diff options
author | M.Gergo | 2019-03-08 21:20:34 +0100 |
---|---|---|
committer | M.Gergo | 2019-03-08 21:20:34 +0100 |
commit | f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0 (patch) | |
tree | e13e60e4b94a3b58f1e2bfbe271102c8f04b67bd /mayor-orig/www/include/backend | |
parent | c76a004b0135786f2742283f8d5f917106f58bd8 (diff) | |
download | mayor-f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0.tar.gz mayor-f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0.zip |
további rendrakás
Diffstat (limited to 'mayor-orig/www/include/backend')
44 files changed, 0 insertions, 7811 deletions
diff --git a/mayor-orig/www/include/backend/ads/auth/login.php b/mayor-orig/www/include/backend/ads/auth/login.php deleted file mode 100644 index 59cbf3e5..00000000 --- a/mayor-orig/www/include/backend/ads/auth/login.php +++ /dev/null @@ -1,358 +0,0 @@ -<?php -/* - Auth-ADS - - A név-jelszó pár ellenőrzése Active Directory adatbázis alapján -*/ - -/* -------------------------------------------------------------- - - Felhasználók azonosítása az AD-ban tárolt person (konfigurálható) - osztályok alapján történik. - - A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE - konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php) - - Sikeres hitelesítés esetén - az egyéb account információkat (minimálisan a 'cn', azaz 'common name' - attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el. - - Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az - elutasítás okát. - --------------------------------------------------------------- */ - -###################################################################### -# Az LDAP protocol version 3 kötelező, -# referals=0 nélkül használhatatlanul lassú -###################################################################### - - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0); - - /** - * A userAccountControl pár fontos flag-e: - * - * Forrás: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832%28v=vs.85%29.aspx - * - * 512 Enabled Account - * 514 Disabled Account - * 544 Enabled, Password Not Required - * 546 Disabled, Password Not Required - * 66048 Enabled, Password Doesn't Expire - * 66050 Disabled, Password Doesn't Expire - * 66080 Enabled, Password Doesn't Expire & Not Required - * 66082 Disabled, Password Doesn't Expire & Not Required - * 590336 Enabled, User Cannot Change Password, Password Never Expires - * - * Ha pwdLastSet=0 és UF_DONT_EXPIRE_PASSWD=0, akkor következő bejelentkezéskor jelszót _kell_ változtatni. - **/ - define('ADS_UF_ACCOUNTDISABLE',0x00000002); // The user account is disabled. - define('ADS_UF_PASSWD_NOTREQD',0x00000020); // No password is required. - define('ADS_UF_PASSWD_CANT_CHANGE',0x00000040); // The user cannot change the password. - define('ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED',0x00000080); // The user can send an encrypted password. - define('ADS_UF_NORMAL_ACCOUNT',0x00000200); // This is a default account type that represents a typical user. - define('ADS_UF_DONT_EXPIRE_PASSWD',0x00010000); // The password for this account will never expire. - define('ADS_UF_PASSWORD_EXPIRED',0x00800000); // The user password has expired. - - /** - * Ha az accountExpires = 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807), akkor az account sose jár le. (nem a jelszó! az account.) - **/ - define('ADS_ACCOUNTEXPIRES_NEVER','9223372036854775807'); - - /** - * Forrás: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724284%28v=VS.85%29.aspx - * - unixDays - Az eltelt napok száma 1970-01-01-től - * - unixTimestamp - Az eltelt másodpercek száma 1970-01-01 00:00:00-től - * - msFileTime - A 1601-01-01 00:00:00-tól elteltt 100 nanosecundum-os intervallumok száma (1/10000000 sec) - **/ - function msFileTime2unixDays($pwdLastSet) { - return floor((($pwdLastSet / 10000000) - 11644406783) / 86400); - } - function msFileTime2unixTimestamp($pwdLastSet) { - return bcsub(bcdiv($pwdLastSet, '10000000'), '11644473600'); - } - - function getAccountStatus($userAccount, $toPolicy, $userinfo, $ds) { - - /** - * Meghatározza a felhasználói jelszó lejárati dátumát és az account egyéb fontos jellemzőit - * - * @params: $userAccount - a lekérdezendő account - * @params: $userinfo - A user adatait tartalmazó korábbi LDAP lekérdezés eredménye (useraccountcontrol, pwdlastchange) - * @params: $ds - LDAP csatlakozás azonosító - * @requires: bcmath http://www.php.net/manual/en/book.bc.php - * MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx - a pwdLastSet 64 bites integer - * @return: array - * @param book $isGUID Is the username passed a GUID or a samAccountName - **/ - global $AUTH; - - if ($toPolicy == '') $toPolicy = _POLICY; - if (!function_exists('bcmod')) { - $_SESSION['alert'][] = 'message:system_error:Nem támogatott függvényhívás [bcmod]! http://www.php.net/manual/en/book.bc.php'; - return false; - }; - - if (!$ds) { - $closeLDAP = true; - // Csatlakozzunk az LDAP kiszolgálóhoz! - // Kapcsolódás a szerverhez - $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - } - - if (!is_array($userinfo)) { - // Kérdezzük le az account adatait! - $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))"; - $justthese = array("sn","cn",$AUTH[$toPolicy]['adsStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax","pwdlastset","accountexpires","useraccountcontrol"); - $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - if ($closeLDAP) ldap_close($ds); - return false; - } - $userinfo = ldap_get_entries($ds,$sr); - if ( $userinfo['count'] === 0 || is_null($userinfo)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10) - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - if ($closeLDAP) ldap_close($ds); - return false; - } - if ( $userinfo['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid"; - if ($closeLDAP) ldap_close($ds); - return false; - } - } - $pwdlastset = $userinfo[0]['pwdlastset'][0]; - $userAccountControl = $userinfo[0]['useraccountcontrol'][0]; - - $status = array(); - - $status['pwdLastSet'] = $pwdlastset; - $status['pwdLastSetDt'] = date('Y-m-d H:i:s',msFileTime2unixTimestamp($pwdlastset)); - $status['accountExpires'] = $userinfo[0]['accountexpires'][0]; - $status['accountNeverExpires'] = (ADS_ACCOUNTEXPIRES_NEVER==$userinfo[0]['accountexpires'][0]) || ($userinfo[0]['accountexpires'][0] == 0); - if (!$status['accountNeverExpires']) { - $status['accountExpiresDt'] = date('Y-m-d H:i:s',msFileTime2unixTimestamp($userinfo[0]['accountexpires'][0])); - $status['accountExpiresTimestamp'] = msFileTime2unixTimestamp($userinfo[0]['accountexpires'][0]); - } - $status['accountDisabled'] = (bool)($userAccountControl & ADS_UF_ACCOUNTDISABLE); - $status['noPasswordRequired'] = (bool)($userAccountControl & ADS_UF_PASSWD_NOTREQD); - $status['cannotChangePassword'] = (bool)($userAccountControl & ADS_UF_PASSWD_CANT_CHANGE); - $status['normalAccount'] = (bool)($userAccountControl & ADS_UF_NORMAL_ACCOUNT); - $status['passwordNeverExpire'] = (bool)($userAccountControl & ADS_UF_DONT_EXPIRE_PASSWD); - $status['passwordExpired'] = (bool)($userAccountControl & ADS_UF_PASSWORD_EXPIRED); // Ez mintha nem működne... - $status['mustChangePassword'] = ($pwdlastset === '0' && $status['passwordNeverExpire']); - - // A jelszó lejárati dátum az AD-ben két értékből számítható ki: - // - A felhasználó saját pwdLastSet atribútuma: ez tárolja a jelszó utolsó módosításának időpontját - // - A tartomány maxPwdAge atribútuma: milyen hosszú ideig lehet érvényes a jelszó a tartományban - // - // A Microsoft persze saját kiindulási időpontot és lépési egységet használ az idő tárolására. - // Ez a függvény konvertálja ezt az értéket Unix időbélyeggé - - // Kérdezzük le a tartomány maxPwdAge attribútumát! - $sr = ldap_read($ds, $AUTH[$toPolicy]['adsBaseDn'], 'objectclass=domain', array('maxPwdAge')); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:getAccountStatus (ads backend)"; - if ($closeLDAP) ldap_close($ds); - return false; - } - $info = ldap_get_entries($ds, $sr); - $maxpwdage = $info[0]['maxpwdage'][0]; - - // Lásd MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx - // - // pwdLastSet tartalmazza az 1601 (UTC) január 1 óta eltelt 100 nanoszekundumos időintervallumok számát - // 64 bit-es integer típusú értékként - // - // Ettől az időponttól a Unix időszámítás kezdetéig eltelt másodpercek száma 11644473600. - // - // maxPwdAge szintén large integer, ami a jelszóváltoztatás és a jelszó lejárat közötti 100 nanoszekundumos időintervallumok számát tárolja - - $status['maxPwdAgeInDays'] = bcdiv(bcsub(0,$maxpwdage),'36000000000')/24; - - // Ezt az étéket át kell váltanunk másodpercekre, de ez egy negatív mennyiség! - // - // Ha a maxPwdAge alsó 32 bites része 0, akkor a jelszavak nem járnak le - // - // Sajnos ezek a számok túl nagyok a PHP integer típusához, ezért kell a BCMath függvényeit használnunk - - $status['passwordsDoNotExpireInDomain'] = (bcmod($maxpwdage, 4294967296) === '0'); - - // Adjuk össze a pwdlastset és maxpwdage értékeket (pontosabban az utóbbi negatív értéket - // vonjuk ki az előbbiből), így megkapjuk a jelszó lejáratának időpontját a Microsoft féle - // egységekben. - $pwdexpire = bcsub($pwdlastset, $maxpwdage); - - // Konvertáljuk az MS féle időt unix időre - $status['expiryTimestamp'] = bcsub(bcdiv($pwdexpire, '10000000'), '11644473600'); - $status['expiryDate'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdexpire, '10000000'), '11644473600')); - - if ($closeLDAP) ldap_close($ds); - - $status['userAccount'] = $userAccount; - $status['usetAccountControl'] = $userAccountControl; - $status['shadowLastChange'] = $userinfo[0]['shadowlastchange'][0]; - $status['shadowWarning'] = $userinfo[0]['shadowwarning'][0]; - $status['shadowInactive'] = $userinfo[0]['shadowinactive'][0]; - return array_merge($status); - - - } - - function adsUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) { - - global $AUTH; - - if ($toPolicy == '') { - if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy']; -// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy']; - else $toPolicy = _POLICY; - } - - // Kapcsolódás a szerverhez - $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return _AUTH_FAILURE; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return _AUTH_FAILURE; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))"; - $justthese = array("sn","cn",$AUTH[$toPolicy]['adsStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax","pwdlastset","accountexpires","useraccountcontrol"); - $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return _AUTH_FAILURE; - } - $info = ldap_get_entries($ds,$sr); - if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10) - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - ldap_close($ds); - return _AUTH_FAILURE_1; - } - - if ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid"; - ldap_close($ds); - return _AUTH_FAILURE_2; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - - $status = getAccountStatus($userAccount, $toPolicy, $info, $ds); - // Lejárt-e - // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik - // Esetünkben - if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk - $info[0]['shadowlastchange'][0] = msFileTime2unixDays($info[0]['pwdlastset'][0]); - } - - // A globális beállítással kikényszeríthető a nagyobb warning időszak - $shadowWarning = ($status['shadowWarning']<$AUTH[$toPolicy]['shadowWarning']) ? $AUTH[$toPolicy]['shadowWarning'] : $status['shadowWarning']; - - - $disabled = ( // Ha az jelszavak lejárhatnak a domain-ben és a user jellszava is lejárhat és le is járt... - !$status['passwordNeverExpire'] - && !$status['passwordsDoNotExpireInDomain'] - && $status['expiryTimestamp'] < time() - ) || ( // vagy az account lejárhat és le is járt - !$status['accountNeverExpires'] - && $status['accountExpiresTimestamp']<time() - ); // Akkor már nem lehet belépni/jelszót változtatni... - $expired = ( // Ha a jelszavak lejárhatnak és a user jelszava is lejárhat, és shadowwarning-on belül le fog járni a jelszó - !$status['passwordNeverExpire'] - && !$status['passwordsDoNotExpireInDomain'] - && $status['expiryTimestamp'] - ($shadowWarning*24*60*60) < time() - ) || ( // Ha az account lejárhat és shadow warning-on belül le is fog járni az account - !$status['accountNeverExpires'] - && $status['accountExpiresTimestamp'] - ($shadowWarning*24*60*60) < time() - ); // ... - - /** - * Más backend-ben csak $AUTH[$toPolicy]['onDisabled'] == 'refuse' esetén utasítanánk el, de itt nincs más lehetőség... - **/ - if ($disabled) { - $_SESSION['alert'][] = 'message:account_disabled'; - ldap_close($ds); - return _AUTH_FAILURE_4; - } - - $accountInformation['cn'] = $info[0]['cn'][0]; - $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['adsStudyIdAttr'] ][0]; - $accountInformation['dn'] = $info[0]['dn']; - $accountInformation['account'] = $userAccount; - // Jelszó ellenőrzés - lehet-e csatlakozni - if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) { - $_SESSION['alert'][] = 'message:bad_pw'; - return _AUTH_FAILURE_3; - } - - ldap_close($ds); - if (!$expired || $AUTH[$toPolicy]['onExpired'] == 'none') { - return _AUTH_SUCCESS; - } else { - $pwLejar = floor(($status['expiryTimestamp'] - time()) / 86400); - $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; - $_SESSION['alert'][] = 'info:warn_account_disable:'.$pwLejar; // más backend esetén csak onDisable=refuse esetén szoktuk... - if ($AUTH[$toPolicy]['onExpired'] == 'warning') { - return _AUTH_SUCCESS; - } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { - return _AUTH_EXPIRED; - } else { - return _AUTH_FAILURE; - } - } - -/* - // Lejárt-e az azonosító - if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update - // Lejárt-e - $pwLejar = $expireTimestamp - floor(time()/(60*60*24)); - if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) { - $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; - return _AUTH_SUCCESS; - } elseif ($pwLejar <= 0) { - $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar); - if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar); - if ($AUTH[$toPolicy]['onExpired'] == 'warning') { - return _AUTH_SUCCESS; - } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { - return _AUTH_EXPIRED; - } else { - return _AUTH_FAILURE; - } - } - } // onExpired - // Ha idáig eljut, akkor minden rendben. - return _AUTH_SUCCESS; -*/ - } // count == 1 - - } - -?> diff --git a/mayor-orig/www/include/backend/ads/base/attrs.php b/mayor-orig/www/include/backend/ads/base/attrs.php deleted file mode 100644 index e01aa00c..00000000 --- a/mayor-orig/www/include/backend/ads/base/attrs.php +++ /dev/null @@ -1,160 +0,0 @@ -<?php -/* - Module: useradmin -*/ - - if (file_exists('lang/'._LANG.'/backend/ads/attrs.php')) { - require('lang/'._LANG.'/backend/ads/attrs.php'); - } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ads/attrs.php')) { - require('lang/'._DEFAULT_LANG.'/backend/ads/attrs.php'); - } - -###################################################### -# Alapértelmezett jogosultságok -# -# w - Írható/olvasható -# r - olvasható -# - - egyik sem -# -# Három karakter: admin, self, other jogai -###################################################### - - define('_DEFAULT_ADS_RIGHTS','wr-'); - -###################################################### -# Az LDAP account attribútumok -###################################################### - - global $adsAccountAttrs; - $adsAccountAttrs = array( - 'cn', - 'sn', - 'serialnumber', - 'givenname', - 'displayname', - 'name', - 'padpwdcount', - 'badpasswordtime', - 'lastlogon', - 'pwdlastset', // ~ shadowLastChane - 'accountexpires', // != shadowExpired - henme mi? 1601.01.01-től (60*60*24*1000*1000*10)*napok száma - 'samaccountname', - 'userprincipalname', - 'useraccountcontrol', - 'objectcategory', - 'uid', - 'mssfu30name', - 'uidnumber', - 'gidnumber', - 'unixhomedirectory', - 'loginshell', - - 'shadowlastchange', - 'shadowexpire', - 'shadowwarning', - 'shadowmin', - 'shadowmax', - 'shadowinactive', - -/* - 'gecos', - 'mail', - 'telephonenumber', - 'mobile', - 'l', - 'street', - 'postaladdress', - 'postalcode', - 'homedirectory', -*/ - ); - - global $adsGroupAttrs; - $adsGroupAttrs = array( - 'cn', - 'description', - 'member', - 'name', - 'samaccountname', - 'objectcategory', - 'gidnumber', // ennek kellene lennie - mitől lesz? -/* 'memberuid' */ - ); - - global $accountAttrToADS; // Kis és nagybetű számít!!! - $accountAttrToADS = array( - 'userAccount' => 'sAMAccountName', - 'userCn' => 'displayName', - 'mail' => 'mail', - 'studyId' => 'serialNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns - 'shadowLastChange' => 'shadowLastChange', - 'shadowWarning' => 'shadowWarning', - 'shadowMin' => 'shadowMin', - 'shadowMax' => 'shadowMax', - 'shadowExpire' => 'shadowExpire', - 'shadowInactive' => 'shadowInactive', - ); - - global $groupAttrToADS; - $groupAttrToADS = array( - 'groupCn' => 'cn', - 'groupDesc' => 'description', - 'member' => 'member', - ); - - global $adsAccountAttrDef; - $adsAccountAttrDef = array( - 'dn' => array('desc' => _ADSDN, 'type' => 'text', 'rights' => 'rrr'), - 'cn' => array('desc' => _ADSCN, 'type' => 'text', 'rights' => 'rrr'), - 'sn' => array('desc' => _ADSSN, 'type' => 'text', 'rights' => 'wrr'), - 'givenname' => array('desc' => _ADSGIVENNAME, 'type' => 'text'), - 'serialnumber' => array('desc' => _ADSSERIALNUMBER, 'type' => 'int', 'rights' => 'wrr'), - 'displayname' => array('desc' => _ADSCN, 'type' => 'text', 'rights' => 'wrr'), - 'name' => array('desc' => _ADSNAME, 'type' => 'text', 'rights' => 'r--'), - 'padpwdcount' => array('desc' => _ADSBADPWDCOUNT, 'type' => 'int', 'rights' => 'wrr'), - 'badpasswordtime' => array('desc' => _ADSBADPASSWORDTIME, 'type' => 'int', 'rights' => 'r--'), - 'lastlogon' => array('desc' => _ADSLASTLOGON, 'type' => 'int', 'rights' => 'r--'), - 'pwdlastset' => array('desc' => _ADSPWDLASTSET, 'type' => 'int', 'rights' => 'r--'), - 'accountexpires' => array('desc' => _ADSACCOUNTEXPIRES, 'type' => 'int', 'rights' => 'wrr'), - 'samaccountname' => array('desc' => _ADSSAMACCOUNTNAME, 'type' => 'text', 'rights' => 'wrr'), - 'useraccountcontrol' => array('desc' => _USERACCOUNTCONTROL, 'type' => 'text', 'rights' => 'wrr'), - 'userprincipalname' => array('desc' => _ADSUSERPRINCIPALNAME, 'type' => 'text', 'rights' => 'wrr'), - 'objectcategory' => array('desc' => _ADSOBJECTCATEGORY, 'type' => 'text', 'rights' => 'r--'), - 'uid' => array('desc' => _ADSUID, 'type' => 'text', 'rights' => 'rrr'), - 'uidnumber' => array('desc' => _ADSUIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'gidnumber' => array('desc' => _ADSGIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'mssfu30name' => array('desc' => _ADSUID, 'type' => 'text', 'rights' => 'r--'), - 'unixhomedirectory' => array('desc' => _ADSUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'), - 'loginshell' => array('desc' => _ADSLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'), - 'shadowlastchange' => array('desc' => _ADSSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowexpire' => array('desc' => _ADSSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowwarning' => array('desc' => _ADSSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'), - 'shadowmin' => array('desc' => _ADSSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'), - 'shadowmax' => array('desc' => _ADSSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'), - 'shadowinactive' => array('desc' => _ADSSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'), -/* - 'gecos' => array('desc' => _ADSGECOS, 'type' => 'text', 'rights' => 'w--'), - 'mail' => array('desc' => _ADSMAIL, 'type' => 'text', 'rights' => 'wwr'), - 'telephonenumber' => array('desc' => _ADSTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'), - 'mobile' => array('desc' => _ADSMOBILE, 'type' => 'text', 'rights' => 'ww-'), - 'l' => array('desc' => _ADSL, 'type' => 'text'), - 'street' => array('desc' => _ADSSTREET, 'type' => 'text'), - 'postaladdress' => array('desc' => _ADSPOSTALADDRESS, 'type' => 'text'), - 'postalcode' => array('desc' => _ADSPOSTALCODE, 'type' => 'text'), -*/ - ); - - global $adsGroupAttrDef; - $adsGroupAttrDef = array( - 'cn' => array('desc' => _ADSCN, 'type' => 'text','rights' => 'rrr'), - 'name' => array('desc' => _ADSNAME, 'type' => 'text','rights' => 'rrr'), - 'samaccountname' => array('desc' => _ADSSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'), - 'description' => array('desc' => _ADSDESCRIPTION, 'type' => 'text'), - 'gidnumber' => array('desc' => _ADSGIDNUMBER, 'type' => 'int','rights' => 'w--'), - 'member' => array('desc' => _ADSMEMBER, 'type' => 'select'), - 'objectcategory' => array('desc' => _ADSOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'), - - 'memberuid' => array('desc' => _ADSMEMBERUID, 'type' => 'select'), - ); - -?> diff --git a/mayor-orig/www/include/backend/ads/password/changePassword.php b/mayor-orig/www/include/backend/ads/password/changePassword.php deleted file mode 100644 index 6d686b34..00000000 --- a/mayor-orig/www/include/backend/ads/password/changePassword.php +++ /dev/null @@ -1,165 +0,0 @@ -<?php -/* - - Module: base/password - - Active Directory-ban csak ldaps-sel lehet megváltoztatni a jelszót! - Az AD a shadow attribútumokat nem kezeli, helyettük más attribútumokat állít automatikusan. - De azért beállítjuk őket, abból baj nem lehet... - - function changeMyPassword($userAccount, $userPassword, $newPassword, $verification) - A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására. - Ennek eldöntése a függvényt hívó program feladata -*/ - -############################################################################ -# Jelszó kódolása az Active Directory számára -############################################################################ - -function ADSEncodePassword($password) { - - return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8"); - -} - -############################################################################ -# Saját jelszó megváltoztatása -############################################################################ - -/* ************************************************************************* - A leírások szerint a felhasználó maga is megváltoztathatja jelszavát. - Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint), - és felvétele új értékkel - mindenz elvileg egy lépésben. - - A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem - támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból - sem működik... -************************************************************************* */ - -function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy']; - $userDn = ADSuserAccountToDn($userAccount, $toPolicy); - - // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!) - $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - // nem sikerült csatlakozni - $_SESSION['alert'][] = 'message:ldap_failure'; - return false; - } - - // Az eredeti jelszó ellenőrzése - csatlakozással - $b_ok = ldap_bind($ds,$userDn,$userPassword); - if (!$b_ok) { - // Talán a régi jelszót elgépelte, vagy le van tiltva... - $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?'; - ldap_close($ds); - return false; - } - - // A régi és új jelszavak átkódolása - $newUnicodePwd = base64_encode(ADSEncodePassword($newPassword)); - $oldUnicodePwd = base64_encode(ADSEncodePassword($userPassword)); - // A php ldap_mod* függvényei nem tudnak egy lépésben többféle módosítást elküldeni - // ezért a parancssoros ldapmodify-t kell meghívnunk... - $ldif=<<<EOT -dn: $userDn -changetype: modify -delete: unicodePwd -unicodePwd:: $oldUnicodePwd -- -add: unicodePwd -unicodePwd:: $newUnicodePwd -- -EOT; - $cmd = sprintf("/usr/bin/ldapmodify -H %s -D '%s' -x -w %s", $AUTH[$toPolicy]['adsHostname'], $userDn, $userPassword); - // KHM! - if (($fh = popen($cmd, 'w')) === false ) { - // Nem sikerült megnyitni a csatornát - mikor is lehet ilyen? Ha nincs ldapmodify? - $_SESSION['alert'][] = 'message:popen_failure'; - return false; - } - fwrite($fh, "$ldif\n"); - pclose($fh); - - // Sikeres volt-e a jelszóváltoztatás? Próbáljunk újra csatlakozni az új jelszóval! - if (!@ldap_bind($ds, $userDn, $newPassword)) { - $_SESSION['alert'][] = 'message:bad_pw'; - return false; - } - - // Shadow attribútumok beállítása - // Ezekre nincs jogosultsága a felhasználónak, így csak AccountOperator-ként módosítható - // Ráadásul Windoes alatt változtatva a jelszót ezek nem változnak, így nem lehet számítani rájuk... - if (isset($AUTH[$toPolicy]['adsAccountOperatorUser'])) { - $shadowLastChange = floor(time()/(60*60*24)); - $info['shadowLastChange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - - $b_ok = ldap_bind($ds,$AUTH[$toPolicy]['adsAccountOperatorUser'],$AUTH[$toPolicy]['adsAccountOperatorPw']); - if (!