From 67c1e7245360178883e824c3f7519d0d44863a8f Mon Sep 17 00:00:00 2001 From: cajus Date: Wed, 23 Apr 2008 12:11:04 +0000 Subject: [PATCH] Added a few krb5 functions git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10648 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-si/client/events/krb5.pm | 206 ++++++++++++++++++++++++++++------ gosa-si/tests/client.php | 4 +- 2 files changed, 174 insertions(+), 36 deletions(-) diff --git a/gosa-si/client/events/krb5.pm b/gosa-si/client/events/krb5.pm index 0ef19fbdd..d5454aa3d 100644 --- a/gosa-si/client/events/krb5.pm +++ b/gosa-si/client/events/krb5.pm @@ -17,11 +17,54 @@ my @events = ( use strict; use warnings; +use Data::Dumper; use GOSA::GosaSupportDaemon; +use Authen::Krb5; +use Authen::Krb5::Admin qw(:constants); BEGIN {} END {} + +### Start ###################################################################### + +Authen::Krb5::init_context; +Authen::Krb5::init_ets; + +my $krb_admin; +my $krb_password; + +my %cfg_defaults = ( +"krb5" => { + "admin" => [\$krb_admin, ""], + "password" => [\$krb_password, ""], + }, +); +&read_configfile($main::cfg_file, %cfg_defaults); + + +sub read_configfile { + my ($cfg_file, %cfg_defaults) = @_; + my $cfg; + + if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) { + if( -r $cfg_file ) { + $cfg = Config::IniFiles->new( -file => $cfg_file ); + } else { + &main::daemon_log("ERROR: krb5.pm couldn't read config file!", 1); + } + } else { + $cfg = Config::IniFiles->new() ; + } + foreach my $section (keys %cfg_defaults) { + foreach my $param (keys %{$cfg_defaults{ $section }}) { + my $pinfo = $cfg_defaults{ $section }{ $param }; + ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] ); + } + } +} + + sub get_events { return \@events; } @@ -32,19 +75,23 @@ sub krb5_list_principals { my $target = @{$msg_hash->{'target'}}[0]; my $session_id = @{$msg_hash->{'session_id'}}[0]; - # do now whatever kerb5_list_pricipals has to do - # build return message with twisted target and source - my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source); + my $out_hash = &main::create_xml_hash("answer_$header", $target, $source); &add_content2xml_hash($out_hash, "session_id", $session_id); - &add_content2xml_hash($out_hash, "principal", 'rettenberger@GONICUS.DE'); - &add_content2xml_hash($out_hash, "principal", 'pollmeier@GONICUS.DE'); - &add_content2xml_hash($out_hash, "principal", 'hickert@GONICUS.DE'); - my $out_msg = &create_xml_string($out_hash); - # return message - return $out_msg; + # Authenticate + my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password); + if (not defined $kadm5){ + &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server"); + } else { + my @principals= $kadm5->get_principals() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error); + for my $principal (@principals) { + &add_content2xml_hash($out_hash, "principal", $principal); + } + } + # return message + return &create_xml_string($out_hash); } @@ -74,13 +121,41 @@ sub krb5_get_principal { my $session_id = @{$msg_hash->{'session_id'}}[0]; # build return message with twisted target and source - my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source); - my $out_msg = &create_xml_string($out_hash); - - # return message - return $out_msg; + my $out_hash = &main::create_xml_hash("answer_$header", $target, $source); + &add_content2xml_hash($out_hash, "session_id", $session_id); + # Sanity check + if (not defined @{$msg_hash->{'principal'}}[0]){ + &add_content2xml_hash($out_hash, "error", "No principal specified"); + return &create_xml_string($out_hash); + } + + # Authenticate + my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password); + my $principal; + if (not defined $kadm5){ + &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server"); + } else { + $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]); + if(not defined $principal) { + &add_content2xml_hash($out_hash, "error", "Illegal principal name"); + } else { + my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error); + &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]); + &add_content2xml_hash($out_hash, "attributes", $data->attributes); + &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes); + &add_content2xml_hash($out_hash, "kvno", $data->kvno); + &add_content2xml_hash($out_hash, "max_life", $data->max_life); + &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life); + &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes); + &add_content2xml_hash($out_hash, "policy", $data->policy); + &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time); + &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration); + } + } + # return message + return &create_xml_string($out_hash); } @@ -92,13 +167,31 @@ sub krb5_del_principal { my $session_id = @{$msg_hash->{'session_id'}}[0]; # build return message with twisted target and source - my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source); - my $out_msg = &create_xml_string($out_hash); - - # return message - return $out_msg; + my $out_hash = &main::create_xml_hash("answer_$header", $target, $source); + &add_content2xml_hash($out_hash, "session_id", $session_id); + # Sanity