From 4fa951a30c9d6375f0f598827ce0b112659c5e24 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 4 May 2015 17:29:28 +0200 Subject: Add SSL support to AD wizard --- modules/sysconfig/addmodule_adauth.inc.php | 79 +++++++++++++++++++++++++++--- 1 file changed, 73 insertions(+), 6 deletions(-) (limited to 'modules/sysconfig/addmodule_adauth.inc.php') diff --git a/modules/sysconfig/addmodule_adauth.inc.php b/modules/sysconfig/addmodule_adauth.inc.php index e39eac40..8d53601b 100644 --- a/modules/sysconfig/addmodule_adauth.inc.php +++ b/modules/sysconfig/addmodule_adauth.inc.php @@ -17,6 +17,7 @@ class AdAuth_Start extends AddModule_Base 'binddn' => $this->edit->getData('binddn'), 'bindpw' => $this->edit->getData('bindpw'), 'home' => $this->edit->getData('home'), + 'ssl' => $this->edit->getData('ssl'), 'edit' => $this->edit->id() ); } else { @@ -26,7 +27,8 @@ class AdAuth_Start extends AddModule_Base 'searchbase' => Request::post('searchbase'), 'binddn' => Request::post('binddn'), 'bindpw' => Request::post('bindpw'), - 'home' => Request::post('home') + 'home' => Request::post('home'), + 'ssl' => Request::post('ssl') ); } $data['step'] = 'AdAuth_CheckConnection'; @@ -36,6 +38,57 @@ class AdAuth_Start extends AddModule_Base } class AdAuth_CheckConnection extends AddModule_Base +{ + + private $scanTask; + + protected function preprocessInternal() + { + $server = Request::post('server'); + $binddn = Request::post('binddn'); + $ssl = Request::post('ssl', 'off') === 'on'; + if (empty($server) || empty($binddn)) { + Message::addError('empty-field'); + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } + if (preg_match('/^([^\:]+)\:(\d+)$/', $server, $out)) { + $ports = array($out[2]); + $server = $out[1]; + } elseif ($ssl) { + $ports = array(636, 3269); + } else { + $ports = array(389, 3268); + } + $this->scanTask = Taskmanager::submit('PortScan', array( + 'host' => $server, + 'ports' => $ports + )); + if (!isset($this->scanTask['id'])) { + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } + } + + protected function renderInternal() + { + $data = array( + 'title' => Request::post('title'), + 'server' => Request::post('server'), + 'searchbase' => Request::post('searchbase'), + 'binddn' => Request::post('binddn'), + 'bindpw' => Request::post('bindpw'), + 'home' => Request::post('home'), + 'ssl' => Request::post('ssl'), + 'taskid' => $this->scanTask['id'] + ); + $data['step'] = 'AdAuth_CheckCredentials'; + Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-checkconnection', $data); + } + +} + +class AdAuth_CheckCredentials extends AddModule_Base { private $taskIds; @@ -44,21 +97,29 @@ class AdAuth_CheckConnection extends AddModule_Base protected function preprocessInternal() { $server = Request::post('server'); + $port = Request::post('port'); $searchbase = Request::post('searchbase', ''); $binddn = Request::post('binddn'); $bindpw = Request::post('bindpw'); - if (empty($server) || empty($binddn)) { + $ssl = Request::post('ssl', 'off') === 'on'; + if (empty($server) || empty($binddn) || empty($port)) { Message::addError('empty-field'); AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() return; } $parent = null; $this->originalBindDn = ''; + $server .= ':' . $port; + if ($ssl) { + $uri = "ldaps://$server/"; + } else { + $uri = "ldap://$server/"; + } if (preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out)) { $user = $out[1]; $this->originalBindDn = str_replace('/', '\\', $binddn); $selfSearch = Taskmanager::submit('LdapSearch', array( - 'server' => $server, + 'server' => $uri, 'searchbase' => $searchbase, 'binddn' => $this->originalBindDn, 'bindpw' => $bindpw, @@ -72,7 +133,7 @@ class AdAuth_CheckConnection extends AddModule_Base } $ldapSearch = Taskmanager::submit('LdapSearch', array( 'parentTask' => $parent, - 'server' => $server, + 'server' => $uri, 'searchbase' => $searchbase, 'binddn' => $binddn, 'bindpw' => $bindpw @@ -90,14 +151,16 @@ class AdAuth_CheckConnection extends AddModule_Base protected function renderInternal() { - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-checkconnection', array_merge($this->taskIds, array( + Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-checkcredentials', array_merge($this->taskIds, array( 'edit' => Request::post('edit'), 'title' => Request::post('title'), - 'server' => Request::post('server'), + 'server' => Request::post('server') . ':' . Request::post('port'), 'searchbase' => Request::post('searchbase'), 'binddn' => Request::post('binddn'), 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), + 'ssl' => Request::post('ssl'), + 'fingerprint' => Request::post('fingerprint'), 'originalbinddn' => $this->originalBindDn, 'step' => 'AdAuth_Finish' )) @@ -146,6 +209,10 @@ class AdAuth_Finish extends AddModule_Base $module->setData('binddn', $binddn); $module->setData('bindpw', Request::post('bindpw')); $module->setData('home', Request::post('home')); + $module->setData('ssl', Request::post('ssl', 'off') === 'on'); + if (Request::post('fingerprint')) { + $module->setData('fingerprint', Request::post('fingerprint')); + } if ($this->edit !== false) $ret = $module->update($title); else -- cgit v1.2.3-55-g7522