$b_ok) { $_SESSION['alert'][] = 'message:ldap_bind_failure'; return false; } - $r = @ldap_mod_replace($ds, $userDn, $info); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_modify_failure:changeMyPassword'; - return false; - } - } - ldap_close($ds); - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - -} - -############################################################################ -# Adminisztrátori jelszó változtatás -############################################################################ - -function changePassword($userAccount, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = _POLICY; - $userDn = ADSuserAccountToDn($userAccount, $toPolicy); - $shadowLastChange = floor(time()/(60*60*24)); - - $ds = ldap_connect($AUTH[$toPolicy]['adsHostname']); - if ($ds) { - $b_ok = ldap_bind($ds,BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - if ($b_ok) { - $info['unicodePwd'][0] = ADSEncodePassword($newPassword); - // Ezekre nincs jogosultsága a felhasználónak, nem változnak: - // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE - $info['shadowLastChange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - $r = @ldap_mod_replace($ds,$userDn,$info); - ldap_close($ds); - if ($r) { - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - } else { - $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword'; - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword'; - ldap_close($ds); - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_failure'; - return false; - } -} - -?> diff --git a/mayor-orig/www/include/backend/ads/session/accountInfo.php b/mayor-orig/www/include/backend/ads/session/accountInfo.php deleted file mode 100644 index eef90fd4..00000000 --- a/mayor-orig/www/include/backend/ads/session/accountInfo.php +++ /dev/null @@ -1,416 +0,0 @@ -<?php -/* - Module: base/auth-ads - Backend: ads - - function getADSInfo($userDn, $attrList=array('cn'), $toPolicy = '') - function adsGetAccountInfo($userAccount, $toPolicy = _POLICY) - function adsGetUserInfo($userAccount, $toPolicy = _POLICY) - function adsChangeAccountInfo($userAccount, $toPolicy = _POLICY) - function adsGetGroupInfo($groupCn, $toPolicy = _POLICY) - -*/ - -###################################################### -# getADSInfo - általános ADS lekérdezés -###################################################### - - - function getADSInfo($userDn, $attrList=array('cn'), $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az ADS szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = '(objectclass=*)'; - $sr = @ldap_search($ds, $userDn, $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -########################################################### -# adsGetAccountInfo - felhasználói információk (backend) -########################################################### - - function adsGetAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $backendAttrs, $backendAttrDef; - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy); - - $userDn = ADSuserAccountToDn($userAccount, $toPolicy); - - $result = getADSInfo($userDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // ADS schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - } - return $return[0]; - - } - - } - -############################################################# -# adsGetUserInfo - felhasználói információk (keretrendszer) -############################################################# - - function adsGetUserInfo($userAccount, $toPolicy = _POLICY) { - - global $accountAttrToADS, $adsAttrDef; - $userDn = ADSuserAccountToDn($userAccount, $toPolicy); - - $result = getADSInfo($userDn, array_values($accountAttrToADS), $toPolicy); - if ($result === false) { - return false; - } else { - - $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']); - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + ADS --> MaYoR schema - foreach ($accountAttrToADS as $attr => $adsAttr) { - $adsAttr = kisbetus($adsAttr); - if (isset($result[0][$adsAttr])) $return[$attr] = $result[0][$adsAttr]; - else $return[$attr] = array('count' => 0); - } - return $return; - - } - - } - -############################################################### -# adsChangeAccountInfo - felhasználói információk módosítása -############################################################### - - function adsChangeAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - $userDn = ADSuserAccountToDn($userAccount, $toPolicy); - - // Kapcsolódás az ADS szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - $_alert = array(); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_ADS_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr]; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - } - - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$userDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$userDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - -########################################################### -# adsGetGroupInfo - csoport információk (backend) -########################################################### - - function adsGetGroupInfo($groupCn, $toPolicy = _POLICY, $SET = array()) { - - global $backendAttrs, $backendAttrDef; - - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy); - - $groupDn = ADSgroupCnToDn($groupCn, $toPolicy); - - $result = getADSInfo($groupDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // Accountok lekérdezése - $info = getADSaccounts($toPolicy); - for ($i = 0; $i < $info['count']; $i++) { - $accountUid[] = array( - 'value' => $info[$i]['uid'][0], - 'txt' => $info[$i]['displayname'][0] - ); - $accountDn[] = array( - 'value' => $info[$i]['dn'], - 'txt' => $info[$i]['displayname'][0] - ); - $DN2CN[$info[$i]['dn']] = $info[$i]['displayname'][0]; - } - - // ADS schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif($attr == 'member') { - $_TMP = array(); - for ($j=0; $j<$result[$i][$attr]['count']; $j++) { - $_dn = $result[$i][$attr][$j]; - $_TMP[] = array( - 'type'=>'member', - 'value'=>$_dn, - 'txt'=>($DN2CN[$_dn]==''?str_replace(',',' ',$_dn):$DN2CN[$_dn]) - ); - } - $return[$i][$attr] = $_TMP; - } - - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - - if ($SET['withNewAccounts']===true) { - $return[$i]['member']['new'] = $accountDn; - $return[$i]['memberuid']['new'] = $accountUid; - } - } - - return $return[0]; - - } - - } - -############################################################### -# adsChangeGroupInfo - csoport információk módosítása -############################################################### - - function adsChangeGroupInfo($groupCn, $toPolicy = _POLICY) { - -// !!!! A memberuid / member szinkronjára nem figyel!! - - global $AUTH, $backendAttrs, $backendAttrDef; - $groupDn = ADSgroupCnToDn($groupCn, $toPolicy); - - // Kapcsolódás az ADS szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - $_alert = array(); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_ADS_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '') - if (isset($_POST[$attr])) $values[0] = $_POST[$attr]; - else $values[0] = ''; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - - } - - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$groupDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$groupDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - - function getADSaccounts($toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az ADS szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $attrList = array('cn','uid','displayName','samaccountname'); - $filter = '(&(objectclass=person)(!(objectclass=computer)))'; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } - - ldap_sort($ds, $sr, 'displayname'); - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - - -?> diff --git a/mayor-orig/www/include/backend/ads/session/base.php b/mayor-orig/www/include/backend/ads/session/base.php deleted file mode 100644 index 3a727c3b..00000000 --- a/mayor-orig/www/include/backend/ads/session/base.php +++ /dev/null @@ -1,188 +0,0 @@ -<?php -/* - Module: base/session - Backend: ads (for Active Directory) - - function ADSuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) - function adsMemberOf($userAccount, $group, $toPolicy = _POLICY) - -*/ - - require('include/backend/ads/base/attrs.php'); - - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0); - - if ($AUTH[_POLICY]['backend'] == 'ads') { - /* why not put into session cache */ - if ($AUTH[_POLICY]['cacheable']=='yes') { - $userDn = _queryCache('RDN',_POLICY,'value'); - } - if (!isset($userDn)) $userDn = ADSuserAccountToDn(); - define('_USERDN', $userDn); // --TODO DEPRECATED - define('BACKEND_CONNECT_DN', $AUTH[_POLICY]['adsUser']); - define('BACKEND_CONNECT_PASSWORD', $AUTH[_POLICY]['adsPw']); - if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY); - unset($userDn); - } - -###################################################### -# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése -###################################################### - - function ADSuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(sAMAccountName=$userAccount)(objectClass=".$AUTH[$toPolicy]['adsUserObjectClass']."))"; - $justthese=array('cn','sn','givenName'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid:$userAccount"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - return $info[0]['dn']; - } - - } - - -###################################################### -# A groupCn(cn)-hez tartozó dn lekérdezése -###################################################### - - function ADSgroupCnToDn($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e ilyen csoport? - $filter="(&(cn=$groupCn)(objectClass=".$AUTH[$toPolicy]['adsGroupObjectClass']."))"; - $justthese=array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó... - if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen cn is van - $_SESSION['alert'][] = "message:multi_gid:$groupCn"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen csoport - return $info[0]['dn']; - } - - } - -###################################################### -# memberOf - csoport tag-e -###################################################### - - function adsMemberOf($userAccount, $group, $toPolicy = _POLICY) { - - global $AUTH; - //global $ADS2Mayor; - - $userDn = ADSuserAccountToDn($userAccount, $toPolicy); - if (in_array($group, $AUTH[$toPolicy]['categories'])) { - if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true; -# Ha nincs megfelelő ou-ban, akkor nézzük a csoport tagságot - így berakható időszakosan akárki pl a titkárság kategóriába... -# else return false; - } - - if (substr($group,0,3) != 'cn=') { - $groupDn = ADSgroupCnToDn(ekezettelen($group)); - if (!$groupDn) return false; // Ha nincs ilyen csoport az ADS fában - } else { - $groupDn = $group; - } - - // Kapcsolódás az ADS szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['adsUser'],$AUTH[$toPolicy]['adsPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $justthese = array('cn'); // valamit le kell kérdezni... - $filter = "(&(objectClass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(member=$userDn))"; - $sr = @ldap_search($ds, $groupDn, $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = ldap_get_entries($ds, $sr); - ldap_close($ds); - - if ($info['count'] > 0) { - return true; - } else { - return false; - } - - } - -?> diff --git a/mayor-orig/www/include/backend/ads/session/createAccount.php b/mayor-orig/www/include/backend/ads/session/createAccount.php deleted file mode 100644 index 02809f07..00000000 --- a/mayor-orig/www/include/backend/ads/session/createAccount.php +++ /dev/null @@ -1,157 +0,0 @@ -<?php -/* - Modules: base/session -*/ - - require_once('include/backend/ads/password/changePassword.php'); - - /* - $SET = array( - container => a konténer elem - ha nincs, akkor CN=Users alá rakja - category => tanár, diák... egy kiemelt fontosságú csoport tagság - groups => egyéb csoportok - policyAttrs => policy függő attribútumok - ) - */ - function adsCreateAccount( - $userCn, $userAccount, $userPassword, $toPolicy, $SET - ) { - - global $AUTH; - - $shadowLastChange = floor(time() / (60*60*24)); - - // $toPolicy --> ads backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ads') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $ginfo = Array(); - - // uid ütközés ellenőrzése - $filter = "(sAMAccountName=$userAccount)"; - $justthese = array('sAMAccountName'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese); - $uinfo = ldap_get_entries($ds, $sr); - $uidCount = $uinfo['count']; - ldap_free_result($sr); - if ($uidCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount; - return false; - } - - // Az következő uidNumber megállapítása - $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsUserObjectClass'].")(uidNumber=*))"; - $justthese = array('uidNumber', 'msSFU30UidNumber'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese); - ldap_sort($ds, $sr, 'uidNumber'); - $uinfo = ldap_get_entries($ds, $sr); - ldap_free_result($sr); - if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1); - else $info['uidNumber'] = array(1001); - - // shadow attributumok... - // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') - $info['shadowLastChange'] = array($shadowLastChange); - if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']); - if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']); - if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']); - if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']); - if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']); - - // A szokásos attribútumok - $Name = explode(' ',$userCn); - $Dn = ldap_explode_dn($AUTH[$toPolicy]['adsBaseDn'], 1); unset($Dn['count']); - $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn)); - $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount); - $info['displayName'] = array($userCn); - $info['sn'] = array($Name[0]); - $info['givenName'] = array($Name[ count($Name)-1 ]); - $info['unixUserPassword'] = array('ABCD!efgh12345$67890'); - $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount")); - $info['loginShell'] = array('/bin/bash'); - $info['objectClass'] = array($AUTH[$toPolicy]['adsUserObjectClass'], 'user'); - - $policyAccountAttrs = $SET['policyAttrs']; - if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['adsStudyIdAttr'] ] = array($policyAccountAttrs['studyId']); - foreach ($policyAccountAttrs as $attr => $value) - if ($attr != 'studyId' && isset($accountAttrToADS[$attr])) - $info[ $accountAttrToADS[$attr] ] = array($value); - - if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container']; - else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['adsBaseDn']; - - // user felvétel - $_r1 = @ldap_add($ds,$dn,$info); - if (!$_r1) { - $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds); - //echo $dn.'<pre>'; var_dump($info); echo '</pre>'; - return false; - } - - // Jelszó beállítás - if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount; - - // Engedélyezés - $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */ - $_r1 = @ldap_mod_replace($ds,$dn,$einfo); - if (!$_r1) { - $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds); - //echo $dn.'<pre>'; var_dump($info); echo '</pre>'; - return false; - } - - // Kategória csoportba és egyéb csoportokba rakás - if (isset($SET['category'])) { - if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']); - else $SET['groups'] = array($SET['category']); - - $ginfo['member'] = $dn; - - for ($i = 0; $i < count($SET['groups']); $i++) { - $groupDn = ADSgroupCnToDn($SET['groups'][$i], $toPolicy); - if ($groupDn !== false) { - $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo); - if (!$_r3) { - $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds); - //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>'; - } - } - } - } - - ldap_close($ds); - - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['createAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n"); - fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n"); - fclose($sfp); - } - } - $_SESSION['alert'][] = 'info:create_uid_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ads/session/createGroup.php b/mayor-orig/www/include/backend/ads/session/createGroup.php deleted file mode 100644 index 0a0a8c1d..00000000 --- a/mayor-orig/www/include/backend/ads/session/createGroup.php +++ /dev/null @@ -1,82 +0,0 @@ -<?php -/* - Modules: base/session -*/ - - - function adsCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) { - - global $AUTH; - $category = ekezettelen($SET['category']); - - // $toPolicy --> ads backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ads') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $ginfo = Array(); - - // cn ütközés ellenőrzése - $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(cn=$groupCn))"; - $justthese = array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese); - $ginfo = ldap_get_entries($ds, $sr); - $gCount = $ginfo['count']; - ldap_free_result($sr); - if ($gCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; - return false; - } - - // Az következő gidNumber megállapítása - $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsGroupObjectClass'].")(gidNumber=*))"; - $justthese = array('gidNumber', 'msSFU30GidNumber'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['adsBaseDn'], $filter, $justthese); - ldap_sort($ds, $sr, 'gidNumber'); - $ginfo = ldap_get_entries($ds, $sr); - ldap_free_result($sr); - if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1); - else $info['gidNumber'] = array(1001); - - // A szokásos attribútumok - $info['sAMAccountName'] = $info['cn'] = array($groupCn); - $info['description'] = array($groupDesc); - - // A kategória függő attribútumok - if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container']; - else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['adsBaseDn']; - - // objectum osztályok - $info['objectClass'] = array($AUTH[$toPolicy]['adsGroupObjectClass']); - - // csoport felvétel - $_r1 = ldap_add($ds,$dn,$info); - if (!$_r1) { - printf("ADS-Error: %s<br>\n", ldap_error($ds)); - var_dump($info); - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:create_group_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ads/session/search/searchAccount.php b/mayor-orig/www/include/backend/ads/session/search/searchAccount.php deleted file mode 100644 index 01298382..00000000 --- a/mayor-orig/www/include/backend/ads/session/search/searchAccount.php +++ /dev/null @@ -1,277 +0,0 @@ -<?php -/* - Module: base/session - Backend: ads - - ! -- Csak publikus mezőkre lehet keresni! -- ! - function ADSSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)') - function adsSearchAccount($attr, $pattern, $searchAttrs = array('userCn')) - function adsSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') { - -*/ - -###################################################### -# Általános ADS kereső függvény -###################################################### - - function ADSSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) { - - global $AUTH; - - if ($pattern == '') { - $_SESSION['alert'][] = 'message:empty_field'; - return false; - } - - // Kapcsolódás az ADS szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure:ADSSearch'; - ldap_close($ds); - return false; - } - - // Keresés - if ( - strpos(kisbetus($attr),'number') !== false - && $attr != 'serialNumber' - ) $filter = "(&$filter($attr=$pattern))"; - else $filter = "(&$filter($attr=*$pattern*))"; - - $filter = "(&$filter($attr=*$pattern*))"; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['adsBaseDn'], $filter, $searchAttrs); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -###################################################### -# adsSearchAccount - felhasználó kereső függvény -###################################################### - - function adsSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) { - - global $accountAttrToADS; - - // A keresendő attribútum konvertálása ADS attribútummá - if ($accountAttrToADS[ $attr ] != '') $attrADS = $accountAttrToADS[ $attr ]; - else $attrADS = $attr; - if ($attrADS == 'dn') $attrADS = 'uid'; // dn-re nem megy a keresés!! - - // A lekérendő attribútumok konvertálása ADS attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($accountAttrToADS[ $searchAttrs[$i] ] != '') $searchAttrsADS[$i] = $accountAttrToADS[ $searchAttrs[$i] ]; - else $searchAttrsADS[$i] = $searchAttrs[$i]; - } - $result = ADSSearch($attrADS, $pattern, $searchAttrsADS, '(&(objectclass=person)(!(objectclass=computer)))', $toPolicy); - if ($result === false) { - return false; - } else { - - // ADS schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (isset($result[$i][ kisbetus($accountAttrToADS[$a]) ])) { - if ($accountAttrToADS[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToADS[$a]) ]; - else $return[$i][$a] = $result[$i][$a]; - } else { - $return[$i][$a] = array('count' => 0) ; - } - } - $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy); - $return[$i]['category']['count'] = count($return[$i]['category']); - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# adsSearchGroup - csoport kereső függvény -###################################################### - - function adsSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) { - - global $groupAttrToADS; - - // A keresendő attribútum konvertálása ADS attribútummá - if ($groupAttrToADS[ $attr ] != '') $attrADS = $groupAttrToADS[ $attr ]; - else $attrADS = $attr; - if ($attrADS == 'dn') $attrADS = 'cn'; // dn-re nem megy a keresés!! - - // A lekérendő adtibútumok konvertálása ADS attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($groupAttrToADS[ $searchAttrs[$i] ] != '') $searchAttrsADS[$i] = $groupAttrToADS[ $searchAttrs[$i] ]; - else $searchAttrsADS[$i] = $searchAttrs[$i]; - } - - $result = ADSSearch($attrADS, $pattern, $searchAttrsADS, '(objectclass=group)', $toPolicy); - if ($result === false) { - return false; - } else { - - // ADS schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (!isset($groupAttrToADS[$a]) || $groupAttrToADS[$a] != '') { - if (isset($result[$i][ $groupAttrToADS[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToADS[$a] ]; - else $return[$i][$a] = ''; - } else { - $return[$i][$a] = $result[$i][$a]; - } - } - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# adsDeleteAccount - account törlése -###################################################### - - function adsDeleteAccount($userAccount, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> ads backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ads') { - $_SESSION['alert'][] = 'page:wrong_backend:ads!='.$AUTH[$toPolicy]['backend']; - return false; - } - - $userDn = ADSuserAccountToDn($userAccount, $toPolicy); - if ($userDn === false) return false; - - // Kapcsolódás az ADS szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Az uidNumber, a unixHomeDirectory lekerdezése - $filter = "(&(objectclass=".$AUTH[$toPolicy]['adsUserObjectClass'].")(!(objectclass=computer)))"; - $justthese = array('uidNumber','unixHomedirectory'); - $sr = @ldap_search($ds,$userDn,$filter,$justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } ; - - $info = @ldap_get_entries($ds,$sr); - $uidNumber = $info[0]['uidnumber'][0]; - $homeDirectory = $info[0]['unixhomedirectory'][0]; - $uid=$userAccount; - - // user törlése - if (!@ldap_delete($ds,$userDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount; - } - - ldap_close($ds); - - /* - Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait. - A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter - lista: userAccount, uidNumber, homeDirectory - */ - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['deleteAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n"); - fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n"); - fclose($sfp); - } - } - - $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; - return true; - - } - -###################################################### -# adsDeleteGroup - account törlése -###################################################### - - function adsDeleteGroup($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> ads backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ads') { - $_SESSION['alert'][] = 'page:wrong_backend:ads!='.$AUTH[$toPolicy]['backend']; - return false; - } - - $groupDn = ADSgroupCnToDn($groupCn, $toPolicy); - if ($groupDn === false) return false; - - // Kapcsolódás az ADS szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['adsHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, BACKEND_CONNECT_DN,BACKEND_CONNECT_PASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - if (!@ldap_delete($ds, $groupDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn; - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn; - return true; - - } - - -?> diff --git a/mayor-orig/www/include/backend/file/auth/login.php b/mayor-orig/www/include/backend/file/auth/login.php deleted file mode 100644 index bc77f9f7..00000000 --- a/mayor-orig/www/include/backend/file/auth/login.php +++ /dev/null @@ -1,121 +0,0 @@ -<?php -/* - Auth-File - - A név-jelszó pár ellenőrzése file-ból történik -*/ - -/* -------------------------------------------------------------- - - Felhasználók azonosítása egyszerű szöveges file-ból - - A file szerkezete: - Soronként egy account adatai, egymástól kettősponttal elválasztott mezők: - azonosító:név:jelszó:oktAzon:shadowLastChange:shadowMin:shadowMax:shadowWarning:shadowInactive:shadowExpire - - A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE - konstansok valamelyikével tér vissza. - - Sikeres hitelesítés esetén - az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név' - attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el. - - Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az - elutasítás okát. - --------------------------------------------------------------- */ - function fileUserAuthentication($userAccount, $userPassword, &$accountInformation) { - - global $AUTH; - - $toPolicy = $accountInformation['policy']; - $fp = @fopen($AUTH[$toPolicy]['file account file'],'r'); - if (!$fp) { - // nem lehet megnyitni a file-t - $_SESSION['alert'][] = 'message:file_open_failure:'.$AUTH[$toPolicy]['file account file']; - return _AUTH_FAILURE; - } - - $valid = false; - while (!