From 8168cc3dbc907800e705ea81b1070fd9952e4f38 Mon Sep 17 00:00:00 2001 From: hickert Date: Mon, 2 Jun 2008 14:04:12 +0000 Subject: [PATCH] Updated krb host key generation. -I still have some troubles with the communication to the si daemon ... git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11150 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../services/kerberos/class_krb_host_keys.inc | 110 ++++++++++++++++-- .../services/kerberos/krb_host_keys.tpl | 4 +- 2 files changed, 101 insertions(+), 13 deletions(-) diff --git a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc index 4660d621b..0aabd6867 100644 --- a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc +++ b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/class_krb_host_keys.inc @@ -1,4 +1,25 @@ object = $object; $this->o_queue = new gosaSupportDaemon(); - $this->host_key_realms['disabled'] = _("Disabled"); + $this->goKrbRealms =array("deactivated"=> _("Deactivated")); - /* Collect other realms here later */ - $this->kerberos_support = TRUE; + /* Check if the SI based kerberos method is available + */ + if(class_available("passwordMethodMIT")){ + $this->pwd_handle = new passwordMethodMIT($this->config); + + /* Get a list of all kerberos servers, defined in ldap + and get a list of principals they are providing. + */ + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->search("(&(objectClass=goServer)(objectClass=goKrbServer))",array("goKrbRealm","cn","description","macAddress")); + $this->server_list = array(); + while($attrs = $ldap->fetch()){ + if(!isset($attrs['macAddress'][0])) continue; + if(!isset($attrs['description'][0])) $attrs['description'][0] =""; + + $principals = $this->pwd_handle->load_principals_for_server($attrs['macAddress'][0]); + + /* Create Realm/Server/Principal mapping. + */ + foreach($principals as $principal){ + $this->map["PRINCIPAL_SERVER"][$principal] = $attrs['cn'][0]; + $this->map["PRINCIPAL_REALM"] [$principal] = $attrs['goKrbRealm'][0]; + } + $this->map["MAC_SERVER"][$attrs['cn'][0]] = $attrs['macAddress'][0]; + $this->map["SERVER_REALM"][$attrs['cn'][0]] = $attrs['goKrbRealm'][0]; + $this->map["REALM_SERVER"][$attrs['goKrbRealm'][0]] = $attrs['cn'][0]; + + $this->goKrbRealms[$attrs['goKrbRealm'][0]] = $attrs['goKrbRealm'][0]; + + /* Set first realm as selected. + */ + if($this->goKrbRealm == ""){ + $this->goKrbRealm = $attrs['goKrbRealm'][0]; + } + + /* Create Server list + */ + $this->server_list[$attrs['cn'][0]] = array("macAddress" => $attrs['macAddress'][0], + "description"=> $attrs['description'][0], + "dn" => $attrs['dn'], + "principals" => $principals, + "goKrbRealm" => $attrs['goKrbRealm'][0], + "cn" => $attrs['cn'][0]); + } + + /* Everything seems to be OK, we have found at least one principal + */ + if(isset($this->map['PRINCIPAL_SERVER']) && count($this->map['PRINCIPAL_SERVER'])){ + $this->kerberos_support = TRUE; + } + } } public function execute() @@ -28,15 +104,27 @@ class krb_host_keys extends plugin if(!$this->kerberos_support) return(""); $smarty = get_smarty(); - $smarty->assign("host_key_realms",$this->host_key_realms); - $smarty->assign("host_key_realm",$this->host_key_realm); + $smarty->assign("Realms",$this->goKrbRealms); + $smarty->assign("goKrbRealm",$this->goKrbRealm); return($smarty->fetch (get_template_path('krb_host_keys.tpl', TRUE,dirname(__FILE__)))); } private function generate_key() { - echo "NIY"; + + /* Check if the source object is useable, we require the cn to be set + * If this is not the case, do not display this plugin. + */ + if(!isset($this->object->cn)){ + echo "Verdammt"; + }else{ + $name = "host/".$this->object->cn; + $realm = $this->goKrbRealm; + $server= $this->map['REALM_SERVER'][$realm]; + $mac = $this->map['MAC_SERVER'][$server]; + $this->o_queue ->krb5_add_principal($mac,$name,array()); + } } @@ -45,9 +133,9 @@ class krb_host_keys extends plugin /* Skip if there is no kerberos support available */ if(!$this->kerberos_support) return; - - if(isset($_POST['host_key_realm']) && isset($this->host_key_realms[$_POST['host_key_realm']])){ - $this->host_key_realm = get_post('host_key_realm'); + + if(isset($_POST['goKrbRealm']) && isset($this->goKrbRealms[$_POST['goKrbRealm']])){ + $this->goKrbRealm = get_post('goKrbRealm'); } if(isset($_POST['host_key_generate'])){ $this->generate_key(); diff --git a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl index 74541ce88..ba8f271b9 100644 --- a/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl +++ b/gosa-plugins/mit-krb5/admin/systems/services/kerberos/krb_host_keys.tpl @@ -4,8 +4,8 @@ {t}Realm{/t} - + {html_options options=$Realms selected=$goKrbRealm} -- 2.30.2