diff options
Diffstat (limited to 'mayor-orig/www/include/backend/ldap/session')
5 files changed, 0 insertions, 1274 deletions
diff --git a/mayor-orig/www/include/backend/ldap/session/accountInfo.php b/mayor-orig/www/include/backend/ldap/session/accountInfo.php deleted file mode 100644 index 24f5234b..00000000 --- a/mayor-orig/www/include/backend/ldap/session/accountInfo.php +++ /dev/null @@ -1,401 +0,0 @@ -<?php -/* - Module: base/auth-ldap - Backend: ldap - - function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = '') - function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) - function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) - function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) - function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) - -*/ - -###################################################### -# getLDAPInfo - általános LDAP lekérdezés -###################################################### - - function getLDAPInfo($userDn, $attrList=array('cn'), $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = '(objectclass=*)'; - $sr = @ldap_search($ds, $userDn, $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -########################################################### -# ldapGetAccountInfo - felhasználói információk (backend) -########################################################### - - function ldapGetAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Account', $toPolicy); - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - } - - return $return[0]; - - } - - } - -############################################################# -# ldapGetUserInfo - felhasználói információk (keretrendszer) -############################################################# - - function ldapGetUserInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $accountAttrToLDAP, $ldapAttrDef; - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - $result = getLDAPInfo($userDn, array_values($accountAttrToLDAP), $toPolicy); - if ($result === false) { - return false; - } else { - - $result[0]['dn'] = array('count' => 1, 0 => $result[0]['dn']); - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($accountAttrToLDAP as $attr => $ldapAttr) { - if (isset($result[0][$ldapAttr])) $return[$attr] = $result[0][$ldapAttr]; - else $return[$attr] = array('count' => 0); - } - - return $return; - - } - - } - -############################################################### -# ldapChangeAccountInfo - felhasználói információk módosítása -############################################################### - - function ldapChangeAccountInfo($userAccount, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '' ) $values[0] = $_POST[$attr]; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if ($_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if ($_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - } - - $_alert = array(); - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$userDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@ldap_mod_replace($ds,$userDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$userDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i = 0;$i < count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - -########################################################### -# ldapGetGroupInfo - csoport információk (backend) -########################################################### - - function ldapGetGroupInfo($groupCn, $toPolicy = _POLICY) { - - global $AUTH, $backendAttrs, $backendAttrDef; - - - if (!isset($backendAttrs)) list($backendAttrs, $backendAttrDef) = getBackendAttrs('Group', $toPolicy); - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - $result = getLDAPInfo($groupDn, $backendAttrs, $toPolicy); - if ($result === false) { - return false; - } else { - - // Accountok lekérdezése - $info = getLDAPaccounts($toPolicy); - for ($i = 0; $i < $info['count']; $i++) { - $accountUid[] = array( - 