summaryrefslogtreecommitdiffstats
path: root/modules/sysconfig/addmodule_adauth.inc.php
diff options
context:
space:
mode:
authorSimon Rettberg2016-05-03 19:03:09 +0200
committerSimon Rettberg2016-05-03 19:03:09 +0200
commit50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66 (patch)
tree05e99fdffa696434960d7c77966c0bc36d6339e8 /modules/sysconfig/addmodule_adauth.inc.php
parentSecond half of merge.... (diff)
downloadslx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.tar.gz
slx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.tar.xz
slx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.zip
WIP
Diffstat (limited to 'modules/sysconfig/addmodule_adauth.inc.php')
-rw-r--r--modules/sysconfig/addmodule_adauth.inc.php413
1 files changed, 0 insertions, 413 deletions
diff --git a/modules/sysconfig/addmodule_adauth.inc.php b/modules/sysconfig/addmodule_adauth.inc.php
deleted file mode 100644
index e295630c..00000000
--- a/modules/sysconfig/addmodule_adauth.inc.php
+++ /dev/null
@@ -1,413 +0,0 @@
-<?php
-
-/*
- * Wizard for setting up active directory integration for authentication.
- */
-
-class AdAuth_Start extends AddModule_Base
-{
-
- protected function renderInternal()
- {
- $ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'certificate');
- $data = array();
- if ($this->edit !== false) {
- moduleToArray($this->edit, $data, $ADAUTH_COMMON_FIELDS);
- $data['title'] = $this->edit->title();
- $data['edit'] = $this->edit->id();
- }
- postToArray($data, $ADAUTH_COMMON_FIELDS, true);
- $obdn = Request::post('originalbinddn');
- if (!empty($obdn)) {
- $data['binddn'] = $obdn;
- }
- if (preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) {
- $data['server'] = $out[1];
- }
- $data['step'] = 'AdAuth_CheckConnection';
- Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad-start', $data);
- }
-
-}
-
-class AdAuth_CheckConnection extends AddModule_Base
-{
-
- private $scanTask;
- private $server;
-
- protected function preprocessInternal()
- {
- $this->server = Request::post('server');
- $binddn = Request::post('binddn');
- $ssl = Request::post('ssl', 'off') === 'on';
- if (empty($this->server) || empty($binddn)) {
- Message::addError('empty-field');
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- if (preg_match('/^([^\:]+)\:(\d+)$/', $this->server, $out)) {
- $ports = array($out[2]);
- $this->server = $out[1];
- } elseif ($ssl) {
- $ports = array(636, 3269);
- } else {
- $ports = array(389, 3268);
- }
- $this->scanTask = Taskmanager::submit('PortScan', array(
- 'host' => $this->server,
- 'ports' => $ports,
- 'certificate' => Request::post('certificate', '')
- ));
- if (!isset($this->scanTask['id'])) {
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- }
-
- protected function renderInternal()
- {
- $data = array(
- 'edit' => Request::post('edit'),
- 'title' => Request::post('title'),
- 'server' => $this->server,
- 'searchbase' => Util::normalizeDn(Request::post('searchbase')),
- 'binddn' => Util::normalizeDn(Request::post('binddn')),
- 'bindpw' => Request::post('bindpw'),
- 'home' => Request::post('home'),
- 'homeattr' => Request::post('homeattr'),
- 'ssl' => Request::post('ssl'),
- 'certificate' => Request::post('certificate', ''),
- 'taskid' => $this->scanTask['id']
- );
- $data['prev'] = 'AdAuth_Start';
- if (preg_match('#^\w+[/\\\\]\w+$#', Request::post('binddn')) || strlen(Request::post('searchbase')) < 2) {
- $data['next'] = 'AdAuth_SelfSearch';
- } elseif (empty($data['homeattr'])) {
- $data['next'] = 'AdAuth_HomeAttrCheck';
- } else {
- $data['next'] = 'AdAuth_CheckCredentials';
- }
- Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad_ldap-checkconnection', $data);
- }
-
-}
-
-class AdAuth_SelfSearch extends AddModule_Base
-{
-
- private $taskIds;
- private $originalBindDn;
-
- protected function preprocessInternal()
- {
- $server = Request::post('server');
- $port = Request::post('port');
- $searchbase = Request::post('searchbase', '');
- $binddn = Request::post('binddn');
- $bindpw = Request::post('bindpw');
- $ssl = Request::post('ssl', 'off') === 'on';
- if ($ssl && !Request::post('fingerprint')) {
- Message::addError('error-read', 'fingerprint');
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- if (empty($server) || empty($binddn) || empty($port)) {
- Message::addError('empty-field');
