Context Navigation

source: LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Heimdal.pm @ 861

Visit:

Last change on this file since 861 was 861, checked in by nanardon, 13 years ago
reimport missing files from previous svn
File size: 4.5 KB

Line
1	package LATMOS::Accounts::Bases::Heimdal;
2
3	use 5.010000;
4	use strict;
5	use warnings;
6
7	use base qw(LATMOS::Accounts::Bases);
8	use LATMOS::Accounts::Log;
9	use Heimdal::Kadm5;
10
11	our $VERSION = (q$Rev: 653 $ =~ /^Rev: (\d+) /)[0];
12
13	=head1 NAME
14
15	LATMOS::Heimdal - Latmos Accounts support for kerberos/heimdal
16
17	=head1 SYNOPSIS
18
19	use LATMOS::Heimdal;
20	blah blah blah
21
22	=head1 DESCRIPTION
23
24	Stub documentation for LATMOS::Heimdal, created by h2xs. It looks like the
25	author of the extension was negligent enough to leave the stub
26	unedited.
27
28	Blah blah blah.
29
30	=head1 FUNCTIONS
31
32	=cut
33
34	=head2 new(%options)
35
36	Create a new LATMOS::Ldap object for windows AD $domain.
37
38	options:
39
40	=over 4
41
42	=item domain
43
44	The DNS domain where information about kerberos server can be found, eg the
45	REALM in the B<TXT> record B<kerberos> and the admin server from B<SRV> record
46	B<_kerberos-adm._tcp>.
47
48	This paramater can be omited if both B<realm> and B<server> are set.
49
50	=item realm
51
52	The kerberos realm to connect to. Can be omit if B<domain> is given and this DNS
53	domain contains kerberos record.
54
55	See B<domain> parameter.
56
57	=item server
58
59	If set, try to connect to this server, if not set, a dns query is performed
60	to find kerberos admin server, first responding is used.
61
62	See B<domain> parameter.
63
64	=item ignoredusers
65
66	A coma separated list of user (login) to not modify or delete in the database.
67
68	The user named 'default' is automatically ignored.
69
70	=back
71
72	=cut
73
74	sub new {
75	my ($class, %options) = @_;
76
77	my $self = {
78	_param => { %options },
79	};
80
81	bless($self, $class);
82	}
83
84	sub param {
85	my ($self, $var) = @_;
86	return $self->{_param}{$var}
87	}
88
89	sub load {
90	my ($self) = @_;
91
92	# If already loaded, just say ok !
93	$self->{_heimdal} and return 1;
94
95	if (!$self->param('realm')) {
96	if ($self->param('domain')) {
97	$self->{_param}{realm} = $self->_domain2realm or do {
98	$self->log(LA_ERR,
99	'Cannot find kerberos TXT record for domain `%s\'',
100	$self->param('domain'),
101	);
102	return;
103	};
104	$self->log(LA_DEBUG, 'kerberos REALM is %s', $self->param('realm'));
105	} else {
106	# No way to find realm
107	return;
108	}
109	}
110	my @servers = $self->param('server')
111	? ($self->param('server'))
112	: $self->param('domain')
113	? $self->_domain2server
114	: ();
115
116	if (!@servers) {
117	# no servers found
118	}
119
120	foreach my $server (@servers) {
121	my $heimdal = Heimdal::Kadm5::Client->new(
122	# RaiseErrors => 1,
123	Server => $server,
124	# Port => '8899',
125	# Required:
126	Principal => $self->param('login'),
127	Realm => $self->param('realm'),
128	# --- Either ---
129	Password => $self->param('password'),
130	# --- Or ---
131	# Keytab => $self->param('keytab'),
132	);
133
134	if($heimdal) {
135	$self->log(LA_DEBUG, "Connected to heidmal server %s",
136	$server);
137	$self->{_heimdal} = $heimdal;
138	last;
139	} else {
140	$self->log(LA_ERR, "Cannot connect to %s", $server);
141	}
142	}
143
144	if (!$self->{_heimdal}) {
145	$self->log(LA_ERR, "Cannot connect to any kerberos server");
146	return;
147	}
148
149	return 1;
150	}
151
152	sub _domain2server {
153	my ($self) = @_;
154	require Net::DNS;
155	my @servers;
156
157	my $resolver = Net::DNS::Resolver->new;
158	my $query = $resolver->query("_kerberos-adm._tcp." . $self->param('domain'),
159	"SRV") or return;
160	foreach my $rr (
161	sort { $a->priority <=> $b->priority \|\| $a->weight <=> $b->weight }
162	grep { $_->type eq 'SRV' } $query->answer) {
163	push(@servers, $rr->target); # $rr->port)); don't use port
164	}
165
166	@servers
167	}
168	sub _domain2realm {
169	my ($self) = @_;
170	require Net::DNS;
171
172	my $resolver = Net::DNS::Resolver->new;
173	my $query = $resolver->query(
174	"_kerberos." . $self->param('domain'),
175	"TXT") or return;
176	foreach my $rr ($query->answer) {
177	$rr->type eq 'TXT' and return $rr->txtdata;
178	}
179
180	return;
181	}
182
183	sub heimdal {
184	return $_[0]->{_heimdal};
185	}
186
187	package Heimdal::Kadm5;
188	sub DESTROY { }
189
190	1;
191
192	__END__
193
194	=head1 SEE ALSO
195
196	=head1 AUTHOR
197
198	Olivier Thauvin, E<lt>olivier.thauvin@aerov.jussieu.frE<gt>
199
200	=head1 COPYRIGHT AND LICENSE
201
202	Copyright (C) 2008 CNRS SA/CETP/LATMOS
203
204	This library is free software; you can redistribute it and/or modify
205	it under the same terms as Perl itself, either Perl version 5.10.0 or,
206	at your option, any later version of Perl 5 you may have available.
207
208
209	=cut

Note: See TracBrowser for help on using the repository browser.

Download in other formats: