netbird/plugins
0
0
Fork 0
mirror of https://github.com/netbirdio/plugins.git synced 2026-05-22 18:44:07 -07:00
Code Issues Packages Projects Releases Wiki Activity

www/web-proxy-sso: delete unmaintained/unfinished plugin

Browse Source
This commit is contained in:
Franco Fichtner
2017-09-25 10:53:07 +02:00
parent 74166077c9
commit 94df25e89c
20 changed files with 0 additions and 769 deletions
Download Patch File Download Diff File Expand all files Collapse all files
www/web-proxy-sso/Makefile
-9
View File
@@ -1,9 +0,0 @@
PLUGIN_NAME= web-proxy-sso
PLUGIN_VERSION= 0.3
PLUGIN_REVISION= 1
PLUGIN_COMMENT= Add SSO Active Directory to use in Proxy
PLUGIN_DEPENDS= msktutil
PLUGIN_MAINTAINER= gitdevmod@github.com
PLUGIN_DEVEL= yes
.include "../../Mk/plugins.mk"
www/web-proxy-sso/pkg-descr
-2
View File
@@ -1,2 +0,0 @@
Allow to use the web proxy with Single Sign-On against an
Active Directory instead of using a bundled authentication.
www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/SSOProxyAD/Api/ServiceController.php
-105
View File
@@ -1,105 +0,0 @@
<?php
/**
* Copyright (C) 2016 <gitdevmod@github.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\SSOProxyAD\Api;
use \OPNsense\Base\ApiControllerBase;
use \OPNsense\SSOProxyAD\SSOProxyAD;
use \OPNsense\Core\Backend;
use \OPNsense\Cron\Cron;
class ServiceController extends ApiControllerBase
{
public function reloadAction()
{
$status = "failed";
if ($this->request->isPost()) {
$mdlSSOProxyAD = new SSOProxyAD();
if ((string)$mdlSSOProxyAD->general->UpdateCron == "") {
$mdlCron = new Cron();
$mdlSSOProxyAD->general->UpdateCron = $mdlCron->newDailyJob(
"SSOProyAD",
"ssoproxyad updateDomain",
"SSOProxyAD updateDomain cron",
"1"
);
if ($mdlCron->performValidation()->count() == 0) {
$mdlCron->serializeToConfig();
$mdlMymodule->serializeToConfig($validateFullModel = false, $disable_validation = true);
Config::getInstance()->save();
}
}
$backend = new Backend();
$bckresult = trim($backend->configdRun('template reload OPNsense/SSOProxyAD'));
if ($bckresult == "OK") {
$status = "ok";
}
}
return array("status" => $status);
}
public function testAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
$bckresult = json_decode(trim($backend->configdRun("ssoproxyad test")), true);
if ($bckresult !== null) {
// only return valid json type responses
return $bckresult;
}
}
return array("message" => "unable to run config action");
}
public function joinDomainAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
$bckresult = json_decode(trim($backend->configdRun("ssoproxyad joinDomain")), true);
if ($bckresult !== null) {
// only return valid json type responses
return $bckresult;
}
}
return array("message" => "unable to run config action");
}
public function updateDomainAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
$bckresult = json_decode(trim($backend->configdRun("ssoproxyad updateDomain")), true);
if ($bckresult !== null) {
// only return valid json type responses
return $bckresult;
}
}
return array("message" => "unable to run config action");
}
}
www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/SSOProxyAD/Api/SettingsController.php
-52
View File
@@ -1,52 +0,0 @@
<?php
/**
* Copyright (C) 2016 <gitdevmod@github.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\SSOProxyAD\Api;
use \OPNsense\Base\ApiMutableModelControllerBase;
use \OPNsense\Core\Config;
class SettingsController extends ApiMutableModelControllerBase
{