check + if (not defined @{$msg_hash->{'principal'}}[0]){ + &add_content2xml_hash($out_hash, "error", "No principal specified"); + return &create_xml_string($out_hash); + } + + # Authenticate + my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password); + my $principal; + if (not defined $kadm5){ + &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server"); + } else { + $principal= Authen::Krb5::parse_name(@{$msg_hash->{'principal'}}[0]); + if(not defined $principal) { + &add_content2xml_hash($out_hash, "error", "Illegal principal name"); + } else { + $kadm5->delete_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error); + } + } + # return message + return &create_xml_string($out_hash); } @@ -110,13 +203,22 @@ sub krb5_list_policies { my $session_id = @{$msg_hash->{'session_id'}}[0]; # build return message with twisted target and source - my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source); - my $out_msg = &create_xml_string($out_hash); - - # return message - return $out_msg; + my $out_hash = &main::create_xml_hash("answer_$header", $target, $source); + &add_content2xml_hash($out_hash, "session_id", $session_id); + # Authenticate + my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password); + if (not defined $kadm5){ + &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server"); + } else { + my @policies= $kadm5->get_policies() or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error); + for my $policy (@policies) { + &add_content2xml_hash($out_hash, "policy", $policy); + } + } + # return message + return &create_xml_string($out_hash); } @@ -128,13 +230,36 @@ sub krb5_get_policy { my $session_id = @{$msg_hash->{'session_id'}}[0]; # build return message with twisted target and source - my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source); - my $out_msg = &create_xml_string($out_hash); - - # return message - return $out_msg; + my $out_hash = &main::create_xml_hash("answer_$header", $target, $source); + &add_content2xml_hash($out_hash, "session_id", $session_id); + # Sanity check + if (not defined @{$msg_hash->{'policy'}}[0]){ + &add_content2xml_hash($out_hash, "error", "No policy specified"); + return &create_xml_string($out_hash); + } + + # Authenticate + my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password); + my $principal; + if (not defined $kadm5){ + &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server"); + } else { + my $data= $kadm5->get_principal($principal) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error); + &add_content2xml_hash($out_hash, "principal", @{$msg_hash->{'principal'}}[0]); + &add_content2xml_hash($out_hash, "attributes", $data->attributes); + &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes); + &add_content2xml_hash($out_hash, "kvno", $data->kvno); + &add_content2xml_hash($out_hash, "max_life", $data->max_life); + &add_content2xml_hash($out_hash, "max_renewable_life", $data->max_renewable_life); + &add_content2xml_hash($out_hash, "aux_attributes", $data->aux_attributes); + &add_content2xml_hash($out_hash, "policy", $data->policy); + &add_content2xml_hash($out_hash, "princ_expire_time", $data->princ_expire_time); + &add_content2xml_hash($out_hash, "pw_expiration", $data->pw_expiration); + } + # return message + return &create_xml_string($out_hash); } @@ -164,13 +289,26 @@ sub krb5_del_policy { my $session_id = @{$msg_hash->{'session_id'}}[0]; # build return message with twisted target and source - my $out_hash = &main::create_xml_hash("answer_krb5_list_principals", $target, $source); - my $out_msg = &create_xml_string($out_hash); - - # return message - return $out_msg; + my $out_hash = &main::create_xml_hash("answer_$header", $target, $source); + &add_content2xml_hash($out_hash, "session_id", $session_id); + # Sanity check + if (not defined @{$msg_hash->{'policy'}}[0]){ + &add_content2xml_hash($out_hash, "error", "No policy specified"); + return &create_xml_string($out_hash); + } + + # Authenticate + my $kadm5 = Authen::Krb5::Admin->init_with_password($krb_admin, $krb_password); + my $policy; + if (not defined $kadm5){ + &add_content2xml_hash($out_hash, "error", "Cannot connect to kadmin server"); + } else { + $kadm5->delete_policy($policy) or &add_content2xml_hash($out_hash, "error", Authen::Krb5::Admin::error); + } + # return message + return &create_xml_string($out_hash); } 1; diff --git a/gosa-si/tests/client.php b/gosa-si/tests/client.php index dafcce5cd..52ff3c9cd 100755 --- a/gosa-si/tests/client.php +++ b/gosa-si/tests/client.php @@ -9,7 +9,7 @@ $zahl= 1; for($count = 1; $count <= $zahl; $count++) { - $sock = new Socket_Client("127.0.0.1","20081",TRUE,1); + $sock = new Socket_Client("10.3.67.111","20081",TRUE,5); $sock->setEncryptionKey("UldOjon9gra"); if($sock->connected()){ @@ -99,7 +99,7 @@ for($count = 1; $count <= $zahl; $count++) ######### # Kerberos test query - #$data = "
gosa_krb5_list_principals
00:01:6c:9d:b9:fa GOSA"; + $data = "
gosa_krb5_get_principal
00:01:6c:9d:aa:16 cajus@WIRECARD.SYSGOSA"; $sock->write($data); $answer = "nothing"; -- 2.30.2