source: trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Heimdal.pm @ 2045

Last change on this file since 2045 was 1071, checked in by nanardon, 12 years ago
  • rename options() to config() to clarify its role
File size: 4.6 KB
RevLine 
[861]1package LATMOS::Accounts::Bases::Heimdal;
2
3use 5.010000;
4use strict;
5use warnings;
6
7use base qw(LATMOS::Accounts::Bases);
8use LATMOS::Accounts::Log;
9use Heimdal::Kadm5;
10
11our $VERSION = (q$Rev: 653 $ =~ /^Rev: (\d+) /)[0];
12
13=head1 NAME
14
15LATMOS::Heimdal - Latmos Accounts support for kerberos/heimdal
16
17=head1 SYNOPSIS
18
19  use LATMOS::Heimdal;
20  blah blah blah
21
22=head1 DESCRIPTION
23
24Stub documentation for LATMOS::Heimdal, created by h2xs. It looks like the
25author of the extension was negligent enough to leave the stub
26unedited.
27
28Blah blah blah.
29
30=head1 FUNCTIONS
31
32=cut
33
[1071]34=head2 new(%config)
[861]35
36Create a new LATMOS::Ldap object for windows AD $domain.
37
[1071]38config:
[861]39
40=over 4
41
42=item domain
43
44The DNS domain where information about kerberos server can be found, eg the
45REALM in the B<TXT> record B<kerberos> and the admin server from B<SRV> record
46B<_kerberos-adm._tcp>.
47
48This paramater can be omited if both B<realm> and B<server> are set.
49
50=item realm
51
52The kerberos realm to connect to. Can be omit if B<domain> is given and this DNS
53domain contains kerberos record.
54
55See B<domain> parameter.
56
57=item server
58
59If set, try to connect to this server, if not set, a dns query is performed
60to find kerberos admin server, first responding is used.
61
62See B<domain> parameter.
63
64=item ignoredusers
65
66A coma separated list of user (login) to not modify or delete in the database.
67
68The user named 'default' is automatically ignored.
69
70=back
71
72=cut
73
74sub new {
[1071]75    my ($class, %config) = @_;
[861]76   
[1037]77    bless({}, $class);
[861]78}
79
80sub load {
81    my ($self) = @_;
82
83    # If already loaded, just say ok !
84    $self->{_heimdal} and return 1;
85
[1071]86    if (!$self->config('realm')) {
87        if ($self->config('domain')) {
88            $self->{_config}{realm} = $self->_domain2realm or do {
[861]89                $self->log(LA_ERR,
90                    'Cannot find kerberos TXT record for domain `%s\'',
[1071]91                    $self->config('domain'),
[861]92                );
93                return;
94            };
[1071]95            $self->log(LA_DEBUG, 'kerberos REALM is %s', $self->config('realm'));
[861]96        } else {
97            # No way to find realm
98            return;
99        }
100    }
[1071]101    my @servers = $self->config('server')
102        ? ($self->config('server'))
103        : $self->config('domain')
[861]104            ? $self->_domain2server
105            : ();
106
[1036]107    $self->log(LA_DEBUG, 'kerberos servers are %s', join(', ', @servers));
108
[861]109    if (!@servers) {
[917]110        $self->log(LA_ERROR, "no heimdal servers found");
111        return;
[861]112    }
113
114    foreach my $server (@servers) {
115        my $heimdal = Heimdal::Kadm5::Client->new(
116            # RaiseErrors => 1,
117            Server => $server,
118            # Port   => '8899',
119            # Required:
[1071]120            Principal => $self->config('login'),
121            Realm  => $self->config('realm'),
[861]122            # --- Either ---
[1071]123            Password => $self->config('password'),
[861]124            # --- Or ---
[1071]125            # Keytab => $self->config('keytab'),
[861]126        );
127
128        if($heimdal) {
129            $self->log(LA_DEBUG, "Connected to heidmal server %s",
130                $server);
131            $self->{_heimdal} = $heimdal;
132            last;
133        } else {
134            $self->log(LA_ERR, "Cannot connect to %s", $server);
135        }
136    }
137
138    if (!$self->{_heimdal}) {
139        $self->log(LA_ERR, "Cannot connect to any kerberos server");
140        return;
141    }
142
143    return 1;
144}
145
146sub _domain2server {
147    my ($self) = @_;
148    require Net::DNS;
149    my @servers;
150
151    my $resolver = Net::DNS::Resolver->new;
[1071]152    my $query = $resolver->query("_kerberos-adm._tcp." . $self->config('domain'),
[861]153        "SRV") or return;
154    foreach my $rr (
155        sort { $a->priority <=> $b->priority || $a->weight <=> $b->weight }
156        grep { $_->type eq 'SRV' } $query->answer) {
157        push(@servers, $rr->target); # $rr->port)); don't use port
158    }
159
160    @servers
161}
162sub _domain2realm {
163    my ($self) = @_;
164    require Net::DNS;
165
166    my $resolver = Net::DNS::Resolver->new;
167    my $query = $resolver->query(
[1071]168        "_kerberos." . $self->config('domain'),
[861]169        "TXT") or return;
170    foreach my $rr ($query->answer) {
171        $rr->type eq 'TXT' and return $rr->txtdata;
172    }
173
174    return;
175}
176
[1023]177=head2 heimdal
178
179Return heimdal handle.
180
181=cut
182
[861]183sub heimdal {
184    return $_[0]->{_heimdal};
185}
186
187package Heimdal::Kadm5; 
188sub DESTROY { }
189
1901;
191
192__END__
193
194=head1 SEE ALSO
195
196=head1 AUTHOR
197
198Olivier Thauvin, E<lt>olivier.thauvin@aerov.jussieu.frE<gt>
199
200=head1 COPYRIGHT AND LICENSE
201
202Copyright (C) 2008 CNRS SA/CETP/LATMOS
203
204This library is free software; you can redistribute it and/or modify
205it under the same terms as Perl itself, either Perl version 5.10.0 or,
206at your option, any later version of Perl 5 you may have available.
207
208
209=cut
Note: See TracBrowser for help on using the repository browser.