static protected $internalModelClass = '\OPNsense\SSOProxyAD\SSOProxyAD';
static protected $internalModelName = 'ssoproxyad';
/**
* @return array plain model settings (non repeating items)
*/
protected function getModelNodes()
{
$settingsNodes = array('general');
$result = array();
$mdlSSO = $this->getModel();
foreach ($settingsNodes as $key) {
$result[$key] = $mdlSSO->$key->getNodes();
}
return $result;
}
}
www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/SSOProxyAD/IndexController.php
-39
View File
@@ -1,39 +0,0 @@
<?php
/**
* Copyright (C) 2016 <gitdevmod@github.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\SSOProxyAD;
class IndexController extends \OPNsense\Base\IndexController
{
public function indexAction()
{
$this->view->title = gettext('SSO Proxy Active Directory');
$this->view->pick('OPNsense/SSOProxyAD/index');
$this->view->generalForm = $this->getForm("general");
}
}
www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/SSOProxyAD/forms/general.xml
-33
View File
@@ -1,33 +0,0 @@
<form>
<field>
<id>ssoproxyad.general.Enabled</id>
<label>enabled</label>
<type>checkbox</type>
<help>Enable this feature</help>
</field>
<field>
<id>ssoproxyad.general.DomainName</id>
<label>Active Directory Domain Name</label>
<type>text</type>
</field>
<field>
<id>ssoproxyad.general.DomainDC</id>
<label>Active Directory Domain Controller</label>
<type>text</type>
</field>
<field>
<id>ssoproxyad.general.DomainVersion</id>
<label>Active Directory Domain Version</label>
<type>text</type>
</field>
<field>
<id>ssoproxyad.general.DomainUser</id>
<label>Active Directory Domain User</label>
<type>text</type>
</field>
<field>
<id>ssoproxyad.general.DomainPassword</id>
<label>Active Directory Domain Password</label>
<type>password</type>
</field>
</form>
www/web-proxy-sso/src/opnsense/mvc/app/library/OPNsense/Auth/SSOProxyAD.php
-73
View File
@@ -1,73 +0,0 @@
<?php
/**
* Copyright (C) 2016 <gitdevmod@github.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Auth;
use OPNsense\Core\Config;
/**
* Class SSOProxyAD connector
* @package OPNsense\Auth
*/
class SSOProxyAD implements IAuthConnector
{
public static function getType()
{
return 'ssoproxyad';
}
/**
* user friendly description of this authenticator
* @return string
*/
public function getDescription()
{
return gettext("SSO Proxy AD");
}
/**
* set connector properties
* @param array $config connection properties
*/
public function setProperties($config)
{
}
/**
* unused
* @return array mixed named list of authentication properties
*/
public function getLastAuthProperties()
{
return array();
}
public function authenticate($username, $password)
{
return false;
}
}
www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/SSOProxyAD/ACL/ACL.xml
-9
View File
@@ -1,9 +0,0 @@
<acl>
<page-user-ssoproxyad>
<name>Services: Web Proxy: SSO</name>
<patterns>
<pattern>ui/ssoproxyad/*</pattern>
<pattern>api/ssoproxyad/*</pattern>
</patterns>
</page-user-ssoproxyad>
</acl>
www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/SSOProxyAD/Menu/Menu.xml
-7
View File
@@ -1,7 +0,0 @@
<menu>
<Services>
<WebProxy>
<SSO VisibleName="Single-Sign On" url="/ui/ssoproxyad/"/>
</WebProxy>
</Services>
</menu>
www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/SSOProxyAD/SSOProxyAD.php
-35
View File
@@ -1,35 +0,0 @@
<?php
/**
* Copyright (C) 2016 <gitdevmod@github.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\SSOProxyAD;
use OPNsense\Base\BaseModel;
class SSOProxyAD extends BaseModel
