function kinit_config(){
$sock=new sockets();
$CyrusToAD=$sock->GET_INFO("CyrusToAD");
$EnableSambaActiveDirectory=$sock->GET_INFO("EnableSambaActiveDirectory");
if(!is_numeric($EnableSambaActiveDirectory)){$EnableSambaActiveDirectory=0;}
if($CyrusToAD==null){$CyrusToAD=0;}
if($CyrusToAD==0){DisablePamd();return;}
EnablePamd();
$array=unserialize(base64_decode($sock->GET_INFO("CyrusToADConfig")));
if($EnableSambaActiveDirectory==1){
$newconf=unserialize(base64_decode($sock->GET_INFO("SambaAdInfos")));
$array["domain"]=$newconf["ADDOMAIN"];
$array["servername"]=$newconf["ADSERVER"];
$array["admin"]=$newconf["ADADMIN"];
$array["password"]=$newconf["PASSWORD"];
}
$default_realm=strtoupper($array["domain"]);
$servername=strtolower($array["servername"]);
$f[]="[logging]";
$f[]=" default = FILE:/var/log/krb5libs.log";
$f[]=" kdc = FILE:/var/log/krb5kdc.log";
$f[]=" admin_server = FILE:/var/log/kadmind.log";
$f[]="[libdefaults]";
$f[]=" clockskew = 300";
$f[]=" ticket_lifetime = 24h";
$f[]=" forwardable = yes";
$f[]=" default_realm = $default_realm";
$f[]="[realms]";
$f[]=" $default_realm = {";
$f[]=" kdc = $servername";
$f[]=" default_domain = $default_realm";
$f[]=" kpasswd_server = $servername";
$f[]="}";
$f[]="";
$f[]="[domain_realm]";
$f[]=" .$default_realm = $default_realm";
$f[]="[appdefaults]";
$f[]="pam = {";
$f[]=" debug = false";
$f[]=" ticket_lifetime = 36000";
$f[]=" renew_lifetime = 36000";
$f[]=" forwardable = true";
$f[]=" krb4_convert = false";
$f[]="}";
$f[]="";
@file_put_contents("/etc/krb5.conf",@implode("\n",$f));
RunKinit($array["admin"]."@".strtoupper($array["domain"]),$array["password"]);
if($GLOBALS["RELOAD"]){
shell_exec("/etc/init.d/artica-postfix restart saslauthd");
}
}
function kinit(){
$unix=new unix();
$kinit=$unix->find_program("kinit");
$echo=$unix->find_program("echo");
$net=$unix->LOCATE_NET_BIN_PATH();
$hostname=$unix->find_program("hostname");
$sock=new sockets();
$config=unserialize(base64_decode($sock->GET_INFO("SambaAdInfos")));
$domain=strtoupper($config["ADDOMAIN"]);
$domain_lower=strtolower($config["ADDOMAIN"]);
$cachefile="/etc/artica-postfix/NetADSInfo.cache";
$CyrusToAD=$sock->GET_INFO("CyrusToAD");
if(!is_numeric($CyrusToAD)){$CyrusToAD=0;}
$ADSERVER_IP=$config["ADSERVER_IP"];
@unlink("/etc/artica-postfix/NetADSInfo.cache");
$ad_server=strtolower($config["ADSERVER"]);
$kinitpassword=$config["PASSWORD"];
$kinitpassword=$unix->shellEscapeChars($kinitpassword);
if($kinit<>null){
shell_exec("$echo $kinitpassword|$kinit {$config["ADADMIN"]}@$domain");
}
exec($hostname,$results);
$servername=trim(@implode(" ",$results));
echo "Starting......: Samba using server name has $servername.$domain_lower\n";
shell_exec("/usr/share/artica-postfix/bin/artica-install --change-hostname $servername.$domain_lower");
echo "Starting......: connecting to $ad_server.$domain_lower\n";
@unlink($cachefile);