'value' => $info[$i]['uid'][0], - 'txt' => $info[$i]['cn'][0] - ); - $accountDn[] = array( - 'value' => $info[$i]['dn'], - 'txt' => $info[$i]['cn'][0] - ); - } - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - foreach ($backendAttrDef as $attr => $def) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - if ($attr == 'dn') $return[$i]['dn'] = array('count' => 1, 0 => $result[$i]['dn']); - elseif (isset($result[$i][$attr])) $return[$i][$attr] = $result[$i][$attr]; - else $return[$i][$attr] = array('count' => 0); - } - $return[$i]['member']['new'] = $accountDn; - $return[$i]['memberuid']['new'] = $accountUid; - } - - return $return[0]; - - } - - } - -############################################################### -# ldapChangeGroupInfo - csoport információk módosítása -############################################################### - - function ldapChangeGroupInfo($groupCn, $toPolicy = _POLICY) { - -// !!!! A memberuid / member szinkronjára nem figyel!! - - global $AUTH, $backendAttrs, $backendAttrDef; - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $emptyAttrs = explode(':',$_POST['emptyAttrs']); - - // Attribútumonként módosítunk - foreach ($backendAttrs as $attr) { - - if ($backendAttrDef[$attr]['rights'] == '') $rigths = _DEFAULT_LDAP_RIGHTS; - else $rights = $backendAttrDef[$attr]['rights']; - - if ($rights[_ACCESS_AS] == 'w') { - - $mod_info = $add_info = $del_info = Array(); - $values = array(); - - if ($backendAttrDef[$attr]['type'] == 'image') { - $file = $_FILES[$attr]['tmp_name']; - if (file_exists($file)) { - $fd = fopen($file,'r'); - $values[0]=fread($fd,filesize($file)); - fclose($fd); - } else { - // Sose töröljük! - $emptyAttrs[] = $attr; - } - } elseif ($backendAttrDef[$attr]['type'] == 'timestamp') { - if ($_POST[$attr][0] != '' and $_POST[$attr][1] != '' and $_POST[$attr][2] != '') { - $values[0] = $_POST[$attr][0].$_POST[$attr][1].$_POST[$attr][2].'010101Z'; - } - } else { - if ($backendAttrDef[$attr]['type'] != '') - if (isset($_POST[$attr])) $values[0] = $_POST[$attr]; - else $values[0] = ''; - } - - if ($backendAttrDef[$attr]['type'] == 'select') { - if (isset($_POST['new-'.$attr][0]) && $_POST['new-'.$attr][0] != '') $add_info[$attr] = $_POST['new-'.$attr]; - if (isset($_POST['del-'.$attr][0]) && $_POST['del-'.$attr][0] != '') $del_info[$attr] = $_POST['del-'.$attr]; - } elseif (in_array($attr,$emptyAttrs)) { - if ($values[0] != '') $add_info[$attr] = $values; - } else { - if ($values[0] != '') { - $mod_info[$attr] = $values; - } else { - $del_info[$attr] = Array(); - } - } - - $_alert = array(); - if (count($add_info)!=0) { - if (!@ldap_mod_add($ds,$groupDn,$add_info)) { - $_alert[] = 'message:insufficient_access:add:'.$attr; - } - } - if (count($mod_info)!=0) { - if (!@ldap_mod_replace($ds,$groupDn,$mod_info)) { - $_alert[] = 'message:insufficient_access:mod:'.$attr; - } - } - if (count($del_info)!=0) { - if (!@ldap_mod_del($ds,$groupDn,$del_info)) { - $_alert[] = 'message:insufficient_access:del:'.$attr; - } - } - - } else { -// $_alert[] = 'message:insufficient_access:'.$attr; - } - } // foreach - - ldap_close($ds); - if (count($_alert) == 0) $_SESSION['alert'][] = 'info:change_success'; - else for ($i=0;$i<count($_alert);$i++) $_SESSION['alert'][] = $_alert[$i]; - - } - - function getLDAPaccounts($toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $attrList = array('cn','uid'); -// $filter = '(objectclass=mayorPerson)'; - $filter = '(objectclass=posixAccount)'; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $attrList); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } - - ldap_sort($ds, $sr, 'cn'); - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/base.php b/mayor-orig/www/include/backend/ldap/session/base.php deleted file mode 100644 index b8529cc2..00000000 --- a/mayor-orig/www/include/backend/ldap/session/base.php +++ /dev/null @@ -1,255 +0,0 @@ -<?php -/* - Module: base/session - Backend: ldap - - function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) - function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) - -*/ - - require('include/backend/ldap/base/attrs.php'); - require('include/backend/ldap/base/str.php'); - - ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3); - - if ($AUTH[_POLICY]['backend'] == 'ldap') { - /* why not put into session cache */ - if ($AUTH[_POLICY]['cacheable']=='yes') { - $userDn = _queryCache('RDN',_POLICY,'value'); - } - if (!isset($userDn)) $userDn = LDAPuserAccountToDn(); - define('_USERDN', $userDn); - if ($AUTH[_POLICY]['cacheable']=='yes') _registerToCache('RDN',$userDn,_POLICY); - unset($userDn); - } - -###################################################### -# A _USERACCOUNT(uid)-hoz tartozó dn lekérdezése -###################################################### - - function LDAPuserAccountToDn($userAccount = _USERACCOUNT, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(uid=$userAccount)(objectClass=posixAccount))"; - $justthese=array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen userAccount (uid) - $_SESSION['alert'][] = "message:no_account:$userAccount"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen uid is van - $_SESSION['alert'][] = "message:multi_uid:$userAccount"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen felhasználó - return $info[0]['dn']; - } - - } - - -###################################################### -# A groupCn(cn)-hez tartozó dn lekérdezése -###################################################### - - function LDAPgroupCnToDn($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // Van-e adott azonosítójú felhasználó? - $filter="(&(cn=$groupCn)(objectClass=posixGroup))"; - $justthese=array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure"; - ldap_close($ds); - return false; - } - $info=ldap_get_entries($ds,$sr); - ldap_close($ds); - - if ( $info['count'] === 0 ) { - // Nincs ilyen groupCn (cn) - hibaüzenet csak akkor, ha nem kategóriáról van szó... - if (!in_array($groupCn, array_map('ekezettelen', $AUTH[$toPolicy]['categories']))) $_SESSION['alert'][] = "message:no_group:$groupCn"; - return false; - } elseif ( $info['count'] > 1 ) { - // Több ilyen cn is van - $_SESSION['alert'][] = "message:multi_gid:$groupCn"; - return false; - } - - if ($info['count']==1) { // Van - egy - ilyen csoport - return $info[0]['dn']; - } - - } - - - -###################################################### -# memberOf - csoport tag-e -###################################################### - - function ldapMemberOf($userAccount, $group, $toPolicy = _POLICY) { - - global $AUTH, $LDAP2Mayor; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - if (in_array($group, $AUTH[$toPolicy]['categories'])) { - if (strpos($userDn, ',ou='.ekezettelen($group).',') !== false) return true; -# Ha nincs megfelelő ou-ban, akkor nézzük a csoport tagságot - így berakható időszakosan akárki pl a titkárság kategóriába... -# else return false; - } - - if (substr($group,0,3) != 'cn=') { - $groupDn = LDAPgroupCnToDn(ekezettelen($group)); - if (!$groupDn) return false; // Ha nincs ilyen csoport az LDAP fában - } else { - $groupDn = $group; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $justthese = array('cn'); // valamit le kell kérdezni... -/* $filter = "(& (objectClass=mayorGroup) - (member=$userDn) - )"; -*/ - $filter = "(& (objectClass=posixGroup) - (memberUid=$userAccount) - )"; - $sr = @ldap_search($ds, $groupDn, $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = ldap_get_entries($ds, $sr); - ldap_close($ds); - - if ($info['count'] > 0) { - return true; - } else { - return false; - } - - } - -###################################################### -# LDAPcreateContainer - tároló létrehozása -###################################################### - - function LDAPcreateContainer($containerDn, $toPolicy) { - - global $AUTH; - - $pos = strpos($containerDn, ',ou='); - $container = substr($containerDn, 3, $pos-3); - $rdn = substr($containerDn, $pos+1); - $cat = substr($containerDn, 3, strlen($containerDn)-4-strlen($AUTH[$toPolicy]['ldap base dn'])); - - error_reporting(1); - - // Kapcsolódás a szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - return false; - } - - // OU létrehozása - $info['ou'][0] = $container; - $info['objectclass'][0] = 'organizationalUnit'; - $info['description'][0] = $container; - - $_r1 = ldap_add($ds, $containerDn, $info); - if (!