source: LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Heimdal.pm @ 861

Last change on this file since 861 was 861, checked in by nanardon, 13 years ago
  • reimport missing files from previous svn
File size: 4.5 KB
Line 
1package LATMOS::Accounts::Bases::Heimdal;
2
3use 5.010000;
4use strict;
5use warnings;
6
7use base qw(LATMOS::Accounts::Bases);
8use LATMOS::Accounts::Log;
9use Heimdal::Kadm5;
10
11our $VERSION = (q$Rev: 653 $ =~ /^Rev: (\d+) /)[0];
12
13=head1 NAME
14
15LATMOS::Heimdal - Latmos Accounts support for kerberos/heimdal
16
17=head1 SYNOPSIS
18
19  use LATMOS::Heimdal;
20  blah blah blah
21
22=head1 DESCRIPTION
23
24Stub documentation for LATMOS::Heimdal, created by h2xs. It looks like the
25author of the extension was negligent enough to leave the stub
26unedited.
27
28Blah blah blah.
29
30=head1 FUNCTIONS
31
32=cut
33
34=head2 new(%options)
35
36Create a new LATMOS::Ldap object for windows AD $domain.
37
38options:
39
40=over 4
41
42=item domain
43
44The DNS domain where information about kerberos server can be found, eg the
45REALM in the B<TXT> record B<kerberos> and the admin server from B<SRV> record
46B<_kerberos-adm._tcp>.
47
48This paramater can be omited if both B<realm> and B<server> are set.
49
50=item realm
51
52The kerberos realm to connect to. Can be omit if B<domain> is given and this DNS
53domain contains kerberos record.
54
55See B<domain> parameter.
56
57=item server
58
59If set, try to connect to this server, if not set, a dns query is performed
60to find kerberos admin server, first responding is used.
61
62See B<domain> parameter.
63
64=item ignoredusers
65
66A coma separated list of user (login) to not modify or delete in the database.
67
68The user named 'default' is automatically ignored.
69
70=back
71
72=cut
73
74sub new {
75    my ($class, %options) = @_;
76   
77    my $self = {
78        _param => { %options },
79    };
80
81    bless($self, $class);
82}
83
84sub param {
85    my ($self, $var) = @_;
86    return $self->{_param}{$var}
87}
88
89sub load {
90    my ($self) = @_;
91
92    # If already loaded, just say ok !
93    $self->{_heimdal} and return 1;
94
95    if (!$self->param('realm')) {
96        if ($self->param('domain')) {
97            $self->{_param}{realm} = $self->_domain2realm or do {
98                $self->log(LA_ERR,
99                    'Cannot find kerberos TXT record for domain `%s\'',
100                    $self->param('domain'),
101                );
102                return;
103            };
104            $self->log(LA_DEBUG, 'kerberos REALM is %s', $self->param('realm'));
105        } else {
106            # No way to find realm
107            return;
108        }
109    }
110    my @servers = $self->param('server')
111        ? ($self->param('server'))
112        : $self->param('domain')
113            ? $self->_domain2server
114            : ();
115
116    if (!@servers) {
117        # no servers found
118    }
119
120    foreach my $server (@servers) {
121        my $heimdal = Heimdal::Kadm5::Client->new(
122            # RaiseErrors => 1,
123            Server => $server,
124            # Port   => '8899',
125            # Required:
126            Principal => $self->param('login'),
127            Realm  => $self->param('realm'),
128            # --- Either ---
129            Password => $self->param('password'),
130            # --- Or ---
131            # Keytab => $self->param('keytab'),
132        );
133
134        if($heimdal) {
135            $self->log(LA_DEBUG, "Connected to heidmal server %s",
136                $server);
137            $self->{_heimdal} = $heimdal;
138            last;
139        } else {
140            $self->log(LA_ERR, "Cannot connect to %s", $server);
141        }
142    }
143
144    if (!$self->{_heimdal}) {
145        $self->log(LA_ERR, "Cannot connect to any kerberos server");
146        return;
147    }
148
149    return 1;
150}
151
152sub _domain2server {
153    my ($self) = @_;
154    require Net::DNS;
155    my @servers;
156
157    my $resolver = Net::DNS::Resolver->new;
158    my $query = $resolver->query("_kerberos-adm._tcp." . $self->param('domain'),
159        "SRV") or return;
160    foreach my $rr (
161        sort { $a->priority <=> $b->priority || $a->weight <=> $b->weight }
162        grep { $_->type eq 'SRV' } $query->answer) {
163        push(@servers, $rr->target); # $rr->port)); don't use port
164    }
165
166    @servers
167}
168sub _domain2realm {
169    my ($self) = @_;
170    require Net::DNS;
171
172    my $resolver = Net::DNS::Resolver->new;
173    my $query = $resolver->query(
174        "_kerberos." . $self->param('domain'),
175        "TXT") or return;
176    foreach my $rr ($query->answer) {
177        $rr->type eq 'TXT' and return $rr->txtdata;
178    }
179
180    return;
181}
182
183sub heimdal {
184    return $_[0]->{_heimdal};
185}
186
187package Heimdal::Kadm5; 
188sub DESTROY { }
189
1901;
191
192__END__
193
194=head1 SEE ALSO
195
196=head1 AUTHOR
197
198Olivier Thauvin, E<lt>olivier.thauvin@aerov.jussieu.frE<gt>
199
200=head1 COPYRIGHT AND LICENSE
201
202Copyright (C) 2008 CNRS SA/CETP/LATMOS
203
204This library is free software; you can redistribute it and/or modify
205it under the same terms as Perl itself, either Perl version 5.10.0 or,
206at your option, any later version of Perl 5 you may have available.
207
208
209=cut
Note: See TracBrowser for help on using the repository browser.