function kinit_config(){ $sock=new sockets(); $CyrusToAD=$sock->GET_INFO("CyrusToAD"); $EnableSambaActiveDirectory=$sock->GET_INFO("EnableSambaActiveDirectory"); if(!is_numeric($EnableSambaActiveDirectory)){$EnableSambaActiveDirectory=0;} if($CyrusToAD==null){$CyrusToAD=0;} if($CyrusToAD==0){DisablePamd();return;} EnablePamd(); $array=unserialize(base64_decode($sock->GET_INFO("CyrusToADConfig"))); if($EnableSambaActiveDirectory==1){ $newconf=unserialize(base64_decode($sock->GET_INFO("SambaAdInfos"))); $array["domain"]=$newconf["ADDOMAIN"]; $array["servername"]=$newconf["ADSERVER"]; $array["admin"]=$newconf["ADADMIN"]; $array["password"]=$newconf["PASSWORD"]; } $default_realm=strtoupper($array["domain"]); $servername=strtolower($array["servername"]); $f[]="[logging]"; $f[]=" default = FILE:/var/log/krb5libs.log"; $f[]=" kdc = FILE:/var/log/krb5kdc.log"; $f[]=" admin_server = FILE:/var/log/kadmind.log"; $f[]="[libdefaults]"; $f[]=" clockskew = 300"; $f[]=" ticket_lifetime = 24h"; $f[]=" forwardable = yes"; $f[]=" default_realm = $default_realm"; $f[]="[realms]"; $f[]=" $default_realm = {"; $f[]=" kdc = $servername"; $f[]=" default_domain = $default_realm"; $f[]=" kpasswd_server = $servername"; $f[]="}"; $f[]=""; $f[]="[domain_realm]"; $f[]=" .$default_realm = $default_realm"; $f[]="[appdefaults]"; $f[]="pam = {"; $f[]=" debug = false"; $f[]=" ticket_lifetime = 36000"; $f[]=" renew_lifetime = 36000"; $f[]=" forwardable = true"; $f[]=" krb4_convert = false"; $f[]="}"; $f[]=""; @file_put_contents("/etc/krb5.conf",@implode("\n",$f)); RunKinit($array["admin"]."@".strtoupper($array["domain"]),$array["password"]); if($GLOBALS["RELOAD"]){ shell_exec("/etc/init.d/artica-postfix restart saslauthd"); } }
function kinit(){ $unix=new unix(); $kinit=$unix->find_program("kinit"); $echo=$unix->find_program("echo"); $net=$unix->LOCATE_NET_BIN_PATH(); $hostname=$unix->find_program("hostname"); $sock=new sockets(); $config=unserialize(base64_decode($sock->GET_INFO("SambaAdInfos"))); $domain=strtoupper($config["ADDOMAIN"]); $domain_lower=strtolower($config["ADDOMAIN"]); $cachefile="/etc/artica-postfix/NetADSInfo.cache"; $CyrusToAD=$sock->GET_INFO("CyrusToAD"); if(!is_numeric($CyrusToAD)){$CyrusToAD=0;} $ADSERVER_IP=$config["ADSERVER_IP"]; @unlink("/etc/artica-postfix/NetADSInfo.cache"); $ad_server=strtolower($config["ADSERVER"]); $kinitpassword=$config["PASSWORD"]; $kinitpassword=$unix->shellEscapeChars($kinitpassword); if($kinit<>null){ shell_exec("$echo $kinitpassword|$kinit {$config["ADADMIN"]}@$domain"); } exec($hostname,$results); $servername=trim(@implode(" ",$results)); echo "Starting......: Samba using server name has $servername.$domain_lower\n"; shell_exec("/usr/share/artica-postfix/bin/artica-install --change-hostname $servername.$domain_lower"); echo "Starting......: connecting to $ad_server.$domain_lower\n"; @unlink($cachefile); $NetADSINFOS=GetNetAdsInfos(); $KDC_SERVER=$NetADSINFOS["KDC server"]; $adminpassword=$config["PASSWORD"]; $WINBINDPASSWORD=$config["WINBINDPASSWORD"]; if(strlen($WINBINDPASSWORD)>2){ $WINBINDPASSWORD=$unix->shellEscapeChars($WINBINDPASSWORD); exec("$net setauthuser -U winbind%$WINBINDPASSWORD 2>&1",$results); while (list ($index, $line) = each ($results) ){writelogs("setauthuser [winbind]: $line",__FUNCTION__,__FILE__,__LINE__);} } echo "Starting......: checking winbindd daemon...\n"; shell_exec("/etc/init.d/artica-postfix start winbindd"); $adminpassword=$unix->shellEscapeChars($adminpassword); if($KDC_SERVER==null){ $cmd="$net ads join -W $ad_server.$domain_lower -S $ad_server -U {$config["ADADMIN"]}%$adminpassword 2>&1"; if($GLOBALS["VERBOSE"]){echo $cmd."\n";} exec("$cmd",$results); while (list ($index, $line) = each ($results) ){ writelogs("ads join [{$config["ADADMIN"]}]: $line",__FUNCTION__,__FILE__,__LINE__); if(preg_match("#DNS update failed#",$line)){ echo "Starting......: ADS Join FAILED with command line \"$cmd\"\n"; } if(preg_match("#The network name cannot be found#",$line)){ echo "Starting......: ADS Join $ad_server.$domain_lower failed, unable to resolve it\n"; if($ADSERVER_IP<>null){ if(!$GLOBALS["CHANGE_ETC_HOSTS_AD"]){ $line=base64_encode("$ADSERVER_IP\t$ad_server.$domain_lower\t$ad_server"); $sock->getFrameWork("cmd.php?etc-hosts-add=$line"); $GLOBALS["CHANGE_ETC_HOSTS_AD"]=true; echo "Starting......: ADS Join add $ad_server.$domain_lower $ADSERVER_IP in hosts file done, restart\n"; kinit(); return; } } } echo "Starting......: ADS Join $ad_server.$domain_lower ($line)\n"; } }else{ echo "Starting......: ADS Already joined to \"$KDC_SERVER\"\n"; } if($CyrusToAD==1){ echo "Starting......: Activate PAM for Cyrus sasl\n"; EnablePamd(); }else{ echo "Starting......: Disable PAM for Cyrus sasl\n"; DisablePamd(); } }