$valid and $sor = chop(fgets($fp, 1024))) { - - list( - $_userAccount, - $_userCn, - $_userPassword, - $_studyId, - $shadowLastChange, - $shadowMin, - $shadowMax, - $shadowWarning, - $shadowInactive, - $shadowExpire - ) = explode(':',$sor); - $valid = ($_userAccount == $userAccount and $_userPassword == $userPassword); // itt lehetne a kódolt jelszót eltárolni és azzal hasonlítani - - } - - fclose($fp); - - if ($valid) { - - $accountInformation['cn'] = $_userCn; - $accountInformation['studyId'] = $_studyId; - - if ( // onDisabled: none | refuse - $AUTH[$toPolicy]['onDisabled'] == 'refuse' && - ( - ( - $shadowExpire != '' && - $shadowExpire <= floor(time()/(60*60*24)) - ) || - ( - $shadowLastChange != '' && - $shadowMax != '' && - $shadowInactive != '' && - ( $shadowLastChange - + $shadowMax - + $shadowInactive ) <= floor(time()/(60*60*24)) - ) - ) - ) { - // Le van tiltva - $_SESSION['alert'][] = 'message:account_disabled'; - return _AUTH_FAILURE_4; - } // onDisabled - - // Lejárt-e az azonosító - if ( - $AUTH[$toPolicy]['onExpired'] != 'none' && // onExpired: none | warning | force update - $shadowLastChange != '' && - $shadowMax != '' - ) { - // Lejárt-e - $pwLejar = ($shadowLastChange + $shadowMax) - floor(time()/(60*60*24)); - if (0 < $pwLejar && $shadowWarning != '' && $pwLejar < $shadowWarning) { - $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; - return _AUTH_SUCCESS; - } elseif ($pwLejar <= 0) { - $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar); - if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') - $_SESSION['alert'][] = 'info:warn_account_disable:'.($shadowInactive+$pwLejar); - if ($AUTH[$toPolicy]['onExpired'] == 'warning') { - return _AUTH_SUCCESS; - } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { - return _AUTH_EXPIRED; - } - } - } // onExpired - - return _AUTH_SUCCESS; - - } else { - - $_SESSION['alert'][] = 'message:bad_pw'; - return _AUTH_FAILURE_3; - - } - - } - -?> diff --git a/mayor-orig/www/include/backend/file/session/base.php b/mayor-orig/www/include/backend/file/session/base.php deleted file mode 100644 index 4902e9c8..00000000 --- a/mayor-orig/www/include/backend/file/session/base.php +++ /dev/null @@ -1,6 +0,0 @@ -<?php - - function fileMemberOf() { - return false; - } -?> diff --git a/mayor-orig/www/include/backend/ldap-ng/auth/login.php b/mayor-orig/www/include/backend/ldap-ng/auth/login.php deleted file mode 100644 index 3eb9854e..00000000 --- a/mayor-orig/www/include/backend/ldap-ng/auth/login.php +++ /dev/null @@ -1,163 +0,0 @@ -<?php -/* - Auth-LDAP-NG - - A név-jelszó pár ellenőrzése LDAP adatbázis alapján -*/ - -/* -------------------------------------------------------------- - - Felhasználók azonosítása az LDAP-ban tárolt konfigurálható - osztályok alapján történik. - - A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE - konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php) - - Sikeres hitelesítés esetén - az egyéb account információkat (minimálisan a 'cn', azaz 'common name' - attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el. - - Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az - elutasítás okát (ldap_connect_failure, ldap_bind_failure, ldap_search_failure, no_account, multi_uid, - account_disabled, bad_pw, account_warning, account_expired, warn_account_disable. - --------------------------------------------------------------- */ - -###################################################################### -# Az LDAP protocol version 3 kötelező, -# referals=0 nélkül használhatatlanul lassú -###################################################################### - - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0); - - - function ldap_ngUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) { - - global $AUTH; - - if ($toPolicy == '') { - if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy']; -// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy']; - else $toPolicy = _POLICY; - } - - // Kapcsolódás a szerverhez - $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return _AUTH_FAILURE; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return _AUTH_FAILURE; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))"; - $justthese = array("sn",$AUTH[$toPolicy]['ldapCnAttr'],$AUTH[$toPolicy]['ldapStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax"); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return _AUTH_FAILURE; - } - $info = ldap_get_entries($ds,$sr); - - if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10) - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - ldap_close($ds); - return _AUTH_FAILURE_1; - } - - if ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid"; - ldap_close($ds); - return _AUTH_FAILURE_2; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - - - $accountInformation['cn'] = $info[0][ $AUTH[$toPolicy]['ldapCnAttr'] ][0]; - $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['ldapStudyIdAttr'] ][0]; - - $accountInformation['dn'] = $info[0]['dn']; - $accountInformation['account'] = $userAccount; - // Lejárt-e - // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik - if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk -// if ($info[0]['shadowlastchange'][0] != '') -// $info[0]['shadowlastchange'][0] = min(pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]), $info[0]['shadowlastchange'][0]); -// else - $info[0]['shadowlastchange'][0] = pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]); - } - if ($info[0]['accountexpires'][0] != '') { // Az accountExpires és a shadowExpire közül a kisebbiket használjuk -// if ($info[0]['shadowexpire'][0] != '') -// $info[0]['shadowexpire'][0] = min(pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]), $info[0]['shadowexpire'][0]); -// else - $info[0]['shadowexpire'][0] = pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]); - } - if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0]; - if ( - $info[0]['shadowmax'][0] != '' && - ( - !isset($expireTimestamp) || - $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0] - ) - ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]; - // lejárt, ha lejárat ideje már elmúlt - $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24)))); - - // Le van-e tiltva - // Ha több mint shadowInactive napja lejárt - if ( // onDisabled: none | refuse - $AUTH[$toPolicy]['onDisabled'] == 'refuse' && - isset($expireTimestamp) && - $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24)) - ) { - // Le van tiltva - $_SESSION['alert'][] = 'message:account_disabled'; - ldap_close($ds); - return _AUTH_FAILURE_4; - } // onDisabled - - // Jelszó ellenőrzés - lehet-e csatlakozni - if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) { - $_SESSION['alert'][] = 'message:bad_pw'; - return _AUTH_FAILURE_3; - } - - ldap_close($ds); - // Lejárt-e az azonosító - if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update - // Lejárt-e - $pwLejar = $expireTimestamp - floor(time()/(60*60*24)); - if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) { - $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; - return _AUTH_SUCCESS; - } elseif ($pwLejar <= 0) { - $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar); - if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar); - if ($AUTH[$toPolicy]['onExpired'] == 'warning') { - return _AUTH_SUCCESS; - } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { - return _AUTH_EXPIRED; - } else { - return _AUTH_FAILURE; - } - } - } // onExpired - // Ha idáig eljut, akkor minden rendben. - return _AUTH_SUCCESS; - - } // count == 1 - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap-ng/base/attrs.php b/mayor-orig/www/include/backend/ldap-ng/base/attrs.php deleted file mode 100644 index 2a2f327a..00000000 --- a/mayor-orig/www/include/backend/ldap-ng/base/attrs.php +++ /dev/null @@ -1,146 +0,0 @@ -<?php -/* - Module: useradmin -*/ - - if (file_exists('lang/'._LANG.'/backend/ldap-ng/attrs.php')) { - require('lang/'._LANG.'/backend/ldap-ng/attrs.php'); - } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap-ng/attrs.php')) { - require('lang/'._DEFAULT_LANG.'/backend/ldap-ng/attrs.php'); - } - -###################################################### -# Alapértelmezett jogosultságok -# -# w - Írható/olvasható -# r - olvasható -# - - egyik sem -# -# Három karakter: admin, self, other jogai -###################################################### - - define('_DEFAULT_LDAP_RIGHTS','wr-'); - -###################################################### -# Az LDAP account attribútumok -###################################################### - - global $ldapAccountAttrs; - $ldapAccountAttrs = array( - 'cn', - 'serialnumber', - 'uid', - 'uidnumber', - 'gidnumber', - 'unixhomedirectory', - 'loginshell', - - 'shadowlastchange', - 'shadowexpire', - 'shadowwarning', - 'shadowmin', - 'shadowmax', - 'shadowinactive', - -/* - 'gecos', - 'mail', - 'telephonenumber', - 'mobile', - 'l', - 'street', - 'postaladdress', - 'postalcode', - 'homedirectory', -*/ - ); - - global $ldapGroupAttrs; - $ldapGroupAttrs = array( - 'cn', - 'description', - 'member', - 'name', - 'samaccountname', - 'objectcategory', - 'gidnumber', // ennek kellene lennie - mitől lesz? -/* 'memberuid' */ - ); - - global $accountAttrToLDAP; // Kis és nagybetű számít!!! - $accountAttrToLDAP = array( - 'userAccount' => 'sAMAccountName', - 'userCn' => 'displayName', - 'mail' => 'mail', - 'studyId' => 'serialNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns - 'shadowLastChange' => 'shadowLastChange', - 'shadowWarning' => 'shadowWarning', - 'shadowMin' => 'shadowMin', - 'shadowMax' => 'shadowMax', - 'shadowExpire' => 'shadowExpire', - 'shadowInactive' => 'shadowInactive', - ); - - global $groupAttrToLDAP; - $groupAttrToLDAP = array( - 'groupCn' => 'cn', - 'groupDesc' => 'description', - 'member' => 'member', - ); - - global $ldapAccountAttrDef; - $ldapAccountAttrDef = array( - 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'), - 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'rrr'), - 'sn' => array('desc' => _LDAPSN, 'type' => 'text', 'rights' => 'wrr'), - 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'), - 'serialnumber' => array('desc' => _LDAPSERIALNUMBER, 'type' => 'int', 'rights' => 'wrr'), - 'displayname' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'), - 'name' => array('desc' => _LDAPNAME, 'type' => 'text', 'rights' => 'r--'), - 'padpwdcount' => array('desc' => _LDAPBADPWDCOUNT, 'type' => 'int', 'rights' => 'wrr'), - 'badpasswordtime' => array('desc' => _LDAPBADPASSWORDTIME, 'type' => 'int', 'rights' => 'r--'), - 'lastlogon' => array('desc' => _LDAPLASTLOGON, 'type' => 'int', 'rights' => 'r--'), - 'pwdlastset' => array('desc' => _LDAPPWDLASTSET, 'type' => 'int', 'rights' => 'r--'), - 'accountexpires' => array('desc' => _LDAPACCOUNTEXPIRES, 'type' => 'int', 'rights' => 'wrr'), - 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text', 'rights' => 'wrr'), - 'useraccountcontrol' => array('desc' => _USERACCOUNTCONTROL, 'type' => 'text', 'rights' => 'wrr'), - 'userprincipalname' => array('desc' => _LDAPUSERPRINCIPALNAME, 'type' => 'text', 'rights' => 'wrr'), - 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text', 'rights' => 'r--'), - 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'), - 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'mssfu30name' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'r--'), - 'unixhomedirectory' => array('desc' => _LDAPUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'), - 'loginshell' => array('desc' => _LDAPLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'), - 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'), - 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'), - 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'), - 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'), -/* - 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'), - 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'), - 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'), - 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'), - 'l' => array('desc' => _LDAPL, 'type' => 'text'), - 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'), - 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'), - 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'), -*/ - ); - - global $ldapGroupAttrDef; - $ldapGroupAttrDef = array( - 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'rrr'), - 'name' => array('desc' => _LDAPNAME, 'type' => 'text','rights' => 'rrr'), - 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'), - 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), - 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'), - 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'), - - 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'), - ); - -?> diff --git a/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php b/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php deleted file mode 100644 index aa4cd91d..00000000 --- a/mayor-orig/www/include/backend/ldap-ng/password/changePassword.php +++ /dev/null @@ -1,161 +0,0 @@ -<?php -/* - - Module: base/password - - function changeMyPassword($userAccount, $userPassword, $newPassword, $verification) - A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására. - Ennek eldöntése a függvényt hívó program feladata -*/ - -############################################################################ -# Jelszó kódolása (az Active Directory ezt használja....) -############################################################################ - -function LDAPEncodePassword($password) { - - return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8"); - -} - -############################################################################ -# Saját jelszó megváltoztatása -############################################################################ - -/* ************************************************************************* - A leírások szerint a felhasználó maga is megváltoztathatja jelszavát. - Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint), - és felvétele új értékkel - mindenz elvileg egy lépésben. - - A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem - támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból - sem működik... -************************************************************************* */ - -function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy']; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!) - $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - // nem sikerült csatlakozni - $_SESSION['alert'][] = 'message:ldap_failure'; - return false; - } - - // Az eredeti jelszó ellenőrzése - csatlakozással - $b_ok = ldap_bind($ds,$userDn,$userPassword); - if (!$b_ok) { - // Talán a régi jelszót elgépelte, vagy le van tiltva... - $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?'; - ldap_close($ds); - return false; - } - - // A régi és új jelszavak átkódolása - $newUnicodePwd = base64_encode(LDAPEncodePassword($newPassword)); - $oldUnicodePwd = base64_encode(LDAPEncodePassword($userPassword)); - // A php ldap_mod* függvényei nem tudnak egy lépésben többféle módosítást elküldeni - // ezért a parancssoros ldapmodify-t kell meghívnunk... - $ldif=<<<EOT -dn: $userDn -changetype: modify -delete: unicodePwd -unicodePwd:: $oldUnicodePwd -- -add: unicodePwd -unicodePwd:: $newUnicodePwd -- -EOT; - $cmd = sprintf("/usr/bin/ldapmodify -H %s -D '%s' -x -w %s", $AUTH[$toPolicy]['ldapHostname'], $userDn, $userPassword); - - if (($fh = popen($cmd, 'w')) === false ) { - // Nem sikerült megnyitni a csatornát - mikor is lehet ilyen? Ha nincs ldapmodify? - $_SESSION['alert'][] = 'message:popen_failure'; - return false; - } - fwrite($fh, "$ldif\n"); - pclose($fh); - - // Sikeres volt-e a jelszóváltoztatás? Próbáljunk újra csatlakozni az új jelszóval! - if (!@ldap_bind($ds, $userDn, $newPassword)) { - $_SESSION['alert'][] = 'message:bad_pw'; - return false; - } - - // Shadow attribútumok beállítása - // Ezekre nincs jogosultsága a felhasználónak, így csak AccountOperator-ként módosítható - // Ráadásul Windoes alatt változtatva a jelszót ezek nem változnak, így nem lehet számítani rájuk... - if (isset($AUTH[$toPolicy]['ldapAccountOperatorUser'])) { - $shadowLastChange = floor(time()/(60*60*24)); - $info['shadowLastChange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - - $b_ok = ldap_bind($ds,$AUTH[$toPolicy]['ldapAccountOperatorUser'],$AUTH[$toPolicy]['ldapAccountOperatorPw']); - if (!$b_ok) { $_SESSION['alert'][] = 'message:ldap_bind_failure'; return false; } - $r = @ldap_mod_replace($ds, $userDn, $info); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_modify_failure:changeMyPassword'; - return false; - } - } - ldap_close($ds); - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - -} - -############################################################################ -# Adminisztrátori jelszó változtatás -############################################################################ - -function changePassword($userAccount, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = _POLICY; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - $shadowLastChange = floor(time()/(60*60*24)); - - $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if ($ds) { - $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD); - if ($b_ok) { - $info['unicodePwd'][0] = LDAPEncodePassword($newPassword); - // Ezekre nincs jogosultsága a felhasználónak, nem változnak: - // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE - $info['shadowLastChange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - $r = @ldap_mod_replace($ds,$userDn,$info); - ldap_close($ds); - if ($r) { - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - } else { - $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword'; - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword'; - ldap_close($ds); - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_failure'; - return false; - } -} - -?> diff --git a/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php b/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php deleted file mode 100644 index d3733ba2..00000000 --- a/mayor-orig/www/include/backend/ldap-ng/session/accountInfo.php +++ /dev/null @@ -1,401 +0,0 @@ -<?php -/* - Module: base/auth-ldap-ng - Backend: ldap-ng - - function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '') - function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) - function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) - function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) - function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) - -*/ - -###################################################### -# getLDAPInfo - általános LDAP lekérdezés -###################################################### - - - function getLDAPInfo($Dn, $attrList=array('cn'), $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = '(objectclass=*)'; - $sr = @ldap_search($ds, $Dn, $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$Dn; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -########################################################### -# ldapGetAccountInfo - felhasználói információk (backend) -########################################################### - - function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $backendAttrs, $backendAttrDef; - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy); - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - } - return $return[0]; - - } - - } - -############################################################# -# ldapGetUserInfo - felhasználói információk (keretrendszer) -############################################################# - - function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) { - - global $accountAttrToLDAP, $ldapAttrDef; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy); - if ($result === false) { - return false; - } else { - - $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']); - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + LDAP --> MaYoR schema - foreach ($accountAttrToLDAP as $attr => $ldapAttr) { - $ldapAttr = kisbetus($ldapAttr); - if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr]; - else $return[$attr] = array('count' => 0); - } - return $return; - - } - - } - -############################################################### -# ldapChangeAccountInfo - felhasználói információk módosítása -############################################################### - - function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - $_alert = array(); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr]; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - } - - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$userDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$userDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - -########################################################### -# ldapGetGroupInfo - csoport információk (backend) -########################################################### - - function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) { - - global $backendAttrs, $backendAttrDef; - - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy); - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // Accountok lekérdezése - $info = getLDAPaccounts($toPolicy); - for ($i = 0; $i < $info['count']; $i++) { - $accountUid[] = array( - 'value' => $info[$i]['uid'][0], - 'txt' => $info[$i]['displayname'][0] - ); - $accountDn[] = array( - 'value' => $info[$i]['dn'], - 'txt' => $info[$i]['displayname'][0] - ); - } - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - $return[$i]['member']['new'] = $accountDn; - $return[$i]['memberuid']['new'] = $accountUid; - } - - return $return[0]; - - } - - } - -############################################################### -# ldapChangeGroupInfo - csoport információk módosítása -############################################################### - - function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) { - -// !!!! A memberuid / member szinkronjára nem figyel!! - - global $AUTH, $backendAttrs, $backendAttrDef; - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - $_alert = array(); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '') - if (isset($_POST[$attr])) $values[0] = $_POST[$attr]; - else $values[0] = ''; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - - } - - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$groupDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$groupDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - - function getLDAPaccounts($toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $attrList = array('cn','uid','displayName','samaccountname'); - $filter = '(&(objectclass=person)(!(objectclass=computer)))'; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } - - ldap_sort($ds, $sr, 'displayname'); - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - - -?> diff --git a/mayor-orig/www/include/backend/ldap-ng/session/base.php b/mayor-orig/www/include/backend/ldap-ng/session/base.php deleted file mode 100644 index 196e431c..00000000 --- a/mayor-orig/www/include/backend/ldap-ng/session/base.php +++ /dev/null @@ -1,184 +0,0 @@ -<?php -/* - Module: base/session - Backend: ldap-ng - - function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) - function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) - -*/ - - require('include/backend/ldap-ng/base/attrs.php'); - - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0); - - if ($AUTH[_POLICY]['backend'] == 'ldap-ng') { - /* why not put into session cache */ - if ($AUTH[_POLICY]['cacheable']=='yes') { - $userDn = _queryCache('RDN',_POLICY,'value'); - } - if (!isset($userDn)) $userDn = LDAPuserAccountToDn(); - define('_USERDN', $userDn); - if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY); - unset($userDn); - } - -###################################################### -# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése -###################################################### - - function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))"; - $justthese=array($AUTH[$toPolicy]['ldapCnAttr']); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid:$userAccount"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - return $info[0]['dn']; - } - - } - - -###################################################### -# A groupCn(cn)-hez tartozó dn lekérdezése -###################################################### - - function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e ilyen csoport? - $filter="(&(".$AUTH[$toPolicy]['ldapGroupCnAttr']."