$_r1) { -// $_SESSION['alert'][] = 'message:ldap_add_failure:'.$containerDn; - return false; -// printf("LDAP-Error: %s<br>\n", ldap_error($ds)); -// echo '<pre>'; var_dump($info); echo '</pre>'; - } - - // az OU-hoz tartozó csoportok OU-ja - $info['ou'][0] = 'Groups'; - $info['objectclass'][0] = 'organizationalUnit'; - $info['description'][0] = "$container csoportjai"; - - $containerDn = "ou=Groups,$containerDn"; - $_r1 = ldap_add($ds, $containerDn, $info); - if (!$_r1) { - printf("LDAP-Error: %s<br>\n", ldap_error($ds)); - echo '<pre>'; var_dump($info); echo '</pre>'; - } - - // Az osztály csoport létrehozása - require_once('include/modules/session/createGroup.php'); - createGroup($container, "$container csoport", "$cat", $toPolicy); - - ldap_close($ds); - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/createAccount.php b/mayor-orig/www/include/backend/ldap/session/createAccount.php deleted file mode 100644 index 79f40530..00000000 --- a/mayor-orig/www/include/backend/ldap/session/createAccount.php +++ /dev/null @@ -1,204 +0,0 @@ -<?php -/* - Modules: base/session - - UNTESTED!!!! -*/ - - function ldapCreateAccount( - $userCn, $userAccount, $userPassword, $toPolicy, $SET - ) { - - global $AUTH; - - $category = ekezettelen($SET['category']); - $shadowLastChange = floor(time() / (60*60*24)); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldap') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $groupinfo = $oinfo = Array(); - - // uid ütközés ellenőrzése - $filter = "(uid=$userAccount)"; - $justthese = array('uid'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - $uinfo = ldap_get_entries($ds, $sr); - $uidCount = $uinfo['count']; - ldap_free_result($sr); - if ($uidCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$userAccount; - return false; - } - - // Az következő uidNumber megállapítása - $filter = '(objectClass=mayorOrganization)'; - $justthese = array('nextuid', 'freeuid'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - $uidinfo = ldap_get_entries($ds,$sr); - ldap_free_result($sr); - if (isset($uidinfo[0]['freeuid']['count'])) $freeUidCount = $uidinfo[0]['freeuid']['count']; - else $freeUidCount = 0; - if ($freeUidCount == 0) { - $info['uidnumber'] = array($uidinfo[0]['nextuid'][0]); - $info['gidnumber'] = $info['uidnumber']; - $oinfo['nextuid'] = $info['uidnumber'][0]+1; - } else { - $info['uidnumber'] = array($uidinfo[0]['freeuid'][$freeUidCount-1]); - $info['gidnumber'] = $info['uidnumber']; - $oinfo['freeuid'] = $uidinfo[0]['freeuid'][$freeUidCount-1]; - } - - // shadow attributumok... - // A shadowLastChange a mai nap // if (isset($AUTH[$toPolicy]['shadowlastchange']) && $AUTH[$toPolicy]['shadowlastchange'] != '') - $info['shadowlastchange'] = $shadowLastChange; - if (isset($AUTH[$toPolicy]['shadowmin']) && $AUTH[$toPolicy]['shadowmin'] != '') $info['shadowmin'] = $AUTH[$toPolicy]['shadowmin']; - if (isset($AUTH[$toPolicy]['shadowmax']) && $AUTH[$toPolicy]['shadowmax'] != '') $info['shadowmax'] = $AUTH[$toPolicy]['shadowmax']; - if (isset($AUTH[$toPolicy]['shadowwarning']) && $AUTH[$toPolicy]['shadowwarning'] != '') $info['shadowwarning'] = $AUTH[$toPolicy]['shadowwarning']; - if (isset($AUTH[$toPolicy]['shadowinactive']) && $AUTH[$toPolicy]['shadowinactive'] != '') $info['shadowinactive'] = $AUTH[$toPolicy]['shadowinactive']; - if (isset($AUTH[$toPolicy]['shadowexpire']) && $AUTH[$toPolicy]['shadowexpire'] != '') $info['shadowexpire'] = $AUTH[$toPolicy]['shadowexpire']; - - // A szokásos attribútumok - $info['uid'] = array($userAccount); - $info['cn'] = array($userCn); - $info['sn'] = array('-'); - $info['userpassword'] = array('{crypt}' . crypt($userPassword)); - if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value; - if (($pos = strpos($category,',')) !== false) - $info['homedirectory'] = "/home/diak/".substr($category,0,$pos)."/$userAccount"; - else - $info['homedirectory'] = "/home/$category/$userAccount"; - - // A kategória függő attribútumok - if (isset($SET['container']) && $SET['container'] != '') { - $dn = "uid=$userAccount,".$SET['container']; - $group = "cn=$userAccount,ou=Groups,".$SET['container']; - $ouDn = $SET['container']; - } else { - $dn = "uid=$userAccount,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn']; - $group = "cn=$userAccount,ou=Groups,ou=".$category.','.$AUTH[$toPolicy]['ldap base dn']; - $ouDn = "ou=".$category.",".$AUTH[$toPolicy]['ldap base dn']; - } - - if ($SET['createContainer']) { // Létrehozza a tároló elemet, benne az OU=Groups tárolót, benne a megfelelő csoportot - LDAPcreateContainer($ouDn, $toPolicy); - } - // objectum osztályok - // a mayorPerson a posixAccount és shadowAccount leszármazottja, - // de kell egy structural object is - ez a person - aminek kötelező paramétere az sn! - $info['objectclass'] = array('person', 'mayorPerson'); - - // user felvétel - $info['homedirectory'] = ekezettelen($info['homedirectory']); // Nem lehet ékezetes :o( - - $_r1 = ldap_add($ds,$dn,$info); - if (!$_r1) { - printf("LDAP-Error: %s<br>\n", ldap_error($ds)); - echo $dn.'<pre>'; var_dump($info); echo '</pre>'; - return false; - } - - // user csoportja - $groupinfo['cn'] = $userAccount; - $groupinfo['gidnumber'] = $info['uidnumber']; - $groupinfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o( - $groupinfo['description'] = 'A felhasználó saját csoportja'; - $groupinfo['objectclass'] = 'posixGroup'; - $_r2 = ldap_add($ds, $group, $groupinfo); - if (!$_r2) { - printf("LDAP-Error (userGroup): %s<br>\n", ldap_error($ds)); - echo $group.'<pre>'; var_dump($groupinfo); echo '</pre>'; - return false; - } - - // Kategória csoportba rakás vagy tanár csoportba rakás ugye... - // És nincs diák csoport! - $ginfo['memberuid'] = ekezettelen($userAccount); // Nem lehet ékezetes :o( - $ginfo['member'] = $dn; - - // Kategória csoportba és egyéb csoportokba rakás - if (isset($SET['category'])) { - if (is_array($SET['groups'])) array_unshift($SET['groups'], $category); - else $SET['groups'] = array($category); - - for ($i = 0; $i < count($SET['groups']); $i++) { - - $filter = "(&(objectClass=mayorGroup)(cn=".$SET['groups'][$i]."))"; - $justthese = array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - if (ldap_count_entries($ds, $sr)) { - $grpInfo = ldap_get_entries($ds, $sr); - $groupDn = $grpInfo[0]['dn']; - $_r3 = ldap_mod_add($ds, $groupDn, $ginfo); - if (!$_r3) { - printf("LDAP-Error (category): %s<br>\n", ldap_error($ds)); - echo $groupDn.'<pre>'; var_dump($ginfo); echo '</pre>'; - } - } - - } - - } - - - // nextuid növelés - if ($freeUidCount == 0) { - $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); - } else { - $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); - } - if (!$_r4) { - printf("LDAP-Error (freeUid): %s<br>\n", ldap_error($ds)); - return false; - } - - ldap_close($ds); - - if (defined('_DATADIR') - && isset($AUTH[$toPolicy]['createAccountScript']) - && file_exists(_DATADIR) - ) { - $sfp = fopen(_DATADIR.'/'.$AUTH[$toPolicy]['createAccountScript'],'a+'); - if ($sfp) { - fwrite($sfp,"\n# $userAccount l.trehoz.sa\n"); - fwrite($sfp,'/bin/mkdir -p '.$info['homedirectory']."\n"); - fwrite($sfp,'/bin/chmod 2755 '.$info['homedirectory']."\n"); - fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."