From 2c6bbc84799bcca7beb88abc4781ab0bc8ec5328 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 20 Oct 2015 17:15:49 +0200 Subject: Support creating ad and ldap modules with ca-based cert checking --- inc/configmodule/adauth.inc.php | 2 +- inc/configmodule/ldapauth.inc.php | 2 +- .../de/templates/sysconfig/ad-checkconnection.json | 5 -- .../templates/sysconfig/ad-checkcredentials.json | 6 -- .../sysconfig/ad_ldap-checkconnection.json | 5 ++ .../sysconfig/ad_ldap-checkcredentials.json | 6 ++ .../en/templates/sysconfig/ad-checkconnection.json | 5 -- .../templates/sysconfig/ad-checkcredentials.json | 6 -- .../sysconfig/ad_ldap-checkconnection.json | 5 ++ .../sysconfig/ad_ldap-checkcredentials.json | 6 ++ .../pt/templates/sysconfig/ad-checkconnection.json | 3 - .../templates/sysconfig/ad-checkcredentials.json | 5 -- .../sysconfig/ad_ldap-checkconnection.json | 3 + .../sysconfig/ad_ldap-checkcredentials.json | 5 ++ modules/sysconfig/addmodule.inc.php | 43 +++++++++++ modules/sysconfig/addmodule_adauth.inc.php | 42 +++++----- modules/sysconfig/addmodule_ldapauth.inc.php | 42 +++++----- style/default.css | 4 + templates/sysconfig/ad-checkconnection.html | 66 ---------------- templates/sysconfig/ad-checkcredentials.html | 74 ------------------ templates/sysconfig/ad-start.html | 40 ++++++---- templates/sysconfig/ad_ldap-checkconnection.html | 89 ++++++++++++++++++++++ templates/sysconfig/ad_ldap-checkcredentials.html | 76 ++++++++++++++++++ templates/sysconfig/ldap-checkconnection.html | 66 ---------------- templates/sysconfig/ldap-checkcredentials.html | 63 --------------- templates/sysconfig/ldap-start.html | 26 ++++++- 26 files changed, 326 insertions(+), 369 deletions(-) delete mode 100644 lang/de/templates/sysconfig/ad-checkconnection.json delete mode 100644 lang/de/templates/sysconfig/ad-checkcredentials.json create mode 100644 lang/de/templates/sysconfig/ad_ldap-checkconnection.json create mode 100644 lang/de/templates/sysconfig/ad_ldap-checkcredentials.json delete mode 100644 lang/en/templates/sysconfig/ad-checkconnection.json delete mode 100644 lang/en/templates/sysconfig/ad-checkcredentials.json create mode 100644 lang/en/templates/sysconfig/ad_ldap-checkconnection.json create mode 100644 lang/en/templates/sysconfig/ad_ldap-checkcredentials.json delete mode 100644 lang/pt/templates/sysconfig/ad-checkconnection.json delete mode 100644 lang/pt/templates/sysconfig/ad-checkcredentials.json create mode 100644 lang/pt/templates/sysconfig/ad_ldap-checkconnection.json create mode 100644 lang/pt/templates/sysconfig/ad_ldap-checkcredentials.json delete mode 100644 templates/sysconfig/ad-checkconnection.html delete mode 100644 templates/sysconfig/ad-checkcredentials.html create mode 100644 templates/sysconfig/ad_ldap-checkconnection.html create mode 100644 templates/sysconfig/ad_ldap-checkcredentials.html delete mode 100644 templates/sysconfig/ldap-checkconnection.html delete mode 100644 templates/sysconfig/ldap-checkcredentials.html diff --git a/inc/configmodule/adauth.inc.php b/inc/configmodule/adauth.inc.php index f1da4d76..360194f1 100644 --- a/inc/configmodule/adauth.inc.php +++ b/inc/configmodule/adauth.inc.php @@ -14,7 +14,7 @@ class ConfigModule_AdAuth extends ConfigModule const VERSION = 1; private static $REQUIRED_FIELDS = array('server', 'searchbase', 'binddn'); - private static $OPTIONAL_FIELDS = array('bindpw', 'home', 'ssl', 'fingerprint'); + private static $OPTIONAL_FIELDS = array('bindpw', 'home', 'ssl', 'fingerprint', 'certificate'); protected function generateInternal($tgz, $parent) { diff --git a/inc/configmodule/ldapauth.inc.php b/inc/configmodule/ldapauth.inc.php index 9a5f2fb8..da9cd6fc 100644 --- a/inc/configmodule/ldapauth.inc.php +++ b/inc/configmodule/ldapauth.inc.php @@ -14,7 +14,7 @@ class ConfigModule_LdapAuth extends ConfigModule const VERSION = 1; private static $REQUIRED_FIELDS = array('server', 'searchbase'); - private static $OPTIONAL_FIELDS = array('binddn', 'bindpw', 'home', 'ssl', 'fingerprint'); + private static $OPTIONAL_FIELDS = array('binddn', 'bindpw', 'home', 'ssl', 'fingerprint', 'certificate'); protected function generateInternal($tgz, $parent) { diff --git a/lang/de/templates/sysconfig/ad-checkconnection.json b/lang/de/templates/sysconfig/ad-checkconnection.json deleted file mode 100644 index cff56cce..00000000 --- a/lang/de/templates/sysconfig/ad-checkconnection.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "lang_back": "Zur\u00fcck", - "lang_connectionWait": "Pr\u00fcfe Verbindung...", - "lang_next": "Weiter" -} \ No newline at end of file diff --git a/lang/de/templates/sysconfig/ad-checkcredentials.json b/lang/de/templates/sysconfig/ad-checkcredentials.json deleted file mode 100644 index f0ab6e15..00000000 --- a/lang/de/templates/sysconfig/ad-checkcredentials.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "lang_back": "Zur\u00fcck", - "lang_connectionWait": "Die Verbindung zum angegebenen AD-Server wird nun \u00fcberpr\u00fcft. Bitte haben Sie einen Moment Geduld.", - "lang_onProblemSearchBase": "Falls dieser Schritt fehlschl\u00e4gt, und Sie keine Suchbasis angegeben haben, versuchen Sie es erneut unter expliziter Angabe einer Suchbasis.", - "lang_skip": "\u00dcberspringen" -} \ No newline at end of file diff --git a/lang/de/templates/sysconfig/ad_ldap-checkconnection.json b/lang/de/templates/sysconfig/ad_ldap-checkconnection.json new file mode 100644 index 00000000..cff56cce --- /dev/null +++ b/lang/de/templates/sysconfig/ad_ldap-checkconnection.json @@ -0,0 +1,5 @@ +{ + "lang_back": "Zur\u00fcck", + "lang_connectionWait": "Pr\u00fcfe Verbindung...", + "lang_next": "Weiter" +} \ No newline at end of file diff --git a/lang/de/templates/sysconfig/ad_ldap-checkcredentials.json b/lang/de/templates/sysconfig/ad_ldap-checkcredentials.json new file mode 100644 index 00000000..f0ab6e15 --- /dev/null +++ b/lang/de/templates/sysconfig/ad_ldap-checkcredentials.json @@ -0,0 +1,6 @@ +{ + "lang_back": "Zur\u00fcck", + "lang_connectionWait": "Die Verbindung zum angegebenen AD-Server wird nun \u00fcberpr\u00fcft. Bitte haben Sie einen Moment Geduld.", + "lang_onProblemSearchBase": "Falls dieser Schritt fehlschl\u00e4gt, und Sie keine Suchbasis angegeben haben, versuchen Sie es erneut unter expliziter Angabe einer Suchbasis.", + "lang_skip": "\u00dcberspringen" +} \ No newline at end of file diff --git a/lang/en/templates/sysconfig/ad-checkconnection.json b/lang/en/templates/sysconfig/ad-checkconnection.json deleted file mode 100644 index c986668d..00000000 --- a/lang/en/templates/sysconfig/ad-checkconnection.