=$groupCn)(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass']."))"; - $justthese=array($AUTH[$toPolicy]['ldapGroupCnAttr']); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó... - if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen cn is van - $_SESSION['alert'][] = "message:multi_gid:$groupCn"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen csoport - return $info[0]['dn']; - } - - } - -###################################################### -# memberOf - csoport tag-e -###################################################### - - function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) { - - global $AUTH; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - /* Kis hack: csoport-tagság helyett vizsgáljuk előbb a megfelelő szervezeti egységet... de ezt nem biztos, hogy érdemes... */ - if (in_array($group, $AUTH[$toPolicy]['categories'])) { - if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true; - } - - if (substr($group,0,3) != 'cn=') { - $groupDn = LDAPgroupCnToDn(ekezettelen($group)); - if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában - } else { - $groupDn = $group; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $justthese = array('cn'); // valamit le kell kérdezni... - $filter = "(&(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(member=$userDn))"; - $sr = @ldap_search($ds, $groupDn, $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = ldap_get_entries($ds, $sr); - ldap_close($ds); - - if ($info['count'] > 0) { - return true; - } else { - return false; - } - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php b/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php deleted file mode 100644 index db62a348..00000000 --- a/mayor-orig/www/include/backend/ldap-ng/session/createAccount.php +++ /dev/null @@ -1,157 +0,0 @@ -<?php -/* - Modules: base/session -*/ - - require_once('include/backend/ldap-ng/password/changePassword.php'); - - /* - $SET = array( - container => a konténer elem - ha nincs, akkor CN=Users alá rakja - category => tanár, diák... egy kiemelt fontosságú csoport tagság - groups => egyéb csoportok - policyAttrs => policy függő attribútumok - ) - */ - function ldapCreateAccount( - $userCn, $userAccount, $userPassword, $toPolicy, $SET - ) { - - global $AUTH; - - $shadowLastChange = floor(time() / (60*60*24)); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $ginfo = Array(); - - // uid ütközés ellenőrzése - $filter = "(sAMAccountName=$userAccount)"; - $justthese = array('sAMAccountName'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - $uinfo = ldap_get_entries($ds, $sr); - $uidCount = $uinfo['count']; - ldap_free_result($sr); - if ($uidCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount; - return false; - } - - // Az következő uidNumber megállapítása - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(uidNumber=*))"; - $justthese = array('uidNumber', 'msSFU30UidNumber'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - ldap_sort($ds, $sr, 'uidNumber'); - $uinfo = ldap_get_entries($ds, $sr); - ldap_free_result($sr); - if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1); - else $info['uidNumber'] = array(1001); - - // shadow attributumok... - // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') - $info['shadowLastChange'] = array($shadowLastChange); - if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']); - if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']); - if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']); - if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']); - if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']); - - // A szokásos attribútumok - $Name = explode(' ',$userCn); - $Dn = ldap_explode_dn($AUTH[$toPolicy]['ldapBaseDn'], 1); unset($Dn['count']); - $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn)); - $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount); - $info['displayName'] = array($userCn); - $info['sn'] = array($Name[0]); - $info['givenName'] = array($Name[ count($Name)-1 ]); - $info['unixUserPassword'] = array('ABCD!efgh12345$67890'); - $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount")); - $info['loginShell'] = array('/bin/bash'); - $info['objectClass'] = array($AUTH[$toPolicy]['ldapUserObjectClass'], 'user'); - - $policyAccountAttrs = $SET['policyAttrs']; - if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['ldapStudyIdAttr'] ] = array($policyAccountAttrs['studyId']); - foreach ($policyAccountAttrs as $attr => $value) - if ($attr != 'studyId' && isset($accountAttrToLDAP[$attr])) - $info[ $accountAttrToLDAP[$attr] ] = array($value); - - if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container']; - else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['ldapBaseDn']; - - // user felvétel - $_r1 = @ldap_add($ds,$dn,$info); - if (!$_r1) { - $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds); - //echo $dn.'<pre>'; var_dump($info); echo '</pre>'; - return false; - } - - // Jelszó beállítás - if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount; - - // Engedélyezés - $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */ - $_r1 = @ldap_mod_replace($ds,$dn,$einfo); - if (!$_r1) { - $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds); - //echo $dn.'<pre>'; var_dump($info); echo '</pre>'; - return false; - } - - // Kategória csoportba és egyéb csoportokba rakás - if (isset($SET['category'])) { - if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']); - else $SET['groups'] = array($SET['category']); - - $ginfo['member'] = $dn; - - for ($i = 0; $i < count($SET['groups']); $i++) { - $groupDn = LDAPgroupCnToDn($SET['groups'][$i], $toPolicy); - if ($groupDn !== false) { - $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo); - if (!$_r3) { - $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds); - //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>'; - } - } - } - } - - ldap_close($ds); - - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['createAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n"); - fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n"); - fclose($sfp); - } - } - $_SESSION['alert'][] = 'info:create_uid_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php b/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php deleted file mode 100644 index 59c77c92..00000000 --- a/mayor-orig/www/include/backend/ldap-ng/session/createGroup.php +++ /dev/null @@ -1,82 +0,0 @@ -<?php -/* - Modules: base/session -*/ - - - function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) { - - global $AUTH; - $category = ekezettelen($SET['category']); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $ginfo = Array(); - - // cn ütközés ellenőrzése - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(cn=$groupCn))"; - $justthese = array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - $ginfo = ldap_get_entries($ds, $sr); - $gCount = $ginfo['count']; - ldap_free_result($sr); - if ($gCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; - return false; - } - - // Az következő gidNumber megállapítása - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(gidNumber=*))"; - $justthese = array('gidNumber', 'msSFU30GidNumber'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - ldap_sort($ds, $sr, 'gidNumber'); - $ginfo = ldap_get_entries($ds, $sr); - ldap_free_result($sr); - if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1); - else $info['gidNumber'] = array(1001); - - // A szokásos attribútumok - $info['sAMAccountName'] = $info['cn'] = array($groupCn); - $info['description'] = array($groupDesc); - - // A kategória függő attribútumok - if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container']; - else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['ldapBaseDn']; - - // objectum osztályok - $info['objectClass'] = array($AUTH[$toPolicy]['ldapGroupObjectClass']); - - // csoport felvétel - $_r1 = ldap_add($ds,$dn,$info); - if (!$_r1) { - printf("LDAP-Error: %s<br>\n", ldap_error($ds)); - var_dump($info); - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:create_group_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php deleted file mode 100644 index 70be6ed5..00000000 --- a/mayor-orig/www/include/backend/ldap-ng/session/search/searchAccount.php +++ /dev/null @@ -1,271 +0,0 @@ -<?php -/* - Module: base/session - Backend: ldap-ng - - ! -- Csak publikus mezőkre lehet keresni! -- ! - function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)') - function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn')) - function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') { - -*/ - -###################################################### -# Általános LDAP kereső függvény -###################################################### - - function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) { - - global $AUTH; - - if ($pattern == '') { - $_SESSION['alert'][] = 'message:empty_field'; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = "(&$filter($attr=*$pattern*))"; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $searchAttrs); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -###################################################### -# ldapSearchAccount - felhasználó kereső függvény -###################################################### - - function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) { - - global $accountAttrToLDAP; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!! - - // A lekérendő attribútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(&(objectclass=person)(!(objectclass=computer)))', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (isset($result[$i][ kisbetus($accountAttrToLDAP[$a]) ])) { - if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToLDAP[$a]) ]; - else $return[$i][$a] = $result[$i][$a]; - } else { - $return[$i][$a] = array('count' => 0) ; - } - } - $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy); - $return[$i]['category']['count'] = count($return[$i]['category']); - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapSearchGroup - csoport kereső függvény -###################################################### - - function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) { - - global $groupAttrToLDAP; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!! - - // A lekérendő adtibútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=group)', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') { - if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ]; - else $return[$i][$a] = ''; - } else { - $return[$i][$a] = $result[$i][$a]; - } - } - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapDeleteAccount - account törlése -###################################################### - - function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> ldap-ng backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') { - $_SESSION['alert'][] = 'page:wrong_backend:ldap-ng!='.$AUTH[$toPolicy]['backend']; - return false; - } - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - if ($userDn === false) return false; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Az uidNumber, a unixHomeDirectory lekerdezése - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(!(objectclass=computer)))"; - $justthese = array('uidNumber','unixHomedirectory'); - $sr = @ldap_search($ds,$userDn,$filter,$justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } ; - - $info = @ldap_get_entries($ds,$sr); - $uidNumber = $info[0]['uidnumber'][0]; - $homeDirectory = $info[0]['unixhomedirectory'][0]; - $uid=$userAccount; - - // user törlése - if (!@ldap_delete($ds,$userDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount; - } - - ldap_close($ds); - - /* - Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait. - A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter - lista: userAccount, uidNumber, homeDirectory - */ - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['deleteAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n"); - fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n"); - fclose($sfp); - } - } - - $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; - return true; - - } - -###################################################### -# ldapDeleteGroup - account törlése -###################################################### - - function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> ldap-ng backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldap-ng') { - $_SESSION['alert'][] = 'page:wrong_backend:ldap-ng!='.$AUTH[$toPolicy]['backend']; - return false; - } - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - if ($groupDn === false) return false; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - if (!@ldap_delete($ds, $groupDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn; - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn; - return true; - - } - - -?> diff --git a/mayor-orig/www/include/backend/ldap/auth/login.php b/mayor-orig/www/include/backend/ldap/auth/login.php deleted file mode 100644 index 2165371d..00000000 --- a/mayor-orig/www/include/backend/ldap/auth/login.php +++ /dev/null @@ -1,144 +0,0 @@ -<?php -/* - Auth-LDAP - - A név-jelszó pár ellenőrzése LDAP adatbázis alapján -*/ - -/* -------------------------------------------------------------- - - Felhasználók azonosítása LDAP-ban tárolt posixAccount - osztályok alapján történik. - - A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE - konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php) - - Sikeres hitelesítés esetén - az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név' - attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el. - - Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az - elutasítás okát. - --------------------------------------------------------------- */ - -###################################################################### -# Az LDAP protocol version szerinti csatlakozás -###################################################################### - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - - function ldapUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) { - - global $AUTH; - - if ($toPolicy == '') { - if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy']; -// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy']; - else $toPolicy = _POLICY; - } - - // Kapcsolódás a szerverhez - $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return _AUTH_FAILURE; - } - - // Csatlakozás a szerverhez - $r = ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return _AUTH_FAILURE; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(uid=$userAccount)(objectClass=posixAccount))"; - $justthese = array("sn","cn","studyId","shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax"); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return _AUTH_FAILURE; - } - $info=ldap_get_entries($ds,$sr); - - if ( $info['count'] === 0 ) { - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - ldap_close($ds); - return _AUTH_FAILURE_1; - } - - if ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid"; - ldap_close($ds); - return _AUTH_FAILURE_2; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - - $accountInformation['cn'] = $info[0]['cn'][0]; - $accountInformation['studyId'] = $info[0]['studyid'][0]; - $accountInformation['dn'] = $info[0]['dn']; - $accountInformation['account'] = $userAccount; - // Lejárt-e - // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik - if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0]; - if ( - $info[0]['shadowmax'][0] != '' && - ( - !isset($expireTimestamp) || - $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0] - ) - ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]; - // lejárt, ha lejárat ideje már elmúlt - $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24)))); - - // Le van-e tiltva - // Ha több mint shadowInactive napja lejárt - if ( // onDisabled: none | refuse - $AUTH[$toPolicy]['onDisabled'] == 'refuse' && - isset($expireTimestamp) && - $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24)) - ) { - // Le van tiltva - $_SESSION['alert'][] = 'message:account_disabled'; - ldap_close($ds); - return _AUTH_FAILURE_4; - } // onDisabled - - // Jelszó ellenőrzés - lehet-e csatlakozni - if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) { - $_SESSION['alert'][] = 'message:bad_pw'; - return _AUTH_FAILURE_3; - } - - ldap_close($ds); - // Lejárt-e az azonosító - if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update - // Lejárt-e - $pwLejar = $expireTimestamp - floor(time()/(60*60*24)); - if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) { - $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; - return _AUTH_SUCCESS; - } elseif ($pwLejar <= 0) { - $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar); - if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') - $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar); - if ($AUTH[$toPolicy]['onExpired'] == 'warning') { - return _AUTH_SUCCESS; - } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { - return _AUTH_EXPIRED; - } - } - } // onExpired - - // Ha idáig eljut, akkor minden rendben. - return _AUTH_SUCCESS; - - } // count == 1 - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap/base/attrs.php b/mayor-orig/www/include/backend/ldap/base/attrs.php deleted file mode 100644 index bf86d0d2..00000000 --- a/mayor-orig/www/include/backend/ldap/base/attrs.php +++ /dev/null @@ -1,120 +0,0 @@ -<?php -/* - Module: useradmin -*/ - - if (file_exists('lang/'._LANG.'/backend/ldap/attrs.php')) { - require('lang/'._LANG.'/backend/ldap/attrs.php'); - } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php')) { - require('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php'); - } - -###################################################### -# Alapértelmezett jogosultságok -# -# w - Írható/olvasható -# r - olvasható -# - - egyik sem -# -# Három karakter: admin, self, other jogai -###################################################### - - define('_DEFAULT_LDAP_RIGHTS','wr-'); - -###################################################### -# Az LDAP account attribútumok -###################################################### - - global $ldapAccountAttrs; - $ldapAccountAttrs = array( - 'uid', - 'uidnumber', - 'gidnumber', - 'gecos', - 'cn', - 'studyid', - 'sn', - 'givenname', - 'mail', - 'telephonenumber', - 'mobile', - 'l', - 'street', - 'postaladdress', - 'postalcode', - 'homedirectory', - 'shadowlastchange', - 'shadowexpire', - 'shadowwarning', - 'shadowmin', - 'shadowmax', - 'shadowinactive', - ); - - global $ldapGroupAttrs; - $ldapGroupAttrs = array( - 'gidnumber', - 'cn', - 'description', - 'member', - 'memberuid' - ); - - global $accountAttrToLDAP; - $accountAttrToLDAP = array( - 'userAccount' => 'uid', - 'userCn' => 'cn', - 'mail' => 'mail', - 'studyId' => 'studyId', - 'shadowLastChange' => 'shadowLastChange', - 'shadowWarning' => 'shadowWarning', - 'shadowMin' => 'shadowMin', - 'shadowMax' => 'shadowMax', - 'shadowExpire' => 'shadowExpire', - 'shadowInactive' => 'shadowInactive', - ); - - global $groupAttrToLDAP; - $groupAttrToLDAP = array( - 'groupCn' => 'cn', - 'groupDesc' => 'description', - 'member' => 'member' - ); - - global $ldapAccountAttrDef; - $ldapAccountAttrDef = array( - 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'), - 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'), - 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'), - 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'), - 'studyid' => array('desc' => _LDAPSTUDYID, 'type' => 'int', 'rights' => 'wrr'), - 'sn' => array('desc' => _LDAPSN, 'type' => 'text'), - 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'), - 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'), - 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'), - 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'), - 'l' => array('desc' => _LDAPL, 'type' => 'text'), - 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'), - 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'), - 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'), - 'homedirectory' => array('desc' => _LDAPHOMEDIRECTORY, 'type' => 'text'), - 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text'), - 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text'), - 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text'), - 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text'), - 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text'), - 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text'), - ); - - global $ldapGroupAttrDef; - $ldapGroupAttrDef = array( - 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'), - 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), - 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'), - 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'), - ); - -?> diff --git a/mayor-orig/www/include/backend/ldap/base/attrs.php.orig b/mayor-orig/www/include/backend/ldap/base/attrs.php.orig deleted file mode 100644 index 658dfa1c..00000000 --- a/mayor-orig/www/include/backend/ldap/base/attrs.php.orig +++ /dev/null @@ -1,175 +0,0 @@ -<?php -/* - Module: useradmin -*/ - - if (file_exists('lang/'._LANG.'/backend/ldap/attrs.php')) { - require('lang/'._LANG.'/backend/ldap/attrs.php'); - } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php')) { - require('lang/'._DEFAULT_LANG.'/backend/ldap/attrs.php'); - } - -###################################################### -# Alapértelmezett jogosultságok -# -# w - Írható/olvasható -# r - olvasható -# - - egyik sem -# -# Három karakter: admin, self, other jogai -###################################################### - - define('_DEFAULT_LDAP_RIGHTS','wr-'); - -###################################################### -# Az LDAP account attribútumok -###################################################### - - global $ldapAccountAttrs; - $ldapAccountAttrs = array( - 'uid', - 'uidnumber', - 'gidnumber', - 'gecos', - 'cn', - 'sn', - 'givenname', - 'mail', - 'homepage', - 'url', - 'telephonenumber', - 'mobile', - 'year', - 'class', - 'l', - 'street', - 'postaladdress', - 'postalcode', - 'homedirectory', - 'owner', - 'leader', - 'description', - 'roomnumber', - 'registertimestamp', - 'primaryschoolomcode', - 'classtimestamp', - 'studentcardnumber', - 'studentcardtimestamp', - 'taxid', - 'birthtimestamp', - 'birthlocality', - 'registernumber', - 'diarynumber', - 'sex', - 'guardiancn', - 'mothercn', - 'localitytimestamp', - 'tajnumber', - 'member', - 'studentmember', - 'exemptmember', - 'examermember', - 'memberuid', - 'shadowlastchange', - 'shadowexpire', - 'shadowwarning', - 'shadowmin', - 'shadowmax', - 'shadowinactive', - 'parentpassword' - ); - - global $ldapGroupAttrs; - $ldapGroupAttrs = array( - 'gidnumber', - 'cn', - 'description', - 'owner', - 'member', - 'memberuid' - ); - - global $accountAttrToLDAP; - $accountAttrToLDAP = array( - 'userAccount' => 'uid', - 'userCn' => 'cn', - 'mail' => 'mail', - 'studyId' => 'studyId', - 'shadowLastChange' => 'shadowLastChange', - 'shadowWarning' => 'shadowWarning', - 'shadowMin' => 'shadowMin', - 'shadowMax' => 'shadowMax', - 'shadowExpire' => 'shadowExpire', - 'shadowInactive' => 'shadowInactive', - ); - - global $groupAttrToLDAP; - $groupAttrToLDAP = array( - 'groupId' => 'cn', - 'groupName' => 'description', -// 'leader' => 'leader', - 'owner' => 'owner', - 'member' => 'member' - ); - - global $ldapAccountAttrDef; - $ldapAccountAttrDef = array( - 'dn' => array('desc' => _LDAPDN, 'type' => 'text','rights' => 'rrr'), - 'uid' => array('desc' => _LDAPUID, 'type' => 'text','rights' => 'rrr'), - 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int','rights' => 'w--'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), - 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text','rights' => 'w--'), - 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'), - 'sn' => array('desc' => _LDAPSN, 'type' => 'text'), - 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'), - 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text','rights' => 'wwr'), - 'homepage' => array('desc' => _LDAPHOMEPAGE, 'type' => 'text','rights' => 'wwr'), - 'url' => array('desc' => _LDAPURL, 'type' => 'text'), - 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text','rights' => 'ww-'), - 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text','rights' => 'ww-'), - 'year' => array('desc' => _LDAPYEAR, 'type' => 'int'), - 'class' => array('desc' => _LDAPCLASS, 'type' => 'text'), - 'l' => array('desc' => _LDAPL, 'type' => 'text'), - 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'), - 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'), - 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'), - 'homedirectory' => array('desc' => _LDAPHOMEDIRECTORY, 'type' => 'text'), - 'roomnumber' => array('desc' => _LDAPROOMNUMBER, 'type' => 'int'), - 'registertimestamp' => array('desc' => _LDAPREGISTERTIMESTAMP, 'type' => 'timestamp'), - 'primaryschoolomcode' => array('desc' => _LDAPPRIMARYSCHOOLOMCODE, 'type' => 'text'), - 'classtimestamp' => array('desc' => _LDAPCLASSTIMESTAMP, 'type' => 'timestamp'), - 'studentcardnumber' => array('desc' => _LDAPSTUDENTCARDNUMBER, 'type' => 'text'), - 'studentcardtimestamp' => array('desc' => _LDAPSTUDENTCARDTIMESTAMP, 'type' => 'timestamp'), - 'taxid' => array('desc' => _LDAPTAXID, 'type' => 'text'), - 'birthtimestamp' => array('desc' => _LDAPBIRTHTIMESTAMP, 'type' => 'timestamp'), - 'birthlocality' => array('desc' => _LDAPBIRTHLOCALITY, 'type' => 'text'), - 'registernumber' => array('desc' => _LDAPREGISTERNUMBER, 'type' => 'text'), - 'diarynumber' => array('desc' => _LDAPDIARYNUMBER, 'type' => 'text'), - 'sex' => array('desc' => _LDAPSEX, 'type' => 'radio', 'options' => array(_FIU, _LANY)), - 'guardiancn' => array('desc' => _LDAPGUARDIANCN, 'type' => 'text'), - 'mothercn' => array('desc' => _LDAPMOTHERCN, 'type' => 'text'), - 'localitytimestamp' => array('desc' => _LDAPLOCALITYTIMESTAMP, 'type' => 'timestamp'), - 'tajnumber' => array('desc' => _LDAPTAJNUMBER, 'type' => 'text'), - 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text'), - 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text'), - 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text'), - 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text'), - 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text'), - 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text'), - ); - - global $ldapGroupAttrDef; - $ldapGroupAttrDef = array( - 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'wrr'), - 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), - 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'), - 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'), - 'owner' => array('desc' => _LDAPOWNER, 'type' => 'select'), -// 'studentmember' => array('desc' => _LDAPSTUDENTMEMBER, 'type' => 'text'), -// 'exemptmember' => array('desc' => _LDAPEXEMPTMEMBER, 'type' => 'text'), -// 'examermember' => array('desc' => _LDAPEXAMERMEMBER, 'type' => 'text'), -// 'leader' => array('desc' => _LDAPLEADER, 'type' => 'text'), - ); - -?>