{
}
www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/SSOProxyAD/SSOProxyAD.xml
-43
View File
@@ -1,43 +0,0 @@
<model>
<mount>//OPNsense/ssoproxyad</mount>
<description>
SSO Active Directory plugin
</description>
<items>
<general>
<Enabled type="BooleanField">
<default>1</default>
<Required>Y</Required>
</Enabled>
<DomainName type="TextField">
<Required>Y</Required>
</DomainName>
<DomainDC type="TextField">
<Required>Y</Required>
</DomainDC>
<DomainVersion type="TextField">
<Required>Y</Required>
</DomainVersion>
<DomainUser type="TextField">
<Required>Y</Required>
</DomainUser>
<DomainPassword type="UpdateOnlyTextField">
<Required>Y</Required>
</DomainPassword>
<UpdateCron type="ModelRelationField">
<Model>
<queues>
<source>OPNsense.Cron.Cron</source>
<items>jobs.job</items>
<display>description</display>
<filters>
<origin>/SSOProxyAD/</origin>
</filters>
</queues>
</Model>
<ValidationMessage>Related cron not found.</ValidationMessage>
<Required>N</Required>
</UpdateCron>
</general>
</items>
</model>
www/web-proxy-sso/src/opnsense/mvc/app/views/OPNsense/SSOProxyAD/index.volt
-82
View File
@@ -1,82 +0,0 @@
{#
Copyright (C) 2016 <gitdevmod@github.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
#}
{{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_GeneralSettings'])}}
<script type="text/javascript">
$( document ).ready(function() {
var data_get_map = {'frm_GeneralSettings':"/api/ssoproxyad/settings/get"};
mapDataToFormUI(data_get_map).done(function(data){
// place actions to run after load, for example update form styles.
});
// link save button to API set action
$("#saveAct").click(function(){
saveFormToEndpoint(url="/api/ssoproxyad/settings/set",formid='frm_GeneralSettings',callback_ok=function(){
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/ssoproxyad/service/reload", sendData={},callback=function(data,status) {
// action to run after reload
});
});
});
$("#testAct").click(function(){
$("#responseMsg").removeClass("hidden");
ajaxCall(url="/api/ssoproxyad/service/test", sendData={},callback=function(data,status) {
// action to run after reload
$("#responseMsg").html(data['message']);
});
});
$("#joinDomainAct").click(function(){
$("#responseMsg").removeClass("hidden");
ajaxCall(url="/api/ssoproxyad/service/joinDomain", sendData={},callback=function(data,status) {
// action to run after reload
$("#responseMsg").html(data['message']);
});
});
$("#updateDomainAct").click(function(){
$("#responseMsg").removeClass("hidden");
ajaxCall(url="/api/ssoproxyad/service/updateDomain", sendData={},callback=function(data,status) {
// action to run after reload
$("#responseMsg").html(data['message']);
});
});
});
</script>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Save') }}</b></button>
</div>
<div class="alert alert-info hidden" role="alert" id="responseMsg">
</div>
<button class="btn btn-primary" id="testAct" type="button"><b>{{ lang._('Test') }}</b></button>
<button class="btn btn-primary" id="joinDomainAct" type="button"><b>{{ lang._('Join Domain') }}</b></button>
<button class="btn btn-primary" id="updateDomainAct" type="button"><b>{{ lang._('Update Domain') }}</b></button>
www/web-proxy-sso/src/opnsense/scripts/OPNsense/SSOProxyAD/joinDomain.php
-90
View File
@@ -1,90 +0,0 @@
#!/usr/local/bin/php
<?php
/**
* Copyright (C) 2016 <gitdevmod@github.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
// Use legacy code to export certificates to the filesystem.