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "lang_back": "Back", - "lang_connectionWait": "Checking connection...", - "lang_next": "Next" -} \ No newline at end of file diff --git a/lang/en/templates/sysconfig/ad-checkcredentials.json b/lang/en/templates/sysconfig/ad-checkcredentials.json deleted file mode 100644 index 2b83a231..00000000 --- a/lang/en/templates/sysconfig/ad-checkcredentials.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "lang_back": "Back", - "lang_connectionWait": "The connection to the specified AD server is now checked. Please wait a moment.", - "lang_onProblemSearchBase": "If this step fails and you didn't supply a search base, try again with a valid one.", - "lang_skip": "Skip" -} \ No newline at end of file diff --git a/lang/en/templates/sysconfig/ad_ldap-checkconnection.json b/lang/en/templates/sysconfig/ad_ldap-checkconnection.json new file mode 100644 index 00000000..c986668d --- /dev/null +++ b/lang/en/templates/sysconfig/ad_ldap-checkconnection.json @@ -0,0 +1,5 @@ +{ + "lang_back": "Back", + "lang_connectionWait": "Checking connection...", + "lang_next": "Next" +} \ No newline at end of file diff --git a/lang/en/templates/sysconfig/ad_ldap-checkcredentials.json b/lang/en/templates/sysconfig/ad_ldap-checkcredentials.json new file mode 100644 index 00000000..2b83a231 --- /dev/null +++ b/lang/en/templates/sysconfig/ad_ldap-checkcredentials.json @@ -0,0 +1,6 @@ +{ + "lang_back": "Back", + "lang_connectionWait": "The connection to the specified AD server is now checked. Please wait a moment.", + "lang_onProblemSearchBase": "If this step fails and you didn't supply a search base, try again with a valid one.", + "lang_skip": "Skip" +} \ No newline at end of file diff --git a/lang/pt/templates/sysconfig/ad-checkconnection.json b/lang/pt/templates/sysconfig/ad-checkconnection.json deleted file mode 100644 index c44dc44f..00000000 --- a/lang/pt/templates/sysconfig/ad-checkconnection.json +++ /dev/null @@ -1,3 +0,0 @@ -[ - -] \ No newline at end of file diff --git a/lang/pt/templates/sysconfig/ad-checkcredentials.json b/lang/pt/templates/sysconfig/ad-checkcredentials.json deleted file mode 100644 index cf1fbfba..00000000 --- a/lang/pt/templates/sysconfig/ad-checkcredentials.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "lang_back": "Voltar", - "lang_connectionWait": "A conex\u00e3o com o servidor AD especificado agora est\u00e1 checada. Por favor, aguarde um momento.", - "lang_skip": "Pular" -} \ No newline at end of file diff --git a/lang/pt/templates/sysconfig/ad_ldap-checkconnection.json b/lang/pt/templates/sysconfig/ad_ldap-checkconnection.json new file mode 100644 index 00000000..c44dc44f --- /dev/null +++ b/lang/pt/templates/sysconfig/ad_ldap-checkconnection.json @@ -0,0 +1,3 @@ +[ + +] \ No newline at end of file diff --git a/lang/pt/templates/sysconfig/ad_ldap-checkcredentials.json b/lang/pt/templates/sysconfig/ad_ldap-checkcredentials.json new file mode 100644 index 00000000..cf1fbfba --- /dev/null +++ b/lang/pt/templates/sysconfig/ad_ldap-checkcredentials.json @@ -0,0 +1,5 @@ +{ + "lang_back": "Voltar", + "lang_connectionWait": "A conex\u00e3o com o servidor AD especificado agora est\u00e1 checada. Por favor, aguarde um momento.", + "lang_skip": "Pular" +} \ No newline at end of file diff --git a/modules/sysconfig/addmodule.inc.php b/modules/sysconfig/addmodule.inc.php index bbb827e5..0fed67a9 100644 --- a/modules/sysconfig/addmodule.inc.php +++ b/modules/sysconfig/addmodule.inc.php @@ -135,3 +135,46 @@ class AddModule_Start extends AddModule_Base } } + +/* + * Helper functions to set/get a batch of vars from/to post variables or a module + */ + +/** + * + * @param \ConfigModule $module + * @param array $array + * @param array $keys + */ +function moduleToArray($module, &$array, $keys) +{ + foreach ($keys as $key) { + $array[$key] = $module->getData($key); + } +} + +/** + * + * @param \ConfigModule $module + * @param array $array + * @param array $keys + */ +function arrayToModule($module, $array, $keys) +{ + foreach ($keys as $key) { + $module->setData($key, $array[$key]); + } +} +/** + * + * @param array $array + * @param array $keys + */ +function postToArray(&$array, $keys, $ignoreMissing = false) +{ + foreach ($keys as $key) { + $val = Request::post($key, '--not-in-post'); + if ($ignoreMissing && $val === '--not-in-post') continue; + $array[$key] = $val; + } +} diff --git a/modules/sysconfig/addmodule_adauth.inc.php b/modules/sysconfig/addmodule_adauth.inc.php index 251ee5d6..89d822c9 100644 --- a/modules/sysconfig/addmodule_adauth.inc.php +++ b/modules/sysconfig/addmodule_adauth.inc.php @@ -9,28 +9,14 @@ class AdAuth_Start extends AddModule_Base protected function renderInternal() { + $ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'ssl', 'certificate'); + $data = array(); if ($this->edit !== false) { - $data = array( - 'title' => $this->edit->title(), - 'server' => $this->edit->getData('server'), - 'searchbase' => $this->edit->getData('searchbase'), - 'binddn' => $this->edit->getData('binddn'), - 'bindpw' => $this->edit->getData('bindpw'), - 'home' => $this->edit->getData('home'), - 'ssl' => $this->edit->getData('ssl'), - 'edit' => $this->edit->id() - ); - } else { - $data = array( - 'title' => Request::post('title'), - 'server' => Request::post('server'), - 'searchbase' => Request::post('searchbase'), - 'binddn' => Request::post('binddn'), - 'bindpw' => Request::post('bindpw'), - 'home' => Request::post('home'), - 'ssl' => Request::post('ssl') - ); + moduleToArray($this->edit, $data, $ADAUTH_COMMON_FIELDS); + $data['title'] = $this->edit->title(); + $data['edit'] = $this->edit->id(); } + postToArray($data, $ADAUTH_COMMON_FIELDS, true); if (preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) { $data['server'] = $out[1]; } @@ -66,7 +52,8 @@ class AdAuth_CheckConnection extends AddModule_Base } $this->scanTask = Taskmanager::submit('PortScan', array( 'host' => $this->server, - 'ports' => $ports + 'ports' => $ports, + 'certificate' => Request::post('certificate', '') )); if (!isset($this->scanTask['id'])) { AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() @@ -85,10 +72,12 @@ class AdAuth_CheckConnection extends AddModule_Base 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), 'ssl' => Request::post('ssl'), + 'certificate' => Request::post('certificate', ''), 'taskid' => $this->scanTask['id'] ); - $data['step'] = 'AdAuth_CheckCredentials'; - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-checkconnection', $data); + $data['prev'] = 'AdAuth_Start'; + $data['next'] = 'AdAuth_CheckCredentials'; + Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad_ldap-checkconnection', $data); } } @@ -161,7 +150,7 @@ class AdAuth_CheckCredentials extends AddModule_Base protected function