\ No newline at end of file diff --git a/mayor-orig/www/include/backend/ldap/base/str.php b/mayor-orig/www/include/backend/ldap/base/str.php deleted file mode 100644 index 2ef3ad1c..00000000 --- a/mayor-orig/www/include/backend/ldap/base/str.php +++ /dev/null @@ -1,53 +0,0 @@ -<?php -/* - Module: useradmin - - function date2timestamp($date) - function timestamp2date($stamp) - !! -- function ldap_cn_cmp($a,$b) -- !! Kell ez? - !! -- function tanar_cn_cmp($a,$b) -- !! Használjuk ezt? - - // - fuggoseg - // require_once('include/share/ldap/attrs.php'); - -*/ - -// ------------------------------------- -// Date2Timestamp -// ------------------------------------- - - function date2timestamp($date) { - $date = str_replace('-','',$date); - $date = str_replace('.','',$date).'010101Z'; - if (strlen($date) == 15) return $date; - else return ''; - } - -// ------------------------------------- -// Timestamp2Date -// ------------------------------------- - - function timestamp2date($stamp) { - $date = substr($stamp,0,4).'-'.substr($stamp,4,2).'-'.substr($stamp,6,2); - if (strlen($date) == 10) return $date; - else return ''; - } - -/* -// --------------------------------------------------------------------------- -// LDAP eredmény elemeinek összehasonlítása cn-alapján (Már latin2-es kódolású!!!) -// --------------------------------------------------------------------------- - - function ldap_cn_cmp($a,$b) { - return str_cmp($a['cn'][0],$b['cn'][0]); - } - -// --------------------------------------------------------------------------- -// $TANAROK tömb rendezéséhez (include/naplo/helyettesít.php) (Már latin2-es kódolású!!!) -// --------------------------------------------------------------------------- - - function tanar_cn_cmp($a,$b) { - return str_cmp($a['cn'],$b['cn']); - } -*/ - -?> diff --git a/mayor-orig/www/include/backend/ldap/password/changePassword.php b/mayor-orig/www/include/backend/ldap/password/changePassword.php deleted file mode 100644 index 22ace5ca..00000000 --- a/mayor-orig/www/include/backend/ldap/password/changePassword.php +++ /dev/null @@ -1,102 +0,0 @@ -<?php -/* - Module: base/password - - function changeMyPassword($userAccount, $userPassword, $newPassword, $verification) - A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására. - Ennek eldöntése a függvényt hívó program feladata - */ - -############################################################################ -# Saját jelszó megváltoztatása -############################################################################ - -function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy']; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - $shadowLastChange = floor(time()/(60*60*24)); - - $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if ($ds) { - $b_ok = ldap_bind($ds,$userDn,$userPassword); - if ($b_ok) { - $info['userPassword'][0] = '{crypt}' . crypt($newPassword); - // Ezekre nincs jogosultsága a felhasználónak, nem változnak: - // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE - $info['shadowlastchange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - $r = ldap_mod_replace($ds,$userDn,$info); - ldap_close($ds); - if ($r) { - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - } else { - $_SESSION['alert'][] = 'message:ldap_modify_failure'; - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn; - ldap_close($ds); - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_failure'; - return false; - } - -} - -############################################################################ -# Adminisztrátori jelszó változtatás -############################################################################ - -function changePassword($userAccount, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = _POLICY; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - $shadowLastChange = floor(time()/(60*60*24)); - - $ds = ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if ($ds) { - $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD); - if ($b_ok) { - $info['userPassword'][0] = '{crypt}' . crypt($newPassword); - // Ezekre nincs jogosultsága a felhasználónak, nem változnak: - // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE - $info['shadowlastchange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - $r = @ldap_mod_replace($ds,$userDn,$info); - ldap_close($ds); - if ($r) { - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - } else { - $_SESSION['alert'][] = 'message:ldap_modify_failure'; - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN; - ldap_close($ds); - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_failure'; - return false; - } - -} - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/accountInfo.php b/mayor-orig/www/include/backend/ldap/session/accountInfo.php deleted file mode 100644 index 24f5234b..00000000 --- a/mayor-orig/www/include/backend/ldap/session/accountInfo.php +++ /dev/null @@ -1,401 +0,0 @@ -<?php -/* - Module: base/auth-ldap - Backend: ldap - - function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '') - function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) - function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) - function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) - function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) - -*/ - -###################################################### -# getLDAPInfo - általános LDAP lekérdezés -###################################################### - - function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = '(objectclass=*)'; - $sr = @ldap_search($ds, $userDn, $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -########################################################### -# ldapGetAccountInfo - felhasználói információk (backend) -########################################################### - - function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy); - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - } - - return $return[0]; - - } - - } - -############################################################# -# ldapGetUserInfo - felhasználói információk (keretrendszer) -############################################################# - - function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $accountAttrToLDAP, $ldapAttrDef; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy); - if ($result === false) { - return false; - } else { - - $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']); - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($accountAttrToLDAP as $attr => $ldapAttr) { - if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr]; - else $return[$attr] = array('count' => 0); - } - - return $return; - - } - - } - -############################################################### -# ldapChangeAccountInfo - felhasználói információk módosítása -############################################################### - - function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr]; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - } - - $_alert = array(); - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$userDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@ldap_mod_replace($ds,$userDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$userDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - -########################################################### -# ldapGetGroupInfo - csoport információk (backend) -########################################################### - - function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy); - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // Accountok lekérdezése - $info = getLDAPaccounts($toPolicy); - for ($i = 0; $i < $info['count']; $i++) { - $accountUid[] = array( - 'value' => $info[$i]['uid'][0], - 'txt' => $info[$i]['cn'][0] - ); - $accountDn[] = array( - 'value' => $info[$i]['dn'], - 'txt' => $info[$i]['cn'][0] - ); - } - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - $return[$i]['member']['new'] = $accountDn; - $return[$i]['memberuid']['new'] = $accountUid; - } - - return $return[0]; - - } - - } - -############################################################### -# ldapChangeGroupInfo - csoport információk módosítása -############################################################### - - function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) { - -// !!!! A memberuid / member szinkronjára nem figyel!! - - global $AUTH, $backendAttrs, $backendAttrDef; - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '') - if (isset($_POST[$attr])) $values[0] = $_POST[$attr]; - else $values[0] = ''; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - } - - $_alert = array(); - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$groupDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$groupDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - - function getLDAPaccounts($toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $attrList = array('cn','uid'); -// $filter = '(objectclass=mayorPerson)'; - $filter = '(objectclass=posixAccount)'; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } - - ldap_sort($ds, $sr, 'cn'); - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/base.php b/mayor-orig/www/include/backend/ldap/session/base.php deleted file mode 100644 index b8529cc2..00000000 --- a/mayor-orig/www/include/backend/ldap/session/base.php +++ /dev/null @@ -1,255 +0,0 @@ -<?php -/* - Module: base/session - Backend: ldap - - function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) - function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) - -*/ - - require('include/backend/ldap/base/attrs.php'); - require('include/backend/ldap/base/str.php'); - - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - - if ($AUTH[_POLICY]['backend'] == 'ldap') { - /* why not put into session cache */ - if ($AUTH[_POLICY]['cacheable']=='yes') { - $userDn = _queryCache('RDN',_POLICY,'value'); - } - if (!isset($userDn)) $userDn = LDAPuserAccountToDn(); - define('_USERDN', $userDn); - if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY); - unset($userDn); - } - -###################################################### -# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése -###################################################### - - function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(uid=$userAccount)(objectClass=posixAccount))"; - $justthese=array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid:$userAccount"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - return $info[0]['dn']; - } - - } - - -###################################################### -# A groupCn(cn)-hez tartozó dn lekérdezése -###################################################### - - function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(cn=$groupCn)(objectClass=posixGroup))"; - $justthese=array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó... - if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen cn is van - $_SESSION['alert'][] = "message:multi_gid:$groupCn"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen csoport - return $info[0]['dn']; - } - - } - - - -###################################################### -# memberOf - csoport tag-e -###################################################### - - function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) { - - global $AUTH, $LDAP2Mayor; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - if (in_array($group, $AUTH[$toPolicy]['categories'])) { - if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true; -# Ha nincs megfelelő ou-ban, akkor nézzük a csoport tagságot - így berakható időszakosan akárki pl a titkárság kategóriába... -# else return false; - } - - if (substr($group,0,3) != 'cn=') { - $groupDn = LDAPgroupCnToDn(ekezettelen($group)); - if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában - } else { - $groupDn = $group; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $justthese = array('cn'); // valamit le kell kérdezni... -/* $filter = "(& (objectClass=mayorGroup) - (member=$userDn) - )"; -*/ - $filter = "(& (objectClass=posixGroup) - (memberUid=$userAccount) - )"; - $sr = @ldap_search($ds, $groupDn, $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = ldap_get_entries($ds, $sr); - ldap_close($ds); - - if ($info['count'] > 0) { - return true; - } else { - return false; - } - - } - -###################################################### -# LDAPcreateContainer - tároló létrehozása -###################################################### - - function LDAPcreateContainer($containerDn, $toPolicy) { - - global $AUTH; - - $pos = strpos($containerDn, ',ou='); - $container = substr($containerDn, 3, $pos-3); - $rdn = substr($containerDn, $pos+1); - $cat = substr($containerDn, 3, strlen($containerDn)-4-strlen($AUTH[$toPolicy]['ldap base dn'])); - - error_reporting(1); - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // OU létrehozása - $info['ou'][0] = $container; - $info['objectclass'][0] = 'organizationalUnit'; - $info['description'][0] = $container; - - $_r1 = ldap_add($ds, $containerDn, $info); - if (!$_r1) { -// $_SESSION['alert'][] = 'message:ldap_add_failure:'.$containerDn; - return false; -// printf("LDAP-Error: %s<br>\n", ldap_error($ds)); -// echo '<pre>'; var_dump($info); echo '</pre>'; - } - - // az OU-hoz tartozó csoportok OU-ja - $info['ou'][0] = 'Groups'; - $info['objectclass'][0] = 'organizationalUnit'; - $info['description'][0] = "$container csoportjai"; - - $containerDn = "ou=Groups,$containerDn"; - $_r1 = ldap_add($ds, $containerDn, $info); - if (!$_r1) { - printf("LDAP-Error: %s<br>\n", ldap_error($ds)); - echo '<pre>'; var_dump($info); echo '</pre>'; - } - - // Az osztály csoport létrehozása - require_once('include/modules/session/createGroup.php'); - createGroup($container, "$container csoport", "$cat", $toPolicy); - - ldap_close($ds); - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/createAccount.php b/mayor-orig/www/include/backend/ldap/session/createAccount.php deleted file mode 100644 index 79f40530..00000000 --- a/mayor-orig/www/include/backend/ldap/session/createAccount.php +++ /dev/null @@ -1,204 +0,0 @@ -<?php -/* - Modules: base/session - - UNTESTED!!!! -*/ - - function ldapCreateAccount( - $userCn, $userAccount, $userPassword, $toPolicy, $SET - ) { - - global $AUTH; - - $category = ekezettelen($SET['category']); - $shadowLastChange = floor(time() / (60*60*24)); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldap') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $groupinfo = $oinfo = Array(); - - // uid ütközés ellenőrzése - $filter = "(uid=$userAccount)"; - $justthese = array('uid'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - $uinfo = ldap_get_entries($ds, $sr); - $uidCount = $uinfo['count']; - ldap_free_result($sr); - if ($uidCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount; - return false; - } - - // Az következő uidNumber megállapítása - $filter = '(objectClass=mayorOrganization)'; - $justthese = array('nextuid', 'freeuid'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - $uidinfo = ldap_get_entries($ds,$sr); - ldap_free_result($sr); - if (isset($uidinfo[0]['freeuid']['count'])) $freeUidCount = $uidinfo[0]['freeuid']['count']; - else $freeUidCount = 0; - if ($freeUidCount == 0) { - $info['uidnumber'] = array($uidinfo[0]['nextuid'][0]); - $info['gidnumber'] = $info['uidnumber']; - $oinfo['nextuid'] = $info['uidnumber'][0]+1; - } else { - $info['uidnumber'] = array($uidinfo[0]['freeuid'][$freeUidCount-1]); - $info['gidnumber'] = $info['uidnumber']; - $oinfo['freeuid'] = $uidinfo[0]['freeuid'][$freeUidCount-1]; - } - - // shadow attributumok... - // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') - $info['shadowlastchange'] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowmin']) && $AUTH[$toPolicy]['shadowmin'] != '') $info['shadowmin'] = $AUTH[$toPolicy]['shadowmin']; - if (isset($AUTH[$toPolicy]['shadowmax']) && $AUTH[$toPolicy]['shadowmax'] != '') $info['shadowmax'] = $AUTH[$toPolicy]['shadowmax']; - if (isset($AUTH[$toPolicy]['shadowwarning']) && $AUTH[$toPolicy]['shadowwarning'] != '') $info['shadowwarning'] = $AUTH[$toPolicy]['shadowwarning']; - if (isset($AUTH[$toPolicy]['shadowinactive']) && $AUTH[$toPolicy]['shadowinactive'] != '') $info['shadowinactive'] = $AUTH[$toPolicy]['shadowinactive']; - if (isset($AUTH[$toPolicy]['shadowexpire']) && $AUTH[$toPolicy]['shadowexpire'] != '') $info['shadowexpire'] = $AUTH[$toPolicy]['shadowexpire']; - - // A szokásos attribútumok - $info['uid'] = array($userAccount); - $info['cn'] = array($userCn); - $info['sn'] = array('-'); - $info['userpassword'] = array('{crypt}' . crypt($userPassword)); - if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value; - if (($pos = strpos($category,',')) !== false) - $info['homedirectory'] = "/home/diak/".substr($category,0,$pos)."/$userAccount"; - else - $info['homedirectory'] = "/home/$category/$userAccount"; - - // A kategória függő attribútumok - if (isset($SET['container']) && $SET['container'] != '') { - $dn = "uid=$userAccount,".$SET['container']; - $group = "cn=$userAccount,ou=Groups,".$SET['container']; - $ouDn = $SET['container']; - } else { - $dn = "uid=$userAccount,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn']; - $group = "cn=$userAccount,ou=Groups,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn']; - $ouDn = "ou=".$category.",".$AUTH[$toPolicy]['ldap base dn']; - } - - if ($SET['createContainer']) { // Létrehozza a tároló elemet, benne az OU=Groups tárolót, benne a megfelelő csoportot - LDAPcreateContainer($ouDn, $toPolicy); - } - // objectum osztályok - // a mayorPerson a posixAccount és shadowAccount leszármazottja, - // de kell egy structural object is - ez a person - aminek kötelező paramétere az sn! - $info['objectclass'] = array('person', 'mayorPerson'); - - // user felvétel - $info['homedirectory'] = ekezettelen($info['homedirectory']); // Nem lehet ékezetes :o( - - $_r1 = ldap_add($ds,$dn,$info); - if (!$_r1) { - printf("LDAP-Error: %s<br>\n", ldap_error($ds)); - echo $dn.'<pre>'; var_dump($info); echo '</pre>'; - return false; - } - - // user csoportja - $groupinfo['cn'] = $userAccount; - $groupinfo['gidnumber'] = $info['uidnumber']; - $groupinfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o( - $groupinfo['description'] = 'A felhasználó saját csoportja'; - $groupinfo['objectclass'] = 'posixGroup'; - $_r2 = ldap_add($ds, $group, $groupinfo); - if (!$_r2) { - printf("LDAP-Error (userGroup): %s<br>\n", ldap_error($ds)); - echo $group.'<pre>'; var_dump($groupinfo); echo '</pre>'; - return false; - } - - // Kategória csoportba rakás vagy tanár csoportba rakás ugye... - // És nincs diák csoport! - $ginfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o( - $ginfo['member'] = $dn; - - // Kategória csoportba és egyéb csoportokba rakás - if (isset($SET['category'])) { - if (is_array($SET['groups'])) array_unshift($SET['groups'], $category); - else $SET['groups'] = array($category); - - for ($i = 0; $i < count($SET['groups']); $i++) { - - $filter = "(&(objectClass=mayorGroup)(cn=".$SET['groups'][$i]."))"; - $justthese = array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - if (ldap_count_entries($ds, $sr)) { - $grpInfo = ldap_get_entries($ds, $sr); - $groupDn = $grpInfo[0]['dn']; - $_r3 = ldap_mod_add($ds, $groupDn, $ginfo); - if (!$_r3) { - printf("LDAP-Error (category): %s<br>\n", ldap_error($ds)); - echo $groupDn.'<pre>'; var_dump($ginfo); echo '</pre>'; - } - } - - } - - } - - - // nextuid növelés - if ($freeUidCount == 0) { - $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); - } else { - $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); - } - if (!$_r4) { - printf("LDAP-Error (freeUid): %s<br>\n", ldap_error($ds)); - return false; - } - - ldap_close($ds); - - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['createAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount l.trehoz.sa\n"); - fwrite($sfp,'/bin/mkdir -p '.$info['homedirectory']."\n"); - fwrite($sfp,'/bin/chmod 2755 '.$info['homedirectory']."\n"); - fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."\n"); - - fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/private\n"); - fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/private\n"); - fwrite($sfp,'/bin/chmod 0770 '.$info['homedirectory']."/private\n"); - - fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/public_html\n"); - fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/public_html\n"); - fwrite($sfp,'/bin/chmod 0755 '.$info['homedirectory']."/public_html\n"); - - fwrite($sfp,'/bin/ln -s '.$info['homedirectory']." /home\n"); -// chmod($scriptFile,0770); - fclose($sfp); - } - } - $_SESSION['alert'][] = 'info:create_uid_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/createGroup.php b/mayor-orig/www/include/backend/ldap/session/createGroup.php deleted file mode 100644 index df2de812..00000000 --- a/mayor-orig/www/include/backend/ldap/session/createGroup.php +++ /dev/null @@ -1,103 +0,0 @@ -<?php -/* - Modules: base/session -*/ - - function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET) { - - global $AUTH; - $category = ekezettelen($SET['category']); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldap') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $groupinfo = $oinfo = Array(); - - // cn ütközés ellenőrzése - $filter = "(&(objectclass=posixgroup)(cn=$groupCn))"; - $justthese = array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - $ginfo = ldap_get_entries($ds, $sr); - $gCount = $ginfo['count']; - ldap_free_result($sr); - if ($gCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; - return false; - } - - // Az következő gidNumber megállapítása - $filter = '(objectClass=mayorOrganization)'; - $justthese = array('nextgid', 'freegid'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - $ginfo = ldap_get_entries($ds,$sr); - ldap_free_result($sr); - if (isset($ginfo[0]['freegid']['count'])) $freeGidCount = $ginfo[0]['freegid']['count']; - else $freeGidCount = 0; - if ($freeGidCount == 0) { - $info['gidnumber'] = array($ginfo[0]['nextgid'][0]); - $oinfo['nextgid'] = $info['gidnumber'][0]+1; - } else { - $info['gidnumber'] = array($ginfo[0]['freegid'][$freeGidCount-1]); - $oinfo['freegid'] = $ginfo[0]['freegid'][$freeGidCount-1]; - } - - // A szokásos attribútumok - $info['cn'] = array($groupCn); - $info['description'] = array($groupDesc); - - // A kategória függő attribútumok - if (isset($SET['container'])) $dn = "cn=$groupCn,".$SET['container']; - else $dn = "cn=$groupCn,ou=Groups,ou=$category,".$AUTH[$toPolicy]['ldap base dn']; - - // objectum osztályok - $info['objectclass'] = array('posixGroup', 'mayorGroup'); - - // Policy függő attribútumok - LDAP esetén pl a member kötelező - if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value; - - // csoport felvétel - $_r1 = ldap_add($ds,$dn,$info); - if (!$_r1) { - printf("LDAP-Error: %s<br>\n", ldap_error($ds)); - echo $dn.'<hr>'; - var_dump($info); - echo '<hr>'; - var_dump($SET); - } - - // nextuid növelés - if ($freeGidCount == 0) { - $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); - } else { - $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); - } -// if (!