diff options
| author | Simon Rettberg | 2016-11-18 16:51:52 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2016-11-18 16:51:52 +0100 |
| commit | bcfc1f32d35f7ec61c9b18d27d84f0dca60137c8 (patch) | |
| tree | 59bfeef4084f7f254a3698d218f215862cd772d4 | |
| parent | [statistics] Add support for parsing GPT output from busybox fdisk (diff) | |
| download | slx-admin-bcfc1f32d35f7ec61c9b18d27d84f0dca60137c8.tar.gz slx-admin-bcfc1f32d35f7ec61c9b18d27d84f0dca60137c8.tar.xz slx-admin-bcfc1f32d35f7ec61c9b18d27d84f0dca60137c8.zip | |
[sysconfig] Improve ad handling once again
| -rw-r--r-- | modules-available/sysconfig/addmodule_adauth.inc.php | 41 | ||||
| -rw-r--r-- | modules-available/sysconfig/templates/ad-selfsearch.html | 2 |
2 files changed, 32 insertions, 11 deletions
diff --git a/modules-available/sysconfig/addmodule_adauth.inc.php b/modules-available/sysconfig/addmodule_adauth.inc.php index 4c65f7f9..238b7490 100644 --- a/modules-available/sysconfig/addmodule_adauth.inc.php +++ b/modules-available/sysconfig/addmodule_adauth.inc.php @@ -4,6 +4,10 @@ * Wizard for setting up active directory integration for authentication. */ +define('AD_SHORT_REGEX', '#^([^\[\]\:;\|\=\+\?\<\>\*"/\\\\,]+)[/\\\\]([^\[\]\:;\|\=\+\?\<\>\*"/\\\\,]+)$#'); +define('AD_BOTH_REGEX', '#^[^\[\]\:;\|\=\+\?\<\>\*"/\\\\,]+[/\\\\@][^\[\]\:;\|\=\+\?\<\>\*"/\\\\,]+$#'); +define('AD_AT_REGEX', '#^([^\[\]\:;\|\=\+\?\<\>\*"/\\\\,]+)@([^\[\]\:;\|\=\+\?\<\>\*"/\\\\,]+)$#'); + class AdAuth_Start extends AddModule_Base { @@ -36,8 +40,14 @@ class AdAuth_CheckConnection extends AddModule_Base private $scanTask; private $server; + private $searchBase; + + private $bindDn; + protected function preprocessInternal() { + $this->bindDn = Ldap::normalizeDn(Request::post('binddn', '', 'string')); + $this->searchBase = Ldap::normalizeDn(Request::post('searchbase', '', 'string')); $this->server = Request::post('server'); $binddn = Request::post('binddn'); $ssl = Request::post('ssl', 'off') === 'on'; @@ -46,6 +56,11 @@ class AdAuth_CheckConnection extends AddModule_Base AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() return; } + if ((preg_match(AD_AT_REGEX, $this->bindDn) > 0) && (strlen($this->searchBase) < 2)) { + Message::addError('main.empty-field', 'searchBase'); + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } if (preg_match('/^([^\:]+)\:(\d+)$/', $this->server, $out)) { $ports = array($out[2]); $this->server = $out[1]; @@ -67,14 +82,12 @@ class AdAuth_CheckConnection extends AddModule_Base protected function renderInternal() { - $searchBase = Ldap::normalizeDn(Request::post('searchbase', '', 'string')); - $bindDn = Ldap::normalizeDn(Request::post('binddn', '', 'string')); $data = array( 'edit' => Request::post('edit'), 'title' => Request::post('title'), 'server' => $this->server, - 'searchbase' => $searchBase, - 'binddn' => $bindDn, + 'searchbase' => $this->searchBase, + 'binddn' => $this->bindDn, 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), 'homeattr' => Request::post('homeattr'), @@ -83,7 +96,7 @@ class AdAuth_CheckConnection extends AddModule_Base 'taskid' => $this->scanTask['id'] ); $data['prev'] = 'AdAuth_Start'; - if ((preg_match('#^\w+[/\\\\]\w+$#', $bindDn) > 0) || (strlen($searchBase) < 2)) { + if ((preg_match(AD_BOTH_REGEX, $this->bindDn) > 0) || (strlen($this->searchBase) < 2)) { $data['next'] = 'AdAuth_SelfSearch'; } elseif (empty($data['homeattr'])) { $data['next'] = 'AdAuth_HomeAttrCheck'; @@ -133,10 +146,15 @@ class AdAuth_SelfSearch extends AddModule_Base 'searchbase' => $searchbase, 'bindpw' => $bindpw, ); - if (preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out) && !empty($out[1])) { + error_log("'$binddn'"); + error_log(preg_match(AD_SHORT_REGEX, $binddn, $out)); + error_log(print_r($out, true)); + if (preg_match(AD_SHORT_REGEX, $binddn, $out) && !empty($out[2])) { $this->originalBindDn = str_replace('/', '\\', $binddn); + $taskData['filter'] = 'sAMAccountName=' . $out[2]; + } elseif (preg_match(AD_AT_REGEX, $binddn, $out) && !empty($out[1])) { $taskData['filter'] = 'sAMAccountName=' . $out[1]; - } elseif (preg_match('/^cn=([^=]+),.*?,dc=([^=]+),/i', Ldap::normalizeDn($binddn), $out)) { + } elseif (preg_match('/^cn\=([^\=]+),.*?,dc\=([^\=]+),/i', Ldap::normalizeDn($binddn), $out)) { if (empty($searchbase)) { $this->originalBindDn = $out[2] . '\\' . $out[1]; $taskData['filter'] = 'sAMAccountName=' . $out[1]; @@ -147,6 +165,8 @@ class AdAuth_SelfSearch extends AddModule_Base } else { Message::addError('could-not-determine-binddn', $binddn); $this->originalBindDn = $binddn; + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; } $taskData['binddn'] = $this->originalBindDn; $selfSearch = Taskmanager::submit('LdapSearch', $taskData); @@ -214,7 +234,7 @@ class AdAuth_HomeAttrCheck extends AddModule_Base } else { $uri = "ldap://$server:$port/"; } - preg_match('#^(\w+=[^,]+),#', $binddn, $out); + preg_match('#^(\w+\=[^\=]+),#', $binddn, $out); $filter = $out[1]; $data = array( 'server' => $uri, @@ -338,7 +358,7 @@ class AdAuth_HomeDir extends AddModule_Base if (empty($this->searchbase)) { // If no search base was given, determine it from the dn $originalBindDn = str_replace('\\', '/', trim(Request::post('originalbinddn'))); - if (!preg_match('#^([^/]+)/[^/]+$#', $originalBindDn, $out)) { + if (!preg_match(AD_SHORT_REGEX, $originalBindDn, $out)) { Message::addError('main.value-invalid', 'binddn', $originalBindDn); Util::redirect('?do=SysConfig&action=addmodule&step=AdAuth_Start'); } // $out[1] is the domain @@ -391,7 +411,8 @@ class AdAuth_HomeDir extends AddModule_Base $data['shareRemapMode_' . $this->edit->getData('shareRemapMode')] = 'selected="selected"'; $letter = $this->edit->getData('shareHomeDrive'); } else { - $data['shareDownloads'] = $data['shareMedia'] = $data['shareDocuments'] = 'selected="selected"'; + $data['shareDownloads_c'] = $data['shareMedia_c'] = $data['shareDocuments_c'] = $data['shareRemapCreate_c'] = 'checked="checked"'; + $data['shareRemapMode_1'] = 'selected="selected"'; $letter = 'H:'; } $data['drives'] = array(); diff --git a/modules-available/sysconfig/templates/ad-selfsearch.html b/modules-available/sysconfig/templates/ad-selfsearch.html index 5fadd92e..b60cc3af 100644 --- a/modules-available/sysconfig/templates/ad-selfsearch.html +++ b/modules-available/sysconfig/templates/ad-selfsearch.html @@ -65,7 +65,7 @@ var search = $('#searchbase').val(); if ($('#searchbase').val().length < 2) { var givenDn = $('#givendn').val(); - if (new RegExp('^\\w+[\\/\\\\]\\w+$').test(givenDn)) { + if (new RegExp('^([^\\[\\]\\:;\\|\\=\\+\\?\\<\\>\\*"/\\\\,]+)[/\\\\]([^\\[\\]\\:;\\|\\=\\+\\?\\<\\>\\*"/\\\\,]+)$').test(givenDn)) { domain = givenDn.replace(/[\/\\]\S+$/i, ''); var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i")); if (idx !== -1) { |