9525..9ed414980 100644 --- a/include/class_password-methods.inc +++ b/include/class_password-methods.inc @@ -86,6 +86,12 @@ class passwordMethod } return($ret); } + + + function remove_from_parent() + { + } + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> diff --git a/include/functions.inc b/include/functions.inc index b244a0896..23300bd08 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -2417,16 +2417,6 @@ function change_password ($dn, $password, $mode=0, $hash= "") $deactivated = FALSE; } -# // Get current password hash method if available -# if($hash == "" && isset($attrs['userPassword'][0]) && preg_match("/[\{\}]/",$attrs['userPassword'][0])){ -# $hash = preg_replace("/^[^\{]*+\{([^\}]*).*$/","\\1",$attrs['userPassword'][0]); -# $hash = strtolower($hash); -# } - -# // Set encryption type to clear if required -# if (!isset($attrs['userPassword'][0]) || $hash == ""){ -# $hash= "clear"; -# } // Detect the encryption Method if ( (isset($attrs['userPassword'][0]) && preg_match ("/^{([^}]+)}(.+)/", $attrs['userPassword'][0], $matches)) || $hash != ""){ diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc index 1c5aa2914..bdf1c69d8 100644 --- a/plugins/personal/generic/class_user.inc +++ b/plugins/personal/generic/class_user.inc @@ -621,42 +621,17 @@ class user extends plugin $og->save (); } - /* Kerberos server defined? */ - if (isset($this->config->data['SERVERS']['KERBEROS'])){ - $cfg= $this->config->data['SERVERS']['KERBEROS']; + /* If needed, let the password method do some cleanup */ + $tmp = new passwordMethod($_SESSION['config']); + $available = $tmp->get_available_methods(); + if (in_array_ics($this->pw_storage, $available['name'])){ + $test= new $available[$this->pw_storage]($this->config); + $test->attrs= $this->attrs; + $test->dn= $this->dn; + $test->remove_from_parent(); } - if (isset($cfg['SERVER']) && function_exists('kadm5_init_with_password')){ - /* Connect to the admin interface */ - $handle = kadm5_init_with_password($cfg['SERVER'], $cfg['REALM'], - $cfg['ADMIN'], $cfg['PASSWORD']); - - /* Errors? */ - if ($handle === FALSE){ - print_red (_("Kerberos database communication failed")); - return (2); - } - - /* Build user principal, get list of existsing principals */ - $principal= $this->uid."@".$cfg['REALM']; - $principals = kadm5_get_principals($handle); - - /* User exists in database? */ - if (in_array($principal, $principals)){ - - /* Ok. User exists. Remove him/her */ - $ret= kadm5_delete_principal ( $handle, $principal); - if ($ret === FALSE){ - print_red (_("Can't remove user from kerberos database.")); - } - } - - /* Free kerberos admin handle */ - kadm5_destroy($handle); - } - - /* Remove ACL dependencies too, - */ + /* Remove ACL dependencies too */ $tmp = new acl($this->config,$this->parent,$this->dn); $tmp->remove_acl(); @@ -963,8 +938,7 @@ class user extends plugin } - /* Remove ACL dependencies too, - */ + /* Remove ACL dependencies too */ if($this->dn != $this->orig_dn && $this->orig_dn != "new"){ $tmp = new acl($this->config,$this->parent,$this->dn); $tmp->update_acl_membership($this->orig_dn,$this->dn); @@ -1007,54 +981,16 @@ class user extends plugin ldap_close($ds); } - /* Kerberos server defined? */ - if (isset($this->config->data['SERVERS']['KERBEROS'])){ - $cfg= $this->config->data['SERVERS']['KERBEROS']; - } - if (isset($cfg['SERVER']) && function_exists('kadm5_init_with_password')){ - - /* Connect to the admin interface */ - $handle = kadm5_init_with_password($cfg['SERVER'], $cfg['REALM'], - $cfg['ADMIN'], $cfg['PASSWORD']); - - /* Errors? */ - if ($handle === FALSE){ - print_red (_("Kerberos database communication failed")); - return (2); + /* If needed, let the password method do some cleanup */ + if ($this->pw_storage != $this->last_pw_storage){ + $tmp = new passwordMethod($_SESSION['config']); + $available = $tmp->get_available_methods(); + if (in_array_ics($this->pw_storage, $available['name'])){ + $test= new $available[$this->pw_storage]($this->config); + $test->attrs= $this->attrs; + $test->dn= $this->dn; + $test->remove_from_parent(); } - - /* Build user principal, get list of existsing principals */ - $principal= $this->uid."@".$cfg['REALM']; - $principals = kadm5_get_principals($handle); - - /* User exists in database? */ - if (in_array($principal, $principals)){ - - /* Ok. User exists. Remove him/her when pw_storage has - changed to be NOT kerberos. */ - if ($this->pw_storage != $this->config->current['KRBSASL']){ - $ret= kadm5_delete_principal ( $handle, $principal); - - if ($ret === FALSE){ - print_red (_("Can't remove user from kerberos database.")); - } - } - - } else { - - /* User doesn't exists, create it when pw_storage is kerberos. */ - if ($this->pw_storage == "kerberos" || $this->pw_storage == "sasl" ){ - $ret= kadm5_create_principal ( $handle, $principal); - - if ($ret === FALSE){ - print_red (_("Can't add user to kerberos database.")); - } - } - - } - - /* Free kerberos admin handle */ - kadm5_destroy($handle); } /* Optionally execute a command after we're done */ -- 2.30.2