$_r4) { -// printf("LDAP-Error: %s<br>\n", ldap_error($_r4)); -// } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:create_group_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php deleted file mode 100644 index 62e19c5f..00000000 --- a/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php +++ /dev/null @@ -1,311 +0,0 @@ -<?php -/* - Module: base/session - Backend: ldap - - ! -- Csak publikus mezőkre lehet keresni! -- ! - function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)') - function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn')) - function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') { - -*/ - -###################################################### -# Általános LDAP kereső függvény -###################################################### - - function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) { - - global $AUTH; - - if ($pattern == '') { - $_SESSION['alert'][] = 'message:empty_field'; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = "(&$filter($attr=*$pattern*))"; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $searchAttrs); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -###################################################### -# ldapSearchAccount - felhasználó kereső függvény -###################################################### - - function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) { - - global $accountAttrToLDAP; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!! - - // A lekérendő attribútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixaccount)', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (isset($result[$i][ $accountAttrToLDAP[$a] ])) { - if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ $accountAttrToLDAP[$a] ]; - else $return[$i][$a] = $result[$i][$a]; - } else { - $return[$i][$a] = array('count' => 0) ; - } - } - $return[$i]['category'] = getAccountCategories($result[$i]['uid'][0], $toPolicy); - $return[$i]['category']['count'] = count($return[$i]['category']); - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapSearchGroup - csoport kereső függvény -###################################################### - - function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) { - - global $groupAttrToLDAP; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!! - - // A lekérendő adtibútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixgroup)', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') { - if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ]; - else $return[$i][$a] = ''; - } else { - $return[$i][$a] = $result[$i][$a]; - } - } - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapDeleteAccount - account törlése -###################################################### - - function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) { - - global $AUTH; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - // $toPolicy --> ldap backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldap') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Az uidNumber, a homeDirectory lekerdezése - $filter = "(objectclass=posixAccount)"; - $justthese = array('uidNumber','homedirectory'); - $sr = @ldap_search($ds,$userDn,$filter,$justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } ; - - $uidinfo = @ldap_get_entries($ds,$sr); - $uidNumber = $uidinfo[0]['uidnumber'][0]; - if (isset($uidinfo[0]['homedirectory'][0])) $homeDirectory = $uidinfo[0]['homedirectory'][0]; - else $homeDirectory = ''; - $uid=$userAccount; - - // GroupDn, freeuid - $groupDn = "cn=$uid,ou=Groups".strstr($userDn,','); - $oinfo['freeuid'] = $uidNumber; - - // user törlése - if (!@ldap_delete($ds,$userDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount; - } - - // freeuid felvétele - if (!@ldap_mod_add($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo)) { - $_SESSION['alert'][] = 'message:ldap_modify_failure:freeuid:'.$oinfo['freeuid']; - } - - // csoport törlése - if (!@ldap_delete($ds,$groupDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupDn; - } - - // törlés a csoportból - $filter = "(memberuid=$uid)"; - $justthese = array('cn','objectclass','member'); - $sr = @ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'],$filter,$justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:groups:".$userAccount; - ldap_close($ds); - return false; - } ; - - $groupinfo = ldap_get_entries($ds,$sr); - - for ($i = 0; $i < $groupinfo['count']; $i++) { - $grpinfo = array('memberuid' => $uid); - if (@in_array($userDn,$groupinfo[$i]['member'])) { - $grpinfo['member']=$userDn; - } - if (!@ldap_mod_del($ds,$groupinfo[$i]['dn'],$grpinfo)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:member:'.$groupinfo[$i]['dn']; - } - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; - return true; - - } - -###################################################### -# ldapDeleteGroup - account törlése -###################################################### - - function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - // $toPolicy --> ldap backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldap') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Az uidNumber, a homeDirectory lekerdezése - $filter = '(objectclass=posixGroup)'; - $justthese = array('gidNumber'); - $sr = @ldap_search($ds, $groupDn, $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = 'message:ldap_search_failure:'.$userDn; - ldap_close($ds); - return false; - } ; - - $gidinfo = ldap_get_entries($ds, $sr); - $gidNumber = $gidinfo[0]['gidnumber'][0]; - - // freeGid - $oinfo['freegid'] = $gidNumber; - - if (!@ldap_delete($ds, $groupDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn; - } - - // freeuid felvétele - if (!@ldap_mod_add($ds, $AUTH[$toPolicy]['ldap base dn'], $oinfo)) { - $_SESSION['alert'][] = 'message:ldap_modify_failure:freeGid:'.$oinfo['freegid']; - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn; - return true; - - } - - - -?> diff --git a/mayor-orig/www/include/backend/ldapng/auth/login.php b/mayor-orig/www/include/backend/ldapng/auth/login.php deleted file mode 100644 index b24b4b96..00000000 --- a/mayor-orig/www/include/backend/ldapng/auth/login.php +++ /dev/null @@ -1,163 +0,0 @@ -<?php -/* - Auth-ldapng - - A név-jelszó pár ellenőrzése LDAP adatbázis alapján -*/ - -/* -------------------------------------------------------------- - - Felhasználók azonosítása az LDAP-ban tárolt konfigurálható - osztályok alapján történik. - - A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE - konstansok valamelyikével tér vissza. (include/modules/auth/base/config.php) - - Sikeres hitelesítés esetén - az egyéb account információkat (minimálisan a 'cn', azaz 'common name' - attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el. - - Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az - elutasítás okát (ldap_connect_failure, ldap_bind_failure, ldap_search_failure, no_account, multi_uid, - account_disabled, bad_pw, account_warning, account_expired, warn_account_disable. - --------------------------------------------------------------- */ - -###################################################################### -# Az LDAP protocol version 3 kötelező, -# referals=0 nélkül használhatatlanul lassú -###################################################################### - - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0); - - - function ldapngUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) { - - global $AUTH; - - if ($toPolicy == '') { - if ($accountInformation['policy'] != '') $toPolicy = $accountInformation['policy']; -// elseif ($_REQUEST['toPolicy'] != '') $toPolicy = $_REQUEST['toPolicy']; - else $toPolicy = _POLICY; - } - - // Kapcsolódás a szerverhez - $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return _AUTH_FAILURE; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure:userAuthentication:'.$AUTH[$toPolicy]['ldapUser']; - return _AUTH_FAILURE; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))"; - $justthese = array("sn",$AUTH[$toPolicy]['ldapCnAttr'],$AUTH[$toPolicy]['ldapStudyIdAttr'],"shadowexpire","shadowwarning","shadowinactive","shadowlastchange","shadowmax"); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return _AUTH_FAILURE; - } - $info = ldap_get_entries($ds,$sr); - - if ( $info['count'] === 0 || is_null($info)) { // http://bugs.php.net/50185 ha nincs megfelelő elem, akkor - hibásan - null-al tér vissza! (~ PHP 5.2.10) - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - ldap_close($ds); - return _AUTH_FAILURE_1; - } - - if ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid"; - ldap_close($ds); - return _AUTH_FAILURE_2; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - - - $accountInformation['cn'] = $info[0][ $AUTH[$toPolicy]['ldapCnAttr'] ][0]; - $accountInformation['studyId'] = $info[0][ $AUTH[$toPolicy]['ldapStudyIdAttr'] ][0]; - - $accountInformation['dn'] = $info[0]['dn']; - $accountInformation['account'] = $userAccount; - // Lejárt-e - // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik - if ($info[0]['pwdlastset'][0] != '') { // A pwdLastSet és shadowLastChange közül a kisebbiket használjuk -// if ($info[0]['shadowlastchange'][0] != '') -// $info[0]['shadowlastchange'][0] = min(pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]), $info[0]['shadowlastchange'][0]); -// else - $info[0]['shadowlastchange'][0] = pwdLastSet2shadowLastChange($info[0]['pwdlastset'][0]); - } - if ($info[0]['accountexpires'][0] != '') { // Az accountExpires és a shadowExpire közül a kisebbiket használjuk -// if ($info[0]['shadowexpire'][0] != '') -// $info[0]['shadowexpire'][0] = min(pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]), $info[0]['shadowexpire'][0]); -// else - $info[0]['shadowexpire'][0] = pwdLastSet2shadowLastChange($info[0]['accountexpires'][0]); - } - if ($info[0]['shadowexpire'][0] != '') $expireTimestamp = $info[0]['shadowexpire'][0]; - if ( - $info[0]['shadowmax'][0] != '' && - ( - !isset($expireTimestamp) || - $expireTimestamp > $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0] - ) - ) $expireTimestamp = $info[0]['shadowlastchange'][0] + $info[0]['shadowmax'][0]; - // lejárt, ha lejárat ideje már elmúlt - $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24)))); - - // Le van-e tiltva - // Ha több mint shadowInactive napja lejárt - if ( // onDisabled: none | refuse - $AUTH[$toPolicy]['onDisabled'] == 'refuse' && - isset($expireTimestamp) && - $expireTimestamp + $info[0]['shadowinactive'][0] <= floor(time()/(60*60*24)) - ) { - // Le van tiltva - $_SESSION['alert'][] = 'message:account_disabled'; - ldap_close($ds); - return _AUTH_FAILURE_4; - } // onDisabled - - // Jelszó ellenőrzés - lehet-e csatlakozni - if (!@ldap_bind($ds, $accountInformation['dn'], $userPassword)) { - $_SESSION['alert'][] = 'message:bad_pw'; - return _AUTH_FAILURE_3; - } - - ldap_close($ds); - // Lejárt-e az azonosító - if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update - // Lejárt-e - $pwLejar = $expireTimestamp - floor(time()/(60*60*24)); - if (0 < $pwLejar && $pwLejar < $info[0]['shadowwarning'][0]) { - $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; - return _AUTH_SUCCESS; - } elseif ($pwLejar <= 0) { - $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar); - if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') $_SESSION['alert'][] = 'info:warn_account_disable:'.($info[0]['shadowinactive'][0]+$pwLejar); - if ($AUTH[$toPolicy]['onExpired'] == 'warning') { - return _AUTH_SUCCESS; - } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { - return _AUTH_EXPIRED; - } else { - return _AUTH_FAILURE; - } - } - } // onExpired - // Ha idáig eljut, akkor minden rendben. - return _AUTH_SUCCESS; - - } // count == 1 - - } - -?> diff --git a/mayor-orig/www/include/backend/ldapng/base/attrs.php b/mayor-orig/www/include/backend/ldapng/base/attrs.php deleted file mode 100644 index 2ea07778..00000000 --- a/mayor-orig/www/include/backend/ldapng/base/attrs.php +++ /dev/null @@ -1,137 +0,0 @@ -<?php -/* - Module: useradmin -*/ - - if (file_exists('lang/'._LANG.'/backend/ldapng/attrs.php')) { - require('lang/'._LANG.'/backend/ldapng/attrs.php'); - } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/ldapng/attrs.php')) { - require('lang/'._DEFAULT_LANG.'/backend/ldapng/attrs.php'); - } - -###################################################### -# Alapértelmezett jogosultságok -# -# w - Írható/olvasható -# r - olvasható -# - - egyik sem -# -# Három karakter: admin, self, other jogai -###################################################### - - define('_DEFAULT_LDAP_RIGHTS','wr-'); - -###################################################### -# Az LDAP account attribútumok -###################################################### - - global $ldapngAccountAttrs; - $ldapngAccountAttrs = array( - 'cn', - 'serialnumber', - 'uid', - 'uidnumber', - 'gidnumber', - 'unixhomedirectory', - 'loginshell', - - 'shadowlastchange', - 'shadowexpire', - 'shadowwarning', - 'shadowmin', - 'shadowmax', - 'shadowinactive', - -/* - 'gecos', - 'mail', - 'telephonenumber', - 'mobile', - 'l', - 'street', - 'postaladdress', - 'postalcode', - 'homedirectory', -*/ - ); - - global $ldapngGroupAttrs; - $ldapngGroupAttrs = array( - 'cn', - 'description', - 'member', - 'name', - 'samaccountname', - 'objectcategory', - 'gidnumber', // ennek kellene lennie - mitől lesz? -/* 'memberuid' */ - ); - - global $accountAttrToLDAP; // Kis és nagybetű számít!!! - $accountAttrToLDAP = array( - 'userAccount' => 'uid', - 'userCn' => 'displayName', - 'mail' => 'mail', - 'studyId' => 'employeeNumber', // Ez konfig-ban külön van állítva, az itteni érték irreleváns - 'shadowLastChange' => 'shadowLastChange', - 'shadowWarning' => 'shadowWarning', - 'shadowMin' => 'shadowMin', - 'shadowMax' => 'shadowMax', - 'shadowExpire' => 'shadowExpire', - 'shadowInactive' => 'shadowInactive', - ); - - global $groupAttrToLDAP; - $groupAttrToLDAP = array( - 'groupCn' => 'cn', - 'groupDesc' => 'description', - 'member' => 'member', - ); - - global $ldapngAccountAttrDef; - $ldapngAccountAttrDef = array( - 'dn' => array('desc' => _LDAPDN, 'type' => 'text', 'rights' => 'rrr'), - 'cn' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'rrr'), - 'sn' => array('desc' => _LDAPSN, 'type' => 'text', 'rights' => 'wrr'), - 'givenname' => array('desc' => _LDAPGIVENNAME, 'type' => 'text'), - 'employeenumber' => array('desc' => _LDAPEMPLOYEENUMBER, 'type' => 'int', 'rights' => 'wrr'), - 'displayname' => array('desc' => _LDAPCN, 'type' => 'text', 'rights' => 'wrr'), - 'name' => array('desc' => _LDAPNAME, 'type' => 'text', 'rights' => 'r--'), - 'uid' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'rrr'), - 'uidnumber' => array('desc' => _LDAPUIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int', 'rights' => 'w--'), - 'mssfu30name' => array('desc' => _LDAPUID, 'type' => 'text', 'rights' => 'r--'), - 'unixhomedirectory' => array('desc' => _LDAPUNIXHOMEDIRECTORY, 'type' => 'text', 'rights' => 'wrr'), - 'loginshell' => array('desc' => _LDAPLOGINSHELL, 'type' => 'text', 'rights' => 'wrr'), - 'shadowlastchange' => array('desc' => _LDAPSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowexpire' => array('desc' => _LDAPSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowwarning' => array('desc' => _LDAPSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'), - 'shadowmin' => array('desc' => _LDAPSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'), - 'shadowmax' => array('desc' => _LDAPSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'), - 'shadowinactive' => array('desc' => _LDAPSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'), -/* - 'gecos' => array('desc' => _LDAPGECOS, 'type' => 'text', 'rights' => 'w--'), - 'mail' => array('desc' => _LDAPMAIL, 'type' => 'text', 'rights' => 'wwr'), - 'telephonenumber' => array('desc' => _LDAPTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'), - 'mobile' => array('desc' => _LDAPMOBILE, 'type' => 'text', 'rights' => 'ww-'), - 'l' => array('desc' => _LDAPL, 'type' => 'text'), - 'street' => array('desc' => _LDAPSTREET, 'type' => 'text'), - 'postaladdress' => array('desc' => _LDAPPOSTALADDRESS, 'type' => 'text'), - 'postalcode' => array('desc' => _LDAPPOSTALCODE, 'type' => 'text'), -*/ - ); - - global $ldapngGroupAttrDef; - $ldapngGroupAttrDef = array( - 'cn' => array('desc' => _LDAPCN, 'type' => 'text','rights' => 'rrr'), - 'name' => array('desc' => _LDAPNAME, 'type' => 'text','rights' => 'rrr'), - 'samaccountname' => array('desc' => _LDAPSAMACCOUNTNAME, 'type' => 'text','rights' => 'wrr'), - 'description' => array('desc' => _LDAPDESCRIPTION, 'type' => 'text'), - 'gidnumber' => array('desc' => _LDAPGIDNUMBER, 'type' => 'int','rights' => 'w--'), - 'member' => array('desc' => _LDAPMEMBER, 'type' => 'select'), - 'objectcategory' => array('desc' => _LDAPOBJECTCATEGORY, 'type' => 'text','rights' => 'rrr'), - - 'memberuid' => array('desc' => _LDAPMEMBERUID, 'type' => 'select'), - ); - -?> diff --git a/mayor-orig/www/include/backend/ldapng/password/changePassword.php b/mayor-orig/www/include/backend/ldapng/password/changePassword.php deleted file mode 100644 index 039dda5d..00000000 --- a/mayor-orig/www/include/backend/ldapng/password/changePassword.php +++ /dev/null @@ -1,160 +0,0 @@ -<?php -/* - - Module: base/password - - function changeMyPassword($userAccount, $userPassword, $newPassword, $verification) - A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására. - Ennek eldöntése a függvényt hívó program feladata -*/ - -############################################################################ -# Jelszó kódolása (az Active Directory ezt használja....) -############################################################################ - -function LDAPEncodePassword($password) { - - return mb_convert_encoding("\"".$password."\"", "UTF-16LE", "UTF-8"); - -} - -############################################################################ -# Saját jelszó megváltoztatása -############################################################################ - -/* ************************************************************************* - A leírások szerint a felhasználó maga is megváltoztathatja jelszavát. - Ennek módja az unicodePw attribútum törlése (a régi jelszó értéke szerint), - és felvétele új értékkel - mindenz elvileg egy lépésben. - - A PHP ldap_mod* függvények ezt az egy lépésben kétféle módosítást nem - támogatják. De a helyzet az, hogy a módosítás perl-ből és parancssorból - sem működik... -************************************************************************* */ - -function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy']; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - $shadowLastChange = floor(time()/(60*60*24)); - - // Csatlakozzás az AD kiszolgálóhoz (SSL szükséges!) - $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - // nem sikerült csatlakozni - $_SESSION['alert'][] = 'message:ldap_failure'; - return false; - } - - // Az eredeti jelszó ellenőrzése - csatlakozással - $b_ok = ldap_bind($ds,$userDn,$userPassword); - if (!$b_ok) { - // Talán a régi jelszót elgépelte, vagy le van tiltva... - $_SESSION['alert'][] = 'message:ldap_bind_failure:'.$userDn.':changeMyPassword - hibás a régi jelszó?'; - ldap_close($ds); - return false; - } - $salt = generateSalt(8); - $info['userPassword'][0] = "{smd5}".base64_encode(md5($newPassword.$salt, true).$salt); // Az LDAP ezt majd még egyszer base64 encod-olja... - // Ezekre nincs jogosultsága a felhasználónak, nem változnak: - // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE - $info['shadowlastchange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - - $r = ldap_mod_replace($ds,$userDn,$info); - ldap_close($ds); - if ($r) { - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - } else { - $_SESSION['alert'][] = 'message:ldap_modify_failure'; - return false; - } -} - -############################################################################ -# Adminisztrátori jelszó változtatás -############################################################################ - -function generateSalt($len=8) { -// https://github.com/splitbrain/dokuwiki/blob/master/inc/PassHash.class.php -// Ez adja vissza a salt-ot (ha nincs benne sortörés...): -// echo e3NtZDV9U3lNbnNGQ05OUHV6L2J4dHovekpzVVpFUVZGQw== | base64 -d | sed s/{smd5}// | base64 -d | cut -f 15- - $salt = ''; - //$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; - //for($i=0;$i<$len;$i++) $salt .= $chars[mt_rand(0,61)]; - $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; - for($i=0;$i<$len;$i++) $salt .= $chars[mt_rand(0,25)]; - return $salt; -} - -function changePassword($userAccount, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = _POLICY; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - $shadowLastChange = floor(time()/(60*60*24)); - - $ds = ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if ($ds) { - $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD); - if ($b_ok) { - $salt = generateSalt(8); - $info['userPassword'][0] = "{smd5}".base64_encode(md5($newPassword.$salt, true).$salt); // Az LDAP ezt majd még egyszer base64 encod-olja... - // Ezekre nincs jogosultsága a felhasználónak, nem változnak: - // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE - $info['shadowlastchange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowexpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowexpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - $r = @ldap_mod_replace($ds,$userDn,$info); - ldap_close($ds); - if ($r) { - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - } else { - $_SESSION['alert'][] = 'message:ldap_modify_failure'; - return false; - } - - /* *************** */ -/* $info['unicodePwd'][0] = LDAPEncodePassword($newPassword); - // Ezekre nincs jogosultsága a felhasználónak, nem változnak: - // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE - $info['shadowLastChange'][0] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $info['shadowExpire'][0] = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $info['shadowExpire'][0] = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - $r = @ldap_mod_replace($ds,$userDn,$info); - ldap_close($ds); - if ($r) { - $_SESSION['alert'][] = 'info:pw_change_success'; - return true; - } else { - $_SESSION['alert'][] = 'message:ldap_modify_failure:changePassword'; - return false; - } -*/ - } else { - $_SESSION['alert'][] = 'message:ldap_bind_failure:'._USERDN.':changePassword'; - ldap_close($ds); - return false; - } - } else { - $_SESSION['alert'][] = 'message:ldap_failure'; - return false; - } -} - -?> diff --git a/mayor-orig/www/include/backend/ldapng/session/accountInfo.php b/mayor-orig/www/include/backend/ldapng/session/accountInfo.php deleted file mode 100644 index 03761dca..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/accountInfo.php +++ /dev/null @@ -1,399 +0,0 @@ -<?php -/* - Module: base/auth-ldapng - Backend: ldapng - - function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '') - function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) - function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) - function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) - function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) - -*/ - -###################################################### -# getLDAPInfo - általános LDAP lekérdezés -###################################################### - - - function getLDAPInfo($Dn, $attrList=array('cn'), $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = '(objectclass=*)'; - $sr = @ldap_search($ds, $Dn, $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$Dn; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -########################################################### -# ldapGetAccountInfo - felhasználói információk (backend) -########################################################### - - function ldapngGetAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $backendAttrs, $backendAttrDef; - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy); - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - } - return $return[0]; - - } - - } - -############################################################# -# ldapGetUserInfo - felhasználói információk (keretrendszer) -############################################################# - - function ldapngGetUserInfo($userAccount, $toPolicy = _POLICY) { - - global $accountAttrToLDAP, $ldapAttrDef; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy); - if ($result === false) { - return false; - } else { - - $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']); - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt + LDAP --> MaYoR schema - foreach ($accountAttrToLDAP as $attr => $ldapAttr) { - $ldapAttr = kisbetus($ldapAttr); - if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr]; - else $return[$attr] = array('count' => 0); - } - return $return; - - } - - } - -############################################################### -# ldapChangeAccountInfo - felhasználói információk módosítása -############################################################### - - function ldapngChangeAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - $_alert = array(); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr]; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - } - - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$userDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@$r = ldap_mod_replace($ds,$userDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$userDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - -########################################################### -# ldapGetGroupInfo - csoport információk (backend) -########################################################### - - function ldapngGetGroupInfo($groupCn, $toPolicy = _POLICY) { - - global $backendAttrs, $backendAttrDef; - - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy); - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // Accountok lekérdezése - $info = getLDAPaccounts($toPolicy); - for ($i = 0; $i < $info['count']; $i++) { - $accountUid[] = array( - 'value' => $info[$i]['uid'][0], - 'txt' => $info[$i]['displayname'][0] - ); - $accountDn[] = array( - 'value' => $info[$i]['dn'], - 'txt' => $info[$i]['displayname'][0] - ); - } - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - $return[$i]['member']['new'] = $accountDn; - $return[$i]['memberuid']['new'] = $accountUid; - } - - return $return[0]; - - } - - } - -############################################################### -# ldapChangeGroupInfo - csoport információk módosítása -############################################################### - - function ldapngChangeGroupInfo($groupCn, $toPolicy = _POLICY) { - -// !!!! A memberuid / member szinkronjára nem figyel!! - - global $AUTH, $backendAttrs, $backendAttrDef; - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - $_alert = array(); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '') - if (isset($_POST[$attr])) $values[0] = $_POST[$attr]; - else $values[0] = ''; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - - } - - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$groupDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$groupDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - - function getLDAPaccounts($toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $attrList = array('cn','uid','displayName','samaccountname'); - $filter = '(&(objectclass=person)(!