aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/www/include/backend/ldap-ng/session
diff options
context:
space:
mode:
authorM.Gergo2018-07-06 11:14:41 +0200
committerM.Gergo2018-07-06 11:14:41 +0200
commit43de9af71f7f4ca5731b94a06d688ae8412ba427 (patch)
tree54835de1dfcda504c02da261f0dc26885aed2e89 /mayor-orig/www/include/backend/ldap-ng/session
parent50310b0e4513ee3fcce67351ae61e8fff851130e (diff)
downloadmayor-43de9af71f7f4ca5731b94a06d688ae8412ba427.tar.gz
mayor-43de9af71f7f4ca5731b94a06d688ae8412ba427.zip
2018/Feb/28 -i állapot hozzáadva, mint a módosítások kiindulási állapota
Diffstat (limited to 'mayor-orig/www/include/backend/ldap-ng/session')
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php401
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/base.php184
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/createAccount.php157
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/createGroup.php82
-rw-r--r--mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php271
5 files changed, 1095 insertions, 0 deletions
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php b/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php
new file mode 100644
index 00000000..d3733ba2
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php
@@ -0,0 +1,401 @@
+<?php
+/*
+ Module: base/auth-ldap-ng
+ Backend: ldap-ng
+
+ function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '')
+ function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY)
+ function ldapGetUserInfo($userAccount, $toPolicy = _POLICY)
+ function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY)
+ function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY)
+
+*/
+
+######################################################
+# getLDAPInfo - általános LDAP lekérdezés
+######################################################
+
+
+ function getLDAPInfo($Dn, $attrList=array('cn'), $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = '(objectclass=*)';
+ $sr = @ldap_search($ds, $Dn, $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$Dn;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+###########################################################
+# ldapGetAccountInfo - felhasználói információk (backend)
+###########################################################
+
+ function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $backendAttrs, $backendAttrDef;
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy);
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ }
+ return $return[0];
+
+ }
+
+ }
+
+#############################################################
+# ldapGetUserInfo - felhasználói információk (keretrendszer)
+#############################################################
+
+ function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $accountAttrToLDAP, $ldapAttrDef;
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']);
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + LDAP --> MaYoR schema
+ foreach ($accountAttrToLDAP as $attr => $ldapAttr) {
+ $ldapAttr = kisbetus($ldapAttr);
+ if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr];
+ else $return[$attr] = array('count' => 0);
+ }
+ return $return;
+
+ }
+
+ }
+
+###############################################################
+# ldapChangeAccountInfo - felhasználói információk módosítása
+###############################################################
+
+ function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+ $_alert = array();
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr];
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+ }
+
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$userDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$userDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+###########################################################
+# ldapGetGroupInfo - csoport információk (backend)
+###########################################################
+
+ function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+ global $backendAttrs, $backendAttrDef;
+
+
+ if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy);
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // Accountok lekérdezése
+ $info = getLDAPaccounts($toPolicy);
+ for ($i = 0; $i < $info['count']; $i++) {
+ $accountUid[] = array(
+ 'value' => $info[$i]['uid'][0],
+ 'txt' => $info[$i]['displayname'][0]
+ );
+ $accountDn[] = array(
+ 'value' => $info[$i]['dn'],
+ 'txt' => $info[$i]['displayname'][0]
+ );
+ }
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ foreach ($backendAttrDef as $attr => $def) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr];
+ else $return[$i][$attr] = array('count' => 0);
+ }
+ $return[$i]['member']['new'] = $accountDn;
+ $return[$i]['memberuid']['new'] = $accountUid;
+ }
+
+ return $return[0];
+
+ }
+
+ }
+
+###############################################################
+# ldapChangeGroupInfo - csoport információk módosítása
+###############################################################
+
+ function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) {
+
+// !!!! A memberuid / member szinkronjára nem figyel!!
