diff options
author | Simon Rettberg | 2016-05-03 19:03:09 +0200 |
---|---|---|
committer | Simon Rettberg | 2016-05-03 19:03:09 +0200 |
commit | 50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66 (patch) | |
tree | 05e99fdffa696434960d7c77966c0bc36d6339e8 /modules/sysconfig/addmodule_adauth.inc.php | |
parent | Second half of merge.... (diff) | |
download | slx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.tar.gz slx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.tar.xz slx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.zip |
WIP
Diffstat (limited to 'modules/sysconfig/addmodule_adauth.inc.php')
-rw-r--r-- | modules/sysconfig/addmodule_adauth.inc.php | 413 |
1 files changed, 0 insertions, 413 deletions
diff --git a/modules/sysconfig/addmodule_adauth.inc.php b/modules/sysconfig/addmodule_adauth.inc.php deleted file mode 100644 index e295630c..00000000 --- a/modules/sysconfig/addmodule_adauth.inc.php +++ /dev/null @@ -1,413 +0,0 @@ -<?php - -/* - * Wizard for setting up active directory integration for authentication. - */ - -class AdAuth_Start extends AddModule_Base -{ - - protected function renderInternal() - { - $ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'certificate'); - $data = array(); - if ($this->edit !== false) { - moduleToArray($this->edit, $data, $ADAUTH_COMMON_FIELDS); - $data['title'] = $this->edit->title(); - $data['edit'] = $this->edit->id(); - } - postToArray($data, $ADAUTH_COMMON_FIELDS, true); - $obdn = Request::post('originalbinddn'); - if (!empty($obdn)) { - $data['binddn'] = $obdn; - } - if (preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) { - $data['server'] = $out[1]; - } - $data['step'] = 'AdAuth_CheckConnection'; - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad-start', $data); - } - -} - -class AdAuth_CheckConnection extends AddModule_Base -{ - - private $scanTask; - private $server; - - protected function preprocessInternal() - { - $this->server = Request::post('server'); - $binddn = Request::post('binddn'); - $ssl = Request::post('ssl', 'off') === 'on'; - if (empty($this->server) || empty($binddn)) { - Message::addError('empty-field'); - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - if (preg_match('/^([^\:]+)\:(\d+)$/', $this->server, $out)) { - $ports = array($out[2]); - $this->server = $out[1]; - } elseif ($ssl) { - $ports = array(636, 3269); - } else { - $ports = array(389, 3268); - } - $this->scanTask = Taskmanager::submit('PortScan', array( - 'host' => $this->server, - 'ports' => $ports, - 'certificate' => Request::post('certificate', '') - )); - if (!isset($this->scanTask['id'])) { - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - } - - protected function renderInternal() - { - $data = array( - 'edit' => Request::post('edit'), - 'title' => Request::post('title'), - 'server' => $this->server, - 'searchbase' => Util::normalizeDn(Request::post('searchbase')), - 'binddn' => Util::normalizeDn(Request::post('binddn')), - 'bindpw' => Request::post('bindpw'), - 'home' => Request::post('home'), - 'homeattr' => Request::post('homeattr'), - 'ssl' => Request::post('ssl'), - 'certificate' => Request::post('certificate', ''), - 'taskid' => $this->scanTask['id'] - ); - $data['prev'] = 'AdAuth_Start'; - if (preg_match('#^\w+[/\\\\]\w+$#', Request::post('binddn')) || strlen(Request::post('searchbase')) < 2) { - $data['next'] = 'AdAuth_SelfSearch'; - } elseif (empty($data['homeattr'])) { - $data['next'] = 'AdAuth_HomeAttrCheck'; - } else { - $data['next'] = 'AdAuth_CheckCredentials'; - } - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad_ldap-checkconnection', $data); - } - -} - -class AdAuth_SelfSearch extends AddModule_Base -{ - - private $taskIds; - private $originalBindDn; - - protected function preprocessInternal() - { - $server = Request::post('server'); - $port = Request::post('port'); - $searchbase = Request::post('searchbase', ''); - $binddn = Request::post('binddn'); - $bindpw = Request::post('bindpw'); - $ssl = Request::post('ssl', 'off') === 'on'; - if ($ssl && !Request::post('fingerprint')) { - Message::addError('error-read', 'fingerprint'); - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - if (empty($server) || empty($binddn) || empty($port)) { - Message::addError('empty-field'); - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - $this->originalBindDn = ''; - // Fix bindDN if short name given - // - if ($ssl) { // Use the specific AD ports so the domain\username bind works - $uri = "ldaps://$server:3269/"; - } else { - $uri = "ldap://$server:3268/"; - } - preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out); - $user = $out[1]; - $this->originalBindDn = str_replace('/', '\\', $binddn); - $selfSearch = Taskmanager::submit('LdapSearch', array( - 'server' => $uri, - 'searchbase' => $searchbase, - 'binddn' => $this->originalBindDn, - 'bindpw' => $bindpw, - 'filter' => "sAMAccountName=$user" - )); - if (!isset($selfSearch['id'])) { - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - $this->taskIds['self-search'] = $selfSearch['id']; - } - - protected function renderInternal() - { - $data = array( - 'edit' => Request::post('edit'), - 'title' => Request::post('title'), - 'server' => Request::post('server'), - 'port' => Request::post('port'), - 'searchbase' => Request::post('searchbase'), - 'binddn' => Request::post('binddn'), - 'bindpw' => Request::post('bindpw'), - 'home' => Request::post('home'), - 'homeattr' => Request::post('homeattr'), - 'ssl' => Request::post('ssl') === 'on', - 'fingerprint' => Request::post('fingerprint'), - 'certificate' => Request::post('certificate', ''), - 'originalbinddn' => $this->originalBindDn, - 'prev' => 'AdAuth_Start' - ); - if (empty($data['homeattr'])) { - $data['next'] = 'AdAuth_HomeAttrCheck'; - } else { - $data['next'] = 'AdAuth_CheckCredentials'; - } - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad-selfsearch', - array_merge($this->taskIds, $data)); - } - -} - -class AdAuth_HomeAttrCheck extends AddModule_Base -{ - - private $taskIds; - - protected function preprocessInternal() - { - $server = Request::post('server'); - $port = Request::post('port'); - $searchbase = Request::post('searchbase', ''); - $binddn = Request::post('binddn'); - $bindpw = Request::post('bindpw'); - $ssl = Request::post('ssl', 'off') === 'on'; - if ($ssl && !Request::post('fingerprint')) { - Message::addError('error-read', 'fingerprint'); - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - if (empty($server) || empty($binddn) || empty($port)) { - Message::addError('empty-field'); - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - if ($ssl) { - $uri = "ldaps://$server:$port/"; - } else { - $uri = "ldap://$server:$port/"; - } - preg_match('#^(\w+=[^,]+),#', $binddn, $out); - $filter = $out[1]; - $data = array( - 'server' => $uri, - 'searchbase' => $searchbase, - 'binddn' => $binddn, - 'bindpw' => $bindpw, - 'filter' => $filter - ); - $selfSearch = Taskmanager::submit('LdapSearch', $data); - if (!isset($selfSearch['id'])) { - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - $this->taskIds['self-search'] = $selfSearch['id']; - } - - protected function renderInternal() - { - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad-selfsearch', array_merge($this->taskIds, array( - 'edit' => Request::post('edit'), - 'title' => Request::post('title'), - 'server' => Request::post('server'), - 'port' => Request::post('port'), - 'searchbase' => Request::post('searchbase'), - 'binddn' => Request::post('binddn'), - 'bindpw' => Request::post('bindpw'), - 'home' => Request::post('home'), - 'homeattr' => Request::post('homeattr'), - 'ssl' => Request::post('ssl') === 'on', - 'fingerprint' => Request::post('fingerprint'), - 'certificate' => Request::post('certificate', ''), - 'originalbinddn' => Request::post('originalbinddn'), - 'tryHomeAttr' => true, - 'prev' => 'AdAuth_Start', - 'next' => 'AdAuth_CheckCredentials' - )) - ); - } - -} - -class AdAuth_CheckCredentials extends AddModule_Base -{ - - private $taskIds; - - protected function preprocessInternal() - { - $server = Request::post('server'); - $port = Request::post('port'); - $searchbase = Request::post('searchbase', ''); - $binddn = Request::post('binddn'); - $bindpw = Request::post('bindpw'); - $ssl = Request::post('ssl', 'off') === 'on'; - if ($ssl && !Request::post('fingerprint')) { - Message::addError('error-read', 'fingerprint'); - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - if (empty($server) || empty($binddn) || empty($port)) { - Message::addError('empty-field'); - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - // Test