function kinit() { $function = __FUNCTION__; if (isset($GLOBALS["KINIT_RUN"])) { echo "Starting......: " . date("H:i:s") . " {$function}, already executed..\n"; return; } $GLOBALS["KINIT_RUN"] = true; $unix = new unix(); $kinit = $unix->find_program("kinit"); $echo = $unix->find_program("echo"); $net = $unix->LOCATE_NET_BIN_PATH(); $hostname = $unix->find_program("hostname"); $sock = new sockets(); $config = unserialize(base64_decode($sock->GET_INFO("SambaAdInfos"))); $domain = strtoupper($config["ADDOMAIN"]); $domain_lower = strtolower($config["ADDOMAIN"]); $cachefile = "/etc/artica-postfix/NetADSInfo.cache"; $CyrusToAD = $sock->GET_INFO("CyrusToAD"); if (!is_numeric($CyrusToAD)) { $CyrusToAD = 0; } $ADSERVER_IP = $config["ADSERVER_IP"]; @unlink("/etc/artica-postfix/NetADSInfo.cache"); $ad_server = strtolower($config["ADSERVER"]); $kinitpassword = $config["PASSWORD"]; $kinitpassword = $unix->shellEscapeChars($kinitpassword); if ($kinit != null) { echo "Starting......: " . date("H:i:s") . " {$function}, {$kinit} {$config["ADADMIN"]}@{$domain}...\n"; shell_exec("{$echo} {$kinitpassword}|{$kinit} {$config["ADADMIN"]}@{$domain}"); } exec($hostname, $results); $servername = trim(@implode(" ", $results)); echo "Starting......: " . date("H:i:s") . " {$function}, using server name has {$servername}.{$domain_lower}\n"; shell_exec("/usr/share/artica-postfix/bin/artica-install --change-hostname {$servername}.{$domain_lower}"); echo "Starting......: " . date("H:i:s") . " {$function}, connecting to {$ad_server}.{$domain_lower}\n"; @unlink($cachefile); $NetADSINFOS = $unix->SAMBA_GetNetAdsInfos(); $KDC_SERVER = $NetADSINFOS["KDC server"]; $adminpassword = $config["PASSWORD"]; echo "Starting......: " . date("H:i:s") . " {$function}, setauthuser -> \"{$config["ADADMIN"]}\"\n"; exec("{$net} setauthuser -U {$config["ADADMIN"]}%{$kinitpassword} 2>&1", $results); echo "Starting......: " . date("H:i:s") . " {$function}, checking winbindd daemon...\n"; shell_exec("/etc/init.d/artica-postfix start winbindd"); echo "Starting......: " . date("H:i:s") . " {$function}, KDC: \"{$KDC_SERVER}\"\n"; $adminpassword = $unix->shellEscapeChars($adminpassword); $unix->THREAD_COMMAND_SET($unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --join"); if ($KDC_SERVER == null) { $cmd = "{$net} ads join -W {$ad_server}.{$domain_lower} -S {$ad_server} -U {$config["ADADMIN"]}%{$adminpassword} 2>&1"; if ($GLOBALS["VERBOSE"]) { echo $cmd . "\n"; } exec("{$cmd}", $results); while (list($index, $line) = each($results)) { writelogs("ads join [{$config["ADADMIN"]}]: {$line}", __FUNCTION__, __FILE__, __LINE__); if (preg_match("#DNS update failed#", $line)) { echo "Starting......: " . date("H:i:s") . " ADS Join FAILED with command line \"{$cmd}\"\n"; } if (preg_match("#The network name cannot be found#", $line)) { echo "Starting......: " . date("H:i:s") . " ADS Join {$ad_server}.{$domain_lower} failed, unable to resolve it\n"; if ($ADSERVER_IP != null) { if (!$GLOBALS["CHANGE_ETC_HOSTS_AD"]) { $line = base64_encode("{$ADSERVER_IP}\t{$ad_server}.{$domain_lower}\t{$ad_server}"); $sock->getFrameWork("cmd.php?etc-hosts-add={$line}"); $GLOBALS["CHANGE_ETC_HOSTS_AD"] = true; echo "Starting......: " . date("H:i:s") . " ADS Join add {$ad_server}.{$domain_lower} {$ADSERVER_IP} in hosts file done, restart\n"; kinit(); return; } } } echo "Starting......: " . date("H:i:s") . " {$function}, ADS Join {$ad_server}.{$domain_lower} ({$line})\n"; } } else { echo "Starting......: " . date("H:i:s") . " {$function}, ADS Already joined to \"{$KDC_SERVER}\"\n"; } if ($CyrusToAD == 1) { echo "Starting......: " . date("H:i:s") . " {$function}, Activate PAM for Cyrus sasl\n"; EnablePamd(); } else { echo "Starting......: " . date("H:i:s") . " {$function}, Disable PAM for Cyrus sasl\n"; DisablePamd(); } echo "Starting......: " . date("H:i:s") . " {$function}, DONE\n"; }