renderInternal() { - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-checkcredentials', array_merge($this->taskIds, array( + Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad_ldap-checkcredentials', array_merge($this->taskIds, array( 'edit' => Request::post('edit'), 'title' => Request::post('title'), 'server' => Request::post('server') . ':' . Request::post('port'), @@ -171,8 +160,10 @@ class AdAuth_CheckCredentials extends AddModule_Base 'home' => Request::post('home'), 'ssl' => Request::post('ssl') === 'on', 'fingerprint' => Request::post('fingerprint'), + 'certificate' => Request::post('certificate', ''), 'originalbinddn' => $this->originalBindDn, - 'step' => 'AdAuth_Finish' + 'prev' => 'AdAuth_Start', + 'next' => 'AdAuth_Finish' )) ); } @@ -228,6 +219,7 @@ class AdAuth_Finish extends AddModule_Base $module->setData('binddn', $binddn); $module->setData('bindpw', Request::post('bindpw')); $module->setData('home', Request::post('home')); + $module->setData('certificate', Request::post('certificate')); $module->setData('ssl', $ssl); if ($ssl) { $module->setData('fingerprint', Request::post('fingerprint', '')); diff --git a/modules/sysconfig/addmodule_ldapauth.inc.php b/modules/sysconfig/addmodule_ldapauth.inc.php index 44dbcca1..6cefbe58 100644 --- a/modules/sysconfig/addmodule_ldapauth.inc.php +++ b/modules/sysconfig/addmodule_ldapauth.inc.php @@ -9,28 +9,14 @@ class LdapAuth_Start extends AddModule_Base protected function renderInternal() { + $LDAPAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'ssl', 'certificate'); + $data = array(); if ($this->edit !== false) { - $data = array( - 'title' => $this->edit->title(), - 'server' => $this->edit->getData('server'), - 'searchbase' => $this->edit->getData('searchbase'), - 'binddn' => $this->edit->getData('binddn'), - 'bindpw' => $this->edit->getData('bindpw'), - 'home' => $this->edit->getData('home'), - 'ssl' => $this->edit->getData('ssl'), - 'edit' => $this->edit->id() - ); - } else { - $data = array( - 'title' => Request::post('title'), - 'server' => Request::post('server'), - 'searchbase' => Request::post('searchbase'), - 'binddn' => Request::post('binddn'), - 'bindpw' => Request::post('bindpw'), - 'home' => Request::post('home'), - 'ssl' => Request::post('ssl') - ); + moduleToArray($this->edit, $data, $LDAPAUTH_COMMON_FIELDS); + $data['title'] = $this->edit->title(); + $data['edit'] = $this->edit->id(); } + postToArray($data, $LDAPAUTH_COMMON_FIELDS, true); if (preg_match('/^(.*)\:(636|389)$/', $data['server'], $out)) { $data['server'] = $out[1]; } @@ -66,7 +52,8 @@ class LdapAuth_CheckConnection extends AddModule_Base } $this->scanTask = Taskmanager::submit('PortScan', array( 'host' => $this->server, - 'ports' => $ports + 'ports' => $ports, + 'certificate' => Request::post('certificate', '') )); if (!isset($this->scanTask['id'])) { AddModule_Base::setStep('LdapAuth_Start'); // Continues with LdapAuth_Start for render() @@ -85,10 +72,12 @@ class LdapAuth_CheckConnection extends AddModule_Base 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), 'ssl' => Request::post('ssl'), + 'certificate' => Request::post('certificate', ''), 'taskid' => $this->scanTask['id'] ); - $data['step'] = 'LdapAuth_CheckCredentials'; - Render::addDialog(Dictionary::translate('config-module', 'ldapAuth_title'), false, 'sysconfig/ldap-checkconnection', $data); + $data['prev'] = 'LdapAuth_Start'; + $data['next'] = 