\n"); - - fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/private\n"); - fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/private\n"); - fwrite($sfp,'/bin/chmod 0770 '.$info['homedirectory']."/private\n"); - - fwrite($sfp,'/bin/mkdir '.$info['homedirectory']."/public_html\n"); - fwrite($sfp,"/bin/chown $userAccount.$userAccount ".$info['homedirectory']."/public_html\n"); - fwrite($sfp,'/bin/chmod 0755 '.$info['homedirectory']."/public_html\n"); - - fwrite($sfp,'/bin/ln -s '.$info['homedirectory']." /home\n"); -// chmod($scriptFile,0770); - fclose($sfp); - } - } - $_SESSION['alert'][] = 'info:create_uid_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/createGroup.php b/mayor-orig/www/include/backend/ldap/session/createGroup.php deleted file mode 100644 index df2de812..00000000 --- a/mayor-orig/www/include/backend/ldap/session/createGroup.php +++ /dev/null @@ -1,103 +0,0 @@ -<?php -/* - Modules: base/session -*/ - - function ldapCreateGroup($groupCn, $groupDesc, $toPolicy = _POLICY, $SET) { - - global $AUTH; - $category = ekezettelen($SET['category']); - - // $toPolicy --> ldap backend - ellenőrzés! - if ($AUTH[$toPolicy]['backend'] != 'ldap') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - $info = $groupinfo = $oinfo = Array(); - - // cn ütközés ellenőrzése - $filter = "(&(objectclass=posixgroup)(cn=$groupCn))"; - $justthese = array('cn'); - $sr = ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - $ginfo = ldap_get_entries($ds, $sr); - $gCount = $ginfo['count']; - ldap_free_result($sr); - if ($gCount > 0) { - $_SESSION['alert'][] = 'message:multi_uid:'.$groupCn; - return false; - } - - // Az következő gidNumber megállapítása - $filter = '(objectClass=mayorOrganization)'; - $justthese = array('nextgid', 'freegid'); - $sr = ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'], $filter, $justthese); - $ginfo = ldap_get_entries($ds,$sr); - ldap_free_result($sr); - if (isset($ginfo[0]['freegid']['count'])) $freeGidCount = $ginfo[0]['freegid']['count']; - else $freeGidCount = 0; - if ($freeGidCount == 0) { - $info['gidnumber'] = array($ginfo[0]['nextgid'][0]); - $oinfo['nextgid'] = $info['gidnumber'][0]+1; - } else { - $info['gidnumber'] = array($ginfo[0]['freegid'][$freeGidCount-1]); - $oinfo['freegid'] = $ginfo[0]['freegid'][$freeGidCount-1]; - } - - // A szokásos attribútumok - $info['cn'] = array($groupCn); - $info['description'] = array($groupDesc); - - // A kategória függő attribútumok - if (isset($SET['container'])) $dn = "cn=$groupCn,".$SET['container']; - else $dn = "cn=$groupCn,ou=Groups,ou=$category,".$AUTH[$toPolicy]['ldap base dn']; - - // objectum osztályok - $info['objectclass'] = array('posixGroup', 'mayorGroup'); - - // Policy függő attribútumok - LDAP esetén pl a member kötelező - if (is_array($SET['policyAttrs'])) foreach ($SET['policyAttrs'] as $attr => $value) $info[kisbetus($attr)] = $value; - - // csoport felvétel - $_r1 = ldap_add($ds,$dn,$info); - if (!$_r1) { - printf("LDAP-Error: %s<br>\n", ldap_error($ds)); - echo $dn.'<hr>'; - var_dump($info); - echo '<hr>'; - var_dump($SET); - } - - // nextuid növelés - if ($freeGidCount == 0) { - $_r4 = ldap_mod_replace($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); - } else { - $_r4 = ldap_mod_del($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo); - } -// if (!$_r4) { -// printf("LDAP-Error: %s<br>\n", ldap_error($_r4)); -// } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:create_group_success:'.$dn; - return true; - - } - -?