require_once("config.inc");
require_once("certs.inc");
require_once("legacy_bindings.inc");
use OPNsense\Core\Config;
global $config;
$configObj = Config::getInstance()->object();
$hostname = $configObj->system->hostname;
$fqdn = $hostname . "." . $configObj->system->domain;
if (isset($configObj->OPNsense->ssoproxyad)) {
foreach ($configObj->OPNsense->ssoproxyad->general as $ssoproxyad) {
$enabled = $ssoproxyad->Enabled;
$domainname = $ssoproxyad->DomainName;
$domaindc = $ssoproxyad->DomainDC;
$domainversion = $ssoproxyad->DomainVersion;
$domainuser = $ssoproxyad->DomainUser;
$domainpassword = $ssoproxyad->DomainPassword;
}
}
$keytab = '/usr/local/etc/ssoproxyad/PROXY.keytab';
$cmd_2003 = '/usr/local/sbin/msktutil -c -b CN=COMPUTERS -s HTTP -k ' . $keytab . ' --computer-name ' . strtoupper($hostname) . ' --upn HTTP/' . $fqdn. ' --server ' . $domaindc . ' 2>&1';
$cmd_2008 = '/usr/local/sbin/msktutil -c -b CN=COMPUTERS -s HTTP -k ' . $keytab . ' --computer-name ' . strtoupper($hostname) . ' --upn HTTP/' . $fqdn. ' --server ' . $domaindc . ' --enctypes 28 2>&1';
if ($enabled == 1) {
$krb5secret = '/usr/local/etc/ssoproxyad/krb5secret';
if (!file_exists($keytab)) {
file_put_contents($krb5secret, $domainpassword);
chmod($krb5secret, 0600);
exec('/usr/local/bin/kinit --password-file="' . $krb5secret . '" ' . $domainuser. "@" . strtoupper($domainname) . " 2>&1", $output_kinit, $error_kinit);
if ($error_kinit > 0) {
$out = implode($output_kinit);
$return = array('message' => "$out");
} else {
if ($domainversion == '2003') {
exec($cmd_2003, $output_msktutil, $error_msktutil);
} elseif ($domainversion == '2008') {
exec($cmd_2008, $output_msktutil, $error_msktutil);
}
if ((file_exists($keytab)) and ($error_msktutil <= 0)) {
chown($keytab, 'squid');
chgrp($keytab, 'squid');
exec("/usr/local/bin/kdestroy 2>&1", $output_kdestroy, $error_kdestroy);
$return = array('message' => "keytab created");
} else {
$out = implode($output_msktutil);
$return = array('message' => "Unable to create keytab: $out");
}
}
} else {
$return = array('message' => "keytab already exists");
}
}
if (file_exists($krb5secret)) {
unlink($krb5secret);
}
echo json_encode($return);
www/web-proxy-sso/src/opnsense/scripts/OPNsense/SSOProxyAD/testConnection.py
-42
View File
@@ -1,42 +0,0 @@
#!/usr/local/bin/python2.7
"""
Copyright (c) 2016 <gitdevmod@github.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
"""
import os
import socket
import json
ssoproxyad_config = '/usr/local/etc/ssoproxyad/krb5.conf'
result = {}
if os.path.exists(ssoproxyad_config):
result['message'] = 'test ok!'
else:
# no config
result['message'] = 'no configuration file found'
print (json.dumps(result))
www/web-proxy-sso/src/opnsense/scripts/OPNsense/SSOProxyAD/updateDomain.php
-71
View File
@@ -1,71 +0,0 @@
#!/usr/local/bin/php
<?php
/**
* Copyright (C) 2016 <gitdevmod@github.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
// Use legacy code to export certificates to the filesystem.
require_once("config.inc");
require_once("certs.inc");
require_once("legacy_bindings.inc");
require_once("util.inc");
use OPNsense\Core\Config;
global $config;
$configObj = Config::getInstance()->object();
$hostname = $configObj->system->hostname;
$fqdn = $hostname . "." . $configObj->system->domain;
if (isset($configObj->OPNsense->ssoproxyad)) {
foreach ($configObj->OPNsense->ssoproxyad->general as $ssoproxyad) {
$enabled = $ssoproxyad->Enabled;
}
}
if ($enabled == 1) {
$keytab = '/usr/local/etc/ssoproxyad/PROXY.keytab';
if (file_exists($keytab)) {
$cmd = exec_safe('/usr/local/sbin/msktutil %s %s %s %s %s 2>&1', array(
'--auto-update',
'--computer-name',
strtolower($hostname),
'--keytab',