+
+ global $AUTH, $backendAttrs, $backendAttrDef;
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $emptyAttrs = explode(':',$_POST['emptyAttrs']);
+ $_alert = array();
+
+ // Attribútumonként módosítunk
+ foreach ($backendAttrs as $attr) {
+
+ if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS;
+ else $rights = $backendAttrDef[$attr]['rights'];
+
+ if ($rights[_ACCESS_AS] == 'w') {
+
+ $mod_info = $add_info = $del_info = Array();
+ $values = array();
+
+ if ($backendAttrDef[$attr]['type'] == 'image') {
+ $file = $_FILES[$attr]['tmp_name'];
+ if (file_exists($file)) {
+ $fd = fopen($file,'r');
+ $values[0]=fread($fd,filesize($file));
+ fclose($fd);
+ } else {
+ // Sose töröljük!
+ $emptyAttrs[] = $attr;
+ }
+ } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') {
+ if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') {
+ $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z';
+ }
+ } else {
+ if ($backendAttrDef[$attr]['type'] != '')
+ if (isset($_POST[$attr])) $values[0] = $_POST[$attr];
+ else $values[0] = '';
+ }
+
+ if ($backendAttrDef[$attr]['type'] == 'select') {
+ if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr];
+ if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr];
+ } elseif (in_array($attr,$emptyAttrs)) {
+ if ($values[0] != '') $add_info[$attr] = $values;
+ } else {
+ if ($values[0] != '') {
+ $mod_info[$attr] = $values;
+ } else {
+ $del_info[$attr] = Array();
+ }
+
+ }
+
+ if (count($add_info)!=0) {
+ if (!@ldap_mod_add($ds,$groupDn,$add_info)) {
+ $_alert[] = 'message:insufficient_access:add:'.$attr;
+ }
+ }
+ if (count($mod_info)!=0) {
+ if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) {
+ $_alert[] = 'message:insufficient_access:mod:'.$attr;
+ }
+ }
+ if (count($del_info)!=0) {
+ if (!@ldap_mod_del($ds,$groupDn,$del_info)) {
+ $_alert[] = 'message:insufficient_access:del:'.$attr;
+ }
+ }
+
+ } else {
+// $_alert[] = 'message:insufficient_access:'.$attr;
+ }
+ } // foreach
+
+ ldap_close($ds);
+ if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success';
+ else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i];
+
+ }
+
+ function getLDAPaccounts($toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $attrList = array('cn','uid','displayName','samaccountname');
+ $filter = '(&(objectclass=person)(!(objectclass=computer)))';
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $attrList);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ }
+
+ ldap_sort($ds, $sr, 'displayname');
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/base.php b/mayor-orig/www/include/backend/ldap-ng/session/base.php
new file mode 100644
index 00000000..196e431c
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/base.php
@@ -0,0 +1,184 @@
+<?php
+/*
+ Module: base/session
+ Backend: ldap-ng
+
+ function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY)
+ function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY)
+
+*/
+
+ require('include/backend/ldap-ng/base/attrs.php');
+
+ ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0);
+
+ if ($AUTH[_POLICY]['backend'] == 'ldap-ng') {
+ /* why not put into session cache */
+ if ($AUTH[_POLICY]['cacheable']=='yes') {
+ $userDn = _queryCache('RDN',_POLICY,'value');
+ }
+ if (!isset($userDn)) $userDn = LDAPuserAccountToDn();
+ define('_USERDN', $userDn);
+ if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY);
+ unset($userDn);
+ }
+
+######################################################
+# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése
+######################################################
+
+ function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e adott azonosítójú felhasználó?
+ $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))";
+ $justthese=array($AUTH[$toPolicy]['ldapCnAttr']);
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen userAccount (uid)
+ $_SESSION['alert'][] = "message:no_account:$userAccount";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen uid is van
+ $_SESSION['alert'][] = "message:multi_uid:$userAccount";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen felhasználó
+ return $info[0]['dn'];
+ }
+
+ }
+
+
+######################################################
+# A groupCn(cn)-hez tartozó dn lekérdezése
+######################################################
+
+ function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // Kapcsolódás a szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ return false;
+ }
+
+ // Van-e ilyen csoport?
+ $filter="(&(".$AUTH[$toPolicy]['ldapGroupCnAttr']."=$groupCn)(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass']."))";
+ $justthese=array($AUTH[$toPolicy]['ldapGroupCnAttr']);
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure";
+ ldap_close($ds);
+ return false;
+ }
+ $info=ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ if ( $info['count'] === 0 ) {
+ // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó...
