From d4c16bc57f318436179785f573ed424c4f0108e2 Mon Sep 17 00:00:00 2001
From: evbevz <bevz@onego.ru>
Date: Mon, 20 Nov 2017 07:42:19 +0400
Subject: [PATCH] Proxy sso update (#368)

(cherry picked from commit 182315b1a342d26c846dac6aa1e2679a89b29760)
---
 www/web-proxy-sso/Makefile                           |  2 +-
 .../OPNsense/ProxySSO/Api/ServiceController.php      | 12 ++++++------
 .../controllers/OPNsense/ProxySSO/forms/general.xml  |  6 ++++++
 .../mvc/app/models/OPNsense/ProxySSO/ProxySSO.php    |  8 ++++++++
 .../mvc/app/models/OPNsense/ProxySSO/ProxySSO.xml    |  3 +++
 .../scripts/OPNsense/ProxySSO/kerberos_test.sh       |  2 ++
 6 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/www/web-proxy-sso/Makefile b/www/web-proxy-sso/Makefile
index d63916bce..7505f4193 100644
--- a/www/web-proxy-sso/Makefile
+++ b/www/web-proxy-sso/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		web-proxy-sso
-PLUGIN_VERSION=		2.0
+PLUGIN_VERSION=		2.1
 PLUGIN_COMMENT=		Kerberos authentication module
 PLUGIN_DEPENDS=		msktutil cyrus-sasl-gssapi
 PLUGIN_MAINTAINER=	evbevz@gmail.com
diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php
index 0815a2d69..99e665886 100644
--- a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php
+++ b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php
@@ -42,10 +42,10 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
         if ($this->request->isPost()) {
             $backend = new Backend();
             $mdl = new ProxySSO();
-            $cnf = Config::getInstance()->toArray();
-            $hostname = 'HTTP/' . $cnf['system']['hostname'];
-            $domain = $cnf['system']['domain'];
-            $kerbname = substr(strtoupper($cnf['system']['hostname']), 0, 13) . "-K";
+            $cnf = Config::getInstance()->object();
+            $hostname = 'HTTP/' . $cnf->system->hostname;
+            $domain = $cnf->system->domain;
+            $kerbname = strtoupper((string)$mdl->KerberosHostName);
             $winver = (string)$mdl->ADKerberosImplementation == 'W2008' ? '2008' : '2003';
             $username = escapeshellarg($this->request->getPost("admin_login"));
             $pass = escapeshellarg($this->request->getPost("admin_password"));
@@ -66,8 +66,8 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
     {
         if ($this->request->isPost()) {
             $backend = new Backend();
-            $cnf = Config::getInstance()->toArray();
-            $fqdn = $cnf['system']['hostname'].'.'.$cnf['system']['domain'];
+            $cnf = Config::getInstance()->object();
+            $fqdn = $cnf->system->hostname .'.'.$cnf->system->domain;
             $username = escapeshellarg($this->request->getPost("login"));
             $pass = escapeshellarg($this->request->getPost("password"));
 
diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/forms/general.xml b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/forms/general.xml
index 9eeb7c6dd..042e44557 100644
--- a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/forms/general.xml
+++ b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/forms/general.xml
@@ -11,4 +11,10 @@
 		<type>dropdown</type>
 		<help>Select Windows Server version for AD controller</help>
 	</field>
+	<field>
+		<id>ProxySSO.KerberosHostName</id>
+		<label>Kerberos Account Name Of This Host In AD</label>
+		<type>text</type>
+		<help>Enter this computer account name to register in AD for kerberos access. Default is hostname with suffix '-K'.</help>
+	</field>
 </form>
diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php b/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php
index 76d8d1586..5b09a8e49 100644
--- a/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php
+++ b/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php
@@ -3,7 +3,15 @@
 namespace OPNsense\ProxySSO;
 
 use OPNsense\Base\BaseModel;
+use OPNsense\Core\Config;
 
 class ProxySSO extends BaseModel
 {
+	protected function init()
+	{
+		if($this->KerberosHostName == "") {
+			$hostname = (string)Config::getInstance()->object()->system->hostname;
+			$this->KerberosHostName = substr(strtoupper($hostname), 0, 13) . '-K';
+		}
+	}
 }
diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.xml b/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.xml
index 08f5e9abc..f43f0389e 100644
--- a/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.xml
+++ b/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.xml
@@ -16,5 +16,8 @@
             <W2008>Windows 2008 with AES</W2008>
         </OptionValues>
     </ADKerberosImplementation>
+    <KerberosHostName type="TextField">
+        <Required>N</Required>
+    </KerberosHostName>
 </items>
 </model>
diff --git a/www/web-proxy-sso/src/opnsense/scripts/OPNsense/ProxySSO/kerberos_test.sh b/www/web-proxy-sso/src/opnsense/scripts/OPNsense/ProxySSO/kerberos_test.sh
index 220ac7178..790ddac07 100755
--- a/www/web-proxy-sso/src/opnsense/scripts/OPNsense/ProxySSO/kerberos_test.sh
+++ b/www/web-proxy-sso/src/opnsense/scripts/OPNsense/ProxySSO/kerberos_test.sh
@@ -25,3 +25,5 @@ rm ${PASS_TMP}
 /usr/local/libexec/squid/negotiate_kerberos_auth_test ${FQDN} | awk '{sub(/Token:/,"YR"); print $0}END{print "QQ"}' | /usr/local/libexec/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME
 
 /usr/local/bin/kdestroy
+
+exit 0