> diff --git a/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php b/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php deleted file mode 100644 index 62e19c5f..00000000 --- a/mayor-orig/www/include/backend/ldap/session/search/searchAccount.php +++ /dev/null @@ -1,311 +0,0 @@ -<?php -/* - Module: base/session - Backend: ldap - - ! -- Csak publikus mezőkre lehet keresni! -- ! - function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)') - function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn')) - function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = '') { - -*/ - -###################################################### -# Általános LDAP kereső függvény -###################################################### - - function LDAPSearch($attr, $pattern, $searchAttrs=array('cn'), $filter='(objectclass=*)', $toPolicy = _POLICY) { - - global $AUTH; - - if ($pattern == '') { - $_SESSION['alert'][] = 'message:empty_field'; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Keresés - $filter = "(&$filter($attr=*$pattern*))"; - $sr = @ldap_search($ds, $AUTH[$toPolicy]['ldap base dn'], $filter, $searchAttrs); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$filter; - ldap_close($ds); - return false; - } - - $info = @ldap_get_entries($ds,$sr); - ldap_close($ds); - - return $info; - - } - -###################################################### -# ldapSearchAccount - felhasználó kereső függvény -###################################################### - - function ldapSearchAccount($attr, $pattern, $searchAttrs = array('userCn'), $toPolicy = _POLICY) { - - global $accountAttrToLDAP; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($accountAttrToLDAP[ $attr ] != '') $attrLDAP = $accountAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'uid'; // dn-re nem megy a keresés!! - - // A lekérendő attribútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($accountAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $accountAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixaccount)', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['userAccount'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (isset($result[$i][ $accountAttrToLDAP[$a] ])) { - if ($accountAttrToLDAP[$a] != '') $return[$i][$a] = $result[$i][ $accountAttrToLDAP[$a] ]; - else $return[$i][$a] = $result[$i][$a]; - } else { - $return[$i][$a] = array('count' => 0) ; - } - } - $return[$i]['category'] = getAccountCategories($result[$i]['uid'][0], $toPolicy); - $return[$i]['category']['count'] = count($return[$i]['category']); - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapSearchGroup - csoport kereső függvény -###################################################### - - function ldapSearchGroup($attr, $pattern, $searchAttrs = array('groupCn, groupDesc'), $toPolicy = _POLICY) { - - global $groupAttrToLDAP; - - // A keresendő attribútum konvertálása LDAP attribútummá - if ($groupAttrToLDAP[ $attr ] != '') $attrLDAP = $groupAttrToLDAP[ $attr ]; - else $attrLDAP = $attr; - if ($attrLDAP == 'dn') $attrLDAP = 'cn'; // dn-re nem megy a keresés!! - - // A lekérendő adtibútumok konvertálása LDAP attribútummá - for ($i = 0; $i < count($searchAttrs); $i++) { - if ($groupAttrToLDAP[ $searchAttrs[$i] ] != '') $searchAttrsLDAP[$i] = $groupAttrToLDAP[ $searchAttrs[$i] ]; - else $searchAttrsLDAP[$i] = $searchAttrs[$i]; - } - - $result = LDAPSearch($attrLDAP, $pattern, $searchAttrsLDAP, '(objectclass=posixgroup)', $toPolicy); - if ($result === false) { - return false; - } else { - - // LDAP schema --> mayor schema konverzió - for ($i = 0; $i < $result['count']; $i++) { - // Egységes szerkezetre alakítjuk, azaz a dn is indexelt - $result[$i]['dn'] = $return[$i]['groupCn'] = array('count' => 1, 0 => $result[$i]['dn']); - for ($j = 0; $j < count($searchAttrs); $j++) { - $a = $searchAttrs[$j]; - if (!isset($groupAttrToLDAP[$a]) || $groupAttrToLDAP[$a] != '') { - if (isset($result[$i][ $groupAttrToLDAP[$a] ])) $return[$i][$a] = $result[$i][ $groupAttrToLDAP[$a] ]; - else $return[$i][$a] = ''; - } else { - $return[$i][$a] = $result[$i][$a]; - } - } - } - $return['count'] = $result['count']; - - return $return; - - } - - } - -###################################################### -# ldapDeleteAccount - account törlése -###################################################### - - function ldapDeleteAccount($userAccount, $toPolicy = _POLICY) { - - global $AUTH; - - $userDn = LDAPuserAccountToDn($userAccount, $toPolicy); - - // $toPolicy --> ldap backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldap') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Az uidNumber, a homeDirectory lekerdezése - $filter = "(objectclass=posixAccount)"; - $justthese = array('uidNumber','homedirectory'); - $sr = @ldap_search($ds,$userDn,$filter,$justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:".