+ if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn";
+ return false;
+ } elseif ( $info['count'] > 1 ) {
+ // Több ilyen cn is van
+ $_SESSION['alert'][] = "message:multi_gid:$groupCn";
+ return false;
+ }
+
+ if ($info['count']==1) { // Van - egy - ilyen csoport
+ return $info[0]['dn'];
+ }
+
+ }
+
+######################################################
+# memberOf - csoport tag-e
+######################################################
+
+ function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ /* Kis hack: csoport-tagság helyett vizsgáljuk előbb a megfelelő szervezeti egységet... de ezt nem biztos, hogy érdemes... */
+ if (in_array($group, $AUTH[$toPolicy]['categories'])) {
+ if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true;
+ }
+
+ if (substr($group,0,3) != 'cn=') {
+ $groupDn = LDAPgroupCnToDn(ekezettelen($group));
+ if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában
+ } else {
+ $groupDn = $group;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $justthese = array('cn'); // valamit le kell kérdezni...
+ $filter = "(&(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(member=$userDn))";
+ $sr = @ldap_search($ds, $groupDn, $filter, $justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = ldap_get_entries($ds, $sr);
+ ldap_close($ds);
+
+ if ($info['count'] > 0) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php b/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php
new file mode 100644
index 00000000..db62a348
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php
@@ -0,0 +1,157 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+ require_once('include/backend/ldap-ng/password/changePassword.php');
+
+ /*
+ $SET = array(
+ container => a konténer elem - ha nincs, akkor CN=Users alá rakja
+ category => tanár, diák... egy kiemelt fontosságú csoport tagság
+ groups => egyéb csoportok
+ policyAttrs => policy függő attribútumok
+ )
+ */
+ function ldapCreateAccount(
+ $userCn, $userAccount, $userPassword, $toPolicy, $SET
+ ) {
+
+ global $AUTH;
+
+ $shadowLastChange = floor(time() / (60*60*24));
+
+ // $toPolicy --> ldap backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $ginfo = Array();
+
+ // uid ütközés ellenőrzése
+ $filter = "(sAMAccountName=$userAccount)";
+ $justthese = array('sAMAccountName');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ $uinfo = ldap_get_entries($ds, $sr);
+ $uidCount = $uinfo['count'];
+ ldap_free_result($sr);
+ if ($uidCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount;
+ return false;
+ }
+
+ // Az következő uidNumber megállapítása
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(uidNumber=*))";
+ $justthese = array('uidNumber', 'msSFU30UidNumber');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ ldap_sort($ds, $sr, 'uidNumber');
+ $uinfo = ldap_get_entries($ds, $sr);
+ ldap_free_result($sr);
+ if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1);
+ else $info['uidNumber'] = array(1001);
+
+ // shadow attributumok...
+ // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '')
+ $info['shadowLastChange'] = array($shadowLastChange);
+ if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']);
+ if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']);
+ if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']);
+ if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']);
+ if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']);
+
+ // A szokásos attribútumok
+ $Name = explode(' ',$userCn);
+ $Dn = ldap_explode_dn($AUTH[$toPolicy]['ldapBaseDn'], 1); unset($Dn['count']);
+ $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn));
+ $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount);
+ $info['displayName'] = array($userCn);
+ $info['sn'] = array($Name[0]);
+ $info['givenName'] = array($Name[ count($Name)-1 ]);
+ $info['unixUserPassword'] = array('ABCD!efgh12345$67890');
+ $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount"));
+ $info['loginShell'] = array('/bin/bash');
+ $info['objectClass'] = array($AUTH[$toPolicy]['ldapUserObjectClass'], 'user');
+
+ $policyAccountAttrs = $SET['policyAttrs'];
+ if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['ldapStudyIdAttr'] ] = array($policyAccountAttrs['studyId']);
+ foreach ($policyAccountAttrs as $attr => $value)
+ if ($attr != 'studyId' && isset($accountAttrToLDAP[$attr]))
+ $info[ $accountAttrToLDAP[$attr] ] = array($value);
+
+ if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container'];
+ else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['ldapBaseDn'];
+
+ // user felvétel
+ $_r1 = @ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds);
+ //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // Jelszó beállítás
+ if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount;
+