query 4 users - if ($ssl) { - $uri = "ldaps://$server:$port/"; - } else { - $uri = "ldap://$server:$port/"; - } - $ldapSearch = Taskmanager::submit('LdapSearch', array( - 'server' => $uri, - 'searchbase' => $searchbase, - 'binddn' => $binddn, - 'bindpw' => $bindpw - )); - if (!isset($ldapSearch['id'])) { - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - $this->taskIds = array( - 'tm-search' => $ldapSearch['id'] - ); - if (isset($selfSearch['id'])) - $this->taskIds['self-search'] = $selfSearch['id']; - } - - protected function renderInternal() - { - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad_ldap-checkcredentials', array_merge($this->taskIds, array( - 'edit' => Request::post('edit'), - 'title' => Request::post('title'), - 'server' => Request::post('server') . ':' . Request::post('port'), - 'searchbase' => Request::post('searchbase'), - 'binddn' => Request::post('binddn'), - 'bindpw' => Request::post('bindpw'), - 'home' => Request::post('home'), - 'homeattr' => Request::post('homeattr'), - 'ssl' => Request::post('ssl') === 'on', - 'fingerprint' => Request::post('fingerprint'), - 'certificate' => Request::post('certificate', ''), - 'originalbinddn' => Request::post('originalbinddn'), - 'prev' => 'AdAuth_Start', - 'next' => 'AdAuth_Finish' - )) - ); - } - -} - -class AdAuth_Finish extends AddModule_Base -{ - - private $taskIds; - - protected function preprocessInternal() - { - $binddn = Request::post('binddn'); - $searchbase = Request::post('searchbase'); - if (empty($searchbase)) { - // If no search base was given, determine it from the dn - $originalBindDn = str_replace('\\', '/', trim(Request::post('originalbinddn'))); - if (!preg_match('#^([^/]+)/[^/]+$#', $originalBindDn, $out)) { - Message::addError('value-invalid', 'binddn', $originalBindDn); - Util::redirect('?do=SysConfig&action=addmodule&step=AdAuth_Start'); - } // $out[1] is the domain - // Find the domain in the dn - $i = mb_stripos($binddn, '=' . $out[1] . ','); - if ($i === false) { - Message::addError('value-invalid', 'binddn', $out[1]); - Util::redirect('?do=SysConfig&action=addmodule&step=AdAuth_Start'); - } - // Now find ',' before it so we get the key - $i = mb_strrpos(mb_substr($binddn, 0, $i), ','); - if ($i === false) - $i = -1; - $searchbase = mb_substr($binddn, $i + 1); - } else { - $somedn = Request::post('somedn', false); - if (!empty($somedn)) { - $i = stripos($somedn, $searchbase); - if ($i !== false) { - $searchbase = substr($somedn, $i, strlen($searchbase)); - } - } - } - $title = Request::post('title'); - if (empty($title)) - $title = 'AD: ' . Request::post('server'); - if ($this->edit === false) - $module = ConfigModule::getInstance('AdAuth'); - else - $module = $this->edit; - $ssl = Request::post('ssl', 'off') === 'on'; - $module->setData('server', Request::post('server')); - $module->setData('searchbase', $searchbase); - $module->setData('binddn', $binddn); - $module->setData('bindpw', Request::post('bindpw')); - $module->setData('home', Request::post('home')); - $module->setData('homeattr', Request::post('homeattr')); - $module->setData('certificate', Request::post('certificate')); - $module->setData('ssl', $ssl); - if ($ssl) { - $module->setData('fingerprint', Request::post('fingerprint', '')); - } else { - $module->setData('fingerprint', ''); - } - if ($this->edit !== false) - $ret = $module->update($title); - else - $ret = $module->insert($title); - if (!$ret) { - Message::addError('value-invalid', 'any', 'any'); - $tgz = false; - } else { - $parent = $this->stopOldInstance(); - $tgz = $module->generate($this->edit === false, $parent); - } - if ($tgz === false) { - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - $this->taskIds = array( - 'tm-config' => $tgz, - ); - } - - private function stopOldInstance() - { - if ($this->edit === false) - return NULL; - $list = ConfigTgz::getAllForModule($this->edit->id()); - if (!is_array($list)) - return NULL; - $parent = NULL; - foreach ($list as $tgz) { - if (!$tgz->isActive()) - continue; - $task = Trigger::ldadp($tgz->id(), $parent); - if (isset($task['id'])) - $parent = $task['id']; - } - return $parent; - } - - protected function renderInternal() - { - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad-finish', $this->taskIds); - } - -} |