$keytab
));
exec($cmd, $output_msktutil, $error_msktutil);
$out = implode($output_msktutil);
if ($error_msktutil > 0) {
$return = array('message' => "Unable to auto-update: $out)");
} else {
$return = array('message' => "Auto-update successful: $out");
}
} else {
$return = array('message' => "keytab do not exists");
}
}
echo json_encode($return);
www/web-proxy-sso/src/opnsense/service/conf/actions.d/actions_ssoproxyad.conf
-17
View File
@@ -1,17 +0,0 @@
[test]
command:/usr/local/opnsense/scripts/OPNsense/SSOProxyAD/testConnection.py
parameters:
type:script_output
message:SSO Proxy AD module test
[joinDomain]
command:/usr/local/opnsense/scripts/OPNsense/SSOProxyAD/joinDomain.php
parameters:
type:script_output
message:SSO Proxy AD module join AD domain
[updateDomain]
command:/usr/local/opnsense/scripts/OPNsense/SSOProxyAD/updateDomain.php
parameters:
type:script_output
message:SSO Proxy AD module update AD domain
www/web-proxy-sso/src/opnsense/service/templates/OPNsense/Proxy/squid.user.alt_auth.conf
-14
View File
@@ -1,14 +0,0 @@
{% if helpers.exists('OPNsense.proxy.forward.authentication.method') %}
{% if helpers.exists('system.authserver') %}
{% for server in helpers.toList('system.authserver') %}
{% if server.name == OPNsense.proxy.forward.authentication.method %}
{% if server.type == "ssoproxyad" %}
auth_param negotiate program "/usr/local/libexec/squid/negotiate_kerberos_auth"
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl local_auth proxy_auth REQUIRED
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
www/web-proxy-sso/src/opnsense/service/templates/OPNsense/SSOProxyAD/+TARGETS
-2
View File
@@ -1,2 +0,0 @@
krb5.conf:/usr/local/etc/ssoproxyad/krb5.conf
rc.conf:/etc/rc.conf.d/squid/ssoproxyad
www/web-proxy-sso/src/opnsense/service/templates/OPNsense/SSOProxyAD/krb5.conf
-33
View File
@@ -1,33 +0,0 @@
{% if helpers.exists('OPNsense.ssoproxyad.general') and OPNsense.ssoproxyad.general.Enabled|default("0") == "1" %}
[libdefaults]
default_realm = {{ OPNsense.ssoproxyad.general.DomainName|upper }}
dns_lookup_kdc = no
dns_lookup_realm = no
ticket_lifetime = 24h
default_keytab_name = /usr/local/etc/ssoproxyad/PROXY.keytab
{% if helpers.exists('OPNsense.ssoproxyad.general.DomainVersion') and OPNsense.ssoproxyad.general.DomainVersion == '2003' %}
default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
{% endif %}
{% if helpers.exists('OPNsense.ssoproxyad.general.DomainVersion') and OPNsense.ssoproxyad.general.DomainVersion == '2008' %}
; for Windows 2008 with AES
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
{% endif %}
[realms]
{{ OPNsense.ssoproxyad.general.DomainName|upper }} = {
kdc = {{ OPNsense.ssoproxyad.general.DomainDC|lower }}.{{ OPNsense.ssoproxyad.general.DomainName|lower }}
admin_server = {{ OPNsense.ssoproxyad.general.DomainDC|lower }}.{{ OPNsense.ssoproxyad.general.DomainName|lower }}
default_domain = {{ OPNsense.ssoproxyad.general.DomainName|lower }}
}
[domain_realm]
.{{ OPNsense.ssoproxyad.general.DomainName|lower }} = {{ OPNsense.ssoproxyad.general.DomainName|upper }}
{{ OPNsense.ssoproxyad.general.DomainName|lower }} = {{ OPNsense.ssoproxyad.general.DomainName|upper }}
{% endif %}
www/web-proxy-sso/src/opnsense/service/templates/OPNsense/SSOProxyAD/rc.conf
-11
View File
@@ -1,11 +0,0 @@
{% if helpers.exists('system.authserver') %}
{% for server in helpers.toList('system.authserver') %}
{% if helpers.exists('OPNsense.proxy.forward.authentication.method') %}
{% if server.name == OPNsense.proxy.forward.authentication.method %}
{% if server.type == "ssoproxyad" %}
squid_krb5_ktname="/usr/local/etc/ssoproxyad/PROXY.keytab"
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}