(objectclass=computer)))'; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } - - ldap_sort($ds, $sr, 'displayname'); - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - - -?> diff --git a/mayor-orig/www/include/backend/ldapng/session/base.php b/mayor-orig/www/include/backend/ldapng/session/base.php deleted file mode 100644 index a4eff43d..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/base.php +++ /dev/null @@ -1,190 +0,0 @@ -<?php -/* - Module: base/session - Backend: ldapng - - function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) - function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) - -*/ - - require('include/backend/ldapng/base/attrs.php'); - - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - ldap_set_option(NULL, LDAP_OPT_REFERRALS, 0); - - if ($AUTH[_POLICY]['backend'] == 'ldapng') { - /* why not put into session cache */ - if ($AUTH[_POLICY]['cacheable']=='yes') { - $userDn = _queryCache('RDN',_POLICY,'value'); - } - if (!isset($userDn)) $userDn = LDAPuserAccountToDn(); - define('_USERDN', $userDn); - if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY); - unset($userDn); - } - -###################################################### -# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése -###################################################### - - function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(".$AUTH[$toPolicy]['ldapUserAccountAttr']."=$userAccount)(objectClass=".$AUTH[$toPolicy]['ldapUserObjectClass']."))"; - $justthese=array($AUTH[$toPolicy]['ldapCnAttr']); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid:$userAccount"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - return $info[0]['dn']; - } - - } - - -###################################################### -# A groupCn(cn)-hez tartozó dn lekérdezése -###################################################### - - function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // Nézzük, hogy van-e át"map"-elt csoport! - if (isset($AUTH[$toPolicy]['categoryMap'][ekezettelen($groupCn)])) { - return $AUTH[$toPolicy]['categoryMap'][ekezettelen($groupCn)]; - } - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e ilyen csoport? - $filter="(&(".$AUTH[$toPolicy]['ldapGroupCnAttr']."=$groupCn)(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass']."))"; - $justthese=array($AUTH[$toPolicy]['ldapGroupCnAttr']); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó... - if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen cn is van - $_SESSION['alert'][] = "message:multi_gid:$groupCn"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen csoport - return $info[0]['dn']; - } - - } - -###################################################### -# memberOf - csoport tag-e -###################################################### - - function ldapngMemberOf($userAccount, $group, $toPolicy = _POLICY) { - - global $AUTH; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - /* Kis hack: csoport-tagság helyett vizsgáljuk előbb a megfelelő szervezeti egységet... de ezt nem biztos, hogy érdemes... */ - if (in_array($group, $AUTH[$toPolicy]['categories'])) { - if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true; - } - - if (substr($group,0,3) != 'cn=') { - $groupDn = LDAPgroupCnToDn(ekezettelen($group)); - if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában - } else { - $groupDn = $group; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds,$AUTH[$toPolicy]['ldapUser'],$AUTH[$toPolicy]['ldapPw']); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $justthese = array('cn'); // valamit le kell kérdezni... - // OpenLDAP a tagok azonosítóját tárolja el (memberUid), más rendszerek a dn-t (member) - $filter = "(&(objectClass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(|(member=$userDn)(memberUid=$userAccount)))"; - $sr = @ldap_search($ds, $groupDn, $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:group=$group; filter=".$filter; - ldap_close($ds); - return false; - } - - $info = ldap_get_entries($ds, $sr); - ldap_close($ds); - - if ($info['count'] > 0) { - return true; - } else { - return false; - } - - } - -?> diff --git a/mayor-orig/www/include/backend/ldapng/session/createAccount.php b/mayor-orig/www/include/backend/ldapng/session/createAccount.php deleted file mode 100644 index 96a5b557..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/createAccount.php +++ /dev/null @@ -1,157 +0,0 @@ -<?php -/* - Modules: base/session -*/ - - require_once('include/backend/ldapng/password/changePassword.php'); - - /* - $SET = array( - container => a konténer elem - ha nincs, akkor CN=Users alá rakja - category => tanár, diák... egy kiemelt fontosságú csoport tagság - groups => egyéb csoportok - policyAttrs => policy függő attribútumok - ) - */ - function ldapngCreateAccount( - $userCn, $userAccount, $userPassword, $toPolicy, $SET - ) { - - global $AUTH; - - $shadowLastChange = floor(time() / (60*60*24)); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldapng') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $ginfo = Array(); - - // uid ütközés ellenőrzése - $filter = "(sAMAccountName=$userAccount)"; - $justthese = array('sAMAccountName'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - $uinfo = ldap_get_entries($ds, $sr); - $uidCount = $uinfo['count']; - ldap_free_result($sr); - if ($uidCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount; - return false; - } - - // Az következő uidNumber megállapítása - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(uidNumber=*))"; - $justthese = array('uidNumber', 'msSFU30UidNumber'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - ldap_sort($ds, $sr, 'uidNumber'); - $uinfo = ldap_get_entries($ds, $sr); - ldap_free_result($sr); - if (isset($uinfo['count']) && $uinfo['count'] > 0) $info['uidNumber'] = array($uinfo[ $uinfo['count']-1 ]['uidnumber'][0]+1); - else $info['uidNumber'] = array(1001); - - // shadow attributumok... - // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') - $info['shadowLastChange'] = array($shadowLastChange); - if (isset($AUTH[$toPolicy]['shadowMin']) && $AUTH[$toPolicy]['shadowMin'] != '') $info['shadowMin'] = array($AUTH[$toPolicy]['shadowMin']); - if (isset($AUTH[$toPolicy]['shadowMax']) && $AUTH[$toPolicy]['shadowMax'] != '') $info['shadowMax'] = array($AUTH[$toPolicy]['shadowMax']); - if (isset($AUTH[$toPolicy]['shadowWarning']) && $AUTH[$toPolicy]['shadowWarning'] != '') $info['shadowWarning'] = array($AUTH[$toPolicy]['shadowWarning']); - if (isset($AUTH[$toPolicy]['shadowInactive']) && $AUTH[$toPolicy]['shadowInactive'] != '') $info['shadowInactive'] = array($AUTH[$toPolicy]['shadowInactive']); - if (isset($AUTH[$toPolicy]['shadowExpire']) && $AUTH[$toPolicy]['shadowWxpire'] != '') $info['shadowExpire'] = array($AUTH[$toPolicy]['shadowExpire']); - - // A szokásos attribútumok - $Name = explode(' ',$userCn); - $Dn = ldap_explode_dn($AUTH[$toPolicy]['ldapBaseDn'], 1); unset($Dn['count']); - $info['userPrincipalName'] = array( $userAccount.'@'.implode('.', $Dn)); - $info['msSFU30Name'] = $info['sAMAccountName'] = $info['cn'] = array($userAccount); - $info['displayName'] = array($userCn); - $info['sn'] = array($Name[0]); - $info['givenName'] = array($Name[ count($Name)-1 ]); - $info['unixUserPassword'] = array('ABCD!efgh12345$67890'); - $info['unixHomeDirectory'] = array(ekezettelen("/home/$userAccount")); - $info['loginShell'] = array('/bin/bash'); - $info['objectClass'] = array($AUTH[$toPolicy]['ldapUserObjectClass'], 'user'); - - $policyAccountAttrs = $SET['policyAttrs']; - if (isset($policyAccountAttrs['studyId'])) $info[ $AUTH[$toPolicy]['ldapStudyIdAttr'] ] = array($policyAccountAttrs['studyId']); - foreach ($policyAccountAttrs as $attr => $value) - if ($attr != 'studyId' && isset($accountAttrToLDAP[$attr])) - $info[ $accountAttrToLDAP[$attr] ] = array($value); - - if (isset($SET['container'])) $dn = "CN=$userAccount,".$SET['container']; - else $dn = "CN=$userAccount,CN=Users,".$AUTH[$toPolicy]['ldapBaseDn']; - - // user felvétel - $_r1 = @ldap_add($ds,$dn,$info); - if (!$_r1) { - $_SESSION['alert'][] = 'message:ldap_error:Add user:'.ldap_error($ds); - //echo $dn.'<pre>'; var_dump($info); echo '</pre>'; - return false; - } - - // Jelszó beállítás - if (!changePassword($userAccount, $userPassword, $toPolicy)) $_SESSION['alert'][] = 'message:ldap_error:changePassword failed:'.$userAccount; - - // Engedélyezés - $einfo = array('userAccountControl' => array(512)); /* Normal account = 512 */ - $_r1 = @ldap_mod_replace($ds,$dn,$einfo); - if (!$_r1) { - $_SESSION['alert'][] = 'message:ldap_error:Enable user:'.ldap_error($ds); - //echo $dn.'<pre>'; var_dump($info); echo '</pre>'; - return false; - } - - // Kategória csoportba és egyéb csoportokba rakás - if (isset($SET['category'])) { - if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']); - else $SET['groups'] = array($SET['category']); - - $ginfo['member'] = $dn; - - for ($i = 0; $i < count($SET['groups']); $i++) { - $groupDn = LDAPgroupCnToDn($SET['groups'][$i], $toPolicy); - if ($groupDn !== false) { - $_r3 = @ldap_mod_add($ds, $groupDn, $ginfo); - if (!$_r3) { - $_SESSION['alert'][] = 'message:ldap_error:Add to group '.$SET['groups'][$i].':'.ldap_error($ds); - //echo $SET['groups'][$i].'<pre>'; var_dump($ginfo); echo '</pre>'; - } - } - } - } - - ldap_close($ds); - - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['createAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount létrehozása: userAccount uidNumber homeDirectory\n"); - fwrite($sfp,"createAccount.sh '$userAccount' '".$info['uidNumber'][0]."' '".$info['unixHomeDirectory'][0]."'\n"); - fclose($sfp); - } - } - $_SESSION['alert'][] = 'info:create_uid_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldapng/session/createGroup.php b/mayor-orig/www/include/backend/ldapng/session/createGroup.php deleted file mode 100644 index 78def54d..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/createGroup.php +++ /dev/null @@ -1,82 +0,0 @@ -<?php -/* - Modules: base/session -*/ - - - function ldapngCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = array()) { - - global $AUTH; - $category = ekezettelen($SET['category']); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldapng') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $ginfo = Array(); - - // cn ütközés ellenőrzése - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(cn=$groupCn))"; - $justthese = array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - $ginfo = ldap_get_entries($ds, $sr); - $gCount = $ginfo['count']; - ldap_free_result($sr); - if ($gCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; - return false; - } - - // Az következő gidNumber megállapítása - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapGroupObjectClass'].")(gidNumber=*))"; - $justthese = array('gidNumber', 'msSFU30GidNumber'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldapBaseDn'], $filter, $justthese); - ldap_sort($ds, $sr, 'gidNumber'); - $ginfo = ldap_get_entries($ds, $sr); - ldap_free_result($sr); - if (isset($ginfo['count']) && $ginfo['count'] > 0) $info['gidNumber'] = array($ginfo[ $ginfo['count']-1 ]['gidnumber'][0]+1); - else $info['gidNumber'] = array(1001); - - // A szokásos attribútumok - $info['sAMAccountName'] = $info['cn'] = array($groupCn); - $info['description'] = array($groupDesc); - - // A kategória függő attribútumok - if (isset($SET['container'])) $dn = "CN=$groupCn,".$SET['container']; - else $dn = "CN=$groupCn,OU=$category,".$AUTH[$toPolicy]['ldapBaseDn']; - - // objectum osztályok - $info['objectClass'] = array($AUTH[$toPolicy]['ldapGroupObjectClass']); - - // csoport felvétel - $_r1 = ldap_add($ds,$dn,$info); - if (!$_r1) { - printf("LDAP-Error: %s<br>\n", ldap_error($ds)); - var_dump($info); - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:create_group_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php deleted file mode 100644 index 74d285e6..00000000 --- a/mayor-orig/www/include/backend/ldapng/session/search/searchAccount.php +++ /dev/null @@ -1,271 +0,0 @@ -<?php -/* - Module: base/session - Backend: ldapng - - ! -- Csak publikus mezőkre lehet keresni! -- ! - function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)') - function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn')) - function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') { - -*/ - -###################################################### -# Általános LDAP kereső függvény -###################################################### - - function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) { - - global $AUTH; - - if ($pattern == '') { - $_SESSION['alert'][] = 'message:empty_field'; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure:LDAPSearch'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = "(&$filter($attr=*$pattern*))"; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldapBaseDn'], $filter, $searchAttrs); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - - ldap_close($ds); - - return $info; - - } - -###################################################### -# ldapSearchAccount - felhasználó kereső függvény -###################################################### - - function ldapngSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) { - - global $accountAttrToLDAP, $AUTH; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!! - - // A lekérendő attribútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass='.$AUTH[$toPolicy]['ldapUserObjectClass'].')', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (isset($result[$i][ kisbetus($accountAttrToLDAP[$a]) ])) { - if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ kisbetus($accountAttrToLDAP[$a]) ]; - else $return[$i][$a] = $result[$i][$a]; - } else { - $return[$i][$a] = array('count' => 0) ; - } - } - $return[$i]['category'] = getAccountCategories($return[$i]['userAccount'][0], $toPolicy); - $return[$i]['category']['count'] = count($return[$i]['category']); - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapSearchGroup - csoport kereső függvény -###################################################### - - function ldapngSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) { - - global $groupAttrToLDAP, $AUTH; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!! - - // A lekérendő adtibútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass='.$AUTH[$toPolicy]['ldapGroupObjectClass'].')', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') { - if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ]; - else $return[$i][$a] = ''; - } else { - $return[$i][$a] = $result[$i][$a]; - } - } - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapDeleteAccount - account törlése -###################################################### - - function ldapngDeleteAccount($userAccount, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> ldapng backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldapng') { - $_SESSION['alert'][] = 'page:wrong_backend:ldapng!='.$AUTH[$toPolicy]['backend']; - return false; - } - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - if ($userDn === false) return false; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Az uidNumber, a unixHomeDirectory lekerdezése - $filter = "(&(objectclass=".$AUTH[$toPolicy]['ldapUserObjectClass'].")(!(objectclass=computer)))"; - $justthese = array('uidNumber','unixHomedirectory'); - $sr = @ldap_search($ds,$userDn,$filter,$justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } ; - - $info = @ldap_get_entries($ds,$sr); - $uidNumber = $info[0]['uidnumber'][0]; - $homeDirectory = $info[0]['unixhomedirectory'][0]; - $uid=$userAccount; - - // user törlése - if (!@ldap_delete($ds,$userDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount; - } - - ldap_close($ds); - - /* - Ha van megadva deleteAccountScript paraméter, akkor abba bejegyzi a törölt felhasználó adatait. - A meghívott deleteAccount.sh nincs definiálva, testreszabható, megkötés egyedül a paraméter - lista: userAccount, uidNumber, homeDirectory - */ - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['deleteAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['deleteAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount törlése: userAccount uidNumber homeDirectory\n"); - fwrite($sfp,"deleteAccount.sh '$userAccount' '$uidNumber' '$homeDirectory'\n"); - fclose($sfp); - } - } - - $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; - return true; - - } - -###################################################### -# ldapDeleteGroup - account törlése -###################################################### - - function ldapngDeleteGroup($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> ldapng backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldapng') { - $_SESSION['alert'][] = 'page:wrong_backend:ldapng!='.$AUTH[$toPolicy]['backend']; - return false; - } - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - if ($groupDn === false) return false; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldapHostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - if (!@ldap_delete($ds, $groupDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn; - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn; - return true; - - } - - -?> diff --git a/mayor-orig/www/include/backend/mysql/auth/login.php b/mayor-orig/www/include/backend/mysql/auth/login.php deleted file mode 100644 index caa7929d..00000000 --- a/mayor-orig/www/include/backend/mysql/auth/login.php +++ /dev/null @@ -1,144 +0,0 @@ -<?php -/* - Auth-MySQL - - A név-jelszó pár ellenőrzése MySQL adattábla alapján - */ - -/* -------------------------------------------------------------- - -Az adattábla szerkezete: - -create table userAccounts ( -userId int unsigned primary key auto_increment not null, -userAccount varchar(32), -policy varchar(10), -userPassword varchar(32), -userCn varchar(64) -); - -A függvény az előre definiált _AUTH_SUCCESS, _AUTH_EXPIRED, _AUTH_FAILURE -konstansok valamelyikével tér vissza. - -Sikeres hitelesítés esetén -az egyéb account információkat (minimálisan a 'cn', azaz 'teljes név -attribútumot) a cím szerint átadott $accountInformation tömbbe helyezi el. - -Sikertelen azonosítás esetén a globális $_SESSION['alert'] változóban jelzi az -elutasítás okát. - -Shadow attribútumok: - -Login name -Encrypted password -shadowLastChanged -1970. január 1-étől az utolsó jelszó módosításig eltelt napok száma -Days since Jan 1, 1970 that password was last changed -shadowMin -Jelszóváltoztatás után ennyi napig nem lehet ismét jelszót változtatni -Days before password may be changed -shadowMax -Jelszóváltoztatás után ennyi nappal már kötelező a jelszóváltoztatás -Days after which password must be changed -shadowWarning -A jelszó érvényességének lejártát ennyi nappal előbb jelezi a rendsze -Days before password is to expire that user is warned -shadowInactive -A jelszó érvényességének lejárta után ennyi nappal az felhasználói fiók letiltásra kerül -Days after password expires that account is disabled -shadowExpire -Az előzőektől függetlenül a felhasználói fiók letiltásra kerül 1970. január 1-étől számított ennyiedik napo -Days since Jan 1, 1970 that account is disabled - --------------------------------------------------------------- */ - -function mysqlUserAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy = _POLICY) { - - global $AUTH; - - $modul = "$toPolicy auth"; - $lr = db_connect($modul, array('fv' => 'userAuthentication/sql')); - if (!$lr) return _AUTH_FAILURE; - - // Van-e ilyen azonosító - $q = "SELECT COUNT(*) FROM accounts WHERE userAccount='%s' AND policy='%s'"; - $num = db_query($q, array('fv' => 'userAuthentication', 'modul' => $modul, 'result' => 'value', 'values' => array($userAccount, $toPolicy)), $lr); - if ($num == 0) { - // Nincs ilyen azonosító - $_SESSION['alert'][] = 'message:no_account:'."$userAccount:$toPolicy"; - db_close($lr); - return _AUTH_FAILURE_1; - } elseif ($num > 1) { - // Több ilyen azonosító is va - $_SESSION['alert'][] = 'message:multy_uid'; - db_close($lr); - return _AUTH_FAILURE_2; - } - - // Ha csak egy van, akkor jó-e a jelszava - $q = "SELECT userCn, studyId, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire - FROM accounts WHERE userAccount='%s' AND userPassword=sha('%s') AND policy='%s'"; - $ret = db_query($q, array('fv' => 'userAuthentication', 'modul' => 'login', 'result' => 'record', 'values' => array($userAccount, $userPassword, $toPolicy)), $lr); - db_close($lr); - if (!is_array($ret) || count($ret) == 0) { - // Nincs ilyen rekord => rossz a jelszó - $_SESSION['alert'][] = 'message:bad_pw'; - return _AUTH_FAILURE_3; - } else { - // Ha van, akkor csak egy ilyen sor lehet - $accountInformation['cn'] = $ret['userCn']; - $accountInformation['studyId'] = $ret['studyId']; - $shadowLastChange = $ret['shadowLastChange']; - $shadowMin = $ret['shadowMin']; - $shadowMax = $ret['shadowMax']; - $shadowWarning = $ret['shadowWarning']; - $shadowInactive = $ret['shadowInactive']; - $shadowExpire = $ret['shadowExpire']; - - // A lejárat ideje a shadowExpire és shadowLastChange+shadowMax kötül a kisebbik - if (intval($shadowExpire) != 0) $expireTimestamp = $shadowExpire; - if ( - intval($shadowMax) != 0 && - ( - !isset($expireTimestamp) || - $expireTimestamp > $shadowLastChange + $shadowMax - ) - ) $expireTimestamp = $shadowLastChange + $shadowMax; - // lejárt, ha lejárat ideje már elmúlt - $accountExpired = (isset($expireTimestamp) && ($expireTimestamp <= floor(time()/(60*60*24)))); - - // Le van-e tiltva - if ( // onDisabled: none | refuse - $AUTH[$toPolicy]['onDisabled'] == 'refuse' && - isset($expireTimestamp) && - $expireTimestamp + $shadowInactive <= floor(time()/(60*60*24)) - ) { - // Le van tiltva - $_SESSION['alert'][] = 'message:account_disabled:'.strval(floor(time()/(60*60*24))); - return _AUTH_FAILURE_4; - } // onDisabled - - // Lejárt-e az azonosító - if ($AUTH[$toPolicy]['onExpired'] != 'none' && isset($expireTimestamp)) { // onExpired: none | warning | force update - // Lejárt-e - $pwLejar = $expireTimestamp - floor(time()/(60*60*24)); - if (0 < $pwLejar && $pwLejar < $shadowWarning) { - $_SESSION['alert'][] = 'info:account_warning:'.$pwLejar; - return _AUTH_SUCCESS; - } elseif ($pwLejar <= 0) { - $_SESSION['alert'][] = 'info:account_expired:'.abs($pwLejar); - if ($AUTH[$toPolicy]['onDisabled'] == 'refuse') - $_SESSION['alert'][] = 'info:warn_account_disable:'.($shadowInactive+$pwLejar); - if ($AUTH[$toPolicy]['onExpired'] == 'warning') { - return _AUTH_SUCCESS; - } elseif ($AUTH[$toPolicy]['onExpired'] == 'force update') { - return _AUTH_EXPIRED; - } - } - } // onExpired - return _AUTH_SUCCESS; - - } -} - -?> diff --git a/mayor-orig/www/include/backend/mysql/base/attrs.php b/mayor-orig/www/include/backend/mysql/base/attrs.php deleted file mode 100644 index b945d764..00000000 --- a/mayor-orig/www/include/backend/mysql/base/attrs.php +++ /dev/null @@ -1,48 +0,0 @@ -<?php - - if (file_exists('lang/'._LANG.'/backend/mysql/attrs.php')) { - require('lang/'._LANG.'/backend/mysql/attrs.php'); - } elseif (file_exists('lang/'._DEFAULT_LANG.'/backend/mysql/attrs.php')) { - require('lang/'._DEFAULT_LANG.'/backend/mysql/attrs.php'); - } - -###################################################### -# Alapértelmezett jogosultságok -# -# w - Írható/olvasható -# r - olvasható -# - - egyik sem -# -# Három karakter: admin, self, other jogai -###################################################### - - define('_DEFAULT_MYSQL_RIGHTS','wr-'); - - global $mysqlAccountAttrDef; - $mysqlAccountAttrDef = array( - 'uid' => array('desc' => _MYSQLUID, 'type' => 'text', 'rights' => 'rrr'), - 'policy' => array('desc' => _MYSQLPOLICY, 'type' => 'text', 'rights' => 'r--'), - 'useraccount' => array('desc' => _MYSQLUIDNUMBER, 'type' => 'text','rights' => 'r--'), - 'userCn' => array('desc' => _MYSQLCN, 'type' => 'text', 'rights' => 'wrr'), - 'studyId' => array('desc' => _MYSQLSTUDYID, 'type' => 'int', 'rights' => 'wrr'), - 'mail' => array('desc' => _MYSQLMAIL, 'type' => 'text', 'rights' => 'wwr'), - 'telephoneNumber' => array('desc' => _MYSQLTELEPHONENUMBER, 'type' => 'text', 'rights' => 'ww-'), -// 'userPassword' => array('desc' => _MYSQLUSERPASSWORD, 'type' => 'text', 'rights' => 'r--'), - 'shadowLastChange' => array('desc' => _MYSQLSHADOWLASTCHANGE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowExpire' => array('desc' => _MYSQLSHADOWEXPIRE, 'type' => 'text', 'rights' => 'wrr'), - 'shadowWarning' => array('desc' => _MYSQLSHADOWWARNING, 'type' => 'text', 'rights' => 'wrr'), - 'shadowMin' => array('desc' => _MYSQLSHADOWMIN, 'type' => 'text', 'rights' => 'wrr'), - 'shadowMax' => array('desc' => _MYSQLSHADOWMAX, 'type' => 'text', 'rights' => 'wrr'), - 'shadowInactive' => array('desc' => _MYSQLSHADOWINACTICE, 'type' => 'text', 'rights' => 'wrr'), - ); - - global $mysqlGroupAttrDef; - $mysqlGroupAttrDef = array( - 'gid' => array('desc' => _MYSQLGID, 'type' => 'text', 'rights' => 'rrr'), - 'groupDesc' => array('desc' => _MYSQLGROUPDESC, 'type' => 'text', 'rights' => 'wrr'), - 'policy' => array('desc' => _MYSQLPOLICY, 'type' => 'int', 'rights' => 'r--'), - 'member' => array('desc' => _MYSQLMEMBER, 'type' => 'select', 'rights' => 'w--'), - ); - - -?