+ // Engedélyezés
+ $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */
+ $_r1 = @ldap_mod_replace($ds,$dn,$einfo);
+ if (!$_r1) {
+ $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds);
+ //echo $dn.'<pre>'; var_dump($info); echo '</pre>';
+ return false;
+ }
+
+ // Kategória csoportba és egyéb csoportokba rakás
+ if (isset($SET['category'])) {
+ if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']);
+ else $SET['groups'] = array($SET['category']);
+
+ $ginfo['member'] = $dn;
+
+ for ($i = 0; $i < count($SET['groups']); $i++) {
+ $groupDn = LDAPgroupCnToDn($SET['groups'][$i], $toPolicy);
+ if ($groupDn !== false) {
+ $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo);
+ if (!$_r3) {
+ $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds);
+ //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>';
+ }
+ }
+ }
+ }
+
+ ldap_close($ds);
+
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['createAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n");
+ fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n");
+ fclose($sfp);
+ }
+ }
+ $_SESSION['alert'][] = 'info:create_uid_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php b/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php
new file mode 100644
index 00000000..59c77c92
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php
@@ -0,0 +1,82 @@
+<?php
+/*
+ Modules: base/session
+*/
+
+
+ function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) {
+
+ global $AUTH;
+ $category = ekezettelen($SET['category']);
+
+ // $toPolicy --> ldap backend - ellenőrzés!
+ if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = $ginfo = Array();
+
+ // cn ütközés ellenőrzése
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(cn=$groupCn))";
+ $justthese = array('cn');
+ $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ $ginfo = ldap_get_entries($ds, $sr);
+ $gCount = $ginfo['count'];
+ ldap_free_result($sr);
+ if ($gCount > 0) {
+ $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn;
+ return false;
+ }
+
+ // Az következő gidNumber megállapítása
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(gidNumber=*))";
+ $justthese = array('gidNumber', 'msSFU30GidNumber');
+ $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese);
+ ldap_sort($ds, $sr, 'gidNumber');
+ $ginfo = ldap_get_entries($ds, $sr);
+ ldap_free_result($sr);
+ if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1);
+ else $info['gidNumber'] = array(1001);
+
+ // A szokásos attribútumok
+ $info['sAMAccountName'] = $info['cn'] = array($groupCn);
+ $info['description'] = array($groupDesc);
+
+ // A kategória függő attribútumok
+ if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container'];
+ else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['ldapBaseDn'];
+
+ // objectum osztályok
+ $info['objectClass'] = array($AUTH[$toPolicy]['ldapGroupObjectClass']);
+
+ // csoport felvétel
+ $_r1 = ldap_add($ds,$dn,$info);
+ if (!$_r1) {
+ printf("LDAP-Error: %s<br>\n", ldap_error($ds));
+ var_dump($info);
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:create_group_success:'.$dn;
+ return true;
+
+ }
+
+?>
diff --git a/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php
new file mode 100644
index 00000000..70be6ed5
--- /dev/null
+++ b/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php
@@ -0,0 +1,271 @@
+<?php
+/*
+ Module: base/session
+ Backend: ldap-ng
+
+ ! -- Csak publikus mezőkre lehet keresni! -- !
+ function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)')
+ function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'))
+ function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') {
+
+*/
+
+######################################################
+# Általános LDAP kereső függvény
+######################################################
+
+ function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ if ($pattern == '') {
+ $_SESSION['alert'][] = 'message:empty_field';
+ return false;
+ }
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Keresés
+ $filter = "(&$filter($attr=*$pattern*))";
+ $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $searchAttrs);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$filter;
+ ldap_close($ds);
+ return false;
+ }
+
+ $info = @ldap_get_entries($ds,$sr);
+ ldap_close($ds);
+
+ return $info;
+
+ }
+
+######################################################
+# ldapSearchAccount - felhasználó kereső függvény
+######################################################
+
+ function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) {
+
+ global $accountAttrToLDAP;
+
+ // A keresendő attribútum konvertálása LDAP attribútummá
+ if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ];
+ else $attrLDAP = $attr;
+ if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!!