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- $this->originalBindDn = '';
- // Fix bindDN if short name given
- //
- if ($ssl) { // Use the specific AD ports so the domain\username bind works
- $uri = "ldaps://$server:3269/";
- } else {
- $uri = "ldap://$server:3268/";
- }
- preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out);
- $user = $out[1];
- $this->originalBindDn = str_replace('/', '\\', $binddn);
- $selfSearch = Taskmanager::submit('LdapSearch', array(
- 'server' => $uri,
- 'searchbase' => $searchbase,
- 'binddn' => $this->originalBindDn,
- 'bindpw' => $bindpw,
- 'filter' => "sAMAccountName=$user"
- ));
- if (!isset($selfSearch['id'])) {
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- $this->taskIds['self-search'] = $selfSearch['id'];
- }
-
- protected function renderInternal()
- {
- $data = array(
- 'edit' => Request::post('edit'),
- 'title' => Request::post('title'),
- 'server' => Request::post('server'),
- 'port' => Request::post('port'),
- 'searchbase' => Request::post('searchbase'),
- 'binddn' => Request::post('binddn'),
- 'bindpw' => Request::post('bindpw'),
- 'home' => Request::post('home'),
- 'homeattr' => Request::post('homeattr'),
- 'ssl' => Request::post('ssl') === 'on',
- 'fingerprint' => Request::post('fingerprint'),
- 'certificate' => Request::post('certificate', ''),
- 'originalbinddn' => $this->originalBindDn,
- 'prev' => 'AdAuth_Start'
- );
- if (empty($data['homeattr'])) {
- $data['next'] = 'AdAuth_HomeAttrCheck';
- } else {
- $data['next'] = 'AdAuth_CheckCredentials';
- }
- Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad-selfsearch',
- array_merge($this->taskIds, $data));
- }
-
-}
-
-class AdAuth_HomeAttrCheck extends AddModule_Base
-{
-
- private $taskIds;
-
- protected function preprocessInternal()
- {
- $server = Request::post('server');
- $port = Request::post('port');
- $searchbase = Request::post('searchbase', '');
- $binddn = Request::post('binddn');
- $bindpw = Request::post('bindpw');
- $ssl = Request::post('ssl', 'off') === 'on';
- if ($ssl && !Request::post('fingerprint')) {
- Message::addError('error-read', 'fingerprint');
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- if (empty($server) || empty($binddn) || empty($port)) {
- Message::addError('empty-field');
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- if ($ssl) {
- $uri = "ldaps://$server:$port/";
- } else {
- $uri = "ldap://$server:$port/";
- }
- preg_match('#^(\w+=[^,]+),#', $binddn, $out);
- $filter = $out[1];
- $data = array(
- 'server' => $uri,
- 'searchbase' => $searchbase,
- 'binddn' => $binddn,
- 'bindpw' => $bindpw,
- 'filter' => $filter
- );
- $selfSearch = Taskmanager::submit('LdapSearch', $data);
- if (!isset($selfSearch['id'])) {
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- $this->taskIds['self-search'] = $selfSearch['id'];
- }
-
- protected function renderInternal()
- {
- Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad-selfsearch', array_merge($this->taskIds, array(
- 'edit' => Request::post('edit'),
- 'title' => Request::post('title'),
- 'server' => Request::post('server'),
- 'port' => Request::post('port'),
- 'searchbase' => Request::post('searchbase'),
- 'binddn' => Request::post('binddn'),
- 'bindpw' => Request::post('bindpw'),
- 'home' => Request::post('home'),
- 'homeattr' => Request::post('homeattr'),
- 'ssl' => Request::post('ssl') === 'on',
- 'fingerprint' => Request::post('fingerprint'),
- 'certificate' => Request::post('certificate', ''),
- 'originalbinddn' => Request::post('originalbinddn'),
- 'tryHomeAttr' => true,
- 'prev' => 'AdAuth_Start',
- 'next' => 'AdAuth_CheckCredentials'
- ))
- );
- }
-
-}
-
-class AdAuth_CheckCredentials extends AddModule_Base
-{
-
- private $taskIds;
-
- protected function preprocessInternal()
- {
- $server = Request::post('server');
- $port = Request::post('port');
- $searchbase = Request::post('searchbase', '');
- $binddn = Request::post('binddn');
- $bindpw = Request::post('bindpw');
- $ssl = Request::post('ssl', 'off') === 'on';
- if ($ssl && !Request::post('fingerprint')) {
- Message::addError('error-read', 'fingerprint');
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- if (empty($server) || empty($binddn) || empty($port)) {
- Message::addError('empty-field');
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- // Test query 4 users
- if ($ssl) {
