From 159c21f4e76f614ff6047fe07c0a4c2d16b80197 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sun, 11 Nov 2012 11:35:45 +0000
Subject: [PATCH] support MIT Kerberos

---
 lam/HISTORY                         |  2 ++
 lam/lib/modules/sambaSamAccount.inc | 22 ++++++++++++++++++++++
 lam/lib/modules/shadowAccount.inc   | 22 ++++++++++++++++++++++
 lam/lib/types/user.inc              | 10 ++++++++++
 4 files changed, 56 insertions(+)

diff --git a/lam/HISTORY b/lam/HISTORY
index ee20ca44..6d4a1247 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -2,6 +2,8 @@ December 2012
   - account profiles and PDF structures are now bound to server profile
   - IMAP: support "/" as path separator (RFE 3575692)
   - show server profile name on config pages (RFE 3579768)
+  - LAM Pro:
+   -> MIT Kerberos support
 
 
 25.09.2012 3.9
diff --git a/lam/lib/modules/sambaSamAccount.inc b/lam/lib/modules/sambaSamAccount.inc
index 0b2f8ea0..d4935ea4 100644
--- a/lam/lib/modules/sambaSamAccount.inc
+++ b/lam/lib/modules/sambaSamAccount.inc
@@ -997,6 +997,14 @@ class sambaSamAccount extends baseModule implements passwordService {
 				$this->getAccountContainer()->getAccountModule('heimdalKerberos')->setExpirationDate(
 					$_POST['expire_yea'], $_POST['expire_mon'], $_POST['expire_day']);
 			}
+			if (isset($_POST['syncMIT']) && ($_POST['syncMIT'] == 'on')) {
+				$this->getAccountContainer()->getAccountModule('mitKerberos')->setExpirationDate(
+					$_POST['expire_yea'], $_POST['expire_mon'], $_POST['expire_day']);
+			}
+			if (isset($_POST['syncMITStructural']) && ($_POST['syncMITStructural'] == 'on')) {
+				$this->getAccountContainer()->getAccountModule('mitKerberosStructural')->setExpirationDate(
+					$_POST['expire_yea'], $_POST['expire_mon'], $_POST['expire_day']);
+			}
 		}
 		elseif (strpos($buttonName, '_del') !== false) {
 			// remove attribute value
@@ -1010,6 +1018,14 @@ class sambaSamAccount extends baseModule implements passwordService {
 				$this->getAccountContainer()->getAccountModule('heimdalKerberos')->setExpirationDate(
 					null, null, null);
 			}
+			if (isset($_POST['syncMIT']) && ($_POST['syncMIT'] == 'on')) {
+				$this->getAccountContainer()->getAccountModule('mitKerberos')->setExpirationDate(
+					null, null, null);
+			}
+			if (isset($_POST['syncMITStructural']) && ($_POST['syncMITStructural'] == 'on')) {
+				$this->getAccountContainer()->getAccountModule('mitKerberosStructural')->setExpirationDate(
+					null, null, null);
+			}
 		}
 		return $return;
 	}
@@ -1412,6 +1428,12 @@ class sambaSamAccount extends baseModule implements passwordService {
 		if ($this->getAccountContainer()->getAccountModule('heimdalKerberos') != null) {
 			$return->addElement(new htmlTableExtendedInputCheckbox('syncHeimdal', false, _('Set also for Kerberos')), true);
 		}
+		if ($this->getAccountContainer()->getAccountModule('mitKerberos') != null) {
+			$return->addElement(new htmlTableExtendedInputCheckbox('syncMIT', false, _('Set also for Kerberos')), true);
+		}
+		if ($this->getAccountContainer()->getAccountModule('mitKerberosStructural') != null) {
+			$return->addElement(new htmlTableExtendedInputCheckbox('syncMITStructural', false, _('Set also for Kerberos')), true);
+		}
 		$return->addElement(new htmlSpacer(null, '10px'), true);
 		$buttons = new htmlTable();
 		$buttons->addElement(new htmlAccountPageButton(get_class($this), 'attributes', 'change' . $attr, _('Change')));
diff --git a/lam/lib/modules/shadowAccount.inc b/lam/lib/modules/shadowAccount.inc
index 395d4047..eebd9800 100644
--- a/lam/lib/modules/shadowAccount.inc
+++ b/lam/lib/modules/shadowAccount.inc
@@ -391,6 +391,14 @@ class shadowAccount extends baseModule implements passwordService {