> diff --git a/mayor-orig/www/include/backend/mysql/password/changePassword.php b/mayor-orig/www/include/backend/mysql/password/changePassword.php deleted file mode 100644 index 2875bace..00000000 --- a/mayor-orig/www/include/backend/mysql/password/changePassword.php +++ /dev/null @@ -1,75 +0,0 @@ -<?php -/* - Module: base/password - - function changeMyPassword($userAccount, $userPassword, $newPassword, $verification) - A függvény nem vizsgálja, hogy jogosultak vagyunk-e a jelszó megváltoztatására. - Ennek eldöntése a függvényt hívó program feladata - */ - -############################################################################ -# Saját jelszó megváltoztatása -############################################################################ - -function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = $_REQUEST['toPolicy']; - $shadowLastChange = floor(time()/(60*60*24)); - - $modul = "$toPolicy auth"; - $lr = db_connect($modul, array('fv' => 'changeMyPassword')); - - if (!$lr) return false; - - // Stimmel-e az azonosító/jelszó/policy hármas - $q = "SELECT COUNT(*) FROM accounts WHERE userAccount='%s' AND userPassword=sha('%s') AND policy='%s'"; - $num = db_query($q, array('fv' => 'changeMyPassword', 'modul' => $modul, 'result' => 'value', 'values' => array($userAccount, $userPassword, $toPolicy)), $lr); - if ($num != 1) { - $_SESSION['alert'][] = 'message:bad_pw:changeMyPassword'; - db_close($lr); - return false; - } - - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $shadowExpire = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $shadowExpire = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - $q = "UPDATE accounts SET userPassword=sha('%s'), shadowLastChange=%u, shadowExpire=%u - WHERE userAccount='%s' and policy='%s'"; - $v = array($newPassword, $shadowLastChange, $shadowExpire, $userAccount, $toPolicy); - $r = db_query($q, array('fv' => 'changeMyPassword', 'modul' => $modul, 'values' => $v), $lr); - db_close($lr); - if ($r) $_SESSION['alert'][] = 'info:pw_change_success'; - return $r; - -} - -############################################################################ -# Adminisztrátori jelszó változtatás -############################################################################ - -function changePassword($userAccount, $newPassword, $toPolicy = '') { - - global $AUTH; - - if ($toPolicy == '') $toPolicy = _POLICY; - $shadowLastChange = floor(time()/(60*60*24)); - if (isset($AUTH[$toPolicy]['shadowExpire']) and $AUTH[$toPolicy]['shadowExpire'] != '') { - $shadowExpire = $AUTH[$toPolicy]['shadowExpire']; - } elseif (isset($AUTH[$toPolicy]['shadowMax']) and $AUTH[$toPolicy]['shadowMax'] != '') { - $shadowExpire = $shadowLastChange + intval($AUTH[$toPolicy]['shadowMax']); - } - $shadowExpire = intval($shadowExpire); - $q = "UPDATE accounts SET userPassword=sha('%s'), shadowLastChange=%u, shadowExpire=%u - WHERE userAccount='%s' and policy='%s'"; - $v = array($newPassword, $shadowLastChange, $shadowExpire, $userAccount, $toPolicy); - $r = db_query($q, array('fv' => 'changePassword', 'modul' => "$toPolicy auth", 'values' => $v)); - if ($r) $_SESSION['alert'][] = 'info:pw_change_success'; - return $r; - -} - -?> diff --git a/mayor-orig/www/include/backend/mysql/session/accountInfo.php b/mayor-orig/www/include/backend/mysql/session/accountInfo.php deleted file mode 100644 index 113e380b..00000000 --- a/mayor-orig/www/include/backend/mysql/session/accountInfo.php +++ /dev/null @@ -1,258 +0,0 @@ -<?php -/* - Module: base/auth-mysql - Backend: mysql - - function mysqlGetAccountInfo($userAccount, $toPolicy = _POLICY) - function mysqlGetUserInfo($userAccount, $toPolicy = _POLICY) - function mysqlChangeAccountInfo($userAccount, $toPolicy = _POLICY) - function mysqlGetGroupInfo($groupCn, $toPolicy = _POLICY) - -*/ - -########################################################### -# mysqlGetAccountInfo - felhasználói információk (backend) -########################################################### - - function mysqlGetAccountInfo($userAccount, $toPolicy = _POLICY, $SET = array()) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - // Keresés - if (is_array($SET['justThese']) && count($SET['justThese']) > 0) { - $_THESE = '`'.implode('`,`', array_fill(0, count($SET['justThese']), '%s')).'`'; - $v = $SET['justThese']; - } else { - $_THESE = '*'; - $v = array(); - } - $q = "SELECT $_THESE FROM accounts WHERE userAccount='%s' AND policy='%s'"; - array_push($v, $userAccount, $toPolicy); - $A = db_query($q, array('fv' => 'mysqlGetAccountInfo', 'modul' => "$toPolicy auth", 'result' => 'record', 'values' => $v), $lr); - if (!is_array($A) || count($A) == 0) return false; - - $data = array(); - foreach ($A as $attr => $value) $data[$attr][] = $value; - foreach ($data as $attr => $array) $data[$attr]['count'] = count($array); - - return $data; - - } - -############################################################# -# mysqlGetUserInfo - felhasználói információk (keretrendszer) -############################################################# - - function mysqlGetUserInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy); - - // Keresés - $q = "SELECT userAccount,userCn FROM accounts WHERE userAccount='%s' AND policy='%s'"; - $A = db_query($q, array('fv' => 'mysqlGetUserInfo', 'modul' => "$toPolicy auth", 'result' => 'record', 'values' => array($userAccount, $toPolicy))); - if (!is_array($A) || count($A) == 0) return false; - $ret = array(); - foreach ($A as $attr => $value) $ret[$attr][] = $value; - return $ret; - - } - -############################################################### -# mysqlChangeAccountInfo - felhasználói információk módosítása -############################################################### - - function mysqlChangeAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - // Kapcsolódás az MySQL szerverhez - $modul = "$toPolicy auth"; - $lr = db_connect($modul, array('fv' => 'mysqlChangeAccountInfo')); - if (!$lr) return false; - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_MYSQL_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $value = ''; - - if ($backendAttrDef[$attr]['type'] == 'int') { - if ($backendAttrDef[$attr]['type'] != '' ) $value = readVariable($_POST[$attr], 'number'); - } else { - if ($backendAttrDef[$attr]['type'] != '' ) $value = readVariable($_POST[$attr], 'string'); // html túl erős: pl email címben a @ fent akad... - } - - if (in_array($attr,$emptyAttrs)) { - if ($value != '') { - $q = "UPDATE accounts SET `%s`='%s' WHERE userAccount='%s' AND policy='%s'"; - $v = array($attr, $value, $userAccount, $toPolicy); - } - } else { - if ($value != '') { - $q = "UPDATE accounts SET `%s`='%s' WHERE userAccount='%s' AND policy='%s'"; - $v = array($attr, $value, $userAccount, $toPolicy); - } else { - $q = "UPDATE accounts SET `%s`=NULL WHERE userAccount='%s' AND policy='%s'"; - $v = array($attr, $userAccount, $toPolicy); - } - } - db_query($q, array('fv' => 'mysqlChangeAccountInfo', 'modul' => $modul, 'values' => $v), $lr); - - } else { - // $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - db_close($lr); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i = 0; $i < count($_alert); $i++) $_SESSION['alert'][] = $_alert[$i]; - - } - -########################################################### -# mysqlGetGroupInfo - csoport információk (backend) -########################################################### - - function mysqlGetGroupInfo($groupCn, $toPolicy = _POLICY, $SET = array()) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy); - - // Kapcsolódás az MySQL szerverhez - $modul = "$toPolicy auth"; - $lr = db_connect($modul, array('fv' => 'mysqlGetGroupInfo')); - if (!$lr) return false; - - // Keresés - if (is_array($SET['justThese']) && count($SET['justThese']) > 0) { - $_THESE = '`'.implode('`,`', array_fill(0, count($SET['justThese']), '%s')).'`'; - $v = $SET['justThese']; - } else { - $_THESE = '*'; - $v = array(); - } - $q = "SELECT $_THESE FROM groups WHERE groupCn='%s' AND policy='%s'"; - - array_push($v, $groupCn, $toPolicy); - $A = db_query($q, array('fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'record', 'values' => $v), $lr); - if (!is_array($A) || count($A) == 0) { db_close($lr); return false; } - // Megfelelő formátum kialakítása - foreach ($A as $attr => $value) $data[$attr][] = $value; - foreach ($data as $attr => $array) $data[$attr]['count'] = count($array); - - // tagok lekérdezése - $q = "SELECT 'member' AS type, uid AS value, userCn AS txt FROM members LEFT JOIN accounts USING (uid) WHERE gid = '%s'"; - $v = array($A['gid']); - $data2 = db_query($q, array('fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'multiassoc', 'keyfield' => 'type', 'values' => $v), $lr); - if ($data2 === false) { db_close($lr); return false; } - $data = array_merge($data, $data2); - - // Lehetséges tagok - if ($SET['withNewAccounts']===true) { - $q = "SELECT userCn AS txt, uid AS value FROM accounts WHERE policy='%s' ORDER BY userCn"; - $data['member']['new'] = db_query($q, array( - 'fv' => 'mysqlGetGroupInfo', 'modul' => $modul, 'result' => 'indexed', 'values' => array($toPolicy) - ), $lr); - } - - db_close($lr); - return $data; - - } - - -############################################################### -# mysqlChangeGroupInfo - csoport információk módosítása -############################################################### - - function mysqlChangeGroupInfo($groupCn, $toPolicy = _POLICY) { - -// !!!! A memberuid / member szinkronjára nem figyel!! - - global $AUTH, $backendAttrs, $backendAttrDef; - - // Kapcsolódás az MySQL szerverhez - $modul = "$toPolicy auth"; - $lr = db_connect($modul, array('fv' => 'mysqlChangeGroupInfo')); - if (!$lr) return false; - - $q = "SELECT gid FROM groups WHERE groupCn='%s' AND policy='%s'"; - $v = array($groupCn, $toPolicy); - $gid = db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr); - if ($gid === false) { db_close($lr); return false; } - - $emptyAttrs = explode(':', $_POST['emptyAttrs']); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $Mod = $Add = $Del = $V = $v = array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] != '') - if (isset($_POST[$attr])) $values[0] = readVariable($_POST[$attr],'html'); - else $values[0] = ''; - - if ($backendAttrDef[$attr]['type'] == 'select') { - if ($attr == 'member') { - if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') { - for ($i = 0; $i < count($_POST['new-'.$attr]); $i++) { - $V[] = "(%u, %u)"; - array_push($v, $_POST['new-'.$attr][$i], $gid); - } - $q = "INSERT INTO members (uid, gid) VALUES ".implode(',', $V); - db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr); - } - if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') { - $q = "DELETE FROM members WHERE gid=%u - AND uid IN (".implode(',', array_fill(0, count($_POST['del-'.$attr]), '%u')).")"; - $v = array_merge(array($gid), $_POST['del-'.$attr]); - $r = db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr); - } - } else { - $_SESSION['alert'][] = 'message:invalid_type:select:'.$attr; - } - } else { - if (in_array($attr, $emptyAttrs)) { - if ($values[0] != '') { - $W = "`%s`='%s'"; - $v = array($attr, $values[0]); - } - } else { - if ($values[0] != '') { - $W = "`%s`='%s'"; - $v = array($attr, $values[0]); - } else { - $W = "`%s`=NULL"; - $v = array($attr); - } - } - $q = "UPDATE groups SET $W WHERE groupCn='%s' AND policy='%s'"; - array_push($v, $groupCn, $toPolicy); - db_query($q, array('fv' => 'mysqlChangeGroupInfo', 'modul' => $modul, 'values' => $v), $lr); - } - } else { - $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - db_close($lr); - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/mysql/session/base.php b/mayor-orig/www/include/backend/mysql/session/base.php deleted file mode 100644 index 35272ff8..00000000 --- a/mayor-orig/www/include/backend/mysql/session/base.php +++ /dev/null @@ -1,52 +0,0 @@ -<?php -/* - Module: base/session - Backend: mysql - - function mysqlMemberOf($userAccount, $groupCn, $toPolicy = _POLICY) -*/ - - require_once('include/backend/mysql/base/attrs.php'); - - - function mysqlMemberOf($userAccount, $groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - $modul = "$toPolicy auth"; - $lr = db_connect($modul, array('fv' => 'mysqlMemberOf')); - if (!$lr) return _AUTH_FAILURE; - - // Az uid lekérdezése - if (!defined(('__'.$toPolicy.'_UID')) || _USERACCOUNT != $userAccount) { // egy policy-hez csak egy uid tartozik - $q = "SELECT uid FROM accounts WHERE userAccount = '%s' AND policy = '%s'"; - $v = array($userAccount, $toPolicy); - $uid = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr); - if ($uid === false) { - $_SESSION['alert'][] = 'message:no_account:'."$userAccount:$toPolicy"; - db_close($lr); return false; - } - if (!defined('__'.$toPolicy.'_UID')) define('__'.$toPolicy.'_UID',$uid); - } else { - $uid=constant('__'.$toPolicy.'_UID'); - } - - // Az gid lekérdezése - $q = "SELECT gid FROM groups WHERE groupCn = '%s' AND policy = '%s'"; - $v = array($groupCn, $toPolicy); - $gid = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr); - if ($gid === false) { - $_SESSION['alert'][] = 'message:no_group:'."$groupCn:$toPolicy"; - db_close($lr); return false; - } - - // Benne van-e a csoportban - $q = "SELECT COUNT(*) FROM members WHERE uid = %u AND gid = %u"; - $v = array($uid, $gid); - $num = db_query($q, array('fv' => 'mysqlMemberOf', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr); - db_close($lr); - return ($num > 0); - - } - -?> diff --git a/mayor-orig/www/include/backend/mysql/session/createAccount.php b/mayor-orig/www/include/backend/mysql/session/createAccount.php deleted file mode 100644 index 25ff9132..00000000 --- a/mayor-orig/www/include/backend/mysql/session/createAccount.php +++ /dev/null @@ -1,106 +0,0 @@ -<?php -/* - Module: base/session - Backend: mysql - - function mysqlCreateAccount($userCn, $userAccount, $studyId, $userPassword, $category, $toPolicy = _POLICY) { - -*/ - - /* - $SET = array( - container => a konténer elem - MySQL backend esetén nincs értelme - category => tanár, diák... egy kiemelt fontosságú csoport tagság - groups => egyéb csoportok - policyAttrs => policy függő attribútumok - createGroup => létrehozza az adott nevű csoportokat, ha nincsenek - ) - - */ - function mysqlCreateAccount( - $userCn, $userAccount, $userPassword, $toPolicy, $SET - ) { - - global $AUTH; - - $shadowlastchange = floor(time() / (60*60*24)); - $modul = "$toPolicy auth"; - $lr = db_connect($modul, array('fv' => 'mysqlCreateAccount')); - if (!$lr) return _AUTH_FAILURE; - - // ütközés ellenőrzése - $q = "SELECT COUNT(userCn) FROM accounts WHERE userAccount = '%s' AND policy = '%s'"; - $v = array($userAccount, $toPolicy); - $num = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr); - if ($num > 0) { - db_close($lr); - $_SESSION['alert'][] = 'message:multi_uid'.":$userAccount:$toPolicy"; - return false; - } - - // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') $shadowlastchange = $AUTH[$toPolicy]['shadowlastchange']; - $shadowmin = readVariable($AUTH[$toPolicy]['shadowmin'], 'numeric unsigned', 'null'); // null szöveg - $shadowmax = readVariable($AUTH[$toPolicy]['shadowmax'], 'numeric unsigned', 'null'); // null szöveg - $shadowwarning = readVariable($AUTH[$toPolicy]['shadowwarning'], 'numeric unsigned', 'null'); // null szöveg - $shadowinactive = readVariable($AUTH[$toPolicy]['shadowinactive'], 'numeric unsigned', 'null'); // null szöveg - $shadowexpire = readVariable($AUTH[$toPolicy]['shadowexpire'], 'numeric unsigned', 'null'); // null szöveg - - // A $SET['policyAttrs'] feldolgozása - $attrList = array_keys($SET['policyAttrs']); - $valueList = array_values($SET['policyAttrs']); - - // user felvétele - if (count($attrList) > 0) { - $q = "INSERT INTO accounts ( - policy, userAccount, userCn, userPassword, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire, - `".implode('`, `', array_fill(0, count($attrList), '%s'))."` - ) VALUES ( - '%s', '%s', '%s', sha('%s'), %u, %u, %u, %u, %u, %u, '".implode("', '", array_fill(0, count($valueList), '%s'))."' - )"; - } else{ - $q = "INSERT INTO accounts ( - policy, userAccount, userCn, userPassword, shadowLastChange, shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire - ) VALUES ('%s', '%s', '%s', sha('%s'), %u, %u, %u, %u, %u, %u)"; - } - $v = array_merge( - $attrList, - array($toPolicy, $userAccount, $userCn, $userPassword, $shadowlastchange, $shadowmin, $shadowmax, $shadowwarning, $shadowinactive, $shadowexpire), - $valueList - ); - $uid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'insert', 'values' => $v), $lr); - if ($uid === false) { db_close($lr); return false; } - // user berakása a kategóriájának megfelelő csoportokba - - if (isset($SET['category'])) { - if (is_array($SET['groups'])) array_unshift($SET['groups'], $SET['category']); - else $SET['groups'] = array($SET['category']); - - for ($i = 0; $i < count($SET['groups']); $i++) { - $category = $SET['groups'][$i]; - $groupCn = kisbetus(ekezettelen($category)); - if ($category == '') continue; - $q = "SELECT gid FROM groups WHERE groupCn='%s'"; - $gid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => array($groupCn)), $lr); - if ($gid === false || is_null($gid)) { // --FIXME -- ez jó így BENCE radyx - if ($SET['createGroup']) { - require_once('include/modules/session/createGroup.php'); - //createGroup($groupCn, "$category csoport", $category, $toPolicy = _POLICY); - createGroup($groupCn, "$category csoport", $toPolicy = _POLICY, array('category'=>$category)); - $gid = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'result' => 'value', 'values' => array($groupCn)), $lr); - } else { - $_SESSION['alert'][] = 'message:wrong_data:mysqlCreateAccount - nincsmegadva/hibás kategória:'.$category.':'.$groupCn; - db_close($lr); return false; - } - } - $q = "INSERT INTO members (uid,gid) VALUES (%u, %u)"; - $r = db_query($q, array('fv' => 'mysqlCreateAccount', 'modul' => $modul, 'values' => array($uid, $gid)), $lr); - if (!$r) { db_close($lr); return false; } - } - } - $_SESSION['alert'][] = 'info:create_account_success:'.$userAccount; - db_close($lr); - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/mysql/session/createGroup.php b/mayor-orig/www/include/backend/mysql/session/createGroup.php deleted file mode 100644 index d1bc4f7b..00000000 --- a/mayor-orig/www/include/backend/mysql/session/createGroup.php +++ /dev/null @@ -1,37 +0,0 @@ -<?php - - function mysqlCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET = null) { - - global $AUTH; - - // $toPolicy --> backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'mysql') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az MySQL szerverhez - $modul = "$toPolicy auth"; - $lr = @db_connect($modul, array('fv' => 'mysqlCreateGroup')); - if (!$lr) return false; - - // cn ütközés ellenőrzése - $q = "SELECT COUNT(*) FROM groups WHERE policy='%s' AND groupCn='%s'"; - $v = array($toPolicy, $groupCn); - $num = db_query($q, array('fv' => 'mysqlCreateGroup', 'modul' => $modul, 'result' => 'value', 'values' => $v), $lr); - if ($num === false) { db_close($lr); return false; } - if ($num > 0) { $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; db_close($lr); return false; } - - // csoport felvétel - $q = "INSERT INTO groups (groupCn, groupDesc, policy) VALUES ('%s', '%s','%s')"; - $v = array($groupCn, $groupDesc, $toPolicy); - $gid = db_query($q, array('fv' => 'mysqlCreateGroup', 'modul' => $modul, 'result' => 'insert', 'values' => $v), $lr); - if ($gid === false) { db_close($lr); return false; } - - $_SESSION['alert'][] = 'info:create_group_success:'.$dn; - db_close($lr); - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php b/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php deleted file mode 100644 index fa4584b0..00000000 --- a/mayor-orig/www/include/backend/mysql/session/search/searchAccount.php +++ /dev/null @@ -1,169 +0,0 @@ -<?php -/* - Module: base/session - Backend: mysql - -*/ - -###################################################### -# MySQL account kereső függvény -###################################################### - - function mysqlSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) { - - global $AUTH; - - if ($pattern == '') { - $_SESSION['alert'][] = 'message:empty_field:mysqlSerachAccount, pattern'; - return false; - } - - // Kapcsolódás az MySQL szerverhez - $modul = "$toPolicy auth"; - $lr = @db_connect($modul, array('fv' => 'mysqlSearchAccount')); - if (!$lr) return false; - - // Keresés - $q = "SELECT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM accounts WHERE `%s` LIKE '%%%s%%' AND policy='%s'"; - $v = array_merge($searchAttrs, array($attr, $pattern, $toPolicy)); - $r = db_query($q, array('fv' => 'mysqlSearchAccount', 'modul' => $modul, 'result' => 'indexed', 'values' => $v), $lr); - db_close($lr); - if ($r === false) return false; - $ret = array('count' => count($r)); - foreach ($r as $key => $A) { - $data = array(); - foreach ($A as $attr => $value) { - $data[$attr] = array($value); - $data[$attr]['count']++; - } - $data['category'] = getAccountCategories($data['userAccount'][0], $toPolicy); - $data['category']['count'] = count($data['category']); - $ret[] = $data; - } - - return $ret; - - } - -###################################################### -# MySQL group kereső függvény -###################################################### - - function mysqlSearchGroup($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) { - - global $AUTH; - - if ($pattern == '') { - $_SESSION['alert'][] = 'message:empty_field:mysqlSearchGroup, pattern'; - return false; - } - - // Kapcsolódás az MySQL szerverhez - $modul = "$toPolicy auth"; - $lr = db_connect($modul, array('fv' => 'mysqlSearchGroup')); - if (!$lr) return false; - // Keresés - if ($attr == 'member') { - $q = "SELECT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM groups LEFT JOIN members - ON members.gid=groups.gid - LEFT JOIN accounts USING (uid) - WHERE gid IN - (SELECT DISTINCT gid FROM accounts LEFT JOIN members USING(uid) WHERE userAccount LIKE '%%%s%%' AND policy='%s') - AND groups.policy='%s'"; - $v = array_merge($searchAttrs, array($pattern, $toPolicy, $toPolicy)); - } else { - $q = "SELECT DISTINCT `".implode('`,`', array_fill(0, count($searchAttrs), '%s'))."` FROM groups LEFT JOIN members - ON members.gid=groups.gid - LEFT JOIN accounts USING (uid) - WHERE `%s` LIKE '%%%s%%' AND groups.policy='%s'"; - $v = array_merge($searchAttrs, array($attr, $pattern, $toPolicy)); - } - $r = db_query($q, array('fv' => 'mysqlSearchGroup', 'modul' => $modul, 'result' => 'indexed', 'values' => $v), $lr); - db_close($lr); - if ($r === false) return false; - $ret = array('count' => count($r)); - foreach ($r as $key => $A) { - $data = array(); - foreach ($A as $attr => $value) { - $data[$attr] = array($value); - } - $ret[] = $data; - } - - return $ret; - - } - -###################################################### -# mysqlDeleteAccount - account törlése -###################################################### - - function mysqlDeleteAccount($userAccount, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> mysql backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'mysql') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az MySQL szerverhez - $modul = "$toPolicy auth"; - $lr = @db_connect($modul, array('fv' => 'mysqlDeleteAccount')); - if (!$lr) return false; - - // Az uidNumber, a homeDirectory lekerdezése - és mire használjuk, ha szabad kérdeznem??? - if ($AUTH[$toPolicy]['createHomeDir']) { - $q = "SELECT homeDirectory, uid FROM accounts WHERE policy='%s' AND userAccount='%s'"; - $v = array($toPolicy, $userAccount); - $ret = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'result' => 'record', 'values' => $v), $lr); - if ($ret === false) { db_close($lr); return false; } - - $homeDirectory = $ret['homeDirectory']; // de nem használjuk semmire... - // A user csoport törlése - $q = "DELETE FROM groups WHERE gid=%u"; - $v = array($ret['uid']); - $r = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'values' => $v), $lr); - if (!$r) { db_close($lr); return false; } - } - - // user törlése - $q = "DELETE FROM accounts WHERE policy='%s' AND userAccount='%s'"; - $v = array($toPolicy, $userAccount); - $r = db_query($q, array('fv' => 'mysqlDeleteAccount', 'modul' => $modul, 'values' => $v), $lr); - db_close($lr); - // törlés a csoportból - Ha innoDb - akkor nincs ezzel tennivaló!! - if ($r) $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; - - return $r; - - } - -###################################################### -# mysqlDeleteGroup - group törlése -###################################################### - - function mysqlDeleteGroup($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // $toPolicy --> mysql backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'mysql') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // csoport törlése - $q = "DELETE FROM groups WHERE policy='%s' AND groupCn='%s'"; - $v = array($toPolicy, $groupCn); - $r = db_query($q, array('fv' => 'mysqlDeleteGroup', 'modul' => "$toPolicy auth", 'values' => $v)); - - if ($r) $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; - - // tagok törlése a csoportból - Ha innoDb - akkor nincs ezzel tennivaló!! - return $r; - - } - -?> |