+
+ // A lekérendő attribútumok konvertálása LDAP attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ];
+ else $searchAttrsLDAP[$i] = $searchAttrs[$i];
+ }
+ $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(&(objectclass=person)(!(objectclass=computer)))', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (isset($result[$i][ kisbetus($accountAttrToLDAP[$a]) ])) {
+ if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToLDAP[$a]) ];
+ else $return[$i][$a] = $result[$i][$a];
+ } else {
+ $return[$i][$a] = array('count' => 0) ;
+ }
+ }
+ $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy);
+ $return[$i]['category']['count'] = count($return[$i]['category']);
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# ldapSearchGroup - csoport kereső függvény
+######################################################
+
+ function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) {
+
+ global $groupAttrToLDAP;
+
+ // A keresendő attribútum konvertálása LDAP attribútummá
+ if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ];
+ else $attrLDAP = $attr;
+ if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!!
+
+ // A lekérendő adtibútumok konvertálása LDAP attribútummá
+ for ($i = 0; $i < count($searchAttrs); $i++) {
+ if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ];
+ else $searchAttrsLDAP[$i] = $searchAttrs[$i];
+ }
+
+ $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=group)', $toPolicy);
+ if ($result === false) {
+ return false;
+ } else {
+
+ // LDAP schema --> mayor schema konverzió
+ for ($i = 0; $i < $result['count']; $i++) {
+ // Egységes szerkezetre alakítjuk, azaz a dn is indexelt
+ $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']);
+ for ($j = 0; $j < count($searchAttrs); $j++) {
+ $a = $searchAttrs[$j];
+ if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') {
+ if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ];
+ else $return[$i][$a] = '';
+ } else {
+ $return[$i][$a] = $result[$i][$a];
+ }
+ }
+ }
+ $return['count'] = $result['count'];
+
+ return $return;
+
+ }
+
+ }
+
+######################################################
+# ldapDeleteAccount - account törlése
+######################################################
+
+ function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> ldap-ng backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:ldap-ng!='.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ $userDn = LDAPuserAccountToDn($userAccount, $toPolicy);
+ if ($userDn === false) return false;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ // Az uidNumber, a unixHomeDirectory lekerdezése
+ $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(!(objectclass=computer)))";
+ $justthese = array('uidNumber','unixHomedirectory');
+ $sr = @ldap_search($ds,$userDn,$filter,$justthese);
+ if (!$sr) {
+ $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn;
+ ldap_close($ds);
+ return false;
+ } ;
+
+ $info = @ldap_get_entries($ds,$sr);
+ $uidNumber = $info[0]['uidnumber'][0];
+ $homeDirectory = $info[0]['unixhomedirectory'][0];
+ $uid=$userAccount;
+
+ // user törlése
+ if (!@ldap_delete($ds,$userDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount;
+ }
+
+ ldap_close($ds);
+
+ /*
+ Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait.
+ A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter
+ lista: userAccount, uidNumber, homeDirectory
+ */
+ if (defined('_DATADIR')
+ && isset($AUTH[$toPolicy]['deleteAccountScript'])
+ && file_exists(_DATADIR)
+ ) {
+ $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+');
+ if ($sfp) {
+ fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n");
+ fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n");
+ fclose($sfp);
+ }
+ }
+
+ $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn;
+ return true;
+
+ }
+
+######################################################
+# ldapDeleteGroup - account törlése
+######################################################
+
+ function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) {
+
+ global $AUTH;
+
+ // $toPolicy --> ldap-ng backend - ellenőrzés
+ if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') {
+ $_SESSION['alert'][] = 'page:wrong_backend:ldap-ng!='.$AUTH[$toPolicy]['backend'];
+ return false;
+ }
+
+ $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy);
+ if ($groupDn === false) return false;
+
+ // Kapcsolódás az LDAP szerverhez
+ $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']);
+ if (!$ds) {
+ $_SESSION['alert'][] = 'alert:ldap_connect_failure';
+ return false;
+ }
+
+ // Csatlakozás a szerverhez
+ $r = @ldap_bind($ds, _USERDN, _USERPASSWORD);
+ if (!$r) {
+ $_SESSION['alert'][] = 'message:ldap_bind_failure';
+ ldap_close($ds);
+ return false;
+ }
+
+ if (!@ldap_delete($ds, $groupDn)) {
+ $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn;
+ }
+
+ ldap_close($ds);
+
+ $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn;
+ return true;
+
+ }
+
+
+?>