source: trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Heimdal.pm @ 2045

Last change on this file since 2045 was 1071, checked in by nanardon, 12 years ago
  • rename options() to config() to clarify its role
File size: 4.6 KB
Line 
1package LATMOS::Accounts::Bases::Heimdal;
2
3use 5.010000;
4use strict;
5use warnings;
6
7use base qw(LATMOS::Accounts::Bases);
8use LATMOS::Accounts::Log;
9use Heimdal::Kadm5;
10
11our $VERSION = (q$Rev: 653 $ =~ /^Rev: (\d+) /)[0];
12
13=head1 NAME
14
15LATMOS::Heimdal - Latmos Accounts support for kerberos/heimdal
16
17=head1 SYNOPSIS
18
19  use LATMOS::Heimdal;
20  blah blah blah
21
22=head1 DESCRIPTION
23
24Stub documentation for LATMOS::Heimdal, created by h2xs. It looks like the
25author of the extension was negligent enough to leave the stub
26unedited.
27
28Blah blah blah.
29
30=head1 FUNCTIONS
31
32=cut
33
34=head2 new(%config)
35
36Create a new LATMOS::Ldap object for windows AD $domain.
37
38config:
39
40=over 4
41
42=item domain
43
44The DNS domain where information about kerberos server can be found, eg the
45REALM in the B<TXT> record B<kerberos> and the admin server from B<SRV> record
46B<_kerberos-adm._tcp>.
47
48This paramater can be omited if both B<realm> and B<server> are set.
49
50=item realm
51
52The kerberos realm to connect to. Can be omit if B<domain> is given and this DNS
53domain contains kerberos record.
54
55See B<domain> parameter.
56
57=item server
58
59If set, try to connect to this server, if not set, a dns query is performed
60to find kerberos admin server, first responding is used.
61
62See B<domain> parameter.
63
64=item ignoredusers
65
66A coma separated list of user (login) to not modify or delete in the database.
67
68The user named 'default' is automatically ignored.
69
70=back
71
72=cut
73
74sub new {
75    my ($class, %config) = @_;
76   
77    bless({}, $class);
78}
79
80sub load {
81    my ($self) = @_;
82
83    # If already loaded, just say ok !
84    $self->{_heimdal} and return 1;
85
86    if (!$self->config('realm')) {
87        if ($self->config('domain')) {
88            $self->{_config}{realm} = $self->_domain2realm or do {
89                $self->log(LA_ERR,
90                    'Cannot find kerberos TXT record for domain `%s\'',
91                    $self->config('domain'),
92                );
93                return;
94            };
95            $self->log(LA_DEBUG, 'kerberos REALM is %s', $self->config('realm'));
96        } else {
97            # No way to find realm
98            return;
99        }
100    }
101    my @servers = $self->config('server')
102        ? ($self->config('server'))
103        : $self->config('domain')
104            ? $self->_domain2server
105            : ();
106
107    $self->log(LA_DEBUG, 'kerberos servers are %s', join(', ', @servers));
108
109    if (!@servers) {
110        $self->log(LA_ERROR, "no heimdal servers found");
111        return;
112    }
113
114    foreach my $server (@servers) {
115        my $heimdal = Heimdal::Kadm5::Client->new(
116            # RaiseErrors => 1,
117            Server => $server,
118            # Port   => '8899',
119            # Required:
120            Principal => $self->config('login'),
121            Realm  => $self->config('realm'),
122            # --- Either ---
123            Password => $self->config('password'),
124            # --- Or ---
125            # Keytab => $self->config('keytab'),
126        );
127
128        if($heimdal) {
129            $self->log(LA_DEBUG, "Connected to heidmal server %s",
130                $server);
131            $self->{_heimdal} = $heimdal;
132            last;
133        } else {
134            $self->log(LA_ERR, "Cannot connect to %s", $server);
135        }
136    }
137
138    if (!$self->{_heimdal}) {
139        $self->log(LA_ERR, "Cannot connect to any kerberos server");
140        return;
141    }
142
143    return 1;
144}
145
146sub _domain2server {
147    my ($self) = @_;
148    require Net::DNS;
149    my @servers;
150
151    my $resolver = Net::DNS::Resolver->new;
152    my $query = $resolver->query("_kerberos-adm._tcp." . $self->config('domain'),
153        "SRV") or return;
154    foreach my $rr (
155        sort { $a->priority <=> $b->priority || $a->weight <=> $b->weight }
156        grep { $_->type eq 'SRV' } $query->answer) {
157        push(@servers, $rr->target); # $rr->port)); don't use port
158    }
159
160    @servers
161}
162sub _domain2realm {
163    my ($self) = @_;
164    require Net::DNS;
165
166    my $resolver = Net::DNS::Resolver->new;
167    my $query = $resolver->query(
168        "_kerberos." . $self->config('domain'),
169        "TXT") or return;
170    foreach my $rr ($query->answer) {
171        $rr->type eq 'TXT' and return $rr->txtdata;
172    }
173
174    return;
175}
176
177=head2 heimdal
178
179Return heimdal handle.
180
181=cut
182
183sub heimdal {
184    return $_[0]->{_heimdal};
185}
186
187package Heimdal::Kadm5; 
188sub DESTROY { }
189
1901;
191
192__END__
193
194=head1 SEE ALSO
195
196=head1 AUTHOR
197
198Olivier Thauvin, E<lt>olivier.thauvin@aerov.jussieu.frE<gt>
199
200=head1 COPYRIGHT AND LICENSE
201
202Copyright (C) 2008 CNRS SA/CETP/LATMOS
203
204This library is free software; you can redistribute it and/or modify
205it under the same terms as Perl itself, either Perl version 5.10.0 or,
206at your option, any later version of Perl 5 you may have available.
207
208
209=cut
Note: See TracBrowser for help on using the repository browser.