From 9c5025fac726b5592cf70d65bfdd93e7b49e5551 Mon Sep 17 00:00:00 2001 From: hickert Date: Mon, 3 Dec 2007 13:29:36 +0000 Subject: [PATCH] Added working- not cleaned up - heimdal options git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@7981 594d385d-05f5-0310-b6e9-bd551577e9d8 --- include/class_password-methods-heimdal.inc | 128 ++++++++++++++++++--- plugins/personal/generic/class_user.inc | 9 +- 2 files changed, 118 insertions(+), 19 deletions(-) diff --git a/include/class_password-methods-heimdal.inc b/include/class_password-methods-heimdal.inc index 9ceb018d1..792cfef9d 100644 --- a/include/class_password-methods-heimdal.inc +++ b/include/class_password-methods-heimdal.inc @@ -24,9 +24,9 @@ class passwordMethodheimdal extends passwordMethod var $krb5MaxLife = 86400; var $krb5MaxRenew = 604800; - var $krb5ValidStart = 20071231000000; - var $krb5ValidEnd = 20101231000000; - var $krb5PasswordEnd = 20101231000000; + var $krb5ValidStart = "200712310000Z"; + var $krb5ValidEnd = "201012310000Z"; + var $krb5PasswordEnd = "201012310000Z"; var $unlimited_krb5MaxLife = FALSE; var $unlimited_krb5MaxRenew = FALSE; @@ -34,6 +34,8 @@ class passwordMethodheimdal extends passwordMethod var $unlimited_krb5ValidEnd = FALSE; var $unlimited_krb5PasswordEnd= FALSE; + var $display = TRUE; + var $flag_list = array( "0"=>"initial" , "1"=>"forwardable" , @@ -56,9 +58,27 @@ class passwordMethodheimdal extends passwordMethod var $attributes = array("krb5MaxLife","krb5MaxRenew","krb5KDCFlags","krb5ValidStart","krb5ValidEnd","krb5PasswordEnd"); - function passwordMethodheimdal(&$config) + function passwordMethodheimdal(&$config,$dn = "new") { $this->config= $config; + + if($dn != "new"){ + $ldap = $this->config->get_ldap_link(); + $ldap->cd($dn); + $ldap->ls("objectClass=krb5Principal",$dn,array("*")); + + if($ldap->count()==1){ + $attrs = $ldap->fetch(); + foreach($this->attributes as $attr){ + $uattr = "unlimited_".$attr; + if(isset($attrs[$attr][0])){ + $this->$attr = $attrs[$attr][0]; + }else{ + $this->$uattr = TRUE; + } + } + } + } } @@ -136,7 +156,7 @@ class passwordMethodheimdal extends passwordMethod msg_dialog::display(_("Heimdal properties"),$msg,WARNING_DIALOG); } }else{ - $this->save(); + $this->display = FALSE; return ""; } } @@ -196,21 +216,99 @@ class passwordMethodheimdal extends passwordMethod if(!is_numeric($this->krb5MaxRenew) && !$this->unlimited_krb5MaxRenew){ $message[] = sprintf(_("Please specify a numeric value for %s."),_("Max renew")); } - if(!is_numeric($this->krb5ValidStart) && !$this->unlimited_krb5ValidStart){ - $message[] = sprintf(_("Please specify a numeric value for %s."),_("Valid start")); - } - if(!is_numeric($this->krb5ValidEnd) && !$this->unlimited_krb5ValidEnd){ - $message[] = sprintf(_("Please specify a numeric value for %s."),_("Valid end")); - } - if(!is_numeric($this->krb5PasswordEnd) && !$this->unlimited_krb5PasswordEnd){ - $message[] = sprintf(_("Please specify a numeric value for %s."),_("Valid password")); - } + if((empty($this->krb5ValidStart) || !$this->chk_times($this->krb5ValidStart)) && !$this->unlimited_krb5ValidStart){ + $message[] = sprintf(_("Please specify a numeric value for %s."),_("Valid start")); + } + if((empty($this->krb5ValidStop) || !$this->chk_times($this->krb5ValidEnd)) && !