From 6ca35e4ea5c68b05406a3f4350bc7c91ebdd34af Mon Sep 17 00:00:00 2001 From: hickert Date: Tue, 3 Jun 2008 11:52:25 +0000 Subject: [PATCH] Updated krb stuff. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11169 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../services/kerberos/class_krb_host_keys.inc | 131 ++++++++++-------- .../services/kerberos/krb_host_keys.tpl | 24 +++- 2 files changed, 93 insertions(+), 62 deletions(-) diff --git a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc index 0aabd6867..4ed017205 100644 --- a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc +++ b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc @@ -32,20 +32,32 @@ class krb_host_keys extends plugin private $pwd_handle = NULL; private $server_list; - private $map = array(); - private $namingAttr = ""; + private $init_namingAttr = ""; + private $namingAttr = ""; public function __construct($config,$object) { plugin::plugin($config, NULL); $this->object = $object; $this->o_queue = new gosaSupportDaemon(); - $this->goKrbRealms =array("deactivated"=> _("Deactivated")); + /* Create principal name, to detect whether there is a valid host key or not + */ + $this->init_namingAttr = $this->namingAttr = "host/".$this->object->cn; + $this->init(); + } + + + private function init() + { /* Check if the SI based kerberos method is available */ + $this->kerberos_support = FALSE; if(class_available("passwordMethodMIT")){ + + $this->namingAttr = "host/".$this->object->cn; + $this->pwd_handle = new passwordMethodMIT($this->config); /* Get a list of all kerberos servers, defined in ldap @@ -59,87 +71,96 @@ class krb_host_keys extends plugin if(!isset($attrs['macAddress'][0])) continue; if(!isset($attrs['description'][0])) $attrs['description'][0] =""; - $principals = $this->pwd_handle->load_principals_for_server($attrs['macAddress'][0]); - - /* Create Realm/Server/Principal mapping. - */ - foreach($principals as $principal){ - $this->map["PRINCIPAL_SERVER"][$principal] = $attrs['cn'][0]; - $this->map["PRINCIPAL_REALM"] [$principal] = $attrs['goKrbRealm'][0]; + $mac = $attrs['macAddress'][0]; + $realm = $attrs['goKrbRealm'][0]; + $cn = $attrs['cn'][0]; + $principals = $this->pwd_handle->load_principals_for_server($mac); + + $princ = FALSE; + foreach($principals as $name){ + if(preg_match("/^".normalizePreg($this->namingAttr)."\@/i",$name)){ + $princ = TRUE; + break; + } } - $this->map["MAC_SERVER"][$attrs['cn'][0]] = $attrs['macAddress'][0]; - $this->map["SERVER_REALM"][$attrs['cn'][0]] = $attrs['goKrbRealm'][0]; - $this->map["REALM_SERVER"][$attrs['goKrbRealm'][0]] = $attrs['cn'][0]; - - $this->goKrbRealms[$attrs['goKrbRealm'][0]] = $attrs['goKrbRealm'][0]; + + $this->server_list[$mac]['CN'] = $cn; + $this->server_list[$mac]['MAC'] = $mac; + $this->server_list[$mac]['REALM'] = $realm; + $this->server_list[$mac]['PRINCIPAL'] = $princ; /* Set first realm as selected. */ if($this->goKrbRealm == ""){ $this->goKrbRealm = $attrs['goKrbRealm'][0]; } - - /* Create Server list - */ - $this->server_list[$attrs['cn'][0]] = array("macAddress" => $attrs['macAddress'][0], - "description"=> $attrs['description'][0], - "dn" => $attrs['dn'], - "principals" => $principals, - "goKrbRealm" => $attrs['goKrbRealm'][0], - "cn" => $attrs['cn'][0]); } - /* Everything seems to be OK, we have found at least one principal - */ - if(isset($this->map['PRINCIPAL_SERVER']) && count($this->map['PRINCIPAL_SERVER'])){ + if(isset($this->server_list) && count($this->server_list)){ $this->kerberos_support = TRUE; } } + + + $this->server_list['00:00:00:00:00:00']['REALM'] ="gonicus.de"; + $this->server_list['00:00:00:00:00:00']['MAC'] ="00:00:00:00:00:00"; + $this->server_list['00:00:00:00:00:00']['CN'] ="test"; + $this->server_list['00:00:00:00:00:00']['PRINCIPAL'] = FALSE; } + public function execute() { /* Skip if there is no kerberos support available */ if(!$this->kerberos_support) return(""); - + $smarty = get_smarty(); - $smarty->assign("Realms",$this->goKrbRealms); - $smarty->assign("goKrbRealm",$this->goKrbRealm); + $smarty->assign("server_list",$this->server_list); return($smarty->fetch (get_template_path('krb_host_keys.tpl', TRUE,dirname(__FILE__)))); } - private function generate_key() + public function save_object() { - /* Check if the source object is useable, we require the cn to be set - * If this is not the case, do not display this plugin. - */ - if(!isset($this->object->cn)){ - echo "Verdammt"; - }else{ - $name = "host/".$this->object->cn; - $realm = $this->goKrbRealm; - $server= $this->map['REALM_SERVER'][$realm]; - $mac = $this->map['MAC_SERVER'][$server]; - $this->o_queue ->krb5_add_principal($mac,$name,array()); - } - } + foreach($_POST as $name => $value){ + if(preg_match("/^create_/",$name)){ + $id = preg_replace("/^create_([a-z0-9\:]*)_.*/i","\\1",$name); + $realm = $this->server_list[$id]['REALM']; - public function save_object() - { - /* Skip if there is no kerberos support available - */ - if(!$this->kerberos_support) return; + + print_a(array($id,$realm,$this->namingAttr."@".$realm)); - if(isset($_POST['goKrbRealm']) && isset($this->goKrbRealms[$_POST['goKrbRealm']])){ - $this->goKrbRealm = get_post('goKrbRealm'); - } - if(isset($_POST['host_key_generate'])){ - $this->generate_key(); - } + $this->o_queue->krb5_add_principal($id, $this->namingAttr."@".$realm, array()); + if($this->o_queue->is_error()){ + msg_dialog::display(_("Service infrastructure"),msgPool::siError($this->o_queue->get_error()),ERROR_DIALOG); + } + + $this->o_queue->krb5_ramdomize_key($id, $this->namingAttr); + if($this->o_queue->is_error()){ + msg_dialog::display(_("Service infrastructure"),msgPool::siError($this->o_queue->get_error()),ERROR_DIALOG); + } + + break; + } + if(preg_match("/^recreate_/",$name)){ + $id = preg_replace("/^recreate_([a-z0-9\:]*)_.*/i","\\1",$name); + $realm = $this->server_list[$id]['REALM']; + print_a(array($id,$realm,$this->namingAttr."@".$realm)); + $this->o_queue->krb5_ramdomize_key($id, $this->namingAttr."@".$realm); + if($this->o_queue->is_error()){ + msg_dialog::display(_("Service infrastructure"),msgPool::siError($this->o_queue->get_error()),ERROR_DIALOG); + } + break; + } + if(preg_match("/^remove_/",$name)){ + $id = preg_replace("/^remove_([a-z0-9\:]*)_.*/i","\\1",$name); + echo $id; + break; + } + } } } diff --git a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl index ba8f271b9..641a5295b 100644 --- a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl +++ b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl @@ -1,13 +1,23 @@

 

{t}Host key{/t}

- +
+{foreach from=$server_list item=item key=key} - - + - +{/foreach}
{t}Realm{/t} - + {$item.REALM} + {if $item.PRINCIPAL} + + + + {else} + + + + {/if}
-- 2.30.2