$NetADSINFOS=GetNetAdsInfos();
$KDC_SERVER=$NetADSINFOS["KDC server"];
$adminpassword=$config["PASSWORD"];
$WINBINDPASSWORD=$config["WINBINDPASSWORD"];
if(strlen($WINBINDPASSWORD)>2){
$WINBINDPASSWORD=$unix->shellEscapeChars($WINBINDPASSWORD);
exec("$net setauthuser -U winbind%$WINBINDPASSWORD 2>&1",$results);
while (list ($index, $line) = each ($results) ){writelogs("setauthuser [winbind]: $line",__FUNCTION__,__FILE__,__LINE__);}
}
echo "Starting......: checking winbindd daemon...\n";
shell_exec("/etc/init.d/artica-postfix start winbindd");
$adminpassword=$unix->shellEscapeChars($adminpassword);
if($KDC_SERVER==null){
$cmd="$net ads join -W $ad_server.$domain_lower -S $ad_server -U {$config["ADADMIN"]}%$adminpassword 2>&1";
if($GLOBALS["VERBOSE"]){echo $cmd."\n";}
exec("$cmd",$results);
while (list ($index, $line) = each ($results) ){
writelogs("ads join [{$config["ADADMIN"]}]: $line",__FUNCTION__,__FILE__,__LINE__);
if(preg_match("#DNS update failed#",$line)){
echo "Starting......: ADS Join FAILED with command line \"$cmd\"\n";
}
if(preg_match("#The network name cannot be found#",$line)){
echo "Starting......: ADS Join $ad_server.$domain_lower failed, unable to resolve it\n";
if($ADSERVER_IP<>null){
if(!$GLOBALS["CHANGE_ETC_HOSTS_AD"]){
$line=base64_encode("$ADSERVER_IP\t$ad_server.$domain_lower\t$ad_server");
$sock->getFrameWork("cmd.php?etc-hosts-add=$line");
$GLOBALS["CHANGE_ETC_HOSTS_AD"]=true;
echo "Starting......: ADS Join add $ad_server.$domain_lower $ADSERVER_IP in hosts file done, restart\n";
kinit();
return;
}
}
}
echo "Starting......: ADS Join $ad_server.$domain_lower ($line)\n";
}
}else{
echo "Starting......: ADS Already joined to \"$KDC_SERVER\"\n";
}
if($CyrusToAD==1){
echo "Starting......: Activate PAM for Cyrus sasl\n";
EnablePamd();
}else{
echo "Starting......: Disable PAM for Cyrus sasl\n";
DisablePamd();
}
}
function kinit()
{
$function = __FUNCTION__;
if (isset($GLOBALS["KINIT_RUN"])) {
echo "Starting......: " . date("H:i:s") . " {$function}, already executed..\n";
return;
}
$GLOBALS["KINIT_RUN"] = true;
$unix = new unix();
$kinit = $unix->find_program("kinit");
$echo = $unix->find_program("echo");
$net = $unix->LOCATE_NET_BIN_PATH();
$hostname = $unix->find_program("hostname");
$sock = new sockets();
$config = unserialize(base64_decode($sock->GET_INFO("SambaAdInfos")));
$domain = strtoupper($config["ADDOMAIN"]);
$domain_lower = strtolower($config["ADDOMAIN"]);
$cachefile = "/etc/artica-postfix/NetADSInfo.cache";
$CyrusToAD = $sock->GET_INFO("CyrusToAD");
if (!is_numeric($CyrusToAD)) {
$CyrusToAD = 0;
}
$ADSERVER_IP = $config["ADSERVER_IP"];
@unlink("/etc/artica-postfix/NetADSInfo.cache");
$ad_server = strtolower($config["ADSERVER"]);
$kinitpassword = $config["PASSWORD"];
$kinitpassword = $unix->shellEscapeChars($kinitpassword);
if ($kinit != null) {