$this->unlimited_krb5ValidEnd){ + $message[] = sprintf(_("Please specify a numeric value for %s."),_("Valid end")); + } + if((empty($this->krb5PasswordEnd) || !$this->chk_times($this->krb5PasswordEnd)) && !$this->unlimited_krb5PasswordEnd){ + $message[] = sprintf(_("Please specify a numeric value for %s."),_("Valid password")); + } return($message); } + + function chk_times($str) + { + if(preg_match("/^([0-9]){12,12}[a-z]$/i",$str)){ + return(true); + } + return(false); + } + + + function save($dn) { - echo "Save, haha not realy"; + $realm = $this->config->data['SERVERS']['KERBEROS']['REALM']; + + $ldap = $this->config->get_ldap_link(); + $ldap->cd($dn); + $ldap->cat($dn,array('uid')); + $attrs = $ldap->fetch(); + if(isset($attrs['uid'][0])){ + + /* Detect old principal entry */ + $ldap->cd($dn); + $ldap->ls("objectClass=krb5Principal",$dn,array('*')); + + if($ldap->count() == 0){ + $new = true; + }elseif($ldap->count() == 1){ + $new = false; + $old_data = $ldap->fetch(); + } + + $uid = $attrs['uid'][0]; + $name = $uid."@".strtoupper($realm); + $dn = "krb5PrincipalName=".$name.",".$dn; + + $data = array(); + $data['krb5PrincipalName'] = $name; + $data['objectClass'] = array("top","account","krb5Principal","krb5KDCEntry"); + $data['krb5PrincipalName'] =$name; + $data['uid'] = $uid; + $data['krb5KeyVersionNumber'] = rand(100000,99999999); + + if(!$new){ + foreach($this->attributes as $attr){ + $data[$attr] = array(); + } + } + + /* Append Flags */ + $data['krb5KDCFlags'] = $this->krb5KDCFlags; + if(!$this->unlimited_krb5MaxLife){ + $data['krb5MaxLife'] = $this->krb5MaxLife; + } + if(!$this->unlimited_krb5MaxRenew){ + $data['krb5MaxRenew'] = $this->krb5MaxRenew; + } + if(!$this->unlimited_krb5ValidStart){ + $data['krb5ValidStart'] = $this->krb5ValidStart; + } + if(!$this->unlimited_krb5ValidEnd){ + $data['krb5ValidEnd'] = $this->krb5ValidEnd; + } + if(!$this->unlimited_krb5PasswordEnd){ + $data['krb5PasswordEnd']= $this->krb5PasswordEnd; + } + + /* This should not happen, because the UID can't be modified via GOsa ui */ + if(!$new && $dn != $old_data['dn']){ + plugin::move($old_data['dn'],$dn); + } + + /* Add / Updated data */ + $ldap->cd($dn); + if($new){ + $ldap->add($data); + }else{ + $ldap->modify($data); + } + show_ldap_error($ldap->get_error(),"Mist"); + } } } diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc index 21930a5b8..456232a95 100644 --- a/plugins/personal/generic/class_user.inc +++ b/plugins/personal/generic/class_user.inc @@ -316,12 +316,12 @@ class user extends plugin } /* Password configure dialog handling */ - if(is_object($this->pwObject) && is_object($this->dialog)){ + if(is_object($this->pwObject) && $this->pwObject->display){ $output= $this->pwObject->configure(); if ($output != ""){ + $this->dialog= TRUE; return $output; } - $this->dialog= false; } @@ -350,9 +350,10 @@ class user extends plugin if (isset($_POST['edit_pw_method'])){ if (!is_object($this->pwObject) || $this->pw_storage != $this->pwObject->get_hash_name()){ $temp= passwordMethod::get_available_methods(); - $this->pwObject= new $temp[$this->pw_storage]($this->config); - $this->dialog= &$this->pwObject; + $this->pwObject= new $temp[$this->pw_storage]($this->config,$this->dn); } + $this->pwObject->display = TRUE; + $this->dialog= TRUE; return ($this->pwObject->configure()); } } -- 2.30.2