Proxy sso update (#368)

(cherry picked from commit 182315b1a3)

www/web-proxy-sso/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		web-proxy-sso
-PLUGIN_VERSION=		2.0
+PLUGIN_VERSION=		2.1
 PLUGIN_COMMENT=		Kerberos authentication module
 PLUGIN_DEPENDS=		msktutil cyrus-sasl-gssapi
 PLUGIN_MAINTAINER=	evbevz@gmail.com

www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php

@@ -42,10 +42,10 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
         if ($this->request->isPost()) {
             $backend = new Backend();
             $mdl = new ProxySSO();
-            $cnf = Config::getInstance()->toArray();
-            $hostname = 'HTTP/' . $cnf['system']['hostname'];
-            $domain = $cnf['system']['domain'];
-            $kerbname = substr(strtoupper($cnf['system']['hostname']), 0, 13) . "-K";
+            $cnf = Config::getInstance()->object();
+            $hostname = 'HTTP/' . $cnf->system->hostname;
+            $domain = $cnf->system->domain;
+            $kerbname = strtoupper((string)$mdl->KerberosHostName);
             $winver = (string)$mdl->ADKerberosImplementation == 'W2008' ? '2008' : '2003';
             $username = escapeshellarg($this->request->getPost("admin_login"));
             $pass = escapeshellarg($this->request->getPost("admin_password"));
@@ -66,8 +66,8 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
     {
         if ($this->request->isPost()) {
             $backend = new Backend();
-            $cnf = Config::getInstance()->toArray();
-            $fqdn = $cnf['system']['hostname'].'.'.$cnf['system']['domain'];
+            $cnf = Config::getInstance()->object();
+            $fqdn = $cnf->system->hostname .'.'.$cnf->system->domain;
             $username = escapeshellarg($this->request->getPost("login"));
             $pass = escapeshellarg($this->request->getPost("password"));
 

www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/forms/general.xml

@@ -11,4 +11,10 @@
 		<type>dropdown</type>
 		<help>Select Windows Server version for AD controller</help>
 	</field>
+	<field>
+		<id>ProxySSO.KerberosHostName</id>
+		<label>Kerberos Account Name Of This Host In AD</label>
+		<type>text</type>
+		<help>Enter this computer account name to register in AD for kerberos access. Default is hostname with suffix '-K'.</help>
+	</field>
 </form>

www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php

@@ -3,7 +3,15 @@
 namespace OPNsense\ProxySSO;
 
 use OPNsense\Base\BaseModel;
+use OPNsense\Core\Config;
 
 class ProxySSO extends BaseModel
 {
+	protected function init()
+	{
+		if($this->KerberosHostName == "") {
+			$hostname = (string)Config::getInstance()->object()->system->hostname;
+			$this->KerberosHostName = substr(strtoupper($hostname), 0, 13) . '-K';
+		}
+	}
 }

www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.xml

@@ -16,5 +16,8 @@
             <W2008>Windows 2008 with AES</W2008>
         </OptionValues>
     </ADKerberosImplementation>
+    <KerberosHostName type="TextField">
+        <Required>N</Required>
+    </KerberosHostName>
 </items>
 </model>

www/web-proxy-sso/src/opnsense/scripts/OPNsense/ProxySSO/kerberos_test.sh

@@ -25,3 +25,5 @@ rm ${PASS_TMP}
 /usr/local/libexec/squid/negotiate_kerberos_auth_test ${FQDN} | awk '{sub(/Token:/,"YR"); print $0}END{print "QQ"}' | /usr/local/libexec/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME
 
 /usr/local/bin/kdestroy
+
+exit 0