'LdapAuth_CheckCredentials'; + Render::addDialog(Dictionary::translate('config-module', 'ldapAuth_title'), false, 'sysconfig/ad_ldap-checkconnection', $data); } } @@ -144,7 +133,7 @@ class LdapAuth_CheckCredentials extends AddModule_Base protected function renderInternal() { - Render::addDialog(Dictionary::translate('config-module', 'ldapAuth_title'), false, 'sysconfig/ldap-checkcredentials', array_merge($this->taskIds, array( + Render::addDialog(Dictionary::translate('config-module', 'ldapAuth_title'), false, 'sysconfig/ad_ldap-checkcredentials', array_merge($this->taskIds, array( 'edit' => Request::post('edit'), 'title' => Request::post('title'), 'server' => Request::post('server') . ':' . Request::post('port'), @@ -154,7 +143,9 @@ class LdapAuth_CheckCredentials extends AddModule_Base 'home' => Request::post('home'), 'ssl' => Request::post('ssl') === 'on', 'fingerprint' => Request::post('fingerprint'), - 'step' => 'LdapAuth_Finish' + 'certificate' => Request::post('certificate', ''), + 'prev' => 'LdapAuth_Start', + 'next' => 'LdapAuth_Finish' )) ); } @@ -190,6 +181,7 @@ class LdapAuth_Finish extends AddModule_Base $module->setData('binddn', $binddn); $module->setData('bindpw', Request::post('bindpw')); $module->setData('home', Request::post('home')); + $module->setData('certificate', Request::post('certificate')); $module->setData('ssl', $ssl); if ($ssl) { $module->setData('fingerprint', Request::post('fingerprint', '')); diff --git a/style/default.css b/style/default.css index 9e430b73..9c0c367a 100644 --- a/style/default.css +++ b/style/default.css @@ -1,3 +1,7 @@ +html { + overflow-y: scroll; +} + body { padding-top: 70px; padding-bottom: 10px; diff --git a/templates/sysconfig/ad-checkconnection.html b/templates/sysconfig/ad-checkconnection.html deleted file mode 100644 index 0c7cd77f..00000000 --- a/templates/sysconfig/ad-checkconnection.html +++ /dev/null @@ -1,66 +0,0 @@ -

- {{lang_connectionWait}} -

- -
-
Port Check
-
-
-
-
- - - - - - - - - {{#ssl}} - - {{/ssl}} - -
-
-
-
- - - - - - - - - - {{#ssl}} - - - {{/ssl}} - - -
-
-
- diff --git a/templates/sysconfig/ad-checkcredentials.html b/templates/sysconfig/ad-checkcredentials.html deleted file mode 100644 index dbd09d58..00000000 --- a/templates/sysconfig/ad-checkcredentials.html +++ /dev/null @@ -1,74 +0,0 @@ -

- {{lang_connectionWait}} -

- -
-
LDAP Self-Query
-
LDAP Test-Query
-
-{{lang_onProblemSearchBase}} -

-
-
- - - - - - - - - {{#ssl}} - - {{/ssl}} - -
-
-
-
- - - - - - - - - - {{#ssl}} - - {{/ssl}} - - - -
-
- diff --git a/templates/sysconfig/ad-start.html b/templates/sysconfig/ad-start.html index 8ce92c25..58f4a381 100644 --- a/templates/sysconfig/ad-start.html +++ b/templates/sysconfig/ad-start.html @@ -10,6 +10,8 @@ {{lang_adText4}}

+{{lang_asteriskMandatory}} +
@@ -20,30 +22,18 @@
Server * -
{{lang_bindDN}} * -
{{lang_password}} * -
{{lang_searchBase}} -

@@ -54,16 +44,36 @@

-
+
-
{{lang_sslDescription}}
+ {{lang_sslDescription}}
+
+
+
+
+ {{lang_customCertificate}} + 
+-----BEGIN CERTIFICATE-----
+MIIFfTCCA...
+.....
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+.....
+-----END CERTIFICATE-----
+ +
+
+ +
+
+

-
+
-
{{lang_sslDescription}}
+ {{lang_sslDescription}}
+
+
+
+
+ {{lang_customCertificate}} + 
+-----BEGIN CERTIFICATE-----
+MIIFfTCCA...
+.....
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+.....
+-----END CERTIFICATE-----
+ +
+
+ +
+
+