- $uri = "ldaps://$server:$port/";
- } else {
- $uri = "ldap://$server:$port/";
- }
- $ldapSearch = Taskmanager::submit('LdapSearch', array(
- 'server' => $uri,
- 'searchbase' => $searchbase,
- 'binddn' => $binddn,
- 'bindpw' => $bindpw
- ));
- if (!isset($ldapSearch['id'])) {
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- $this->taskIds = array(
- 'tm-search' => $ldapSearch['id']
- );
- if (isset($selfSearch['id']))
- $this->taskIds['self-search'] = $selfSearch['id'];
- }
-
- protected function renderInternal()
- {
- Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad_ldap-checkcredentials', array_merge($this->taskIds, array(
- 'edit' => Request::post('edit'),
- 'title' => Request::post('title'),
- 'server' => Request::post('server') . ':' . Request::post('port'),
- 'searchbase' => Request::post('searchbase'),
- 'binddn' => Request::post('binddn'),
- 'bindpw' => Request::post('bindpw'),
- 'home' => Request::post('home'),
- 'homeattr' => Request::post('homeattr'),
- 'ssl' => Request::post('ssl') === 'on',
- 'fingerprint' => Request::post('fingerprint'),
- 'certificate' => Request::post('certificate', ''),
- 'originalbinddn' => Request::post('originalbinddn'),
- 'prev' => 'AdAuth_Start',
- 'next' => 'AdAuth_Finish'
- ))
- );
- }
-
-}
-
-class AdAuth_Finish extends AddModule_Base
-{
-
- private $taskIds;
-
- protected function preprocessInternal()
- {
- $binddn = Request::post('binddn');
- $searchbase = Request::post('searchbase');
- if (empty($searchbase)) {
- // If no search base was given, determine it from the dn
- $originalBindDn = str_replace('\\', '/', trim(Request::post('originalbinddn')));
- if (!preg_match('#^([^/]+)/[^/]+$#', $originalBindDn, $out)) {
- Message::addError('value-invalid', 'binddn', $originalBindDn);
- Util::redirect('?do=SysConfig&action=addmodule&step=AdAuth_Start');
- } // $out[1] is the domain
- // Find the domain in the dn
- $i = mb_stripos($binddn, '=' . $out[1] . ',');
- if ($i === false) {
- Message::addError('value-invalid', 'binddn', $out[1]);
- Util::redirect('?do=SysConfig&action=addmodule&step=AdAuth_Start');
- }
- // Now find ',' before it so we get the key
- $i = mb_strrpos(mb_substr($binddn, 0, $i), ',');
- if ($i === false)
- $i = -1;
- $searchbase = mb_substr($binddn, $i + 1);
- } else {
- $somedn = Request::post('somedn', false);
- if (!empty($somedn)) {
- $i = stripos($somedn, $searchbase);
- if ($i !== false) {
- $searchbase = substr($somedn, $i, strlen($searchbase));
- }
- }
- }
- $title = Request::post('title');
- if (empty($title))
- $title = 'AD: ' . Request::post('server');
- if ($this->edit === false)
- $module = ConfigModule::getInstance('AdAuth');
- else
- $module = $this->edit;
- $ssl = Request::post('ssl', 'off') === 'on';
- $module->setData('server', Request::post('server'));
- $module->setData('searchbase', $searchbase);
- $module->setData('binddn', $binddn);
- $module->setData('bindpw', Request::post('bindpw'));
- $module->setData('home', Request::post('home'));
- $module->setData('homeattr', Request::post('homeattr'));
- $module->setData('certificate', Request::post('certificate'));
- $module->setData('ssl', $ssl);
- if ($ssl) {
- $module->setData('fingerprint', Request::post('fingerprint', ''));
- } else {
- $module->setData('fingerprint', '');
- }
- if ($this->edit !== false)
- $ret = $module->update($title);
- else
- $ret = $module->insert($title);
- if (!$ret) {
- Message::addError('value-invalid', 'any', 'any');
- $tgz = false;
- } else {
- $parent = $this->stopOldInstance();
- $tgz = $module->generate($this->edit === false, $parent);
- }
- if ($tgz === false) {
- AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
- return;
- }
- $this->taskIds = array(
- 'tm-config' => $tgz,
- );
- }
-
- private function stopOldInstance()
- {
- if ($this->edit === false)
- return NULL;
- $list = ConfigTgz::getAllForModule($this->edit->id());
- if (!is_array($list))
- return NULL;
- $parent = NULL;
- foreach ($list as $tgz) {
- if (!$tgz->isActive())
- continue;
- $task = Trigger::ldadp($tgz->id(), $parent);
- if (isset($task['id']))
- $parent = $task['id'];
- }
- return $parent;
- }
-
- protected function renderInternal()
- {
- Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'ad-finish', $this->taskIds);
- }
-
-}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-02 20:51:30 +0200