$userDn; - ldap_close($ds); - return false; - } ; - - $uidinfo = @ldap_get_entries($ds,$sr); - $uidNumber = $uidinfo[0]['uidnumber'][0]; - if (isset($uidinfo[0]['homedirectory'][0])) $homeDirectory = $uidinfo[0]['homedirectory'][0]; - else $homeDirectory = ''; - $uid=$userAccount; - - // GroupDn, freeuid - $groupDn = "cn=$uid,ou=Groups".strstr($userDn,','); - $oinfo['freeuid'] = $uidNumber; - - // user törlése - if (!@ldap_delete($ds,$userDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:user:'.$userAccount; - } - - // freeuid felvétele - if (!@ldap_mod_add($ds,$AUTH[$toPolicy]['ldap base dn'],$oinfo)) { - $_SESSION['alert'][] = 'message:ldap_modify_failure:freeuid:'.$oinfo['freeuid']; - } - - // csoport törlése - if (!@ldap_delete($ds,$groupDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupDn; - } - - // törlés a csoportból - $filter = "(memberuid=$uid)"; - $justthese = array('cn','objectclass','member'); - $sr = @ldap_search($ds,$AUTH[$toPolicy]['ldap base dn'],$filter,$justthese); - if (!$sr) { - $_SESSION['alert'][] = "message:ldap_search_failure:groups:".$userAccount; - ldap_close($ds); - return false; - } ; - - $groupinfo = ldap_get_entries($ds,$sr); - - for ($i = 0; $i < $groupinfo['count']; $i++) { - $grpinfo = array('memberuid' => $uid); - if (@in_array($userDn,$groupinfo[$i]['member'])) { - $grpinfo['member']=$userDn; - } - if (!@ldap_mod_del($ds,$groupinfo[$i]['dn'],$grpinfo)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:member:'.$groupinfo[$i]['dn']; - } - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:delete_uid_success:'.$userDn; - return true; - - } - -###################################################### -# ldapDeleteGroup - account törlése -###################################################### - - function ldapDeleteGroup($groupCn, $toPolicy = _POLICY) { - - global $AUTH; - - $groupDn = LDAPgroupCnToDn($groupCn, $toPolicy); - - // $toPolicy --> ldap backend - ellenőrzés - if ($AUTH[$toPolicy]['backend'] != 'ldap') { - $_SESSION['alert'][] = 'page:wrong_backend:'.$AUTH[$toPolicy]['backend']; - return false; - } - - // Kapcsolódás az LDAP szerverhez - $ds = @ldap_connect($AUTH[$toPolicy]['ldap hostname']); - if (!$ds) { - $_SESSION['alert'][] = 'alert:ldap_connect_failure'; - return false; - } - - // Csatlakozás a szerverhez - $r = @ldap_bind($ds, _USERDN, _USERPASSWORD); - if (!$r) { - $_SESSION['alert'][] = 'message:ldap_bind_failure'; - ldap_close($ds); - return false; - } - - // Az uidNumber, a homeDirectory lekerdezése - $filter = '(objectclass=posixGroup)'; - $justthese = array('gidNumber'); - $sr = @ldap_search($ds, $groupDn, $filter, $justthese); - if (!$sr) { - $_SESSION['alert'][] = 'message:ldap_search_failure:'.$userDn; - ldap_close($ds); - return false; - } ; - - $gidinfo = ldap_get_entries($ds, $sr); - $gidNumber = $gidinfo[0]['gidnumber'][0]; - - // freeGid - $oinfo['freegid'] = $gidNumber; - - if (!@ldap_delete($ds, $groupDn)) { - $_SESSION['alert'][] = 'message:ldap_delete_failure:group:'.$groupCn; - } - - // freeuid felvétele - if (!@ldap_mod_add($ds, $AUTH[$toPolicy]['ldap base dn'], $oinfo)) { - $_SESSION['alert'][] = 'message:ldap_modify_failure:freeGid:'.$oinfo['freegid']; - } - - ldap_close($ds); - - $_SESSION['alert'][] = 'info:delete_group_success:'.$groupCn; - return true; - - } - - - -?> |