 				$this->getAccountContainer()->getAccountModule('heimdalKerberos')->setExpirationDate(
 					$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
 			}
+			if (isset($_POST['syncMIT']) && ($_POST['syncMIT'] == 'on')) {
+				$this->getAccountContainer()->getAccountModule('mitKerberos')->setExpirationDate(
+					$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
+			}
+			if (isset($_POST['syncMITStructural']) && ($_POST['syncMITStructural'] == 'on')) {
+				$this->getAccountContainer()->getAccountModule('mitKerberosStructural')->setExpirationDate(
+					$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
+			}
 		}
 		// remove expiration date
 		elseif (isset($_POST['form_subpage_shadowAccount_attributes_del'])) {
@@ -404,6 +412,14 @@ class shadowAccount extends baseModule implements passwordService {
 				$this->getAccountContainer()->getAccountModule('heimdalKerberos')->setExpirationDate(
 					null, null, null);
 			}
+			if (isset($_POST['syncMIT']) && ($_POST['syncMIT'] == 'on')) {
+				$this->getAccountContainer()->getAccountModule('mitKerberos')->setExpirationDate(
+					null, null, null);
+			}
+			if (isset($_POST['syncMITStructural']) && ($_POST['syncMITStructural'] == 'on')) {
+				$this->getAccountContainer()->getAccountModule('mitKerberosStructural')->setExpirationDate(
+					null, null, null);
+			}
 		}
 		return $errors;		
 	}
@@ -436,6 +452,12 @@ class shadowAccount extends baseModule implements passwordService {
 		if ($this->getAccountContainer()->getAccountModule('heimdalKerberos') != null) {
 			$return->addElement(new htmlTableExtendedInputCheckbox('syncHeimdal', false, _('Set also for Kerberos')), true);
 		}
+		if ($this->getAccountContainer()->getAccountModule('mitKerberos') != null) {
+			$return->addElement(new htmlTableExtendedInputCheckbox('syncMIT', false, _('Set also for Kerberos')), true);
+		}
+		if ($this->getAccountContainer()->getAccountModule('mitKerberosStructural') != null) {
+			$return->addElement(new htmlTableExtendedInputCheckbox('syncMITStructural', false, _('Set also for Kerberos')), true);
+		}
 		$return->addElement(new htmlSpacer(null, '10px'), true);
 		$buttonTable = new htmlTable();
 		$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'change', _('Change')));
diff --git a/lam/lib/types/user.inc b/lam/lib/types/user.inc
index 6c497685..521c58ab 100644
--- a/lam/lib/types/user.inc
+++ b/lam/lib/types/user.inc
@@ -129,6 +129,13 @@ class user extends baseType {
 		if ($container->getAccountModule('posixAccount') != null) {
 			$unixAttributes = $container->getAccountModule('posixAccount')->getAttributes();
 		}
+		$mitKerberosAttributes = null;
+		if ($container->getAccountModule('mitKerberosStructural') != null) {
+			$mitKerberosAttributes = $container->getAccountModule('mitKerberosStructural')->getAttributes();
+		}
+		elseif ($container->getAccountModule('mitKerberos') != null) {
+			$mitKerberosAttributes = $container->getAccountModule('mitKerberos')->getAttributes();
+		}
 		// check if first and last name can be shown
 		if (($personalAttributes != null) && isset($personalAttributes['sn'][0]) && isset($personalAttributes['givenName'][0])) {
 			return htmlspecialchars($personalAttributes['givenName'][0] . ' ' . $personalAttributes['sn'][0]);
@@ -154,6 +161,9 @@ class user extends baseType {
 		if (($accountAttributes != null) && isset($accountAttributes['uid'][0])) {
 			return htmlspecialchars($accountAttributes['uid'][0]);
 		}
+		if (($mitKerberosAttributes != null) && isset($mitKerberosAttributes['krbPrincipalName'][0])) {
+			return htmlspecialchars($mitKerberosAttributes['krbPrincipalName'][0]);
+		}
 		if ($container->isNewAccount) {
 			return _("New user");
 		}