echo "Starting......: " . date("H:i:s") . " {$function}, {$kinit} {$config["ADADMIN"]}@{$domain}...\n";
shell_exec("{$echo} {$kinitpassword}|{$kinit} {$config["ADADMIN"]}@{$domain}");
}
exec($hostname, $results);
$servername = trim(@implode(" ", $results));
echo "Starting......: " . date("H:i:s") . " {$function}, using server name has {$servername}.{$domain_lower}\n";
shell_exec("/usr/share/artica-postfix/bin/artica-install --change-hostname {$servername}.{$domain_lower}");
echo "Starting......: " . date("H:i:s") . " {$function}, connecting to {$ad_server}.{$domain_lower}\n";
@unlink($cachefile);
$NetADSINFOS = $unix->SAMBA_GetNetAdsInfos();
$KDC_SERVER = $NetADSINFOS["KDC server"];
$adminpassword = $config["PASSWORD"];
echo "Starting......: " . date("H:i:s") . " {$function}, setauthuser -> \"{$config["ADADMIN"]}\"\n";
exec("{$net} setauthuser -U {$config["ADADMIN"]}%{$kinitpassword} 2>&1", $results);
echo "Starting......: " . date("H:i:s") . " {$function}, checking winbindd daemon...\n";
shell_exec("/etc/init.d/artica-postfix start winbindd");
echo "Starting......: " . date("H:i:s") . " {$function}, KDC: \"{$KDC_SERVER}\"\n";
$adminpassword = $unix->shellEscapeChars($adminpassword);
$unix->THREAD_COMMAND_SET($unix->LOCATE_PHP5_BIN() . " " . __FILE__ . " --join");
if ($KDC_SERVER == null) {
$cmd = "{$net} ads join -W {$ad_server}.{$domain_lower} -S {$ad_server} -U {$config["ADADMIN"]}%{$adminpassword} 2>&1";
if ($GLOBALS["VERBOSE"]) {
echo $cmd . "\n";
}
exec("{$cmd}", $results);
while (list($index, $line) = each($results)) {
writelogs("ads join [{$config["ADADMIN"]}]: {$line}", __FUNCTION__, __FILE__, __LINE__);
if (preg_match("#DNS update failed#", $line)) {
echo "Starting......: " . date("H:i:s") . " ADS Join FAILED with command line \"{$cmd}\"\n";
}
if (preg_match("#The network name cannot be found#", $line)) {
echo "Starting......: " . date("H:i:s") . " ADS Join {$ad_server}.{$domain_lower} failed, unable to resolve it\n";
if ($ADSERVER_IP != null) {
if (!$GLOBALS["CHANGE_ETC_HOSTS_AD"]) {
$line = base64_encode("{$ADSERVER_IP}\t{$ad_server}.{$domain_lower}\t{$ad_server}");
$sock->getFrameWork("cmd.php?etc-hosts-add={$line}");
$GLOBALS["CHANGE_ETC_HOSTS_AD"] = true;
echo "Starting......: " . date("H:i:s") . " ADS Join add {$ad_server}.{$domain_lower} {$ADSERVER_IP} in hosts file done, restart\n";
kinit();
return;
}
}
}
echo "Starting......: " . date("H:i:s") . " {$function}, ADS Join {$ad_server}.{$domain_lower} ({$line})\n";
}
} else {
echo "Starting......: " . date("H:i:s") . " {$function}, ADS Already joined to \"{$KDC_SERVER}\"\n";
}
if ($CyrusToAD == 1) {
echo "Starting......: " . date("H:i:s") . " {$function}, Activate PAM for Cyrus sasl\n";
EnablePamd();
} else {
echo "Starting......: " . date("H:i:s") . " {$function}, Disable PAM for Cyrus sasl\n";
DisablePamd();
}
echo "Starting......: " . date("H:i:s") . " {$function}, DONE\n";
}
